Picketlink SVN: r612 - in federation/trunk: picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata and 8 other directories.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2010-12-20 17:20:13 -0500 (Mon, 20 Dec 2010)
New Revision: 612
Added:
federation/trunk/picketlink-fed-core/src/test/resources/saml-xacml/saml-xacml-response-1.xml
Modified:
federation/trunk/picketlink-bindings-jboss/src/test/java/org/picketlink/test/identity/federation/bindings/jboss/auth/SAML20TokenProviderUnitTestCase.java
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata/KeyDescriptorMetaDataBuilder.java
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/util/KeyUtil.java
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/w3/xmldsig/KeyInfoBuilder.java
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/metadata/KeyDescriptorMetaDataBuilderUnitTestCase.java
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/metadata/MetaDataBuilderUnitTestCase.java
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/util/KeyUtilUnitTestCase.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/md/providers/MetaDataBuilderDelegate.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/MetadataServlet.java
Log:
saml, xacml, metadata changes
Modified: federation/trunk/picketlink-bindings-jboss/src/test/java/org/picketlink/test/identity/federation/bindings/jboss/auth/SAML20TokenProviderUnitTestCase.java
===================================================================
--- federation/trunk/picketlink-bindings-jboss/src/test/java/org/picketlink/test/identity/federation/bindings/jboss/auth/SAML20TokenProviderUnitTestCase.java 2010-12-20 21:58:55 UTC (rev 611)
+++ federation/trunk/picketlink-bindings-jboss/src/test/java/org/picketlink/test/identity/federation/bindings/jboss/auth/SAML20TokenProviderUnitTestCase.java 2010-12-20 22:20:13 UTC (rev 612)
@@ -28,9 +28,6 @@
import java.util.Map;
import javax.security.auth.Subject;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.Unmarshaller;
import junit.framework.TestCase;
@@ -40,12 +37,14 @@
import org.jboss.security.SimplePrincipal;
import org.jboss.security.plugins.JBossSecurityContext;
import org.picketlink.identity.federation.bindings.jboss.auth.SAML20TokenRoleAttributeProvider;
+import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.wstrust.StandardSecurityToken;
import org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext;
import org.picketlink.identity.federation.core.wstrust.WSTrustUtil;
import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider;
import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
-import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
+import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
@@ -116,14 +115,19 @@
SecurityContextAssociation.clearSecurityContext();
- JAXBContext jaxbContext = JAXBContext.newInstance("org.picketlink.identity.federation.saml.v2.assertion");
+ Element assertionElement = (Element) context.getSecurityToken().getTokenValue();
+
+ SAMLParser samlParser = new SAMLParser();
+ AssertionType assertion = (AssertionType) samlParser.parse( DocumentUtil.getNodeAsStream(assertionElement));
+
+ /*JAXBContext jaxbContext = JAXBContext.newInstance("org.picketlink.identity.federation.saml.v2.assertion");
Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
JAXBElement<?> parsedElement = (JAXBElement<?>) unmarshaller.unmarshal((Element) context.getSecurityToken()
.getTokenValue());
assertNotNull("Unexpected null element", parsedElement);
assertEquals("Unexpected element type", AssertionType.class, parsedElement.getDeclaredType());
- AssertionType assertion = (AssertionType) parsedElement.getValue();
+ AssertionType assertion = (AssertionType) parsedElement.getValue();*/
StandardSecurityToken securityToken = (StandardSecurityToken) context.getSecurityToken();
assertEquals("Unexpected token id", securityToken.getTokenID(), assertion.getID());
assertEquals("Unexpected token issuer", "PicketLinkSTS", assertion.getIssuer().getValue());
@@ -142,7 +146,7 @@
assertNotNull("Unexpected null audience list", restrictionType.getAudience());
assertEquals("Unexpected number of audience elements", 1, restrictionType.getAudience().size());
assertEquals("Unexpected audience value", "http://services.testcorp.org/provider2", restrictionType.getAudience()
- .get(0));
+ .get(0).toString() );
// check the contents of the assertion subject.
SubjectType subject = assertion.getSubject();
@@ -162,8 +166,10 @@
assertFalse("Unexpected empty list of attributes", attributes.isEmpty());
assertEquals("Unexpected number of attributes", 1, attributes.size());
Object attributeObject = attributes.iterator().next();
- assertTrue("Unexpected type instead of AttributeStatement: " + attributeObject.getClass().getSimpleName(), attributeObject instanceof AttributeType);
- AttributeType attribute = (AttributeType)attributeObject;
+ ASTChoiceType astChoice = (ASTChoiceType) attributeObject;
+ AttributeType attribute = astChoice.getAttribute();
+ /*assertTrue("Unexpected type instead of AttributeStatement: " + attributeObject.getClass().getSimpleName(), attributeObject instanceof AttributeType);
+ AttributeType attribute = (AttributeType)attributeObject;*/
assertEquals("Unexpected name for the role attribute", "roleAttributeName", attribute.getName() );
assertEquals("Unexpected number of roles", 1, attribute.getAttributeValue().size());
assertEquals("Unexpected user role", "myTestRole", attribute.getAttributeValue().get(0));
Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata/KeyDescriptorMetaDataBuilder.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata/KeyDescriptorMetaDataBuilder.java 2010-12-20 21:58:55 UTC (rev 611)
+++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata/KeyDescriptorMetaDataBuilder.java 2010-12-20 22:20:13 UTC (rev 612)
@@ -27,8 +27,8 @@
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.KeyDescriptorType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.KeyTypes;
-import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType;
import org.picketlink.identity.xmlsec.w3.xmlenc.EncryptionMethodType;
+import org.w3c.dom.Element;
/**
* MetaDataBuilder for the KeyDescriptor
@@ -41,7 +41,7 @@
* Create a Key Descriptor Type
* @return
*/
- public static KeyDescriptorType createKeyDescriptor(KeyInfoType keyInfo,
+ public static KeyDescriptorType createKeyDescriptor( Element keyInfo,
String algorithm, int keySize,
boolean isSigningKey, boolean isEncryptionKey)
{
@@ -69,9 +69,8 @@
if(isEncryptionKey)
keyDescriptor.setUse(KeyTypes.ENCRYPTION);
- throw new RuntimeException( "We need a dom element as key info" );
- /*keyDescriptor.setKeyInfo(keyInfo);
-
- return keyDescriptor;*/
+ keyDescriptor.setKeyInfo( keyInfo );
+
+ return keyDescriptor;
}
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/util/KeyUtil.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/util/KeyUtil.java 2010-12-20 21:58:55 UTC (rev 611)
+++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/util/KeyUtil.java 2010-12-20 22:20:13 UTC (rev 612)
@@ -21,7 +21,6 @@
*/
package org.picketlink.identity.federation.api.util;
-import java.io.StringReader;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.cert.Certificate;
@@ -29,15 +28,18 @@
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
-import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
+import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
+import org.picketlink.identity.federation.core.exceptions.ParsingException;
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.util.Base64;
import org.picketlink.identity.federation.core.util.JAXBUtil;
-import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType;
import org.picketlink.identity.xmlsec.w3.xmldsig.ObjectFactory;
+import org.w3c.dom.Element;
/**
* Utility dealing with PublicKey/Certificates and xml-dsig KeyInfoType
@@ -67,8 +69,12 @@
* @return
* @throws JAXBException
* @throws CertificateException
+ * @throws ProcessingException
+ * @throws ParsingException
+ * @throws ConfigurationException
*/
- public static KeyInfoType getKeyInfo(Certificate certificate) throws JAXBException, CertificateException
+ public static Element getKeyInfo(Certificate certificate)
+ throws CertificateException, ConfigurationException, ParsingException, ProcessingException
{
if(certificate == null)
throw new IllegalArgumentException("certificate is null");
@@ -93,8 +99,7 @@
else
throw new RuntimeException("NYI");
- JAXBElement<?> keyInfoJ = (JAXBElement<?>) getUnmarshaller().unmarshal(new StringReader(builder.toString()));
- return (KeyInfoType) keyInfoJ.getValue();
+ return DocumentUtil.getDocument(builder.toString()).getDocumentElement();
}
/**
Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/w3/xmldsig/KeyInfoBuilder.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/w3/xmldsig/KeyInfoBuilder.java 2010-12-20 21:58:55 UTC (rev 611)
+++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/w3/xmldsig/KeyInfoBuilder.java 2010-12-20 22:20:13 UTC (rev 612)
@@ -21,8 +21,13 @@
*/
package org.picketlink.identity.federation.api.w3.xmldsig;
-import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType;
+import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.xmlsec.w3.xmldsig.ObjectFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
/**
@@ -38,12 +43,20 @@
* Create a KeyInfoType
* @return
*/
- public static KeyInfoType createKeyInfo(String id)
+ public static Element createKeyInfo( String id )
{
- KeyInfoType keyInfo = oFact.createKeyInfoType();
-
- keyInfo.setId(id);
- return keyInfo;
+ Document doc = null;
+ try
+ {
+ doc = DocumentUtil.createDocument();
+ }
+ catch (ConfigurationException e)
+ {
+ throw new RuntimeException( e );
+ }
+ Element keyInfoEl = doc.createElementNS( JBossSAMLURIConstants.XMLDSIG_NSURI.get(), JBossSAMLConstants.KEY_INFO.get() );
+ keyInfoEl.setAttribute( "Id", id );
+ return keyInfoEl;
}
/**
Modified: federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/metadata/KeyDescriptorMetaDataBuilderUnitTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/metadata/KeyDescriptorMetaDataBuilderUnitTestCase.java 2010-12-20 21:58:55 UTC (rev 611)
+++ federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/metadata/KeyDescriptorMetaDataBuilderUnitTestCase.java 2010-12-20 22:20:13 UTC (rev 612)
@@ -23,11 +23,11 @@
import static org.junit.Assert.assertNotNull;
+import org.junit.Test;
import org.picketlink.identity.federation.api.saml.v2.metadata.KeyDescriptorMetaDataBuilder;
-import org.picketlink.identity.federation.api.w3.xmldsig.KeyInfoBuilder;
+import org.picketlink.identity.federation.api.w3.xmldsig.KeyInfoBuilder;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.KeyDescriptorType;
-import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType;
-import org.junit.Test;
+import org.w3c.dom.Element;
/**
@@ -40,7 +40,7 @@
@Test
public void testCreateKeyDescriptor()
{
- KeyInfoType keyInfo = KeyInfoBuilder.createKeyInfo("testKey");
+ Element keyInfo = KeyInfoBuilder.createKeyInfo("testKey");
String algorithm = "http://www.w3.org/2001/04/xmlenc#rsa-1_5";
Modified: federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/metadata/MetaDataBuilderUnitTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/metadata/MetaDataBuilderUnitTestCase.java 2010-12-20 21:58:55 UTC (rev 611)
+++ federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/metadata/MetaDataBuilderUnitTestCase.java 2010-12-20 22:20:13 UTC (rev 612)
@@ -27,14 +27,19 @@
import java.util.ArrayList;
import java.util.List;
+import org.junit.Test;
import org.picketlink.identity.federation.api.saml.v2.metadata.KeyDescriptorMetaDataBuilder;
import org.picketlink.identity.federation.api.saml.v2.metadata.MetaDataBuilder;
import org.picketlink.identity.federation.api.w3.xmldsig.KeyInfoBuilder;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
-import org.picketlink.identity.federation.newmodel.saml.v2.metadata.*;
-//import org.picketlink.identity.federation.saml.v2.assertion.AttributeType;
-import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType;
-import org.junit.Test;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EndpointType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.IDPSSODescriptorType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.KeyDescriptorType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.OrganizationType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.SPSSODescriptorType;
+import org.w3c.dom.Element;
/**
* Unit test the MetaDataBuilder API
@@ -97,17 +102,16 @@
String id = "test-key";
//TODO: improve keyinfo
- KeyInfoType keyInfo = KeyInfoBuilder.createKeyInfo(id);
+ Element keyInfo = KeyInfoBuilder.createKeyInfo(id);
String algorithm = null;
KeyDescriptorType keyDescriptorType =
KeyDescriptorMetaDataBuilder.createKeyDescriptor(keyInfo,
algorithm, 0, true, false);
+
+ List<AttributeType> attributes = new ArrayList<AttributeType>();
- throw new RuntimeException();
- /*List<AttributeType> attributes = new ArrayList<AttributeType>();
-
EndpointType sloEndPoint = MetaDataBuilder.createEndpoint(
JBossSAMLURIConstants.METADATA_HTTP_REDIRECT_BINDING.get(),
"https://SProvider.com/SAML/SLO/Browser",
@@ -118,7 +122,7 @@
sloEndPoint,
attributes,
createJBossOrganization(lang));
- return sp;*/
+ return sp;
}
private OrganizationType createJBossOrganization(String language)
@@ -134,17 +138,16 @@
String id = "test-key";
//TODO: improve keyinfo
- KeyInfoType keyInfo = KeyInfoBuilder.createKeyInfo(id);
+ Element keyInfo = KeyInfoBuilder.createKeyInfo(id);
String algorithm = null;
KeyDescriptorType keyDescriptorType =
KeyDescriptorMetaDataBuilder.createKeyDescriptor(keyInfo,
algorithm, 0, true, false);
+
- throw new RuntimeException();
-
- /*List<AttributeType> attributes = new ArrayList<AttributeType>();
+ List<AttributeType> attributes = new ArrayList<AttributeType>();
EndpointType ssoEndPoint = MetaDataBuilder.createEndpoint(
JBossSAMLURIConstants.METADATA_HTTP_REDIRECT_BINDING.get(),
@@ -161,7 +164,6 @@
ssoEndPoint,
sloEndPoint,
attributes,
- createJBossOrganization(lang));*/
-
+ createJBossOrganization(lang));
}
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/util/KeyUtilUnitTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/util/KeyUtilUnitTestCase.java 2010-12-20 21:58:55 UTC (rev 611)
+++ federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/util/KeyUtilUnitTestCase.java 2010-12-20 22:20:13 UTC (rev 612)
@@ -28,7 +28,7 @@
import junit.framework.TestCase;
import org.picketlink.identity.federation.api.util.KeyUtil;
-import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType;
+import org.w3c.dom.Element;
/**
* Unit test the Key Util
@@ -66,7 +66,7 @@
Certificate cert = ks.getCertificate(alias);
assertNotNull("Cert not null", cert);
- KeyInfoType keyInfo = KeyUtil.getKeyInfo(cert);
+ Element keyInfo = KeyUtil.getKeyInfo(cert);
assertNotNull(keyInfo);
}
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/md/providers/MetaDataBuilderDelegate.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/md/providers/MetaDataBuilderDelegate.java 2010-12-20 21:58:55 UTC (rev 611)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/md/providers/MetaDataBuilderDelegate.java 2010-12-20 22:20:13 UTC (rev 612)
@@ -115,10 +115,9 @@
EDTChoiceType choiceType = new EDTChoiceType(edtList);
- throw new RuntimeException( "Unknown entity id" );
- /*EntityDescriptorType entity = new EntityDescriptorType( " ");
+ EntityDescriptorType entity = new EntityDescriptorType( " ");
entity.addChoiceType(choiceType);
- return entity; */
+ return entity;
}
/**
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java 2010-12-20 21:58:55 UTC (rev 611)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java 2010-12-20 22:20:13 UTC (rev 612)
@@ -67,6 +67,7 @@
ISSUE_INSTANT( "IssueInstant" ),
ISSUER( "Issuer" ),
KEY_DESCRIPTOR( "KeyDescriptor" ),
+ KEY_INFO( "KeyInfo" ),
LANG( "lang" ),
LANG_EN("en"),
LOCATION( "Location" ),
Added: federation/trunk/picketlink-fed-core/src/test/resources/saml-xacml/saml-xacml-response-1.xml
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/resources/saml-xacml/saml-xacml-response-1.xml (rev 0)
+++ federation/trunk/picketlink-fed-core/src/test/resources/saml-xacml/saml-xacml-response-1.xml 2010-12-20 22:20:13 UTC (rev 612)
@@ -0,0 +1,82 @@
+<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+ ID="response-id:1" Version="2.0" IssueInstant="2008-03-19T22:17:13Z">
+ <samlp:Status xmlns:samlp="urn:oasixacml-context:s:names:tc:SAML:2.0:protocol">
+ <samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+ Value="urn:oasis:names:tc:xacml:1.0:status:ok">
+ </samlp:StatusCode>
+ </samlp:Status>
+ <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ Version="2.0" ID="ID_response-id:1" IssueInstant="2008-03-19T22:17:13Z">
+ <saml:Issuer>issuer-1</saml:Issuer>
+ <saml:Statement xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ xsi:type="xacml-samlp:XACMLAuthzDecisionStatementType"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:xacml-samlp="urn:oasis:xacml:2.0:saml:protocol:schema:os"
+ xmlns:xacml-saml="urn:oasis:names:tc:xacml:2.0:saml:assertion:schema:os">
+ <xacml-context:Response
+ xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os">
+ <xacml-context:Result>
+ <xacml-context:Decision>Permit</xacml-context:Decision>
+ <xacml-context:Status>
+ <xacml-context:StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:ok"></xacml-context:StatusCode>
+ <xacml-context:StatusMessage>ok</xacml-context:StatusMessage>
+ </xacml-context:Status>
+ <xacml:Obligations xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os">
+ <xacml:Obligation ObligationId="obligation-10"
+ FulfillOn="Permit">
+ </xacml:Obligation>
+ <xacml:Obligation ObligationId="obligation-20"
+ FulfillOn="Permit">
+ <xacml:AttributeAssignment AttributeId="a-120"
+ DataType="http://www.w3.org/2001/XMLSchema#string" xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os" />
+ </xacml:Obligation>
+ </xacml:Obligations>
+ </xacml-context:Result>
+ </xacml-context:Response>
+
+ <xacml-context:Request
+ xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance/"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os
+http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
+ <xacml-context:Subject
+ SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
+ <xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>100001</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ <xacml-context:Attribute AttributeId="urn:va:names:xacml:2.0:subject:role"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>Chief Resident</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>Doctor</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ <xacml-context:Attribute AttributeId="urn:va:names:xacml:2.0:subject:hl7permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>PRD-017</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>PRD-003</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>PRD-010</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>PRD-006</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ <xacml-context:Attribute AttributeId="urn:va:names:xacml:2.0:subject:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>Facility A</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ </xacml-context:Subject>
+ <xacml-context:Resource>
+ <xacml-context:Attribute AttributeId="urn:va:names:xacml:2.0:record_type"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>patientchart</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ </xacml-context:Resource>
+ <xacml-context:Action>
+ <xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>read</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ </xacml-context:Action>
+ <xacml-context:Environment></xacml-context:Environment>
+ </xacml-context:Request>
+
+ </saml:Statement>
+ </saml:Assertion>
+</samlp:Response>
\ No newline at end of file
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/MetadataServlet.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/MetadataServlet.java 2010-12-20 21:58:55 UTC (rev 611)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/MetadataServlet.java 2010-12-20 22:20:13 UTC (rev 612)
@@ -57,7 +57,7 @@
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.RoleDescriptorType;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
import org.picketlink.identity.federation.web.util.ConfigurationUtil;
-import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType;
+import org.w3c.dom.Element;
/**
* Metadata servlet for the IDP/SP
@@ -145,7 +145,7 @@
keyManager.setAuthProperties( authProperties );
Certificate cert = keyManager.getCertificate(signingAlias);
- KeyInfoType keyInfo = KeyUtil.getKeyInfo(cert);
+ Element keyInfo = KeyUtil.getKeyInfo(cert);
//TODO: Assume just signing key for now
KeyDescriptorType keyDescriptor = KeyDescriptorMetaDataBuilder.createKeyDescriptor(keyInfo,
14 years
- 1
- 0
Picketlink SVN: r611 - in federation/trunk: picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml and 10 other directories.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2010-12-20 16:58:55 -0500 (Mon, 20 Dec 2010)
New Revision: 611
Added:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SAMLXACMLUtil.java
Modified:
federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/InteropEndpointDebugTestCase.java
federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/SOAPSAMLXACMLServletUnitTestCase.java
federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/TestServletRequest.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAssertionParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLRequestAbstractParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/xacml/SAMLXACMLRequestParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/StaxParserUtil.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/TransformerUtil.java
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLResponseParserTestCase.java
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/util/SAMLXACMLUnitTestCase.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/profiles/xacml/assertion/XACMLAuthzDecisionStatementType.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java
Log:
saml xacml
Modified: federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/InteropEndpointDebugTestCase.java
===================================================================
--- federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/InteropEndpointDebugTestCase.java 2010-12-16 23:05:03 UTC (rev 610)
+++ federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/InteropEndpointDebugTestCase.java 2010-12-20 21:58:55 UTC (rev 611)
@@ -31,14 +31,15 @@
import junit.framework.TestCase;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.saml.v2.util.SOAPSAMLXACMLUtil;
import org.picketlink.identity.federation.core.util.JAXBUtil;
+import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
import org.picketlink.identity.federation.org.xmlsoap.schemas.soap.envelope.Envelope;
import org.picketlink.identity.federation.org.xmlsoap.schemas.soap.envelope.Fault;
-//import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
-import org.picketlink.identity.federation.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType;
-import org.picketlink.identity.federation.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType;
+//import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
+import org.w3c.dom.Document;
import org.jboss.security.xacml.core.model.context.DecisionType;
import org.jboss.security.xacml.core.model.context.RequestType;
import org.jboss.security.xacml.core.model.context.ResultType;
@@ -78,31 +79,19 @@
}
}
- public void testHimss() throws Exception
- {
- if(endpoint != null)
- {
- JAXBElement<?> jb = getResponse("xacml/requests/himss-soap-request.xml");
- Envelope env = (Envelope) jb.getValue();
- Marshaller marshaller = JAXBUtil.getMarshaller(SOAPSAMLXACMLUtil.getPackage());
- marshaller.setProperty( Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE );
- marshaller.marshal(jb, System.out);
-
- check(env, false);
- }
- }
-
public void testSAMLXACML() throws Exception
{
//Read the saml request from the file
ClassLoader tcl = Thread.currentThread().getContextClassLoader();
InputStream is = tcl.getResourceAsStream("xacml/requests/samlxacml.xml");
- Unmarshaller um = JAXBUtil.getUnmarshaller(SOAPSAMLXACMLUtil.getPackage());
+ Document doc = DocumentUtil.getDocument(is);
+
+ /*Unmarshaller um = JAXBUtil.getUnmarshaller(SOAPSAMLXACMLUtil.getPackage());
um.setEventHandler(new javax.xml.bind.helpers.DefaultValidationEventHandler());
- JAXBElement<?> obj = (JAXBElement<?>) um.unmarshal(is);
- XACMLAuthzDecisionQueryType xat = (XACMLAuthzDecisionQueryType) obj.getValue();
+ JAXBElement<?> obj = (JAXBElement<?>) um.unmarshal(is);*/
+ XACMLAuthzDecisionQueryType xat = SOAPSAMLXACMLUtil.getXACMLQueryType(doc.getDocumentElement() );
assertNotNull(xat);
RequestType requestType = xat.getRequest();
assertTrue(requestType.getEnvironment().getAttribute().size() > 0);
@@ -134,7 +123,8 @@
private JAXBElement<?> getResponse(String fileName) throws Exception
{
- //Read the saml request from the file
+ throw new RuntimeException( "FIX" );
+ /*//Read the saml request from the file
ClassLoader tcl = Thread.currentThread().getContextClassLoader();
InputStream is = tcl.getResourceAsStream(fileName);
@@ -149,6 +139,6 @@
m.marshal(soapRequest, System.out);
m.marshal(soapRequest, conn.getOutputStream());
- return (JAXBElement<?>) um.unmarshal(conn.getInputStream());
+ return (JAXBElement<?>) um.unmarshal(conn.getInputStream()); */
}
}
\ No newline at end of file
Modified: federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/SOAPSAMLXACMLServletUnitTestCase.java
===================================================================
--- federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/SOAPSAMLXACMLServletUnitTestCase.java 2010-12-16 23:05:03 UTC (rev 610)
+++ federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/SOAPSAMLXACMLServletUnitTestCase.java 2010-12-20 21:58:55 UTC (rev 611)
@@ -21,6 +21,10 @@
*/
package org.picketlink.test.identity.federation.bindings.servlets;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
@@ -29,91 +33,107 @@
import javax.servlet.ServletContext;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.Unmarshaller;
+import javax.xml.soap.MessageFactory;
+import javax.xml.soap.SOAPBody;
+import javax.xml.soap.SOAPEnvelope;
+import javax.xml.soap.SOAPMessage;
+import javax.xml.soap.SOAPPart;
-import junit.framework.TestCase;
-
+import org.jboss.security.xacml.core.model.context.DecisionType;
+import org.jboss.security.xacml.core.model.context.ResultType;
+import org.junit.Test;
import org.picketlink.identity.federation.bindings.servlets.SOAPSAMLXACMLServlet;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.saml.v2.util.SOAPSAMLXACMLUtil;
-import org.picketlink.identity.federation.core.util.JAXBUtil;
-import org.picketlink.identity.federation.org.xmlsoap.schemas.soap.envelope.Envelope;
-import org.picketlink.identity.federation.org.xmlsoap.schemas.soap.envelope.Fault;
-//import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
-import org.picketlink.identity.federation.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType;
-import org.jboss.security.xacml.core.model.context.DecisionType;
-import org.jboss.security.xacml.core.model.context.ResultType;
-import org.junit.Ignore;
+import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
/**
* Unit Test the SOAP SAML XACML Servlet
* @author Anil.Saldhana(a)redhat.com
* @since Jan 28, 2009
- */
-@Ignore
-public class SOAPSAMLXACMLServletUnitTestCase extends TestCase
+ */
+public class SOAPSAMLXACMLServletUnitTestCase
{
+ @Test
public void testPermit() throws Exception
{
- validate("xacml/requests/XacmlRequest-01-01.xml", DecisionType.PERMIT.value());
+ validate("xacml/requests/XacmlRequest-01-01.xml", DecisionType.PERMIT.value(), true );
- validate("xacml/requests/XacmlRequest-format2-01-01.xml", DecisionType.PERMIT.value());
+ validate("xacml/requests/XacmlRequest-format2-01-01.xml", DecisionType.PERMIT.value(), true );
}
+ @Test
public void testDeny() throws Exception
{
- validate("xacml/requests/XacmlRequest-01-02.xml", DecisionType.DENY.value());
+ validate("xacml/requests/XacmlRequest-01-02.xml", DecisionType.DENY.value(), true );
}
-
- @SuppressWarnings("unchecked")
+
+ @Test
public void testIncorrectInput() throws Exception
{
ByteArrayOutputStream baos = new ByteArrayOutputStream();
- String garbage = "fdfdsfdfk";
+ String garbage = "<fdfdsfdfk/>";
ByteArrayInputStream bis = new ByteArrayInputStream(garbage.getBytes());
SOAPSAMLXACMLServlet servlet = new SOAPSAMLXACMLServlet();
servlet.init(new TestServletConfig(getServletContext()));
- ServletRequest sreq = new TestServletRequest(bis);
+ ServletRequest sreq = new TestServletRequest( getSOAPStream( bis ));
ServletResponse sresp = new TestServletResponse(baos);
servlet.service(sreq, sresp);
sresp.flushBuffer(); //Flush the servlet response ServletOutputStream to our baos
bis = new ByteArrayInputStream(baos.toByteArray());
- Unmarshaller un = JAXBUtil.getUnmarshaller(SOAPSAMLXACMLUtil.getPackage());
+
+ SOAPMessage soapMessage = SOAPSAMLXACMLUtil.getSOAPMessage(bis);
+ Node xacmlNode = soapMessage.getSOAPBody().getChildNodes().item(0);
+ assertTrue( xacmlNode instanceof Element );
+ Element xacmlElement = (Element) xacmlNode;
+ assertTrue( xacmlElement.getLocalName().equals( "Fault" ) );
+ /*Unmarshaller un = JAXBUtil.getUnmarshaller(SOAPSAMLXACMLUtil.getPackage());
JAXBElement<Envelope> jax = (JAXBElement<Envelope>) un.unmarshal(bis);
Envelope envelope = jax.getValue();
assertNotNull("Envelope is not null", envelope);
JAXBElement<?> fault = (JAXBElement<?>) envelope.getBody().getAny().get(0);
- assertTrue(fault.getValue() instanceof Fault);
+ assertTrue(fault.getValue() instanceof Fault);*/
}
+ @Test
public void testInteropSOAPRequest() throws Exception
{
- validate("xacml/requests/interop-request.xml", DecisionType.PERMIT.value());
+ validate("xacml/requests/interop-request.xml", DecisionType.PERMIT.value(), false );
}
-
- @SuppressWarnings("unchecked")
- private void validate(String requestFile, String value) throws Exception
- {
- throw new RuntimeException();
- /*ByteArrayOutputStream baos = new ByteArrayOutputStream();
+
+ private void validate(String requestFile, String value, boolean needSOAPWrapping ) throws Exception
+ {
+ InputStream is = getInputStream(requestFile);
+ if(is == null)
+ throw new IllegalArgumentException("Input Stream to request file is null");
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+
SOAPSAMLXACMLServlet servlet = new SOAPSAMLXACMLServlet();
servlet.init(new TestServletConfig(getServletContext()));
- InputStream is = getInputStream(requestFile);
- if(is == null)
- throw new IllegalArgumentException("Input Stream to request file is null");
- ServletRequest sreq = new TestServletRequest(is);
+
+ if( needSOAPWrapping )
+ is = getSOAPStream( is );
+
+ ServletRequest sreq = new TestServletRequest( is );
ServletResponse sresp = new TestServletResponse(baos);
servlet.service(sreq, sresp);
sresp.flushBuffer(); //Flush the servlet response ServletOutputStream to our baos
+
+ ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray());
+
+ SOAPMessage soapMessage = SOAPSAMLXACMLUtil.getSOAPMessage(bis);
- ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray());
- Unmarshaller un = JAXBUtil.getUnmarshaller(SOAPSAMLXACMLUtil.getPackage());
+ Node xacmlNode = soapMessage.getSOAPBody().getChildNodes().item(0);
+ XACMLAuthzDecisionStatementType xacmlStatement = SOAPSAMLXACMLUtil.getDecisionStatement( xacmlNode );
+ /*Unmarshaller un = JAXBUtil.getUnmarshaller(SOAPSAMLXACMLUtil.getPackage());
JAXBElement<Envelope> jax = (JAXBElement<Envelope>) un.unmarshal(bis);
Envelope envelope = jax.getValue();
assertNotNull("Envelope is not null", envelope);
@@ -124,12 +144,14 @@
assertNotNull("ResponseType is not null", responseType);
AssertionType assertion = (AssertionType) responseType.getAssertionOrEncryptedAssertion().get(0);
XACMLAuthzDecisionStatementType xacmlStatement = (XACMLAuthzDecisionStatementType) assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().get(0);
+ */
+
assertNotNull("XACML Authorization Statement is not null", xacmlStatement);
org.jboss.security.xacml.core.model.context.ResponseType xacmlResponse = xacmlStatement.getResponse();
ResultType resultType = xacmlResponse.getResult().get(0);
DecisionType decision = resultType.getDecision();
assertNotNull("Decision is not null", decision);
- assertEquals(value, decision.value());*/
+ assertEquals(value, decision.value());
}
private ServletContext getServletContext()
@@ -144,4 +166,22 @@
ClassLoader tcl = Thread.currentThread().getContextClassLoader();
return tcl.getResourceAsStream(requestFileLoc);
}
+
+ private InputStream getSOAPStream( InputStream dataStream ) throws Exception
+ {
+ MessageFactory messageFactory = MessageFactory.newInstance();
+ SOAPMessage message = messageFactory.createMessage();
+ SOAPPart soapPart = message.getSOAPPart();
+ SOAPEnvelope envelope = soapPart.getEnvelope();
+ SOAPBody body = envelope.getBody();
+
+ body.addDocument( DocumentUtil.getDocument(dataStream));
+ message.saveChanges();
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ message.writeTo(baos);
+
+ System.out.println( new String( baos.toByteArray() ) );
+ return new ByteArrayInputStream( baos.toByteArray() );
+ }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/TestServletRequest.java
===================================================================
--- federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/TestServletRequest.java 2010-12-16 23:05:03 UTC (rev 610)
+++ federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/TestServletRequest.java 2010-12-20 21:58:55 UTC (rev 611)
@@ -74,14 +74,12 @@
}
public String getHeader(String name)
- {
-
+ {
return null;
}
public Enumeration getHeaderNames()
- {
-
+ {
return null;
}
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAssertionParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAssertionParser.java 2010-12-16 23:05:03 UTC (rev 610)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAssertionParser.java 2010-12-20 21:58:55 UTC (rev 611)
@@ -21,6 +21,9 @@
*/
package org.picketlink.identity.federation.core.parsers.saml;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.Unmarshaller;
import javax.xml.datatype.XMLGregorianCalendar;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLEventReader;
@@ -29,6 +32,8 @@
import javax.xml.stream.events.StartElement;
import javax.xml.stream.events.XMLEvent;
+import org.jboss.security.xacml.core.model.context.RequestType;
+import org.jboss.security.xacml.core.model.context.ResponseType;
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
import org.picketlink.identity.federation.core.exceptions.ParsingException;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
@@ -46,6 +51,7 @@
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.EncryptedAssertionType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType;
+import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType;
import org.w3c.dom.Element;
/**
@@ -156,6 +162,37 @@
AttributeStatementType attributeStatementType = SAMLParserUtil.parseAttributeStatement( xmlEventReader );
assertion.addStatement(attributeStatementType);
}
+ else if( JBossSAMLConstants.STATEMENT.get().equalsIgnoreCase( tag ) )
+ {
+ startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
+
+ String xsiTypeValue = StaxParserUtil.getXSITypeValue(startElement);
+ if( xsiTypeValue.contains(JBossSAMLConstants.XACML_AUTHZ_DECISION_STATEMENT_TYPE.get() ))
+ {
+ XACMLAuthzDecisionStatementType authZStat = new XACMLAuthzDecisionStatementType();
+
+ startElement = StaxParserUtil.peekNextStartElement(xmlEventReader);
+ tag = StaxParserUtil.getStartElementName(startElement);
+
+ if( tag.contains( JBossSAMLConstants.RESPONSE.get() ) )
+ {
+ authZStat.setResponse( getXACMLResponse( xmlEventReader ));
+ startElement = StaxParserUtil.peekNextStartElement(xmlEventReader);
+ //There may be request also
+ tag = StaxParserUtil.getStartElementName(startElement);
+ if( tag.contains( JBossSAMLConstants.REQUEST.get() ) )
+ {
+ authZStat.setRequest( getXACMLRequest( xmlEventReader ));
+ }
+ }
+
+ EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader);
+ StaxParserUtil.validate(endElement, JBossSAMLConstants.STATEMENT.get() );
+ assertion.addStatement(authZStat);
+ }
+ else
+ throw new RuntimeException( "Unknown xsi:type=" + xsiTypeValue );
+ }
else throw new RuntimeException( "SAMLAssertionParser:: unknown: " + tag );
}
return assertion;
@@ -186,4 +223,44 @@
return new AssertionType( id, issueInstant, version );
}
+
+ @SuppressWarnings("unchecked")
+ private ResponseType getXACMLResponse( XMLEventReader xmlEventReader ) throws ParsingException
+ {
+ Element xacmlResponse = StaxParserUtil.getDOMElement(xmlEventReader);
+ //xacml request
+ String xacmlPath = "org.jboss.security.xacml.core.model.context";
+ try
+ {
+ JAXBContext jaxb = JAXBContext.newInstance( xacmlPath );
+ Unmarshaller un = jaxb.createUnmarshaller();
+ un.setEventHandler(new javax.xml.bind.helpers.DefaultValidationEventHandler());
+ JAXBElement<ResponseType> jaxbResponseType = (JAXBElement<ResponseType>) un.unmarshal( DocumentUtil.getNodeAsStream(xacmlResponse));
+ return jaxbResponseType.getValue();
+ }
+ catch ( Exception e)
+ {
+ throw new ParsingException( e );
+ }
+ }
+
+ @SuppressWarnings("unchecked")
+ private RequestType getXACMLRequest( XMLEventReader xmlEventReader ) throws ParsingException
+ {
+ Element xacmlRequest = StaxParserUtil.getDOMElement(xmlEventReader);
+ //xacml request
+ String xacmlPath = "org.jboss.security.xacml.core.model.context";
+ try
+ {
+ JAXBContext jaxb = JAXBContext.newInstance( xacmlPath );
+ Unmarshaller un = jaxb.createUnmarshaller();
+ un.setEventHandler(new javax.xml.bind.helpers.DefaultValidationEventHandler());
+ JAXBElement<RequestType> jaxbRequestType = (JAXBElement<RequestType>) un.unmarshal( DocumentUtil.getNodeAsStream(xacmlRequest));
+ return jaxbRequestType.getValue();
+ }
+ catch ( Exception e)
+ {
+ throw new ParsingException( e );
+ }
+ }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLRequestAbstractParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLRequestAbstractParser.java 2010-12-16 23:05:03 UTC (rev 610)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLRequestAbstractParser.java 2010-12-20 21:58:55 UTC (rev 611)
@@ -85,6 +85,8 @@
protected void parseCommonElements( StartElement startElement, XMLEventReader xmlEventReader,
RequestAbstractType request ) throws ParsingException
{
+ if( startElement == null )
+ throw new IllegalArgumentException( " startElement is null" );
String elementName = StaxParserUtil.getStartElementName( startElement );
if( JBossSAMLConstants.ISSUER.get().equals( elementName ))
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/xacml/SAMLXACMLRequestParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/xacml/SAMLXACMLRequestParser.java 2010-12-16 23:05:03 UTC (rev 610)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/xacml/SAMLXACMLRequestParser.java 2010-12-20 21:58:55 UTC (rev 611)
@@ -65,7 +65,7 @@
return parseXACMLAuthzDecisionQuery(startElement, xmlEventReader);
}
- return null;
+ throw new RuntimeException( "Parsing Failed: Unknown Tag=" + tag );
}
public boolean supports(QName qname)
@@ -106,6 +106,8 @@
break;
}
startElement = StaxParserUtil.peekNextStartElement( xmlEventReader );
+ if( startElement == null )
+ break;
super.parseCommonElements(startElement, xmlEventReader, xacmlQuery);
String tag = StaxParserUtil.getStartElementName(startElement);
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/StaxParserUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/StaxParserUtil.java 2010-12-16 23:05:03 UTC (rev 610)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/StaxParserUtil.java 2010-12-20 21:58:55 UTC (rev 611)
@@ -142,7 +142,7 @@
throw new ParsingException( e );
}
}
-
+
/**
* Get the element text.
* @param xmlEventReader
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java 2010-12-16 23:05:03 UTC (rev 610)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java 2010-12-20 21:58:55 UTC (rev 611)
@@ -102,6 +102,7 @@
SIGNATURE_SHA1_WITH_RSA("http://www.w3.org/2000/09/xmldsig#rsa-sha1"),
SINGLE_SIGNON_SERVICE( "SingleSignOnService" ),
SINGLE_LOGOUT_SERVICE( "SingleLogoutService" ),
+ STATEMENT( "Statement" ),
STATUS( "Status" ),
STATUS_CODE( "StatusCode" ),
STATUS_DETAIL( "StatusDetail" ),
@@ -117,6 +118,7 @@
WANT_AUTHN_REQUESTS_SIGNED( "WantAuthnRequestsSigned" ),
XACML_AUTHZ_DECISION_QUERY( "XACMLAuthzDecisionQuery" ),
XACML_AUTHZ_DECISION_QUERY_TYPE( "XACMLAuthzDecisionQueryType" ),
+ XACML_AUTHZ_DECISION_STATEMENT_TYPE( "XACMLAuthzDecisionStatementType" ),
HTTP_POST_BINDING("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
private String val;
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java 2010-12-16 23:05:03 UTC (rev 610)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java 2010-12-20 21:58:55 UTC (rev 611)
@@ -104,6 +104,8 @@
X500_PREFIX("x500"),
X500_NSURI("urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500"),
+ XACML_SAML_NSURI( "urn:oasis:names:tc:xacml:2.0:saml:assertion:schema:os" ),
+ XACML_SAML_PROTO_NSURI( "urn:oasis:xacml:2.0:saml:protocol:schema:os" ),
XML( "http://www.w3.org/XML/1998/namespace" ),
XMLSCHEMA_NSURI("http://www.w3.org/2001/XMLSchema"),
XMLDSIG_NSURI("http://www.w3.org/2000/09/xmldsig#"),
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SAMLXACMLUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SAMLXACMLUtil.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SAMLXACMLUtil.java 2010-12-20 21:58:55 UTC (rev 611)
@@ -0,0 +1,88 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.saml.v2.util;
+
+import java.io.ByteArrayOutputStream;
+
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.transform.stream.StreamResult;
+
+import org.jboss.security.xacml.core.model.context.ObjectFactory;
+import org.jboss.security.xacml.core.model.context.RequestType;
+import org.jboss.security.xacml.core.model.context.ResponseType;
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.util.TransformerUtil;
+import org.w3c.dom.Document;
+
+/**
+ * Utility for SAML and XACML
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Dec 20, 2010
+ */
+public class SAMLXACMLUtil
+{
+ public final static String XACML_PKG_PATH = "org.jboss.security.xacml.core.model.context";
+
+ public static JAXBContext getJAXBContext() throws JAXBException
+ {
+ return JAXBContext.newInstance( XACML_PKG_PATH );
+ }
+
+ public static Document getXACMLResponse( ResponseType responseType ) throws ProcessingException
+ {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ JAXBElement<?> jaxb = (new ObjectFactory()).createResponse( responseType );
+
+ StreamResult result = new StreamResult( baos );
+
+ try
+ {
+ TransformerUtil.transform( SAMLXACMLUtil.getJAXBContext(), jaxb, result);
+ return DocumentUtil.getDocument( new String( baos.toByteArray() ));
+ }
+ catch ( Exception e )
+ {
+ throw new ProcessingException( e );
+ }
+ }
+
+ public static Document getXACMLRequest( RequestType requestType ) throws ProcessingException
+ {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ //Marshaller marshaller = getMarshaller();
+ JAXBElement<?> jaxb = (new ObjectFactory()).createRequest( requestType );
+
+ StreamResult result = new StreamResult( baos );
+
+ try
+ {
+ TransformerUtil.transform( getJAXBContext(), jaxb, result);
+ return DocumentUtil.getDocument( new String( baos.toByteArray() ));
+ }
+ catch ( Exception e )
+ {
+ throw new ProcessingException( e );
+ }
+ }
+}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java 2010-12-16 23:05:03 UTC (rev 610)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java 2010-12-20 21:58:55 UTC (rev 611)
@@ -21,21 +21,32 @@
*/
package org.picketlink.identity.federation.core.saml.v2.util;
-import java.io.StringReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.List;
+import java.util.Set;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-import javax.xml.bind.Unmarshaller;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactoryConfigurationError;
+import javax.xml.soap.MessageFactory;
+import javax.xml.soap.SOAPBody;
+import javax.xml.soap.SOAPEnvelope;
+import javax.xml.soap.SOAPException;
+import javax.xml.soap.SOAPFault;
+import javax.xml.soap.SOAPMessage;
+import javax.xml.stream.XMLEventReader;
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
+import org.picketlink.identity.federation.core.exceptions.ParsingException;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
-import org.picketlink.identity.federation.core.util.JAXBUtil;
+import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
+import org.picketlink.identity.federation.core.parsers.saml.xacml.SAMLXACMLRequestParser;
+import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.StatementAbstractType;
+import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType;
import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType;
-import org.picketlink.identity.federation.saml.v2.profiles.xacml.assertion.ObjectFactory;
-import org.w3c.dom.Element;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType.RTChoiceType;
+import org.w3c.dom.Node;
/**
* Utility associated with SOAP 1.1 Envelope,
@@ -44,60 +55,75 @@
* @since Jan 28, 2009
*/
public class SOAPSAMLXACMLUtil
-{
- private static String SOAP_PKG = "org.picketlink.identity.federation.org.xmlsoap.schemas.soap.envelope";
- private static String SAML_PROTO_PKG = "org.picketlink.identity.federation.saml.v2.protocol";
- private static String XACML_CTX_PKG = "org.jboss.security.xacml.core.model.context";
- private static String XACML_SAMLPROTO_PKG = "org.picketlink.identity.federation.saml.v2.profiles.xacml.protocol";
- private static String XACML_SAMLASSERT_PKG = "org.picketlink.identity.federation.saml.v2.profiles.xacml.assertion";
-
- private static String COLON = ":";
-
- private static String collectivePackage = getPackage();
-
- private static org.picketlink.identity.federation.saml.v2.profiles.xacml.protocol.ObjectFactory
- queryTypeObjectFactory = new org.picketlink.identity.federation.saml.v2.profiles.xacml.protocol.ObjectFactory();
-
- private static ObjectFactory statementObjectFactory = new ObjectFactory();
-
+{
/**
* Parse the XACML Authorization Decision Query from the Dom Element
* @param samlRequest
* @return
- * @throws TransformerException
- * @throws TransformerFactoryConfigurationError
- * @throws JAXBException
+ * @throws ProcessingException
+ * @throws ConfigurationException
+ * @throws ParsingException
*/
- public static XACMLAuthzDecisionQueryType getXACMLQueryType(Element samlRequest)
- throws ConfigurationException, ProcessingException, JAXBException
+ public static XACMLAuthzDecisionQueryType getXACMLQueryType( Node samlRequest )
+ throws ParsingException, ConfigurationException, ProcessingException
{
//We reparse it because the document may have issues with namespaces
- String elementString = DocumentUtil.getDOMElementAsString(samlRequest);
- Unmarshaller um = JAXBUtil.getUnmarshaller(collectivePackage);
+ //String elementString = DocumentUtil.getDOMElementAsString(samlRequest);
+
+ XMLEventReader xmlEventReader = StaxParserUtil.getXMLEventReader( DocumentUtil.getNodeAsStream( samlRequest ));
+ SAMLXACMLRequestParser samlXACMLRequestParser = new SAMLXACMLRequestParser();
+ return (XACMLAuthzDecisionQueryType) samlXACMLRequestParser.parse(xmlEventReader);
+
+ /*Unmarshaller um = JAXBUtil.getUnmarshaller(collectivePackage);
um.setEventHandler(new javax.xml.bind.helpers.DefaultValidationEventHandler());
JAXBElement<?> obj = (JAXBElement<?>) um.unmarshal(new StringReader(elementString));
Object xacmlObject = obj.getValue();
if(xacmlObject instanceof XACMLAuthzDecisionQueryType == false)
throw new RuntimeException("Unsupported type:" + xacmlObject);
- return (XACMLAuthzDecisionQueryType)xacmlObject;
+ return (XACMLAuthzDecisionQueryType)xacmlObject; */
}
- public static Marshaller getMarshaller() throws JAXBException
+ public static XACMLAuthzDecisionStatementType getDecisionStatement( Node samlResponse ) throws ConfigurationException, ProcessingException, ParsingException
{
- return JAXBUtil.getMarshaller(getPackage());
+ XMLEventReader xmlEventReader = StaxParserUtil.getXMLEventReader( DocumentUtil.getNodeAsStream( samlResponse ));
+ SAMLParser samlParser = new SAMLParser();
+ ResponseType response = (ResponseType) samlParser.parse( xmlEventReader );
+ List<RTChoiceType> choices = response.getAssertions();
+ for( RTChoiceType rst: choices )
+ {
+ AssertionType assertion = rst.getAssertion();
+ if( assertion == null )
+ continue;
+ Set<StatementAbstractType> stats = assertion.getStatements();
+ for( StatementAbstractType stat: stats )
+ {
+ if( stat instanceof XACMLAuthzDecisionStatementType )
+ {
+ return (XACMLAuthzDecisionStatementType) stat;
+ }
+ }
+ }
+
+ throw new RuntimeException( "Not found XACMLAuthzDecisionStatementType" );
}
- public static Unmarshaller getUnmarshaller() throws JAXBException
+ public static SOAPMessage getSOAPMessage( InputStream is ) throws IOException, SOAPException
{
- return JAXBUtil.getUnmarshaller(getPackage());
+ MessageFactory messageFactory = MessageFactory.newInstance();
+ return messageFactory.createMessage(null, is );
}
- public static String getPackage()
+ public static SOAPMessage createFault( String message ) throws SOAPException
{
- StringBuffer buf = new StringBuffer();
- buf.append(SOAP_PKG).append(COLON).append(SAML_PROTO_PKG).append(COLON);
- buf.append(XACML_CTX_PKG).append(COLON).append(XACML_SAMLPROTO_PKG).append(COLON).append(XACML_SAMLASSERT_PKG);
- return buf.toString();
+ MessageFactory messageFactory = MessageFactory.newInstance();
+ SOAPMessage msg = messageFactory.createMessage() ;
+ SOAPEnvelope envelope = msg.getSOAPPart().getEnvelope();
+ SOAPBody body = envelope.getBody();
+ SOAPFault fault = body.addFault();
+ fault.setFaultCode("Server");
+ fault.setFaultActor( "urn:picketlink" );
+ fault.setFaultString( message );
+ return msg;
}
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java 2010-12-16 23:05:03 UTC (rev 610)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java 2010-12-20 21:58:55 UTC (rev 611)
@@ -49,6 +49,9 @@
{
protected static String PROTOCOL_PREFIX = "samlp";
protected static String ASSERTION_PREFIX = "saml";
+ protected static String XACML_SAML_PREFIX = "xacml-saml";
+ protected static String XACML_SAML_PROTO_PREFIX = "xacml-samlp";
+ protected static String XSI_PREFIX = "xsi";
protected XMLStreamWriter writer = null;
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java 2010-12-16 23:05:03 UTC (rev 610)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java 2010-12-20 21:58:55 UTC (rev 611)
@@ -27,8 +27,12 @@
import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamWriter;
+import org.jboss.security.xacml.core.model.context.RequestType;
+import org.jboss.security.xacml.core.model.context.ResponseType;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import org.picketlink.identity.federation.core.saml.v2.util.SAMLXACMLUtil;
import org.picketlink.identity.federation.core.util.StaxUtil;
import org.picketlink.identity.federation.core.util.StringUtil;
import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
@@ -56,9 +60,11 @@
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType.STSubType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.URIType;
+import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType;
import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType;
import org.picketlink.identity.xmlsec.w3.xmldsig.X509CertificateType;
import org.picketlink.identity.xmlsec.w3.xmldsig.X509DataType;
+import org.w3c.dom.Document;
import org.w3c.dom.Element;
/**
@@ -159,7 +165,11 @@
{
write((AttributeStatementType) statement);
}
- else
+ else if (statement instanceof XACMLAuthzDecisionStatementType )
+ {
+ write((XACMLAuthzDecisionStatementType) statement);
+ }
+ else
throw new RuntimeException("unknown statement type=" + statement.getClass().getName());
}
}
@@ -215,8 +225,7 @@
*/
public void write(AuthnStatementType authnStatement) throws ProcessingException
{
- StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUTHN_STATEMENT.get(), ASSERTION_NSURI
- .get());
+ StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUTHN_STATEMENT.get(), ASSERTION_NSURI.get());
XMLGregorianCalendar authnInstant = authnStatement.getAuthnInstant();
if (authnInstant != null)
@@ -231,7 +240,73 @@
StaxUtil.writeEndElement(writer);
StaxUtil.flush(writer);
}
+
+ public void write( XACMLAuthzDecisionStatementType xacmlStat ) throws ProcessingException
+ {
+ StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.STATEMENT.get(), ASSERTION_NSURI.get());
+
+ StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, ASSERTION_NSURI.get());
+ StaxUtil.writeNameSpace(writer, XACML_SAML_PREFIX, JBossSAMLURIConstants.XACML_SAML_NSURI.get());
+ StaxUtil.writeNameSpace(writer, XACML_SAML_PROTO_PREFIX, JBossSAMLURIConstants.XACML_SAML_PROTO_NSURI.get());
+ StaxUtil.writeNameSpace(writer, XSI_PREFIX, JBossSAMLURIConstants.XSI_NSURI.get());
+
+ StaxUtil.writeAttribute( writer,
+ new QName( JBossSAMLURIConstants.XSI_NSURI.get(),JBossSAMLConstants.TYPE.get(), XSI_PREFIX),
+ XACMLAuthzDecisionStatementType.XSI_TYPE );
+
+ ResponseType responseType = xacmlStat.getResponse();
+ if( responseType == null )
+ throw new RuntimeException( " XACML response is null" );
+
+ Document doc = SAMLXACMLUtil.getXACMLResponse(responseType);
+ StaxUtil.writeDOMElement(writer, doc.getDocumentElement() );
+
+ /*try
+ {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ //Marshaller marshaller = getMarshaller();
+ JAXBElement<?> jaxb = (new ObjectFactory()).createResponse(responseType);
+
+ StreamResult result = new StreamResult( baos );
+
+ TransformerUtil.transform( SAMLXACMLUtil.getJAXBContext(), jaxb, result);
+ Document doc = DocumentUtil.getDocument( new String( baos.toByteArray() ));
+ StaxUtil.writeDOMNode(writer, doc.getDocumentElement() );
+ //marshaller.marshal(jaxb, writer);
+ }
+ catch ( Exception e)
+ {
+ throw new ProcessingException( e );
+ }*/
+
+ RequestType requestType = xacmlStat.getRequest();
+ if( requestType != null )
+ {
+ StaxUtil.writeDOMNode(writer, SAMLXACMLUtil.getXACMLRequest(requestType).getDocumentElement() );
+
+ /*try
+ {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ //Marshaller marshaller = getMarshaller();
+ JAXBElement<?> jaxb = (new ObjectFactory()).createRequest( requestType );
+
+ StreamResult result = new StreamResult( baos );
+
+ TransformerUtil.transform( getJAXBContext(), jaxb, result);
+ Document doc = DocumentUtil.getDocument( new String( baos.toByteArray() ));
+ StaxUtil.writeDOMNode(writer, doc.getDocumentElement() );
+ //marshaller.marshal( jaxb, writer );
+ }
+ catch ( Exception e )
+ {
+ throw new ProcessingException( e );
+ }*/
+ }
+ StaxUtil.writeEndElement(writer);
+ StaxUtil.flush(writer);
+ }
+
/**
* Write an {@code AuthnContextType} to stream
*
@@ -241,8 +316,7 @@
*/
public void write(AuthnContextType authContext) throws ProcessingException
{
- StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUTHN_CONTEXT.get(), ASSERTION_NSURI
- .get());
+ StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUTHN_CONTEXT.get(), ASSERTION_NSURI.get());
AuthnContextTypeSequence sequence = authContext.getSequence();
if (sequence != null)
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java 2010-12-16 23:05:03 UTC (rev 610)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java 2010-12-20 21:58:55 UTC (rev 611)
@@ -460,7 +460,7 @@
}
catch (XMLStreamException e)
{
- throw new ProcessingException(e);
+ //throw new ProcessingException(e);
}
}
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/TransformerUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/TransformerUtil.java 2010-12-16 23:05:03 UTC (rev 610)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/TransformerUtil.java 2010-12-20 21:58:55 UTC (rev 611)
@@ -25,9 +25,14 @@
import java.util.Properties;
import java.util.Stack;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.util.JAXBSource;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.events.Attribute;
+import javax.xml.stream.events.Characters;
+import javax.xml.stream.events.Comment;
import javax.xml.stream.events.EndElement;
import javax.xml.stream.events.Namespace;
import javax.xml.stream.events.StartElement;
@@ -115,7 +120,22 @@
throw new ParsingException( e );
}
}
+
+ public static void transform( JAXBContext context, JAXBElement<?> jaxb, Result result ) throws ParsingException
+ {
+ try
+ {
+ Transformer transformer = getTransformer();
+ JAXBSource jaxbSource = new JAXBSource(context, jaxb );
+ transformer.transform( jaxbSource , result );
+ }
+ catch ( Exception e )
+ {
+ throw new ParsingException( e );
+ }
+ }
+
/**
* Custom Project {@code Transformer} that can take in a {@link StAXSource}
* and transform into {@link DOMResult}
@@ -169,7 +189,12 @@
Element docStartElement = handleStartElement(xmlEventReader, startElement, holder );
Node el = doc.importNode(docStartElement, true);
- Node top = stack.peek();
+ Node top = null;
+
+ if( !stack.isEmpty())
+ {
+ top = stack.peek();
+ }
if( !holder.encounteredTextNode )
{
@@ -310,13 +335,25 @@
}
XMLEvent nextEvent = StaxParserUtil.peek(xmlEventReader);
- if( nextEvent.getEventType() == XMLEvent.CHARACTERS )
- {
- holder.encounteredTextNode = true;
- String text = StaxParserUtil.getElementText(xmlEventReader);
- Node textNode = doc.createTextNode( text );
- textNode = doc.importNode(textNode, true);
- el.appendChild( textNode );
+ if( nextEvent instanceof Comment )
+ {
+ Comment commentEvent = (Comment) nextEvent;
+ Node commentNode = doc.createComment( commentEvent.getText() );
+ commentNode = doc.importNode(commentNode, true);
+ el.appendChild(commentNode);
+ }
+ else if( nextEvent.getEventType() == XMLEvent.CHARACTERS )
+ {
+ Characters characterEvent = (Characters) nextEvent;
+ String trimmedData = characterEvent.getData().trim();
+ if( trimmedData != null && trimmedData.length() > 0 )
+ {
+ holder.encounteredTextNode = true;
+ String text = StaxParserUtil.getElementText(xmlEventReader);
+ Node textNode = doc.createTextNode( text );
+ textNode = doc.importNode(textNode, true);
+ el.appendChild( textNode );
+ }
}
return el;
}
Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLResponseParserTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLResponseParserTestCase.java 2010-12-16 23:05:03 UTC (rev 610)
+++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLResponseParserTestCase.java 2010-12-20 21:58:55 UTC (rev 611)
@@ -47,6 +47,7 @@
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectConfirmationDataType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectConfirmationType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType;
+import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType.RTChoiceType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusType;
@@ -177,10 +178,10 @@
AttributeStatementType attributeStatement = (AttributeStatementType) assertion.getStatements().iterator().next();
- List<org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType.ASTChoiceType> attributes = attributeStatement.getAttributes();
+ List<AttributeStatementType.ASTChoiceType> attributes = attributeStatement.getAttributes();
assertEquals( 2, attributes.size() );
- for( org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType.ASTChoiceType attr: attributes )
+ for( AttributeStatementType.ASTChoiceType attr: attributes )
{
AttributeType attribute = attr.getAttribute();
assertEquals( "role", attribute.getFriendlyName() );
@@ -192,59 +193,27 @@
String str = (String ) attributeValues.get( 0 );
if( ! ( str.equals( "employee") || str.equals( "manager" )))
throw new RuntimeException( "attrib value not found" );
- }
+ }
+ }
+
+ @Test
+ public void testXACMLDecisionStatements() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream( "saml-xacml/saml-xacml-response-1.xml" );
- /*List<JAXBElement<?>> content = subject.getContent();
+ SAMLParser parser = new SAMLParser();
+ ResponseType response = ( ResponseType ) parser.parse(configStream);
+ assertNotNull( "ResponseType is not null", response );
- int size = content.size();
+ //Get the assertion
+ AssertionType assertion = (AssertionType) response.getAssertions().get(0).getAssertion();
+ assertEquals( "ID_response-id:1", assertion.getID() );
+ assertEquals( XMLTimeUtil.parse( "2008-03-19T22:17:13Z" ), assertion.getIssueInstant() );
+ assertEquals( "2.0", assertion.getVersion() );
- for( int i = 0 ; i < size; i++ )
- {
- JAXBElement<?> node = content.get(i);
- Class<?> clazz = node.getDeclaredType();
-
- if( clazz.equals( NameIDType.class ))
- {
- NameIDType subjectNameID = (NameIDType) node.getValue();
-
- assertEquals( "anil", subjectNameID.getValue() );
- assertEquals( "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", subjectNameID.getFormat() );
- }
-
- else if( clazz.equals( SubjectConfirmationType.class ))
- {
- SubjectConfirmationType subjectConfirmation = (SubjectConfirmationType) node.getValue();
- assertEquals( "urn:oasis:names:tc:SAML:2.0:cm:bearer", subjectConfirmation.getMethod() );
-
- SubjectConfirmationDataType subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData();
- assertEquals( "ID_04ded476-d73c-48af-b3a9-232a52905ffb", subjectConfirmationData.getInResponseTo() );
- assertEquals( XMLTimeUtil.parse( "2010-11-04T00:19:16.842-05:00" ), subjectConfirmationData.getNotBefore() );
- assertEquals( XMLTimeUtil.parse( "2010-11-04T00:19:16.842-05:00" ), subjectConfirmationData.getNotOnOrAfter() );
- assertEquals( "http://localhost:8080/employee/", subjectConfirmationData.getRecipient());
- }
-
- else if( clazz.equals( AttributeStatementType.class ))
- {
- AttributeStatementType attributeStatement = (AttributeStatementType) node.getValue();
- List<Object> attributes = attributeStatement.getAttributeOrEncryptedAttribute();
- assertEquals( 2, attributes.size() );
-
- for( Object attr: attributes )
- {
- AttributeType attribute = (AttributeType) attr;
- assertEquals( "role", attribute.getFriendlyName() );
- assertEquals( "role", attribute.getName() );
- assertEquals( "role", attribute.getNameFormat() );
- List<Object> attributeValues = attribute.getAttributeValue();
- assertEquals( 1, attributeValues.size() );
-
- String str = (String ) attributeValues.get( 0 );
- if( ! ( str.equals( "employee") || str.equals( "manager" )))
- throw new RuntimeException( "attrib value not found" );
- }
- }
- else
- throw new RuntimeException( "unknown" );
- } */
+ XACMLAuthzDecisionStatementType xacmlStat = (XACMLAuthzDecisionStatementType) assertion.getStatements().iterator().next();
+ assertNotNull( xacmlStat.getRequest() );
+ assertNotNull( xacmlStat.getResponse() );
}
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/util/SAMLXACMLUnitTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/util/SAMLXACMLUnitTestCase.java 2010-12-16 23:05:03 UTC (rev 610)
+++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/util/SAMLXACMLUnitTestCase.java 2010-12-20 21:58:55 UTC (rev 611)
@@ -34,6 +34,8 @@
/**
* Read a SAML-XACML request
+ *
+ * @see {@code SAMLResponseParserTestCase#testXACMLDecisionStatements()}
* @author Anil.Saldhana(a)redhat.com
* @since Jan 8, 2009
*/
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/profiles/xacml/assertion/XACMLAuthzDecisionStatementType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/profiles/xacml/assertion/XACMLAuthzDecisionStatementType.java 2010-12-16 23:05:03 UTC (rev 610)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/profiles/xacml/assertion/XACMLAuthzDecisionStatementType.java 2010-12-20 21:58:55 UTC (rev 611)
@@ -49,6 +49,7 @@
public class XACMLAuthzDecisionStatementType
extends StatementAbstractType
{
+ public static final String XSI_TYPE = "xacml-samlp:XACMLAuthzDecisionStatementType";
protected ResponseType response;
protected RequestType request;
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java 2010-12-16 23:05:03 UTC (rev 610)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java 2010-12-20 21:58:55 UTC (rev 611)
@@ -21,6 +21,8 @@
*/
package org.picketlink.identity.federation.web.servlets.saml;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
@@ -33,38 +35,44 @@
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-import javax.xml.bind.Unmarshaller;
-import javax.xml.bind.helpers.DefaultValidationEventHandler;
+import javax.xml.soap.MessageFactory;
+import javax.xml.soap.SOAPBody;
+import javax.xml.soap.SOAPEnvelope;
+import javax.xml.soap.SOAPException;
+import javax.xml.soap.SOAPMessage;
+import javax.xml.stream.XMLStreamWriter;
import org.apache.log4j.Logger;
+import org.jboss.security.xacml.core.JBossPDP;
+import org.jboss.security.xacml.core.JBossRequestContext;
+import org.jboss.security.xacml.core.model.context.RequestType;
+import org.jboss.security.xacml.core.model.context.ResponseType;
+import org.jboss.security.xacml.core.model.context.ResultType;
+import org.jboss.security.xacml.interfaces.PolicyDecisionPoint;
+import org.jboss.security.xacml.interfaces.RequestContext;
+import org.jboss.security.xacml.interfaces.ResponseContext;
import org.picketlink.identity.federation.api.saml.v2.response.SAML2Response;
-import org.picketlink.identity.federation.core.factories.SOAPFactory;
+import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
+import org.picketlink.identity.federation.core.exceptions.ParsingException;
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.factories.XACMLContextFactory;
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
import org.picketlink.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
-import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.saml.v2.util.SOAPSAMLXACMLUtil;
import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
-import org.picketlink.identity.federation.core.util.JAXBUtil;
+import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter;
+import org.picketlink.identity.federation.core.util.StaxUtil;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.StatementAbstractType;
+import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType;
import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType;
-import org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestAbstractType;
-import org.picketlink.identity.federation.org.xmlsoap.schemas.soap.envelope.Body;
-import org.picketlink.identity.federation.org.xmlsoap.schemas.soap.envelope.Envelope;
-import org.picketlink.identity.federation.org.xmlsoap.schemas.soap.envelope.Fault;
-import org.jboss.security.xacml.core.JBossPDP;
-import org.jboss.security.xacml.core.JBossRequestContext;
-import org.jboss.security.xacml.core.model.context.RequestType;
-import org.jboss.security.xacml.core.model.context.ResponseType;
-import org.jboss.security.xacml.core.model.context.ResultType;
-import org.jboss.security.xacml.interfaces.PolicyDecisionPoint;
-import org.jboss.security.xacml.interfaces.RequestContext;
-import org.jboss.security.xacml.interfaces.ResponseContext;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
/**
* Servlet that can read SOAP 1.1 messages that contain
@@ -76,16 +84,16 @@
{
private static Logger log = Logger.getLogger(SOAPSAMLXACMLServlet.class);
private boolean trace = log.isTraceEnabled();
-
+
private static final long serialVersionUID = 1L;
-
+
private String policyConfigFileName = null;
-
+
private String issuerId = null;
private String issuer = null;
-
+
boolean debug = false;
-
+
private transient PolicyDecisionPoint pdp = null;
public void init(ServletConfig config) throws ServletException
@@ -93,15 +101,15 @@
issuerId = config.getInitParameter("issuerID");
if(issuerId == null)
issuerId = "issue-id:1";
-
+
issuer = config.getInitParameter("issuer");
if(issuer == null)
issuer = "urn:jboss-identity";
-
+
policyConfigFileName = config.getInitParameter("policyConfigFileName");
if(policyConfigFileName == null)
policyConfigFileName = "policyConfig.xml";
-
+
String debugStr = config.getInitParameter("debug");
try
{
@@ -111,19 +119,19 @@
{
debug = false;
}
-
+
if(trace)
{
log.trace("Issuer=" + issuer + " :: issuerID=" + issuerId);
log.trace("PolicyConfig File:" + policyConfigFileName);
log.trace("Debug="+debug);
}
-
+
if(debug)
{
SecurityActions.setSystemProperty("jaxb.debug", "true");
}
-
+
try
{
pdp = this.getPDP();
@@ -136,29 +144,74 @@
super.init(config);
}
-
- @SuppressWarnings("unchecked")
@Override
protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
{
- throw new RuntimeException( "FIX" );
- /*JAXBElement<RequestAbstractType> jaxbRequestType = null;
-
+ XACMLAuthzDecisionQueryType xacmlRequest = null;
+ MessageFactory messageFactory = null;
+ SOAPMessage returnSOAPMessage = null;
+ try
+ {
+ try
+ {
+ messageFactory = MessageFactory.newInstance();
+ SOAPMessage soapMessage = messageFactory.createMessage( null, req.getInputStream() );
+ SOAPEnvelope soapEnvelope = soapMessage.getSOAPPart().getEnvelope();
+ SOAPBody soapBody = soapEnvelope.getBody();
+ NodeList nl = soapBody.getChildNodes();
+ Node node = null;
+
+ int length = nl != null ? nl.getLength() : 0;
+ for( int i = 0; i < length; i++ )
+ {
+ Node n = nl.item(i);
+ String localName = n.getLocalName();
+ if( localName != null && ( localName.contains( JBossSAMLConstants.XACML_AUTHZ_DECISION_QUERY.get() )
+ || localName.contains( JBossSAMLConstants.REQUEST_ABSTRACT.get() )))
+ {
+ node = n;
+ break;
+ }
+ }
+ if( node == null )
+ throw new ServletException( "Did not find XACML query nodes" );
+ xacmlRequest = SOAPSAMLXACMLUtil.getXACMLQueryType( node );
+ }
+ catch (SOAPException e)
+ {
+ e.printStackTrace();
+ throw new ServletException( e );
+ }
+ catch (ParsingException e)
+ {
+ throw new ServletException( e );
+ }
+ catch (ConfigurationException e)
+ {
+ throw new ServletException( e );
+ }
+ catch (ProcessingException e)
+ {
+ throw new ServletException( e );
+ }
+
+ /*JAXBElement<RequestAbstractType> jaxbRequestType = null;
+
Envelope envelope = null;
XACMLAuthzDecisionQueryType xacmlRequest = null;
-
+
try
{
Document inputDoc = DocumentUtil.getDocument(req.getInputStream());
if(debug && trace)
log.trace("Received SOAP:"+DocumentUtil.asString(inputDoc));
-
+
Unmarshaller un = JAXBUtil.getUnmarshaller(SOAPSAMLXACMLUtil.getPackage());
if(debug)
un.setEventHandler(new DefaultValidationEventHandler());
Object unmarshalledObject = un.unmarshal(DocumentUtil.getNodeAsStream(inputDoc));
-
+
if(unmarshalledObject instanceof JAXBElement)
{
JAXBElement<?> jaxbElement = (JAXBElement<?>) unmarshalledObject;
@@ -185,57 +238,82 @@
xacmlRequest = (XACMLAuthzDecisionQueryType) element;
}
}
+
+ */
+
+
if(xacmlRequest == null)
throw new IOException("XACML Request not parsed");
RequestType requestType = xacmlRequest.getRequest();
-
+
RequestContext requestContext = new JBossRequestContext();
requestContext.setRequest(requestType);
-
+
//pdp evaluation is thread safe
ResponseContext responseContext = pdp.evaluate(requestContext);
-
+
ResponseType responseType = new ResponseType();
ResultType resultType = responseContext.getResult();
responseType.getResult().add(resultType);
XACMLAuthzDecisionStatementType xacmlStatement =
XACMLContextFactory.createXACMLAuthzDecisionStatementType(requestType, responseType);
-
+
//Place the xacml statement in an assertion
//Then the assertion goes inside a SAML Response
-
+
String ID = IDGenerator.create("ID_");
SAML2Response saml2Response = new SAML2Response();
IssuerInfoHolder issuerInfo = new IssuerInfoHolder(this.issuer);
-
+
List<StatementAbstractType> statements = new ArrayList<StatementAbstractType>();
statements.add(xacmlStatement);
-
+
AssertionType assertion = SAMLAssertionFactory.createAssertion(ID,
issuerInfo.getIssuer(),
XMLTimeUtil.getIssueInstant(),
null,
null,
statements);
-
- JAXBElement<?> jaxbResponse = JAXBElementMappingUtil.get(saml2Response.createResponseType(ID, issuerInfo, assertion));
-
+
+ org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType samlResponseType = saml2Response.createResponseType(ID, issuerInfo, assertion);
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ XMLStreamWriter xmlStreamWriter = StaxUtil.getXMLStreamWriter(baos);
+
+ SAMLResponseWriter samlResponseWriter = new SAMLResponseWriter( xmlStreamWriter );
+ samlResponseWriter.write( samlResponseType );
+ Document responseDocument = DocumentUtil.getDocument( new ByteArrayInputStream( baos.toByteArray() ));
+
+ returnSOAPMessage = messageFactory.createMessage();
+ SOAPBody returnSOAPBody = returnSOAPMessage.getSOAPBody();
+ returnSOAPBody.addDocument( responseDocument );
+
+ /*JAXBElement<?> jaxbResponse = JAXBElementMappingUtil.get();
+
//Create a SOAP Envelope to hold the SAML response
- envelope = this.createEnvelope(jaxbResponse);
+ envelope = this.createEnvelope(jaxbResponse); */
}
- catch (JAXBException e)
+ /*catch (JAXBException e)r
{
String id = IDGenerator.create();
log.error(id + "::Exception parsing SOAP:", e);
envelope = this.createEnvelope(this.createFault("Parsing Error. Reference::" + id));
- }
- catch (Exception e)
+ } */
+ catch ( Exception e )
{
+ e.printStackTrace();
String id = IDGenerator.create();
log.error(id + "::Exception:", e);
- envelope = this.createEnvelope(this.createFault("Server Error. Reference::" + id));
+ try
+ {
+ returnSOAPMessage = SOAPSAMLXACMLUtil.createFault( "Server Error" );
+ }
+ catch (SOAPException e1)
+ {
+ }
+ //envelope = this.createEnvelope(this.createFault("Server Error. Reference::" + id));
}
finally
{
@@ -243,19 +321,22 @@
OutputStream os = resp.getOutputStream();
try
{
- if(envelope == null)
+ if( returnSOAPMessage == null )
+ throw new RuntimeException( "SOAPMessage for return is null" );
+ returnSOAPMessage.writeTo( os );
+ /*if(envelope == null)
throw new IllegalStateException("SOAPEnvelope is null");
JAXBElement<?> jaxbEnvelope = JAXBElementMappingUtil.get(envelope);
Marshaller marshaller = JAXBUtil.getMarshaller(SOAPSAMLXACMLUtil.getPackage());
- marshaller.marshal(jaxbEnvelope, os);
+ marshaller.marshal(jaxbEnvelope, os); */
}
- catch (JAXBException e)
+ catch ( Exception e )
{
log("marshalling exception",e);
}
- } */
+ }
}
-
+
private PolicyDecisionPoint getPDP() throws PrivilegedActionException
{
ClassLoader tcl = SecurityActions.getContextClassLoader();
@@ -263,21 +344,5 @@
if(is == null)
throw new IllegalStateException(policyConfigFileName + " could not be located");
return new JBossPDP(is);
- }
-
- private Envelope createEnvelope(Object obj)
- {
- Envelope envelope = SOAPFactory.getObjectFactory().createEnvelope();
- Body body = SOAPFactory.getObjectFactory().createBody();
- body.getAny().add(obj);
- envelope.setBody(body);
- return envelope;
- }
-
- private JAXBElement<Fault> createFault(String msg)
- {
- Fault fault = SOAPFactory.getObjectFactory().createFault();
- fault.setFaultstring(msg);
- return SOAPFactory.getObjectFactory().createFault(fault);
- }
+ }
}
\ No newline at end of file
14 years
- 1
- 0
Picketlink SVN: r610 - federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2010-12-16 18:05:03 -0500 (Thu, 16 Dec 2010)
New Revision: 610
Modified:
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata/KeyDescriptorMetaDataBuilder.java
Log:
method usage change
Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata/KeyDescriptorMetaDataBuilder.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata/KeyDescriptorMetaDataBuilder.java 2010-12-16 23:04:36 UTC (rev 609)
+++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata/KeyDescriptorMetaDataBuilder.java 2010-12-16 23:05:03 UTC (rev 610)
@@ -61,7 +61,7 @@
encryptionMethod.getContent().add(BigInteger.valueOf(keySize));
- keyDescriptor.getEncryptionMethod().add(encryptionMethod);
+ keyDescriptor.addEncryptionMethod( encryptionMethod );
}
if(isSigningKey)
14 years
- 1
- 0
Picketlink SVN: r609 - federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/metadata.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2010-12-16 18:04:36 -0500 (Thu, 16 Dec 2010)
New Revision: 609
Modified:
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/metadata/MetaDataBuilderUnitTestCase.java
Log:
method usage change
Modified: federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/metadata/MetaDataBuilderUnitTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/metadata/MetaDataBuilderUnitTestCase.java 2010-12-16 23:04:08 UTC (rev 608)
+++ federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/metadata/MetaDataBuilderUnitTestCase.java 2010-12-16 23:04:36 UTC (rev 609)
@@ -57,7 +57,7 @@
assertNotNull("Org is not null", org);
assertEquals(organizationName,org.getOrganizationName().get(0).getValue());
assertEquals(organizationDisplayName, org.getOrganizationDisplayName().get(0).getValue());
- assertEquals(organizationURL, org.getOrganizationURL().get(0).getValue());
+ assertEquals(organizationURL, org.getOrganizationURL().get(0).getValue().toString() );
//Check the lang
assertEquals(lang, org.getOrganizationName().get(0).getLang());
14 years
- 1
- 0
Picketlink SVN: r608 - federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2010-12-16 18:04:08 -0500 (Thu, 16 Dec 2010)
New Revision: 608
Modified:
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java
Log:
ctr change
Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java 2010-12-16 23:03:30 UTC (rev 607)
+++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java 2010-12-16 23:04:08 UTC (rev 608)
@@ -210,11 +210,9 @@
* @throws ConfigurationException
*/
public LogoutRequestType createLogoutRequest(String issuer) throws ConfigurationException
- {
- LogoutRequestType lrt = new LogoutRequestType();
- lrt.setID(IDGenerator.create("ID_"));
- lrt.setIssueInstant(XMLTimeUtil.getIssueInstant());
- lrt.setVersion( JBossSAMLConstants.VERSION_2_0.get() );
+ {
+ LogoutRequestType lrt = new LogoutRequestType( IDGenerator.create("ID_"), JBossSAMLConstants.VERSION_2_0.get(),
+ XMLTimeUtil.getIssueInstant() );
//Create an issuer
NameIDType issuerNameID = new NameIDType();
14 years
- 1
- 0
Picketlink SVN: r607 - in federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2: protocol and 1 other directory.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2010-12-16 18:03:30 -0500 (Thu, 16 Dec 2010)
New Revision: 607
Modified:
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/profiles/xacml/protocol/XACMLAuthzDecisionQueryType.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/profiles/xacml/protocol/XACMLPolicyQueryType.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/ArtifactResolveType.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/AssertionIDRequestType.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/AttributeQueryType.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/AuthnQueryType.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/AuthnRequestType.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/AuthzDecisionQueryType.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/LogoutRequestType.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/ManageNameIDRequestType.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/NameIDMappingRequestType.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/RequestAbstractType.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/SubjectQueryAbstractType.java
Log:
adapt to RequestAbstractType ctr change
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/profiles/xacml/protocol/XACMLAuthzDecisionQueryType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/profiles/xacml/protocol/XACMLAuthzDecisionQueryType.java 2010-12-16 23:00:13 UTC (rev 606)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/profiles/xacml/protocol/XACMLAuthzDecisionQueryType.java 2010-12-16 23:03:30 UTC (rev 607)
@@ -20,7 +20,9 @@
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.protocol;
-
+
+import javax.xml.datatype.XMLGregorianCalendar;
+
import org.jboss.security.xacml.core.model.context.RequestType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestAbstractType;
@@ -47,90 +49,96 @@
*
*/
public class XACMLAuthzDecisionQueryType
- extends RequestAbstractType
+extends RequestAbstractType
{
- protected RequestType request;
- protected Boolean inputContextOnly;
- protected Boolean returnContext;
+ protected RequestType request;
+ protected Boolean inputContextOnly;
+ protected Boolean returnContext;
- /**
- * Gets the value of the request property.
- *
- * @return
- * possible object is
- * {@link RequestType }
- *
- */
- public RequestType getRequest() {
- return request;
- }
- /**
- * Sets the value of the request property.
- *
- * @param value
- * allowed object is
- * {@link RequestType }
- *
- */
- public void setRequest(RequestType value) {
- this.request = value;
- }
+ public XACMLAuthzDecisionQueryType(String id, String version, XMLGregorianCalendar instant)
+ {
+ super(id, version, instant);
+ }
- /**
- * Gets the value of the inputContextOnly property.
- *
- * @return
- * possible object is
- * {@link Boolean }
- *
- */
- public boolean isInputContextOnly() {
- if (inputContextOnly == null) {
- return false;
- } else {
- return inputContextOnly;
- }
- }
+ /**
+ * Gets the value of the request property.
+ *
+ * @return
+ * possible object is
+ * {@link RequestType }
+ *
+ */
+ public RequestType getRequest() {
+ return request;
+ }
- /**
- * Sets the value of the inputContextOnly property.
- *
- * @param value
- * allowed object is
- * {@link Boolean }
- *
- */
- public void setInputContextOnly(Boolean value) {
- this.inputContextOnly = value;
- }
+ /**
+ * Sets the value of the request property.
+ *
+ * @param value
+ * allowed object is
+ * {@link RequestType }
+ *
+ */
+ public void setRequest(RequestType value) {
+ this.request = value;
+ }
- /**
- * Gets the value of the returnContext property.
- *
- * @return
- * possible object is
- * {@link Boolean }
- *
- */
- public boolean isReturnContext() {
- if (returnContext == null) {
- return false;
- } else {
- return returnContext;
- }
- }
+ /**
+ * Gets the value of the inputContextOnly property.
+ *
+ * @return
+ * possible object is
+ * {@link Boolean }
+ *
+ */
+ public boolean isInputContextOnly() {
+ if (inputContextOnly == null) {
+ return false;
+ } else {
+ return inputContextOnly;
+ }
+ }
- /**
- * Sets the value of the returnContext property.
- *
- * @param value
- * allowed object is
- * {@link Boolean }
- *
- */
- public void setReturnContext(Boolean value) {
- this.returnContext = value;
- }
+ /**
+ * Sets the value of the inputContextOnly property.
+ *
+ * @param value
+ * allowed object is
+ * {@link Boolean }
+ *
+ */
+ public void setInputContextOnly(Boolean value) {
+ this.inputContextOnly = value;
+ }
+ /**
+ * Gets the value of the returnContext property.
+ *
+ * @return
+ * possible object is
+ * {@link Boolean }
+ *
+ */
+ public boolean isReturnContext() {
+ if (returnContext == null) {
+ return false;
+ } else {
+ return returnContext;
+ }
+ }
+
+ /**
+ * Sets the value of the returnContext property.
+ *
+ * @param value
+ * allowed object is
+ * {@link Boolean }
+ *
+ */
+ public void setReturnContext(Boolean value) {
+ this.returnContext = value;
+ }
+
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/profiles/xacml/protocol/XACMLPolicyQueryType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/profiles/xacml/protocol/XACMLPolicyQueryType.java 2010-12-16 23:00:13 UTC (rev 606)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/profiles/xacml/protocol/XACMLPolicyQueryType.java 2010-12-16 23:03:30 UTC (rev 607)
@@ -21,6 +21,8 @@
*/
package org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.protocol;
+import javax.xml.datatype.XMLGregorianCalendar;
+
import org.jboss.security.xacml.core.model.context.RequestType;
import org.jboss.security.xacml.core.model.policy.IdReferenceType;
import org.jboss.security.xacml.core.model.policy.TargetType;
@@ -50,7 +52,7 @@
*
*/
public class XACMLPolicyQueryType
- extends RequestAbstractType
+extends RequestAbstractType
{
public static class ChoiceType
{
@@ -91,13 +93,18 @@
this.policyIdReference = policyIdReference;
}
}
-
+
protected ChoiceType choiceType;
-
-
- public ChoiceType getChoiceType()
+
+
+ public XACMLPolicyQueryType(String id, String version, XMLGregorianCalendar instant)
{
+ super(id, version, instant);
+ }
+
+ public ChoiceType getChoiceType()
+ {
return choiceType;
}
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/ArtifactResolveType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/ArtifactResolveType.java 2010-12-16 23:00:13 UTC (rev 606)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/ArtifactResolveType.java 2010-12-16 23:03:30 UTC (rev 607)
@@ -21,8 +21,10 @@
*/
package org.picketlink.identity.federation.newmodel.saml.v2.protocol;
+import javax.xml.datatype.XMLGregorianCalendar;
+
/**
* <p>Java class for ArtifactResolveType complex type.
*
@@ -45,8 +47,13 @@
public class ArtifactResolveType
extends RequestAbstractType
{
- protected String artifact;
+ protected String artifact;
+ public ArtifactResolveType(String id, String version, XMLGregorianCalendar instant)
+ {
+ super(id, version, instant);
+ }
+
/**
* Gets the value of the artifact property.
*
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/AssertionIDRequestType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/AssertionIDRequestType.java 2010-12-16 23:00:13 UTC (rev 606)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/AssertionIDRequestType.java 2010-12-16 23:03:30 UTC (rev 607)
@@ -25,7 +25,9 @@
import java.util.Collections;
import java.util.List;
+import javax.xml.datatype.XMLGregorianCalendar;
+
/**
* <p>Java class for AssertionIDRequestType complex type.
*
@@ -49,6 +51,11 @@
extends RequestAbstractType
{
protected List<String> assertionIDRef = new ArrayList<String>();
+
+ public AssertionIDRequestType(String id, String version, XMLGregorianCalendar instant)
+ {
+ super(id, version, instant);
+ }
public void addAssertionIDRef( String id )
{
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/AttributeQueryType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/AttributeQueryType.java 2010-12-16 23:00:13 UTC (rev 606)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/AttributeQueryType.java 2010-12-16 23:03:30 UTC (rev 607)
@@ -25,6 +25,8 @@
import java.util.Collections;
import java.util.List;
+import javax.xml.datatype.XMLGregorianCalendar;
+
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeType;
@@ -52,6 +54,11 @@
extends SubjectQueryAbstractType
{
protected List<AttributeType> attribute = new ArrayList<AttributeType>();
+
+ public AttributeQueryType(String id, String version, XMLGregorianCalendar instant)
+ {
+ super(id, version, instant);
+ }
public void add( AttributeType att )
{
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/AuthnQueryType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/AuthnQueryType.java 2010-12-16 23:00:13 UTC (rev 606)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/AuthnQueryType.java 2010-12-16 23:03:30 UTC (rev 607)
@@ -21,7 +21,9 @@
*/
package org.picketlink.identity.federation.newmodel.saml.v2.protocol;
+import javax.xml.datatype.XMLGregorianCalendar;
+
/**
* <p>Java class for AuthnQueryType complex type.
*
@@ -44,11 +46,16 @@
*/
public class AuthnQueryType
extends SubjectQueryAbstractType
-{
-
+{
protected RequestedAuthnContextType requestedAuthnContext;
protected String sessionIndex;
+
+ public AuthnQueryType(String id, String version, XMLGregorianCalendar instant)
+ {
+ super(id, version, instant);
+ }
+
/**
* Gets the value of the requestedAuthnContext property.
*
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/AuthnRequestType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/AuthnRequestType.java 2010-12-16 23:00:13 UTC (rev 606)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/AuthnRequestType.java 2010-12-16 23:03:30 UTC (rev 607)
@@ -23,6 +23,8 @@
import java.net.URI;
+import javax.xml.datatype.XMLGregorianCalendar;
+
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.ConditionsType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType;
@@ -61,7 +63,6 @@
public class AuthnRequestType
extends RequestAbstractType
{
-
protected SubjectType subject;
protected NameIDPolicyType nameIDPolicy;
protected ConditionsType conditions;
@@ -75,6 +76,11 @@
protected Integer attributeConsumingServiceIndex;
protected String providerName;
+ public AuthnRequestType(String id, String version, XMLGregorianCalendar instant)
+ {
+ super(id, version, instant);
+ }
+
/**
* Gets the value of the subject property.
*
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/AuthzDecisionQueryType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/AuthzDecisionQueryType.java 2010-12-16 23:00:13 UTC (rev 606)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/AuthzDecisionQueryType.java 2010-12-16 23:03:30 UTC (rev 607)
@@ -26,6 +26,8 @@
import java.util.Collections;
import java.util.List;
+import javax.xml.datatype.XMLGregorianCalendar;
+
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.ActionType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.EvidenceType;
@@ -55,7 +57,12 @@
protected List<ActionType> action = new ArrayList<ActionType> ();
protected EvidenceType evidence;
protected URI resource;
-
+
+ public AuthzDecisionQueryType(String id, String version, XMLGregorianCalendar instant)
+ {
+ super(id, version, instant);
+ }
+
public void addAction( ActionType act )
{
this.action.add(act);
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/LogoutRequestType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/LogoutRequestType.java 2010-12-16 23:00:13 UTC (rev 606)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/LogoutRequestType.java 2010-12-16 23:03:30 UTC (rev 607)
@@ -68,7 +68,13 @@
protected String reason;
protected XMLGregorianCalendar notOnOrAfter;
- /**
+
+ public LogoutRequestType(String id, String version, XMLGregorianCalendar instant)
+ {
+ super(id, version, instant);
+ }
+
+ /**
* Gets the value of the baseID property.
*
* @return
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/ManageNameIDRequestType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/ManageNameIDRequestType.java 2010-12-16 23:00:13 UTC (rev 606)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/ManageNameIDRequestType.java 2010-12-16 23:03:30 UTC (rev 607)
@@ -21,6 +21,8 @@
*/
package org.picketlink.identity.federation.newmodel.saml.v2.protocol;
+import javax.xml.datatype.XMLGregorianCalendar;
+
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.EncryptedElementType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
@@ -55,14 +57,19 @@
*/
public class ManageNameIDRequestType
extends RequestAbstractType
-{
-
+{
protected NameIDType nameID;
protected EncryptedElementType encryptedID;
protected String newID;
protected EncryptedElementType newEncryptedID;
protected TerminateType terminate;
+
+ public ManageNameIDRequestType(String id, String version, XMLGregorianCalendar instant)
+ {
+ super(id, version, instant);
+ }
+
/**
* Gets the value of the nameID property.
*
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/NameIDMappingRequestType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/NameIDMappingRequestType.java 2010-12-16 23:00:13 UTC (rev 606)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/NameIDMappingRequestType.java 2010-12-16 23:03:30 UTC (rev 607)
@@ -21,6 +21,8 @@
*/
package org.picketlink.identity.federation.newmodel.saml.v2.protocol;
+import javax.xml.datatype.XMLGregorianCalendar;
+
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.BaseIDAbstractType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.EncryptedElementType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
@@ -59,6 +61,12 @@
protected EncryptedElementType encryptedID;
protected NameIDPolicyType nameIDPolicy;
+
+ public NameIDMappingRequestType(String id, String version, XMLGregorianCalendar instant)
+ {
+ super(id, version, instant);
+ }
+
/**
* Gets the value of the baseID property.
*
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/RequestAbstractType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/RequestAbstractType.java 2010-12-16 23:00:13 UTC (rev 606)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/RequestAbstractType.java 2010-12-16 23:03:30 UTC (rev 607)
@@ -69,6 +69,13 @@
protected URI destination;
protected String consent;
+ public RequestAbstractType( String id, String version, XMLGregorianCalendar instant )
+ {
+ this.id = id;
+ this.version = version;
+ this.issueInstant = instant;
+ }
+
/**
* Gets the value of the issuer property.
*
@@ -154,18 +161,6 @@
}
/**
- * Sets the value of the id property.
- *
- * @param value
- * allowed object is
- * {@link String }
- *
- */
- public void setID(String value) {
- this.id = value;
- }
-
- /**
* Gets the value of the version property.
*
* @return
@@ -175,21 +170,9 @@
*/
public String getVersion() {
return version;
- }
+ }
/**
- * Sets the value of the version property.
- *
- * @param value
- * allowed object is
- * {@link String }
- *
- */
- public void setVersion(String value) {
- this.version = value;
- }
-
- /**
* Gets the value of the issueInstant property.
*
* @return
@@ -199,21 +182,9 @@
*/
public XMLGregorianCalendar getIssueInstant() {
return issueInstant;
- }
+ }
/**
- * Sets the value of the issueInstant property.
- *
- * @param value
- * allowed object is
- * {@link XMLGregorianCalendar }
- *
- */
- public void setIssueInstant(XMLGregorianCalendar value) {
- this.issueInstant = value;
- }
-
- /**
* Gets the value of the destination property.
*
* @return
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/SubjectQueryAbstractType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/SubjectQueryAbstractType.java 2010-12-16 23:00:13 UTC (rev 606)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/protocol/SubjectQueryAbstractType.java 2010-12-16 23:03:30 UTC (rev 607)
@@ -21,6 +21,8 @@
*/
package org.picketlink.identity.federation.newmodel.saml.v2.protocol;
+import javax.xml.datatype.XMLGregorianCalendar;
+
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType;
@@ -47,6 +49,11 @@
extends RequestAbstractType
{
protected SubjectType subject;
+
+ public SubjectQueryAbstractType(String id, String version, XMLGregorianCalendar instant)
+ {
+ super(id, version, instant);
+ }
public void setSubject(SubjectType subject)
{
14 years
- 1
- 0
Picketlink SVN: r606 - in federation/trunk/picketlink-fed-core/src: main/java/org/picketlink/identity/federation/core/parsers/saml/xacml and 4 other directories.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2010-12-16 18:00:13 -0500 (Thu, 16 Dec 2010)
New Revision: 606
Added:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/xacml/
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/xacml/SAMLXACMLRequestParser.java
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAuthNRequestParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLRequestAbstractParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLSloRequestParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/StaxParserUtil.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/JBossSAMLAuthnRequestFactory.java
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/util/SAMLXACMLUnitTestCase.java
Log:
change ctr of RequestAbstractType and bring in xacml processing for saml profile
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAuthNRequestParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAuthNRequestParser.java 2010-12-16 21:30:09 UTC (rev 605)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAuthNRequestParser.java 2010-12-16 23:00:13 UTC (rev 606)
@@ -112,7 +112,8 @@
*/
private AuthnRequestType parseBaseAttributes( StartElement startElement ) throws ParsingException
{
- AuthnRequestType authnRequest = new AuthnRequestType();
+ super.parseRequiredAttributes(startElement);
+ AuthnRequestType authnRequest = new AuthnRequestType( id, version, issueInstant );
//Let us get the attributes
super.parseBaseAttributes(startElement, authnRequest );
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java 2010-12-16 21:30:09 UTC (rev 605)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java 2010-12-16 23:00:13 UTC (rev 606)
@@ -30,6 +30,7 @@
import org.picketlink.identity.federation.core.parsers.AbstractParser;
import org.picketlink.identity.federation.core.parsers.ParserNamespaceSupport;
import org.picketlink.identity.federation.core.parsers.saml.metadata.SAMLEntityDescriptorParser;
+import org.picketlink.identity.federation.core.parsers.saml.xacml.SAMLXACMLRequestParser;
import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
@@ -88,6 +89,23 @@
SAMLResponseParser responseParser = new SAMLResponseParser();
return responseParser.parse( xmlEventReader );
}
+
+ else if( JBossSAMLURIConstants.PROTOCOL_NSURI.get().equals( nsURI ) &&
+ JBossSAMLConstants.REQUEST_ABSTRACT.get().equals( startElementName.getLocalPart() ))
+ {
+ String xsiTypeValue = StaxParserUtil.getXSITypeValue(startElement);
+ if( xsiTypeValue.contains( JBossSAMLConstants.XACML_AUTHZ_DECISION_QUERY_TYPE.get() ))
+ {
+ SAMLXACMLRequestParser samlXacmlParser = new SAMLXACMLRequestParser();
+ return samlXacmlParser.parse(xmlEventReader);
+ }
+ throw new RuntimeException( "Unknown xsi:type=" + xsiTypeValue );
+ }
+ else if( JBossSAMLConstants.XACML_AUTHZ_DECISION_QUERY.get().equals( localPart ) )
+ {
+ SAMLXACMLRequestParser samlXacmlParser = new SAMLXACMLRequestParser();
+ return samlXacmlParser.parse(xmlEventReader);
+ }
else if( JBossSAMLConstants.ENTITY_DESCRIPTOR.get().equals( localPart ))
{
SAMLEntityDescriptorParser entityDescriptorParser = new SAMLEntityDescriptorParser();
@@ -97,8 +115,7 @@
{
SAMLAssertionParser assertionParser = new SAMLAssertionParser();
return assertionParser.parse( xmlEventReader );
- }
-
+ }
else throw new RuntimeException( "Unknown Tag:" + elementName );
}
else
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLRequestAbstractParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLRequestAbstractParser.java 2010-12-16 21:30:09 UTC (rev 605)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLRequestAbstractParser.java 2010-12-16 23:00:13 UTC (rev 606)
@@ -21,6 +21,7 @@
*/
package org.picketlink.identity.federation.core.parsers.saml;
+import javax.xml.datatype.XMLGregorianCalendar;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.events.Attribute;
@@ -41,33 +42,41 @@
*/
public abstract class SAMLRequestAbstractParser
{
- /**
- * Parse the attributes that are common to all SAML Request Types
- * @param startElement
- * @param request
- * @throws ParsingException
- */
- protected void parseBaseAttributes( StartElement startElement , RequestAbstractType request ) throws ParsingException
+ protected String id;
+ protected String version;
+ protected XMLGregorianCalendar issueInstant;
+
+ protected void parseRequiredAttributes( StartElement startElement ) throws ParsingException
{
Attribute idAttr = startElement.getAttributeByName( new QName( "ID" ));
if( idAttr == null )
throw new RuntimeException( "ID attribute is missing" );
- request.setID( StaxParserUtil.getAttributeValue( idAttr ));
- Attribute version = startElement.getAttributeByName( new QName( "Version" ));
- if( version == null )
+ id = StaxParserUtil.getAttributeValue( idAttr );
+
+ Attribute versionAttr = startElement.getAttributeByName( new QName( "Version" ));
+ if( versionAttr == null )
throw new RuntimeException( "Version attribute required in Request" );
- request.setVersion( StaxParserUtil.getAttributeValue( version ));
+ version = StaxParserUtil.getAttributeValue( versionAttr );
- Attribute issueInstant = startElement.getAttributeByName( new QName( "IssueInstant" ));
- if( issueInstant == null )
+ Attribute issueInstantAttr = startElement.getAttributeByName( new QName( "IssueInstant" ));
+ if( issueInstantAttr == null )
throw new RuntimeException( "IssueInstant attribute required in Request" );
- request.setIssueInstant( XMLTimeUtil.parse( StaxParserUtil.getAttributeValue( issueInstant )));
+ issueInstant = XMLTimeUtil.parse( StaxParserUtil.getAttributeValue( issueInstantAttr ));
+ }
+
+ /**
+ * Parse the attributes that are common to all SAML Request Types
+ * @param startElement
+ * @param request
+ * @throws ParsingException
+ */
+ protected void parseBaseAttributes( StartElement startElement, RequestAbstractType request ) throws ParsingException
+ {
+ Attribute destinationAttr = startElement.getAttributeByName( new QName( "Destination" ));
+ if( destinationAttr != null )
+ request.setDestination( NetworkUtil.createURI( StaxParserUtil.getAttributeValue( destinationAttr ) ));
- Attribute destination = startElement.getAttributeByName( new QName( "Destination" ));
- if( destination != null )
- request.setDestination( NetworkUtil.createURI( StaxParserUtil.getAttributeValue( destination )));
-
Attribute consent = startElement.getAttributeByName( new QName( "Consent" ));
if( consent != null )
request.setConsent( StaxParserUtil.getAttributeValue( consent ));
@@ -87,8 +96,7 @@
}
else if( JBossSAMLConstants.SIGNATURE.get().equals( elementName ))
{
- request.setSignature( StaxParserUtil.getDOMElement(xmlEventReader) );
- //StaxParserUtil.bypassElementBlock(xmlEventReader, JBossSAMLConstants.SIGNATURE.get() );
+ request.setSignature( StaxParserUtil.getDOMElement(xmlEventReader) );
}
}
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLSloRequestParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLSloRequestParser.java 2010-12-16 21:30:09 UTC (rev 605)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLSloRequestParser.java 2010-12-16 23:00:13 UTC (rev 606)
@@ -90,7 +90,8 @@
*/
private LogoutRequestType parseBaseAttributes( StartElement startElement ) throws ParsingException
{
- LogoutRequestType logoutRequest = new LogoutRequestType();
+ super.parseRequiredAttributes(startElement);
+ LogoutRequestType logoutRequest = new LogoutRequestType( id, version, issueInstant );
//Let us get the attributes
super.parseBaseAttributes(startElement, logoutRequest );
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/xacml/SAMLXACMLRequestParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/xacml/SAMLXACMLRequestParser.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/xacml/SAMLXACMLRequestParser.java 2010-12-16 23:00:13 UTC (rev 606)
@@ -0,0 +1,134 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.parsers.saml.xacml;
+
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLEventReader;
+import javax.xml.stream.events.EndElement;
+import javax.xml.stream.events.StartElement;
+import javax.xml.stream.events.XMLEvent;
+
+import org.jboss.security.xacml.core.model.context.RequestType;
+import org.picketlink.identity.federation.core.exceptions.ParsingException;
+import org.picketlink.identity.federation.core.parsers.ParserNamespaceSupport;
+import org.picketlink.identity.federation.core.parsers.saml.SAMLRequestAbstractParser;
+import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType;
+import org.w3c.dom.Element;
+
+/**
+ * Parse the XACML Elements as specified by the SAML-XACML Profile.
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Dec 16, 2010
+ */
+public class SAMLXACMLRequestParser extends SAMLRequestAbstractParser implements ParserNamespaceSupport
+{
+ public Object parse( XMLEventReader xmlEventReader ) throws ParsingException
+ {
+ StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
+ String tag = StaxParserUtil.getStartElementName(startElement);
+ if( tag.equals( JBossSAMLConstants.REQUEST_ABSTRACT.get() ))
+ {
+ String xsiTypeValue = StaxParserUtil.getXSITypeValue(startElement);
+ if( xsiTypeValue.contains( JBossSAMLConstants.XACML_AUTHZ_DECISION_QUERY_TYPE.get() ))
+ {
+ return parseXACMLAuthzDecisionQuery( startElement, xmlEventReader );
+ }
+ else throw new RuntimeException( "Unknown xsi:type=" + xsiTypeValue );
+ }
+ else if( tag.equals( JBossSAMLConstants.XACML_AUTHZ_DECISION_QUERY.get() ))
+ {
+ return parseXACMLAuthzDecisionQuery(startElement, xmlEventReader);
+ }
+
+ return null;
+ }
+
+ public boolean supports(QName qname)
+ {
+ return false;
+ }
+
+ @SuppressWarnings("unchecked")
+ private XACMLAuthzDecisionQueryType parseXACMLAuthzDecisionQuery( StartElement startElement,
+ XMLEventReader xmlEventReader ) throws ParsingException
+ {
+ super.parseRequiredAttributes( startElement );
+
+ XACMLAuthzDecisionQueryType xacmlQuery = new XACMLAuthzDecisionQueryType(id, version, issueInstant );
+ super.parseBaseAttributes( startElement, xacmlQuery );
+
+ String inputContextOnly = StaxParserUtil.getAttributeValue(startElement, JBossSAMLConstants.INPUT_CONTEXT_ONLY.get() );
+ if( inputContextOnly != null )
+ {
+ xacmlQuery.setInputContextOnly( Boolean.parseBoolean( inputContextOnly ));
+ }
+ String returnContext = StaxParserUtil.getAttributeValue(startElement, JBossSAMLConstants.RETURN_CONTEXT.get() );
+ if( returnContext != null )
+ {
+ xacmlQuery.setReturnContext( Boolean.parseBoolean( returnContext ));
+ }
+
+ //Go thru the children
+ while( xmlEventReader.hasNext() )
+ {
+ XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader);
+ if( xmlEvent instanceof EndElement )
+ {
+ EndElement endElement = (EndElement) xmlEvent;
+ if( ! (StaxParserUtil.matches(endElement, JBossSAMLConstants.REQUEST_ABSTRACT.get() )
+ || StaxParserUtil.matches(endElement, JBossSAMLConstants.XACML_AUTHZ_DECISION_QUERY.get() ) ))
+ throw new ParsingException( "Expected endelement RequestAbstract or XACMLAuthzDecisionQuery" );
+ break;
+ }
+ startElement = StaxParserUtil.peekNextStartElement( xmlEventReader );
+ super.parseCommonElements(startElement, xmlEventReader, xacmlQuery);
+ String tag = StaxParserUtil.getStartElementName(startElement);
+
+ if( tag.equals( JBossSAMLConstants.REQUEST.get() ))
+ {
+ Element xacmlRequest = StaxParserUtil.getDOMElement(xmlEventReader);
+ //xacml request
+ String xacmlPath = "org.jboss.security.xacml.core.model.context";
+ try
+ {
+ JAXBContext jaxb = JAXBContext.newInstance( xacmlPath );
+ Unmarshaller un = jaxb.createUnmarshaller();
+ un.setEventHandler(new javax.xml.bind.helpers.DefaultValidationEventHandler());
+ JAXBElement<RequestType> jaxbRequestType = (JAXBElement<RequestType>) un.unmarshal( DocumentUtil.getNodeAsStream(xacmlRequest));
+ RequestType req = jaxbRequestType.getValue();
+ xacmlQuery.setRequest(req);
+ }
+ catch ( Exception e)
+ {
+ throw new ParsingException( e );
+ }
+ }
+ }
+ return xacmlQuery;
+ }
+}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/StaxParserUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/StaxParserUtil.java 2010-12-16 21:30:09 UTC (rev 605)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/StaxParserUtil.java 2010-12-16 23:00:13 UTC (rev 606)
@@ -23,6 +23,7 @@
import java.io.InputStream;
+import javax.xml.namespace.QName;
import javax.xml.stream.Location;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.XMLInputFactory;
@@ -37,6 +38,8 @@
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
import org.picketlink.identity.federation.core.exceptions.ParsingException;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.util.TransformerUtil;
import org.w3c.dom.Document;
@@ -80,6 +83,21 @@
}
/**
+ * Get the Attribute value
+ * @param startElement
+ * @param tag localpart of the qname of the attribute
+ * @return
+ */
+ public static String getAttributeValue( StartElement startElement, String tag )
+ {
+ String result = null;
+ Attribute attr = startElement.getAttributeByName( new QName( tag ));
+ if( attr != null )
+ result = getAttributeValue(attr);
+ return result;
+ }
+
+ /**
* Given that the {@code XMLEventReader} is in {@code XMLStreamConstants.START_ELEMENT}
* mode, we parse into a DOM Element
* @param xmlEventReader
@@ -271,6 +289,21 @@
}
/**
+ * Given a start element, obtain the xsi:type defined
+ * @param startElement
+ * @return
+ * @throws RuntimeException if xsi:type is missing
+ */
+ public static String getXSITypeValue( StartElement startElement )
+ {
+ Attribute xsiType = startElement.getAttributeByName( new QName( JBossSAMLURIConstants.XSI_NSURI.get(),
+ JBossSAMLConstants.TYPE.get() ));
+ if( xsiType == null )
+ throw new RuntimeException( "xsi:type expected" );
+ return StaxParserUtil.getAttributeValue( xsiType );
+ }
+
+ /**
* Return whether the next event is going to be text
* @param xmlEventReader
* @return
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java 2010-12-16 21:30:09 UTC (rev 605)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java 2010-12-16 23:00:13 UTC (rev 606)
@@ -61,6 +61,7 @@
ID( "ID" ),
IDP_SSO_DESCRIPTOR( "IDPSSODescriptor" ),
INDEX( "index" ),
+ INPUT_CONTEXT_ONLY( "InputContextOnly" ),
IN_RESPONSE_TO( "InResponseTo" ),
ISDEFAULT( "isDefault" ),
ISSUE_INSTANT( "IssueInstant" ),
@@ -88,8 +89,11 @@
PROTOCOL_SUPPORT_ENUMERATION( "protocolSupportEnumeration" ),
REQUESTED_AUTHN_CONTEXT( "RequestedAuthnContext" ),
RECIPIENT( "Recipient" ),
+ REQUEST( "Request" ),
+ REQUEST_ABSTRACT( "RequestAbstract" ),
RESPONSE( "Response" ),
RESPONSE_LOCATION( "ResponseLocation" ),
+ RETURN_CONTEXT( "ReturnContext" ),
SESSION_INDEX( "SessionIndex" ),
SP_PROVIDED_ID( "SPProvidedID" ),
SP_NAME_QUALIFIER( "SPNameQualifier" ),
@@ -106,10 +110,13 @@
SUBJECT( "Subject" ),
SUBJECT_CONFIRMATION( "SubjectConfirmation" ),
SUBJECT_CONFIRMATION_DATA( "SubjectConfirmationData" ),
+ TYPE( "type" ),
VALUE( "Value" ),
VERSION( "Version" ),
VERSION_2_0("2.0"),
WANT_AUTHN_REQUESTS_SIGNED( "WantAuthnRequestsSigned" ),
+ XACML_AUTHZ_DECISION_QUERY( "XACMLAuthzDecisionQuery" ),
+ XACML_AUTHZ_DECISION_QUERY_TYPE( "XACMLAuthzDecisionQueryType" ),
HTTP_POST_BINDING("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
private String val;
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/JBossSAMLAuthnRequestFactory.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/JBossSAMLAuthnRequestFactory.java 2010-12-16 21:30:09 UTC (rev 605)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/JBossSAMLAuthnRequestFactory.java 2010-12-16 23:00:13 UTC (rev 606)
@@ -58,16 +58,14 @@
{
XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
- AuthnRequestType authnRequest = new AuthnRequestType();
- authnRequest.setID(id);
- authnRequest.setVersion(JBossSAMLConstants.VERSION_2_0.get());
+ String version = JBossSAMLConstants.VERSION_2_0.get();
+ AuthnRequestType authnRequest = new AuthnRequestType( id, version, issueInstant );
authnRequest.setAssertionConsumerServiceURL( NetworkUtil.createURI( assertionConsumerURL ));
authnRequest.setProtocolBinding( NetworkUtil.createURI( JBossSAMLConstants.HTTP_POST_BINDING.get() ));
if( destination != null )
{
authnRequest.setDestination( NetworkUtil.createURI( destination ));
- }
- authnRequest.setIssueInstant(issueInstant);
+ }
//Create an issuer
NameIDType issuer = new NameIDType();
Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/util/SAMLXACMLUnitTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/util/SAMLXACMLUnitTestCase.java 2010-12-16 21:30:09 UTC (rev 605)
+++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/util/SAMLXACMLUnitTestCase.java 2010-12-16 23:00:13 UTC (rev 606)
@@ -21,86 +21,63 @@
*/
package org.picketlink.test.identity.federation.core.util;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
import java.io.InputStream;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.Unmarshaller;
-
-import junit.framework.TestCase;
-
-import org.picketlink.identity.federation.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType;
import org.jboss.security.xacml.core.model.context.RequestType;
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
+import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestAbstractType;
/**
* Read a SAML-XACML request
* @author Anil.Saldhana(a)redhat.com
* @since Jan 8, 2009
*/
-public class SAMLXACMLUnitTestCase extends TestCase
+public class SAMLXACMLUnitTestCase
{
- @SuppressWarnings("unchecked")
/**
* Usage of samlp with xsi-type
*/
+ @Test
public void testSAML_XACML_Read() throws Exception
{
- throw new RuntimeException();
- /*String resourceName = "saml-xacml/saml-xacml-request.xml";
- String samlPath = "org.picketlink.identity.federation.saml.v2.protocol";
- String xacmlPath = "org.jboss.security.xacml.core.model.context";
- String xsAssert = "org.picketlink.identity.federation.saml.v2.profiles.xacml.assertion";
- String xsProto = "org.picketlink.identity.federation.saml.v2.profiles.xacml.protocol";
- String path = samlPath + ":" + xacmlPath + ":" + xsAssert + ":" + xsProto;
-
- JAXBContext jaxb = JAXBContext.newInstance(path);
- Unmarshaller un = jaxb.createUnmarshaller();
-
+ String resourceName = "saml-xacml/saml-xacml-request.xml";
+
ClassLoader tcl = Thread.currentThread().getContextClassLoader();
InputStream is = tcl.getResourceAsStream(resourceName);
-
- un.setEventHandler(new javax.xml.bind.helpers.DefaultValidationEventHandler());
-
- JAXBElement<RequestAbstractType> jaxbRequestType = (JAXBElement<RequestAbstractType>) un.unmarshal(is);
- RequestAbstractType req = jaxbRequestType.getValue();
+
+ SAMLParser parser = new SAMLParser();
+ RequestAbstractType req = (RequestAbstractType) parser.parse( is );
assertNotNull(req);
- assertTrue( req instanceof XACMLAuthzDecisionQueryType);
+ assertTrue( req instanceof XACMLAuthzDecisionQueryType );
XACMLAuthzDecisionQueryType xadqt = (XACMLAuthzDecisionQueryType) req;
RequestType requestType = xadqt.getRequest();
- assertNotNull(requestType);*/
+ assertNotNull(requestType);
}
- @SuppressWarnings("unchecked")
/**
* Usage of xacml-samlp
*/
+ @Test
public void testSAML_XACML_Read_2() throws Exception
- {
- throw new RuntimeException();
+ {
+ String resourceName = "saml-xacml/saml-xacml-request-2.xml";
- /*String resourceName = "saml-xacml/saml-xacml-request-2.xml";
- String samlPath = "org.picketlink.identity.federation.saml.v2.protocol";
- String xacmlPath = "org.jboss.security.xacml.core.model.context";
- String xsAssert = "org.picketlink.identity.federation.saml.v2.profiles.xacml.assertion";
- String xsProto = "org.picketlink.identity.federation.saml.v2.profiles.xacml.protocol";
- String path = samlPath + ":" + xacmlPath + ":" + xsAssert + ":" + xsProto;
-
- JAXBContext jaxb = JAXBContext.newInstance(path);
- Unmarshaller un = jaxb.createUnmarshaller();
-
ClassLoader tcl = Thread.currentThread().getContextClassLoader();
InputStream is = tcl.getResourceAsStream(resourceName);
- un.setEventHandler(new javax.xml.bind.helpers.DefaultValidationEventHandler());
-
- JAXBElement<RequestAbstractType> jaxbRequestType = (JAXBElement<RequestAbstractType>) un.unmarshal(is);
- RequestAbstractType req = jaxbRequestType.getValue();
+ SAMLParser parser = new SAMLParser();
+ RequestAbstractType req = (RequestAbstractType) parser.parse( is );
assertNotNull(req);
- assertTrue( req instanceof XACMLAuthzDecisionQueryType);
+ assertTrue( req instanceof XACMLAuthzDecisionQueryType );
XACMLAuthzDecisionQueryType xadqt = (XACMLAuthzDecisionQueryType) req;
RequestType requestType = xadqt.getRequest();
- assertNotNull(requestType);*/
+ assertNotNull(requestType);
}
}
\ No newline at end of file
14 years
- 1
- 0
Picketlink SVN: r605 - federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2010-12-16 16:30:09 -0500 (Thu, 16 Dec 2010)
New Revision: 605
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java
Log:
fix the end element
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java 2010-12-16 21:14:08 UTC (rev 604)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java 2010-12-16 21:30:09 UTC (rev 605)
@@ -71,6 +71,13 @@
while( xmlEventReader.hasNext() )
{
+ XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader);
+ if( xmlEvent instanceof EndElement )
+ {
+ EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader);
+ StaxParserUtil.validate(endElement, JBossSAMLConstants.ATTRIBUTE_STATEMENT.get() );
+ break;
+ }
//Get the next start element
startElement = StaxParserUtil.peekNextStartElement( xmlEventReader );
String tag = startElement.getName().getLocalPart();
14 years
- 1
- 0
Picketlink SVN: r604 - federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/metadata/store.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2010-12-16 16:14:08 -0500 (Thu, 16 Dec 2010)
New Revision: 604
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/metadata/store/FileBasedMetadataConfigurationStore.java
Log:
further metadata writing
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/metadata/store/FileBasedMetadataConfigurationStore.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/metadata/store/FileBasedMetadataConfigurationStore.java 2010-12-15 22:28:09 UTC (rev 603)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/metadata/store/FileBasedMetadataConfigurationStore.java 2010-12-16 21:14:08 UTC (rev 604)
@@ -35,19 +35,21 @@
import java.util.Set;
import java.util.StringTokenizer;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-import javax.xml.bind.Unmarshaller;
import javax.xml.stream.XMLStreamWriter;
import org.apache.log4j.Logger;
import org.picketlink.identity.federation.core.constants.PicketLinkFederationConstants;
+import org.picketlink.identity.federation.core.exceptions.ParsingException;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.parsers.saml.metadata.SAMLEntityDescriptorParser;
+import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil;
import org.picketlink.identity.federation.core.saml.v2.writers.SAMLMetadataWriter;
-import org.picketlink.identity.federation.core.util.JAXBUtil;
import org.picketlink.identity.federation.core.util.StaxUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType.EDTChoiceType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType.EDTDescriptorChoiceType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.IDPSSODescriptorType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.SPSSODescriptorType;
/**
* File based metadata store that uses
@@ -65,8 +67,6 @@
private String baseDirectory = null;
- private String pkgName = "org.picketlink.identity.federation.saml.v2.metadata";
-
public FileBasedMetadataConfigurationStore()
{
bootstrap();
@@ -168,15 +168,25 @@
/**
* @see IMetadataConfigurationStore#load(String)
- */
- @SuppressWarnings("unchecked")
+ */
public EntityDescriptorType load(String id) throws IOException
{
File persistedFile = validateIdAndReturnMDFile(id);
+
+ SAMLEntityDescriptorParser parser = new SAMLEntityDescriptorParser();
+ try
+ {
+ return (EntityDescriptorType) parser.parse( StaxParserUtil.getXMLEventReader( new FileInputStream( persistedFile )) );
+ }
+ catch (ParsingException e)
+ {
+ throw new RuntimeException( e );
+ }/*
Unmarshaller un;
try
{
+
un = JAXBUtil.getUnmarshaller(pkgName);
JAXBElement<EntityDescriptorType> je =
(JAXBElement<EntityDescriptorType>) un.unmarshal(persistedFile);
@@ -187,7 +197,7 @@
IOException ioe =new IOException(e.getLocalizedMessage());
ioe.initCause(e);
throw ioe;
- }
+ }*/
}
@@ -195,10 +205,7 @@
* @see IMetadataConfigurationStore#persist(EntityDescriptorType, String)
*/
public void persist(EntityDescriptorType entity, String id) throws IOException
- {
- boolean isIDP = false;
- boolean isSP = false;
-
+ {
File persistedFile = validateIdAndReturnMDFile(id);
try
@@ -211,55 +218,28 @@
catch (ProcessingException e)
{
throw new RuntimeException( e );
- }
-
-
- /*ObjectFactory of = new ObjectFactory();
-
- JAXBElement<?> jentity = of.createEntityDescriptor(entity);
-
- Marshaller m;
- try
- {
- m = JAXBUtil.getMarshaller(pkgName);
- m.marshal(jentity, persistedFile);
- }
- catch (JAXBException e)
- {
- IOException ioe =new IOException(e.getLocalizedMessage());
- ioe.initCause(e);
- throw ioe;
- }*/
+ }
if(trace) log.trace("Persisted into " + persistedFile.getPath());
-
-
- throw new RuntimeException();
- /*//We need to figure out whether this is sp or idp from the entity data
- List<RoleDescriptorType> roleDescriptorTypes = entity..getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor();
- for( RoleDescriptorType rdt: roleDescriptorTypes )
+ //Process the EDT
+ List<EDTChoiceType> edtChoiceTypeList = entity.getChoiceType();
+ for( EDTChoiceType edtChoiceType : edtChoiceTypeList )
{
- if( rdt instanceof IDPSSODescriptorType )
+ List<EDTDescriptorChoiceType> edtDescriptorChoiceTypeList = edtChoiceType.getDescriptors();
+ for( EDTDescriptorChoiceType edtDesc : edtDescriptorChoiceTypeList )
{
- isIDP = true;
- break;
- }
- if( rdt instanceof SPSSODescriptorType )
- {
- isSP = true;
- break;
- }
- }
-
- if( isSP )
- {
- addServiceProvider(id);
- }
- else if( isIDP )
- {
- addIdentityProvider( id);
- }
- */
+ IDPSSODescriptorType idpSSO = edtDesc.getIdpDescriptor();
+ if( idpSSO != null )
+ {
+ addIdentityProvider(id);
+ }
+ SPSSODescriptorType spSSO = edtDesc.getSpDescriptor();
+ if( spSSO != null )
+ {
+ addServiceProvider(id);
+ }
+ }
+ }
}
/**
14 years
- 1
- 0
Picketlink SVN: r603 - federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2010-12-15 17:28:09 -0500 (Wed, 15 Dec 2010)
New Revision: 603
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java
Log:
further metadata writing
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java 2010-12-15 22:02:42 UTC (rev 602)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java 2010-12-15 22:28:09 UTC (rev 603)
@@ -34,15 +34,21 @@
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.picketlink.identity.federation.core.util.StaxUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.AffiliationDescriptorType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.AttributeAuthorityDescriptorType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.AuthnAuthorityDescriptorType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EndpointType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType.EDTChoiceType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType.EDTDescriptorChoiceType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.IDPSSODescriptorType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.IndexedEndpointType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.KeyDescriptorType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.LocalizedNameType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.LocalizedURIType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.OrganizationType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.SPSSODescriptorType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.SSODescriptorType;
import org.w3c.dom.Element;
/**
@@ -63,16 +69,55 @@
{
StaxUtil.writeStartElement(writer, METADATA_PREFIX, JBossSAMLConstants.ENTITY_DESCRIPTOR.get(), METADATA_NSURI.get());
StaxUtil.writeDefaultNameSpace(writer, JBossSAMLURIConstants.METADATA_NSURI.get() );
- StaxUtil.writeNameSpace(writer, "saml", JBossSAMLURIConstants.ASSERTION_NSURI.get() );
-
+ StaxUtil.writeNameSpace(writer, "md", JBossSAMLURIConstants.METADATA_NSURI.get() );
+ StaxUtil.writeNameSpace(writer, "saml", JBossSAMLURIConstants.ASSERTION_NSURI.get() );
StaxUtil.writeNameSpace(writer, "ds", JBossSAMLURIConstants.XMLDSIG_NSURI.get() );
+
StaxUtil.writeAttribute(writer, JBossSAMLConstants.ENTITY_ID.get(), entityDescriptor.getEntityID() );
+
+ List<EDTChoiceType> choiceTypes = entityDescriptor.getChoiceType();
+ for( EDTChoiceType edtChoice : choiceTypes )
+ {
+ AffiliationDescriptorType affliationDesc = edtChoice.getAffiliationDescriptor();
+ if( affliationDesc != null )
+ throw new RuntimeException( "handle affliation" ); //TODO: affiliation
+
+ List<EDTDescriptorChoiceType> edtDescChoices = edtChoice.getDescriptors();
+ for( EDTDescriptorChoiceType edtDescChoice : edtDescChoices )
+ {
+ IDPSSODescriptorType idpSSO = edtDescChoice.getIdpDescriptor();
+ if( idpSSO != null )
+ write( edtDescChoice.getIdpDescriptor() );
+
+ SPSSODescriptorType spSSO = edtDescChoice.getSpDescriptor();
+ if( spSSO != null )
+ throw new RuntimeException( "NYI" );
+
+ AttributeAuthorityDescriptorType attribAuth = edtDescChoice.getAttribDescriptor();
+ if( attribAuth != null )
+ writeAttributeAuthorityDescriptor(attribAuth);
+
+ AuthnAuthorityDescriptorType authNDesc = edtDescChoice.getAuthnDescriptor();
+ if( authNDesc != null )
+ throw new RuntimeException( "NYI" );
+ }
+ }
+
StaxUtil.writeEndElement(writer);
StaxUtil.flush(writer);
}
- public void writeIDPSSODescriptor( IDPSSODescriptorType idpSSODescriptor ) throws ProcessingException
+ public void write( SSODescriptorType ssoDescriptor ) throws ProcessingException
{
+ throw new RuntimeException( "should not called" );
+ }
+ public void write( SPSSODescriptorType spSSODescriptor ) throws ProcessingException
+ {
+ throw new RuntimeException( "NYI" );
+ }
+
+ public void write( IDPSSODescriptorType idpSSODescriptor ) throws ProcessingException
+ {
StaxUtil.writeStartElement(writer, METADATA_PREFIX, JBossSAMLConstants.IDP_SSO_DESCRIPTOR.get(), METADATA_NSURI.get());
boolean wantsAuthnRequestsSigned = idpSSODescriptor.isWantAuthnRequestsSigned();
@@ -104,6 +149,12 @@
writeNameIDFormat( nameIDFormat );
}
+ List<AttributeType> attributes = idpSSODescriptor.getAttribute();
+ for( AttributeType attribType : attributes )
+ {
+ write( attribType );
+ }
+
StaxUtil.writeEndElement(writer);
StaxUtil.flush(writer);
}
14 years
- 1
- 0