Picketlink SVN: r324 - federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2010-06-30 18:42:29 -0400 (Wed, 30 Jun 2010)
New Revision: 324
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java
Log:
PLFED-91: make the canonicalization method configurable via system property
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java 2010-06-30 22:33:58 UTC (rev 323)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java 2010-06-30 22:42:29 UTC (rev 324)
@@ -72,6 +72,8 @@
/**
* Utility for XML Signature
+ * <b>Note:</b> You can change the canonicalization method type by using
+ * the system property "picketlink.xmlsig.canonicalization"
* @author Anil.Saldhana(a)redhat.com
* @since Dec 15, 2008
*/
@@ -81,7 +83,9 @@
private static boolean trace = log.isTraceEnabled();
private static String pkgName = "org.picketlink.identity.federation.w3.xmldsig";
- private static String schemaLocation = "schema/saml/v2/xmldsig-core-schema.xsd";
+ private static String schemaLocation = "schema/saml/v2/xmldsig-core-schema.xsd";
+
+ private static String canonicalizationMethodType = null;
private static ObjectFactory objectFactory = new ObjectFactory();
@@ -112,12 +116,25 @@
public Object run()
{
System.setProperty("org.apache.xml.security.ignoreLineBreaks", "true");
+
+ canonicalizationMethodType = System.getProperty( "picketlink.xmlsig.canonicalization",
+ CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS );
return null;
}
});
};
/**
+ * Set the canonicalization method type
+ * @param canonical
+ */
+ public static void setCanonicalizationMethodType( String canonical )
+ {
+ if( canonical != null )
+ canonicalizationMethodType = canonical;
+ }
+
+ /**
* Precheck whether the document that will be validated
* has the right signedinfo
* @param doc
@@ -246,7 +263,6 @@
Reference ref = fac.newReference
( referenceURI, digestMethodObj,transformList,null, null);
- String canonicalizationMethodType = CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS;
CanonicalizationMethod canonicalizationMethod
= fac.newCanonicalizationMethod
(canonicalizationMethodType, (C14NMethodParameterSpec) null);
14 years, 5 months
Picketlink SVN: r323 - in federation/trunk: picketlink-web/src/main/java/org/picketlink/identity/federation/web/process and 1 other directory.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2010-06-30 18:33:58 -0400 (Wed, 30 Jun 2010)
New Revision: 323
Modified:
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/process/ServiceProviderBaseProcessor.java
Log:
PLFED-95: saml authn request should set destination
Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2010-06-30 21:59:46 UTC (rev 322)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2010-06-30 22:33:58 UTC (rev 323)
@@ -125,9 +125,9 @@
try
{
ServiceProviderBaseProcessor baseProcessor = new ServiceProviderBaseProcessor(true, serviceURL);
+ baseProcessor.setIdentityURL( identityURL );
- saml2HandlerResponse = baseProcessor.process(httpContext, handlers, chainLock);
- saml2HandlerResponse.setDestination(identityURL);
+ saml2HandlerResponse = baseProcessor.process(httpContext, handlers, chainLock);
}
catch(ProcessingException pe)
{
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/process/ServiceProviderBaseProcessor.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/process/ServiceProviderBaseProcessor.java 2010-06-30 21:59:46 UTC (rev 322)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/process/ServiceProviderBaseProcessor.java 2010-06-30 22:33:58 UTC (rev 323)
@@ -60,6 +60,8 @@
protected boolean postBinding;
protected String serviceURL;
+ protected String identityURL;
+
protected SPType spConfiguration;
protected TrustKeyManager keyManager;
@@ -95,6 +97,15 @@
}
/**
+ * Set the Identity URL
+ * @param identityURL
+ */
+ public void setIdentityURL(String identityURL)
+ {
+ this.identityURL = identityURL;
+ }
+
+ /**
* Whether we support signatures during the current processing
* @param supportSignatures
*/
@@ -118,7 +129,9 @@
//Create the request/response
SAML2HandlerRequest saml2HandlerRequest = getSAML2HandlerRequest(null,httpContext);
- SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();
+ SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();
+
+ saml2HandlerResponse.setDestination( identityURL );
//Reset the state
try
@@ -162,10 +175,9 @@
protected SAML2HandlerRequest getSAML2HandlerRequest(SAMLDocumentHolder documentHolder,
HTTPContext httpContext)
{
- IssuerInfoHolder holder = new IssuerInfoHolder(this.serviceURL);
+ IssuerInfoHolder holder = new IssuerInfoHolder(this.serviceURL);
- return
- new DefaultSAML2HandlerRequest(httpContext,
+ return new DefaultSAML2HandlerRequest(httpContext,
holder.getIssuer(), documentHolder,
HANDLER_TYPE.SP);
}
14 years, 5 months
Picketlink SVN: r322 - in federation/trunk: picketlink-web/src/main/java/org/picketlink/identity/federation/web/process and 1 other directory.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2010-06-30 17:59:46 -0400 (Wed, 30 Jun 2010)
New Revision: 322
Modified:
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/process/ServiceProviderSAMLResponseProcessor.java
Log:
PLFED-92: SPPostSignatureFormAuthenticator should induce signature verification of IDP
Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2010-06-30 21:40:43 UTC (rev 321)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2010-06-30 21:59:46 UTC (rev 322)
@@ -43,7 +43,6 @@
import org.picketlink.identity.federation.core.exceptions.ParsingException;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.interfaces.TrustKeyManager;
-import org.picketlink.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
import org.picketlink.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
import org.picketlink.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler;
@@ -79,6 +78,12 @@
protected TrustKeyManager keyManager;
+ /**
+ * A flag to indicate that we are going to validate signature
+ * for saml responses from IDP
+ */
+ protected boolean validateSignature = false;
+
public SPPostFormAuthenticator()
{
super();
@@ -187,6 +192,7 @@
{
ServiceProviderSAMLResponseProcessor responseProcessor =
new ServiceProviderSAMLResponseProcessor(true, serviceURL);
+ responseProcessor.setValidateSignature( validateSignature );
SAML2HandlerResponse saml2HandlerResponse =
responseProcessor.process(samlResponse, httpContext, handlers, chainLock);
@@ -337,17 +343,5 @@
protected ResponseType decryptAssertion(ResponseType responseType)
{
throw new RuntimeException("This authenticator does not handle encryption");
- }
-
- /**
- * Verify Signature
- * @param samlDocumentHolder
- * @return
- * @throws IssuerNotTrustedException
- */
- protected boolean verifySignature(SAMLDocumentHolder samlDocumentHolder) throws IssuerNotTrustedException
- {
- //this authenticator does not deal with signatures.
- return true;
- }
+ }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java 2010-06-30 21:40:43 UTC (rev 321)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java 2010-06-30 21:59:46 UTC (rev 322)
@@ -22,15 +22,9 @@
package org.picketlink.identity.federation.bindings.tomcat.sp;
import java.io.IOException;
-import java.net.MalformedURLException;
-import java.net.URL;
import java.security.KeyPair;
-import java.security.PublicKey;
import java.util.List;
-import javax.xml.crypto.MarshalException;
-import javax.xml.crypto.dsig.XMLSignatureException;
-
import org.apache.catalina.LifecycleException;
import org.apache.catalina.connector.Response;
import org.apache.log4j.Logger;
@@ -39,15 +33,9 @@
import org.picketlink.identity.federation.core.config.KeyProviderType;
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
-import org.picketlink.identity.federation.core.interfaces.TrustKeyConfigurationException;
import org.picketlink.identity.federation.core.interfaces.TrustKeyManager;
-import org.picketlink.identity.federation.core.interfaces.TrustKeyProcessingException;
-import org.picketlink.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
-import org.picketlink.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.util.CoreConfigUtil;
-import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
-import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
import org.w3c.dom.Document;
/**
@@ -61,8 +49,16 @@
private static Logger log = Logger.getLogger(SPPostSignatureFormAuthenticator.class);
private boolean trace = log.isTraceEnabled();
- private boolean signAssertions = false;
+ /**
+ * Flag to indicate whether we want to sign the assertions
+ */
+ protected boolean signAssertions = false;
+ public SPPostSignatureFormAuthenticator()
+ {
+ this.validateSignature = true;
+ }
+
public boolean isSignAssertions()
{
return signAssertions;
@@ -130,54 +126,5 @@
log.trace("Sending to IDP:" + DocumentUtil.asString(samlDocument));
//Let the super class handle the sending
super.sendRequestToIDP(destination, samlDocument, relayState, response, willSendRequest);
- }
-
-
- @Override
- protected boolean verifySignature(SAMLDocumentHolder samlDocumentHolder) throws IssuerNotTrustedException
- {
- Document samlResponse = samlDocumentHolder.getSamlDocument();
- ResponseType response = (ResponseType) samlDocumentHolder.getSamlObject();
-
- String issuerID = response.getIssuer().getValue();
-
- if(issuerID == null)
- throw new IssuerNotTrustedException("Issue missing");
-
- URL issuerURL;
- try
- {
- issuerURL = new URL(issuerID);
- }
- catch (MalformedURLException e1)
- {
- throw new IssuerNotTrustedException(e1);
- }
-
- try
- {
- PublicKey publicKey = keyManager.getValidatingKey(issuerURL.getHost());
- if(trace) log.trace("Going to verify signature in the saml response from IDP");
- boolean sigResult = XMLSignatureUtil.validate(samlResponse, publicKey);
- if(trace) log.trace("Signature verification="+sigResult);
- return sigResult;
- }
- catch (TrustKeyConfigurationException e)
- {
- log.error("Unable to verify signature",e);
- }
- catch (TrustKeyProcessingException e)
- {
- log.error("Unable to verify signature",e);
- }
- catch (MarshalException e)
- {
- log.error("Unable to verify signature",e);
- }
- catch (XMLSignatureException e)
- {
- log.error("Unable to verify signature",e);
- }
- return false;
}
}
\ No newline at end of file
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/process/ServiceProviderSAMLResponseProcessor.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/process/ServiceProviderSAMLResponseProcessor.java 2010-06-30 21:40:43 UTC (rev 321)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/process/ServiceProviderSAMLResponseProcessor.java 2010-06-30 21:59:46 UTC (rev 322)
@@ -23,27 +23,38 @@
import java.io.IOException;
import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URL;
import java.security.PublicKey;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.locks.Lock;
+import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.dsig.XMLSignatureException;
+
import org.picketlink.identity.federation.api.saml.v2.response.SAML2Response;
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
import org.picketlink.identity.federation.core.exceptions.ParsingException;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.interfaces.TrustKeyConfigurationException;
+import org.picketlink.identity.federation.core.interfaces.TrustKeyProcessingException;
import org.picketlink.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
+import org.picketlink.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
import org.picketlink.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerResponse;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
import org.picketlink.identity.federation.core.util.CoreConfigUtil;
+import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
import org.picketlink.identity.federation.saml.v2.SAML2Object;
+import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
import org.picketlink.identity.federation.web.core.HTTPContext;
import org.picketlink.identity.federation.web.util.PostBindingUtil;
import org.picketlink.identity.federation.web.util.RedirectBindingUtil;
+import org.w3c.dom.Document;
/**
* Utility Class to handle processing of
@@ -52,7 +63,9 @@
* @since Oct 27, 2009
*/
public class ServiceProviderSAMLResponseProcessor extends ServiceProviderBaseProcessor
-{
+{
+ private boolean validateSignature = false;
+
/**
* Construct
* @param postBinding Whether it is the Post Binding
@@ -64,6 +77,16 @@
}
/**
+ * Flag to indicate whether the response should be validated for signature
+ * @param validateSignature
+ */
+ public void setValidateSignature(boolean validateSignature)
+ {
+ this.validateSignature = validateSignature;
+ }
+
+
+ /**
* Process the message
* @param samlResponse
* @param httpContext
@@ -102,6 +125,17 @@
documentHolder = saml2Response.getSamlDocumentHolder();
}
+ if( this.validateSignature )
+ try
+ {
+ if( ! this.verifySignature( documentHolder ) )
+ throw new ProcessingException( "Signature Validation failed" );
+ }
+ catch (IssuerNotTrustedException e)
+ {
+ throw new ProcessingException( e );
+ }
+
//Create the request/response
SAML2HandlerRequest saml2HandlerRequest = getSAML2HandlerRequest(documentHolder, httpContext);
SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();
@@ -132,4 +166,57 @@
return saml2HandlerResponse;
}
+
+ /**
+ * Validate the signature of the IDP response
+ * @param samlDocumentHolder
+ * @return
+ * @throws IssuerNotTrustedException
+ */
+ private boolean verifySignature(SAMLDocumentHolder samlDocumentHolder) throws IssuerNotTrustedException
+ {
+ Document samlResponse = samlDocumentHolder.getSamlDocument();
+ ResponseType response = (ResponseType) samlDocumentHolder.getSamlObject();
+
+ String issuerID = response.getIssuer().getValue();
+
+ if(issuerID == null)
+ throw new IssuerNotTrustedException("Issue missing");
+
+ URL issuerURL;
+ try
+ {
+ issuerURL = new URL(issuerID);
+ }
+ catch (MalformedURLException e1)
+ {
+ throw new IssuerNotTrustedException(e1);
+ }
+
+ try
+ {
+ PublicKey publicKey = keyManager.getValidatingKey(issuerURL.getHost());
+ if(trace) log.trace("Going to verify signature in the saml response from IDP");
+ boolean sigResult = XMLSignatureUtil.validate(samlResponse, publicKey);
+ if(trace) log.trace("Signature verification="+sigResult);
+ return sigResult;
+ }
+ catch (TrustKeyConfigurationException e)
+ {
+ log.error("Unable to verify signature",e);
+ }
+ catch (TrustKeyProcessingException e)
+ {
+ log.error("Unable to verify signature",e);
+ }
+ catch (MarshalException e)
+ {
+ log.error("Unable to verify signature",e);
+ }
+ catch (XMLSignatureException e)
+ {
+ log.error("Unable to verify signature",e);
+ }
+ return false;
+ }
}
\ No newline at end of file
14 years, 5 months
Picketlink SVN: r321 - federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation.
by picketlink-commits@lists.jboss.org
Author: marcelkolsteren
Date: 2010-06-30 17:40:43 -0400 (Wed, 30 Jun 2010)
New Revision: 321
Modified:
federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/OpenIdPrincipal.java
federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/OpenIdSingleLoginReceiver.java
Log:
fix for PLFED-40: Seam module: attributes in OpenIdPrincipal has wrong type
Modified: federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/OpenIdPrincipal.java
===================================================================
--- federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/OpenIdPrincipal.java 2010-06-30 21:29:21 UTC (rev 320)
+++ federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/OpenIdPrincipal.java 2010-06-30 21:40:43 UTC (rev 321)
@@ -23,6 +23,7 @@
import java.net.URL;
import java.security.Principal;
+import java.util.List;
import java.util.Map;
/**
@@ -35,9 +36,9 @@
private URL openIdProvider;
- private Map<String, String> attributes;
+ private Map<String, List<String>> attributes;
- public OpenIdPrincipal(String identifier, URL openIdProvider, Map<String, String> attributes)
+ public OpenIdPrincipal(String identifier, URL openIdProvider, Map<String, List<String>> attributes)
{
super();
this.identifier = identifier;
@@ -60,7 +61,7 @@
return openIdProvider;
}
- public Map<String, String> getAttributes()
+ public Map<String, List<String>> getAttributes()
{
return attributes;
}
Modified: federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/OpenIdSingleLoginReceiver.java
===================================================================
--- federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/OpenIdSingleLoginReceiver.java 2010-06-30 21:29:21 UTC (rev 320)
+++ federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/OpenIdSingleLoginReceiver.java 2010-06-30 21:40:43 UTC (rev 321)
@@ -23,6 +23,7 @@
import java.io.IOException;
import java.net.URL;
+import java.util.List;
import java.util.Map;
import javax.security.auth.login.LoginException;
@@ -99,7 +100,7 @@
{
AuthSuccess authSuccess = (AuthSuccess) verification.getAuthResponse();
- Map<String, String> attributes = null;
+ Map<String, List<String>> attributes = null;
if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX))
{
FetchResponse fetchResp = (FetchResponse) authSuccess.getExtension(AxMessage.OPENID_NS_AX);
@@ -141,7 +142,7 @@
}
- private OpenIdPrincipal createPrincipal(String identifier, URL openIdProvider, Map<String, String> attributes)
+ private OpenIdPrincipal createPrincipal(String identifier, URL openIdProvider, Map<String, List<String>> attributes)
{
return new OpenIdPrincipal(identifier, openIdProvider, attributes);
}
14 years, 5 months
Picketlink SVN: r320 - federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2010-06-30 17:29:21 -0400 (Wed, 30 Jun 2010)
New Revision: 320
Modified:
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
Log:
PLFED-93: do not assume role to be of String object type
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2010-06-27 20:57:26 UTC (rev 319)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2010-06-30 21:29:21 UTC (rev 320)
@@ -63,6 +63,7 @@
import org.picketlink.identity.federation.web.core.IdentityServer;
import org.picketlink.identity.federation.web.interfaces.IRoleValidator;
import org.w3c.dom.Document;
+import org.w3c.dom.Node;
import org.xml.sax.SAXException;
/**
@@ -370,8 +371,23 @@
for(Object obj:attList)
{
AttributeType attr = (AttributeType) obj;
- String roleName = (String) attr.getAttributeValue().get(0);
- roles.add(roleName);
+ List<Object> attributeValues = attr.getAttributeValue();
+ if( attributeValues != null)
+ {
+ for( Object attrValue : attributeValues )
+ {
+ if( attrValue instanceof String )
+ {
+ roles.add( (String) attrValue );
+ }
+ else if( attrValue instanceof Node )
+ {
+ Node roleNode = (Node) attrValue;
+ roles.add( roleNode.getFirstChild().getNodeValue() );
+ }
+ else throw new RuntimeException( "Unknown role object type : " + attrValue );
+ }
+ }
}
response.setRoles(roles);
14 years, 5 months
Picketlink SVN: r319 - in federation/trunk: picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust and 1 other directory.
by picketlink-commits@lists.jboss.org
Author: sguilhen(a)redhat.com
Date: 2010-06-27 16:57:26 -0400 (Sun, 27 Jun 2010)
New Revision: 319
Modified:
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/wstrust/WSTrustClient.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClient.java
Log:
PLFED-79: Added methods that support OnBehalfOf scenarios in STSClient and WSTrustClient
Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/wstrust/WSTrustClient.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/wstrust/WSTrustClient.java 2010-06-24 04:47:35 UTC (rev 318)
+++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/wstrust/WSTrustClient.java 2010-06-27 20:57:26 UTC (rev 319)
@@ -21,6 +21,8 @@
*/
package org.picketlink.identity.federation.api.wstrust;
+import java.security.Principal;
+
import org.picketlink.identity.federation.core.exceptions.ParsingException;
import org.picketlink.identity.federation.core.wstrust.STSClient;
import org.picketlink.identity.federation.core.wstrust.STSClientConfig;
@@ -64,7 +66,8 @@
public WSTrustClient(String serviceName, String port, String endpointURI, SecurityInfo secInfo)
throws ParsingException
{
- this(serviceName, port, new String[]{endpointURI}, secInfo);
+ this(serviceName, port, new String[]
+ {endpointURI}, secInfo);
}
public WSTrustClient(String serviceName, String port, String[] endpointURIs, SecurityInfo secInfo)
@@ -102,7 +105,7 @@
*/
public Element issueToken(String tokenType) throws WSTrustException
{
- return this.issueInternal(null, tokenType, 0);
+ return this.issueInternal(null, tokenType, null, 0);
}
/**
@@ -116,7 +119,7 @@
*/
public Element issueTokenForEndpoint(String endpointURI) throws WSTrustException
{
- return this.issueInternal(endpointURI, null, 0);
+ return this.issueInternal(endpointURI, null, null, 0);
}
/**
@@ -133,9 +136,15 @@
*/
public Element issueToken(String endpointURI, String tokenType) throws WSTrustException
{
- return this.issueInternal(endpointURI, tokenType, 0);
+ return this.issueInternal(endpointURI, tokenType, null, 0);
}
+ public Element issueTokenOnBehalfOf(String endpointURI, String tokenType, Principal principal)
+ throws WSTrustException
+ {
+ return this.issueInternal(endpointURI, tokenType, principal, 0);
+ }
+
/**
* This method will send a RequestSecurityToken with a RequestType of renew
* and the passed-in tokenType identifies the type of token to be renewed by
@@ -175,7 +184,7 @@
{
return this.cancelInternal(token, 0);
}
-
+
/**
* <p>
* This method issues a token of the specified type for the specified service endpoint and has failover support when
@@ -187,24 +196,26 @@
* @param serviceEndpointURI a {@code String} representing the endpoint URI of the service that will be the ultimate
* recipient of the security token.
* @param tokenType a {@code String} representing the type of token to be issued.
+ * @param principal the {@code Principal} on behalf of whom the token will be issued.
* @param clientIndex an {@code int} that indicates which of the {@code STSClient} instances should be used to perform
* the request.
* @return an {@code Element} representing the security token that has been issued.
* @throws WSTrustException if a WS-Trust exception is thrown by the STS.
*/
- private Element issueInternal(String serviceEndpointURI, String tokenType, int clientIndex) throws WSTrustException
+ private Element issueInternal(String serviceEndpointURI, String tokenType, Principal principal, int clientIndex)
+ throws WSTrustException
{
STSClient client = this.clients[clientIndex];
try
{
- return client.issueToken(serviceEndpointURI, tokenType);
+ return client.issueTokenOnBehalfOf(serviceEndpointURI, tokenType, principal);
}
catch (RuntimeException e)
{
// if this was a connection refused exception and we still have clients to try, call the next client.
if (this.isCausedByConnectException(e) && clientIndex < this.clients.length - 1)
{
- return this.issueInternal(serviceEndpointURI, tokenType, ++clientIndex);
+ return this.issueInternal(serviceEndpointURI, tokenType, principal, ++clientIndex);
}
throw e;
}
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClient.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClient.java 2010-06-24 04:47:35 UTC (rev 318)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClient.java 2010-06-27 20:57:26 UTC (rev 319)
@@ -22,6 +22,7 @@
package org.picketlink.identity.federation.core.wstrust;
import java.net.URI;
+import java.security.Principal;
import java.util.Map;
import javax.xml.namespace.QName;
@@ -81,6 +82,15 @@
dispatchLocal.set(dispatch);
}
+ public Element issueToken(String tokenType) throws WSTrustException
+ {
+ // create a custom token request message.
+ RequestSecurityToken request = new RequestSecurityToken();
+ setTokenType(tokenType, request);
+ // send the token request to JBoss STS and get the response.
+ return issueToken(request);
+ }
+
/**
* Issues a Security Token for the ultimate recipient of the token.
*
@@ -120,12 +130,29 @@
return issueToken(request);
}
- public Element issueToken(String tokenType) throws WSTrustException
+ /**
+ * <p>
+ * Issues a security token on behalf of the specified principal.
+ * </p>
+ *
+ * @param endpointURI the ultimate recipient of the token. This will be set at the AppliesTo for
+ * the RequestSecurityToken which is an optional element so it may be null.
+ * @param tokenType the type of the token to be issued.
+ * @param principal the {@code Principal} to whom the token will be issued.
+ * @return an {@code Element} representing the issued security token.
+ * @throws IllegalArgumentException If neither endpointURI nor tokenType was specified.
+ * @throws WSTrustException if an error occurs while issuing the security token.
+ */
+ public Element issueTokenOnBehalfOf(String endpointURI, String tokenType, Principal principal)
+ throws WSTrustException
{
- // create a custom token request message.
+ if (endpointURI == null && tokenType == null)
+ throw new IllegalArgumentException("One of endpointURI or tokenType must be provided.");
+
RequestSecurityToken request = new RequestSecurityToken();
+ setAppliesTo(endpointURI, request);
setTokenType(tokenType, request);
- // send the token request to JBoss STS and get the response.
+ setOnBehalfOf(principal, request);
return issueToken(request);
}
@@ -142,6 +169,13 @@
rst.setTokenType(URI.create(tokenType));
return rst;
}
+
+ private RequestSecurityToken setOnBehalfOf(Principal principal, RequestSecurityToken request)
+ {
+ if (principal != null)
+ request.setOnBehalfOf(WSTrustUtil.createOnBehalfOfWithUsername(principal.getName(), null));
+ return request;
+ }
private Element issueToken(RequestSecurityToken request) throws WSTrustException
{
14 years, 5 months
Picketlink SVN: r318 - in idm/trunk/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/configuration: jaxb2 and 1 other directories.
by picketlink-commits@lists.jboss.org
Author: shane.bryzak(a)jboss.com
Date: 2010-06-24 00:47:35 -0400 (Thu, 24 Jun 2010)
New Revision: 318
Modified:
idm/trunk/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/configuration/IdentityConfigurationImpl.java
idm/trunk/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/configuration/jaxb2/JAXB2IdentityConfiguration.java
idm/trunk/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/configuration/metadata/IdentityRepositoryConfigurationMetaDataImpl.java
Log:
fix typo
Modified: idm/trunk/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/configuration/IdentityConfigurationImpl.java
===================================================================
--- idm/trunk/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/configuration/IdentityConfigurationImpl.java 2010-06-23 23:40:36 UTC (rev 317)
+++ idm/trunk/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/configuration/IdentityConfigurationImpl.java 2010-06-24 04:47:35 UTC (rev 318)
@@ -256,23 +256,26 @@
String cacheRegistryName = null;
// Parse all 'cache.' prefixed options
- for (String key : metaData.getOptions().keySet())
+ if (metaData.getOptions() != null)
{
- if (key.startsWith("cache."))
+ for (String key : metaData.getOptions().keySet())
{
- if (metaData.getOptions().get(key).size() > 0)
+ if (key.startsWith("cache."))
{
- cacheProps.put(key, metaData.getOptions().get(key).get(0));
+ if (metaData.getOptions().get(key).size() > 0)
+ {
+ cacheProps.put(key, metaData.getOptions().get(key).get(0));
+ }
+ if (key.equals("cache.providerClass") && metaData.getOptions().get(key).size() > 0)
+ {
+ cacheClassName = metaData.getOptions().get(key).get(0);
+ }
+
+ if (key.equals("cache.providerRegistryName") && metaData.getOptions().get(key).size() > 0)
+ {
+ cacheRegistryName = metaData.getOptions().get(key).get(0);
+ }
}
- if (key.equals("cache.providerClass") && metaData.getOptions().get(key).size() > 0)
- {
- cacheClassName = metaData.getOptions().get(key).get(0);
- }
-
- if (key.equals("cache.providerRegistryName") && metaData.getOptions().get(key).size() > 0)
- {
- cacheRegistryName = metaData.getOptions().get(key).get(0);
- }
}
}
Modified: idm/trunk/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/configuration/jaxb2/JAXB2IdentityConfiguration.java
===================================================================
--- idm/trunk/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/configuration/jaxb2/JAXB2IdentityConfiguration.java 2010-06-23 23:40:36 UTC (rev 317)
+++ idm/trunk/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/configuration/jaxb2/JAXB2IdentityConfiguration.java 2010-06-24 04:47:35 UTC (rev 318)
@@ -217,7 +217,7 @@
{
repoMD.setExternalConfig(repositoryType.getExternalConfig().getValue());
}
- repoMD.setDefaultAttributeStroeId(repositoryType.getDefaultAttributeStoreId());
+ repoMD.setDefaultAttributeStoreId(repositoryType.getDefaultAttributeStoreId());
repoMD.setDefaultIdentityStoreId(repositoryType.getDefaultIdentityStoreId());
List<IdentityStoreMappingMetaData> storeMappings = new LinkedList<IdentityStoreMappingMetaData>();
Modified: idm/trunk/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/configuration/metadata/IdentityRepositoryConfigurationMetaDataImpl.java
===================================================================
--- idm/trunk/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/configuration/metadata/IdentityRepositoryConfigurationMetaDataImpl.java 2010-06-23 23:40:36 UTC (rev 317)
+++ idm/trunk/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/configuration/metadata/IdentityRepositoryConfigurationMetaDataImpl.java 2010-06-24 04:47:35 UTC (rev 318)
@@ -44,7 +44,7 @@
private String defaultIdentityStoreId;
- private String defaultAttributeStroeId;
+ private String defaultAttributeStoreId;
private List<IdentityStoreMappingMetaData> identityStoreToIdentityObjectTypeMappings;
@@ -97,12 +97,12 @@
public String getDefaultAttributeStoreId()
{
- return defaultAttributeStroeId;
+ return defaultAttributeStoreId;
}
- public void setDefaultAttributeStroeId(String defaultAttributeStroeId)
+ public void setDefaultAttributeStoreId(String defaultAttributeStoreId)
{
- this.defaultAttributeStroeId = defaultAttributeStroeId;
+ this.defaultAttributeStoreId = defaultAttributeStoreId;
}
public List<IdentityStoreMappingMetaData> getIdentityStoreToIdentityObjectTypeMappings()
14 years, 5 months
Picketlink SVN: r317 - in idm/trunk: picketlink-idm-core and 7 other directories.
by picketlink-commits@lists.jboss.org
Author: shane.bryzak(a)jboss.com
Date: 2010-06-23 19:40:36 -0400 (Wed, 23 Jun 2010)
New Revision: 317
Modified:
idm/trunk/picketlink-idm-api/src/main/java/org/picketlink/idm/api/IdentitySessionFactory.java
idm/trunk/picketlink-idm-core/pom.xml
idm/trunk/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/api/IdentitySessionFactoryImpl.java
idm/trunk/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/api/session/IdentitySessionImpl.java
idm/trunk/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/cache/JBossCacheAttributeStoreWrapper.java
idm/trunk/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/repository/FallbackIdentityStoreRepository.java
idm/trunk/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/repository/WrapperIdentityStoreRepository.java
idm/trunk/picketlink-idm-hibernate/src/main/java/org/picketlink/idm/impl/store/hibernate/HibernateIdentityStoreImpl.java
idm/trunk/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreImpl.java
idm/trunk/picketlink-idm-spi/src/main/java/org/picketlink/idm/spi/store/IdentityStoreSessionFactory.java
Log:
modify IdentityStore api to accept session options
Modified: idm/trunk/picketlink-idm-api/src/main/java/org/picketlink/idm/api/IdentitySessionFactory.java
===================================================================
--- idm/trunk/picketlink-idm-api/src/main/java/org/picketlink/idm/api/IdentitySessionFactory.java 2010-06-22 07:46:51 UTC (rev 316)
+++ idm/trunk/picketlink-idm-api/src/main/java/org/picketlink/idm/api/IdentitySessionFactory.java 2010-06-23 23:40:36 UTC (rev 317)
@@ -22,12 +22,18 @@
package org.picketlink.idm.api;
+import java.util.Map;
+
import org.picketlink.idm.common.exception.IdentityException;
/**
- * Creates IdentitySession objects for a given Realm.
- *
+ * Creates IdentitySession objects for a given Realm. An IdentitySessionFactory
+ * is typically created from an IdentityConfiguration.
+ *
+ * @see org.picketlink.idm.api.cfg.IdentityConfiguration#buildIdentitySessionFactory()
+ *
* @author <a href="mailto:boleslaw.dawidowicz at redhat.com">Boleslaw Dawidowicz</a>
+ * @author Shane Bryzak
* @version : 0.1 $
*/
public interface IdentitySessionFactory
@@ -43,10 +49,25 @@
boolean isClosed();
/**
- * Create IdentitySession
- * @return
+ * Creates a new IdentitySession.
+ *
+ * @param realmName The name of the realm
+ * @return The new IdentitySession
*/
IdentitySession createIdentitySession(String realmName) throws IdentityException;
+
+ /**
+ * Creates a new IdentitySession for the given realm. This method accepts
+ * a sessionOptions parameter which may be used to customize the IdentitySession
+ * instance returned.
+ *
+ * @param realmName The name of the realm
+ * @param sessionOptions A Map containing session options
+ * @return The new IdentitySession
+ * @throws IdentityException
+ */
+ IdentitySession createIdentitySession(String realmName,
+ Map<String,Object> sessionOptions) throws IdentityException;
/**
Modified: idm/trunk/picketlink-idm-core/pom.xml
===================================================================
--- idm/trunk/picketlink-idm-core/pom.xml 2010-06-22 07:46:51 UTC (rev 316)
+++ idm/trunk/picketlink-idm-core/pom.xml 2010-06-23 23:40:36 UTC (rev 317)
@@ -8,7 +8,7 @@
<modelVersion>4.0.0</modelVersion>
<artifactId>picketlink-idm-core</artifactId>
<packaging>jar</packaging>
- <name>PicketLink IDM Implemnentation</name>
+ <name>PicketLink IDM Implementation</name>
<url>http://labs.jboss.org/portal/jbosssecurity/</url>
<description>PicketLink IDM IMPL contains the implementation of the API and the Identity Model.</description>
<licenses>
Modified: idm/trunk/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/api/IdentitySessionFactoryImpl.java
===================================================================
--- idm/trunk/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/api/IdentitySessionFactoryImpl.java 2010-06-22 07:46:51 UTC (rev 316)
+++ idm/trunk/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/api/IdentitySessionFactoryImpl.java 2010-06-23 23:40:36 UTC (rev 317)
@@ -66,10 +66,15 @@
{
return false;
}
-
+
public IdentitySession createIdentitySession(String realmName) throws IdentityException
{
+ return createIdentitySession(realmName, null);
+ }
+ public IdentitySession createIdentitySession(String realmName,
+ Map<String,Object> sessionOptions) throws IdentityException
+ {
IdentitySessionConfigurationContext sessionConfigCtx = sessionContextMap.get(realmName);
// If no realm mapped then look for a template which name is a prefix of realmName
@@ -112,7 +117,8 @@
sessionConfigCtx.getTypeMapper(),
sessionConfigCtx.getApiCacheProvider(),
sessionConfigCtx.getIdentityConfigurationContext(),
- sessionConfigCtx.getRealmOptions());
+ sessionConfigCtx.getRealmOptions(),
+ sessionOptions);
realmMap.put(realmName, newSession);
Modified: idm/trunk/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/api/session/IdentitySessionImpl.java
===================================================================
--- idm/trunk/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/api/session/IdentitySessionImpl.java 2010-06-22 07:46:51 UTC (rev 316)
+++ idm/trunk/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/api/session/IdentitySessionImpl.java 2010-06-23 23:40:36 UTC (rev 317)
@@ -113,17 +113,29 @@
{
return sessionContext;
}
+
+ public IdentitySessionImpl(String realmName,
+ IdentityStoreRepository repository,
+ IdentityObjectTypeMapper typeMapper,
+ APICacheProvider apiCacheProvider,
+ IdentityConfigurationContext configurationContext,
+ Map<String, List<String>> realmOptions) throws IdentityException
+ {
+ this(realmName, repository, typeMapper, apiCacheProvider,
+ configurationContext, realmOptions, null);
+ }
public IdentitySessionImpl(String realmName,
IdentityStoreRepository repository,
IdentityObjectTypeMapper typeMapper,
APICacheProvider apiCacheProvider,
IdentityConfigurationContext configurationContext,
- Map<String, List<String>> realmOptions) throws IdentityException
+ Map<String, List<String>> realmOptions,
+ Map<String,Object> sessionOptions) throws IdentityException
{
this.realmName = realmName;
- IdentityStoreSession storeSession = repository.createIdentityStoreSession();
+ IdentityStoreSession storeSession = repository.createIdentityStoreSession(sessionOptions);
final IdentityStoreInvocationContext invocationCtx = new SimpleIdentityStoreInvocationContext(storeSession, realmName, String.valueOf(this.hashCode()));
IdentityStoreInvocationContextResolver resolver = new IdentityStoreInvocationContextResolver()
@@ -164,13 +176,6 @@
this.userQueryExecutor = new UserQueryExecutorImpl(this);
this.groupQueryExecutor = new GroupQueryExecutorImpl(this);
this.roleQueryExecutor = new RoleQueryExecutorImpl(this);
-
-
-
-
-
-
-
}
public String getId()
Modified: idm/trunk/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/cache/JBossCacheAttributeStoreWrapper.java
===================================================================
--- idm/trunk/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/cache/JBossCacheAttributeStoreWrapper.java 2010-06-22 07:46:51 UTC (rev 316)
+++ idm/trunk/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/cache/JBossCacheAttributeStoreWrapper.java 2010-06-23 23:40:36 UTC (rev 317)
@@ -83,7 +83,14 @@
{
return attributeStore.createIdentityStoreSession();
}
+
+ public IdentityStoreSession createIdentityStoreSession(
+ Map<String, Object> sessionOptions) throws IdentityException
+ {
+ return attributeStore.createIdentityStoreSession(sessionOptions);
+ }
+
public Set<String> getSupportedAttributeNames(IdentityStoreInvocationContext invocationContext,
IdentityObjectType identityType) throws IdentityException
{
@@ -186,5 +193,4 @@
{
return "JBossCacheAttributeStoreWrapper (AttributeStore=" + attributeStore.getId() + ")";
}
-
}
Modified: idm/trunk/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/repository/FallbackIdentityStoreRepository.java
===================================================================
--- idm/trunk/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/repository/FallbackIdentityStoreRepository.java 2010-06-22 07:46:51 UTC (rev 316)
+++ idm/trunk/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/repository/FallbackIdentityStoreRepository.java 2010-06-23 23:40:36 UTC (rev 317)
@@ -299,7 +299,38 @@
return new RepositoryIdentityStoreSessionImpl(sessions);
}
+
+ public IdentityStoreSession createIdentityStoreSession(
+ Map<String, Object> sessionOptions) throws IdentityException
+ {
+ Map<String, IdentityStoreSession> sessions = new HashMap<String, IdentityStoreSession>();
+ for (IdentityStore identityStore : identityStoreMappings.values())
+ {
+ sessions.put(identityStore.getId(), identityStore.createIdentityStoreSession(sessionOptions));
+ }
+
+ for (AttributeStore attributeStore : attributeStoreMappings.values())
+ {
+ if (!sessions.containsKey(attributeStore.getId()))
+ {
+ sessions.put(attributeStore.getId(), attributeStore.createIdentityStoreSession(sessionOptions));
+ }
+ }
+
+ if (!sessions.containsKey(defaultAttributeStore.getId()))
+ {
+ sessions.put(defaultAttributeStore.getId(), defaultAttributeStore.createIdentityStoreSession(sessionOptions));
+ }
+
+ if (!sessions.containsKey(defaultIdentityStore.getId()))
+ {
+ sessions.put(defaultIdentityStore.getId(), defaultIdentityStore.createIdentityStoreSession(sessionOptions));
+ }
+
+ return new RepositoryIdentityStoreSessionImpl(sessions);
+ }
+
public String getId()
{
return id;
@@ -1887,4 +1918,6 @@
}
+
+
}
Modified: idm/trunk/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/repository/WrapperIdentityStoreRepository.java
===================================================================
--- idm/trunk/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/repository/WrapperIdentityStoreRepository.java 2010-06-22 07:46:51 UTC (rev 316)
+++ idm/trunk/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/repository/WrapperIdentityStoreRepository.java 2010-06-23 23:40:36 UTC (rev 317)
@@ -89,7 +89,23 @@
return new RepositoryIdentityStoreSessionImpl(sessions);
}
+
+ public IdentityStoreSession createIdentityStoreSession(
+ Map<String, Object> sessionOptions) throws IdentityException
+ {
+ Map<String, IdentityStoreSession> sessions = new HashMap<String, IdentityStoreSession>();
+
+ sessions.put(defaultAttributeStore.getId(), defaultAttributeStore.createIdentityStoreSession(sessionOptions));
+
+ if (!sessions.containsKey(defaultIdentityStore.getId()))
+ {
+ sessions.put(defaultIdentityStore.getId(), defaultIdentityStore.createIdentityStoreSession(sessionOptions));
+ }
+
+ return new RepositoryIdentityStoreSessionImpl(sessions);
+ }
+
IdentityStoreInvocationContext resolveIdentityStoreInvocationContext(IdentityStoreInvocationContext invocationCtx)
{
return resolveInvocationContext(defaultIdentityStore.getId(), invocationCtx);
Modified: idm/trunk/picketlink-idm-hibernate/src/main/java/org/picketlink/idm/impl/store/hibernate/HibernateIdentityStoreImpl.java
===================================================================
--- idm/trunk/picketlink-idm-hibernate/src/main/java/org/picketlink/idm/impl/store/hibernate/HibernateIdentityStoreImpl.java 2010-06-22 07:46:51 UTC (rev 316)
+++ idm/trunk/picketlink-idm-hibernate/src/main/java/org/picketlink/idm/impl/store/hibernate/HibernateIdentityStoreImpl.java 2010-06-23 23:40:36 UTC (rev 317)
@@ -472,8 +472,14 @@
throw new IdentityException("Failed to obtain Hibernate SessionFactory",e);
}
- }
+ }
+ public IdentityStoreSession createIdentityStoreSession(
+ Map<String, Object> sessionOptions) throws IdentityException
+ {
+ return createIdentityStoreSession();
+ }
+
public String getId()
{
return id;
Modified: idm/trunk/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreImpl.java
===================================================================
--- idm/trunk/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreImpl.java 2010-06-22 07:46:51 UTC (rev 316)
+++ idm/trunk/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreImpl.java 2010-06-23 23:40:36 UTC (rev 317)
@@ -302,7 +302,14 @@
{
return new LDAPIdentityStoreSessionImpl(configuration);
}
+
+ public IdentityStoreSession createIdentityStoreSession(
+ Map<String, Object> sessionOptions) throws IdentityException
+ {
+ return createIdentityStoreSession();
+ }
+
public String getId()
{
return id;
Modified: idm/trunk/picketlink-idm-spi/src/main/java/org/picketlink/idm/spi/store/IdentityStoreSessionFactory.java
===================================================================
--- idm/trunk/picketlink-idm-spi/src/main/java/org/picketlink/idm/spi/store/IdentityStoreSessionFactory.java 2010-06-22 07:46:51 UTC (rev 316)
+++ idm/trunk/picketlink-idm-spi/src/main/java/org/picketlink/idm/spi/store/IdentityStoreSessionFactory.java 2010-06-23 23:40:36 UTC (rev 317)
@@ -25,17 +25,34 @@
import org.picketlink.idm.common.exception.IdentityException;
import java.io.Serializable;
+import java.util.Map;
/**
+ * Factory interface for creating IdentityStoreSession instances.
+ *
* @author <a href="mailto:boleslaw.dawidowicz at redhat.com">Boleslaw Dawidowicz</a>
+ * @author Shane Bryzak
* @version : 0.1 $
*/
public interface IdentityStoreSessionFactory extends Serializable
{
-
/**
- * @return
+ * Creates a new IdentityStoreSession.
+ *
+ * @return The new IdentityStoreSession
+ * @throws IdentityException
*/
IdentityStoreSession createIdentityStoreSession() throws IdentityException;
+ /**
+ * Creates an IdentityStoreSession. This factory method allows additional
+ * session options to be passed in which may be used by the factory method
+ * implementation to customise the IdentityStoreSession returned.
+ *
+ * @param sessionOptions A Map containing the session option values
+ * @return The new IdentityStoreSession
+ * @throws IdentityException
+ */
+ IdentityStoreSession createIdentityStoreSession(Map<String,Object> sessionOptions) throws IdentityException;
+
}
14 years, 5 months
Picketlink SVN: r316 - federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation.
by picketlink-commits@lists.jboss.org
Author: marcelkolsteren
Date: 2010-06-22 03:46:51 -0400 (Tue, 22 Jun 2010)
New Revision: 316
Modified:
federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/InternalAuthenticator.java
federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/OpenIdSingleLoginReceiver.java
federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/OpenIdSingleLoginSender.java
federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleSignOnReceiver.java
federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleSignOnSender.java
Log:
PLFED-90: "Seam authentication filter: add events support"
Modified: federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/InternalAuthenticator.java
===================================================================
--- federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/InternalAuthenticator.java 2010-06-18 18:06:34 UTC (rev 315)
+++ federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/InternalAuthenticator.java 2010-06-22 07:46:51 UTC (rev 316)
@@ -25,12 +25,14 @@
import java.util.LinkedList;
import java.util.List;
+import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletRequest;
import org.jboss.seam.annotations.AutoCreate;
import org.jboss.seam.annotations.Import;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Name;
+import org.jboss.seam.core.Events;
import org.jboss.seam.security.Identity;
import org.picketlink.identity.seam.federation.configuration.ServiceProvider;
@@ -54,13 +56,29 @@
List<String> roles = new LinkedList<String>();
Boolean internallyAuthenticated = serviceProvider.getInternalAuthenticationMethod().invoke(principal, roles);
+ if (Events.exists())
+ {
+ Events.instance().raiseEvent(Identity.EVENT_POST_AUTHENTICATE, identity);
+ }
+
if (internallyAuthenticated)
{
identity.acceptExternallyAuthenticatedPrincipal(principal);
+
for (String role : roles)
{
identity.addRole(role);
}
+
+ if (Events.exists())
+ {
+ Events.instance().raiseEvent(Identity.EVENT_LOGIN_SUCCESSFUL);
+ }
+ } else {
+ if (Events.exists())
+ {
+ Events.instance().raiseEvent(Identity.EVENT_LOGIN_FAILED, new LoginException());
+ }
}
return internallyAuthenticated;
Modified: federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/OpenIdSingleLoginReceiver.java
===================================================================
--- federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/OpenIdSingleLoginReceiver.java 2010-06-18 18:06:34 UTC (rev 315)
+++ federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/OpenIdSingleLoginReceiver.java 2010-06-22 07:46:51 UTC (rev 316)
@@ -25,6 +25,7 @@
import java.net.URL;
import java.util.Map;
+import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -32,6 +33,8 @@
import org.jboss.seam.annotations.Import;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Name;
+import org.jboss.seam.core.Events;
+import org.jboss.seam.security.Identity;
import org.openid4java.OpenIDException;
import org.openid4java.consumer.ConsumerManager;
import org.openid4java.consumer.VerificationResult;
@@ -111,6 +114,10 @@
}
else
{
+ if (Events.exists())
+ {
+ Events.instance().raiseEvent(Identity.EVENT_LOGIN_FAILED, new LoginException());
+ }
authenticated = false;
}
Modified: federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/OpenIdSingleLoginSender.java
===================================================================
--- federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/OpenIdSingleLoginSender.java 2010-06-18 18:06:34 UTC (rev 315)
+++ federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/OpenIdSingleLoginSender.java 2010-06-22 07:46:51 UTC (rev 316)
@@ -30,6 +30,8 @@
import org.jboss.seam.annotations.Import;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Name;
+import org.jboss.seam.core.Events;
+import org.jboss.seam.security.Identity;
import org.openid4java.OpenIDException;
import org.openid4java.consumer.ConsumerManager;
import org.openid4java.discovery.DiscoveryInformation;
@@ -87,12 +89,22 @@
String url = authReq.getDestinationUrl(true);
+ if (Events.exists())
+ {
+ Events.instance().raiseEvent(Identity.EVENT_PRE_AUTHENTICATE);
+ }
+
httpResponse.sendRedirect(url);
}
catch (OpenIDException e)
{
try
{
+ if (Events.exists())
+ {
+ Events.instance().raiseEvent(Identity.EVENT_LOGIN_FAILED);
+ }
+
httpResponse.sendRedirect(serviceProvider.getFailedAuthenticationUrl());
}
catch (IOException e1)
Modified: federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleSignOnReceiver.java
===================================================================
--- federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleSignOnReceiver.java 2010-06-18 18:06:34 UTC (rev 315)
+++ federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleSignOnReceiver.java 2010-06-22 07:46:51 UTC (rev 316)
@@ -25,6 +25,7 @@
import java.util.LinkedList;
import java.util.List;
+import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.bind.JAXBElement;
@@ -36,6 +37,7 @@
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Logger;
import org.jboss.seam.annotations.Name;
+import org.jboss.seam.core.Events;
import org.jboss.seam.log.Log;
import org.jboss.seam.security.Identity;
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
@@ -116,6 +118,12 @@
{
try
{
+ if (Events.exists())
+ {
+ Events.instance().raiseEvent(Identity.EVENT_POST_AUTHENTICATE, identity);
+ Events.instance().raiseEvent(Identity.EVENT_LOGIN_FAILED, new LoginException());
+ }
+
httpResponse.sendRedirect(serviceProvider.getFailedAuthenticationUrl());
}
catch (IOException e)
@@ -286,8 +294,8 @@
}
}
- private void loginUser(HttpServletRequest httpRequest, HttpServletResponse httpResponse, SeamSamlPrincipal principal,
- RequestContext requestContext)
+ private void loginUser(HttpServletRequest httpRequest, HttpServletResponse httpResponse,
+ SeamSamlPrincipal principal, RequestContext requestContext)
{
if (identity.isLoggedIn())
{
Modified: federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleSignOnSender.java
===================================================================
--- federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleSignOnSender.java 2010-06-18 18:06:34 UTC (rev 315)
+++ federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleSignOnSender.java 2010-06-22 07:46:51 UTC (rev 316)
@@ -28,6 +28,8 @@
import org.jboss.seam.annotations.Import;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Name;
+import org.jboss.seam.core.Events;
+import org.jboss.seam.security.Identity;
import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.picketlink.identity.seam.federation.configuration.SamlIdentityProvider;
@@ -55,6 +57,11 @@
AuthnRequestType authnRequest = samlMessageFactory.createAuthnRequest();
requests.addRequest(authnRequest.getID(), samlIdentityProvider, returnUrl);
+ if (Events.exists())
+ {
+ Events.instance().raiseEvent(Identity.EVENT_PRE_AUTHENTICATE);
+ }
+
samlMessageSender.sendRequestToIDP(request, response, samlIdentityProvider, SamlProfile.SINGLE_SIGN_ON,
authnRequest);
}
14 years, 5 months
Picketlink SVN: r315 - in federation/trunk: picketlink-seam/src/main/java/org/picketlink/identity/seam/federation and 4 other directories.
by picketlink-commits@lists.jboss.org
Author: marcelkolsteren
Date: 2010-06-18 14:06:34 -0400 (Fri, 18 Jun 2010)
New Revision: 315
Added:
federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/OpenIdXrdsProvider.java
federation/trunk/picketlink-seam/src/main/resources/schema/xrds/
federation/trunk/picketlink-seam/src/main/resources/schema/xrds/xrd.xsd
federation/trunk/picketlink-seam/src/main/resources/schema/xrds/xrds.xsd
Modified:
federation/trunk/picketlink-seam/pom.xml
federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/ExternalAuthenticationFilter.java
federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/ExternalAuthenticationService.java
federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/OpenIdSingleLoginSender.java
federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/Configuration.java
federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/OpenIdConfiguration.java
federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlConfiguration.java
federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/ServiceProvider.java
federation/trunk/picketlink-webapps/seam-sp/src/main/webapp/PrincipalInfoFragment.xhtml
federation/trunk/picketlink-webapps/seam-sp/src/main/webapp/PublicPage.xhtml
Log:
PLFED-16: "Seam module: serve XRDS file so that OpenID providers can validate the relying party"
Modified: federation/trunk/picketlink-seam/pom.xml
===================================================================
--- federation/trunk/picketlink-seam/pom.xml 2010-06-16 15:03:56 UTC (rev 314)
+++ federation/trunk/picketlink-seam/pom.xml 2010-06-18 18:06:34 UTC (rev 315)
@@ -51,17 +51,32 @@
<version>1.3</version>
<executions>
<execution>
+ <id>jaxb-xrds</id>
+ <configuration>
+ <schemaDirectory>${basedir}/src/main/resources/schema/xrds</schemaDirectory>
+ <packageName>org.picketlink.identity.seam.federation.jaxb.xrds</packageName>
+ <outputDirectory>${basedir}/src/main/generated-source</outputDirectory>
+ <clearOutputDir>true</clearOutputDir>
+ <staleFile>${project.build.directory}/generated-sources/jaxb/.staleFlag_xrds</staleFile>
+ </configuration>
<goals>
<goal>xjc</goal>
</goals>
</execution>
+ <execution>
+ <id>jaxb-config</id>
+ <configuration>
+ <schemaDirectory>${basedir}/src/main/resources/schema/config</schemaDirectory>
+ <packageName>org.picketlink.identity.seam.federation.jaxb.config</packageName>
+ <outputDirectory>${basedir}/src/main/generated-source</outputDirectory>
+ <clearOutputDir>false</clearOutputDir>
+ <staleFile>${project.build.directory}/generated-sources/jaxb/.staleFlag_config</staleFile>
+ </configuration>
+ <goals>
+ <goal>xjc</goal>
+ </goals>
+ </execution>
</executions>
- <configuration>
- <schemaDirectory>${basedir}/src/main/resources/schema/config</schemaDirectory>
- <schemaFiles>external-authentication-config.xsd</schemaFiles>
- <packageName>org.picketlink.identity.seam.federation.config.jaxb</packageName>
- <outputDirectory>${basedir}/src/main/generated-source</outputDirectory>
- </configuration>
</plugin>
</plugins>
</build>
@@ -75,6 +90,12 @@
<groupId>org.picketlink</groupId>
<artifactId>picketlink-fed-api</artifactId>
<version>${project.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jboss-security-spi</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.picketlink</groupId>
Modified: federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/ExternalAuthenticationFilter.java
===================================================================
--- federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/ExternalAuthenticationFilter.java 2010-06-16 15:03:56 UTC (rev 314)
+++ federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/ExternalAuthenticationFilter.java 2010-06-18 18:06:34 UTC (rev 315)
@@ -212,6 +212,15 @@
httpResponse.setContentType("application/xml");
httpResponse.flushBuffer();
break;
+ case OPEN_ID_XRDS_SERVICE :
+ OpenIdXrdsProvider openIdXrdsProvider = (OpenIdXrdsProvider) Component
+ .getInstance(OpenIdXrdsProvider.class);
+
+ openIdXrdsProvider.writeMetaData(httpResponse.getOutputStream());
+ httpResponse.setCharacterEncoding("UTF-8");
+ httpResponse.setContentType("application/xrds+xml");
+ httpResponse.flushBuffer();
+ break;
default :
throw new RuntimeException("Unsupported service " + service);
}
Modified: federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/ExternalAuthenticationService.java
===================================================================
--- federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/ExternalAuthenticationService.java 2010-06-16 15:03:56 UTC (rev 314)
+++ federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/ExternalAuthenticationService.java 2010-06-18 18:06:34 UTC (rev 315)
@@ -37,8 +37,10 @@
SAML_META_DATA_SERVICE("MetaDataService"),
- OPEN_ID_SERVICE("OpenIdService");
+ OPEN_ID_SERVICE("OpenIdService"),
+ OPEN_ID_XRDS_SERVICE("OpenIdXrdsService");
+
private String name;
private ExternalAuthenticationService(String name)
Modified: federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/OpenIdSingleLoginSender.java
===================================================================
--- federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/OpenIdSingleLoginSender.java 2010-06-16 15:03:56 UTC (rev 314)
+++ federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/OpenIdSingleLoginSender.java 2010-06-18 18:06:34 UTC (rev 315)
@@ -35,8 +35,8 @@
import org.openid4java.discovery.DiscoveryInformation;
import org.openid4java.message.AuthRequest;
import org.openid4java.message.ax.FetchRequest;
-import org.picketlink.identity.seam.federation.config.jaxb.OpenIdAttributeType;
import org.picketlink.identity.seam.federation.configuration.ServiceProvider;
+import org.picketlink.identity.seam.federation.jaxb.config.OpenIdAttributeType;
/**
* @author Marcel Kolsteren
@@ -69,7 +69,8 @@
openIdRequest.setReturnUrl(returnUrl);
String openIdServiceUrl = serviceProvider.getServiceURL(ExternalAuthenticationService.OPEN_ID_SERVICE);
- AuthRequest authReq = openIdConsumerManager.authenticate(discovered, openIdServiceUrl);
+ String realm = serviceProvider.getOpenIdRealm();
+ AuthRequest authReq = openIdConsumerManager.authenticate(discovered, openIdServiceUrl, realm);
// Request attributes
List<OpenIdAttributeType> attributes = serviceProvider.getOpenIdConfiguration().getAttributes();
Added: federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/OpenIdXrdsProvider.java
===================================================================
--- federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/OpenIdXrdsProvider.java (rev 0)
+++ federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/OpenIdXrdsProvider.java 2010-06-18 18:06:34 UTC (rev 315)
@@ -0,0 +1,87 @@
+/*
+* JBoss, Home of Professional Open Source.
+* Copyright 2008, Red Hat Middleware LLC, and individual contributors
+* as indicated by the @author tags. See the copyright.txt file in the
+* distribution for a full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.picketlink.identity.seam.federation;
+
+import java.io.OutputStream;
+
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Marshaller;
+
+import org.jboss.seam.annotations.AutoCreate;
+import org.jboss.seam.annotations.In;
+import org.jboss.seam.annotations.Name;
+import org.openid4java.discovery.DiscoveryInformation;
+import org.picketlink.identity.seam.federation.configuration.ServiceProvider;
+import org.picketlink.identity.seam.federation.jaxb.xrds.ObjectFactory;
+import org.picketlink.identity.seam.federation.jaxb.xrds.Service;
+import org.picketlink.identity.seam.federation.jaxb.xrds.Type;
+import org.picketlink.identity.seam.federation.jaxb.xrds.URIPriorityAppendPattern;
+import org.picketlink.identity.seam.federation.jaxb.xrds.XRD;
+import org.picketlink.identity.seam.federation.jaxb.xrds.XRDS;
+
+/**
+* @author Marcel Kolsteren
+* @since Jan 20, 2010
+*/
+@Name("org.picketlink.identity.seam.federation.openIdXrdsProvider")
+@AutoCreate
+public class OpenIdXrdsProvider
+{
+ @In
+ private ServiceProvider serviceProvider;
+
+ public void writeMetaData(OutputStream stream)
+ {
+ try
+ {
+ ObjectFactory objectFactory = new ObjectFactory();
+
+ XRDS xrds = objectFactory.createXRDS();
+
+ XRD xrd = objectFactory.createXRD();
+
+ Type type = objectFactory.createType();
+ type.setValue(DiscoveryInformation.OPENID2_RP);
+ URIPriorityAppendPattern uri = objectFactory.createURIPriorityAppendPattern();
+ uri.setValue(serviceProvider.getServiceURL(ExternalAuthenticationService.OPEN_ID_SERVICE));
+
+ Service service = objectFactory.createService();
+ service.getType().add(type);
+ service.getURI().add(uri);
+
+ xrd.getService().add(service);
+
+ xrds.getOtherelement().add(xrd);
+
+ JAXBContext jaxbContext = JAXBContext.newInstance("org.picketlink.identity.seam.federation.jaxb.xrds");
+ Marshaller marshaller = jaxbContext.createMarshaller();
+ marshaller.setProperty(Marshaller.JAXB_ENCODING, "UTF-8");
+ marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
+ marshaller.marshal(xrds, stream);
+ }
+ catch (JAXBException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+}
Property changes on: federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/OpenIdXrdsProvider.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Modified: federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/Configuration.java
===================================================================
--- federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/Configuration.java 2010-06-16 15:03:56 UTC (rev 314)
+++ federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/Configuration.java 2010-06-18 18:06:34 UTC (rev 315)
@@ -45,8 +45,8 @@
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.annotations.Startup;
import org.jboss.seam.web.ServletContexts;
-import org.picketlink.identity.seam.federation.config.jaxb.ExternalAuthenticationConfigType;
-import org.picketlink.identity.seam.federation.config.jaxb.ServiceProviderType;
+import org.picketlink.identity.seam.federation.jaxb.config.ExternalAuthenticationConfigType;
+import org.picketlink.identity.seam.federation.jaxb.config.ServiceProviderType;
import org.xml.sax.SAXException;
/**
@@ -91,7 +91,7 @@
ExternalAuthenticationConfigType externalAuthenticationConfig;
try
{
- JAXBContext jaxbContext = JAXBContext.newInstance("org.picketlink.identity.seam.federation.config.jaxb");
+ JAXBContext jaxbContext = JAXBContext.newInstance("org.picketlink.identity.seam.federation.jaxb.config");
Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
URL schemaURL = getClass().getResource("/schema/config/external-authentication-config.xsd");
Schema schema;
Modified: federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/OpenIdConfiguration.java
===================================================================
--- federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/OpenIdConfiguration.java 2010-06-16 15:03:56 UTC (rev 314)
+++ federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/OpenIdConfiguration.java 2010-06-18 18:06:34 UTC (rev 315)
@@ -23,8 +23,8 @@
import java.util.List;
-import org.picketlink.identity.seam.federation.config.jaxb.OpenIdAttributeType;
-import org.picketlink.identity.seam.federation.config.jaxb.OpenIdConfigType;
+import org.picketlink.identity.seam.federation.jaxb.config.OpenIdAttributeType;
+import org.picketlink.identity.seam.federation.jaxb.config.OpenIdConfigType;
/**
* @author Marcel Kolsteren
Modified: federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlConfiguration.java
===================================================================
--- federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlConfiguration.java 2010-06-16 15:03:56 UTC (rev 314)
+++ federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlConfiguration.java 2010-06-18 18:06:34 UTC (rev 315)
@@ -46,8 +46,8 @@
import org.picketlink.identity.federation.saml.v2.metadata.EntityDescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.IDPSSODescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.RoleDescriptorType;
-import org.picketlink.identity.seam.federation.config.jaxb.SamlConfigType;
-import org.picketlink.identity.seam.federation.config.jaxb.SamlIdentityProviderType;
+import org.picketlink.identity.seam.federation.jaxb.config.SamlConfigType;
+import org.picketlink.identity.seam.federation.jaxb.config.SamlIdentityProviderType;
/**
* @author Marcel Kolsteren
Modified: federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/ServiceProvider.java
===================================================================
--- federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/ServiceProvider.java 2010-06-16 15:03:56 UTC (rev 314)
+++ federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/ServiceProvider.java 2010-06-18 18:06:34 UTC (rev 315)
@@ -29,7 +29,7 @@
import org.jboss.seam.core.Expressions;
import org.jboss.seam.core.Expressions.MethodExpression;
import org.picketlink.identity.seam.federation.ExternalAuthenticationService;
-import org.picketlink.identity.seam.federation.config.jaxb.ServiceProviderType;
+import org.picketlink.identity.seam.federation.jaxb.config.ServiceProviderType;
/**
* @author Marcel Kolsteren
@@ -101,10 +101,26 @@
public String getServiceURL(ExternalAuthenticationService service)
{
String path = configuration.getContextRoot() + "/" + service.getName() + ".seam";
+ return createURL(path);
+ }
+ public String getOpenIdRealm()
+ {
+ return createURL("");
+ }
+
+ private String createURL(String path)
+ {
try
{
- return new URL(protocol, hostname, port, path).toExternalForm();
+ if (protocol.equals("http") && port == 80 || protocol.equals("https") && port == 443)
+ {
+ return new URL(protocol, hostname, path).toExternalForm();
+ }
+ else
+ {
+ return new URL(protocol, hostname, port, path).toExternalForm();
+ }
}
catch (MalformedURLException e)
{
Added: federation/trunk/picketlink-seam/src/main/resources/schema/xrds/xrd.xsd
===================================================================
--- federation/trunk/picketlink-seam/src/main/resources/schema/xrds/xrd.xsd (rev 0)
+++ federation/trunk/picketlink-seam/src/main/resources/schema/xrds/xrd.xsd 2010-06-18 18:06:34 UTC (rev 315)
@@ -0,0 +1,205 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xrd="xri://$xrd*($v*2.0)" targetNamespace="xri://$xrd*($v*2.0)" elementFormDefault="qualified">
+ <!-- Utility patterns -->
+ <xs:attributeGroup name="otherattribute">
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:attributeGroup>
+ <xs:group name="otherelement">
+ <xs:choice>
+ <xs:any namespace="##other" processContents="lax"/>
+ <xs:any namespace="##local" processContents="lax"/>
+ </xs:choice>
+ </xs:group>
+ <xs:attributeGroup name="priorityAttrGrp">
+ <xs:attribute name="priority" type="xs:nonNegativeInteger" use="optional"/>
+ </xs:attributeGroup>
+ <xs:attributeGroup name="codeAttrGrp">
+ <xs:attribute name="code" type="xs:int" use="required"/>
+ </xs:attributeGroup>
+ <xs:attributeGroup name="verifyAttrGrp">
+ <xs:attribute name="cid" use="optional">
+ <xs:simpleType>
+ <xs:restriction base="xs:string">
+ <xs:enumeration value="absent"/>
+ <xs:enumeration value="off"/>
+ <xs:enumeration value="verified"/>
+ <xs:enumeration value="failed"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ <xs:attribute name="ceid" use="optional">
+ <xs:simpleType>
+ <xs:restriction base="xs:string">
+ <xs:enumeration value="absent"/>
+ <xs:enumeration value="off"/>
+ <xs:enumeration value="verified"/>
+ <xs:enumeration value="failed"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ </xs:attributeGroup>
+ <xs:attributeGroup name="selectionAttrGrp">
+ <xs:attribute name="match" use="optional" default="default">
+ <xs:simpleType>
+ <xs:restriction base="xs:string">
+ <xs:enumeration value="default"/>
+ <xs:enumeration value="any"/>
+ <xs:enumeration value="non-null"/>
+ <xs:enumeration value="null"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ <xs:attribute name="select" type="xs:boolean" use="optional" default="false"/>
+ </xs:attributeGroup>
+ <xs:attributeGroup name="appendAttrGrp">
+ <xs:attribute name="append" use="optional" default="none">
+ <xs:simpleType>
+ <xs:restriction base="xs:string">
+ <xs:enumeration value="none"/>
+ <xs:enumeration value="local"/>
+ <xs:enumeration value="authority"/>
+ <xs:enumeration value="path"/>
+ <xs:enumeration value="query"/>
+ <xs:enumeration value="qxri"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ </xs:attributeGroup>
+ <xs:complexType name="URIPattern">
+ <xs:simpleContent>
+ <xs:extension base="xs:anyURI">
+ <xs:attributeGroup ref="xrd:otherattribute"/>
+ </xs:extension>
+ </xs:simpleContent>
+ </xs:complexType>
+ <xs:complexType name="URIPriorityPattern">
+ <xs:simpleContent>
+ <xs:extension base="xrd:URIPattern">
+ <xs:attributeGroup ref="xrd:priorityAttrGrp"/>
+ </xs:extension>
+ </xs:simpleContent>
+ </xs:complexType>
+ <xs:complexType name="URIPriorityAppendPattern">
+ <xs:simpleContent>
+ <xs:extension base="xrd:URIPriorityPattern">
+ <xs:attributeGroup ref="xrd:appendAttrGrp"/>
+ </xs:extension>
+ </xs:simpleContent>
+ </xs:complexType>
+ <xs:complexType name="StringPattern">
+ <xs:simpleContent>
+ <xs:extension base="xs:string">
+ <xs:attributeGroup ref="xrd:otherattribute"/>
+ </xs:extension>
+ </xs:simpleContent>
+ </xs:complexType>
+ <xs:complexType name="StringSelectionPattern">
+ <xs:simpleContent>
+ <xs:extension base="xrd:StringPattern">
+ <xs:attributeGroup ref="xrd:selectionAttrGrp"/>
+ </xs:extension>
+ </xs:simpleContent>
+ </xs:complexType>
+ <!-- Patterns for elements -->
+ <xs:element name="XRD">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element ref="xrd:Query" minOccurs="0"/>
+ <xs:element ref="xrd:Status" minOccurs="0"/>
+ <xs:element ref="xrd:ServerStatus" minOccurs="0"/>
+ <xs:element ref="xrd:Expires" minOccurs="0"/>
+ <xs:element ref="xrd:ProviderID" minOccurs="0"/>
+ <xs:choice>
+ <xs:element ref="xrd:Redirect" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element ref="xrd:Ref" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:choice>
+ <xs:element ref="xrd:LocalID" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element ref="xrd:EquivID" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element ref="xrd:CanonicalID" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element ref="xrd:CanonicalEquivID" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element ref="xrd:Service" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:group ref="xrd:otherelement" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="idref" type="xs:IDREF" use="optional"/>
+ <xs:attribute name="version" type="xs:string" use="optional" fixed="2.0"/>
+ <xs:attributeGroup ref="xrd:otherattribute"/>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="Query" type="xrd:StringPattern"/>
+ <xs:element name="Status">
+ <xs:complexType>
+ <xs:simpleContent>
+ <xs:extension base="xrd:StringPattern">
+ <xs:attributeGroup ref="xrd:codeAttrGrp"/>
+ <xs:attributeGroup ref="xrd:verifyAttrGrp"/>
+ <xs:attributeGroup ref="xrd:otherattribute"/>
+ </xs:extension>
+ </xs:simpleContent>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="ServerStatus">
+ <xs:complexType>
+ <xs:simpleContent>
+ <xs:extension base="xrd:StringPattern">
+ <xs:attributeGroup ref="xrd:codeAttrGrp"/>
+ <xs:attributeGroup ref="xrd:otherattribute"/>
+ </xs:extension>
+ </xs:simpleContent>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="Expires">
+ <xs:complexType>
+ <xs:simpleContent>
+ <xs:extension base="xs:dateTime">
+ <xs:attributeGroup ref="xrd:otherattribute"/>
+ </xs:extension>
+ </xs:simpleContent>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="ProviderID" type="xrd:URIPattern"/>
+ <xs:element name="Redirect" type="xrd:URIPriorityAppendPattern"/>
+ <xs:element name="Ref" type="xrd:URIPriorityPattern"/>
+ <xs:element name="LocalID">
+ <xs:complexType>
+ <xs:simpleContent>
+ <xs:extension base="xrd:StringPattern">
+ <xs:attributeGroup ref="xrd:priorityAttrGrp"/>
+ </xs:extension>
+ </xs:simpleContent>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="EquivID" type="xrd:URIPriorityPattern"/>
+ <xs:element name="CanonicalID" type="xrd:URIPriorityPattern"/>
+ <xs:element name="CanonicalEquivID" type="xrd:URIPriorityPattern"/>
+ <xs:element name="Service">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element ref="xrd:ProviderID" minOccurs="0"/>
+ <xs:element ref="xrd:Type" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element ref="xrd:Path" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element ref="xrd:MediaType" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:choice>
+ <xs:element ref="xrd:URI" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element ref="xrd:Redirect" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element ref="xrd:Ref" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:choice>
+ <xs:element ref="xrd:LocalID" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:group ref="xrd:otherelement" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attributeGroup ref="xrd:priorityAttrGrp"/>
+ <xs:attributeGroup ref="xrd:otherattribute"/>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="Type">
+ <xs:complexType>
+ <xs:simpleContent>
+ <xs:extension base="xrd:URIPattern">
+ <xs:attributeGroup ref="xrd:selectionAttrGrp"/>
+ </xs:extension>
+ </xs:simpleContent>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="Path" type="xrd:StringSelectionPattern"/>
+ <xs:element name="MediaType" type="xrd:StringSelectionPattern"/>
+ <xs:element name="URI" type="xrd:URIPriorityAppendPattern"/>
+</xs:schema>
\ No newline at end of file
Added: federation/trunk/picketlink-seam/src/main/resources/schema/xrds/xrds.xsd
===================================================================
--- federation/trunk/picketlink-seam/src/main/resources/schema/xrds/xrds.xsd (rev 0)
+++ federation/trunk/picketlink-seam/src/main/resources/schema/xrds/xrds.xsd 2010-06-18 18:06:34 UTC (rev 315)
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xrds="xri://$xrds" targetNamespace="xri://$xrds" elementFormDefault="qualified">
+ <!-- Utility patterns -->
+ <xs:attributeGroup name="otherattribute">
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:attributeGroup>
+ <xs:group name="otherelement">
+ <xs:choice>
+ <xs:any namespace="##other" processContents="lax"/>
+ <xs:any namespace="##local" processContents="lax"/>
+ </xs:choice>
+ </xs:group>
+ <!-- Patterns for elements -->
+ <xs:element name="XRDS">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:group ref="xrds:otherelement" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attributeGroup ref="xrds:otherattribute"/>
+ <!--XML Schema does not currently offer a means to express that only one of the following two attributes may be used in any XRDS element, i.e., an XRDS document may describe EITHER a redirect identifier or a ref identifier but not both.-->
+ <xs:attribute name="redirect" type="xs:anyURI" use="optional"/>
+ <xs:attribute name="ref" type="xs:anyURI" use="optional"/>
+ </xs:complexType>
+ </xs:element>
+</xs:schema>
\ No newline at end of file
Modified: federation/trunk/picketlink-webapps/seam-sp/src/main/webapp/PrincipalInfoFragment.xhtml
===================================================================
--- federation/trunk/picketlink-webapps/seam-sp/src/main/webapp/PrincipalInfoFragment.xhtml 2010-06-16 15:03:56 UTC (rev 314)
+++ federation/trunk/picketlink-webapps/seam-sp/src/main/webapp/PrincipalInfoFragment.xhtml 2010-06-18 18:06:34 UTC (rev 315)
@@ -6,7 +6,7 @@
xmlns:f="http://java.sun.com/jsf/core">
<c:choose>
<c:when
- test="#{identity.principal.getClass().getSimpleName() == 'SamlPrincipal'}">
+ test="#{identity.principal.getClass().getSimpleName() == 'SeamSamlPrincipal'}">
<h2>Logged on via SAML</h2>
<h:panelGrid columns="2">
<h:outputText value="NameID" />
Modified: federation/trunk/picketlink-webapps/seam-sp/src/main/webapp/PublicPage.xhtml
===================================================================
--- federation/trunk/picketlink-webapps/seam-sp/src/main/webapp/PublicPage.xhtml 2010-06-16 15:03:56 UTC (rev 314)
+++ federation/trunk/picketlink-webapps/seam-sp/src/main/webapp/PublicPage.xhtml 2010-06-18 18:06:34 UTC (rev 315)
@@ -12,9 +12,11 @@
<p><h:commandLink action="/PrivatePage2.xhtml"
value="Click here to view private page 2." /></p>
<c:if test="#{configuration.serviceProvider.samlConfiguration!= null}">
- <p><h:commandLink action="/MetaDataService.xhtml"
- value="Click here to view meta data for the SAML SP (xml)." /></p>
+ <p><h:outputLink value="MetaDataService">Click here to view meta data for the SAML SP (application/xml).</h:outputLink></p>
</c:if>
+ <c:if test="#{configuration.serviceProvider.samlConfiguration!= null}">
+ <p><h:outputLink value="OpenIdXrdsService">Click here to view the XRDS file for the OpenID RP (application/xrds+xml).</h:outputLink></p>
+ </c:if>
</h:form>
</body>
14 years, 5 months