Picketlink SVN: r672 - federation/trunk/picketlink-webapps/picketlink-sts/src/main/webapp/WEB-INF/wsdl.
by picketlink-commits@lists.jboss.org
Author: sguilhen(a)redhat.com
Date: 2011-01-27 07:40:34 -0500 (Thu, 27 Jan 2011)
New Revision: 672
Modified:
federation/trunk/picketlink-webapps/picketlink-sts/src/main/webapp/WEB-INF/wsdl/PicketLinkSTS.wsdl
Log:
PLFED-112: Fixed the WSDL actions namespaces
Modified: federation/trunk/picketlink-webapps/picketlink-sts/src/main/webapp/WEB-INF/wsdl/PicketLinkSTS.wsdl
===================================================================
--- federation/trunk/picketlink-webapps/picketlink-sts/src/main/webapp/WEB-INF/wsdl/PicketLinkSTS.wsdl 2011-01-27 06:21:43 UTC (rev 671)
+++ federation/trunk/picketlink-webapps/picketlink-sts/src/main/webapp/WEB-INF/wsdl/PicketLinkSTS.wsdl 2011-01-27 12:40:34 UTC (rev 672)
@@ -27,14 +27,14 @@
</wsdl:message>
<wsdl:portType name="SecureTokenService">
<wsdl:operation name="IssueToken">
- <wsdl:input wsap10:Action="http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue" message="tns:RequestSecurityToken"/>
- <wsdl:output wsap10:Action="http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue" message="tns:RequestSecurityTokenResponse"/>
+ <wsdl:input wsap10:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" message="tns:RequestSecurityToken"/>
+ <wsdl:output wsap10:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Issue" message="tns:RequestSecurityTokenResponse"/>
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="STSBinding" type="tns:SecureTokenService">
<soap12:binding transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="IssueToken">
- <soap12:operation soapAction="http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue" style="document"/>
+ <soap12:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" style="document"/>
<wsdl:input>
<soap12:body use="literal"/>
</wsdl:input>
13 years, 11 months
- 1
- 0
Picketlink SVN: r671 - picketlink-seam/trunk.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-01-27 01:21:43 -0500 (Thu, 27 Jan 2011)
New Revision: 671
Added:
picketlink-seam/trunk/pom.xml
Log:
pom for the project
Added: picketlink-seam/trunk/pom.xml
===================================================================
--- picketlink-seam/trunk/pom.xml (rev 0)
+++ picketlink-seam/trunk/pom.xml 2011-01-27 06:21:43 UTC (rev 671)
@@ -0,0 +1,33 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.picketlink</groupId>
+ <artifactId>picketlink-fed-parent</artifactId>
+ <version>2.0.0-SNAPSHOT</version>
+ <relativePath>parent</relativePath>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.picketlink</groupId>
+ <artifactId>picketlink-seam-pom</artifactId>
+ <packaging>pom</packaging>
+ <name>PicketLink Federation Seam- Aggregator</name>
+ <url>http://labs.jboss.org/portal/picketlink/</url>
+ <description>PicketLink Federation is the federated identity project for JEMS projects</description>
+
+ <modules>
+ <module>parent</module>
+ <module>picketlink-seam</module>
+ </modules>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-javadoc-plugin</artifactId>
+ <configuration>
+ <aggregate>true</aggregate>
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
+
+</project>
Property changes on: picketlink-seam/trunk/pom.xml
___________________________________________________________________
Name: svn:executable
+ *
13 years, 11 months
- 1
- 0
Picketlink SVN: r670 - in picketlink-seam/trunk/picketlink-seam/src/main: java/org/picketlink/identity/seam/federation and 1 other directories.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-01-27 01:20:55 -0500 (Thu, 27 Jan 2011)
New Revision: 670
Removed:
picketlink-seam/trunk/picketlink-seam/src/main/generated-source/
Modified:
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMessageFactory.java
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMessageReceiver.java
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMessageSender.java
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMetaDataProvider.java
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleLogoutReceiver.java
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleLogoutSender.java
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleSignOnReceiver.java
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleSignOnSender.java
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SeamSamlPrincipal.java
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlConfiguration.java
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlIdentityProvider.java
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlService.java
Log:
changes in the PL object model
Modified: picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMessageFactory.java
===================================================================
--- picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMessageFactory.java 2011-01-27 04:42:41 UTC (rev 669)
+++ picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMessageFactory.java 2011-01-27 06:20:55 UTC (rev 670)
@@ -21,6 +21,8 @@
*/
package org.picketlink.identity.seam.federation;
+import java.net.URI;
+
import javax.xml.datatype.XMLGregorianCalendar;
import org.jboss.seam.annotations.AutoCreate;
@@ -29,16 +31,14 @@
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
-import org.picketlink.identity.federation.core.saml.v2.factories.JBossSAMLBaseFactory;
import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
-import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
-import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
-import org.picketlink.identity.federation.saml.v2.protocol.LogoutRequestType;
-import org.picketlink.identity.federation.saml.v2.protocol.ObjectFactory;
-import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType;
-import org.picketlink.identity.federation.saml.v2.protocol.StatusCodeType;
-import org.picketlink.identity.federation.saml.v2.protocol.StatusResponseType;
-import org.picketlink.identity.federation.saml.v2.protocol.StatusType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.LogoutRequestType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestAbstractType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusCodeType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusResponseType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusType;
import org.picketlink.identity.seam.federation.configuration.ServiceProvider;
/**
@@ -53,26 +53,23 @@
private ServiceProvider serviceProvider;
public StatusResponseType createStatusResponse(RequestAbstractType request, String statusCode, String statusMessage)
- {
- ObjectFactory objectFactory = new ObjectFactory();
- org.picketlink.identity.federation.saml.v2.assertion.ObjectFactory assertionObjectFactory = new org.picketlink.identity.federation.saml.v2.assertion.ObjectFactory();
+ {
+ StatusResponseType response = new StatusResponseType();
- StatusResponseType response = objectFactory.createStatusResponseType();
-
response.setID(generateId());
response.setIssueInstant(generateIssueInstant());
- NameIDType issuer = assertionObjectFactory.createNameIDType();
+ NameIDType issuer = new NameIDType();
issuer.setValue(serviceProvider.getSamlConfiguration().getEntityId());
response.setIssuer(issuer);
response.setVersion(JBossSAMLConstants.VERSION_2_0.get());
response.setInResponseTo(request.getID());
- StatusCodeType statusCodeJaxb = objectFactory.createStatusCodeType();
- statusCodeJaxb.setValue(statusCode);
+ StatusCodeType statusCodeJaxb = new StatusCodeType();
+ statusCodeJaxb.setValue( URI.create(statusCode) );
- StatusType statusType = objectFactory.createStatusType();
+ StatusType statusType = new StatusType();
statusType.setStatusCode(statusCodeJaxb);
if (statusMessage != null)
{
@@ -86,49 +83,35 @@
public AuthnRequestType createAuthnRequest()
{
- ObjectFactory objectFactory = new ObjectFactory();
- org.picketlink.identity.federation.saml.v2.assertion.ObjectFactory assertionObjectFactory = new org.picketlink.identity.federation.saml.v2.assertion.ObjectFactory();
+ AuthnRequestType authnRequest = new AuthnRequestType( generateId(), JBossSAMLConstants.VERSION_2_0.get() , generateIssueInstant() );
- AuthnRequestType authnRequest = objectFactory.createAuthnRequestType();
-
- authnRequest.setID(generateId());
- authnRequest.setIssueInstant(generateIssueInstant());
-
- NameIDType issuer = assertionObjectFactory.createNameIDType();
+ NameIDType issuer = new NameIDType();
issuer.setValue(serviceProvider.getSamlConfiguration().getEntityId());
authnRequest.setIssuer(issuer);
+
- authnRequest.setVersion(JBossSAMLConstants.VERSION_2_0.get());
-
// Fill in the optional fields that indicate where and how the response should be delivered.
- authnRequest.setAssertionConsumerServiceURL(serviceProvider
- .getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE));
- authnRequest.setProtocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
+ authnRequest.setAssertionConsumerServiceURL(URI.create( serviceProvider
+ .getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE )));
+ authnRequest.setProtocolBinding( URI.create( "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ));
return authnRequest;
}
public LogoutRequestType createLogoutRequest(SeamSamlPrincipal principal) throws ConfigurationException
- {
- ObjectFactory objectFactory = new ObjectFactory();
- org.picketlink.identity.federation.saml.v2.assertion.ObjectFactory assertionObjectFactory = new org.picketlink.identity.federation.saml.v2.assertion.ObjectFactory();
+ {
+ LogoutRequestType logoutRequest = new LogoutRequestType( generateId(), JBossSAMLConstants.VERSION_2_0.get(), generateIssueInstant());
- LogoutRequestType logoutRequest = objectFactory.createLogoutRequestType();
-
- logoutRequest.setID(generateId());
- logoutRequest.setIssueInstant(generateIssueInstant());
-
- NameIDType issuer = assertionObjectFactory.createNameIDType();
+ NameIDType issuer = new NameIDType();
issuer.setValue(serviceProvider.getSamlConfiguration().getEntityId());
logoutRequest.setIssuer(issuer);
- NameIDType nameID = JBossSAMLBaseFactory.createNameID();
+ NameIDType nameID = new NameIDType();
nameID.setValue(principal.getNameId().getValue());
logoutRequest.setNameID(nameID);
+
+ logoutRequest.addSessionIndex( principal.getSessionIndex() );
- logoutRequest.setVersion(JBossSAMLConstants.VERSION_2_0.get());
- logoutRequest.getSessionIndex().add(principal.getSessionIndex());
-
return logoutRequest;
}
Modified: picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMessageReceiver.java
===================================================================
--- picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMessageReceiver.java 2011-01-27 04:42:41 UTC (rev 669)
+++ picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMessageReceiver.java 2011-01-27 06:20:55 UTC (rev 670)
@@ -38,13 +38,16 @@
import org.jboss.seam.annotations.Name;
import org.jboss.seam.log.Log;
import org.jboss.seam.util.Base64;
+import org.picketlink.identity.federation.api.saml.v2.request.SAML2Request;
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
import org.picketlink.identity.federation.core.exceptions.ParsingException;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
+import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.picketlink.identity.federation.core.util.JAXBUtil;
-import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType;
-import org.picketlink.identity.federation.saml.v2.protocol.StatusResponseType;
+import org.picketlink.identity.federation.core.util.JAXBUtil;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestAbstractType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusResponseType;
import org.picketlink.identity.federation.web.util.RedirectBindingUtil;
import org.picketlink.identity.seam.federation.configuration.SamlIdentityProvider;
import org.picketlink.identity.seam.federation.configuration.ServiceProvider;
@@ -205,8 +208,20 @@
private RequestAbstractType getSamlRequest(Document document) throws InvalidRequestException
{
- try
+ SAMLParser samlParser = new SAMLParser();
+ RequestAbstractType request;
+ try
{
+ request = (RequestAbstractType) samlParser.parse( StaxParserUtil.getXMLEventReader( DocumentUtil.getNodeAsStream(document)) );
+ }
+ catch ( Exception e)
+ {
+ throw new InvalidRequestException("SAML message could not be parsed", e);
+ }
+ return request;
+
+ /*try
+ {
JAXBContext jaxb = JAXBUtil.getJAXBContext(StatusResponseType.class);
Unmarshaller unmarshaller = jaxb.createUnmarshaller();
@SuppressWarnings("unchecked")
@@ -218,13 +233,24 @@
catch (JAXBException e)
{
throw new InvalidRequestException("SAML message could not be parsed", e);
- }
+ }*/
}
private StatusResponseType getSamlResponse(Document document) throws InvalidRequestException
{
+ SAMLParser samlParser = new SAMLParser();
try
{
+ InputStream is = DocumentUtil.getNodeAsStream(document);
+ return (StatusResponseType) samlParser.parse( is );
+ }
+ catch ( Exception e )
+ {
+ throw new InvalidRequestException("SAML message could not be parsed", e);
+ }
+
+ /*try
+ {
JAXBContext jaxb = JAXBUtil.getJAXBContext(StatusResponseType.class);
Unmarshaller unmarshaller = jaxb.createUnmarshaller();
@SuppressWarnings("unchecked")
@@ -236,7 +262,7 @@
catch (JAXBException e)
{
throw new InvalidRequestException("SAML message could not be parsed", e);
- }
+ }*/
}
private Document getDocument(InputStream is) throws InvalidRequestException
Modified: picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMessageSender.java
===================================================================
--- picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMessageSender.java 2011-01-27 04:42:41 UTC (rev 669)
+++ picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMessageSender.java 2011-01-27 06:20:55 UTC (rev 670)
@@ -25,6 +25,8 @@
import java.io.ByteArrayOutputStream;
import java.io.IOException;
+import java.io.StringWriter;
+import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PrivateKey;
@@ -32,11 +34,6 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.xml.bind.Binder;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
import org.jboss.seam.annotations.AutoCreate;
import org.jboss.seam.annotations.Import;
@@ -50,10 +47,10 @@
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.picketlink.identity.federation.core.util.JAXBUtil;
-import org.picketlink.identity.federation.saml.v2.protocol.ObjectFactory;
-import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType;
-import org.picketlink.identity.federation.saml.v2.protocol.StatusResponseType;
+import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter;
+import org.picketlink.identity.federation.core.util.StaxUtil;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestAbstractType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusResponseType;
import org.picketlink.identity.federation.web.util.HTTPRedirectUtil;
import org.picketlink.identity.federation.web.util.PostBindingUtil;
import org.picketlink.identity.federation.web.util.RedirectBindingSignatureUtil;
@@ -64,8 +61,6 @@
import org.picketlink.identity.seam.federation.configuration.SamlService;
import org.picketlink.identity.seam.federation.configuration.ServiceProvider;
import org.w3c.dom.Document;
-import org.w3c.dom.Node;
-import org.xml.sax.SAXException;
/**
* @author Marcel Kolsteren
@@ -102,26 +97,14 @@
+ " has no endpoint found for profile " + profile);
}
SAML2Request saml2Request = new SAML2Request();
- samlRequest.setDestination(endpoint.getLocation());
+ samlRequest.setDestination( URI.create( endpoint.getLocation() ));
saml2Request.marshall(samlRequest, baos);
message = saml2Request.convert(samlRequest);
}
- catch (JAXBException e)
+ catch ( Exception e)
{
throw new RuntimeException(e);
- }
- catch (ConfigurationException e)
- {
- throw new RuntimeException(e);
- }
- catch (SAXException e)
- {
- throw new RuntimeException(e);
- }
- catch (IOException e)
- {
- throw new RuntimeException(e);
- }
+ }
sendMessageToIDP(request, response, samlIdentityProvider, message, RequestOrResponse.REQUEST, endpoint);
}
@@ -129,15 +112,21 @@
public void sendResponseToIDP(HttpServletRequest request, HttpServletResponse response,
SamlIdentityProvider samlIdentityProvider, SamlEndpoint endpoint, StatusResponseType samlResponse)
{
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ //ByteArrayOutputStream baos = new ByteArrayOutputStream();
Document message = null;
try
{
samlResponse.setDestination(endpoint.getResponseLocation());
-
- JAXBElement<StatusResponseType> responseElement;
+
+ StringWriter sw = new StringWriter();
+ SAMLResponseWriter samlWriter = new SAMLResponseWriter( StaxUtil.getXMLStreamWriter( sw ));
+ samlWriter.write( samlResponse, null );
+
+ message = DocumentUtil.getDocument( sw.toString() );
+
+ /*JAXBElement<StatusResponseType> responseElement;
if (endpoint.getService().getProfile().equals(SamlProfile.SINGLE_LOGOUT))
- {
+ {
responseElement = new ObjectFactory().createLogoutResponse(samlResponse);
}
else
@@ -151,16 +140,12 @@
Binder<Node> binder = jaxbContext.createBinder();
message = DocumentUtil.createDocument();
- binder.marshal(responseElement, message);
+ binder.marshal(responseElement, message);*/
}
- catch (JAXBException e)
+ catch ( Exception e)
{
throw new RuntimeException(e);
- }
- catch (ConfigurationException e)
- {
- throw new RuntimeException(e);
- }
+ }
sendMessageToIDP(request, response, samlIdentityProvider, message, RequestOrResponse.RESPONSE, endpoint);
}
Modified: picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMetaDataProvider.java
===================================================================
--- picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMetaDataProvider.java 2011-01-27 04:42:41 UTC (rev 669)
+++ picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMetaDataProvider.java 2011-01-27 06:20:55 UTC (rev 670)
@@ -22,27 +22,26 @@
package org.picketlink.identity.seam.federation;
import java.io.OutputStream;
-import java.security.cert.CertificateEncodingException;
+import java.net.URI;
import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-
import org.jboss.seam.annotations.AutoCreate;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Name;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
-import org.picketlink.identity.federation.saml.v2.metadata.EntityDescriptorType;
-import org.picketlink.identity.federation.saml.v2.metadata.IndexedEndpointType;
-import org.picketlink.identity.federation.saml.v2.metadata.KeyDescriptorType;
-import org.picketlink.identity.federation.saml.v2.metadata.KeyTypes;
-import org.picketlink.identity.federation.saml.v2.metadata.ObjectFactory;
-import org.picketlink.identity.federation.saml.v2.metadata.SPSSODescriptorType;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.saml.v2.writers.SAMLMetadataWriter;
+import org.picketlink.identity.federation.core.util.StaxUtil;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType.EDTChoiceType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType.EDTDescriptorChoiceType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.IndexedEndpointType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.KeyDescriptorType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.SPSSODescriptorType;
import org.picketlink.identity.seam.federation.configuration.ServiceProvider;
-import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType;
-import org.picketlink.identity.xmlsec.w3.xmldsig.X509DataType;
+import org.w3c.dom.Element;
/**
* @author Marcel Kolsteren
@@ -58,52 +57,46 @@
public void writeMetaData(OutputStream stream)
{
try
- {
- ObjectFactory metaDataFactory = new ObjectFactory();
+ {
+ String acsRedirectServiceURL = serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE);
+ IndexedEndpointType acsRedirectEndpoint = new IndexedEndpointType( URI.create( SamlConstants.HTTP_REDIRECT_BINDING ), URI.create( acsRedirectServiceURL ));
- IndexedEndpointType acsRedirectEndpoint = metaDataFactory.createIndexedEndpointType();
- acsRedirectEndpoint.setBinding(SamlConstants.HTTP_REDIRECT_BINDING);
- acsRedirectEndpoint.setLocation(serviceProvider
- .getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE));
+ String acsPostServiceURL = serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE);
+ IndexedEndpointType acsPostEndpoint = new IndexedEndpointType( URI.create( SamlConstants.HTTP_POST_BINDING ), URI.create( acsPostServiceURL ) );
- IndexedEndpointType acsPostEndpoint = metaDataFactory.createIndexedEndpointType();
- acsPostEndpoint.setBinding(SamlConstants.HTTP_POST_BINDING);
- acsPostEndpoint.setLocation(serviceProvider
- .getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE));
+ IndexedEndpointType sloRedirectEndpoint = new IndexedEndpointType( URI.create(SamlConstants.HTTP_REDIRECT_BINDING), URI.create(serviceProvider
+ .getServiceURL(ExternalAuthenticationService.SAML_SINGLE_LOGOUT_SERVICE)) );
- IndexedEndpointType sloRedirectEndpoint = metaDataFactory.createIndexedEndpointType();
- sloRedirectEndpoint.setBinding(SamlConstants.HTTP_REDIRECT_BINDING);
- sloRedirectEndpoint.setLocation(serviceProvider
- .getServiceURL(ExternalAuthenticationService.SAML_SINGLE_LOGOUT_SERVICE));
+ IndexedEndpointType sloPostEndpoint = new IndexedEndpointType( URI.create( SamlConstants.HTTP_POST_BINDING), URI.create( serviceProvider
+ .getServiceURL(ExternalAuthenticationService.SAML_SINGLE_LOGOUT_SERVICE)) );
- IndexedEndpointType sloPostEndpoint = metaDataFactory.createIndexedEndpointType();
- sloPostEndpoint.setBinding(SamlConstants.HTTP_POST_BINDING);
- sloPostEndpoint.setLocation(serviceProvider
- .getServiceURL(ExternalAuthenticationService.SAML_SINGLE_LOGOUT_SERVICE));
-
- SPSSODescriptorType spSsoDescriptor = metaDataFactory.createSPSSODescriptorType();
+ List<String> protocolSupport = new ArrayList<String>();
+ protocolSupport.add( JBossSAMLURIConstants.PROTOCOL_NSURI.get() );
+
+ SPSSODescriptorType spSsoDescriptor = new SPSSODescriptorType( protocolSupport );
spSsoDescriptor.setAuthnRequestsSigned(serviceProvider.getSamlConfiguration().isAuthnRequestsSigned());
spSsoDescriptor.setWantAssertionsSigned(serviceProvider.getSamlConfiguration().isWantAssertionsSigned());
- spSsoDescriptor.getAssertionConsumerService().add(acsRedirectEndpoint);
- spSsoDescriptor.getAssertionConsumerService().add(acsPostEndpoint);
- spSsoDescriptor.getSingleLogoutService().add(sloRedirectEndpoint);
- spSsoDescriptor.getSingleLogoutService().add(sloPostEndpoint);
+ spSsoDescriptor.addAssertionConsumerService( acsRedirectEndpoint );
+ spSsoDescriptor.addAssertionConsumerService( acsPostEndpoint );
+ spSsoDescriptor.addSingleLogoutService( sloRedirectEndpoint );
+ spSsoDescriptor.addSingleLogoutService( sloPostEndpoint );
spSsoDescriptor.getProtocolSupportEnumeration().add(JBossSAMLURIConstants.PROTOCOL_NSURI.get());
- spSsoDescriptor.getNameIDFormat().add("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
- spSsoDescriptor.getNameIDFormat().add("urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
- spSsoDescriptor.getNameIDFormat().add("urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified");
- spSsoDescriptor.getNameIDFormat().add("urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress");
+ spSsoDescriptor.addNameIDFormat( "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
+ spSsoDescriptor.addNameIDFormat( "urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
+ spSsoDescriptor.addNameIDFormat( "urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified");
+ spSsoDescriptor.addNameIDFormat( "urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress");
+
- org.picketlink.identity.xmlsec.w3.xmldsig.ObjectFactory signatureFactory = new org.picketlink.identity.xmlsec.w3.xmldsig.ObjectFactory();
-
X509Certificate certificate = serviceProvider.getSamlConfiguration().getCertificate();
if(certificate == null)
throw new RuntimeException("Certificate obtained from configuration is null");
- JAXBElement<byte[]> X509Certificate;
+ Element keyInfoElement = getKeyInfoDOM( certificate );
+
+ /*JAXBElement<byte[]> X509Certificate;
try
{
X509Certificate = signatureFactory.createX509DataTypeX509Certificate(certificate.getEncoded());
@@ -117,27 +110,53 @@
X509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(X509Certificate);
KeyInfoType keyInfo = signatureFactory.createKeyInfoType();
- keyInfo.getContent().add(signatureFactory.createX509Data(X509Data));
+ keyInfo.getContent().add(signatureFactory.createX509Data(X509Data));*/
- KeyDescriptorType keyDescriptor = metaDataFactory.createKeyDescriptorType();
- keyDescriptor.setUse(KeyTypes.SIGNING);
- keyDescriptor.setKeyInfo(keyInfo);
+ KeyDescriptorType keyDescriptor = new KeyDescriptorType();
+ keyDescriptor.setKeyInfo(keyInfoElement);
+
+ /*keyDescriptor.setUse(KeyTypes.SIGNING);
+ keyDescriptor.setKeyInfo(keyInfo);*/
- spSsoDescriptor.getKeyDescriptor().add(keyDescriptor);
+ spSsoDescriptor.addKeyDescriptor( keyDescriptor );
- EntityDescriptorType entityDescriptor = metaDataFactory.createEntityDescriptorType();
- entityDescriptor.setEntityID(serviceProvider.getSamlConfiguration().getEntityId());
- entityDescriptor.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor().add(spSsoDescriptor);
-
- JAXBContext jaxbContext = JAXBContext.newInstance("org.picketlink.identity.federation.saml.v2.metadata");
+ EDTDescriptorChoiceType edtDescriptorChoice = new EDTDescriptorChoiceType( spSsoDescriptor );
+ List<EDTDescriptorChoiceType> edtChoices = new ArrayList<EntityDescriptorType.EDTDescriptorChoiceType>();
+ edtChoices.add(edtDescriptorChoice);
+
+ EDTChoiceType edtChoice = new EDTChoiceType(edtChoices);
+
+ EntityDescriptorType entityDescriptor = new EntityDescriptorType( serviceProvider.getSamlConfiguration().getEntityId());
+ entityDescriptor.addChoiceType(edtChoice);
+
+
+ SAMLMetadataWriter metadataWriter = new SAMLMetadataWriter( StaxUtil.getXMLStreamWriter( stream ) );
+ metadataWriter.writeEntityDescriptor(entityDescriptor);
+
+ /*JAXBContext jaxbContext = JAXBContext.newInstance("org.picketlink.identity.federation.saml.v2.metadata");
Marshaller marshaller = jaxbContext.createMarshaller();
marshaller.setProperty(Marshaller.JAXB_ENCODING, "UTF-8");
marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
- marshaller.marshal(metaDataFactory.createEntityDescriptor(entityDescriptor), stream);
+ marshaller.marshal(metaDataFactory.createEntityDescriptor(entityDescriptor), stream);*/
}
- catch (JAXBException e)
+ catch ( Exception e)
{
throw new RuntimeException(e);
}
}
+
+ private Element getKeyInfoDOM( X509Certificate certificate )
+ {
+ try
+ {
+ StringBuilder builder = new StringBuilder( "<ds:KeyInfo><ds:X509Data><ds:X509Certificate>");
+ builder.append( new String( certificate.getEncoded() )).append( "</ds:X509Certificate></ds:X509Data></ds:KeyInfo>");
+ return DocumentUtil.getDocument(builder.toString()).getDocumentElement();
+ }
+ catch ( Exception e)
+ {
+ throw new RuntimeException( e );
+ }
+
+ }
}
Modified: picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleLogoutReceiver.java
===================================================================
--- picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleLogoutReceiver.java 2011-01-27 04:42:41 UTC (rev 669)
+++ picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleLogoutReceiver.java 2011-01-27 06:20:55 UTC (rev 670)
@@ -31,10 +31,10 @@
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.security.Identity;
-import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
-import org.picketlink.identity.federation.saml.v2.protocol.LogoutRequestType;
-import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType;
-import org.picketlink.identity.federation.saml.v2.protocol.StatusResponseType;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.LogoutRequestType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestAbstractType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusResponseType;
import org.picketlink.identity.seam.federation.configuration.Binding;
import org.picketlink.identity.seam.federation.configuration.SamlEndpoint;
import org.picketlink.identity.seam.federation.configuration.SamlIdentityProvider;
Modified: picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleLogoutSender.java
===================================================================
--- picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleLogoutSender.java 2011-01-27 04:42:41 UTC (rev 669)
+++ picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleLogoutSender.java 2011-01-27 06:20:55 UTC (rev 670)
@@ -29,8 +29,8 @@
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.security.Identity;
-import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
-import org.picketlink.identity.federation.saml.v2.protocol.LogoutRequestType;
+import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.LogoutRequestType;
import org.picketlink.identity.seam.federation.configuration.SamlIdentityProvider;
/**
Modified: picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleSignOnReceiver.java
===================================================================
--- picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleSignOnReceiver.java 2011-01-27 04:42:41 UTC (rev 669)
+++ picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleSignOnReceiver.java 2011-01-27 06:20:55 UTC (rev 670)
@@ -28,7 +28,6 @@
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.xml.bind.JAXBElement;
import javax.xml.datatype.DatatypeConstants;
import javax.xml.datatype.XMLGregorianCalendar;
@@ -44,17 +43,22 @@
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
-import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
-import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType;
-import org.picketlink.identity.federation.saml.v2.assertion.AttributeType;
-import org.picketlink.identity.federation.saml.v2.assertion.AuthnStatementType;
-import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
-import org.picketlink.identity.federation.saml.v2.assertion.StatementAbstractType;
-import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationDataType;
-import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationType;
-import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
-import org.picketlink.identity.federation.saml.v2.protocol.StatusResponseType;
-import org.picketlink.identity.federation.saml.v2.protocol.StatusType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AuthnStatementType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.EncryptedElementType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.StatementAbstractType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectConfirmationDataType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectConfirmationType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType.STSubType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType.RTChoiceType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusResponseType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusType;
import org.picketlink.identity.seam.federation.configuration.SamlIdentityProvider;
import org.picketlink.identity.seam.federation.configuration.ServiceProvider;
@@ -94,7 +98,7 @@
throw new InvalidRequestException("Response does not contain a status");
}
- String statusValue = status.getStatusCode().getValue();
+ String statusValue = status.getStatusCode().getValue().toString();
if (JBossSAMLURIConstants.STATUS_SUCCESS.get().equals(statusValue) == false)
{
throw new RuntimeException("IDP returned status " + statusValue);
@@ -107,7 +111,7 @@
ResponseType response = (ResponseType) statusResponse;
- List<Object> assertions = response.getAssertionOrEncryptedAssertion();
+ List<RTChoiceType> assertions = response.getAssertions();
if (assertions.size() == 0)
{
throw new RuntimeException("IDP response does not contain assertions");
@@ -143,7 +147,7 @@
{
SeamSamlPrincipal principal = null;
- for (Object assertion : responseType.getAssertionOrEncryptedAssertion())
+ for (Object assertion : responseType.getAssertions() )
{
if (assertion instanceof AssertionType)
{
@@ -200,22 +204,24 @@
principal.setSessionIndex(authnStatement.getSessionIndex());
principal.setNameId(nameId);
- for (StatementAbstractType statement : assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement())
+ for (StatementAbstractType statement : assertion.getStatements() )
{
if (statement instanceof AttributeStatementType)
{
AttributeStatementType attributeStatement = (AttributeStatementType) statement;
List<AttributeType> attributes = new LinkedList<AttributeType>();
- for (Object object : attributeStatement.getAttributeOrEncryptedAttribute())
+ for (ASTChoiceType object : attributeStatement.getAttributes() )
{
- if (object instanceof AttributeType)
- {
- attributes.add((AttributeType) object);
- }
- else
- {
- log.warn("Encrypted attributes are not supported. Ignoring the attribute.");
- }
+ AttributeType attribute = object.getAttribute();
+ if( attribute != null )
+ {
+ attributes.add( attribute );
+ }
+ EncryptedElementType eet = object.getEncryptedAssertion();
+ if( eet != null )
+ {
+ log.warn("Encrypted attributes are not supported. Ignoring the attribute.");
+ }
}
principal.setAttributes(attributes);
}
@@ -226,7 +232,7 @@
private AuthnStatementType extractValidAuthnStatement(AssertionType assertion)
{
- for (StatementAbstractType statement : assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement())
+ for (StatementAbstractType statement : assertion.getStatements() )
{
if (statement instanceof AuthnStatementType)
{
@@ -243,8 +249,35 @@
NameIDType nameId = null;
boolean validConfirmationFound = false;
- for (JAXBElement<?> contentElement : assertion.getSubject().getContent())
+ SubjectType subject = assertion.getSubject();
+
+ STSubType subjectSubType = subject.getSubType();
+ nameId = (NameIDType) subjectSubType.getBaseID();
+
+ List<SubjectConfirmationType> subjectConfirmations = subjectSubType.getConfirmation();
+
+ for( SubjectConfirmationType confirmation: subjectConfirmations )
{
+ if (confirmation.getMethod().equals(SamlConstants.CONFIRMATION_METHOD_BEARER))
+ {
+ SubjectConfirmationDataType confirmationData = confirmation.getSubjectConfirmationData();
+
+ boolean validRecipient = confirmationData.getRecipient().equals(
+ serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE));
+
+ boolean notTooLate = confirmationData.getNotOnOrAfter().compare(getCurrentTime()) == DatatypeConstants.GREATER;
+
+ boolean validInResponseTo = requestContext == null
+ || confirmationData.getInResponseTo().equals(requestContext.getId());
+
+ if (validRecipient && notTooLate && validInResponseTo)
+ {
+ validConfirmationFound = true;
+ }
+ }
+ }
+ /*for (JAXBElement<?> contentElement : assertion.getSubject().getContent())
+ {
if (contentElement.getValue() instanceof NameIDType)
{
nameId = (NameIDType) contentElement.getValue();
@@ -270,7 +303,7 @@
}
}
}
- }
+ }*/
if (validConfirmationFound)
{
Modified: picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleSignOnSender.java
===================================================================
--- picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleSignOnSender.java 2011-01-27 04:42:41 UTC (rev 669)
+++ picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleSignOnSender.java 2011-01-27 06:20:55 UTC (rev 670)
@@ -29,8 +29,8 @@
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.core.Events;
-import org.jboss.seam.security.Identity;
-import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.jboss.seam.security.Identity;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
import org.picketlink.identity.seam.federation.configuration.SamlIdentityProvider;
/**
Modified: picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SeamSamlPrincipal.java
===================================================================
--- picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SeamSamlPrincipal.java 2011-01-27 04:42:41 UTC (rev 669)
+++ picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SeamSamlPrincipal.java 2011-01-27 06:20:55 UTC (rev 670)
@@ -24,13 +24,14 @@
import java.security.Principal;
import java.util.LinkedList;
import java.util.List;
-
-import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
-import org.picketlink.identity.federation.saml.v2.assertion.AttributeType;
-import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
+
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
import org.picketlink.identity.seam.federation.configuration.SamlIdentityProvider;
/**
+ * An instance of {@link Principal}
* @author Marcel Kolsteren
* @since Jan 28, 2010
*/
@@ -100,4 +101,4 @@
{
return nameId.getValue();
}
-}
+}
\ No newline at end of file
Modified: picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlConfiguration.java
===================================================================
--- picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlConfiguration.java 2011-01-27 04:42:41 UTC (rev 669)
+++ picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlConfiguration.java 2011-01-27 06:20:55 UTC (rev 670)
@@ -42,12 +42,15 @@
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
-import org.picketlink.identity.federation.saml.v2.metadata.EntitiesDescriptorType;
-import org.picketlink.identity.federation.saml.v2.metadata.EntityDescriptorType;
-import org.picketlink.identity.federation.saml.v2.metadata.IDPSSODescriptorType;
-import org.picketlink.identity.federation.saml.v2.metadata.RoleDescriptorType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntitiesDescriptorType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.RoleDescriptorType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType.EDTDescriptorChoiceType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.IDPSSODescriptorType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType.EDTChoiceType;
import org.picketlink.identity.seam.federation.jaxb.config.SamlConfigType;
import org.picketlink.identity.seam.federation.jaxb.config.SamlIdentityProviderType;
+
/**
* @author Marcel Kolsteren
@@ -149,14 +152,28 @@
private void readEntitiesDescriptor(EntitiesDescriptorType entitiesDescriptor)
{
- for (Object object : entitiesDescriptor.getEntityDescriptorOrEntitiesDescriptor())
+ for (Object object : entitiesDescriptor.getEntityDescriptor() )
{
if (object instanceof EntityDescriptorType)
{
EntityDescriptorType entityDescriptor = (EntityDescriptorType) object;
String entityId = entityDescriptor.getEntityID();
+
+ for( EDTChoiceType edt: entityDescriptor.getChoiceType() )
+ {
+ List<EDTDescriptorChoiceType> descriptors = edt.getDescriptors();
+ for( EDTDescriptorChoiceType edtDesc : descriptors )
+ {
+ RoleDescriptorType roleDescriptor = edtDesc.getRoleDescriptor();
+ if( roleDescriptor instanceof IDPSSODescriptorType )
+ {
+ IDPSSODescriptorType IDPSSODescriptor = (IDPSSODescriptorType) roleDescriptor;
+ idpMetaInfo.put(entityId, IDPSSODescriptor);
+ }
+ }
+ }
- for (RoleDescriptorType roleDescriptor : entityDescriptor
+ /*for (RoleDescriptorType roleDescriptor : entityDescriptor.getC
.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor())
{
if (roleDescriptor instanceof IDPSSODescriptorType)
@@ -164,7 +181,7 @@
IDPSSODescriptorType IDPSSODescriptor = (IDPSSODescriptorType) roleDescriptor;
idpMetaInfo.put(entityId, IDPSSODescriptor);
}
- }
+ }*/
}
else
{
Modified: picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlIdentityProvider.java
===================================================================
--- picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlIdentityProvider.java 2011-01-27 04:42:41 UTC (rev 669)
+++ picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlIdentityProvider.java 2011-01-27 06:20:55 UTC (rev 670)
@@ -26,13 +26,15 @@
import java.util.Map;
import javax.security.cert.X509Certificate;
-import javax.xml.bind.JAXBElement;
-import org.picketlink.identity.federation.saml.v2.metadata.IDPSSODescriptorType;
-import org.picketlink.identity.federation.saml.v2.metadata.KeyDescriptorType;
-import org.picketlink.identity.federation.saml.v2.metadata.KeyTypes;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.IDPSSODescriptorType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.KeyDescriptorType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.KeyTypes;
import org.picketlink.identity.seam.federation.SamlProfile;
-import org.picketlink.identity.xmlsec.w3.xmldsig.X509DataType;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
/**
* @author Marcel Kolsteren
@@ -67,8 +69,49 @@
{
if (keyDescriptor.getUse().equals(KeyTypes.SIGNING))
{
- for (Object content : keyDescriptor.getKeyInfo().getContent())
+ Element elem = keyDescriptor.getKeyInfo();
+ if( elem != null )
{
+ NodeList x509DataNodes = elem.getElementsByTagName( "X509Data" );
+ if( x509DataNodes != null && x509DataNodes.getLength() > 0 )
+ {
+ //Choose the first one
+ Node x509DataNode = x509DataNodes.item(0);
+ NodeList children = x509DataNode.getChildNodes();
+ int len = children != null ? children.getLength() : 0 ;
+ for( int i = 0 ; i < len ; i++ )
+ {
+ Node nl = children.item(i);
+ if( nl.getNodeName().contains( "X509Certificate" ) )
+ {
+ byte[] certificate = null ;
+ try
+ {
+ certificate = DocumentUtil.getNodeAsString(nl).getBytes();
+ }
+ catch ( Exception e )
+ {
+ throw new RuntimeException( e );
+ }
+ try
+ {
+ X509Certificate cert = X509Certificate.getInstance(certificate);
+ publicKey = cert.getPublicKey();
+ }
+ catch (javax.security.cert.CertificateException e)
+ {
+ throw new RuntimeException(e);
+ }
+ break;
+ }
+
+ }
+
+ }
+ }
+
+ /*for (Object content : keyDescriptor.getKeyInfo() )
+ {
if (content instanceof JAXBElement<?> && ((JAXBElement<?>) content).getValue() instanceof X509DataType)
{
X509DataType X509Data = (X509DataType) ((JAXBElement<?>) content).getValue();
@@ -93,7 +136,7 @@
}
}
}
- }
+ }*/
}
}
}
Modified: picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlService.java
===================================================================
--- picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlService.java 2011-01-27 04:42:41 UTC (rev 669)
+++ picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlService.java 2011-01-27 06:20:55 UTC (rev 670)
@@ -23,8 +23,8 @@
import java.util.LinkedList;
import java.util.List;
-
-import org.picketlink.identity.federation.saml.v2.metadata.EndpointType;
+
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EndpointType;
import org.picketlink.identity.seam.federation.SamlProfile;
/**
@@ -44,11 +44,11 @@
for (EndpointType endpoint : endpoints)
{
Binding binding = null;
- if (endpoint.getBinding().endsWith("HTTP-Redirect"))
+ if (endpoint.getBinding().toString().endsWith("HTTP-Redirect"))
{
binding = Binding.HTTP_Redirect;
}
- else if (endpoint.getBinding().endsWith("HTTP-POST"))
+ else if (endpoint.getBinding().toString().endsWith("HTTP-POST"))
{
binding = Binding.HTTP_Post;
}
@@ -58,8 +58,8 @@
}
if (binding != null)
{
- SamlEndpoint samlEndpoint = new SamlEndpoint(this, binding, endpoint.getLocation(), endpoint
- .getResponseLocation());
+ SamlEndpoint samlEndpoint = new SamlEndpoint(this, binding, endpoint.getLocation().toString(), endpoint
+ .getResponseLocation().toString());
serviceEndpoints.add(samlEndpoint);
}
}
13 years, 11 months
- 1
- 0
Picketlink SVN: r669 - in picketlink-seam/trunk: picketlink-seam and 1 other directory.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-01-26 23:42:41 -0500 (Wed, 26 Jan 2011)
New Revision: 669
Added:
picketlink-seam/trunk/picketlink-seam/src/
Removed:
picketlink-seam/trunk/src/
Log:
move src
Copied: picketlink-seam/trunk/picketlink-seam/src (from rev 668, picketlink-seam/trunk/src)
13 years, 11 months
- 1
- 0
Picketlink SVN: r668 - in picketlink-seam/trunk: picketlink-seam and 1 other directory.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-01-26 23:41:58 -0500 (Wed, 26 Jan 2011)
New Revision: 668
Added:
picketlink-seam/trunk/picketlink-seam/pom.xml
Removed:
picketlink-seam/trunk/pom.xml
Log:
move pom
Copied: picketlink-seam/trunk/picketlink-seam/pom.xml (from rev 667, picketlink-seam/trunk/pom.xml)
===================================================================
--- picketlink-seam/trunk/picketlink-seam/pom.xml (rev 0)
+++ picketlink-seam/trunk/picketlink-seam/pom.xml 2011-01-27 04:41:58 UTC (rev 668)
@@ -0,0 +1,226 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss</groupId>
+ <artifactId>jboss-parent</artifactId>
+ <version>5</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <version>2.0.0-SNAPSHOT</version>
+ <artifactId>picketlink-seam</artifactId>
+ <packaging>jar</packaging>
+ <name>PicketLink Federation Bindings for Seam</name>
+ <url>http://labs.jboss.org/portal/picketlink/
+ </url>
+ <description>PicketLink Seam bindings contain the default
+ bindings needed for Seam web applications.</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <url>http://repository.jboss.com/licenses/lgpl.txt
+ </url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.4.3</version>
+ <configuration>
+ <printSummary>true</printSummary>
+ <disableXmlReport>false</disableXmlReport>
+ <testFailureIgnore>false</testFailureIgnore>
+ <includes>
+ <include>**/**TestCase.java</include>
+ </includes>
+ <forkMode>pertest</forkMode>
+ <argLine>
+ -Djava.endorsed.dirs=${basedir}/src/test/resources/endorsed
+ </argLine>
+ <useFile>false</useFile>
+ <trimStackTrace>false</trimStackTrace>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>jaxb2-maven-plugin</artifactId>
+ <version>1.3</version>
+ <executions>
+ <execution>
+ <id>jaxb-xrds</id>
+ <configuration>
+ <schemaDirectory>${basedir}/src/main/resources/schema/xrds</schemaDirectory>
+ <packageName>org.picketlink.identity.seam.federation.jaxb.xrds</packageName>
+ <outputDirectory>${basedir}/src/main/generated-source</outputDirectory>
+ <clearOutputDir>true</clearOutputDir>
+ <staleFile>${project.build.directory}/generated-sources/jaxb/.staleFlag_xrds</staleFile>
+ </configuration>
+ <goals>
+ <goal>xjc</goal>
+ </goals>
+ </execution>
+ <execution>
+ <id>jaxb-config</id>
+ <configuration>
+ <schemaDirectory>${basedir}/src/main/resources/schema/config</schemaDirectory>
+ <packageName>org.picketlink.identity.seam.federation.jaxb.config</packageName>
+ <outputDirectory>${basedir}/src/main/generated-source</outputDirectory>
+ <clearOutputDir>false</clearOutputDir>
+ <staleFile>${project.build.directory}/generated-sources/jaxb/.staleFlag_config</staleFile>
+ </configuration>
+ <goals>
+ <goal>xjc</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+ <dependencies>
+ <dependency>
+ <groupId>org.picketlink</groupId>
+ <artifactId>picketlink-fed-model</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.picketlink</groupId>
+ <artifactId>picketlink-fed-api</artifactId>
+ <version>${project.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jboss-security-spi</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.picketlink</groupId>
+ <artifactId>picketlink-web</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ <version>2.5</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.seam</groupId>
+ <artifactId>jboss-seam</artifactId>
+ <version>2.1.2.GA</version>
+ <type>ejb</type>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>sun-jaf</groupId>
+ <artifactId>activation</artifactId>
+ <version>1.1</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>sun-jaf</groupId>
+ <artifactId>activation</artifactId>
+ <version>1.1</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.4</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>javax.faces</groupId>
+ <artifactId>jsf-api</artifactId>
+ <version>1.2</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.json</groupId>
+ <artifactId>json</artifactId>
+ <version>20090211</version>
+ </dependency>
+ <!-- START OF DEPENDENCIES NEEDED FOR OPENID4JAVA -->
+ <dependency>
+ <groupId>org.htmlparser</groupId>
+ <artifactId>htmlparser</artifactId>
+ <version>1.6</version>
+ </dependency>
+ <dependency>
+ <groupId>org.openxri</groupId>
+ <artifactId>openxri-client</artifactId>
+ <version>1.2.0</version>
+ <exclusions>
+ <exclusion>
+ <artifactId>xercesImpl</artifactId>
+ <groupId>xerces</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>xalan</artifactId>
+ <groupId>xalan</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>log4j</artifactId>
+ <groupId>log4j</groupId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.openxri</groupId>
+ <artifactId>openxri-syntax</artifactId>
+ <version>1.2.0</version>
+ <exclusions>
+ <exclusion>
+ <artifactId>log4j</artifactId>
+ <groupId>log4j</groupId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>commons-httpclient</groupId>
+ <artifactId>commons-httpclient</artifactId>
+ <version>3.1</version>
+ </dependency>
+ <dependency>
+ <groupId>net.sourceforge.nekohtml</groupId>
+ <artifactId>nekohtml</artifactId>
+ <version>1.9.13</version>
+ <exclusions>
+ <exclusion>
+ <artifactId>xercesImpl</artifactId>
+ <groupId>xerces</groupId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <!-- END OF DEPENDENCIES NEEDED FOR OPENID4JAVA -->
+ </dependencies>
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-javadoc-plugin</artifactId>
+ <configuration>
+ <doclet>org.jboss.apiviz.APIviz</doclet>
+ <docletArtifact>
+ <groupId>org.jboss.apiviz</groupId>
+ <artifactId>apiviz</artifactId>
+ <version>1.2.5.GA</version>
+ </docletArtifact>
+ <additionalparam> -charset UTF-8 -docencoding UTF-8 -version
+ -author -breakiterator -windowtitle "${project.name}
+ ${project.version} API Reference" -doctitle "${project.name}
+ ${project.version} API Reference" -bottom "Copyright ©
+ ${project.inceptionYear}-Present ${project.organization.name}. All
+ Rights Reserved." -link http://java.sun.com/javase/6/docs/api/
+ -sourceclasspath ${project.build.outputDirectory}
+ </additionalparam>
+ <encoding>UTF-8</encoding>
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
+</project>
Deleted: picketlink-seam/trunk/pom.xml
===================================================================
--- picketlink-seam/trunk/pom.xml 2011-01-27 04:40:58 UTC (rev 667)
+++ picketlink-seam/trunk/pom.xml 2011-01-27 04:41:58 UTC (rev 668)
@@ -1,226 +0,0 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss</groupId>
- <artifactId>jboss-parent</artifactId>
- <version>5</version>
- </parent>
- <modelVersion>4.0.0</modelVersion>
- <version>2.0.0-SNAPSHOT</version>
- <artifactId>picketlink-seam</artifactId>
- <packaging>jar</packaging>
- <name>PicketLink Federation Bindings for Seam</name>
- <url>http://labs.jboss.org/portal/picketlink/
- </url>
- <description>PicketLink Seam bindings contain the default
- bindings needed for Seam web applications.</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <url>http://repository.jboss.com/licenses/lgpl.txt
- </url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
- <build>
- <plugins>
- <plugin>
- <artifactId>maven-surefire-plugin</artifactId>
- <version>2.4.3</version>
- <configuration>
- <printSummary>true</printSummary>
- <disableXmlReport>false</disableXmlReport>
- <testFailureIgnore>false</testFailureIgnore>
- <includes>
- <include>**/**TestCase.java</include>
- </includes>
- <forkMode>pertest</forkMode>
- <argLine>
- -Djava.endorsed.dirs=${basedir}/src/test/resources/endorsed
- </argLine>
- <useFile>false</useFile>
- <trimStackTrace>false</trimStackTrace>
- </configuration>
- </plugin>
- <plugin>
- <groupId>org.codehaus.mojo</groupId>
- <artifactId>jaxb2-maven-plugin</artifactId>
- <version>1.3</version>
- <executions>
- <execution>
- <id>jaxb-xrds</id>
- <configuration>
- <schemaDirectory>${basedir}/src/main/resources/schema/xrds</schemaDirectory>
- <packageName>org.picketlink.identity.seam.federation.jaxb.xrds</packageName>
- <outputDirectory>${basedir}/src/main/generated-source</outputDirectory>
- <clearOutputDir>true</clearOutputDir>
- <staleFile>${project.build.directory}/generated-sources/jaxb/.staleFlag_xrds</staleFile>
- </configuration>
- <goals>
- <goal>xjc</goal>
- </goals>
- </execution>
- <execution>
- <id>jaxb-config</id>
- <configuration>
- <schemaDirectory>${basedir}/src/main/resources/schema/config</schemaDirectory>
- <packageName>org.picketlink.identity.seam.federation.jaxb.config</packageName>
- <outputDirectory>${basedir}/src/main/generated-source</outputDirectory>
- <clearOutputDir>false</clearOutputDir>
- <staleFile>${project.build.directory}/generated-sources/jaxb/.staleFlag_config</staleFile>
- </configuration>
- <goals>
- <goal>xjc</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- </plugins>
- </build>
- <dependencies>
- <dependency>
- <groupId>org.picketlink</groupId>
- <artifactId>picketlink-fed-model</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.picketlink</groupId>
- <artifactId>picketlink-fed-api</artifactId>
- <version>${project.version}</version>
- <exclusions>
- <exclusion>
- <groupId>org.jboss.security</groupId>
- <artifactId>jboss-security-spi</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>org.picketlink</groupId>
- <artifactId>picketlink-web</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>javax.servlet</groupId>
- <artifactId>servlet-api</artifactId>
- <version>2.5</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.seam</groupId>
- <artifactId>jboss-seam</artifactId>
- <version>2.1.2.GA</version>
- <type>ejb</type>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>sun-jaf</groupId>
- <artifactId>activation</artifactId>
- <version>1.1</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>sun-jaf</groupId>
- <artifactId>activation</artifactId>
- <version>1.1</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <version>4.4</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>javax.faces</groupId>
- <artifactId>jsf-api</artifactId>
- <version>1.2</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.json</groupId>
- <artifactId>json</artifactId>
- <version>20090211</version>
- </dependency>
- <!-- START OF DEPENDENCIES NEEDED FOR OPENID4JAVA -->
- <dependency>
- <groupId>org.htmlparser</groupId>
- <artifactId>htmlparser</artifactId>
- <version>1.6</version>
- </dependency>
- <dependency>
- <groupId>org.openxri</groupId>
- <artifactId>openxri-client</artifactId>
- <version>1.2.0</version>
- <exclusions>
- <exclusion>
- <artifactId>xercesImpl</artifactId>
- <groupId>xerces</groupId>
- </exclusion>
- <exclusion>
- <artifactId>xalan</artifactId>
- <groupId>xalan</groupId>
- </exclusion>
- <exclusion>
- <artifactId>log4j</artifactId>
- <groupId>log4j</groupId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>org.openxri</groupId>
- <artifactId>openxri-syntax</artifactId>
- <version>1.2.0</version>
- <exclusions>
- <exclusion>
- <artifactId>log4j</artifactId>
- <groupId>log4j</groupId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>commons-httpclient</groupId>
- <artifactId>commons-httpclient</artifactId>
- <version>3.1</version>
- </dependency>
- <dependency>
- <groupId>net.sourceforge.nekohtml</groupId>
- <artifactId>nekohtml</artifactId>
- <version>1.9.13</version>
- <exclusions>
- <exclusion>
- <artifactId>xercesImpl</artifactId>
- <groupId>xerces</groupId>
- </exclusion>
- </exclusions>
- </dependency>
- <!-- END OF DEPENDENCIES NEEDED FOR OPENID4JAVA -->
- </dependencies>
- <reporting>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-javadoc-plugin</artifactId>
- <configuration>
- <doclet>org.jboss.apiviz.APIviz</doclet>
- <docletArtifact>
- <groupId>org.jboss.apiviz</groupId>
- <artifactId>apiviz</artifactId>
- <version>1.2.5.GA</version>
- </docletArtifact>
- <additionalparam> -charset UTF-8 -docencoding UTF-8 -version
- -author -breakiterator -windowtitle "${project.name}
- ${project.version} API Reference" -doctitle "${project.name}
- ${project.version} API Reference" -bottom "Copyright ©
- ${project.inceptionYear}-Present ${project.organization.name}. All
- Rights Reserved." -link http://java.sun.com/javase/6/docs/api/
- -sourceclasspath ${project.build.outputDirectory}
- </additionalparam>
- <encoding>UTF-8</encoding>
- </configuration>
- </plugin>
- </plugins>
- </reporting>
-</project>
13 years, 11 months
- 1
- 0
Picketlink SVN: r667 - picketlink-seam/trunk.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-01-26 23:40:58 -0500 (Wed, 26 Jan 2011)
New Revision: 667
Added:
picketlink-seam/trunk/picketlink-seam/
Log:
separate module
13 years, 11 months
- 1
- 0
Picketlink SVN: r666 - in federation/trunk: picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util and 1 other directories.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-01-26 22:59:39 -0500 (Wed, 26 Jan 2011)
New Revision: 666
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces/SAML2Handler.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/StatementUtil.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
Log:
PLFED-123: SAML2 auth response should contain the AuthnStatement
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces/SAML2Handler.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces/SAML2Handler.java 2011-01-27 03:59:06 UTC (rev 665)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces/SAML2Handler.java 2011-01-27 03:59:39 UTC (rev 666)
@@ -32,6 +32,10 @@
*/
public interface SAML2Handler
{
+ //Define some constants
+ String DISABLE_AUTHN_STATEMENT = "DISABLE_AUTHN_STATEMENT";
+ String DISABLE_SENDING_ROLES = "DISABLE_SENDING_ROLES";
+
/**
* Processing Point - idp side
* or service side
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/StatementUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/StatementUtil.java 2011-01-27 03:59:06 UTC (rev 665)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/StatementUtil.java 2011-01-27 03:59:39 UTC (rev 666)
@@ -21,11 +21,13 @@
*/
package org.picketlink.identity.federation.core.saml.v2.util;
+import java.net.URI;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Set;
+import javax.xml.datatype.XMLGregorianCalendar;
import javax.xml.namespace.QName;
import org.picketlink.identity.federation.core.constants.AttributeConstants;
@@ -34,6 +36,10 @@
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AuthnContextClassRefType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AuthnContextType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AuthnContextType.AuthnContextTypeSequence;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AuthnStatementType;
/**
* Deals with SAML2 Statements
@@ -42,9 +48,31 @@
*/
public class StatementUtil
{
- public static final QName X500_QNAME = new QName(JBossSAMLURIConstants.X500_NSURI.get(), "Encoding", JBossSAMLURIConstants.X500_PREFIX.get());
-
+ public static final QName X500_QNAME = new QName(JBossSAMLURIConstants.X500_NSURI.get(), "Encoding", JBossSAMLURIConstants.X500_PREFIX.get());
+
/**
+ * Create an AuthnStatementType given the issue instant and the type of authentication
+ * @param instant an instanceof {@link XMLGregorianCalendar}
+ * @param authnContextClassRefValue indicate the type of authentication performed
+ * @return {@link AuthnStatementType}
+ */
+ public static AuthnStatementType createAuthnStatement( XMLGregorianCalendar instant, String authnContextClassRefValue )
+ {
+ AuthnStatementType authnStatement = new AuthnStatementType( instant );
+
+ AuthnContextType authnContext = new AuthnContextType();
+ AuthnContextClassRefType authnContextClassRef = new AuthnContextClassRefType( URI.create( authnContextClassRefValue ));
+
+ AuthnContextTypeSequence sequence = (authnContext).new AuthnContextTypeSequence();
+ sequence.setClassRef( authnContextClassRef );
+ authnContext.setSequence( sequence );
+
+ authnStatement.setAuthnContext( authnContext );
+
+ return authnStatement;
+ }
+
+ /**
* Create an attribute statement with all the attributes
* @param attributes a map with keys from {@link AttributeConstants}
* @return
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2011-01-27 03:59:06 UTC (rev 665)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2011-01-27 03:59:39 UTC (rev 666)
@@ -39,19 +39,21 @@
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.picketlink.identity.federation.core.saml.v2.exceptions.AssertionExpiredException;
-import org.picketlink.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
import org.picketlink.identity.federation.core.saml.v2.holders.IDPInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.holders.SPInfoHolder;
+import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest.GENERATE_REQUEST_TYPE;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
import org.picketlink.identity.federation.core.saml.v2.util.StatementUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AuthnStatementType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.EncryptedAssertionType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.StatementAbstractType;
@@ -69,7 +71,15 @@
import org.w3c.dom.Node;
/**
+ * <p>
* Handles for dealing with SAML2 Authentication
+ * </p>
+ * <p>
+ * Configuration Options:
+ * @see SAML2Handler#DISABLE_AUTHN_STATEMENT Setting a value will disable the generation of an AuthnStatement
+ * @see SAML2Handler#DISABLE_SENDING_ROLES Setting any value will disable the generation and return of roles to SP
+ * </p>
+ *
* @author Anil.Saldhana(a)redhat.com
* @since Oct 8, 2009
*/
@@ -245,11 +255,19 @@
//Add information on the roles
AssertionType assertion = (AssertionType) responseType.getAssertions().get(0).getAssertion();
- AttributeStatementType attrStatement = StatementUtil.createAttributeStatement(roles);
- assertion.addStatement( attrStatement );
+ //Create an AuthnStatementType
+ if( handlerConfig.getParameter( DISABLE_AUTHN_STATEMENT ) == null )
+ {
+ AuthnStatementType authnStatement =
+ StatementUtil.createAuthnStatement( XMLTimeUtil.getIssueInstant(), JBossSAMLURIConstants.AC_PASSWORD_PROTECTED_TRANSPORT.get() );
+ assertion.addStatement( authnStatement );
+ }
- /*//Add timed conditions
- saml2Response.createTimedConditions(assertion, assertionValidity);*/
+ if( handlerConfig.getParameter( DISABLE_SENDING_ROLES ) == null )
+ {
+ AttributeStatementType attrStatement = StatementUtil.createAttributeStatement(roles);
+ assertion.addStatement( attrStatement );
+ }
//Add in the attributes information
if(attribs != null && attribs.size() > 0 )
@@ -286,84 +304,7 @@
log.trace(e);
}
return samlResponseDocument;
- }
-
- @SuppressWarnings("unused")
- @Deprecated
- public Document getResponse( String assertionConsumerURL,
- Principal userPrincipal,
- List<String> roles,
- String identityURL,
- Map<String, Object> attribs,
- long assertionValidity, String requestID)
- throws ConfigurationException, IssueInstantMissingException, ProcessingException
- {
- Document samlResponseDocument = null;
-
- if(trace)
- log.trace("AssertionConsumerURL=" + assertionConsumerURL +
- "::assertion validity=" + assertionValidity);
- ResponseType responseType = null;
-
- SAML2Response saml2Response = new SAML2Response();
-
- //Create a response type
- String id = IDGenerator.create("ID_");
-
- IssuerInfoHolder issuerHolder = new IssuerInfoHolder(identityURL);
- issuerHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get());
-
- IDPInfoHolder idp = new IDPInfoHolder();
- idp.setNameIDFormatValue(userPrincipal.getName());
- idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
-
- SPInfoHolder sp = new SPInfoHolder();
- sp.setResponseDestinationURI(assertionConsumerURL);
- sp.setRequestID(requestID);
- responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
-
- //Add information on the roles
- AssertionType assertion = (AssertionType) responseType.getAssertions().get(0).getAssertion();
-
- AttributeStatementType attrStatement = StatementUtil.createAttributeStatement(roles);
- assertion.addStatement( attrStatement );
-
- /*//Add timed conditions
- saml2Response.createTimedConditions(assertion, assertionValidity);*/
-
- //Add in the attributes information
- if(attribs != null && attribs.size() > 0 )
- {
- AttributeStatementType attStatement = StatementUtil.createAttributeStatement(attribs);
- assertion.addStatement( attStatement );
- }
-
- //Lets see how the response looks like
- if(log.isTraceEnabled())
- {
- StringWriter sw = new StringWriter();
- try
- {
- saml2Response.marshall(responseType, sw);
- }
- catch ( ProcessingException e)
- {
- log.trace(e);
- }
- log.trace("Response="+sw.toString());
- }
- try
- {
- samlResponseDocument = saml2Response.convert(responseType);
- }
- catch (Exception e)
- {
- e.printStackTrace();
- if(trace)
- log.trace(e);
- }
- return samlResponseDocument;
- }
+ }
}
private class SPAuthenticationHandler
13 years, 11 months
- 1
- 0
Picketlink SVN: r665 - federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-01-26 22:59:06 -0500 (Wed, 26 Jan 2011)
New Revision: 665
Modified:
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/AuthnContextType.java
Log:
avoid NPE
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/AuthnContextType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/AuthnContextType.java 2011-01-27 03:14:14 UTC (rev 664)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/AuthnContextType.java 2011-01-27 03:59:06 UTC (rev 665)
@@ -123,7 +123,7 @@
public class AuthnContextTypeSequence
{
private AuthnContextClassRefType classRef;
- private Set<URIType> URITypes;
+ private Set<URIType> URITypes = new HashSet<URIType>();
public AuthnContextClassRefType getClassRef()
{
return classRef;
13 years, 11 months
- 1
- 0
Picketlink SVN: r664 - federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-01-26 22:14:14 -0500 (Wed, 26 Jan 2011)
New Revision: 664
Modified:
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
Log:
PLFED-124: deal with statements via iterator
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2011-01-27 02:58:50 UTC (rev 663)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2011-01-27 03:14:14 UTC (rev 664)
@@ -26,6 +26,7 @@
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
+import java.util.Set;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpSession;
@@ -53,6 +54,7 @@
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.EncryptedAssertionType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.StatementAbstractType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType.STSubType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
@@ -401,6 +403,10 @@
{
responseType = this.decryptAssertion(responseType);
}
+ if( assertion == null )
+ {
+ assertion = assertions.get(0).getAssertion();
+ }
Principal userPrincipal = handleSAMLResponse(responseType, response);
if(userPrincipal == null)
@@ -479,28 +485,14 @@
List<String> roles = new ArrayList<String>();
//Let us get the roles
- AttributeStatementType attributeStatement = (AttributeStatementType) assertion.getStatements().iterator().next();
- List<ASTChoiceType> attList = attributeStatement.getAttributes();
- for(ASTChoiceType obj:attList)
+ Set<StatementAbstractType> statements = assertion.getStatements();
+ for( StatementAbstractType statement : statements )
{
- AttributeType attr = obj.getAttribute();
- List<Object> attributeValues = attr.getAttributeValue();
- if( attributeValues != null)
+ if( statement instanceof AttributeStatementType )
{
- for( Object attrValue : attributeValues )
- {
- if( attrValue instanceof String )
- {
- roles.add( (String) attrValue );
- }
- else if( attrValue instanceof Node )
- {
- Node roleNode = (Node) attrValue;
- roles.add( roleNode.getFirstChild().getNodeValue() );
- }
- else throw new RuntimeException( "Unknown role object type : " + attrValue );
- }
- }
+ AttributeStatementType attributeStatement = (AttributeStatementType) statement;
+ roles.addAll( getRoles( attributeStatement ));
+ }
}
response.setRoles(roles);
@@ -531,5 +523,39 @@
}
return principal;
}
+
+ /**
+ * Get the roles from the attribute statement
+ * @param attributeStatement
+ * @return
+ */
+ private List<String> getRoles( AttributeStatementType attributeStatement )
+ {
+ List<String> roles = new ArrayList<String>();
+
+ List<ASTChoiceType> attList = attributeStatement.getAttributes();
+ for(ASTChoiceType obj:attList)
+ {
+ AttributeType attr = obj.getAttribute();
+ List<Object> attributeValues = attr.getAttributeValue();
+ if( attributeValues != null)
+ {
+ for( Object attrValue : attributeValues )
+ {
+ if( attrValue instanceof String )
+ {
+ roles.add( (String) attrValue );
+ }
+ else if( attrValue instanceof Node )
+ {
+ Node roleNode = (Node) attrValue;
+ roles.add( roleNode.getFirstChild().getNodeValue() );
+ }
+ else throw new RuntimeException( "Unknown role object type : " + attrValue );
+ }
+ }
+ }
+ return roles;
+ }
}
}
\ No newline at end of file
13 years, 11 months
- 1
- 0
Picketlink SVN: r663 - in federation/trunk: picketlink-fed-core and 7 other directories.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-01-26 21:58:50 -0500 (Wed, 26 Jan 2011)
New Revision: 663
Added:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SOAPSAMLXACMLPDP.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SecurityActions.java
Modified:
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/soap/SOAPSAMLXACML.java
federation/trunk/picketlink-fed-core/pom.xml
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java
federation/trunk/picketlink-webapps/assembly/bin.xml
Log:
PLFED-121: SOAPSAMLXACMLPDP is a jaxws ws
Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/soap/SOAPSAMLXACML.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/soap/SOAPSAMLXACML.java 2011-01-27 02:55:46 UTC (rev 662)
+++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/soap/SOAPSAMLXACML.java 2011-01-27 02:58:50 UTC (rev 663)
@@ -34,6 +34,7 @@
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.XMLStreamWriter;
+import org.apache.log4j.Logger;
import org.jboss.security.xacml.core.model.context.DecisionType;
import org.jboss.security.xacml.core.model.context.RequestType;
import org.jboss.security.xacml.core.model.context.ResultType;
@@ -67,6 +68,8 @@
*/
public class SOAPSAMLXACML
{
+ protected Logger log = Logger.getLogger( SOAPSAMLXACML.class );
+
/**
* Given an xacml request
* @param endpoint
@@ -92,10 +95,7 @@
NameIDType nameIDType = new NameIDType();
nameIDType.setValue(issuer);
queryType.setIssuer(nameIDType);
-
-
-
MessageFactory messageFactory = MessageFactory.newInstance();
SOAPMessage soapMessage = messageFactory.createMessage();
@@ -105,8 +105,14 @@
SAMLRequestWriter samlRequestWriter = new SAMLRequestWriter( xmlStreamWriter );
samlRequestWriter.write( queryType );
-
- Document reqDocument = DocumentUtil.getDocument( new ByteArrayInputStream( baos.toByteArray() ));
+
+ if( log.isDebugEnabled() )
+ {
+ log.debug( "Sending::" + new String( baos.toByteArray() ) );
+ }
+
+ Document reqDocument = DocumentUtil.getDocument( new ByteArrayInputStream( baos.toByteArray() ));
+
soapMessage.getSOAPBody().addDocument(reqDocument);
Modified: federation/trunk/picketlink-fed-core/pom.xml
===================================================================
--- federation/trunk/picketlink-fed-core/pom.xml 2011-01-27 02:55:46 UTC (rev 662)
+++ federation/trunk/picketlink-fed-core/pom.xml 2011-01-27 02:58:50 UTC (rev 663)
@@ -75,6 +75,12 @@
<scope>compile</scope>
</dependency>
<dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ <version>2.4</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
<groupId>org.jboss.security</groupId>
<artifactId>jbosssx</artifactId>
<version>2.0.4</version>
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SOAPSAMLXACMLPDP.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SOAPSAMLXACMLPDP.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SOAPSAMLXACMLPDP.java 2011-01-27 02:58:50 UTC (rev 663)
@@ -0,0 +1,128 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.pdp;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.security.PrivilegedActionException;
+
+import javax.annotation.Resource;
+import javax.xml.stream.XMLStreamWriter;
+import javax.xml.transform.Source;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.ws.Provider;
+import javax.xml.ws.WebServiceContext;
+import javax.xml.ws.WebServiceProvider;
+
+import org.apache.log4j.Logger;
+import org.jboss.security.xacml.core.JBossPDP;
+import org.jboss.security.xacml.interfaces.PolicyDecisionPoint;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.SOAPSAMLXACMLUtil;
+import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter;
+import org.picketlink.identity.federation.core.util.StaxUtil;
+import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
+import org.w3c.dom.Document;
+
+/**
+ * SOAP 1.2 based XACML PDP that accepts SAML requests
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 24, 2011
+ */
+@WebServiceProvider(serviceName="SOAPSAMLXACMLPDP",portName="SOAPSAMLXACMLPort",
+ targetNamespace="urn:picketlink:identity-federation:pdp",wsdlLocation="WEB-INF/wsdl/SOAPSAMLXACMLPDP.wsdl")
+public class SOAPSAMLXACMLPDP implements Provider<Source>
+{
+ protected Logger log = Logger.getLogger( SOAPSAMLXACMLPDP.class );
+
+ @Resource
+ WebServiceContext context;
+
+ protected String policyConfigFileName = "policyConfig.xml";
+
+ protected PolicyDecisionPoint pdp;
+
+ protected String issuer = "PicketLinkPDP";
+
+ public SOAPSAMLXACMLPDP()
+ {
+ try
+ {
+ pdp = getPDP();
+ }
+ catch (PrivilegedActionException e)
+ {
+ throw new RuntimeException( e );
+ }
+ }
+
+ public Source invoke(Source request)
+ {
+ try
+ {
+ Document doc = (Document) DocumentUtil.getNodeFromSource( request );
+ if( log.isDebugEnabled() )
+ {
+ log.debug( "Received Message::" + DocumentUtil.asString(doc) );
+ }
+ XACMLAuthzDecisionQueryType xacmlQuery = SOAPSAMLXACMLUtil.getXACMLQueryType(doc);
+ ResponseType samlResponseType = SOAPSAMLXACMLUtil.handleXACMLQuery(pdp, issuer, xacmlQuery);
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ XMLStreamWriter xmlStreamWriter = StaxUtil.getXMLStreamWriter(baos);
+
+ SAMLResponseWriter samlResponseWriter = new SAMLResponseWriter( xmlStreamWriter );
+ samlResponseWriter.write( samlResponseType );
+ Document responseDocument = DocumentUtil.getDocument( new ByteArrayInputStream( baos.toByteArray() ));
+
+ return new DOMSource( responseDocument.getDocumentElement());
+ }
+ catch ( Exception e )
+ {
+ throw new RuntimeException( e) ;
+ }
+ }
+
+ private PolicyDecisionPoint getPDP() throws PrivilegedActionException
+ {
+ SecurityActions.setSystemProperty( "org.jboss.security.xacml.schema.validation", "false" );
+
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ URL url = tcl.getResource( policyConfigFileName );
+ if( url == null)
+ throw new IllegalStateException(policyConfigFileName + " could not be located");
+
+ InputStream is;
+ try
+ {
+ is = url.openStream();
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException( e );
+ }
+ return new JBossPDP(is);
+ }
+}
\ No newline at end of file
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SecurityActions.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SecurityActions.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SecurityActions.java 2011-01-27 02:58:50 UTC (rev 663)
@@ -0,0 +1,57 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.pdp;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Mar 17, 2009
+ */
+class SecurityActions
+{
+ static void setSystemProperty( final String key, final String value)
+ {
+ AccessController.doPrivileged(new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ System.setProperty(key, value);
+ return null;
+ }
+ });
+ }
+
+ static ClassLoader getContextClassLoader()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+
+}
\ No newline at end of file
Property changes on: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SecurityActions.java
___________________________________________________________________
Name: svn:executable
+ *
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java 2011-01-27 02:55:46 UTC (rev 662)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java 2011-01-27 02:58:50 UTC (rev 663)
@@ -102,8 +102,10 @@
TRANSFORM_C14N_EXCL_OMIT_COMMENTS("http://www.w3.org/2001/10/xml-exc-c14n#WithComments"),
+ XSI_PREFIX( "xsi" ),
X500_PREFIX("x500"),
X500_NSURI("urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500"),
+ XACML_NSURI( "urn:oasis:names:tc:xacml:2.0:context:schema:os" ),
XACML_SAML_NSURI( "urn:oasis:names:tc:xacml:2.0:saml:assertion:schema:os" ),
XACML_SAML_PROTO_NSURI( "urn:oasis:xacml:2.0:saml:protocol:schema:os" ),
XML( "http://www.w3.org/XML/1998/namespace" ),
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java 2011-01-27 02:55:46 UTC (rev 662)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java 2011-01-27 02:58:50 UTC (rev 663)
@@ -23,6 +23,7 @@
import java.io.IOException;
import java.io.InputStream;
+import java.util.ArrayList;
import java.util.List;
import java.util.Set;
@@ -34,17 +35,28 @@
import javax.xml.soap.SOAPMessage;
import javax.xml.stream.XMLEventReader;
+import org.jboss.security.xacml.core.JBossRequestContext;
+import org.jboss.security.xacml.core.model.context.RequestType;
+import org.jboss.security.xacml.core.model.context.ResponseType;
+import org.jboss.security.xacml.core.model.context.ResultType;
+import org.jboss.security.xacml.interfaces.PolicyDecisionPoint;
+import org.jboss.security.xacml.interfaces.RequestContext;
+import org.jboss.security.xacml.interfaces.ResponseContext;
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
import org.picketlink.identity.federation.core.exceptions.ParsingException;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.factories.XACMLContextFactory;
import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
import org.picketlink.identity.federation.core.parsers.saml.xacml.SAMLXACMLRequestParser;
import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil;
+import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
+import org.picketlink.identity.federation.core.saml.v2.factories.JBossSAMLAuthnResponseFactory;
+import org.picketlink.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
+import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.StatementAbstractType;
import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType;
-import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType;
-import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
+import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType.RTChoiceType;
import org.w3c.dom.Node;
@@ -88,7 +100,8 @@
{
XMLEventReader xmlEventReader = StaxParserUtil.getXMLEventReader( DocumentUtil.getNodeAsStream( samlResponse ));
SAMLParser samlParser = new SAMLParser();
- ResponseType response = (ResponseType) samlParser.parse( xmlEventReader );
+ org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType response =
+ (org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType) samlParser.parse( xmlEventReader );
List<RTChoiceType> choices = response.getAssertions();
for( RTChoiceType rst: choices )
{
@@ -126,4 +139,51 @@
fault.setFaultString( message );
return msg;
}
+
+ public synchronized static org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType handleXACMLQuery(
+ PolicyDecisionPoint pdp, String issuer, XACMLAuthzDecisionQueryType xacmlRequest ) throws ProcessingException, ConfigurationException
+ {
+ RequestType requestType = xacmlRequest.getRequest();
+
+ RequestContext requestContext = new JBossRequestContext();
+ try
+ {
+ requestContext.setRequest(requestType);
+ }
+ catch (IOException e)
+ {
+ throw new ProcessingException( e );
+ }
+
+ //pdp evaluation is thread safe
+ ResponseContext responseContext = pdp.evaluate(requestContext);
+
+ ResponseType responseType = new ResponseType();
+ ResultType resultType = responseContext.getResult();
+ responseType.getResult().add(resultType);
+
+ XACMLAuthzDecisionStatementType xacmlStatement =
+ XACMLContextFactory.createXACMLAuthzDecisionStatementType(requestType, responseType);
+
+ //Place the xacml statement in an assertion
+ //Then the assertion goes inside a SAML Response
+
+ String ID = IDGenerator.create("ID_");
+ IssuerInfoHolder issuerInfo = new IssuerInfoHolder( issuer );
+
+ List<StatementAbstractType> statements = new ArrayList<StatementAbstractType>();
+ statements.add(xacmlStatement);
+
+ AssertionType assertion = SAMLAssertionFactory.createAssertion(ID,
+ issuerInfo.getIssuer(),
+ XMLTimeUtil.getIssueInstant(),
+ null,
+ null,
+ statements);
+
+ org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType samlResponseType = JBossSAMLAuthnResponseFactory.createResponseType( ID, issuerInfo, assertion );
+
+
+ return samlResponseType;
+ }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java 2011-01-27 02:55:46 UTC (rev 662)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java 2011-01-27 02:58:50 UTC (rev 663)
@@ -176,7 +176,7 @@
{
StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ATTRIBUTE_VALUE.get(), ASSERTION_NSURI.get());
- StaxUtil.writeNameSpace(writer, "xsi", JBossSAMLURIConstants.XSI_NSURI.get());
+ StaxUtil.writeNameSpace(writer, JBossSAMLURIConstants.XSI_PREFIX.get(), JBossSAMLURIConstants.XSI_NSURI.get());
StaxUtil.writeNameSpace(writer, "xs", JBossSAMLURIConstants.XMLSCHEMA_NSURI.get());
StaxUtil.writeAttribute(writer, JBossSAMLURIConstants.XSI_NSURI.get(), "type", "xs:string");
StaxUtil.writeCharacters(writer, attributeValue );
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java 2011-01-27 02:55:46 UTC (rev 662)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java 2011-01-27 02:58:50 UTC (rev 663)
@@ -24,13 +24,23 @@
import static org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants.ASSERTION_NSURI;
import static org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants.PROTOCOL_NSURI;
+import java.io.StringWriter;
import java.net.URI;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Marshaller;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamWriter;
+import org.jboss.security.xacml.core.model.context.ObjectFactory;
+import org.jboss.security.xacml.core.model.context.RequestType;
+import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
+import org.picketlink.identity.federation.core.exceptions.ParsingException;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.util.JAXBUtil;
import org.picketlink.identity.federation.core.util.StaxUtil;
import org.picketlink.identity.federation.core.util.StringUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
@@ -38,6 +48,7 @@
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.LogoutRequestType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.NameIDPolicyType;
+import org.w3c.dom.Document;
/**
* Writes a SAML2 Request Type to Stream
@@ -162,6 +173,73 @@
public void write( XACMLAuthzDecisionQueryType xacmlQuery ) throws ProcessingException
{
- throw new RuntimeException( "NYI" );
+ StaxUtil.writeStartElement( writer, PROTOCOL_PREFIX, JBossSAMLConstants.REQUEST_ABSTRACT.get(), PROTOCOL_NSURI.get() );
+ StaxUtil.writeNameSpace( writer, PROTOCOL_PREFIX, PROTOCOL_NSURI.get() );
+ StaxUtil.writeNameSpace(writer, XACML_SAML_PROTO_PREFIX, JBossSAMLURIConstants.XACML_SAML_PROTO_NSURI.get() );
+ StaxUtil.writeDefaultNameSpace( writer, JBossSAMLURIConstants.XACML_NSURI.get() );
+
+ //Attributes
+ StaxUtil.writeAttribute( writer, JBossSAMLConstants.ID.get(), xacmlQuery.getID() );
+ StaxUtil.writeAttribute( writer, JBossSAMLConstants.VERSION.get(), xacmlQuery.getVersion() );
+ StaxUtil.writeAttribute( writer, JBossSAMLConstants.ISSUE_INSTANT.get(), xacmlQuery.getIssueInstant().toString() );
+
+ StaxUtil.writeAttribute( writer, new QName( JBossSAMLURIConstants.XACML_SAML_PROTO_NSURI.get(),
+ JBossSAMLConstants.INPUT_CONTEXT_ONLY.get() , XACML_SAML_PROTO_PREFIX ), "true" );
+
+ StaxUtil.writeAttribute( writer, new QName( JBossSAMLURIConstants.XACML_SAML_PROTO_NSURI.get(),
+ JBossSAMLConstants.RETURN_CONTEXT.get(), XACML_SAML_PROTO_PREFIX ), "true" );
+
+ StaxUtil.writeNameSpace(writer, JBossSAMLURIConstants.XSI_PREFIX.get(), JBossSAMLURIConstants.XSI_NSURI.get());
+ StaxUtil.writeNameSpace(writer, "xs", JBossSAMLURIConstants.XMLSCHEMA_NSURI.get());
+
+ StaxUtil.writeAttribute(writer, JBossSAMLURIConstants.XSI_NSURI.get(), "type",
+ "xacml-samlp:XACMLAuthzDecisionQueryType" );
+
+ URI destination = xacmlQuery.getDestination();
+ if( destination != null )
+ StaxUtil.writeAttribute( writer, JBossSAMLConstants.DESTINATION.get(), destination.toASCIIString() );
+
+ String consent = xacmlQuery.getConsent();
+ if( StringUtil.isNotNull( consent ))
+ StaxUtil.writeAttribute( writer, JBossSAMLConstants.CONSENT.get(), consent );
+
+
+ NameIDType issuer = xacmlQuery.getIssuer();
+ if( issuer != null )
+ {
+ write( issuer, new QName( ASSERTION_NSURI.get(), JBossSAMLConstants.ISSUER.get()));
+ }
+
+ RequestType xacmlRequest = xacmlQuery.getRequest();
+
+ ObjectFactory of = new ObjectFactory();
+
+ StringWriter sw = new StringWriter();
+ try
+ {
+ Marshaller m = JAXBUtil.getMarshaller( RequestType.class.getPackage().getName() );
+ m.marshal( of.createRequest(xacmlRequest), sw );
+ }
+ catch (JAXBException e)
+ {
+ throw new ProcessingException(e);
+ }
+
+ try
+ {
+ Document xacmlDoc = DocumentUtil.getDocument( sw.toString() );
+ StaxUtil.writeDOMNode(writer, xacmlDoc.getDocumentElement() );
+ }
+ catch (ConfigurationException e)
+ {
+ throw new ProcessingException(e);
+ }
+ catch (ParsingException e)
+ {
+ throw new ProcessingException(e);
+ }
+
+ StaxUtil.writeEndElement( writer);
+ StaxUtil.flush( writer );
}
}
\ No newline at end of file
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java 2011-01-27 02:55:46 UTC (rev 662)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java 2011-01-27 02:58:50 UTC (rev 663)
@@ -27,8 +27,6 @@
import java.io.InputStream;
import java.io.OutputStream;
import java.security.PrivilegedActionException;
-import java.util.ArrayList;
-import java.util.List;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
@@ -44,30 +42,16 @@
import org.apache.log4j.Logger;
import org.jboss.security.xacml.core.JBossPDP;
-import org.jboss.security.xacml.core.JBossRequestContext;
-import org.jboss.security.xacml.core.model.context.RequestType;
-import org.jboss.security.xacml.core.model.context.ResponseType;
-import org.jboss.security.xacml.core.model.context.ResultType;
import org.jboss.security.xacml.interfaces.PolicyDecisionPoint;
-import org.jboss.security.xacml.interfaces.RequestContext;
-import org.jboss.security.xacml.interfaces.ResponseContext;
-import org.picketlink.identity.federation.api.saml.v2.response.SAML2Response;
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
import org.picketlink.identity.federation.core.exceptions.ParsingException;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
-import org.picketlink.identity.federation.core.factories.XACMLContextFactory;
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
-import org.picketlink.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
-import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.saml.v2.util.SOAPSAMLXACMLUtil;
-import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter;
import org.picketlink.identity.federation.core.util.StaxUtil;
-import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
-import org.picketlink.identity.federation.newmodel.saml.v2.assertion.StatementAbstractType;
-import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType;
import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
@@ -243,8 +227,11 @@
if(xacmlRequest == null)
throw new IOException("XACML Request not parsed");
+
+ org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType samlResponseType =
+ SOAPSAMLXACMLUtil.handleXACMLQuery(pdp, issuer, xacmlRequest);
- RequestType requestType = xacmlRequest.getRequest();
+ /*RequestType requestType = xacmlRequest.getRequest();
RequestContext requestContext = new JBossRequestContext();
requestContext.setRequest(requestType);
@@ -277,7 +264,7 @@
statements);
org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType samlResponseType = saml2Response.createResponseType(ID, issuerInfo, assertion);
-
+*/
ByteArrayOutputStream baos = new ByteArrayOutputStream();
XMLStreamWriter xmlStreamWriter = StaxUtil.getXMLStreamWriter(baos);
Modified: federation/trunk/picketlink-webapps/assembly/bin.xml
===================================================================
--- federation/trunk/picketlink-webapps/assembly/bin.xml 2011-01-27 02:55:46 UTC (rev 662)
+++ federation/trunk/picketlink-webapps/assembly/bin.xml 2011-01-27 02:58:50 UTC (rev 663)
@@ -60,6 +60,11 @@
<fileMode>0444</fileMode>
</file>
<file>
+ <source>${basedir}/../pdp/target/pdp.war</source>
+ <outputDirectory>picketlink</outputDirectory>
+ <fileMode>0444</fileMode>
+ </file>
+ <file>
<source>${basedir}/src/main/resources/picketlink-sp-jboss-beans.xml</source>
<outputDirectory>picketlink</outputDirectory>
<fileMode>0444</fileMode>
13 years, 11 months
- 1
- 0