Picketlink SVN: r642 - idm/branches.
by picketlink-commits@lists.jboss.org
Author: bdaw
Date: 2011-01-23 17:20:20 -0500 (Sun, 23 Jan 2011)
New Revision: 642
Added:
idm/branches/1.2.0/
Log:
create new branch
Copied: idm/branches/1.2.0 (from rev 641, idm/branches/1.1.0)
13 years, 11 months
- 1
- 0
Picketlink SVN: r641 - in federation/trunk/picketlink-web/src: test/resources/openid/webapp and 1 other directory.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-01-20 14:38:20 -0500 (Thu, 20 Jan 2011)
New Revision: 641
Modified:
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/OpenIDProviderServlet.java
federation/trunk/picketlink-web/src/test/resources/openid/webapp/securepage.jsp
Log:
openid cleanup
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/OpenIDProviderServlet.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/OpenIDProviderServlet.java 2011-01-20 19:13:23 UTC (rev 640)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/OpenIDProviderServlet.java 2011-01-20 19:38:20 UTC (rev 641)
@@ -130,8 +130,7 @@
responsem = protoCtx.getResponseMessage();
- // --- process an association request ---
- /*responsem = serverManager.processAssociationRequest(requestp);*/
+ // --- process an association request ---
responseText = responsem.getResponseText();
}
else if ("checkid_setup".equals(mode)
@@ -176,6 +175,7 @@
try
{
+ // --- process an authentication request ---
sts.issueToken(protoCtx);
}
catch (ProcessingException e)
@@ -183,12 +183,6 @@
throw new ServletException( e );
}
- /*// --- process an authentication request ---
- responsem = serverManager.processAuthenticationRequest(requestp,
- userSelectedId,
- userSelectedClaimedId,
- authenticatedAndApproved.booleanValue());*/
-
responsem = protoCtx.getResponseMessage();
// caller will need to decide which of the following to use:
@@ -211,6 +205,7 @@
{
try
{
+ // --- processing a verification request ---
sts.validateToken( protoCtx );
}
catch (ProcessingException e)
@@ -219,9 +214,6 @@
}
responsem = protoCtx.getResponseMessage();
-
- // --- processing a verification request ---
- //responsem = serverManager.verify(requestp);
responseText = responsem.getResponseText();
}
else
@@ -230,6 +222,7 @@
protoCtx.setErrorText( "Unknown request" );
try
{
+ // --- error response ---
sts.issueToken(protoCtx);
}
catch (ProcessingException e)
@@ -238,8 +231,6 @@
}
responsem = protoCtx.getResponseMessage();
- // --- error response ---
- //responsem = serverManager.getDirectError("Unknown request");
responseText = responsem.getResponseText();
}
Modified: federation/trunk/picketlink-web/src/test/resources/openid/webapp/securepage.jsp
===================================================================
--- federation/trunk/picketlink-web/src/test/resources/openid/webapp/securepage.jsp 2011-01-20 19:13:23 UTC (rev 640)
+++ federation/trunk/picketlink-web/src/test/resources/openid/webapp/securepage.jsp 2011-01-20 19:38:20 UTC (rev 641)
@@ -1,9 +1,5 @@
<%
- session.setAttribute("authenticatedAndApproved", Boolean.TRUE);
- if( request.getUserPrincipal() != null )
- {
- session.setAttribute( "openid.claimed_id", request.getUserPrincipal().getName());
- }
+ session.setAttribute("authenticatedAndApproved", Boolean.TRUE);
%>
13 years, 11 months
- 1
- 0
Picketlink SVN: r640 - in federation/trunk: picketlink-fed-core and 7 other directories.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-01-20 14:13:23 -0500 (Thu, 20 Jan 2011)
New Revision: 640
Added:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/OpenIDTokenProvider.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/OpenIDVersion2TokenProvider.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDParameterList.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDProtocolContext.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDProviderManager.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDTokenRegistryStore.java
Removed:
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/openid/provider/OpenIDParameterList.java
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/openid/provider/OpenIDProviderManager.java
Modified:
federation/trunk/picketlink-fed-core/pom.xml
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/DefaultTokenRegistry.java
federation/trunk/picketlink-fed-core/src/main/resources/core-sts.xml
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/OpenIDProviderServlet.java
Log:
OpenID provider now works off the common STS
Deleted: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/openid/provider/OpenIDParameterList.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/openid/provider/OpenIDParameterList.java 2011-01-19 20:47:31 UTC (rev 639)
+++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/openid/provider/OpenIDParameterList.java 2011-01-20 19:13:23 UTC (rev 640)
@@ -1,47 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.picketlink.identity.federation.api.openid.provider;
-
-import java.util.Map;
-
-import org.openid4java.message.ParameterList;
-
-/**
- * Parameter List passed in the messages
- * @author Anil.Saldhana(a)redhat.com
- * @since Jul 15, 2009
- */
-public class OpenIDParameterList extends ParameterList
-{
- private static final long serialVersionUID = 1L;
-
- public OpenIDParameterList()
- {
- super();
- }
-
- @SuppressWarnings({ "rawtypes"})
- public OpenIDParameterList(Map parameterMap)
- {
- super(parameterMap);
- }
-}
Deleted: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/openid/provider/OpenIDProviderManager.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/openid/provider/OpenIDProviderManager.java 2011-01-19 20:47:31 UTC (rev 639)
+++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/openid/provider/OpenIDProviderManager.java 2011-01-20 19:13:23 UTC (rev 640)
@@ -1,142 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.picketlink.identity.federation.api.openid.provider;
-
-import org.openid4java.message.AuthSuccess;
-import org.openid4java.message.DirectError;
-import org.openid4java.message.Message;
-import org.openid4java.message.ParameterList;
-import org.openid4java.server.InMemoryServerAssociationStore;
-import org.openid4java.server.ServerManager;
-
-/**
- * Manages a OpenID Provider
- * @author Anil.Saldhana(a)redhat.com
- * @since Jul 15, 2009
- */
-public class OpenIDProviderManager
-{
- private ServerManager serverManager = new ServerManager();
-
- /**
- * Initialize internal data structures
- */
- public void initialize()
- {
- serverManager.setSharedAssociations(new InMemoryServerAssociationStore());
- serverManager.setPrivateAssociations(new InMemoryServerAssociationStore());
- }
-
- /**
- * Get the end point where the provider is active
- * @return string an url
- */
- public String getEndPoint()
- {
- return serverManager.getOPEndpointUrl();
- }
-
- /**
- * Set the end point where the provider is active
- * @param url
- */
- public void setEndPoint(String url)
- {
- serverManager.setOPEndpointUrl(url);
- }
-
- /**
- * Process a request from the RP/Relying Party (or OpenID Consumer)
- * for authenticating an user
- * @param requestParams
- * @param userSelId
- * @param userSelClaimed
- * @param authenticatedAndApproved
- * @return
- */
- public OpenIDMessage processAuthenticationRequest(ParameterList requestParams,
- String userSelId,
- String userSelClaimed,
- boolean authenticatedAndApproved)
- {
- Message authMessage = serverManager.authResponse(requestParams,
- userSelId, userSelClaimed, authenticatedAndApproved);
-
- return new OpenIDMessage(authMessage);
- }
-
- /**
- * Process a request for association from the RP
- * @param requestParams
- * @return
- */
- public OpenIDMessage processAssociationRequest(ParameterList requestParams)
- {
- return new OpenIDMessage(serverManager.associationResponse(requestParams));
- }
-
- /**
- * Process a verification request from RP for an already
- * authenticated user
- * @param requestParams
- * @return
- */
- public OpenIDMessage verify(ParameterList requestParams)
- {
- return new OpenIDMessage(serverManager.verify(requestParams));
- }
-
- /**
- * Create an error message that needs to be passed to the RP
- * @param msg
- * @return
- */
- public OpenIDMessage getDirectError(String msg)
- {
- return new OpenIDMessage(DirectError.createDirectError(msg));
- }
-
- public static class OpenIDMessage
- {
- private Message message;
-
- OpenIDMessage(Message message)
- {
- this.message = message;
- }
-
- public boolean isSuccessful()
- {
- return message instanceof AuthSuccess;
- }
-
- public String getDestinationURL(boolean httpget)
- {
- return ((AuthSuccess) message).getDestinationUrl(httpget);
- }
-
- public String getResponseText()
- {
- return message.keyValueFormEncoding();
- }
- }
-}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/pom.xml
===================================================================
--- federation/trunk/picketlink-fed-core/pom.xml 2011-01-19 20:47:31 UTC (rev 639)
+++ federation/trunk/picketlink-fed-core/pom.xml 2011-01-20 19:13:23 UTC (rev 640)
@@ -129,7 +129,16 @@
<version>2.7.1.patch01-brew</version>
<scope>test</scope>
</dependency>
-
+ <dependency>
+ <groupId>org.openid4java</groupId>
+ <artifactId>openid4java</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>commons-httpclient</groupId>
+ <artifactId>commons-httpclient</artifactId>
+ <version>3.1</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<reporting>
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/OpenIDTokenProvider.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/OpenIDTokenProvider.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/OpenIDTokenProvider.java 2011-01-20 19:13:23 UTC (rev 640)
@@ -0,0 +1,195 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.openid.providers;
+
+import javax.xml.namespace.QName;
+
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.interfaces.ProtocolContext;
+import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDParameterList;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProtocolContext;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProtocolContext.AUTH_HOLDER;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProtocolContext.MODE;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProviderManager;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDTokenRegistryStore;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProviderManager.OpenIDMessage;
+import org.picketlink.identity.federation.core.sts.AbstractSecurityTokenProvider;
+import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
+
+/**
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 20, 2011
+ */
+public class OpenIDTokenProvider extends AbstractSecurityTokenProvider implements SecurityTokenProvider
+{
+ public final static String OPENID_1_0_NS = "urn:openid:1:0";
+ public final static String OPENID_1_1_NS = "urn:openid:1:1";
+ public final static String OPENID_2_0_NS = "urn:openid:2:0";
+
+ protected static OpenIDProviderManager serverManager = null; //Will be initialized the first time of access
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#supports(java.lang.String)
+ */
+ public boolean supports(String namespace)
+ {
+ return OPENID_1_0_NS.equals( namespace );
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#tokenType()
+ */
+ public String tokenType()
+ {
+ return OPENID_1_0_NS;
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#getSupportedQName()
+ */
+ public QName getSupportedQName()
+ {
+ return new QName( OPENID_1_0_NS );
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#family()
+ */
+ public String family()
+ {
+ return SecurityTokenProvider.FAMILY_TYPE.OPENID.name();
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#issueToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext)
+ */
+ public void issueToken(ProtocolContext context) throws ProcessingException
+ {
+ if( context instanceof OpenIDProtocolContext == false )
+ return;
+
+ check();
+
+ OpenIDProtocolContext openIDProtoCtx = (OpenIDProtocolContext) context;
+ if( serverManager.getEndPoint() == null )
+ {
+ serverManager.setEndPoint( openIDProtoCtx.getEndpoint() );
+ }
+
+ OpenIDParameterList requestp = openIDProtoCtx.getRequestParameterList();
+ OpenIDMessage responsem = null;
+
+ if( openIDProtoCtx.getIssueError() )
+ {
+ String errorText = openIDProtoCtx.getErrorText() == null ? "Unknown request" : openIDProtoCtx.getErrorText();
+
+ responsem = serverManager.getDirectError( errorText );
+ }
+ else
+ {
+ MODE mode = openIDProtoCtx.getMode();
+ switch (mode )
+ {
+ case ASSOCIATE :
+ responsem = serverManager.processAssociationRequest( requestp );
+ break;
+
+ case CHECK_AUTHENTICATION:
+ validateToken(openIDProtoCtx);
+ return;
+
+ case CHECK_ID_SETUP:
+ case CHECK_ID_IMMEDIATE:
+ AUTH_HOLDER authHolder = openIDProtoCtx.getAuthenticationHolder();
+ if( authHolder == null )
+ throw new ProcessingException( "Authentication Holder is null" );
+
+ responsem = serverManager.processAuthenticationRequest(requestp,
+ authHolder.getUserSelectedId(),
+ authHolder.getUserSelectedClaimedId(),
+ authHolder.isAuthenticatedAndApproved() );
+ break;
+ default:
+ throw new ProcessingException("Unknown mode");
+ }
+ }
+ openIDProtoCtx.setResponseMessage( responsem );
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#renewToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext)
+ */
+ public void renewToken(ProtocolContext context) throws ProcessingException
+ {
+ if( context instanceof OpenIDProtocolContext == false )
+ return;
+
+ check();
+ }
+
+ /*
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#cancelToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext)
+ */
+ public void cancelToken(ProtocolContext context) throws ProcessingException
+ {
+ if( context instanceof OpenIDProtocolContext == false )
+ return;
+
+ check();
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#validateToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext)
+ */
+ public void validateToken(ProtocolContext context) throws ProcessingException
+ {
+ if( context instanceof OpenIDProtocolContext == false )
+ return;
+
+ check();
+
+ OpenIDProtocolContext openIDProtoCtx = (OpenIDProtocolContext) context;
+ if( serverManager.getEndPoint() == null )
+ {
+ serverManager.setEndPoint( openIDProtoCtx.getEndpoint() );
+ }
+
+ OpenIDParameterList requestp = openIDProtoCtx.getRequestParameterList();
+ OpenIDMessage responsem = serverManager.verify( requestp );
+ openIDProtoCtx.setResponseMessage( responsem );
+ }
+
+ protected void check()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission( PicketLinkCoreSTS.rte );
+
+ if( serverManager == null )
+ {
+
+ serverManager = new OpenIDProviderManager();
+ serverManager.initialize( new OpenIDTokenRegistryStore(), new OpenIDTokenRegistryStore());
+ }
+ }
+}
\ No newline at end of file
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/OpenIDVersion2TokenProvider.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/OpenIDVersion2TokenProvider.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/OpenIDVersion2TokenProvider.java 2011-01-20 19:13:23 UTC (rev 640)
@@ -0,0 +1,50 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.openid.providers;
+
+import javax.xml.namespace.QName;
+
+/**
+ * A {@code SecurityTokenProvider} implementation for Open ID v2
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 20, 2011
+ */
+public class OpenIDVersion2TokenProvider extends OpenIDTokenProvider
+{
+ @Override
+ public boolean supports(String namespace)
+ {
+ return OPENID_2_0_NS.equals( namespace );
+ }
+
+ @Override
+ public String tokenType()
+ {
+ return OPENID_2_0_NS;
+ }
+
+ @Override
+ public QName getSupportedQName()
+ {
+ return new QName( OPENID_2_0_NS );
+ }
+}
\ No newline at end of file
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDParameterList.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDParameterList.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDParameterList.java 2011-01-20 19:13:23 UTC (rev 640)
@@ -0,0 +1,47 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.openid.providers.helpers;
+
+import java.util.Map;
+
+import org.openid4java.message.ParameterList;
+
+/**
+ * Parameter List passed in the messages
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jul 15, 2009
+ */
+public class OpenIDParameterList extends ParameterList
+{
+ private static final long serialVersionUID = 1L;
+
+ public OpenIDParameterList()
+ {
+ super();
+ }
+
+ @SuppressWarnings({ "rawtypes"})
+ public OpenIDParameterList(Map parameterMap)
+ {
+ super(parameterMap);
+ }
+}
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDProtocolContext.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDProtocolContext.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDProtocolContext.java 2011-01-20 19:13:23 UTC (rev 640)
@@ -0,0 +1,273 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.openid.providers.helpers;
+
+import javax.xml.namespace.QName;
+
+import org.picketlink.identity.federation.core.interfaces.ProtocolContext;
+import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
+import org.picketlink.identity.federation.core.openid.providers.OpenIDTokenProvider;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProviderManager.OpenIDMessage;
+
+/**
+ * {@code ProtocolContext} for the OpenID Layer
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 20, 2011
+ */
+public class OpenIDProtocolContext implements ProtocolContext
+{
+ /**
+ * The response message generated by the STS
+ */
+ protected OpenIDMessage responseMessage;
+
+ /**
+ * The list of request parameters for use by the STS
+ */
+ protected OpenIDParameterList requestParameterList;
+
+ /**
+ * The Server Manager needs an endpoint
+ */
+ protected String endpoint;
+
+ /**
+ * Should the STS issue an error?
+ */
+ protected Boolean issueError = Boolean.FALSE;
+
+ /**
+ * What is the text the STS should use for the error?
+ */
+ protected String errorText = null;
+
+ /**
+ * The OpenID mode
+ */
+ protected MODE mode;
+
+ /**
+ * STS uses the AUTH_HOLDER information for processing authentication requests
+ */
+ protected AUTH_HOLDER authenticationHolder;
+
+ /**
+ * An Enum indicating the OpenID mode
+ */
+ public enum MODE { ASSOCIATE, CHECK_ID_SETUP, CHECK_ID_IMMEDIATE, CHECK_AUTHENTICATION };
+
+ /**
+ * Class to hold the information for authentication requests
+ */
+ public static class AUTH_HOLDER
+ {
+ private String userSelectedId, userSelectedClaimedId;
+ private boolean authenticatedAndApproved;
+
+ public AUTH_HOLDER(String userSelectedId, String userSelectedClaimedId, boolean authenticatedAndApproved)
+ {
+ this.userSelectedId = userSelectedId;
+ this.userSelectedClaimedId = userSelectedClaimedId;
+ this.authenticatedAndApproved = authenticatedAndApproved;
+ }
+
+ @Override
+ public String toString()
+ {
+ return "AUTH_HOLDER [userSelectedId=" + userSelectedId + ", userSelectedClaimedId=" + userSelectedClaimedId
+ + ", authenticatedAndApproved=" + authenticatedAndApproved + "]";
+ }
+
+ public String getUserSelectedId()
+ {
+ return userSelectedId;
+ }
+
+ public String getUserSelectedClaimedId()
+ {
+ return userSelectedClaimedId;
+ }
+
+ public boolean isAuthenticatedAndApproved()
+ {
+ return authenticatedAndApproved;
+ }
+ }
+
+ /**
+ * Get the holder of authentication information
+ * @return
+ */
+ public AUTH_HOLDER getAuthenticationHolder()
+ {
+ return authenticationHolder;
+ }
+
+ /**
+ * Set an authentication holder
+ * @param authenticationHolder
+ */
+ public void setAuthenticationHolder(AUTH_HOLDER authenticationHolder)
+ {
+ this.authenticationHolder = authenticationHolder;
+ }
+
+ /**
+ * Get the Open ID mode
+ * @return
+ */
+ public MODE getMode()
+ {
+ return this.mode;
+ }
+
+ /**
+ * Set the OpenID mode
+ * @param theMode
+ */
+ public void setMode( MODE theMode )
+ {
+ this.mode = theMode;
+ }
+
+ /**
+ * Get the error text (Null by default)
+ * @return
+ */
+ public String getErrorText()
+ {
+ return errorText;
+ }
+
+ /**
+ * Set the error text
+ * @param errorText
+ */
+ public void setErrorText(String errorText)
+ {
+ this.errorText = errorText;
+ }
+
+ /**
+ * Should the STS issue an error response token
+ * @return
+ */
+ public Boolean getIssueError()
+ {
+ return issueError;
+ }
+
+ /**
+ * Set the error response token for the STS
+ * @param issueError
+ */
+ public void setIssueError(Boolean issueError)
+ {
+ this.issueError = issueError;
+ }
+
+ /**
+ * Get the endpoint address
+ * @return
+ */
+ public String getEndpoint()
+ {
+ return endpoint;
+ }
+
+ /**
+ * Set the endpoint address
+ * @param endpoint
+ */
+ public void setEndpoint(String endpoint)
+ {
+ this.endpoint = endpoint;
+ }
+
+ /**
+ * Get the request parameter list
+ * @return an instanceof {@code OpenIDParameterList}
+ */
+ public OpenIDParameterList getRequestParameterList()
+ {
+ return requestParameterList;
+ }
+
+ /**
+ * Set the request parameter list
+ * @param requestParameterList an instanceof {@code OpenIDParameterList}
+ */
+ public void setRequestParameterList(OpenIDParameterList requestParameterList)
+ {
+ this.requestParameterList = requestParameterList;
+ }
+
+ /**
+ * Get the {@code OpenIDMessage} response message that the STS has generated
+ * @return
+ */
+ public OpenIDMessage getResponseMessage()
+ {
+ return responseMessage;
+ }
+
+ /**
+ * Set the {@code OpenIDMessage} response message
+ * @param responseMessage
+ */
+ public void setResponseMessage(OpenIDMessage responseMessage)
+ {
+ this.responseMessage = responseMessage;
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.ProtocolContext#serviceName()
+ */
+ public String serviceName()
+ {
+ return null;
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.ProtocolContext#tokenType()
+ */
+ public String tokenType()
+ {
+ return OpenIDTokenProvider.OPENID_1_0_NS;
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.ProtocolContext#getQName()
+ */
+ public QName getQName()
+ {
+ return new QName( OpenIDTokenProvider.OPENID_1_0_NS );
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.ProtocolContext#family()
+ */
+ public String family()
+ {
+ return SecurityTokenProvider.FAMILY_TYPE.OPENID.name();
+ }
+}
\ No newline at end of file
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDProviderManager.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDProviderManager.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDProviderManager.java 2011-01-20 19:13:23 UTC (rev 640)
@@ -0,0 +1,168 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.openid.providers.helpers;
+
+import org.openid4java.message.AuthSuccess;
+import org.openid4java.message.DirectError;
+import org.openid4java.message.Message;
+import org.openid4java.message.ParameterList;
+import org.openid4java.server.InMemoryServerAssociationStore;
+import org.openid4java.server.ServerAssociationStore;
+import org.openid4java.server.ServerManager;
+
+/**
+ * Manages a OpenID Provider
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jul 15, 2009
+ */
+public class OpenIDProviderManager
+{
+ /**
+ * Internal server manager for processing
+ */
+ private ServerManager serverManager = new ServerManager();
+
+ /**
+ * Initialize internal data structures
+ */
+ public void initialize()
+ {
+ serverManager.setSharedAssociations(new InMemoryServerAssociationStore());
+ serverManager.setPrivateAssociations(new InMemoryServerAssociationStore());
+ }
+
+ /**
+ * Initialize the Shared Association and Private Association stores
+ * @param sharedAssociationStore a set of 2 association stores {@code ServerAssociationStore}
+ * @throws {@code IllegalArgumentException} if the number of stores is not 2
+ */
+ public void initialize( ServerAssociationStore... sharedAssociationStore )
+ {
+ if( sharedAssociationStore == null || sharedAssociationStore.length == 0 )
+ {
+ initialize();
+ return;
+ }
+
+ if( sharedAssociationStore.length != 2 )
+ throw new IllegalArgumentException( "Number of association stores not equal to 2" );
+ serverManager.setSharedAssociations( sharedAssociationStore[0] );
+ serverManager.setPrivateAssociations( sharedAssociationStore[1] );
+ }
+
+ /**
+ * Get the end point where the provider is active
+ * @return string an url
+ */
+ public String getEndPoint()
+ {
+ return serverManager.getOPEndpointUrl();
+ }
+
+ /**
+ * Set the end point where the provider is active
+ * @param url
+ */
+ public void setEndPoint(String url)
+ {
+ serverManager.setOPEndpointUrl(url);
+ }
+
+ /**
+ * Process a request from the RP/Relying Party (or OpenID Consumer)
+ * for authenticating an user
+ * @param requestParams
+ * @param userSelId
+ * @param userSelClaimed
+ * @param authenticatedAndApproved
+ * @return
+ */
+ public OpenIDMessage processAuthenticationRequest(ParameterList requestParams,
+ String userSelId,
+ String userSelClaimed,
+ boolean authenticatedAndApproved)
+ {
+ Message authMessage = serverManager.authResponse(requestParams,
+ userSelId, userSelClaimed, authenticatedAndApproved);
+
+ return new OpenIDMessage(authMessage);
+ }
+
+ /**
+ * Process a request for association from the RP
+ * @param requestParams
+ * @return
+ */
+ public OpenIDMessage processAssociationRequest(ParameterList requestParams)
+ {
+ return new OpenIDMessage(serverManager.associationResponse(requestParams));
+ }
+
+ /**
+ * Process a verification request from RP for an already
+ * authenticated user
+ * @param requestParams
+ * @return
+ */
+ public OpenIDMessage verify(ParameterList requestParams)
+ {
+ return new OpenIDMessage(serverManager.verify(requestParams));
+ }
+
+ /**
+ * Create an error message that needs to be passed to the RP
+ * @param msg
+ * @return
+ */
+ public OpenIDMessage getDirectError(String msg)
+ {
+ return new OpenIDMessage(DirectError.createDirectError(msg));
+ }
+
+ /**
+ * Class to hold the open id message
+ */
+ public static class OpenIDMessage
+ {
+ private Message message;
+
+ OpenIDMessage(Message message)
+ {
+ this.message = message;
+ }
+
+ public boolean isSuccessful()
+ {
+ return message instanceof AuthSuccess;
+ }
+
+ public String getDestinationURL(boolean httpget)
+ {
+ return ((AuthSuccess) message).getDestinationUrl(httpget);
+ }
+
+ public String getResponseText()
+ {
+ return message.keyValueFormEncoding();
+ }
+ }
+}
\ No newline at end of file
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDTokenRegistryStore.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDTokenRegistryStore.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDTokenRegistryStore.java 2011-01-20 19:13:23 UTC (rev 640)
@@ -0,0 +1,81 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.openid.providers.helpers;
+
+import java.io.IOException;
+
+import org.openid4java.association.Association;
+import org.openid4java.association.AssociationException;
+import org.openid4java.server.InMemoryServerAssociationStore;
+import org.openid4java.server.ServerAssociationStore;
+import org.picketlink.identity.federation.core.sts.registry.DefaultTokenRegistry;
+import org.picketlink.identity.federation.core.sts.registry.SecurityTokenRegistry;
+
+/**
+ * A {@code SecurityTokenRegistry} for OpenID that uses in memory registry
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 20, 2011
+ */
+public class OpenIDTokenRegistryStore extends DefaultTokenRegistry implements ServerAssociationStore, SecurityTokenRegistry
+{
+ protected InMemoryServerAssociationStore store = new InMemoryServerAssociationStore();
+
+ /**
+ * @see org.openid4java.server.ServerAssociationStore#generate(java.lang.String, int)
+ */
+ public Association generate(String type, int expiryIn) throws AssociationException
+ {
+ Association association = store.generate(type, expiryIn);
+ try
+ {
+ addToken( association.getHandle(), association );
+ }
+ catch (IOException e)
+ {
+ throw new AssociationException( e );
+ }
+ return association;
+ }
+
+ /**
+ * @see org.openid4java.server.ServerAssociationStore#load(java.lang.String)
+ */
+ public Association load(String handle)
+ {
+ return (Association) getToken( handle );
+ }
+
+ /**
+ * @see org.openid4java.server.ServerAssociationStore#remove(java.lang.String)
+ */
+ public void remove(String handle)
+ {
+ try
+ {
+ removeToken( handle );
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException( e );
+ }
+ }
+}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/DefaultTokenRegistry.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/DefaultTokenRegistry.java 2011-01-19 20:47:31 UTC (rev 639)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/DefaultTokenRegistry.java 2011-01-20 19:13:23 UTC (rev 640)
@@ -39,7 +39,7 @@
/**
* @see org.picketlink.identity.federation.core.sts.registry.SecurityTokenRegistry#addToken(java.lang.String, java.lang.Object)
*/
- public void addToken(String tokenID, Object token)
+ public void addToken(String tokenID, Object token) throws IOException
{
SecurityManager sm = System.getSecurityManager();
if( sm != null )
Modified: federation/trunk/picketlink-fed-core/src/main/resources/core-sts.xml
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/resources/core-sts.xml 2011-01-19 20:47:31 UTC (rev 639)
+++ federation/trunk/picketlink-fed-core/src/main/resources/core-sts.xml 2011-01-20 19:13:23 UTC (rev 640)
@@ -5,5 +5,8 @@
TokenType="urn:oasis:names:tc:SAML:2.0:assertion"
TokenElement="Assertion"
TokenElementNS="urn:oasis:names:tc:SAML:2.0:assertion"/>
+ <TokenProvider ProviderClass="org.picketlink.identity.federation.core.openid.providers.OpenIDTokenProvider"
+ TokenType="urn:openid:1:0"
+ TokenElementNS="urn:openid:1:0"/>
</TokenProviders>
</PicketLinkSTS>
\ No newline at end of file
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/OpenIDProviderServlet.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/OpenIDProviderServlet.java 2011-01-19 20:47:31 UTC (rev 639)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/OpenIDProviderServlet.java 2011-01-20 19:13:23 UTC (rev 640)
@@ -32,9 +32,13 @@
import javax.servlet.http.HttpSession;
import org.openid4java.message.Parameter;
-import org.picketlink.identity.federation.api.openid.provider.OpenIDParameterList;
-import org.picketlink.identity.federation.api.openid.provider.OpenIDProviderManager;
-import org.picketlink.identity.federation.api.openid.provider.OpenIDProviderManager.OpenIDMessage;
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDParameterList;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProtocolContext;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProtocolContext.AUTH_HOLDER;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProtocolContext.MODE;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProviderManager.OpenIDMessage;
+import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
/**
* Servlet that provides the Provider functionality
@@ -47,10 +51,9 @@
private static final long serialVersionUID = 1L;
private transient ServletContext servletContext = null;
private String securePageName = "securepage.jsp";
+
+ private transient PicketLinkCoreSTS sts = PicketLinkCoreSTS.instance();
- private transient OpenIDProviderManager serverManager = new OpenIDProviderManager();
- //private ServerManager serverManager = new ServerManager();
-
@Override
public void init(ServletConfig config) throws ServletException
{
@@ -60,7 +63,7 @@
if(secpageStr != null && secpageStr.length() > 0)
securePageName = secpageStr;
- serverManager.initialize();
+ sts.installDefaultConfiguration( ( String[] )null );
}
@Override
@@ -72,17 +75,16 @@
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
{
- HttpSession session = request.getSession();
+ HttpSession session = request.getSession();
+
+ OpenIDProtocolContext protoCtx = new OpenIDProtocolContext();
+
+ protoCtx.setEndpoint(request.getScheme() + "://" +
+ request.getServerName() + ":" +
+ request.getServerPort() +
+ request.getContextPath() +
+ "/provider/");
- if(serverManager.getEndPoint() == null)
- {
- serverManager.setEndPoint(request.getScheme() + "://" +
- request.getServerName() + ":" +
- request.getServerPort() +
- request.getContextPath() +
- "/provider/");
- }
-
OpenIDParameterList requestp;
if ("complete".equals(request.getParameter("_action"))) // Completing the authz and authn process by redirecting here
@@ -103,6 +105,9 @@
}
}
+ protoCtx.setRequestParameterList( requestp );
+
+
String mode = requestp.hasParameter("openid.mode") ?
requestp.getParameterValue("openid.mode") : null;
@@ -113,8 +118,20 @@
if ("associate".equals(mode))
{
+ protoCtx.setMode( MODE.ASSOCIATE );
+ try
+ {
+ sts.issueToken( protoCtx );
+ }
+ catch (ProcessingException e)
+ {
+ throw new ServletException( e );
+ }
+
+ responsem = protoCtx.getResponseMessage();
+
// --- process an association request ---
- responsem = serverManager.processAssociationRequest(requestp);
+ /*responsem = serverManager.processAssociationRequest(requestp);*/
responseText = responsem.getResponseText();
}
else if ("checkid_setup".equals(mode)
@@ -146,15 +163,33 @@
//Fallback
if( authenticatedAndApproved == Boolean.TRUE && userSelectedId == null )
+ {
+ userSelectedId = userSelectedClaimedId;
+ }
+ if( "checkid_setup".equals(mode) )
+ protoCtx.setMode( MODE.CHECK_ID_SETUP );
+ else
+ protoCtx.setMode( MODE.CHECK_ID_IMMEDIATE );
+
+ protoCtx.setAuthenticationHolder( new AUTH_HOLDER(userSelectedId,
+ userSelectedClaimedId, authenticatedAndApproved));
+
+ try
{
- if( request.getUserPrincipal() != null )
- userSelectedId = request.getUserPrincipal().getName();
+ sts.issueToken(protoCtx);
}
- // --- process an authentication request ---
+ catch (ProcessingException e)
+ {
+ throw new ServletException( e );
+ }
+
+ /*// --- process an authentication request ---
responsem = serverManager.processAuthenticationRequest(requestp,
userSelectedId,
userSelectedClaimedId,
- authenticatedAndApproved.booleanValue());
+ authenticatedAndApproved.booleanValue());*/
+
+ responsem = protoCtx.getResponseMessage();
// caller will need to decide which of the following to use:
// - GET HTTP-redirect to the return_to URL
@@ -174,18 +209,41 @@
}
else if ("check_authentication".equals(mode))
{
+ try
+ {
+ sts.validateToken( protoCtx );
+ }
+ catch (ProcessingException e)
+ {
+ throw new ServletException( e );
+ }
+ responsem = protoCtx.getResponseMessage();
+
+
// --- processing a verification request ---
- responsem = serverManager.verify(requestp);
+ //responsem = serverManager.verify(requestp);
responseText = responsem.getResponseText();
}
else
{
+ protoCtx.setIssueError( Boolean.TRUE );
+ protoCtx.setErrorText( "Unknown request" );
+ try
+ {
+ sts.issueToken(protoCtx);
+ }
+ catch (ProcessingException e)
+ {
+ throw new ServletException( e );
+ }
+ responsem = protoCtx.getResponseMessage();
+
// --- error response ---
- responsem = serverManager.getDirectError("Unknown request");
+ //responsem = serverManager.getDirectError("Unknown request");
responseText = responsem.getResponseText();
}
log( "response="+responseText );
response.getWriter().write(responseText);
- }
+ }
}
\ No newline at end of file
13 years, 11 months
- 1
- 0
Picketlink SVN: r639 - in federation/trunk/picketlink-web: src/main/java/org/picketlink/identity/federation/web/servlets and 8 other directories.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-01-19 15:47:31 -0500 (Wed, 19 Jan 2011)
New Revision: 639
Added:
federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/openid/
federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/openid/OpenIDWorkflowTestConsumerServlet.java
federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/openid/OpenIDWorkflowUnitTestCase.java
federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/openid/PrincipalInducingTestServletFilter.java
federation/trunk/picketlink-web/src/test/resources/endorsed/
federation/trunk/picketlink-web/src/test/resources/endorsed/resolver.jar
federation/trunk/picketlink-web/src/test/resources/endorsed/serializer.jar
federation/trunk/picketlink-web/src/test/resources/endorsed/xalan.jar
federation/trunk/picketlink-web/src/test/resources/endorsed/xercesImpl.jar
federation/trunk/picketlink-web/src/test/resources/endorsed/xml-apis.jar
federation/trunk/picketlink-web/src/test/resources/openid/webapp/
federation/trunk/picketlink-web/src/test/resources/openid/webapp/index.jsp
federation/trunk/picketlink-web/src/test/resources/openid/webapp/securepage.jsp
Modified:
federation/trunk/picketlink-web/pom.xml
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/OpenIDProviderServlet.java
federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/integration/LocalProviderOpenIDUnitTestCase.java
federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/openid/InMemoryProtocolAdapter.java
Log:
openid test case related changes
Modified: federation/trunk/picketlink-web/pom.xml
===================================================================
--- federation/trunk/picketlink-web/pom.xml 2011-01-19 20:46:11 UTC (rev 638)
+++ federation/trunk/picketlink-web/pom.xml 2011-01-19 20:47:31 UTC (rev 639)
@@ -84,8 +84,11 @@
<plugins>
<plugin>
<artifactId>maven-surefire-plugin</artifactId>
- <version>2.4.3</version>
+ <version>2.7.1</version>
<configuration>
+ <additionalClasspathElements>
+ <additionalClasspathElement>${basedir}/src/test/resources/endorsed/xercesImpl.jar</additionalClasspathElement>
+ </additionalClasspathElements>
<printSummary>true</printSummary>
<disableXmlReport>false</disableXmlReport>
<testFailureIgnore>false</testFailureIgnore>
@@ -154,6 +157,31 @@
<scope>test</scope>
</dependency>
<dependency>
+ <groupId>org.apache.tomcat</groupId>
+ <artifactId>jasper</artifactId>
+ <version>6.0.29</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>httpunit</groupId>
+ <artifactId>httpunit</artifactId>
+ <version>1.5.4</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>nekohtml</groupId>
+ <artifactId>nekohtml</artifactId>
+ <version>1.9.12</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>commons-httpclient</groupId>
+ <artifactId>commons-httpclient</artifactId>
+ <version>3.1</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/OpenIDProviderServlet.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/OpenIDProviderServlet.java 2011-01-19 20:46:11 UTC (rev 638)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/OpenIDProviderServlet.java 2011-01-19 20:47:31 UTC (rev 639)
@@ -31,6 +31,7 @@
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import org.openid4java.message.Parameter;
import org.picketlink.identity.federation.api.openid.provider.OpenIDParameterList;
import org.picketlink.identity.federation.api.openid.provider.OpenIDProviderManager;
import org.picketlink.identity.federation.api.openid.provider.OpenIDProviderManager.OpenIDMessage;
@@ -46,10 +47,10 @@
private static final long serialVersionUID = 1L;
private transient ServletContext servletContext = null;
private String securePageName = "securepage.jsp";
-
+
private transient OpenIDProviderManager serverManager = new OpenIDProviderManager();
//private ServerManager serverManager = new ServerManager();
-
+
@Override
public void init(ServletConfig config) throws ServletException
{
@@ -58,10 +59,10 @@
String secpageStr = this.servletContext.getInitParameter("securePage");
if(secpageStr != null && secpageStr.length() > 0)
securePageName = secpageStr;
-
+
serverManager.initialize();
}
-
+
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
{
@@ -72,99 +73,119 @@
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
{
HttpSession session = request.getSession();
-
+
if(serverManager.getEndPoint() == null)
+ {
serverManager.setEndPoint(request.getScheme() + "://" +
- request.getServerName() + ":" +
- request.getServerPort() +
- request.getContextPath() +
- "/provider/");
-
+ request.getServerName() + ":" +
+ request.getServerPort() +
+ request.getContextPath() +
+ "/provider/");
+ }
+
OpenIDParameterList requestp;
if ("complete".equals(request.getParameter("_action"))) // Completing the authz and authn process by redirecting here
{
- requestp=(OpenIDParameterList) session.getAttribute("parameterlist"); // On a redirect from the OP authn & authz sequence
+ requestp=(OpenIDParameterList) session.getAttribute("parameterlist"); // On a redirect from the OP authn & authz sequence
}
else
{
- requestp = new OpenIDParameterList(request.getParameterMap());
- session.setAttribute("openid.identity", requestp.getParameter("openid.identity").getValue());
+ requestp = new OpenIDParameterList(request.getParameterMap());
+ Parameter openidIdentity = requestp.getParameter("openid.identity");
+ if( openidIdentity != null )
+ {
+ session.setAttribute("openid.identity", openidIdentity.getValue());
+ }
+ else
+ {
+ log( "The Parameter openid.identity is null " );
+ }
}
String mode = requestp.hasParameter("openid.mode") ?
- requestp.getParameterValue("openid.mode") : null;
+ requestp.getParameterValue("openid.mode") : null;
- OpenIDMessage responsem;
- String responseText;
-
- log("[OpenIDProviderServlet]:mode=" + mode + "::ParameterMap:" + requestp);
+ OpenIDMessage responsem = null;
+ String responseText = null;
- if ("associate".equals(mode))
- {
- // --- process an association request ---
- responsem = serverManager.processAssociationRequest(requestp);
- responseText = responsem.getResponseText();
- }
- else if ("checkid_setup".equals(mode)
- || "checkid_immediate".equals(mode))
- {
- // interact with the user and obtain data needed to continue
- //List userData = userInteraction(requestp);
- String userSelectedId = null;
- String userSelectedClaimedId = null;
- Boolean authenticatedAndApproved = Boolean.FALSE;
+ log("mode=" + mode + "::ParameterMap:" + requestp);
- if ((session.getAttribute("authenticatedAndApproved") == null) ||
- (((Boolean)session.getAttribute("authenticatedAndApproved")) == Boolean.FALSE) )
- {
- session.setAttribute("parameterlist", requestp);
- response.sendRedirect( request.getContextPath() + "/" + this.securePageName);
- }
- else
- {
- userSelectedId = (String) session.getAttribute("openid.claimed_id");
- userSelectedClaimedId = (String) session.getAttribute("openid.identity");
- authenticatedAndApproved = (Boolean) session.getAttribute("authenticatedAndApproved");
- // Remove the parameterlist so this provider can accept requests from elsewhere
- session.removeAttribute("parameterlist");
- session.setAttribute("authenticatedAndApproved", Boolean.FALSE); // Makes you authorize each and every time
- }
+ if ("associate".equals(mode))
+ {
+ // --- process an association request ---
+ responsem = serverManager.processAssociationRequest(requestp);
+ responseText = responsem.getResponseText();
+ }
+ else if ("checkid_setup".equals(mode)
+ || "checkid_immediate".equals(mode))
+ {
+ // interact with the user and obtain data needed to continue
+ //List userData = userInteraction(requestp);
+ String userSelectedId = null;
+ String userSelectedClaimedId = null;
+ Boolean authenticatedAndApproved = Boolean.FALSE;
- // --- process an authentication request ---
- responsem = serverManager.processAuthenticationRequest(requestp,
- userSelectedId,
- userSelectedClaimedId,
- authenticatedAndApproved.booleanValue());
+ if ((session.getAttribute("authenticatedAndApproved") == null) ||
+ (((Boolean)session.getAttribute("authenticatedAndApproved")) == Boolean.FALSE) )
+ {
+ session.setAttribute("parameterlist", requestp);
+ response.setContentType("text/html" );
+ response.sendRedirect( request.getContextPath() + "/" + this.securePageName);
+ return;
+ }
+ else
+ {
+ userSelectedId = (String) session.getAttribute("openid.claimed_id");
+ userSelectedClaimedId = (String) session.getAttribute("openid.identity");
+ authenticatedAndApproved = (Boolean) session.getAttribute("authenticatedAndApproved");
+ // Remove the parameterlist so this provider can accept requests from elsewhere
+ session.removeAttribute("parameterlist");
+ session.setAttribute("authenticatedAndApproved", Boolean.FALSE); // Makes you authorize each and every time
- // caller will need to decide which of the following to use:
- // - GET HTTP-redirect to the return_to URL
- // - HTML FORM Redirection
- //responseText = response.wwwFormEncoding();
- if (responsem.isSuccessful())
- {
- response.sendRedirect( responsem.getDestinationURL(true));
- return;
- }
- else
- {
- responseText="<pre>"+ responsem.getResponseText() +"</pre>";
- }
- }
- else if ("check_authentication".equals(mode))
- {
- // --- processing a verification request ---
- responsem = serverManager.verify(requestp);
- responseText = responsem.getResponseText();
- }
- else
- {
- // --- error response ---
- responsem = serverManager.getDirectError("Unknown request");
- responseText = responsem.getResponseText();
- }
-
- log("[OpenIDProviderServlet]:response="+responseText);
- response.getWriter().write(responseText);
+
+ //Fallback
+ if( authenticatedAndApproved == Boolean.TRUE && userSelectedId == null )
+ {
+ if( request.getUserPrincipal() != null )
+ userSelectedId = request.getUserPrincipal().getName();
+ }
+ // --- process an authentication request ---
+ responsem = serverManager.processAuthenticationRequest(requestp,
+ userSelectedId,
+ userSelectedClaimedId,
+ authenticatedAndApproved.booleanValue());
+
+ // caller will need to decide which of the following to use:
+ // - GET HTTP-redirect to the return_to URL
+ // - HTML FORM Redirection
+ //responseText = response.wwwFormEncoding();
+ if (responsem.isSuccessful())
+ {
+ response.sendRedirect( responsem.getDestinationURL(true));
+ return;
+ }
+ else
+ {
+ responseText="<pre>"+ responsem.getResponseText() +"</pre>";
+ }
+
+ }
+ }
+ else if ("check_authentication".equals(mode))
+ {
+ // --- processing a verification request ---
+ responsem = serverManager.verify(requestp);
+ responseText = responsem.getResponseText();
+ }
+ else
+ {
+ // --- error response ---
+ responsem = serverManager.getDirectError("Unknown request");
+ responseText = responsem.getResponseText();
+ }
+
+ log( "response="+responseText );
+ response.getWriter().write(responseText);
}
}
\ No newline at end of file
Modified: federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/integration/LocalProviderOpenIDUnitTestCase.java
===================================================================
--- federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/integration/LocalProviderOpenIDUnitTestCase.java 2011-01-19 20:46:11 UTC (rev 638)
+++ federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/integration/LocalProviderOpenIDUnitTestCase.java 2011-01-19 20:47:31 UTC (rev 639)
@@ -75,7 +75,8 @@
assertNotNull("List of providers is not null", providers);
OpenIDProviderInformation providerInfo = idm.associate(ad,providers);
- idm.authenticate(ad, providerInfo);
+ boolean auth = idm.authenticate(ad, providerInfo);
+ assertTrue( "OpenID Auth was successful", auth );
}
//A provider servlet that always returns true
@@ -176,7 +177,8 @@
{
resp.setStatus(HttpServletResponse.SC_OK);
return;
- }
+ }
+
//Asking for Yadis discovery
byte[] barr = new byte[1024];
for (int i = 0; i < barr.length; i++)
Modified: federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/openid/InMemoryProtocolAdapter.java
===================================================================
--- federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/openid/InMemoryProtocolAdapter.java 2011-01-19 20:46:11 UTC (rev 638)
+++ federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/openid/InMemoryProtocolAdapter.java 2011-01-19 20:47:31 UTC (rev 639)
@@ -21,10 +21,7 @@
*/
package org.picketlink.test.identity.federation.web.openid;
-import java.io.IOException;
-import java.net.MalformedURLException;
import java.net.URL;
-import java.net.URLConnection;
import java.util.Map;
import org.picketlink.identity.federation.api.openid.OpenIDAttributeMap;
@@ -34,6 +31,12 @@
import org.picketlink.identity.federation.api.openid.exceptions.OpenIDLifeCycleException;
import org.picketlink.identity.federation.api.openid.exceptions.OpenIDProtocolException;
+import com.meterware.httpunit.GetMethodWebRequest;
+import com.meterware.httpunit.WebConversation;
+import com.meterware.httpunit.WebForm;
+import com.meterware.httpunit.WebRequest;
+import com.meterware.httpunit.WebResponse;
+
/**
* Adapter that is in memory or the same VM
* @author Anil.Saldhana(a)redhat.com
@@ -61,7 +64,7 @@
public String getReturnURL()
{
- return "http://localhost:11080";
+ return "http://localhost:11080/consumer";
}
public void sendToProvider(int version, String destinationURL, Map<String, String> paramMap)
@@ -72,38 +75,26 @@
System.out.println("paramMap="+ paramMap);
if(version == 1)
- {
- URL url;
+ {
+ WebConversation wc = new WebConversation();
+ wc.setAuthorization( "anil", "anil" );
+ WebRequest req = new GetMethodWebRequest( destinationURL );
try
{
- url = new URL(destinationURL);
- URLConnection urlConn = url.openConnection();
- for (int i=0; ; i++)
+ WebResponse resp = wc.getResponse( req );
+ URL responseURL = resp.getURL();
+ if( responseURL.toString().contains( "securepage.jsp" ))
{
- String headerName = urlConn.getHeaderFieldKey(i);
- String headerValue = urlConn.getHeaderField(i);
-
- if (headerName == null && headerValue == null)
- {
- // No more headers
- break;
- }
- if (headerName == null)
- {
- // The header value contains the server's HTTP version
- }
- }
-
+ resp = wc.getResponse( responseURL.toString() );
+ WebForm form = resp.getForms()[0];
+ resp = form.submit();
+ }
}
- catch (MalformedURLException e)
- {
- throw new OpenIDProtocolException(e);
- }
- catch (IOException e)
- {
- throw new OpenIDProtocolException(e);
- }
-
+ catch ( Exception e)
+ {
+ e.printStackTrace();
+ throw new OpenIDProtocolException();
+ }
}
else
{
Added: federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/openid/OpenIDWorkflowTestConsumerServlet.java
===================================================================
--- federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/openid/OpenIDWorkflowTestConsumerServlet.java (rev 0)
+++ federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/openid/OpenIDWorkflowTestConsumerServlet.java 2011-01-19 20:47:31 UTC (rev 639)
@@ -0,0 +1,77 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.web.workflow.openid;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.picketlink.identity.federation.api.openid.OpenIDManager;
+import org.picketlink.identity.federation.web.openid.HTTPOpenIDContext;
+import org.picketlink.identity.federation.web.openid.HTTPProtocolAdaptor;
+
+/**
+ * Test Consumer Servlet
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 19, 2011
+ */
+public class OpenIDWorkflowTestConsumerServlet extends HttpServlet
+{
+ private static final long serialVersionUID = 1L;
+
+ private OpenIDManager manager = null;
+
+ public OpenIDWorkflowTestConsumerServlet( OpenIDManager mgr )
+ {
+ this.manager = mgr;
+ }
+
+ @SuppressWarnings("unchecked")
+ @Override
+ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
+ {
+ log( "Provider response:" + request.getQueryString() );
+ log( "UserID Chosen=" + request.getParameter( "openid.identity" ));
+
+ // extract the receiving URL from the HTTP request
+ StringBuffer receivingURL = request.getRequestURL();
+ String queryString = request.getQueryString();
+ if (queryString != null && queryString.length() > 0)
+ receivingURL.append("?").append(request.getQueryString());
+
+ HTTPProtocolAdaptor adapter = new HTTPProtocolAdaptor(new HTTPOpenIDContext( request,response, getServletContext() ));
+ try
+ {
+ boolean auth = manager.verify(adapter, request.getParameterMap(), receivingURL.toString() );
+ if( !auth )
+ throw new ServletException( "OpenID information from provider not successfully verified" );
+ }
+ catch ( Exception e)
+ {
+ e.printStackTrace();
+ throw new IOException();
+ }
+ }
+}
\ No newline at end of file
Added: federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/openid/OpenIDWorkflowUnitTestCase.java
===================================================================
--- federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/openid/OpenIDWorkflowUnitTestCase.java (rev 0)
+++ federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/openid/OpenIDWorkflowUnitTestCase.java 2011-01-19 20:47:31 UTC (rev 639)
@@ -0,0 +1,85 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.web.workflow.openid;
+
+import java.io.InputStream;
+import java.net.URL;
+
+import org.mortbay.jetty.servlet.Context;
+import org.mortbay.jetty.servlet.ServletHolder;
+import org.mortbay.jetty.webapp.WebAppContext;
+import org.picketlink.identity.federation.api.openid.OpenIDManager;
+import org.picketlink.identity.federation.api.openid.OpenIDManager.OpenIDProviderInformation;
+import org.picketlink.identity.federation.api.openid.OpenIDManager.OpenIDProviderList;
+import org.picketlink.identity.federation.api.openid.OpenIDRequest;
+import org.picketlink.identity.federation.web.servlets.OpenIDProviderServlet;
+import org.picketlink.test.identity.federation.web.openid.InMemoryProtocolAdapter;
+import org.picketlink.test.identity.federation.web.server.EmbeddedWebServerBase;
+
+
+/**
+ * Test the workflow of an OpenID Consumer with a provider
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 18, 2011
+ */
+public class OpenIDWorkflowUnitTestCase extends EmbeddedWebServerBase
+{
+ private String username = "http://localhost:11080";
+ private OpenIDRequest openIDRequest = new OpenIDRequest( username );
+ private OpenIDManager manager = new OpenIDManager( openIDRequest );
+
+ protected void establishUserApps()
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream is = tcl.getResourceAsStream("openid/localhost-yadis.xml");
+
+ assertNotNull("Yadis descriptor not null", is);
+
+ final String WEBAPPDIR = "openid/webapp";
+
+ final String CONTEXTPATH = "/";
+
+ // for localhost:port/admin/index.html and whatever else is in the webapp directory
+ final URL warUrl = tcl.getResource(WEBAPPDIR);
+ final String warUrlString = warUrl.toExternalForm();
+
+ Context context = new WebAppContext( warUrlString, CONTEXTPATH );
+ server.setHandler( context );
+
+ context.addServlet(new ServletHolder(new OpenIDProviderServlet()), "/provider/");
+
+ context.addServlet( new ServletHolder( new OpenIDWorkflowTestConsumerServlet( manager)), "/consumer" );
+
+ context.addFilter(PrincipalInducingTestServletFilter.class, "/securepage.jsp", 1 );
+ }
+
+ public void testOpenIDAuth() throws Exception
+ {
+ InMemoryProtocolAdapter ad = new InMemoryProtocolAdapter();
+ OpenIDProviderList providers = manager.discoverProviders();
+ assertNotNull("List of providers is not null", providers);
+
+ OpenIDProviderInformation providerInfo = manager.associate( ad,providers );
+ boolean isValid = manager.authenticate( ad, providerInfo );
+ assertTrue( "Authentication is valid" , isValid );
+ }
+}
\ No newline at end of file
Added: federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/openid/PrincipalInducingTestServletFilter.java
===================================================================
--- federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/openid/PrincipalInducingTestServletFilter.java (rev 0)
+++ federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/openid/PrincipalInducingTestServletFilter.java 2011-01-19 20:47:31 UTC (rev 639)
@@ -0,0 +1,66 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.web.workflow.openid;
+
+import java.io.IOException;
+import java.security.Principal;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+
+import org.mortbay.jetty.Request;
+
+/**
+ * A servlet filter for testing that adds a principal with name "anil"
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 19, 2011
+ */
+public class PrincipalInducingTestServletFilter implements Filter
+{
+ public void init(FilterConfig filterConfig) throws ServletException
+ {
+ }
+
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
+ ServletException
+ {
+ Request jettyRequest = (Request) request;
+ if( jettyRequest.getUserPrincipal() == null )
+ {
+ jettyRequest.setUserPrincipal( new Principal() {
+
+ public String getName()
+ {
+ return "http://localhost:11080/";
+ }} );
+ }
+ chain.doFilter(request, response);
+ }
+
+ public void destroy()
+ {
+ }
+}
\ No newline at end of file
Added: federation/trunk/picketlink-web/src/test/resources/endorsed/resolver.jar
===================================================================
(Binary files differ)
Property changes on: federation/trunk/picketlink-web/src/test/resources/endorsed/resolver.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: federation/trunk/picketlink-web/src/test/resources/endorsed/serializer.jar
===================================================================
(Binary files differ)
Property changes on: federation/trunk/picketlink-web/src/test/resources/endorsed/serializer.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: federation/trunk/picketlink-web/src/test/resources/endorsed/xalan.jar
===================================================================
(Binary files differ)
Property changes on: federation/trunk/picketlink-web/src/test/resources/endorsed/xalan.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: federation/trunk/picketlink-web/src/test/resources/endorsed/xercesImpl.jar
===================================================================
(Binary files differ)
Property changes on: federation/trunk/picketlink-web/src/test/resources/endorsed/xercesImpl.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: federation/trunk/picketlink-web/src/test/resources/endorsed/xml-apis.jar
===================================================================
(Binary files differ)
Property changes on: federation/trunk/picketlink-web/src/test/resources/endorsed/xml-apis.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: federation/trunk/picketlink-web/src/test/resources/openid/webapp/index.jsp
===================================================================
--- federation/trunk/picketlink-web/src/test/resources/openid/webapp/index.jsp (rev 0)
+++ federation/trunk/picketlink-web/src/test/resources/openid/webapp/index.jsp 2011-01-19 20:47:31 UTC (rev 639)
@@ -0,0 +1,18 @@
+<%@ page contentType="application/xrds+xml"%><?xml version="1.0" encoding="UTF-8"?>
+<xrds:XRDS
+ xmlns:xrds="xri://$xrds"
+ xmlns:openid="http://openid.net/xmlns/1.0"
+ xmlns="xri://$xrd*($v*2.0)">
+ <XRD>
+ <!-- Change the URI for OpenID2 pointing to where the provider is located -->
+ <Service priority="0">
+ <Type>http://specs.openid.net/auth/2.0</Type>
+ <URI>http://localhost:11080/provider/</URI>
+ </Service>
+ <!-- Change the URI for OpenID1 pointing to where the provider is located -->
+ <Service priority="1">
+ <Type>http://openid.net/signon/1.0</Type>
+ <URI>http://localhost:11080/provider/</URI>
+ </Service>
+ </XRD>
+</xrds:XRDS>
Added: federation/trunk/picketlink-web/src/test/resources/openid/webapp/securepage.jsp
===================================================================
--- federation/trunk/picketlink-web/src/test/resources/openid/webapp/securepage.jsp (rev 0)
+++ federation/trunk/picketlink-web/src/test/resources/openid/webapp/securepage.jsp 2011-01-19 20:47:31 UTC (rev 639)
@@ -0,0 +1,14 @@
+<%
+ session.setAttribute("authenticatedAndApproved", Boolean.TRUE);
+ if( request.getUserPrincipal() != null )
+ {
+ session.setAttribute( "openid.claimed_id", request.getUserPrincipal().getName());
+ }
+%>
+
+
+You have logged in.
+
+<form method="POST" action="<%=request.getContextPath()%>/provider/?_action=complete">
+<input type="submit" value="Continue"/>
+</form>
13 years, 11 months
- 1
- 0
Picketlink SVN: r638 - federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/openid.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-01-19 15:46:11 -0500 (Wed, 19 Jan 2011)
New Revision: 638
Modified:
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/openid/OpenIDManager.java
Log:
return true
Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/openid/OpenIDManager.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/openid/OpenIDManager.java 2011-01-13 10:46:46 UTC (rev 637)
+++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/openid/OpenIDManager.java 2011-01-19 20:46:11 UTC (rev 638)
@@ -255,7 +255,7 @@
// The only method supported in OpenID 1.x
// redirect-URL usually limited ~2048 bytes
adapter.sendToProvider(1, authReq.getDestinationUrl(true), null);
- return false;
+ return true;
}
else
{
13 years, 11 months
- 1
- 0
Picketlink SVN: r637 - in idm/branches/1.1.0: assembly and 18 other directories.
by picketlink-commits@lists.jboss.org
Author: bdaw
Date: 2011-01-13 05:46:46 -0500 (Thu, 13 Jan 2011)
New Revision: 637
Modified:
idm/branches/1.1.0/assembly/pom.xml
idm/branches/1.1.0/example/auth-simple/pom.xml
idm/branches/1.1.0/example/auth/pom.xml
idm/branches/1.1.0/example/simple/pom.xml
idm/branches/1.1.0/integration/deployer/pom.xml
idm/branches/1.1.0/integration/jboss5/pom.xml
idm/branches/1.1.0/integration/pom.xml
idm/branches/1.1.0/parent/pom.xml
idm/branches/1.1.0/picketlink-idm-api/pom.xml
idm/branches/1.1.0/picketlink-idm-auth/pom.xml
idm/branches/1.1.0/picketlink-idm-cache/pom.xml
idm/branches/1.1.0/picketlink-idm-common/pom.xml
idm/branches/1.1.0/picketlink-idm-core/pom.xml
idm/branches/1.1.0/picketlink-idm-docs/ReferenceGuide/pom.xml
idm/branches/1.1.0/picketlink-idm-docs/pom.xml
idm/branches/1.1.0/picketlink-idm-hibernate/pom.xml
idm/branches/1.1.0/picketlink-idm-ldap/pom.xml
idm/branches/1.1.0/picketlink-idm-spi/pom.xml
idm/branches/1.1.0/picketlink-idm-testsuite/pom.xml
idm/branches/1.1.0/pom.xml
Log:
[maven-release-plugin] prepare for next development iteration
Modified: idm/branches/1.1.0/assembly/pom.xml
===================================================================
--- idm/branches/1.1.0/assembly/pom.xml 2011-01-13 10:46:12 UTC (rev 636)
+++ idm/branches/1.1.0/assembly/pom.xml 2011-01-13 10:46:46 UTC (rev 637)
@@ -8,7 +8,7 @@
<parent>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-parent</artifactId>
- <version>1.1.8.CR01</version>
+ <version>1.1.8.CR02-SNAPSHOT</version>
<relativePath>../parent</relativePath>
</parent>
Modified: idm/branches/1.1.0/example/auth/pom.xml
===================================================================
--- idm/branches/1.1.0/example/auth/pom.xml 2011-01-13 10:46:12 UTC (rev 636)
+++ idm/branches/1.1.0/example/auth/pom.xml 2011-01-13 10:46:46 UTC (rev 637)
@@ -1,7 +1,7 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.picketlink.idm.example</groupId>
- <version>1.1.8.CR01</version>
+ <version>1.1.8.CR02-SNAPSHOT</version>
<artifactId>example-auth</artifactId>
<packaging>jar</packaging>
<name>Example - JEE authentication</name>
Modified: idm/branches/1.1.0/example/auth-simple/pom.xml
===================================================================
--- idm/branches/1.1.0/example/auth-simple/pom.xml 2011-01-13 10:46:12 UTC (rev 636)
+++ idm/branches/1.1.0/example/auth-simple/pom.xml 2011-01-13 10:46:46 UTC (rev 637)
@@ -1,7 +1,7 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.picketlink.idm.example</groupId>
- <version>1.1.8.CR01</version>
+ <version>1.1.8.CR02-SNAPSHOT</version>
<artifactId>example-auth-simple</artifactId>
<packaging>jar</packaging>
<name>Example - JEE authentication (using deployer)</name>
Modified: idm/branches/1.1.0/example/simple/pom.xml
===================================================================
--- idm/branches/1.1.0/example/simple/pom.xml 2011-01-13 10:46:12 UTC (rev 636)
+++ idm/branches/1.1.0/example/simple/pom.xml 2011-01-13 10:46:46 UTC (rev 637)
@@ -1,7 +1,7 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.picketlink.idm.example</groupId>
- <version>1.1.8.CR01</version>
+ <version>1.1.8.CR02-SNAPSHOT</version>
<artifactId>example-simple</artifactId>
<packaging>jar</packaging>
<name>Example - Simple PicketLink IDM Maven2 project</name>
Modified: idm/branches/1.1.0/integration/deployer/pom.xml
===================================================================
--- idm/branches/1.1.0/integration/deployer/pom.xml 2011-01-13 10:46:12 UTC (rev 636)
+++ idm/branches/1.1.0/integration/deployer/pom.xml 2011-01-13 10:46:46 UTC (rev 637)
@@ -10,7 +10,7 @@
<parent>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-integration</artifactId>
- <version>1.1.8.CR01</version>
+ <version>1.1.8.CR02-SNAPSHOT</version>
</parent>
<properties>
Modified: idm/branches/1.1.0/integration/jboss5/pom.xml
===================================================================
--- idm/branches/1.1.0/integration/jboss5/pom.xml 2011-01-13 10:46:12 UTC (rev 636)
+++ idm/branches/1.1.0/integration/jboss5/pom.xml 2011-01-13 10:46:46 UTC (rev 637)
@@ -10,7 +10,7 @@
<parent>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-integration</artifactId>
- <version>1.1.8.CR01</version>
+ <version>1.1.8.CR02-SNAPSHOT</version>
</parent>
<dependencies>
Modified: idm/branches/1.1.0/integration/pom.xml
===================================================================
--- idm/branches/1.1.0/integration/pom.xml 2011-01-13 10:46:12 UTC (rev 636)
+++ idm/branches/1.1.0/integration/pom.xml 2011-01-13 10:46:46 UTC (rev 637)
@@ -12,7 +12,7 @@
<parent>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-parent</artifactId>
- <version>1.1.8.CR01</version>
+ <version>1.1.8.CR02-SNAPSHOT</version>
<relativePath>../parent/pom.xml</relativePath>
</parent>
Modified: idm/branches/1.1.0/parent/pom.xml
===================================================================
--- idm/branches/1.1.0/parent/pom.xml 2011-01-13 10:46:12 UTC (rev 636)
+++ idm/branches/1.1.0/parent/pom.xml 2011-01-13 10:46:46 UTC (rev 637)
@@ -8,7 +8,7 @@
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-parent</artifactId>
<packaging>pom</packaging>
- <version>1.1.8.CR01</version>
+ <version>1.1.8.CR02-SNAPSHOT</version>
<name>PicketLink IDM- Parent</name>
<url>http://labs.jboss.org/portal/jbosssecurity/</url>
<description>PicketLink is a cross-cutting project that handles identity needs for the JEMS projects</description>
@@ -520,10 +520,4 @@
</dependency>
</dependencies>
</dependencyManagement>
-
- <scm>
- <connection>scm:svn:http://anonsvn.jboss.org/repos/maven/poms/jboss-parent-pom/tags/1...</connection>
- <developerConnection>scm:svn:https://svn.jboss.org/repos/maven/poms/jboss-parent-pom/tags/1.1....</developerConnection>
- <url>http://anonsvn.jboss.org/repos/maven/poms/jboss-parent-pom/tags/1.1.8.CR01</url>
- </scm>
</project>
Modified: idm/branches/1.1.0/picketlink-idm-api/pom.xml
===================================================================
--- idm/branches/1.1.0/picketlink-idm-api/pom.xml 2011-01-13 10:46:12 UTC (rev 636)
+++ idm/branches/1.1.0/picketlink-idm-api/pom.xml 2011-01-13 10:46:46 UTC (rev 637)
@@ -2,7 +2,7 @@
<parent>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-parent</artifactId>
- <version>1.1.8.CR01</version>
+ <version>1.1.8.CR02-SNAPSHOT</version>
<relativePath>../parent</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
Modified: idm/branches/1.1.0/picketlink-idm-auth/pom.xml
===================================================================
--- idm/branches/1.1.0/picketlink-idm-auth/pom.xml 2011-01-13 10:46:12 UTC (rev 636)
+++ idm/branches/1.1.0/picketlink-idm-auth/pom.xml 2011-01-13 10:46:46 UTC (rev 637)
@@ -2,7 +2,7 @@
<parent>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-parent</artifactId>
- <version>1.1.8.CR01</version>
+ <version>1.1.8.CR02-SNAPSHOT</version>
<relativePath>../parent</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
Modified: idm/branches/1.1.0/picketlink-idm-cache/pom.xml
===================================================================
--- idm/branches/1.1.0/picketlink-idm-cache/pom.xml 2011-01-13 10:46:12 UTC (rev 636)
+++ idm/branches/1.1.0/picketlink-idm-cache/pom.xml 2011-01-13 10:46:46 UTC (rev 637)
@@ -2,7 +2,7 @@
<parent>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-parent</artifactId>
- <version>1.1.8.CR01</version>
+ <version>1.1.8.CR02-SNAPSHOT</version>
<relativePath>../parent</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
Modified: idm/branches/1.1.0/picketlink-idm-common/pom.xml
===================================================================
--- idm/branches/1.1.0/picketlink-idm-common/pom.xml 2011-01-13 10:46:12 UTC (rev 636)
+++ idm/branches/1.1.0/picketlink-idm-common/pom.xml 2011-01-13 10:46:46 UTC (rev 637)
@@ -2,7 +2,7 @@
<parent>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-parent</artifactId>
- <version>1.1.8.CR01</version>
+ <version>1.1.8.CR02-SNAPSHOT</version>
<relativePath>../parent</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
Modified: idm/branches/1.1.0/picketlink-idm-core/pom.xml
===================================================================
--- idm/branches/1.1.0/picketlink-idm-core/pom.xml 2011-01-13 10:46:12 UTC (rev 636)
+++ idm/branches/1.1.0/picketlink-idm-core/pom.xml 2011-01-13 10:46:46 UTC (rev 637)
@@ -2,7 +2,7 @@
<parent>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-parent</artifactId>
- <version>1.1.8.CR01</version>
+ <version>1.1.8.CR02-SNAPSHOT</version>
<relativePath>../parent</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
Modified: idm/branches/1.1.0/picketlink-idm-docs/ReferenceGuide/pom.xml
===================================================================
--- idm/branches/1.1.0/picketlink-idm-docs/ReferenceGuide/pom.xml 2011-01-13 10:46:12 UTC (rev 636)
+++ idm/branches/1.1.0/picketlink-idm-docs/ReferenceGuide/pom.xml 2011-01-13 10:46:46 UTC (rev 637)
@@ -2,7 +2,7 @@
<parent>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-parent</artifactId>
- <version>1.1.8.CR01</version>
+ <version>1.1.8.CR02-SNAPSHOT</version>
<relativePath>../../parent</relativePath>
</parent>
Modified: idm/branches/1.1.0/picketlink-idm-docs/pom.xml
===================================================================
--- idm/branches/1.1.0/picketlink-idm-docs/pom.xml 2011-01-13 10:46:12 UTC (rev 636)
+++ idm/branches/1.1.0/picketlink-idm-docs/pom.xml 2011-01-13 10:46:46 UTC (rev 637)
@@ -2,7 +2,7 @@
<parent>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-parent</artifactId>
- <version>1.1.8.CR01</version>
+ <version>1.1.8.CR02-SNAPSHOT</version>
<relativePath>../parent</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
Modified: idm/branches/1.1.0/picketlink-idm-hibernate/pom.xml
===================================================================
--- idm/branches/1.1.0/picketlink-idm-hibernate/pom.xml 2011-01-13 10:46:12 UTC (rev 636)
+++ idm/branches/1.1.0/picketlink-idm-hibernate/pom.xml 2011-01-13 10:46:46 UTC (rev 637)
@@ -2,7 +2,7 @@
<parent>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-parent</artifactId>
- <version>1.1.8.CR01</version>
+ <version>1.1.8.CR02-SNAPSHOT</version>
<relativePath>../parent</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
Modified: idm/branches/1.1.0/picketlink-idm-ldap/pom.xml
===================================================================
--- idm/branches/1.1.0/picketlink-idm-ldap/pom.xml 2011-01-13 10:46:12 UTC (rev 636)
+++ idm/branches/1.1.0/picketlink-idm-ldap/pom.xml 2011-01-13 10:46:46 UTC (rev 637)
@@ -2,7 +2,7 @@
<parent>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-parent</artifactId>
- <version>1.1.8.CR01</version>
+ <version>1.1.8.CR02-SNAPSHOT</version>
<relativePath>../parent</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
Modified: idm/branches/1.1.0/picketlink-idm-spi/pom.xml
===================================================================
--- idm/branches/1.1.0/picketlink-idm-spi/pom.xml 2011-01-13 10:46:12 UTC (rev 636)
+++ idm/branches/1.1.0/picketlink-idm-spi/pom.xml 2011-01-13 10:46:46 UTC (rev 637)
@@ -2,7 +2,7 @@
<parent>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-parent</artifactId>
- <version>1.1.8.CR01</version>
+ <version>1.1.8.CR02-SNAPSHOT</version>
<relativePath>../parent</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
Modified: idm/branches/1.1.0/picketlink-idm-testsuite/pom.xml
===================================================================
--- idm/branches/1.1.0/picketlink-idm-testsuite/pom.xml 2011-01-13 10:46:12 UTC (rev 636)
+++ idm/branches/1.1.0/picketlink-idm-testsuite/pom.xml 2011-01-13 10:46:46 UTC (rev 637)
@@ -2,7 +2,7 @@
<parent>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-parent</artifactId>
- <version>1.1.8.CR01</version>
+ <version>1.1.8.CR02-SNAPSHOT</version>
<relativePath>../parent</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
Modified: idm/branches/1.1.0/pom.xml
===================================================================
--- idm/branches/1.1.0/pom.xml 2011-01-13 10:46:12 UTC (rev 636)
+++ idm/branches/1.1.0/pom.xml 2011-01-13 10:46:46 UTC (rev 637)
@@ -2,7 +2,7 @@
<parent>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-parent</artifactId>
- <version>1.1.8.CR01</version>
+ <version>1.1.8.CR02-SNAPSHOT</version>
<relativePath>parent</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
@@ -14,9 +14,9 @@
<description />
<scm>
- <connection>scm:svn:http://anonsvn.jboss.org/repos/picketlink/idm/tags/1.1.8.CR01</connection>
- <developerConnection>scm:svn:https://svn.jboss.org/repos/picketlink/idm/tags/1.1.8.CR01</developerConnection>
- <url>http://anonsvn.jboss.org/repos/maven/poms/jboss-parent-pom/tags/1.1.8.CR01</url>
+ <connection>scm:svn:http://anonsvn.jboss.org/repos/picketlink/idm/branches/1.1.0</connection>
+ <developerConnection>scm:svn:https://svn.jboss.org/repos/picketlink/idm/branches/1.1.0</developerConnection>
+ <url>http://anonsvn.jboss.org/repos/maven/poms/jboss-parent-pom/tags/jboss-par...</url>
</scm>
<profiles>
13 years, 11 months
- 1
- 0
Picketlink SVN: r636 - idm/tags.
by picketlink-commits@lists.jboss.org
Author: bdaw
Date: 2011-01-13 05:46:12 -0500 (Thu, 13 Jan 2011)
New Revision: 636
Added:
idm/tags/1.1.8.CR01/
Log:
[maven-scm] copy for tag 1.1.8.CR01
Copied: idm/tags/1.1.8.CR01 (from rev 635, idm/branches/1.1.0)
13 years, 11 months
- 1
- 0
Picketlink SVN: r635 - in idm/branches/1.1.0: assembly and 18 other directories.
by picketlink-commits@lists.jboss.org
Author: bdaw
Date: 2011-01-13 05:45:48 -0500 (Thu, 13 Jan 2011)
New Revision: 635
Modified:
idm/branches/1.1.0/assembly/pom.xml
idm/branches/1.1.0/example/auth-simple/pom.xml
idm/branches/1.1.0/example/auth/pom.xml
idm/branches/1.1.0/example/simple/pom.xml
idm/branches/1.1.0/integration/deployer/pom.xml
idm/branches/1.1.0/integration/jboss5/pom.xml
idm/branches/1.1.0/integration/pom.xml
idm/branches/1.1.0/parent/pom.xml
idm/branches/1.1.0/picketlink-idm-api/pom.xml
idm/branches/1.1.0/picketlink-idm-auth/pom.xml
idm/branches/1.1.0/picketlink-idm-cache/pom.xml
idm/branches/1.1.0/picketlink-idm-common/pom.xml
idm/branches/1.1.0/picketlink-idm-core/pom.xml
idm/branches/1.1.0/picketlink-idm-docs/ReferenceGuide/pom.xml
idm/branches/1.1.0/picketlink-idm-docs/pom.xml
idm/branches/1.1.0/picketlink-idm-hibernate/pom.xml
idm/branches/1.1.0/picketlink-idm-ldap/pom.xml
idm/branches/1.1.0/picketlink-idm-spi/pom.xml
idm/branches/1.1.0/picketlink-idm-testsuite/pom.xml
idm/branches/1.1.0/pom.xml
Log:
[maven-release-plugin] prepare release 1.1.8.CR01
Modified: idm/branches/1.1.0/assembly/pom.xml
===================================================================
--- idm/branches/1.1.0/assembly/pom.xml 2011-01-13 10:37:47 UTC (rev 634)
+++ idm/branches/1.1.0/assembly/pom.xml 2011-01-13 10:45:48 UTC (rev 635)
@@ -8,7 +8,7 @@
<parent>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-parent</artifactId>
- <version>1.1.8.CR01-SNAPSHOT</version>
+ <version>1.1.8.CR01</version>
<relativePath>../parent</relativePath>
</parent>
Modified: idm/branches/1.1.0/example/auth/pom.xml
===================================================================
--- idm/branches/1.1.0/example/auth/pom.xml 2011-01-13 10:37:47 UTC (rev 634)
+++ idm/branches/1.1.0/example/auth/pom.xml 2011-01-13 10:45:48 UTC (rev 635)
@@ -1,7 +1,7 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.picketlink.idm.example</groupId>
- <version>1.1.8.CR01-SNAPSHOT</version>
+ <version>1.1.8.CR01</version>
<artifactId>example-auth</artifactId>
<packaging>jar</packaging>
<name>Example - JEE authentication</name>
Modified: idm/branches/1.1.0/example/auth-simple/pom.xml
===================================================================
--- idm/branches/1.1.0/example/auth-simple/pom.xml 2011-01-13 10:37:47 UTC (rev 634)
+++ idm/branches/1.1.0/example/auth-simple/pom.xml 2011-01-13 10:45:48 UTC (rev 635)
@@ -1,7 +1,7 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.picketlink.idm.example</groupId>
- <version>1.1.8.CR01-SNAPSHOT</version>
+ <version>1.1.8.CR01</version>
<artifactId>example-auth-simple</artifactId>
<packaging>jar</packaging>
<name>Example - JEE authentication (using deployer)</name>
Modified: idm/branches/1.1.0/example/simple/pom.xml
===================================================================
--- idm/branches/1.1.0/example/simple/pom.xml 2011-01-13 10:37:47 UTC (rev 634)
+++ idm/branches/1.1.0/example/simple/pom.xml 2011-01-13 10:45:48 UTC (rev 635)
@@ -1,7 +1,7 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.picketlink.idm.example</groupId>
- <version>1.1.8.CR01-SNAPSHOT</version>
+ <version>1.1.8.CR01</version>
<artifactId>example-simple</artifactId>
<packaging>jar</packaging>
<name>Example - Simple PicketLink IDM Maven2 project</name>
Modified: idm/branches/1.1.0/integration/deployer/pom.xml
===================================================================
--- idm/branches/1.1.0/integration/deployer/pom.xml 2011-01-13 10:37:47 UTC (rev 634)
+++ idm/branches/1.1.0/integration/deployer/pom.xml 2011-01-13 10:45:48 UTC (rev 635)
@@ -10,7 +10,7 @@
<parent>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-integration</artifactId>
- <version>1.1.8.CR01-SNAPSHOT</version>
+ <version>1.1.8.CR01</version>
</parent>
<properties>
Modified: idm/branches/1.1.0/integration/jboss5/pom.xml
===================================================================
--- idm/branches/1.1.0/integration/jboss5/pom.xml 2011-01-13 10:37:47 UTC (rev 634)
+++ idm/branches/1.1.0/integration/jboss5/pom.xml 2011-01-13 10:45:48 UTC (rev 635)
@@ -10,7 +10,7 @@
<parent>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-integration</artifactId>
- <version>1.1.8.CR01-SNAPSHOT</version>
+ <version>1.1.8.CR01</version>
</parent>
<dependencies>
Modified: idm/branches/1.1.0/integration/pom.xml
===================================================================
--- idm/branches/1.1.0/integration/pom.xml 2011-01-13 10:37:47 UTC (rev 634)
+++ idm/branches/1.1.0/integration/pom.xml 2011-01-13 10:45:48 UTC (rev 635)
@@ -12,7 +12,7 @@
<parent>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-parent</artifactId>
- <version>1.1.8.CR01-SNAPSHOT</version>
+ <version>1.1.8.CR01</version>
<relativePath>../parent/pom.xml</relativePath>
</parent>
Modified: idm/branches/1.1.0/parent/pom.xml
===================================================================
--- idm/branches/1.1.0/parent/pom.xml 2011-01-13 10:37:47 UTC (rev 634)
+++ idm/branches/1.1.0/parent/pom.xml 2011-01-13 10:45:48 UTC (rev 635)
@@ -8,7 +8,7 @@
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-parent</artifactId>
<packaging>pom</packaging>
- <version>1.1.8.CR01-SNAPSHOT</version>
+ <version>1.1.8.CR01</version>
<name>PicketLink IDM- Parent</name>
<url>http://labs.jboss.org/portal/jbosssecurity/</url>
<description>PicketLink is a cross-cutting project that handles identity needs for the JEMS projects</description>
@@ -520,4 +520,10 @@
</dependency>
</dependencies>
</dependencyManagement>
+
+ <scm>
+ <connection>scm:svn:http://anonsvn.jboss.org/repos/maven/poms/jboss-parent-pom/tags/1...</connection>
+ <developerConnection>scm:svn:https://svn.jboss.org/repos/maven/poms/jboss-parent-pom/tags/1.1....</developerConnection>
+ <url>http://anonsvn.jboss.org/repos/maven/poms/jboss-parent-pom/tags/1.1.8.CR01</url>
+ </scm>
</project>
Modified: idm/branches/1.1.0/picketlink-idm-api/pom.xml
===================================================================
--- idm/branches/1.1.0/picketlink-idm-api/pom.xml 2011-01-13 10:37:47 UTC (rev 634)
+++ idm/branches/1.1.0/picketlink-idm-api/pom.xml 2011-01-13 10:45:48 UTC (rev 635)
@@ -2,7 +2,7 @@
<parent>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-parent</artifactId>
- <version>1.1.8.CR01-SNAPSHOT</version>
+ <version>1.1.8.CR01</version>
<relativePath>../parent</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
Modified: idm/branches/1.1.0/picketlink-idm-auth/pom.xml
===================================================================
--- idm/branches/1.1.0/picketlink-idm-auth/pom.xml 2011-01-13 10:37:47 UTC (rev 634)
+++ idm/branches/1.1.0/picketlink-idm-auth/pom.xml 2011-01-13 10:45:48 UTC (rev 635)
@@ -2,7 +2,7 @@
<parent>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-parent</artifactId>
- <version>1.1.8.CR01-SNAPSHOT</version>
+ <version>1.1.8.CR01</version>
<relativePath>../parent</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
Modified: idm/branches/1.1.0/picketlink-idm-cache/pom.xml
===================================================================
--- idm/branches/1.1.0/picketlink-idm-cache/pom.xml 2011-01-13 10:37:47 UTC (rev 634)
+++ idm/branches/1.1.0/picketlink-idm-cache/pom.xml 2011-01-13 10:45:48 UTC (rev 635)
@@ -2,7 +2,7 @@
<parent>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-parent</artifactId>
- <version>1.1.8.CR01-SNAPSHOT</version>
+ <version>1.1.8.CR01</version>
<relativePath>../parent</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
Modified: idm/branches/1.1.0/picketlink-idm-common/pom.xml
===================================================================
--- idm/branches/1.1.0/picketlink-idm-common/pom.xml 2011-01-13 10:37:47 UTC (rev 634)
+++ idm/branches/1.1.0/picketlink-idm-common/pom.xml 2011-01-13 10:45:48 UTC (rev 635)
@@ -2,7 +2,7 @@
<parent>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-parent</artifactId>
- <version>1.1.8.CR01-SNAPSHOT</version>
+ <version>1.1.8.CR01</version>
<relativePath>../parent</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
Modified: idm/branches/1.1.0/picketlink-idm-core/pom.xml
===================================================================
--- idm/branches/1.1.0/picketlink-idm-core/pom.xml 2011-01-13 10:37:47 UTC (rev 634)
+++ idm/branches/1.1.0/picketlink-idm-core/pom.xml 2011-01-13 10:45:48 UTC (rev 635)
@@ -2,7 +2,7 @@
<parent>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-parent</artifactId>
- <version>1.1.8.CR01-SNAPSHOT</version>
+ <version>1.1.8.CR01</version>
<relativePath>../parent</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
Modified: idm/branches/1.1.0/picketlink-idm-docs/ReferenceGuide/pom.xml
===================================================================
--- idm/branches/1.1.0/picketlink-idm-docs/ReferenceGuide/pom.xml 2011-01-13 10:37:47 UTC (rev 634)
+++ idm/branches/1.1.0/picketlink-idm-docs/ReferenceGuide/pom.xml 2011-01-13 10:45:48 UTC (rev 635)
@@ -2,7 +2,7 @@
<parent>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-parent</artifactId>
- <version>1.1.8.CR01-SNAPSHOT</version>
+ <version>1.1.8.CR01</version>
<relativePath>../../parent</relativePath>
</parent>
Modified: idm/branches/1.1.0/picketlink-idm-docs/pom.xml
===================================================================
--- idm/branches/1.1.0/picketlink-idm-docs/pom.xml 2011-01-13 10:37:47 UTC (rev 634)
+++ idm/branches/1.1.0/picketlink-idm-docs/pom.xml 2011-01-13 10:45:48 UTC (rev 635)
@@ -2,7 +2,7 @@
<parent>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-parent</artifactId>
- <version>1.1.8.CR01-SNAPSHOT</version>
+ <version>1.1.8.CR01</version>
<relativePath>../parent</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
Modified: idm/branches/1.1.0/picketlink-idm-hibernate/pom.xml
===================================================================
--- idm/branches/1.1.0/picketlink-idm-hibernate/pom.xml 2011-01-13 10:37:47 UTC (rev 634)
+++ idm/branches/1.1.0/picketlink-idm-hibernate/pom.xml 2011-01-13 10:45:48 UTC (rev 635)
@@ -2,7 +2,7 @@
<parent>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-parent</artifactId>
- <version>1.1.8.CR01-SNAPSHOT</version>
+ <version>1.1.8.CR01</version>
<relativePath>../parent</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
Modified: idm/branches/1.1.0/picketlink-idm-ldap/pom.xml
===================================================================
--- idm/branches/1.1.0/picketlink-idm-ldap/pom.xml 2011-01-13 10:37:47 UTC (rev 634)
+++ idm/branches/1.1.0/picketlink-idm-ldap/pom.xml 2011-01-13 10:45:48 UTC (rev 635)
@@ -2,7 +2,7 @@
<parent>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-parent</artifactId>
- <version>1.1.8.CR01-SNAPSHOT</version>
+ <version>1.1.8.CR01</version>
<relativePath>../parent</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
Modified: idm/branches/1.1.0/picketlink-idm-spi/pom.xml
===================================================================
--- idm/branches/1.1.0/picketlink-idm-spi/pom.xml 2011-01-13 10:37:47 UTC (rev 634)
+++ idm/branches/1.1.0/picketlink-idm-spi/pom.xml 2011-01-13 10:45:48 UTC (rev 635)
@@ -2,7 +2,7 @@
<parent>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-parent</artifactId>
- <version>1.1.8.CR01-SNAPSHOT</version>
+ <version>1.1.8.CR01</version>
<relativePath>../parent</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
Modified: idm/branches/1.1.0/picketlink-idm-testsuite/pom.xml
===================================================================
--- idm/branches/1.1.0/picketlink-idm-testsuite/pom.xml 2011-01-13 10:37:47 UTC (rev 634)
+++ idm/branches/1.1.0/picketlink-idm-testsuite/pom.xml 2011-01-13 10:45:48 UTC (rev 635)
@@ -2,7 +2,7 @@
<parent>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-parent</artifactId>
- <version>1.1.8.CR01-SNAPSHOT</version>
+ <version>1.1.8.CR01</version>
<relativePath>../parent</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
Modified: idm/branches/1.1.0/pom.xml
===================================================================
--- idm/branches/1.1.0/pom.xml 2011-01-13 10:37:47 UTC (rev 634)
+++ idm/branches/1.1.0/pom.xml 2011-01-13 10:45:48 UTC (rev 635)
@@ -2,7 +2,7 @@
<parent>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-parent</artifactId>
- <version>1.1.8.CR01-SNAPSHOT</version>
+ <version>1.1.8.CR01</version>
<relativePath>parent</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
@@ -14,9 +14,9 @@
<description />
<scm>
- <connection>scm:svn:http://anonsvn.jboss.org/repos/picketlink/idm/branches/1.1.0</connection>
- <developerConnection>scm:svn:https://svn.jboss.org/repos/picketlink/idm/branches/1.1.0</developerConnection>
- <url>http://anonsvn.jboss.org/repos/maven/poms/jboss-parent-pom/tags/jboss-par...</url>
+ <connection>scm:svn:http://anonsvn.jboss.org/repos/picketlink/idm/tags/1.1.8.CR01</connection>
+ <developerConnection>scm:svn:https://svn.jboss.org/repos/picketlink/idm/tags/1.1.8.CR01</developerConnection>
+ <url>http://anonsvn.jboss.org/repos/maven/poms/jboss-parent-pom/tags/1.1.8.CR01</url>
</scm>
<profiles>
13 years, 11 months
- 1
- 0
Picketlink SVN: r634 - in idm/branches/1.1.0: picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap and 1 other directory.
by picketlink-commits@lists.jboss.org
Author: bdaw
Date: 2011-01-13 05:37:47 -0500 (Thu, 13 Jan 2011)
New Revision: 634
Modified:
idm/branches/1.1.0/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/helper/Tools.java
idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreConfiguration.java
idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreSessionImpl.java
idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/SimpleLDAPIdentityStoreConfiguration.java
Log:
- Enable LDAP password encryption with JBoss JAAS SecurityDomain
Modified: idm/branches/1.1.0/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/helper/Tools.java
===================================================================
--- idm/branches/1.1.0/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/helper/Tools.java 2011-01-10 16:25:50 UTC (rev 633)
+++ idm/branches/1.1.0/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/helper/Tools.java 2011-01-13 10:37:47 UTC (rev 634)
@@ -22,8 +22,11 @@
package org.picketlink.idm.impl.helper;
+import javax.management.MBeanServer;
+import javax.management.MBeanServerFactory;
import java.util.Arrays;
import java.util.Collection;
+import java.util.Iterator;
import java.util.List;
import java.util.Enumeration;
import java.util.ArrayList;
@@ -38,6 +41,8 @@
public class Tools
{
+ private static MBeanServer instance = null;
+
public static <E> List<E> toList(Enumeration<E> e)
{
if (e == null)
@@ -231,5 +236,27 @@
}
}
+ public static MBeanServer locateJBoss()
+ {
+ synchronized (Tools.class)
+ {
+ if (instance != null)
+ {
+ return instance;
+ }
+ }
+ for (Iterator i = MBeanServerFactory.findMBeanServer(null).iterator(); i.hasNext(); )
+ {
+ MBeanServer server = (MBeanServer) i.next();
+ if (server.getDefaultDomain().equals("jboss"))
+ {
+ return server;
+ }
+ }
+
+ throw new IllegalStateException("No 'jboss' MBeanServer found!");
+ }
+
+
}
Modified: idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreConfiguration.java
===================================================================
--- idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreConfiguration.java 2011-01-10 16:25:50 UTC (rev 633)
+++ idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreConfiguration.java 2011-01-13 10:37:47 UTC (rev 634)
@@ -44,6 +44,8 @@
String getAdminPassword();
+ String getJaasSecurityDomain();
+
String getAuthenticationMethod();
int getSearchTimeLimit();
Modified: idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreSessionImpl.java
===================================================================
--- idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreSessionImpl.java 2011-01-10 16:25:50 UTC (rev 633)
+++ idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreSessionImpl.java 2011-01-13 10:37:47 UTC (rev 634)
@@ -23,13 +23,23 @@
package org.picketlink.idm.impl.store.ldap;
import org.picketlink.idm.common.exception.IdentityException;
+import org.picketlink.idm.impl.helper.Tools;
import org.picketlink.idm.spi.store.IdentityStoreSession;
+import java.io.UnsupportedEncodingException;
import java.util.Hashtable;
+import java.util.Iterator;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
+import javax.management.InstanceNotFoundException;
+import javax.management.MBeanException;
+import javax.management.MBeanServer;
+import javax.management.MBeanServerFactory;
+import javax.management.MalformedObjectNameException;
+import javax.management.ObjectName;
+import javax.management.ReflectionException;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.ldap.InitialLdapContext;
@@ -90,10 +100,28 @@
env.put(Context.SECURITY_PRINCIPAL, storeConfig.getAdminDN());
}
+
+
if (storeConfig.getAdminPassword() != null)
{
- env.put(Context.SECURITY_CREDENTIALS, storeConfig.getAdminPassword());
+ String credentials = null;
+ if (storeConfig.getJaasSecurityDomain() != null)
+ {
+ String securityDomain = storeConfig.getJaasSecurityDomain();
+
+ credentials = getPassword(securityDomain, storeConfig.getAdminPassword());
+ }
+
+ else
+ {
+ credentials = storeConfig.getAdminPassword();
+ }
+
+
+
+ env.put(Context.SECURITY_CREDENTIALS, credentials);
+
}
if (storeConfig.getAuthenticationMethod() != null)
@@ -183,4 +211,29 @@
{
return false;
}
+
+ public String getPassword(String securityDomain, String encoded) throws Exception
+ {
+
+
+ try
+ {
+ ObjectName serviceName = new ObjectName(securityDomain);
+ MBeanServer server = Tools.locateJBoss();
+
+ byte[] secret = (byte[]) server.invoke(serviceName, "decode64", new Object[] {encoded},
+ new String[] {String.class.getName()});
+
+ // Convert to UTF-8 base char array
+ return new String(secret, "UTF-8");
+ }
+ catch (Exception e)
+ {
+ log.log(Level.INFO, "Failed to decode LDAP password from JBoss JAAS Security Domain: " + securityDomain, e);
+ throw new IdentityException("Failed to decode LDAP password from JBoss JAAS Security Domain: " + securityDomain, e);
+ }
+ }
+
+
+
}
Modified: idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/SimpleLDAPIdentityStoreConfiguration.java
===================================================================
--- idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/SimpleLDAPIdentityStoreConfiguration.java 2011-01-10 16:25:50 UTC (rev 633)
+++ idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/SimpleLDAPIdentityStoreConfiguration.java 2011-01-13 10:37:47 UTC (rev 634)
@@ -49,6 +49,8 @@
private final String adminPassword;
+ private final String jaasSecurityDomain;
+
private final String authenticationMethod;
private final int searchTimeLimit;
@@ -104,6 +106,8 @@
public static final String ADMIN_PASSWORD = "adminPassword";
+ public static final String SECURITY_DOMAIN_OPT = "jaasSecurityDomain";
+
public static final String SEARCH_TIME_LIMIT = "searchTimeLimit";
public static final int SEARCH_TIME_LIMIT_DEFAULT = 10000;
@@ -161,6 +165,7 @@
this.adminDN = storeMD.getOptionSingleValue(ADMIN_DN);
this.authenticationMethod = storeMD.getOptionSingleValue(AUTHENTICATION_METHOD);
this.adminPassword = storeMD.getOptionSingleValue(ADMIN_PASSWORD);
+ this.jaasSecurityDomain = storeMD.getOptionSingleValue(SECURITY_DOMAIN_OPT);
this.externalJNDIContext = storeMD.getOptionSingleValue(EXTERNAL_JNDI_CONTEXT);
this.membershipToRelationshipTypeMapping = storeMD.getOptionSingleValue(MEMBERSHIP_TO_RELATIONSHIP_TYPE_MAPPING);
this.relationshipNameSearchFilter = storeMD.getOptionSingleValue(RELATIONSHIP_NAME_SEARCH_FILTER);
@@ -425,6 +430,11 @@
return adminPassword;
}
+ public String getJaasSecurityDomain()
+ {
+ return jaasSecurityDomain;
+ }
+
public int getSearchTimeLimit()
{
return searchTimeLimit;
13 years, 11 months
- 1
- 0
Picketlink SVN: r633 - federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-01-10 11:25:50 -0500 (Mon, 10 Jan 2011)
New Revision: 633
Removed:
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java
Log:
get rid of redundant valves
Deleted: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2011-01-10 16:25:30 UTC (rev 632)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2011-01-10 16:25:50 UTC (rev 633)
@@ -1,515 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.picketlink.identity.federation.bindings.tomcat.idp;
-
-import static org.picketlink.identity.federation.core.util.StringUtil.isNotNull;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.StringWriter;
-import java.security.GeneralSecurityException;
-import java.security.Principal;
-import java.util.List;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.catalina.Context;
-import org.apache.catalina.Lifecycle;
-import org.apache.catalina.LifecycleException;
-import org.apache.catalina.LifecycleListener;
-import org.apache.catalina.connector.Request;
-import org.apache.catalina.connector.Response;
-import org.apache.catalina.util.LifecycleSupport;
-import org.apache.catalina.valves.ValveBase;
-import org.apache.log4j.Logger;
-import org.picketlink.identity.federation.api.saml.v2.request.SAML2Request;
-import org.picketlink.identity.federation.api.saml.v2.response.SAML2Response;
-import org.picketlink.identity.federation.bindings.tomcat.TomcatRoleGenerator;
-import org.picketlink.identity.federation.bindings.util.ValveUtil;
-import org.picketlink.identity.federation.core.config.IDPType;
-import org.picketlink.identity.federation.core.config.TrustType;
-import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
-import org.picketlink.identity.federation.core.exceptions.ParsingException;
-import org.picketlink.identity.federation.core.exceptions.ProcessingException;
-import org.picketlink.identity.federation.core.interfaces.RoleGenerator;
-import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
-import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
-import org.picketlink.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
-import org.picketlink.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
-import org.picketlink.identity.federation.core.saml.v2.holders.IDPInfoHolder;
-import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
-import org.picketlink.identity.federation.core.saml.v2.holders.SPInfoHolder;
-import org.picketlink.identity.federation.core.saml.v2.util.StatementUtil;
-import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
-import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType;
-import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
-import org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestAbstractType;
-import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
-import org.picketlink.identity.federation.web.constants.GeneralConstants;
-import org.picketlink.identity.federation.web.util.ConfigurationUtil;
-import org.picketlink.identity.federation.web.util.HTTPRedirectUtil;
-import org.picketlink.identity.federation.web.util.RedirectBindingUtil;
-
-/**
- * Valve at the IDP that supports the HTTP/Redirect Binding
- * @author Anil.Saldhana(a)redhat.com
- * @since Dec 9, 2008
- */
-public class IDPRedirectValve extends ValveBase implements Lifecycle
-{
- private static Logger log = Logger.getLogger(IDPRedirectValve.class);
- private boolean trace = log.isTraceEnabled();
-
- protected IDPType idpConfiguration = null;
-
- private RoleGenerator rg = new TomcatRoleGenerator();
-
- private long assertionValidity = 5000; // 5 seconds in miliseconds
-
- private String identityURL = null;
-
- public IDPRedirectValve()
- {
- super();
- }
-
- public void setRoleGenerator(String rgName)
- {
- try
- {
- Class<?> clazz = SecurityActions.getContextClassLoader().loadClass(rgName);
- rg = (RoleGenerator) clazz.newInstance();
- }
- catch (Exception e)
- {
- throw new RuntimeException(e);
- }
- }
-
- @Override
- public void invoke(Request request, Response response) throws IOException, ServletException
- {
- boolean containsSAMLRequestMessage = this.hasSAMLRequestMessage(request);
-
- //Lets check if the user has been authenticated
- Principal userPrincipal = request.getPrincipal();
- if(userPrincipal == null)
- {
- //Send it for user authentication
- try
- {
- //Next in the invocation chain
- getNext().invoke(request, response);
- }
- finally
- {
- String referer = request.getHeader("Referer");
-
- if(response.getStatus() == HttpServletResponse.SC_FORBIDDEN)
- {
- ResponseType errorResponseType = this.getErrorResponse(referer, JBossSAMLURIConstants.STATUS_AUTHNFAILED.get());
- try
- {
- send(errorResponseType,
- request.getParameter(GeneralConstants.RELAY_STATE), response);
- }
- catch (ParsingException e)
- {
- log.error(e);
- }
- catch (ProcessingException e)
- {
- log.error(e);
- }
- return;
- }
-
- //User is authenticated as we are on the return path
- userPrincipal = request.getPrincipal();
- if(userPrincipal != null)
- {
- //Send valid saml response after processing the request
- if(containsSAMLRequestMessage)
- {
- RequestAbstractType requestAbstractType = null;
- try
- {
- requestAbstractType = getSAMLRequest(request);
- boolean isValid = this.validate(request);
- if(!isValid)
- throw new GeneralSecurityException("Validity Checks Failed");
-
- this.isTrusted(requestAbstractType.getIssuer().getValue());
-
- ResponseType responseType = this.getResponse(request, userPrincipal);
- send(responseType, request.getParameter(GeneralConstants.RELAY_STATE), response);
- }
- catch (Exception e)
- {
- log.error("Exception:" ,e);
- if(requestAbstractType != null)
- referer = requestAbstractType.getIssuer().getValue();
- ResponseType errorResponseType = this.getErrorResponse(referer, JBossSAMLURIConstants.STATUS_RESPONDER.get());
- try
- {
- send(errorResponseType, request.getParameter(GeneralConstants.RELAY_STATE), response);
- }
- catch (ParsingException e1)
- {
- log.error(e1);
- }
- catch (ProcessingException e1)
- {
- log.error(e1);
- }
- }
- }
- else
- {
- log.error("No SAML Request Message");
- if(trace)
- log.trace("Referer="+referer);
- throw new ServletException("No SAML Request Message");
- }
- }
- }
- }
- }
-
- /**
- * Verify that the issuer is trusted
- * @param issuer
- * @throws IssuerNotTrustedException
- */
- protected void isTrusted(String issuer) throws IssuerNotTrustedException
- {
- try
- {
- String issuerDomain = ValveUtil.getDomain(issuer);
- TrustType idpTrust = idpConfiguration.getTrust();
- if(idpTrust != null)
- {
- String domainsTrusted = idpTrust.getDomains();
- if(domainsTrusted.indexOf(issuerDomain) < 0)
- throw new IssuerNotTrustedException(issuer);
- }
- }
- catch (Exception e)
- {
- throw new IssuerNotTrustedException(e.getLocalizedMessage(),e);
- }
- }
-
- protected void send(ResponseType responseType, String relayState, Response response)
- throws ParsingException, ProcessingException
- {
- try
- {
- SAML2Response saml2Response = new SAML2Response();
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- saml2Response.marshall(responseType, baos);
-
- String urlEncodedResponse = RedirectBindingUtil.deflateBase64URLEncode(baos.toByteArray());
-
- String destinationURL = responseType.getDestination();
- if(trace) log.trace("IDP:Destination=" + destinationURL);
-
- if(isNotNull(relayState))
- relayState = RedirectBindingUtil.urlEncode(relayState);
-
- StringBuilder finalDest = new StringBuilder(destinationURL);
- if(destinationURL.contains("?"))
- finalDest.append("&");
- else
- finalDest.append("?");
-
- finalDest.append( getDestinationQueryString(urlEncodedResponse, relayState) );
- HTTPRedirectUtil.sendRedirectForResponder(finalDest.toString(), response);
- }
- catch (IOException e)
- {
- throw new ProcessingException(e);
- }
- }
-
- /**
- * Generate a Destination URL for the HTTPRedirect binding
- * with the saml response and relay state
- * @param urlEncodedResponse
- * @param urlEncodedRelayState
- * @return
- */
- protected String getDestinationQueryString(String urlEncodedResponse, String urlEncodedRelayState)
- {
- StringBuilder sb = new StringBuilder();
- sb.append("SAMLResponse=").append(urlEncodedResponse);
- if(isNotNull(urlEncodedRelayState))
- sb.append("&RelayState=").append(urlEncodedRelayState);
- return sb.toString();
- }
-
- /**
- * Validate the incoming Request
- * @param request
- * @return
- */
- protected boolean validate(Request request) throws IOException,GeneralSecurityException
- {
- return this.hasSAMLRequestMessage(request);
- }
-
- private boolean hasSAMLRequestMessage(Request request)
- {
- return request.getParameter(GeneralConstants.SAML_REQUEST_KEY) != null;
- }
-
- private RequestAbstractType getSAMLRequest(Request request)
- throws ParsingException, ConfigurationException, ProcessingException
- {
- String samlMessage = getSAMLMessage(request);
- InputStream is = RedirectBindingUtil.base64DeflateDecode(samlMessage);
- SAML2Request saml2Request = new SAML2Request();
- return saml2Request.getRequestType(is);
- }
-
-
- /**
- * Create a response type
- * @param request
- * @param userPrincipal
- * @return
- * @throws ParsingException
- * @throws ConfigurationException
- * @throws ProcessingException
- */
- protected ResponseType getResponse(Request request, Principal userPrincipal)
- throws ParsingException, ConfigurationException, ProcessingException
- {
- ResponseType responseType = null;
-
- String samlMessage = getSAMLMessage(request);
- InputStream is = RedirectBindingUtil.base64DeflateDecode(samlMessage);
- SAML2Request saml2Request = new SAML2Request();
-
- AuthnRequestType authnRequestType = saml2Request.getAuthnRequestType(is);
-
- if(authnRequestType == null)
- throw new IllegalStateException("AuthnRequest is null");
-
- if(log.isTraceEnabled())
- {
- StringWriter sw = new StringWriter();
- saml2Request.marshall(authnRequestType, sw);
-
- log.trace("IDPRedirectValve::AuthnRequest="+sw.toString());
- }
- SAML2Response saml2Response = new SAML2Response();
-
- //Create a response type
- String id = IDGenerator.create("ID_");
-
- IssuerInfoHolder issuerHolder = new IssuerInfoHolder(this.identityURL);
- issuerHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get());
-
- IDPInfoHolder idp = new IDPInfoHolder();
- idp.setNameIDFormatValue(userPrincipal.getName());
- idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
-
- SPInfoHolder sp = new SPInfoHolder();
- sp.setResponseDestinationURI( authnRequestType.getAssertionConsumerServiceURL().toASCIIString() );
- responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
- //Add information on the roles
- List<String> roles = rg.generateRoles(userPrincipal);
- AssertionType assertion = (AssertionType) responseType.getAssertions().get(0).getAssertion();
-
- AttributeStatementType attrStatement = StatementUtil.createAttributeStatement(roles);
- assertion.addStatement( attrStatement );
-
- //Add timed conditions
- try
- {
- saml2Response.createTimedConditions(assertion, this.assertionValidity);
- }
- catch (IssueInstantMissingException e1)
- {
- log.error(e1);
- }
-
- //Lets see how the response looks like
- if(log.isTraceEnabled())
- {
- StringWriter sw = new StringWriter();
- saml2Response.marshall(responseType, sw);
-
- log.trace("IDPRedirectValve::Response="+sw.toString());
- }
-
- return responseType;
- }
-
- private ResponseType getErrorResponse(String responseURL, String status) throws ServletException
- {
- try
- {
- ResponseType responseType = null;
-
- SAML2Response saml2Response = new SAML2Response();
-
- //Create a response type
- String id = IDGenerator.create("ID_");
-
- IssuerInfoHolder issuerHolder = new IssuerInfoHolder(this.identityURL);
- issuerHolder.setStatusCode(status);
-
- IDPInfoHolder idp = new IDPInfoHolder();
- idp.setNameIDFormatValue(null);
- idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
-
- SPInfoHolder sp = new SPInfoHolder();
- sp.setResponseDestinationURI(responseURL);
- responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
-
- //Lets see how the response looks like
- if(log.isTraceEnabled())
- {
- log.trace("ResponseType = ");
- StringWriter sw = new StringWriter();
- saml2Response.marshall(responseType, sw);
- log.trace("IDPRedirectValve::Response="+sw.toString());
- }
-
- return responseType;
- }
- catch(Exception e)
- {
- log.error("Exception in getErrorResponse::",e);
- throw new ServletException(e.getLocalizedMessage());
- }
- }
-
- private String getSAMLMessage(Request request)
- {
- return request.getParameter(GeneralConstants.SAML_REQUEST_KEY);
- }
-
- //***************Catalina Lifecyle methods
- /**
- * The lifecycle event support for this component.
- */
- protected LifecycleSupport lifecycle = new LifecycleSupport(this);
-
- /**
- * Has this component been started yet?
- */
- private boolean started = false;
-
-
-
- /**
- * Add a lifecycle event listener to this component.
- *
- * @param listener The listener to add
- */
- public void addLifecycleListener(LifecycleListener listener)
- {
- lifecycle.addLifecycleListener(listener);
- }
-
-
- /**
- * Get the lifecycle listeners associated with this lifecycle. If this
- * Lifecycle has no listeners registered, a zero-length array is returned.
- */
- public LifecycleListener[] findLifecycleListeners()
- {
- return lifecycle.findLifecycleListeners();
- }
-
-
- /**
- * Remove a lifecycle event listener from this component.
- *
- * @param listener The listener to add
- */
- public void removeLifecycleListener(LifecycleListener listener)
- {
- lifecycle.removeLifecycleListener(listener);
- }
-
-
- /**
- * Prepare for the beginning of active use of the public methods of this
- * component. This method should be called after <code>configure()</code>,
- * and before any of the public methods of the component are utilized.
- *
- * @exception LifecycleException if this component detects a fatal error
- * that prevents this component from being used
- */
- public void start() throws LifecycleException
- {
- // Validate and update our current component state
- if (started)
- throw new LifecycleException
- ("IDPRedirectValve already Started");
- lifecycle.fireLifecycleEvent(START_EVENT, null);
- started = true;
-
- String configFile = GeneralConstants.CONFIG_FILE_LOCATION;
- Context context = (Context) getContainer();
- InputStream is = context.getServletContext().getResourceAsStream(configFile);
- if(is == null)
- throw new RuntimeException(configFile + " missing");
- try
- {
- idpConfiguration = ConfigurationUtil.getIDPConfiguration(is);
- this.identityURL = idpConfiguration.getIdentityURL();
- if(trace)
- log.trace("Identity Provider URL=" + this.identityURL);
- this.assertionValidity = idpConfiguration.getAssertionValidity();
- }
- catch (Exception e)
- {
- throw new RuntimeException(e);
- }
- }
-
-
- /**
- * Gracefully terminate the active use of the public methods of this
- * component. This method should be the last one called on a given
- * instance of this component.
- *
- * @exception LifecycleException if this component detects a fatal error
- * that needs to be reported
- */
- public void stop() throws LifecycleException
- {
- // Validate and update our current component state
- if (!started)
- throw new LifecycleException
- ("IDPRedirectValve NotStarted");
- lifecycle.fireLifecycleEvent(STOP_EVENT, null);
- started = false;
- }
-}
\ No newline at end of file
Deleted: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java 2011-01-10 16:25:30 UTC (rev 632)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java 2011-01-10 16:25:50 UTC (rev 633)
@@ -1,238 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.picketlink.identity.federation.bindings.tomcat.idp;
-
-import static org.picketlink.identity.federation.core.util.StringUtil.isNotNull;
-
-import java.io.IOException;
-import java.io.StringReader;
-import java.io.StringWriter;
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.security.GeneralSecurityException;
-import java.security.Principal;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.util.List;
-
-import javax.crypto.SecretKey;
-import javax.xml.namespace.QName;
-
-import org.apache.catalina.LifecycleException;
-import org.apache.catalina.connector.Request;
-import org.apache.log4j.Logger;
-import org.picketlink.identity.federation.api.saml.v2.response.SAML2Response;
-import org.picketlink.identity.federation.core.config.AuthPropertyType;
-import org.picketlink.identity.federation.core.config.EncryptionType;
-import org.picketlink.identity.federation.core.config.KeyProviderType;
-import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
-import org.picketlink.identity.federation.core.exceptions.ParsingException;
-import org.picketlink.identity.federation.core.exceptions.ProcessingException;
-import org.picketlink.identity.federation.core.interfaces.TrustKeyConfigurationException;
-import org.picketlink.identity.federation.core.interfaces.TrustKeyManager;
-import org.picketlink.identity.federation.core.interfaces.TrustKeyProcessingException;
-import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
-import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.picketlink.identity.federation.core.util.CoreConfigUtil;
-import org.picketlink.identity.federation.core.util.XMLEncryptionUtil;
-import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
-import org.picketlink.identity.federation.newmodel.saml.v2.assertion.EncryptedAssertionType;
-import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
-import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType.RTChoiceType;
-import org.picketlink.identity.federation.web.util.RedirectBindingSignatureUtil;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-
-/**
- * Valve at the Identity Provider that supports
- * SAML2 HTTP/Redirect binding with digital signature support
- * and xml encryption
- * @author Anil.Saldhana(a)redhat.com
- * @since Jan 14, 2009
- */
-public class IDPRedirectWithSignatureValve extends IDPRedirectValve
-{
- private static Logger log = Logger.getLogger(IDPRedirectWithSignatureValve.class);
- private boolean trace = log.isTraceEnabled();
-
- private boolean ignoreSignature = false;
-
- private TrustKeyManager keyManager;
-
- public IDPRedirectWithSignatureValve()
- {
- super();
- }
-
- /**
- * Indicate whether the signature parameter in the request
- * needs to be ignored
- * @param val
- */
- public void setIgnoreSignature(String val)
- {
- if(isNotNull(val))
- this.ignoreSignature = Boolean.valueOf(val);
- }
-
- @Override
- public void start() throws LifecycleException
- {
- super.start();
- KeyProviderType keyProvider = this.idpConfiguration.getKeyProvider();
- try
- {
- this.keyManager = CoreConfigUtil.getTrustKeyManager(keyProvider);
-
- List<AuthPropertyType> authProperties = CoreConfigUtil.getKeyProviderProperties(keyProvider);
- keyManager.setAuthProperties( authProperties );
-
- keyManager.setValidatingAlias(keyProvider.getValidatingAlias());
- String canonicalizationMethod = idpConfiguration.getCanonicalizationMethod();
-
- log.info( "IDPRedirectWithSignatureValve:: Setting the CanonicalizationMethod on XMLSignatureUtil::" + canonicalizationMethod );
- XMLSignatureUtil.setCanonicalizationMethodType(canonicalizationMethod);
- }
- catch(Exception e)
- {
- log.error("Exception reading configuration:",e);
- throw new LifecycleException(e.getLocalizedMessage());
- }
- if(trace) log.trace("Key Provider=" + keyProvider.getClassName());
- }
-
- @Override
- protected boolean validate(Request request) throws IOException, GeneralSecurityException
- {
- boolean result = super.validate(request);
- if( result == false)
- return result;
-
- if(this.ignoreSignature)
- {
- if(trace) log.trace("Since signature is to be ignored, validation returns");
- return true;
- }
-
- String queryString = request.getQueryString();
- //Check if there is a signature
- byte[] sigValue = RedirectBindingSignatureUtil.getSignatureValueFromSignedURL(queryString);
- if(sigValue == null)
- return false;
-
- PublicKey validatingKey;
- try
- {
- validatingKey = keyManager.getValidatingKey(request.getRemoteAddr());
- }
- catch (TrustKeyConfigurationException e)
- {
- throw new GeneralSecurityException(e.getCause());
- }
- catch (TrustKeyProcessingException e)
- {
- throw new GeneralSecurityException(e.getCause());
- }
-
- return RedirectBindingSignatureUtil.validateSignature(queryString, validatingKey, sigValue);
- }
-
- @Override
- protected String getDestinationQueryString(String urlEncodedResponse, String urlEncodedRelayState)
- {
- try
- {
- //Get the signing key
- PrivateKey signingKey = keyManager.getSigningKey();
- String url = RedirectBindingSignatureUtil.getSAMLResponseURLWithSignature(urlEncodedResponse, urlEncodedRelayState, signingKey);
- return url;
- }
- catch(Exception e)
- {
- throw new RuntimeException(e);
- }
- }
-
- @Override
- protected ResponseType getResponse(Request request, Principal userPrincipal)
- throws ParsingException, ConfigurationException, ProcessingException
- {
- SAML2Response saml2Response = new SAML2Response();
-
- ResponseType responseType = super.getResponse(request, userPrincipal);
-
- //If there is a configuration to encrypt
- if(this.idpConfiguration.isEncrypt())
- {
- //Need to encrypt the assertion
- String sp = responseType.getDestination();
- if(sp == null)
- throw new IllegalStateException("Unable to handle encryption as SP url is null");
- try
- {
- URL spurl = new URL(sp);
- PublicKey publicKey = keyManager.getValidatingKey(spurl.getHost());
- EncryptionType enc = idpConfiguration.getEncryption();
- if(enc == null)
- throw new IllegalStateException("EncryptionType not configured");
- String encAlgo = enc.getEncAlgo().value();
- int keyLength = enc.getKeySize();
- //Generate a key on the fly
- SecretKey sk = keyManager.getEncryptionKey(spurl.getHost(), encAlgo, keyLength);
-
- StringWriter sw = new StringWriter();
- saml2Response.marshall(responseType, sw);
-
- Document responseDoc = DocumentUtil.getDocument(new StringReader(sw.toString()));
-
- String assertionNS = JBossSAMLURIConstants.ASSERTION_NSURI.get();
-
- QName assertionQName = new QName(assertionNS, "EncryptedAssertion", "saml");
-
- Element encAssertion = XMLEncryptionUtil.encryptElementInDocument(responseDoc,
- publicKey, sk, keyLength, assertionQName, true);
-
-
- EncryptedAssertionType eet = saml2Response.getEncryptedAssertion(DocumentUtil.getNodeAsStream(encAssertion));
- responseType.addAssertion( new RTChoiceType( eet ));
- }
- catch (MalformedURLException e)
- {
- throw new ParsingException(e);
- }
- catch (Exception e)
- {
- throw new ProcessingException(e);
- }
- }
- //Lets see how the response looks like
- if(log.isTraceEnabled())
- {
- StringWriter sw = new StringWriter();
- saml2Response.marshall(responseType, sw);
-
- log.trace("IDPRedirectValveWithSignature::Response="+sw.toString());
- }
- return responseType;
- }
-}
\ No newline at end of file
13 years, 11 months
- 1
- 0