Picketlink SVN: r775 - federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/metadata.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-02-23 16:00:29 -0500 (Wed, 23 Feb 2011)
New Revision: 775
Modified:
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/metadata/EntityDescriptorType.java
Log:
get rid of the other redundant ctr
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/metadata/EntityDescriptorType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/metadata/EntityDescriptorType.java 2011-02-23 19:57:08 UTC (rev 774)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/metadata/EntityDescriptorType.java 2011-02-23 21:00:29 UTC (rev 775)
@@ -88,6 +88,7 @@
private AuthnAuthorityDescriptorType authnDescriptor;
private AttributeAuthorityDescriptorType attribDescriptor;
private PDPDescriptorType pdpDescriptor;
+
public EDTDescriptorChoiceType(RoleDescriptorType roleDescriptor)
{
if( roleDescriptor instanceof IDPSSODescriptorType )
@@ -112,26 +113,6 @@
}
else this.roleDescriptor = roleDescriptor;
}
- public EDTDescriptorChoiceType(IDPSSODescriptorType idpDescriptor)
- {
- this.idpDescriptor = idpDescriptor;
- }
- public EDTDescriptorChoiceType(SPSSODescriptorType spDescriptor)
- {
- this.spDescriptor = spDescriptor;
- }
- public EDTDescriptorChoiceType(AuthnAuthorityDescriptorType authnDescriptor)
- {
- this.authnDescriptor = authnDescriptor;
- }
- public EDTDescriptorChoiceType(AttributeAuthorityDescriptorType attribDescriptor)
- {
- this.attribDescriptor = attribDescriptor;
- }
- public EDTDescriptorChoiceType(PDPDescriptorType pdpDescriptor)
- {
- this.pdpDescriptor = pdpDescriptor;
- }
public RoleDescriptorType getRoleDescriptor()
{
return roleDescriptor;
13 years, 2 months
Picketlink SVN: r774 - in federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core: parsers/saml and 4 other directories.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-02-23 14:57:08 -0500 (Wed, 23 Feb 2011)
New Revision: 774
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/exceptions/ParsingException.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAssertionParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAuthNRequestParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLConditionsParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLResponseParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLSubjectParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntitiesDescriptorParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/xacml/SAMLXACMLRequestParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/sts/STSConfigParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java
Log:
PLFED-44: parsing errors should include Location
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/exceptions/ParsingException.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/exceptions/ParsingException.java 2011-02-23 19:41:18 UTC (rev 773)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/exceptions/ParsingException.java 2011-02-23 19:57:08 UTC (rev 774)
@@ -23,6 +23,9 @@
import java.security.GeneralSecurityException;
+import javax.xml.stream.Location;
+import javax.xml.stream.XMLStreamException;
+
/**
* General Exception indicating parsing exception
* @author Anil.Saldhana(a)redhat.com
@@ -31,6 +34,8 @@
public class ParsingException extends GeneralSecurityException
{
private static final long serialVersionUID = 1L;
+
+ private Location location;
public ParsingException()
{
@@ -50,5 +55,22 @@
public ParsingException(Throwable cause)
{
super(cause);
- }
-}
+ }
+
+ public ParsingException( XMLStreamException xmle )
+ {
+ super( xmle );
+ location = xmle.getLocation();
+ }
+
+ public Location getLocation()
+ {
+ return location;
+ }
+
+ @Override
+ public String toString()
+ {
+ return "ParsingException [location=" + location + "]" + super.toString();
+ }
+}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAssertionParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAssertionParser.java 2011-02-23 19:41:18 UTC (rev 773)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAssertionParser.java 2011-02-23 19:57:08 UTC (rev 774)
@@ -193,7 +193,7 @@
else
throw new RuntimeException( "Unknown xsi:type=" + xsiTypeValue );
}
- else throw new RuntimeException( "SAMLAssertionParser:: unknown: " + tag );
+ else throw new RuntimeException( "SAMLAssertionParser:: unknown: " + tag + "::location=" + peekedElement.getLocation() );
}
return assertion;
}
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAuthNRequestParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAuthNRequestParser.java 2011-02-23 19:41:18 UTC (rev 773)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAuthNRequestParser.java 2011-02-23 19:57:08 UTC (rev 774)
@@ -92,7 +92,7 @@
{
continue;
}
- else throw new RuntimeException( "Unknown Element:" + elementName );
+ else throw new RuntimeException( "Unknown Element:" + elementName + "::location=" + startElement.getLocation() );
}
return authnRequest;
}
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLConditionsParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLConditionsParser.java 2011-02-23 19:41:18 UTC (rev 773)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLConditionsParser.java 2011-02-23 19:57:08 UTC (rev 774)
@@ -119,7 +119,7 @@
AudienceRestrictionType audienceRestriction = getAudienceRestriction(xmlEventReader);
conditions.addCondition( audienceRestriction );
}
- else throw new RuntimeException( "Unknown tag:" + tag );
+ else throw new RuntimeException( "Unknown tag:" + tag + "::location=" + xmlEvent.getLocation());
}
return conditions;
}
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java 2011-02-23 19:41:18 UTC (rev 773)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java 2011-02-23 19:57:08 UTC (rev 774)
@@ -122,7 +122,7 @@
SAMLAssertionParser assertionParser = new SAMLAssertionParser();
return assertionParser.parse( xmlEventReader );
}
- else throw new RuntimeException( "Unknown Tag:" + elementName );
+ else throw new RuntimeException( "Unknown Tag:" + elementName + "::location=" + startElement.getLocation() );
}
else
{
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLResponseParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLResponseParser.java 2011-02-23 19:41:18 UTC (rev 773)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLResponseParser.java 2011-02-23 19:57:08 UTC (rev 774)
@@ -92,7 +92,7 @@
response.addAssertion( new RTChoiceType( new EncryptedAssertionType(encryptedAssertion ) ));
}
else
- throw new RuntimeException( "Unknown tag=" + elementName );
+ throw new RuntimeException( "Unknown tag=" + elementName + "::location=" + startElement.getLocation() );
}
return response;
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLSubjectParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLSubjectParser.java 2011-02-23 19:41:18 UTC (rev 773)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLSubjectParser.java 2011-02-23 19:57:08 UTC (rev 774)
@@ -123,7 +123,7 @@
StaxParserUtil.matches(endElement, JBossSAMLConstants.SUBJECT_CONFIRMATION.get());
}
else
- throw new RuntimeException("Unknown tag:" + tag);
+ throw new RuntimeException("Unknown tag:" + tag + "::location=" + peekedElement.getLocation() );
}
return subject;
}
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntitiesDescriptorParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntitiesDescriptorParser.java 2011-02-23 19:41:18 UTC (rev 773)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntitiesDescriptorParser.java 2011-02-23 19:57:08 UTC (rev 774)
@@ -110,7 +110,7 @@
entitiesDescriptorType.setSignature( StaxParserUtil.getDOMElement(xmlEventReader) );
}
else
- throw new RuntimeException( "Unknown " + localPart );
+ throw new RuntimeException( "Unknown " + localPart + " ::location=" + startElement.getLocation() );
}
return entitiesDescriptorType;
}
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java 2011-02-23 19:41:18 UTC (rev 773)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java 2011-02-23 19:57:08 UTC (rev 774)
@@ -151,7 +151,7 @@
StaxParserUtil.bypassElementBlock( xmlEventReader, JBossSAMLConstants.EXTENSIONS.get() );
}
else
- throw new RuntimeException( "Unknown " + localPart );
+ throw new RuntimeException( "Unknown " + localPart + "::location=" + startElement.getLocation() );
}
return entityDescriptorType;
}
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/xacml/SAMLXACMLRequestParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/xacml/SAMLXACMLRequestParser.java 2011-02-23 19:41:18 UTC (rev 773)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/xacml/SAMLXACMLRequestParser.java 2011-02-23 19:57:08 UTC (rev 774)
@@ -65,7 +65,7 @@
return parseXACMLAuthzDecisionQuery(startElement, xmlEventReader);
}
- throw new RuntimeException( "Parsing Failed: Unknown Tag=" + tag );
+ throw new RuntimeException( "Parsing Failed: Unknown Tag=" + tag + "::location=" + startElement.getLocation() );
}
public boolean supports(QName qname)
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/sts/STSConfigParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/sts/STSConfigParser.java 2011-02-23 19:41:18 UTC (rev 773)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/sts/STSConfigParser.java 2011-02-23 19:57:08 UTC (rev 774)
@@ -164,7 +164,7 @@
configType.setServiceProviders(this.parseServiceProviders(xmlEventReader));
}
else
- throw new ParsingException("Unknown Element: " + elementName);
+ throw new ParsingException("Unknown Element: " + elementName + "::Location=" + subEvent.getLocation() );
}
return configType;
}
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java 2011-02-23 19:41:18 UTC (rev 773)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java 2011-02-23 19:57:08 UTC (rev 774)
@@ -86,7 +86,7 @@
AttributeType attribute = parseAttribute(xmlEventReader);
attributeStatementType.addAttribute( new ASTChoiceType( attribute ));
}
- else throw new RuntimeException( "Unknown tag:" + tag );
+ else throw new RuntimeException( "Unknown tag:" + tag + "::Location=" + startElement.getLocation() );
}
return attributeStatementType;
}
@@ -206,7 +206,7 @@
Object attributeValue = parseAttributeValue(xmlEventReader);
attributeType.addAttributeValue( attributeValue );
}
- else throw new RuntimeException( "Unknown tag:" + tag );
+ else throw new RuntimeException( "Unknown tag:" + tag + "::Location=" + startElement.getLocation() );
}
}
@@ -268,7 +268,7 @@
{
authnStatementType.setAuthnContext( parseAuthnContextType( xmlEventReader ) );
}
- else throw new RuntimeException( "Unknown tag:" + tag );
+ else throw new RuntimeException( "Unknown tag:" + tag + "::Location=" + startElement.getLocation() );
EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader);
StaxParserUtil.validate(endElement, AUTHNSTATEMENT );
@@ -312,7 +312,7 @@
StaxParserUtil.validate(endElement, JBossSAMLConstants.AUTHN_CONTEXT.get() );
}
else
- throw new RuntimeException( "Unknown Tag:" + tag );
+ throw new RuntimeException( "Unknown Tag:" + tag + "::Location=" + startElement.getLocation() );
return authnContextType;
}
13 years, 2 months
Picketlink SVN: r772 - in federation/trunk: picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers and 2 other directories.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-02-23 12:43:59 -0500 (Wed, 23 Feb 2011)
New Revision: 772
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/md/providers/MetaDataBuilderDelegate.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataWriterUnitTestCase.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/metadata/EntityDescriptorType.java
Log:
PLFED-142: fix the metadata related issues
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/md/providers/MetaDataBuilderDelegate.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/md/providers/MetaDataBuilderDelegate.java 2011-02-23 17:11:52 UTC (rev 771)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/md/providers/MetaDataBuilderDelegate.java 2011-02-23 17:43:59 UTC (rev 772)
@@ -26,6 +26,7 @@
import java.util.List;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EndpointType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType;
@@ -168,8 +169,10 @@
List<AttributeType> attributes,
OrganizationType org)
{
- List<String> emptyList = new ArrayList<String>();
- SPSSODescriptorType sp = new SPSSODescriptorType( emptyList );
+ List<String> protocolEnumList = new ArrayList<String>();
+ protocolEnumList.add( JBossSAMLURIConstants.PROTOCOL_NSURI.get() );
+
+ SPSSODescriptorType sp = new SPSSODescriptorType( protocolEnumList );
sp.addSingleLogoutService( sloEndPoint );
sp.addKeyDescriptor( keyDescriptorType );
sp.setAuthnRequestsSigned(requestsSigned);
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java 2011-02-23 17:11:52 UTC (rev 771)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java 2011-02-23 17:43:59 UTC (rev 772)
@@ -52,6 +52,7 @@
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.LocalizedURIType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.OrganizationType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.RequestedAttributeType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.RoleDescriptorType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.SPSSODescriptorType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.SSODescriptorType;
import org.w3c.dom.Element;
@@ -98,6 +99,11 @@
List<EDTDescriptorChoiceType> edtDescChoices = edtChoice.getDescriptors();
for( EDTDescriptorChoiceType edtDescChoice : edtDescChoices )
{
+ RoleDescriptorType roleDesc = edtDescChoice.getRoleDescriptor();
+
+ if( roleDesc != null )
+ throw new RuntimeException( "Role Descriptor type not handled" );
+
IDPSSODescriptorType idpSSO = edtDescChoice.getIdpDescriptor();
if( idpSSO != null )
write( edtDescChoice.getIdpDescriptor() );
@@ -116,7 +122,10 @@
}
}
OrganizationType organization = entityDescriptor.getOrganization();
- writeOrganization(organization);
+ if( organization != null )
+ {
+ writeOrganization(organization);
+ }
List<ContactType> contactPersons = entityDescriptor.getContactPerson();
for( ContactType contact : contactPersons )
@@ -130,7 +139,7 @@
public void write( SSODescriptorType ssoDescriptor ) throws ProcessingException
{
- throw new RuntimeException( "should not called" );
+ throw new RuntimeException( "should not be called" );
}
public void write( SPSSODescriptorType spSSODescriptor ) throws ProcessingException
@@ -325,6 +334,8 @@
public void writeOrganization( OrganizationType org ) throws ProcessingException
{
+ if( org == null )
+ throw new ProcessingException( "Organization is null" );
StaxUtil.writeStartElement(writer, METADATA_PREFIX, JBossSAMLConstants.ORGANIZATION.get(),
METADATA_NSURI.get());
Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataWriterUnitTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataWriterUnitTestCase.java 2011-02-23 17:11:52 UTC (rev 771)
+++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataWriterUnitTestCase.java 2011-02-23 17:43:59 UTC (rev 772)
@@ -25,14 +25,24 @@
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.List;
import javax.xml.stream.XMLStreamWriter;
import org.junit.Test;
import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
+import org.picketlink.identity.federation.core.saml.md.providers.MetaDataBuilderDelegate;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.saml.v2.writers.SAMLMetadataWriter;
import org.picketlink.identity.federation.core.util.StaxUtil;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EndpointType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.KeyDescriptorType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.OrganizationType;
+import org.picketlink.identity.federation.newmodel.saml.v2.metadata.SPSSODescriptorType;
/**
@@ -84,4 +94,36 @@
System.out.println( new String( baos.toByteArray() ));
}
+
+ /**
+ * PLFED-142
+ * @throws Exception
+ */
+ @Test
+ public void testDynamicMetadataCreation() throws Exception
+ {
+ OrganizationType org = new OrganizationType();
+ AttributeType attributeType = new AttributeType( "hello" );
+ List<AttributeType> attributes = new ArrayList<AttributeType>();
+ attributes.add(attributeType);
+
+ URI test = URI.create( "http://test");
+ EndpointType sloEndPoint = new EndpointType( test, test );
+ KeyDescriptorType keyDescriptorType = new KeyDescriptorType();
+ String str = "<a/>";
+ keyDescriptorType.setKeyInfo( DocumentUtil.getDocument( str ).getDocumentElement() );
+
+ SPSSODescriptorType spSSO = MetaDataBuilderDelegate.createSPSSODescriptor(false, keyDescriptorType, sloEndPoint, attributes, org);
+ EntityDescriptorType entity = MetaDataBuilderDelegate.createEntityDescriptor(spSSO);
+
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+
+ XMLStreamWriter writer = StaxUtil.getXMLStreamWriter( baos );
+
+ //write it back
+ SAMLMetadataWriter mdWriter = new SAMLMetadataWriter( writer );
+ mdWriter.writeEntityDescriptor( entity ) ;
+ System.out.println( new String( baos.toByteArray() ));
+ }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/metadata/EntityDescriptorType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/metadata/EntityDescriptorType.java 2011-02-23 17:11:52 UTC (rev 771)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/metadata/EntityDescriptorType.java 2011-02-23 17:43:59 UTC (rev 772)
@@ -90,7 +90,15 @@
private PDPDescriptorType pdpDescriptor;
public EDTDescriptorChoiceType(RoleDescriptorType roleDescriptor)
{
- this.roleDescriptor = roleDescriptor;
+ if( roleDescriptor instanceof IDPSSODescriptorType )
+ {
+ this.idpDescriptor = (IDPSSODescriptorType) roleDescriptor;
+ }
+ else if( roleDescriptor instanceof SPSSODescriptorType )
+ {
+ this.spDescriptor = (SPSSODescriptorType) roleDescriptor;
+ }
+ else this.roleDescriptor = roleDescriptor;
}
public EDTDescriptorChoiceType(IDPSSODescriptorType idpDescriptor)
{
13 years, 2 months
Picketlink SVN: r771 - in federation/trunk/picketlink-fed-core/src: main/java/org/picketlink/identity/federation/core/saml/v2/writers and 1 other directories.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-02-23 12:11:52 -0500 (Wed, 23 Feb 2011)
New Revision: 771
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java
federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-authnrequest.xml
Log:
PLFED-143: fix the authnrequest writing
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java 2011-02-23 16:43:15 UTC (rev 770)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java 2011-02-23 17:11:52 UTC (rev 771)
@@ -34,10 +34,12 @@
ASSERTION( "Assertion" ),
ASSERTION_CONSUMER_SERVICE( "AssertionConsumerService" ),
ASSERTION_CONSUMER_SERVICE_URL( "AssertionConsumerServiceURL" ),
+ ASSERTION_CONSUMER_SERVICE_INDEX( "AssertionConsumerServiceIndex" ),
ASSERTION_ID_REQUEST_SERVICE( "AssertionIDRequestService" ),
ATTRIBUTE( "Attribute" ),
ATTRIBUTE_AUTHORITY_DESCRIPTOR( "AttributeAuthorityDescriptor" ),
ATTRIBUTE_CONSUMING_SERVICE( "AttributeConsumingService" ),
+ ATTRIBUTE_CONSUMING_SERVICE_INDEX( "AttributeConsumingServiceIndex" ),
ATTRIBUTE_SERVICE( "AttributeService" ),
ATTRIBUTE_STATEMENT( "AttributeStatement" ),
ATTRIBUTE_VALUE( "AttributeValue" ),
@@ -69,6 +71,7 @@
EXTENSIONS( "Extensions" ),
FORMAT( "Format" ),
FRIENDLY_NAME( "FriendlyName" ),
+ FORCE_AUTHN( "ForceAuthn"),
GIVEN_NAME( "GivenName" ),
ID( "ID" ),
IDP_SSO_DESCRIPTOR( "IDPSSODescriptor" ),
@@ -77,6 +80,7 @@
IN_RESPONSE_TO( "InResponseTo" ),
ISDEFAULT( "isDefault" ),
IS_REQUIRED( "isRequired" ),
+ IS_PASSIVE( "IsPassive" ),
ISSUE_INSTANT( "IssueInstant" ),
ISSUER( "Issuer" ),
KEY_DESCRIPTOR( "KeyDescriptor" ),
@@ -102,7 +106,9 @@
ORGANIZATION_NAME( "OrganizationName" ),
ORGANIZATION_DISPLAY_NAME( "OrganizationDisplayName" ),
ORGANIZATION_URL( "OrganizationURL" ),
+ PROTOCOL_BINDING( "ProtocolBinding" ),
PROTOCOL_SUPPORT_ENUMERATION( "protocolSupportEnumeration" ),
+ PROVIDER_NAME( "ProviderName" ),
REQUESTED_AUTHN_CONTEXT( "RequestedAuthnContext" ),
RECIPIENT( "Recipient" ),
REQUEST( "Request" ),
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java 2011-02-23 16:43:15 UTC (rev 770)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java 2011-02-23 17:11:52 UTC (rev 771)
@@ -91,6 +91,41 @@
if( assertionURL != null )
StaxUtil.writeAttribute( writer, JBossSAMLConstants.ASSERTION_CONSUMER_SERVICE_URL.get(), assertionURL.toASCIIString() );
+ Boolean forceAuthn = request.isForceAuthn();
+ if( forceAuthn != null )
+ {
+ StaxUtil.writeAttribute( writer, JBossSAMLConstants.FORCE_AUTHN.get(), forceAuthn.toString() );
+ }
+
+ Boolean isPassive = request.isIsPassive();
+ if( isPassive != null )
+ {
+ StaxUtil.writeAttribute( writer, JBossSAMLConstants.IS_PASSIVE.get(), isPassive.toString() );
+ }
+
+ URI protocolBinding = request.getProtocolBinding();
+ if( protocolBinding != null )
+ {
+ StaxUtil.writeAttribute( writer, JBossSAMLConstants.PROTOCOL_BINDING.get(), protocolBinding.toString() );
+ }
+
+ Integer assertionIndex = request.getAssertionConsumerServiceIndex();
+ if( assertionIndex != null )
+ {
+ StaxUtil.writeAttribute( writer, JBossSAMLConstants.ASSERTION_CONSUMER_SERVICE_INDEX.get(), assertionIndex.toString() );
+ }
+
+ Integer attrIndex = request.getAttributeConsumingServiceIndex();
+ if( attrIndex != null )
+ {
+ StaxUtil.writeAttribute( writer, JBossSAMLConstants.ATTRIBUTE_CONSUMING_SERVICE_INDEX.get(), attrIndex.toString() );
+ }
+ String providerName = request.getProviderName();
+ if( StringUtil.isNotNull( providerName ))
+ {
+ StaxUtil.writeAttribute( writer, JBossSAMLConstants.PROVIDER_NAME.get(), providerName );
+ }
+
NameIDType issuer = request.getIssuer();
if( issuer != null )
{
Modified: federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-authnrequest.xml
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-authnrequest.xml 2011-02-23 16:43:15 UTC (rev 770)
+++ federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-authnrequest.xml 2011-02-23 17:11:52 UTC (rev 771)
@@ -6,6 +6,8 @@
IssueInstant="2007-12-17T18:40:52.203Z"
ProtocolBinding="urn:oasis:names.tc:SAML:2.0:bindings:HTTP-Redirect"
ProviderName="Test SAML2 SP" Version="2.0"
+ AssertionConsumerServiceIndex="0"
+ AttributeConsumingServiceIndex="0"
xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
13 years, 2 months
Picketlink SVN: r770 - picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-02-23 11:43:15 -0500 (Wed, 23 Feb 2011)
New Revision: 770
Modified:
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/Configuration.java
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlConfiguration.java
Log:
PLFED-138: add a method to StringUtil to pick a system property if needed
Modified: picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/Configuration.java
===================================================================
--- picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/Configuration.java 2011-02-23 16:36:01 UTC (rev 769)
+++ picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/Configuration.java 2011-02-23 16:43:15 UTC (rev 770)
@@ -79,11 +79,13 @@
for (ServiceProvider sp : serviceProviders)
{
- if (serviceProviderMap.containsKey(sp.getHostname()))
+ String hostName = StringUtil.getSystemPropertyAsString( sp.getHostname() );
+
+ if (serviceProviderMap.containsKey( hostName ))
{
throw new RuntimeException("Two service providers have the same hostname");
}
- serviceProviderMap.put(sp.getHostname(), sp);
+ serviceProviderMap.put( hostName, sp);
}
}
Modified: picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlConfiguration.java
===================================================================
--- picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlConfiguration.java 2011-02-23 16:36:01 UTC (rev 769)
+++ picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlConfiguration.java 2011-02-23 16:43:15 UTC (rev 770)
@@ -82,13 +82,14 @@
for (SamlIdentityProviderType samlIdp : samlConfig.getSamlIdentityProvider())
{
- IDPSSODescriptorType idpSsoDescriptor = idpMetaInfo.get(samlIdp.getEntityId());
+ String entityID = StringUtil.getSystemPropertyAsString( samlIdp.getEntityId() );
+ IDPSSODescriptorType idpSsoDescriptor = idpMetaInfo.get( entityID );
if (idpSsoDescriptor == null)
{
- throw new RuntimeException("Saml identity provider with entity id \"" + samlIdp.getEntityId()
+ throw new RuntimeException("Saml identity provider with entity id \"" + entityID
+ "\" not found in metadata.");
}
- SamlIdentityProvider samlIdentityProvider = new SamlIdentityProvider(samlIdp.getEntityId(), idpSsoDescriptor);
+ SamlIdentityProvider samlIdentityProvider = new SamlIdentityProvider( entityID, idpSsoDescriptor);
identityProviders.add(samlIdentityProvider);
samlIdentityProvider.setWantSingleLogoutMessagesSigned(samlIdp.isWantSingleLogoutMessagesSigned());
@@ -106,7 +107,8 @@
wantAuthnRequestsSigned = true;
}
}
- if (identityProvider.getEntityId().equals(samlConfig.getDefaultIdentityProvider()))
+ String entityID = StringUtil.getSystemPropertyAsString( identityProvider.getEntityId() );
+ if ( entityID.equals( StringUtil.getSystemPropertyAsString( samlConfig.getDefaultIdentityProvider() )))
{
defaultIdentityProvider = identityProvider;
}
@@ -118,10 +120,10 @@
"Configuration error: at least one identity provider wants the authentication requests signed, but the service provider doesn't sign authentication requests.");
}
- String keyStoreUrl = samlConfig.getKeyStoreUrl();
- String keyStorePass = samlConfig.getKeyStorePass();
- String signingKeyAlias = samlConfig.getSigningKeyAlias();
- String signingKeyPass = samlConfig.getSigningKeyPass();
+ String keyStoreUrl = StringUtil.getSystemPropertyAsString( samlConfig.getKeyStoreUrl() );
+ String keyStorePass = StringUtil.getSystemPropertyAsString( samlConfig.getKeyStorePass() );
+ String signingKeyAlias = StringUtil.getSystemPropertyAsString( samlConfig.getSigningKeyAlias() );
+ String signingKeyPass = StringUtil.getSystemPropertyAsString( samlConfig.getSigningKeyPass() );
if (signingKeyPass == null)
{
signingKeyPass = keyStorePass;
@@ -288,7 +290,7 @@
if (identityProvider instanceof SamlIdentityProvider)
{
SamlIdentityProvider samlIdentityProvider = (SamlIdentityProvider) identityProvider;
- if (samlIdentityProvider.getEntityId().equals(entityId))
+ if ( StringUtil.getSystemPropertyAsString( samlIdentityProvider.getEntityId() ).equals(entityId))
{
return samlIdentityProvider;
}
13 years, 2 months
Picketlink SVN: r769 - in federation/trunk/picketlink-fed-core/src: test/java/org/picketlink/test/identity/federation/core/parser and 1 other directory.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-02-23 11:36:01 -0500 (Wed, 23 Feb 2011)
New Revision: 769
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StringUtil.java
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/SystemPropertyAsStringUnitTestCase.java
Log:
PLFED-138: add a method to StringUtil to pick a system property if needed
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StringUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StringUtil.java 2011-02-23 02:27:19 UTC (rev 768)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StringUtil.java 2011-02-23 16:36:01 UTC (rev 769)
@@ -24,6 +24,8 @@
import java.util.ArrayList;
import java.util.List;
import java.util.StringTokenizer;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
/**
@@ -60,14 +62,26 @@
*/
public static String getSystemPropertyAsString( String str )
{
- if( str.startsWith( "${") && str.endsWith( "}" ))
- {
- int len = str.length();
- str = str.substring( 2, len -1 );
- String sysPropertyValue = SecurityActions.getSystemProperty(str, "" );
- if( sysPropertyValue.isEmpty() )
- throw new IllegalArgumentException( "System Property " + str + " is not set" );
- str = sysPropertyValue;
+ if( str.contains( "${") )
+ {
+ Pattern pattern = Pattern.compile( "\\$\\{([^}]+)}" );
+ Matcher matcher = pattern.matcher(str);
+
+ StringBuffer buffer = new StringBuffer();
+ String sysPropertyValue = null;
+
+ while (matcher.find())
+ {
+ sysPropertyValue = SecurityActions.getSystemProperty( matcher.group(1), "" );
+ if( sysPropertyValue.isEmpty() )
+ {
+ throw new IllegalArgumentException( "System Property " + matcher.group(1) + " is not set" );
+ }
+ matcher.appendReplacement(buffer,sysPropertyValue);
+ }
+
+ matcher.appendTail(buffer);
+ str = buffer.toString();
}
return str;
}
Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/SystemPropertyAsStringUnitTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/SystemPropertyAsStringUnitTestCase.java 2011-02-23 02:27:19 UTC (rev 768)
+++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/SystemPropertyAsStringUnitTestCase.java 2011-02-23 16:36:01 UTC (rev 769)
@@ -23,6 +23,7 @@
import static org.junit.Assert.assertEquals;
+import org.junit.Before;
import org.junit.Test;
import org.picketlink.identity.federation.core.util.StringUtil;
@@ -34,13 +35,25 @@
*/
public class SystemPropertyAsStringUnitTestCase
{
+ @Before
+ public void setup()
+ {
+ System.setProperty( "test", "anil" );
+ System.setProperty( "person", "marcus" );
+ }
@Test
public void testSystemProperty() throws Exception
{
- System.setProperty( "test", "anil" );
- String str = "${test}";
- assertEquals( "anil", StringUtil.getSystemPropertyAsString( str ) );
+ assertEquals( "test" , StringUtil.getSystemPropertyAsString( "test" ) );
+ assertEquals( "test/test" , StringUtil.getSystemPropertyAsString( "test/test" ) );
+
+ assertEquals( "anil", StringUtil.getSystemPropertyAsString( "${test}" ) );
+ assertEquals( "test/anil", StringUtil.getSystemPropertyAsString( "test/${test}" ) );
+
+ assertEquals( "anil:anil:marcus//anil", StringUtil.getSystemPropertyAsString( "${test}:${test}:${person}//${test}" ) );
+
+ //Test if any of the parantheses are not correctly closed
+ assertEquals( "anil:anil:marcus//${test", StringUtil.getSystemPropertyAsString( "${test}:${test}:${person}//${test" ) );
}
-
}
\ No newline at end of file
13 years, 2 months
Picketlink SVN: r768 - integration-tests/trunk/picketlink-sts-tests.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-02-22 21:27:19 -0500 (Tue, 22 Feb 2011)
New Revision: 768
Modified:
integration-tests/trunk/picketlink-sts-tests/pom.xml
Log:
add exclusion
Modified: integration-tests/trunk/picketlink-sts-tests/pom.xml
===================================================================
--- integration-tests/trunk/picketlink-sts-tests/pom.xml 2011-02-23 02:19:04 UTC (rev 767)
+++ integration-tests/trunk/picketlink-sts-tests/pom.xml 2011-02-23 02:27:19 UTC (rev 768)
@@ -143,6 +143,16 @@
<classifier>jmx-invoker-adaptor-client</classifier>
<version>5.1.0.GA</version>
<scope>test</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>trove</groupId>
+ <artifactId>trove</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>wutka-dtdparser</groupId>
+ <artifactId>dtdparser121</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.jboss.jbossas</groupId>
13 years, 2 months
Picketlink SVN: r767 - in federation/trunk: picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants and 1 other directories.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-02-22 21:19:04 -0500 (Tue, 22 Feb 2011)
New Revision: 767
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces/SAML2Handler.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
Log:
PLFED-140: PLFED-141:
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces/SAML2Handler.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces/SAML2Handler.java 2011-02-23 02:09:23 UTC (rev 766)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces/SAML2Handler.java 2011-02-23 02:19:04 UTC (rev 767)
@@ -34,7 +34,9 @@
{
//Define some constants
String DISABLE_AUTHN_STATEMENT = "DISABLE_AUTHN_STATEMENT";
- String DISABLE_SENDING_ROLES = "DISABLE_SENDING_ROLES";
+ String DISABLE_SENDING_ROLES = "DISABLE_SENDING_ROLES";
+ String DISABLE_ROLE_PICKING = "DISABLE_ROLE_PICKING";
+ String ROLE_KEY = "ROLE_KEY";
/**
* Processing Point - idp side
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java 2011-02-23 02:09:23 UTC (rev 766)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java 2011-02-23 02:19:04 UTC (rev 767)
@@ -40,8 +40,6 @@
String CONFIGURATION = "CONFIGURATION";
String CONFIG_FILE_LOCATION = "/WEB-INF/picketlink-idfed.xml";
- String DISABLE_ROLE_PICKING = "DisableRolePicking";
-
String GLOBAL_LOGOUT = "GLO";
String HANDLER_CONFIG_FILE_LOCATION = "/WEB-INF/picketlink-handlers.xml";
@@ -59,12 +57,6 @@
String ROLES = "ROLES";
String ROLES_ID = "jboss_identity.roles";
- /**
- * {@link SAML2AuthenticationHandler} can be configured with a key that picks
- * the attributes from the IDP attribute statements
- */
- String ROLE_KEY = "ROLE_KEY";
-
String ROLE_GENERATOR = "ROLE_GENERATOR";
String ROLE_VALIDATOR = "ROLE_VALIDATOR";
String ROLE_VALIDATOR_IGNORE = "ROLE_VALIDATOR_IGNORE";
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2011-02-23 02:09:23 UTC (rev 766)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2011-02-23 02:19:04 UTC (rev 767)
@@ -512,9 +512,9 @@
List<String> roles = new ArrayList<String>();
//PLFED-141: Disable role picking from IDP response
- if( handlerConfig.containsKey( GeneralConstants.DISABLE_ROLE_PICKING ))
+ if( handlerConfig.containsKey( DISABLE_ROLE_PICKING ))
{
- String val = (String) handlerConfig.getParameter( GeneralConstants.DISABLE_ROLE_PICKING );
+ String val = (String) handlerConfig.getParameter( DISABLE_ROLE_PICKING );
if( StringUtil.isNotNull(val) && "true".equalsIgnoreCase(val) )
return roles;
}
@@ -522,9 +522,9 @@
//PLFED-140: which of the attribute statements represent roles?
List<String> roleKeys = new ArrayList<String>();
- if( handlerConfig.containsKey( GeneralConstants.ROLE_KEY ) )
+ if( handlerConfig.containsKey( ROLE_KEY ) )
{
- String roleKey = (String) handlerConfig.getParameter( GeneralConstants.ROLE_KEY );
+ String roleKey = (String) handlerConfig.getParameter( ROLE_KEY );
roleKeys.addAll( StringUtil.tokenize( roleKey ) );
}
13 years, 2 months
Picketlink SVN: r766 - in federation/trunk: picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/workflow and 8 other directories.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-02-22 21:09:23 -0500 (Tue, 22 Feb 2011)
New Revision: 766
Added:
federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/workflow/PingFederateResponseTestCase.java
federation/trunk/picketlink-bindings/src/test/resources/responseIDP/
federation/trunk/picketlink-bindings/src/test/resources/responseIDP/pingidp.xml
federation/trunk/picketlink-bindings/src/test/resources/saml2/post/ping/
federation/trunk/picketlink-bindings/src/test/resources/saml2/post/ping/WEB-INF/
federation/trunk/picketlink-bindings/src/test/resources/saml2/post/ping/WEB-INF/picketlink-handlers.xml
federation/trunk/picketlink-bindings/src/test/resources/saml2/post/ping/WEB-INF/picketlink-idfed.xml
Modified:
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/process/ServiceProviderSAMLResponseProcessor.java
Log:
PLFED-140: PLFED-141:
Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2011-02-23 02:08:28 UTC (rev 765)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2011-02-23 02:09:23 UTC (rev 766)
@@ -25,6 +25,7 @@
import java.io.IOException;
import java.security.Principal;
+import java.util.Arrays;
import java.util.List;
import java.util.Set;
@@ -241,7 +242,9 @@
String username = principal.getName();
String password = ServiceProviderSAMLContext.EMPTY_PASSWORD;
-
+ if( trace )
+ log.trace( "Roles determined for username=" + username + "=" + Arrays.toString( roles.toArray() ) );
+
//Map to JBoss specific principal
if((new ServerDetector()).isJboss() || jbossEnv)
{
@@ -251,9 +254,9 @@
ServiceProviderSAMLContext.clear();
}
else
- {
+ {
//tomcat env
- principal = spUtil.createGenericPrincipal(request, principal.getName(), roles);
+ principal = spUtil.createGenericPrincipal(request, username, roles);
}
session.setNote(Constants.SESS_USERNAME_NOTE, username);
Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java 2011-02-23 02:08:28 UTC (rev 765)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java 2011-02-23 02:09:23 UTC (rev 766)
@@ -117,6 +117,8 @@
boolean willSendRequest)
throws ProcessingException, ConfigurationException, IOException
{
+ if( keyManager == null )
+ throw new IllegalStateException( "Key Manager is null" );
//Sign the document
SAML2Signature samlSignature = new SAML2Signature();
KeyPair keypair = keyManager.getSigningKeyPair();
Added: federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/workflow/PingFederateResponseTestCase.java
===================================================================
--- federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/workflow/PingFederateResponseTestCase.java (rev 0)
+++ federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/workflow/PingFederateResponseTestCase.java 2011-02-23 02:09:23 UTC (rev 766)
@@ -0,0 +1,126 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.bindings.workflow;
+
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.PrintWriter;
+import java.net.URL;
+
+import org.apache.catalina.deploy.LoginConfig;
+import org.junit.Test;
+import org.picketlink.identity.federation.bindings.tomcat.sp.SPPostFormAuthenticator;
+import org.picketlink.identity.federation.web.constants.GeneralConstants;
+import org.picketlink.identity.federation.web.util.PostBindingUtil;
+import org.picketlink.test.identity.federation.bindings.mock.MockCatalinaContext;
+import org.picketlink.test.identity.federation.bindings.mock.MockCatalinaContextClassLoader;
+import org.picketlink.test.identity.federation.bindings.mock.MockCatalinaRequest;
+import org.picketlink.test.identity.federation.bindings.mock.MockCatalinaResponse;
+import org.picketlink.test.identity.federation.bindings.mock.MockCatalinaSession;
+
+/**
+ * Validating PicketLink SP Handling of
+ * a response from Ping Federate IDP.
+ *
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Feb 22, 2011
+ */
+public class PingFederateResponseTestCase
+{
+ private String profile = "saml2/post";
+ private ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+
+ @Test
+ public void testSP() throws Exception
+ {
+ MockCatalinaSession session = new MockCatalinaSession();
+ //First we go to the employee application
+ MockCatalinaContextClassLoader mclSPEmp = setupTCL(profile + "/ping");
+ Thread.currentThread().setContextClassLoader(mclSPEmp);
+ SPPostFormAuthenticator spEmpl = new SPPostFormAuthenticator();
+
+ MockCatalinaContext context = new MockCatalinaContext();
+ spEmpl.setContainer(context);
+ spEmpl.testStart();
+
+
+ MockCatalinaRequest catalinaRequest = new MockCatalinaRequest();
+ catalinaRequest.setSession(session);
+ catalinaRequest.setContext(context);
+
+ String idpResponse = PostBindingUtil.base64Encode( new String( readIDPResponse()) );
+
+ catalinaRequest.setParameter( GeneralConstants.SAML_RESPONSE_KEY, idpResponse );
+
+ MockCatalinaResponse catalinaResponse = new MockCatalinaResponse();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ catalinaResponse.setWriter(new PrintWriter(baos));
+
+ LoginConfig loginConfig = new LoginConfig();
+ assertTrue( spEmpl.authenticate(catalinaRequest, catalinaResponse, loginConfig) );
+ }
+
+ private byte[] readIDPResponse() throws IOException
+ {
+ File file = new File( tcl.getResource("responseIDP/pingidp.xml").getPath() );
+ InputStream is = new FileInputStream( file );
+ assertNotNull( is );
+
+ long length = file.length();
+
+ // Create the byte array to hold the data
+ byte[] bytes = new byte[(int)length];
+
+ // Read in the bytes
+ int offset = 0;
+ int numRead = 0;
+ while (offset < bytes.length
+ && (numRead=is.read(bytes, offset, bytes.length-offset)) >= 0) {
+ offset += numRead;
+ }
+
+ // Ensure all the bytes have been read in
+ if (offset < bytes.length) {
+ throw new IOException("Could not completely read file "+file.getName());
+ }
+
+ // Close the input stream and return bytes
+ is.close();
+ return bytes;
+ }
+
+ private MockCatalinaContextClassLoader setupTCL(String resource)
+ {
+ URL[] urls = new URL[] {tcl.getResource(resource)};
+
+ MockCatalinaContextClassLoader mcl = new MockCatalinaContextClassLoader(urls);
+ mcl.setDelegate(tcl);
+ mcl.setProfile(resource);
+ return mcl;
+ }
+}
\ No newline at end of file
Added: federation/trunk/picketlink-bindings/src/test/resources/responseIDP/pingidp.xml
===================================================================
--- federation/trunk/picketlink-bindings/src/test/resources/responseIDP/pingidp.xml (rev 0)
+++ federation/trunk/picketlink-bindings/src/test/resources/responseIDP/pingidp.xml 2011-02-23 02:09:23 UTC (rev 766)
@@ -0,0 +1,229 @@
+<samlp:Response Destination="https://201.000.000.00/gctxyz" InResponseTo="ID_76b05a86-993e-4ba4-83b6-e0fe7d292e78"
+
+ IssueInstant="2011-02-21T17:35:08.182Z" ID="o5x7YnbyTo.XL_47-oLmZwgUgpP" Version="2.0"
+
+ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
+
+ <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://test.xyz.com</saml:Issuer>
+
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+
+ <ds:SignedInfo>
+
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+
+ <ds:Reference URI="#o5x7YnbyTo.XL_47-oLmZwgUgpP">
+
+ <ds:Transforms>
+
+ <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+
+ </ds:Transforms>
+
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+
+ <ds:DigestValue>joOnzlFL1squOg8uAb5fLcA9x0s=</ds:DigestValue>
+
+ </ds:Reference>
+
+ </ds:SignedInfo>
+
+ <ds:SignatureValue>
+
+ ...
+
+ </ds:SignatureValue>
+
+ <ds:KeyInfo>
+
+ <ds:X509Data>
+
+ <ds:X509Certificate>
+
+ ...
+
+ </ds:X509Certificate>
+
+ </ds:X509Data>
+
+ <ds:KeyValue>
+
+ <ds:RSAKeyValue>
+
+ <ds:Modulus>
+
+ ...
+
+ </ds:Modulus>
+
+ <ds:Exponent>AQAB</ds:Exponent>
+
+ </ds:RSAKeyValue>
+
+ </ds:KeyValue>
+
+ </ds:KeyInfo>
+
+ </ds:Signature>
+
+ <samlp:Status>
+
+ <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+
+ </samlp:Status>
+
+ <saml:Assertion Version="2.0" IssueInstant="2011-02-21T17:35:08.196Z" ID="RM9ViMLu.M-ejey1FVNCeeIBws."
+
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
+
+ <saml:Issuer>https://test.xyz.com</saml:Issuer>
+
+ <saml:Subject>
+
+ <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">asptest</saml:NameID>
+
+ <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+
+ <saml:SubjectConfirmationData InResponseTo="ID_76b05a86-993e-4ba4-83b6-e0fe7d292e78"
+
+ NotOnOrAfter="2023-02-21T17:40:08.196Z"
+
+ Recipient="https://201.000.000.00/gctxyz"/>
+
+ </saml:SubjectConfirmation>
+
+ </saml:Subject>
+
+ <saml:Conditions NotOnOrAfter="2023-02-21T17:40:08.196Z" NotBefore="2011-02-21T17:30:08.196Z">
+
+ <saml:AudienceRestriction>
+
+ <saml:Audience>https://201.000.000.00/gctxyz</saml:Audience>
+
+ </saml:AudienceRestriction>
+
+ </saml:Conditions>
+
+ <saml:AuthnStatement AuthnInstant="2011-02-21T17:35:08.195Z" SessionIndex="RM9ViMLu.M-ejey1FVNCeeIBws.">
+
+ <saml:AuthnContext>
+
+ <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
+
+ </saml:AuthnContextClassRef>
+
+ </saml:AuthnContext>
+
+ </saml:AuthnStatement>
+
+ <saml:AttributeStatement xmlns:xs="http://www.w3.org/2001/XMLSchema">
+
+ <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="street">
+
+ <saml:AttributeValue xsi:type="xs:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+ asptest_street
+
+ </saml:AttributeValue>
+
+ </saml:Attribute>
+
+ <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="zipcode">
+
+ <saml:AttributeValue xsi:type="xs:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+ asptest_zipcode
+
+ </saml:AttributeValue>
+
+ </saml:Attribute>
+
+ <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="state">
+
+ <saml:AttributeValue xsi:type="xs:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+ asptest_state
+
+ </saml:AttributeValue>
+
+ </saml:Attribute>
+
+ <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="lastname">
+
+ <saml:AttributeValue xsi:type="xs:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+ asptest_lastname
+
+ </saml:AttributeValue>
+
+ </saml:Attribute>
+
+ <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="firstname">
+
+ <saml:AttributeValue xsi:type="xs:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+ asptest_firstname
+
+ </saml:AttributeValue>
+
+ </saml:Attribute>
+
+ <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="billtoid">
+
+ <saml:AttributeValue xsi:type="xs:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+ asptest_billtoid
+
+ </saml:AttributeValue>
+
+ </saml:Attribute>
+
+ <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="telephonenumber">
+
+ <saml:AttributeValue xsi:type="xs:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+ asptest_telephonenumber
+
+ </saml:AttributeValue>
+
+ </saml:Attribute>
+
+ <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="city">
+
+ <saml:AttributeValue xsi:type="xs:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+ asptest_city
+
+ </saml:AttributeValue>
+
+ </saml:Attribute>
+
+ <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="email">
+
+ <saml:AttributeValue xsi:type="xs:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+ asptest_email
+
+ </saml:AttributeValue>
+
+ </saml:Attribute>
+
+ <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="contractnumber">
+
+ <saml:AttributeValue xsi:type="xs:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+ asptest_contractnumber
+
+ </saml:AttributeValue>
+
+ </saml:Attribute>
+
+ </saml:AttributeStatement>
+
+ </saml:Assertion>
+
+</samlp:Response>
\ No newline at end of file
Added: federation/trunk/picketlink-bindings/src/test/resources/saml2/post/ping/WEB-INF/picketlink-handlers.xml
===================================================================
--- federation/trunk/picketlink-bindings/src/test/resources/saml2/post/ping/WEB-INF/picketlink-handlers.xml (rev 0)
+++ federation/trunk/picketlink-bindings/src/test/resources/saml2/post/ping/WEB-INF/picketlink-handlers.xml 2011-02-23 02:09:23 UTC (rev 766)
@@ -0,0 +1,5 @@
+<Handlers xmlns="urn:picketlink:identity-federation:handler:config:1.0">
+ <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler"/>
+ <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler"/>
+ <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler"/>
+</Handlers>
\ No newline at end of file
Property changes on: federation/trunk/picketlink-bindings/src/test/resources/saml2/post/ping/WEB-INF/picketlink-handlers.xml
___________________________________________________________________
Added: svn:executable
+ *
Added: federation/trunk/picketlink-bindings/src/test/resources/saml2/post/ping/WEB-INF/picketlink-idfed.xml
===================================================================
--- federation/trunk/picketlink-bindings/src/test/resources/saml2/post/ping/WEB-INF/picketlink-idfed.xml (rev 0)
+++ federation/trunk/picketlink-bindings/src/test/resources/saml2/post/ping/WEB-INF/picketlink-idfed.xml 2011-02-23 02:09:23 UTC (rev 766)
@@ -0,0 +1,37 @@
+<PicketLinkSP xmlns="urn:picketlink:identity-federation:config:1.0" ServerEnvironment="tomcat">
+
+ <IdentityURL>https://fedtst.company.com/idp/SSO.saml2</IdentityURL>
+
+ <ServiceURL>https://201.000.000.00/gctxyz</ServiceURL>
+ <Trust>
+
+ <Domains>localhost,jboss.com,jboss.org,fedtst.company.com,201.000.000.00</Domains>
+
+ </Trust>
+ <KeyProvider
+
+ ClassName="org.picketlink.identity.federation.core.impl.KeyStoreKeyManager">
+
+
+
+ <Auth Key="KeyStoreURL" Value="/jbid_test_keystore.jks" />
+
+ <Auth Key="KeyStorePass" Value="store123" />
+
+ <Auth Key="SigningKeyPass" Value="test123" />
+
+ <Auth Key="SigningKeyAlias" Value="servercert" />
+
+
+
+ <ValidatingAlias Key="localhost" Value="picketlink"/>
+
+ <ValidatingAlias Key="127.0.0.1" Value="picketlink"/>
+
+ <ValidatingAlias Key="fedtst.company.com" Value="test"/>
+
+ </KeyProvider>
+
+
+
+</PicketLinkSP>
\ No newline at end of file
Property changes on: federation/trunk/picketlink-bindings/src/test/resources/saml2/post/ping/WEB-INF/picketlink-idfed.xml
___________________________________________________________________
Added: svn:executable
+ *
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java 2011-02-23 02:08:28 UTC (rev 765)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java 2011-02-23 02:09:23 UTC (rev 766)
@@ -40,9 +40,10 @@
String CONFIGURATION = "CONFIGURATION";
String CONFIG_FILE_LOCATION = "/WEB-INF/picketlink-idfed.xml";
+ String DISABLE_ROLE_PICKING = "DisableRolePicking";
+
String GLOBAL_LOGOUT = "GLO";
-
String HANDLER_CONFIG_FILE_LOCATION = "/WEB-INF/picketlink-handlers.xml";
String IDENTITY_SERVER = "IDENTITY_SERVER";
@@ -58,6 +59,12 @@
String ROLES = "ROLES";
String ROLES_ID = "jboss_identity.roles";
+ /**
+ * {@link SAML2AuthenticationHandler} can be configured with a key that picks
+ * the attributes from the IDP attribute statements
+ */
+ String ROLE_KEY = "ROLE_KEY";
+
String ROLE_GENERATOR = "ROLE_GENERATOR";
String ROLE_VALIDATOR = "ROLE_VALIDATOR";
String ROLE_VALIDATOR_IGNORE = "ROLE_VALIDATOR_IGNORE";
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2011-02-23 02:08:28 UTC (rev 765)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2011-02-23 02:09:23 UTC (rev 766)
@@ -55,6 +55,7 @@
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.saml.v2.util.StatementUtil;
import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.core.util.StringUtil;
import org.picketlink.identity.federation.core.util.XMLEncryptionUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType;
@@ -510,10 +511,32 @@
{
List<String> roles = new ArrayList<String>();
+ //PLFED-141: Disable role picking from IDP response
+ if( handlerConfig.containsKey( GeneralConstants.DISABLE_ROLE_PICKING ))
+ {
+ String val = (String) handlerConfig.getParameter( GeneralConstants.DISABLE_ROLE_PICKING );
+ if( StringUtil.isNotNull(val) && "true".equalsIgnoreCase(val) )
+ return roles;
+ }
+
+ //PLFED-140: which of the attribute statements represent roles?
+ List<String> roleKeys = new ArrayList<String>();
+
+ if( handlerConfig.containsKey( GeneralConstants.ROLE_KEY ) )
+ {
+ String roleKey = (String) handlerConfig.getParameter( GeneralConstants.ROLE_KEY );
+ roleKeys.addAll( StringUtil.tokenize( roleKey ) );
+ }
+
List<ASTChoiceType> attList = attributeStatement.getAttributes();
for(ASTChoiceType obj:attList)
{
AttributeType attr = obj.getAttribute();
+ if( roleKeys.size() > 0 )
+ {
+ if( !roleKeys.contains( attr.getNameFormat() ) )
+ continue;
+ }
List<Object> attributeValues = attr.getAttributeValue();
if( attributeValues != null)
{
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/process/ServiceProviderSAMLResponseProcessor.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/process/ServiceProviderSAMLResponseProcessor.java 2011-02-23 02:08:28 UTC (rev 765)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/process/ServiceProviderSAMLResponseProcessor.java 2011-02-23 02:09:23 UTC (rev 766)
@@ -175,7 +175,9 @@
* @throws IssuerNotTrustedException
*/
private boolean verifySignature(SAMLDocumentHolder samlDocumentHolder) throws IssuerNotTrustedException
- {
+ {
+ if( keyManager == null )
+ throw new IllegalStateException( "Key Manager is null" );
Document samlResponse = samlDocumentHolder.getSamlDocument();
ResponseType response = (ResponseType) samlDocumentHolder.getSamlObject();
13 years, 2 months
Picketlink SVN: r765 - federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-02-22 21:08:28 -0500 (Tue, 22 Feb 2011)
New Revision: 765
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StringUtil.java
Log:
method to tokenize string
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StringUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StringUtil.java 2011-02-23 01:23:09 UTC (rev 764)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StringUtil.java 2011-02-23 02:08:28 UTC (rev 765)
@@ -21,7 +21,11 @@
*/
package org.picketlink.identity.federation.core.util;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.StringTokenizer;
+
/**
* Utility dealing with Strings
* @author Anil.Saldhana(a)redhat.com
@@ -67,4 +71,20 @@
}
return str;
}
+
+ /**
+ * Given a comma separated string, get the tokens as a {@link List}
+ * @param str
+ * @return
+ */
+ public static List<String> tokenize( String str )
+ {
+ List<String> list = new ArrayList<String>();
+ StringTokenizer tokenizer = new StringTokenizer(str, ",");
+ while( tokenizer.hasMoreTokens() )
+ {
+ list.add( tokenizer.nextToken() );
+ }
+ return list;
+ }
}
\ No newline at end of file
13 years, 2 months