Picketlink SVN: r764 - in federation/trunk: picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata and 2 other directories.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-02-22 20:23:09 -0500 (Tue, 22 Feb 2011)
New Revision: 764
Added:
federation/trunk/picketlink-fed-core/src/test/resources/saml2/metadata/shib.idp-metadata.xml
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntitiesDescriptorParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataParsingUnitTestCase.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/metadata/EntitiesDescriptorType.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/metadata/EntityDescriptorType.java
Log:
PLFED-139: update saml metadata parsing
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntitiesDescriptorParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntitiesDescriptorParser.java 2011-02-22 21:00:35 UTC (rev 763)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntitiesDescriptorParser.java 2011-02-23 01:23:09 UTC (rev 764)
@@ -23,6 +23,7 @@
import javax.xml.namespace.QName;
import javax.xml.stream.XMLEventReader;
+import javax.xml.stream.events.Attribute;
import javax.xml.stream.events.EndElement;
import javax.xml.stream.events.StartElement;
import javax.xml.stream.events.XMLEvent;
@@ -32,6 +33,7 @@
import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntitiesDescriptorType;
/**
@@ -50,6 +52,26 @@
EntitiesDescriptorType entitiesDescriptorType = new EntitiesDescriptorType();
+ //Parse the attributes
+ Attribute validUntil = startElement.getAttributeByName( new QName( JBossSAMLConstants.VALID_UNTIL.get() ));
+ if( validUntil != null )
+ {
+ String validUntilValue = StaxParserUtil.getAttributeValue(validUntil);
+ entitiesDescriptorType.setValidUntil( XMLTimeUtil.parse(validUntilValue));
+ }
+
+ Attribute id = startElement.getAttributeByName( new QName( JBossSAMLConstants.ID.get() ));
+ if( id != null )
+ {
+ entitiesDescriptorType.setID( StaxParserUtil.getAttributeValue(id));
+ }
+
+ Attribute cacheDuration = startElement.getAttributeByName( new QName( JBossSAMLConstants.CACHE_DURATION.get() ));
+ if( cacheDuration != null )
+ {
+ entitiesDescriptorType.setCacheDuration( XMLTimeUtil.parseAsDuration( StaxParserUtil.getAttributeValue( cacheDuration )) );
+ }
+
//Get the Child Elements
while( xmlEventReader.hasNext() )
{
@@ -67,7 +89,20 @@
{
SAMLEntityDescriptorParser entityParser = new SAMLEntityDescriptorParser();
entitiesDescriptorType.addEntityDescriptor( entityParser.parse(xmlEventReader));
- }
+ }
+ else if( JBossSAMLConstants.EXTENSIONS.get().equalsIgnoreCase( localPart ))
+ {
+ StaxParserUtil.bypassElementBlock( xmlEventReader, JBossSAMLConstants.EXTENSIONS.get() );
+ }
+ else if( JBossSAMLConstants.ENTITIES_DESCRIPTOR.get().equalsIgnoreCase( localPart ))
+ {
+ SAMLEntitiesDescriptorParser parser = new SAMLEntitiesDescriptorParser();
+ entitiesDescriptorType.addEntityDescriptor( parser.parse(xmlEventReader));
+ }
+ else if( localPart.equals( JBossSAMLConstants.SIGNATURE.get() ) )
+ {
+ entitiesDescriptorType.setSignature( StaxParserUtil.getDOMElement(xmlEventReader) );
+ }
else
throw new RuntimeException( "Unknown " + localPart );
}
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java 2011-02-22 21:00:35 UTC (rev 763)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java 2011-02-23 01:23:09 UTC (rev 764)
@@ -132,6 +132,10 @@
EDTChoiceType edtChoice = EDTChoiceType.oneValue( edtDescChoice );
entityDescriptorType.addChoiceType(edtChoice);
}
+ else if( localPart.equals( JBossSAMLConstants.SIGNATURE.get() ) )
+ {
+ entityDescriptorType.setSignature( StaxParserUtil.getDOMElement(xmlEventReader) );
+ }
else if( JBossSAMLConstants.ORGANIZATION.get().equals( localPart ))
{
OrganizationType organization = parseOrganization(xmlEventReader);
@@ -142,6 +146,10 @@
{
entityDescriptorType.addContactPerson( parseContactPerson(xmlEventReader));
}
+ else if( JBossSAMLConstants.EXTENSIONS.get().equalsIgnoreCase( localPart ))
+ {
+ StaxParserUtil.bypassElementBlock( xmlEventReader, JBossSAMLConstants.EXTENSIONS.get() );
+ }
else
throw new RuntimeException( "Unknown " + localPart );
}
@@ -243,7 +251,7 @@
}
else if( JBossSAMLConstants.EXTENSIONS.get().equalsIgnoreCase( localPart ))
{
- skipMetadataExtensions(xmlEventReader);
+ StaxParserUtil.bypassElementBlock(xmlEventReader, JBossSAMLConstants.EXTENSIONS.get() );
}
else
throw new RuntimeException( "Unknown " + localPart );
@@ -361,7 +369,7 @@
}
else if( JBossSAMLConstants.EXTENSIONS.get().equalsIgnoreCase( localPart ))
{
- skipMetadataExtensions(xmlEventReader);
+ StaxParserUtil.bypassElementBlock( xmlEventReader, JBossSAMLConstants.EXTENSIONS.get() );
}
else
throw new RuntimeException( "Unknown " + localPart );
@@ -442,6 +450,10 @@
startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
attributeAuthority.addNameIDFormat( StaxParserUtil.getElementText(xmlEventReader) );
}
+ else if( JBossSAMLConstants.EXTENSIONS.get().equalsIgnoreCase( localPart ))
+ {
+ StaxParserUtil.bypassElementBlock( xmlEventReader, JBossSAMLConstants.EXTENSIONS.get() );
+ }
else
throw new RuntimeException( "Unknown " + localPart );
@@ -489,7 +501,11 @@
LocalizedURIType localName = new LocalizedURIType( langVal );
localName.setValue( URI.create( StaxParserUtil.getElementText( xmlEventReader )));
org.addOrganizationURL( localName ) ;
- }
+ }
+ else if( JBossSAMLConstants.EXTENSIONS.get().equalsIgnoreCase( localPart ))
+ {
+ StaxParserUtil.bypassElementBlock( xmlEventReader, JBossSAMLConstants.EXTENSIONS.get() );
+ }
else
throw new RuntimeException( "Unknown " + localPart );
}
@@ -544,6 +560,10 @@
startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
contactType.addTelephone( StaxParserUtil.getElementText(xmlEventReader) );
}
+ else if( JBossSAMLConstants.EXTENSIONS.get().equalsIgnoreCase( localPart ))
+ {
+ StaxParserUtil.bypassElementBlock( xmlEventReader, JBossSAMLConstants.EXTENSIONS.get() );
+ }
else
throw new RuntimeException( "Unknown " + localPart );
}
@@ -643,7 +663,11 @@
{
RequestedAttributeType attType = parseRequestedAttributeType(xmlEventReader, startElement);
attributeConsumer.addRequestedAttribute(attType);
- }
+ }
+ else if( JBossSAMLConstants.EXTENSIONS.get().equalsIgnoreCase( localPart ))
+ {
+ StaxParserUtil.bypassElementBlock( xmlEventReader, JBossSAMLConstants.EXTENSIONS.get() );
+ }
else
throw new RuntimeException( "Unknown " + localPart );
}
@@ -671,20 +695,4 @@
SAMLParserUtil.parseAttributeType(xmlEventReader, startElement, JBossSAMLConstants.REQUESTED_ATTRIBUTE.get(), attributeType);
return attributeType;
}
-
- private void skipMetadataExtensions( XMLEventReader xmlEventReader ) throws ParsingException
- {
- //Got to skip
- String endElementVal = "bogus";
-
- EndElement endElement = null;
- do
- {
- endElement = StaxParserUtil.getNextEndElement(xmlEventReader);
- if( endElement == null )
- throw new RuntimeException( "Exhausted all end elements when entered Saml MD Extensions" );
- endElementVal = StaxParserUtil.getEndElementName(endElement);
- }
- while( !endElementVal.equals( JBossSAMLConstants.EXTENSIONS.get() ));
- }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataParsingUnitTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataParsingUnitTestCase.java 2011-02-22 21:00:35 UTC (rev 763)
+++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataParsingUnitTestCase.java 2011-02-23 01:23:09 UTC (rev 764)
@@ -106,5 +106,11 @@
EntitiesDescriptorType entities = (EntitiesDescriptorType) parser.parse(is);
assertNotNull(entities);
+
+ is = tcl.getResourceAsStream("saml2/metadata/shib.idp-metadata.xml");
+ assertNotNull("Inputstream not null", is);
+
+ EntityDescriptorType entity = (EntityDescriptorType) parser.parse(is);
+ assertNotNull( entity );
}
}
\ No newline at end of file
Added: federation/trunk/picketlink-fed-core/src/test/resources/saml2/metadata/shib.idp-metadata.xml
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/resources/saml2/metadata/shib.idp-metadata.xml (rev 0)
+++ federation/trunk/picketlink-fed-core/src/test/resources/saml2/metadata/shib.idp-metadata.xml 2011-02-23 01:23:09 UTC (rev 764)
@@ -0,0 +1,87 @@
+<EntityDescriptor entityID="https://idp-sandbox.xxxyyy.com/idp/shibboleth"
+ xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+ <IDPSSODescriptor protocolSupportEnumeration="urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
+
+ <Extensions>
+ <shibmd:Scope regexp="false">xxxyyy.com</shibmd:Scope>
+ </Extensions>
+
+ <KeyDescriptor>
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>
+....
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+
+ <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
+ Location="http://idp-sandbox.xxxyyy.com:8443/idp/profile/SAML1/SOAP/ArtifactResolution"
+ index="1"/>
+
+ <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
+ Location="http://idp-sandbox.xxxyyy.com:8443/idp/profile/SAML2/SOAP/ArtifactResolution"
+ index="2"/>
+
+ <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+ Location="http://idp-sandbox.xxxyyy.com/idp/profile/SAML2/Redirect/SLO"
+ ResponseLocation="http://idp-sandbox.xxxyyy.com/idp/profile/SAML2/Redirect/SLO"/>
+
+ <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+ Location="http://idp-sandbox.xxxyyy.com/idp/profile/SAML2/POST/SLO"
+ ResponseLocation="http://idp-sandbox.xxxyyy.com/idp/profile/SAML2/POST/SLO"/>
+
+ <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
+ Location="http://idp-sandbox.xxxyyy.com:8443/idp/profile/SAML2/SOAP/SLO" />
+
+ <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
+ <!-- <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat> -->
+
+ <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
+ Location="http://idp-sandbox.xxxyyy.com/idp/profile/Shibboleth/SSO" />
+
+ <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+ Location="http://idp-sandbox.xxxyyy.com/idp/profile/SAML2/POST/SSO" />
+
+ <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
+ Location="http://idp-sandbox.xxxyyy.com/idp/profile/SAML2/POST-SimpleSign/SSO" />
+
+ <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+ Location="http://idp-sandbox.xxxyyy.com/idp/profile/SAML2/Redirect/SSO" />
+ </IDPSSODescriptor>
+
+ <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
+
+ <Extensions>
+ <shibmd:Scope regexp="false">xxxyyy.com</shibmd:Scope>
+ </Extensions>
+
+ <KeyDescriptor>
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>
+....
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+
+ <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
+ Location="http://idp-sandbox.xxxyyy.com:8443/idp/profile/SAML1/SOAP/AttributeQuery" />
+
+ <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
+ Location="http://idp-sandbox.xxxyyy.com:8443/idp/profile/SAML2/SOAP/AttributeQuery" />
+
+ <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
+ <!--<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat> -->
+
+ </AttributeAuthorityDescriptor>
+
+</EntityDescriptor>
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/metadata/EntitiesDescriptorType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/metadata/EntitiesDescriptorType.java 2011-02-22 21:00:35 UTC (rev 763)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/metadata/EntitiesDescriptorType.java 2011-02-23 01:23:09 UTC (rev 764)
@@ -7,7 +7,7 @@
import javax.xml.datatype.Duration;
import javax.xml.datatype.XMLGregorianCalendar;
-import org.picketlink.identity.xmlsec.w3.xmldsig.SignatureType;
+import org.w3c.dom.Element;
/**
@@ -40,7 +40,7 @@
*/
public class EntitiesDescriptorType
{
- protected SignatureType signature;
+ protected Element signature;
protected ExtensionsType extensions;
protected List<Object> entityDescriptor = new ArrayList<Object>();
@@ -54,10 +54,10 @@
*
* @return
* possible object is
- * {@link SignatureType }
+ * {@link Element }
*
*/
- public SignatureType getSignature()
+ public Element getSignature()
{
return signature;
}
@@ -67,10 +67,10 @@
*
* @param value
* allowed object is
- * {@link SignatureType }
+ * {@link Element }
*
*/
- public void setSignature(SignatureType value)
+ public void setSignature(Element value)
{
this.signature = value;
}
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/metadata/EntityDescriptorType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/metadata/EntityDescriptorType.java 2011-02-22 21:00:35 UTC (rev 763)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/metadata/EntityDescriptorType.java 2011-02-23 01:23:09 UTC (rev 764)
@@ -7,7 +7,7 @@
import javax.xml.datatype.Duration;
import javax.xml.datatype.XMLGregorianCalendar;
-import org.picketlink.identity.xmlsec.w3.xmldsig.SignatureType;
+import org.w3c.dom.Element;
/**
@@ -143,7 +143,7 @@
}
}
- protected SignatureType signature;
+ protected Element signature;
protected ExtensionsType extensions;
protected List<EDTChoiceType> choiceType = new ArrayList<EntityDescriptorType.EDTChoiceType>();
@@ -172,10 +172,10 @@
*
* @return
* possible object is
- * {@link SignatureType }
+ * {@link Element }
*
*/
- public SignatureType getSignature() {
+ public Element getSignature() {
return signature;
}
@@ -184,10 +184,10 @@
*
* @param value
* allowed object is
- * {@link SignatureType }
+ * {@link Element }
*
*/
- public void setSignature(SignatureType value) {
+ public void setSignature( Element value) {
this.signature = value;
}
13 years, 1 month
Picketlink SVN: r763 - in federation/trunk/picketlink-fed-core/src: main/java/org/picketlink/identity/federation/core/saml/v2/constants and 2 other directories.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-02-22 16:00:35 -0500 (Tue, 22 Feb 2011)
New Revision: 763
Added:
federation/trunk/picketlink-fed-core/src/test/resources/saml2/metadata/testshib.org.idp-metadata.xml
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataParsingUnitTestCase.java
Log:
PLFED-139: handle the optional SAML metadata extensions
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java 2011-02-22 20:07:48 UTC (rev 762)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java 2011-02-22 21:00:35 UTC (rev 763)
@@ -241,6 +241,10 @@
keyDescriptor.setKeyInfo(key);
spSSODescriptor.addKeyDescriptor(keyDescriptor);
}
+ else if( JBossSAMLConstants.EXTENSIONS.get().equalsIgnoreCase( localPart ))
+ {
+ skipMetadataExtensions(xmlEventReader);
+ }
else
throw new RuntimeException( "Unknown " + localPart );
}
@@ -346,13 +350,20 @@
{
KeyDescriptorType keyDescriptor = new KeyDescriptorType();
String use = StaxParserUtil.getAttributeValue(startElement, "use" );
- keyDescriptor.setUse( KeyTypes.fromValue(use) );
+ if( use != null && !use.isEmpty())
+ {
+ keyDescriptor.setUse( KeyTypes.fromValue(use) );
+ }
Element key = StaxParserUtil.getDOMElement(xmlEventReader);
keyDescriptor.setKeyInfo(key);
idpSSODescriptor.addKeyDescriptor(keyDescriptor);
}
- else
+ else if( JBossSAMLConstants.EXTENSIONS.get().equalsIgnoreCase( localPart ))
+ {
+ skipMetadataExtensions(xmlEventReader);
+ }
+ else
throw new RuntimeException( "Unknown " + localPart );
}
return idpSSODescriptor;
@@ -660,4 +671,20 @@
SAMLParserUtil.parseAttributeType(xmlEventReader, startElement, JBossSAMLConstants.REQUESTED_ATTRIBUTE.get(), attributeType);
return attributeType;
}
+
+ private void skipMetadataExtensions( XMLEventReader xmlEventReader ) throws ParsingException
+ {
+ //Got to skip
+ String endElementVal = "bogus";
+
+ EndElement endElement = null;
+ do
+ {
+ endElement = StaxParserUtil.getNextEndElement(xmlEventReader);
+ if( endElement == null )
+ throw new RuntimeException( "Exhausted all end elements when entered Saml MD Extensions" );
+ endElementVal = StaxParserUtil.getEndElementName(endElement);
+ }
+ while( !endElementVal.equals( JBossSAMLConstants.EXTENSIONS.get() ));
+ }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java 2011-02-22 20:07:48 UTC (rev 762)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java 2011-02-22 21:00:35 UTC (rev 763)
@@ -66,6 +66,7 @@
ENTITY_ID( "entityID" ),
ENTITY_DESCRIPTOR( "EntityDescriptor" ),
ENTITIES_DESCRIPTOR( "EntitiesDescriptor" ),
+ EXTENSIONS( "Extensions" ),
FORMAT( "Format" ),
FRIENDLY_NAME( "FriendlyName" ),
GIVEN_NAME( "GivenName" ),
Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataParsingUnitTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataParsingUnitTestCase.java 2011-02-22 20:07:48 UTC (rev 762)
+++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataParsingUnitTestCase.java 2011-02-22 21:00:35 UTC (rev 763)
@@ -90,4 +90,21 @@
assertEquals( "SAML SP Support", contactPersons.get(0).getSurName() );
assertEquals( "mailto:saml-support@sp.example.com", contactPersons.get(0).getEmailAddress().get(0) );
}
+
+ /**
+ * PLFED-39
+ * @throws Exception
+ */
+ @Test
+ public void testShibbolethMetadataExtensions() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream is =
+ tcl.getResourceAsStream("saml2/metadata/testshib.org.idp-metadata.xml");
+ assertNotNull("Inputstream not null", is);
+ SAMLParser parser = new SAMLParser();
+
+ EntitiesDescriptorType entities = (EntitiesDescriptorType) parser.parse(is);
+ assertNotNull(entities);
+ }
}
\ No newline at end of file
Added: federation/trunk/picketlink-fed-core/src/test/resources/saml2/metadata/testshib.org.idp-metadata.xml
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/resources/saml2/metadata/testshib.org.idp-metadata.xml (rev 0)
+++ federation/trunk/picketlink-fed-core/src/test/resources/saml2/metadata/testshib.org.idp-metadata.xml 2011-02-22 21:00:35 UTC (rev 763)
@@ -0,0 +1,234 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EntitiesDescriptor Name="urn:mace:shibboleth:testshib:two"
+ xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <EntityDescriptor entityID="https://idp.testshib.org/idp/shibboleth">
+ <IDPSSODescriptor
+ protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:2.0:protocol">
+ <Extensions>
+ <shibmd:Scope regexp="false">testshib.org</shibmd:Scope>
+ </Extensions>
+ <KeyDescriptor>
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>MIIEDjCCAvagAwIBAgIBADANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJVUzEV
+ MBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYDVQQHEwpQaXR0c2J1cmdoMREwDwYD
+ VQQKEwhUZXN0U2hpYjEZMBcGA1UEAxMQaWRwLnRlc3RzaGliLm9yZzAeFw0wNjA4
+ MzAyMTEyMjVaFw0xNjA4MjcyMTEyMjVaMGcxCzAJBgNVBAYTAlVTMRUwEwYDVQQI
+ EwxQZW5uc3lsdmFuaWExEzARBgNVBAcTClBpdHRzYnVyZ2gxETAPBgNVBAoTCFRl
+ c3RTaGliMRkwFwYDVQQDExBpZHAudGVzdHNoaWIub3JnMIIBIjANBgkqhkiG9w0B
+ AQEFAAOCAQ8AMIIBCgKCAQEArYkCGuTmJp9eAOSGHwRJo1SNatB5ZOKqDM9ysg7C
+ yVTDClcpu93gSP10nH4gkCZOlnESNgttg0r+MqL8tfJC6ybddEFB3YBo8PZajKSe
+ 3OQ01Ow3yT4I+Wdg1tsTpSge9gEz7SrC07EkYmHuPtd71CHiUaCWDv+xVfUQX0aT
+ NPFmDixzUjoYzbGDrtAyCqA8f9CN2txIfJnpHE6q6CmKcoLADS4UrNPlhHSzd614
+ kR/JYiks0K4kbRqCQF0Dv0P5Di+rEfefC6glV8ysC8dB5/9nb0yh/ojRuJGmgMWH
+ gWk6h0ihjihqiu4jACovUZ7vVOCgSE5Ipn7OIwqd93zp2wIDAQABo4HEMIHBMB0G
+ A1UdDgQWBBSsBQ869nh83KqZr5jArr4/7b+QazCBkQYDVR0jBIGJMIGGgBSsBQ86
+ 9nh83KqZr5jArr4/7b+Qa6FrpGkwZzELMAkGA1UEBhMCVVMxFTATBgNVBAgTDFBl
+ bm5zeWx2YW5pYTETMBEGA1UEBxMKUGl0dHNidXJnaDERMA8GA1UEChMIVGVzdFNo
+ aWIxGTAXBgNVBAMTEGlkcC50ZXN0c2hpYi5vcmeCAQAwDAYDVR0TBAUwAwEB/zAN
+ BgkqhkiG9w0BAQUFAAOCAQEAjR29PhrCbk8qLN5MFfSVk98t3CT9jHZoYxd8QMRL
+ I4j7iYQxXiGJTT1FXs1nd4Rha9un+LqTfeMMYqISdDDI6tv8iNpkOAvZZUosVkUo
+ 93pv1T0RPz35hcHHYq2yee59HJOco2bFlcsH8JBXRSRrJ3Q7Eut+z9uo80JdGNJ4
+ /SJy5UorZ8KazGj16lfJhOBXldgrhppQBb0Nq6HKHguqmwRfJ+WkxemZXzhediAj
+ Geka8nz8JjwxpUjAiSWYKLtJhGEaTqCYxCCX2Dw+dOTqUzHOZ7WKv4JXPK5G/Uhr
+ 8K/qhmFT2nIQi538n6rVYLeWj8Bbnl+ev0peYzxFyF5sQA==
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+ <ArtifactResolutionService
+ Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
+ Location="https://idp.testshib.org:8443/idp/profile/SAML1/SOAP/ArtifactResolution"
+ index="1" />
+ <ArtifactResolutionService
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
+ Location="https://idp.testshib.org:8443/idp/profile/SAML2/SOAP/ArtifactResolution"
+ index="2" />
+ <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+ </NameIDFormat>
+ <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
+ Location="https://idp.testshib.org/idp/profile/Shibboleth/SSO" />
+ <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+ Location="https://idp.testshib.org/idp/profile/SAML2/POST/SSO" />
+ <SingleSignOnService
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+ Location="https://idp.testshib.org/idp/profile/SAML2/Redirect/SSO" />
+ </IDPSSODescriptor>
+ <AttributeAuthorityDescriptor
+ protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
+ <KeyDescriptor>
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>MIIEKjCCAxKgAwIBAgIJAIgUuHL4QvkYMA0GCSqGSIb3DQEBBQUAMGsxCzAJBgNV
+ BAYTAkdCMRIwEAYDVQQIEwlCZXJrc2hpcmUxEDAOBgNVBAcTB05ld2J1cnkxFzAV
+ BgNVBAoTDk15IENvbXBhbnkgTHRkMR0wGwYDVQQDExRpZHAudHdvLnRlc3RzaGli
+ Lm9yZzAeFw0wNzEyMTcxOTE4NDFaFw0xNzEyMTQxOTE4NDFaMGsxCzAJBgNVBAYT
+ AkdCMRIwEAYDVQQIEwlCZXJrc2hpcmUxEDAOBgNVBAcTB05ld2J1cnkxFzAVBgNV
+ BAoTDk15IENvbXBhbnkgTHRkMR0wGwYDVQQDExRpZHAudHdvLnRlc3RzaGliLm9y
+ ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK2JAhrk5iafXgDkhh8E
+ SaNUjWrQeWTiqgzPcrIOwslUwwpXKbvd4Ej9dJx+IJAmTpZxEjYLbYNK/jKi/LXy
+ Qusm3XRBQd2AaPD2WoykntzkNNTsN8k+CPlnYNbbE6UoHvYBM+0qwtOxJGJh7j7X
+ e9Qh4lGglg7/sVX1EF9GkzTxZg4sc1I6GM2xg67QMgqgPH/QjdrcSHyZ6RxOqugp
+ inKCwA0uFKzT5YR0s3eteJEfyWIpLNCuJG0agkBdA79D+Q4vqxH3nwuoJVfMrAvH
+ Qef/Z29Mof6I0biRpoDFh4FpOodIoY4oaoruIwAqL1Ge71TgoEhOSKZ+ziMKnfd8
+ 6dsCAwEAAaOB0DCBzTAdBgNVHQ4EFgQUrAUPOvZ4fNyqma+YwK6+P+2/kGswgZ0G
+ A1UdIwSBlTCBkoAUrAUPOvZ4fNyqma+YwK6+P+2/kGuhb6RtMGsxCzAJBgNVBAYT
+ AkdCMRIwEAYDVQQIEwlCZXJrc2hpcmUxEDAOBgNVBAcTB05ld2J1cnkxFzAVBgNV
+ BAoTDk15IENvbXBhbnkgTHRkMR0wGwYDVQQDExRpZHAudHdvLnRlc3RzaGliLm9y
+ Z4IJAIgUuHL4QvkYMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAEti
+ KJki8WO2wGhpJc3oIAF7V0CYBR3303S37iqSodabyN/2nxFXTqd+ZSAdfe+14E/G
+ dyC9Dtbq4VL2lF0fbaNarCzfhMD7DExSANFkOPFk/lz54ccFdfIRHRVeLHvEtGAI
+ UTK+qEqaEl1vjZVKmvNSdDet06EQ+MGZf1MnW6jid4AMrSdboDHFW34qet+tr9gf
+ 5k6bZx6oIiOILgXWHk7hK1ZuxK5w0bpbktNIfO35HoQSPBx6u6wuxt4yN/m6QLiq
+ nGEzsHlzsPFv1Iw+ccdALcqR0zor7GEJrKmp4Gcb/zH3oy1rQNZHUlz29emJhS/1
+ q1og9SGCUU2yRL1tC+Y=</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+ <KeyDescriptor>
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>MIIEDjCCAvagAwIBAgIBADANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJVUzEV
+ MBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYDVQQHEwpQaXR0c2J1cmdoMREwDwYD
+ VQQKEwhUZXN0U2hpYjEZMBcGA1UEAxMQaWRwLnRlc3RzaGliLm9yZzAeFw0wNjA4
+ MzAyMTEyMjVaFw0xNjA4MjcyMTEyMjVaMGcxCzAJBgNVBAYTAlVTMRUwEwYDVQQI
+ EwxQZW5uc3lsdmFuaWExEzARBgNVBAcTClBpdHRzYnVyZ2gxETAPBgNVBAoTCFRl
+ c3RTaGliMRkwFwYDVQQDExBpZHAudGVzdHNoaWIub3JnMIIBIjANBgkqhkiG9w0B
+ AQEFAAOCAQ8AMIIBCgKCAQEArYkCGuTmJp9eAOSGHwRJo1SNatB5ZOKqDM9ysg7C
+ yVTDClcpu93gSP10nH4gkCZOlnESNgttg0r+MqL8tfJC6ybddEFB3YBo8PZajKSe
+ 3OQ01Ow3yT4I+Wdg1tsTpSge9gEz7SrC07EkYmHuPtd71CHiUaCWDv+xVfUQX0aT
+ NPFmDixzUjoYzbGDrtAyCqA8f9CN2txIfJnpHE6q6CmKcoLADS4UrNPlhHSzd614
+ kR/JYiks0K4kbRqCQF0Dv0P5Di+rEfefC6glV8ysC8dB5/9nb0yh/ojRuJGmgMWH
+ gWk6h0ihjihqiu4jACovUZ7vVOCgSE5Ipn7OIwqd93zp2wIDAQABo4HEMIHBMB0G
+ A1UdDgQWBBSsBQ869nh83KqZr5jArr4/7b+QazCBkQYDVR0jBIGJMIGGgBSsBQ86
+ 9nh83KqZr5jArr4/7b+Qa6FrpGkwZzELMAkGA1UEBhMCVVMxFTATBgNVBAgTDFBl
+ bm5zeWx2YW5pYTETMBEGA1UEBxMKUGl0dHNidXJnaDERMA8GA1UEChMIVGVzdFNo
+ aWIxGTAXBgNVBAMTEGlkcC50ZXN0c2hpYi5vcmeCAQAwDAYDVR0TBAUwAwEB/zAN
+ BgkqhkiG9w0BAQUFAAOCAQEAjR29PhrCbk8qLN5MFfSVk98t3CT9jHZoYxd8QMRL
+ I4j7iYQxXiGJTT1FXs1nd4Rha9un+LqTfeMMYqISdDDI6tv8iNpkOAvZZUosVkUo
+ 93pv1T0RPz35hcHHYq2yee59HJOco2bFlcsH8JBXRSRrJ3Q7Eut+z9uo80JdGNJ4
+ /SJy5UorZ8KazGj16lfJhOBXldgrhppQBb0Nq6HKHguqmwRfJ+WkxemZXzhediAj
+ Geka8nz8JjwxpUjAiSWYKLtJhGEaTqCYxCCX2Dw+dOTqUzHOZ7WKv4JXPK5G/Uhr
+ 8K/qhmFT2nIQi538n6rVYLeWj8Bbnl+ev0peYzxFyF5sQA==
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+ <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
+ Location="https://idp.testshib.org:8443/idp/profile/SAML1/SOAP/AttributeQuery" />
+ <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
+ Location="https://idp.testshib.org:8443/idp/profile/SAML2/SOAP/AttributeQuery" />
+ <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+ </NameIDFormat>
+ </AttributeAuthorityDescriptor>
+ <Organization>
+ <OrganizationName xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+ xml:lang="en">TestShib Two Identity Provider</OrganizationName>
+ <OrganizationDisplayName xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+ xml:lang="en">TestShib Two</OrganizationDisplayName>
+ <OrganizationURL xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+ xml:lang="en">http://www.testshib.org/testshib-two/</OrganizationURL>
+ </Organization>
+ <ContactPerson contactType="technical">
+ <GivenName>Nate</GivenName>
+ <SurName>Klingenstein</SurName>
+ <EmailAddress>ndk(a)internet2.edu</EmailAddress>
+ </ContactPerson>
+ </EntityDescriptor>
+ <EntityDescriptor entityID="https://sp.testshib.org/shibboleth-sp">
+ <SPSSODescriptor
+ protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol http://schemas.xmlsoap.org/ws/2003/07/secext">
+ <Extensions>
+ <idpdisc:DiscoveryResponse
+ Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"
+ Location="https://sp.testshib.org/Shibboleth.sso/DS" index="1"
+ xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" />
+ </Extensions>
+ <KeyDescriptor>
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>MIIEPjCCAyagAwIBAgIBADANBgkqhkiG9w0BAQUFADB3MQswCQYDVQQGEwJVUzEV
+ MBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYDVQQHEwpQaXR0c2J1cmdoMSIwIAYD
+ VQQKExlUZXN0U2hpYiBTZXJ2aWNlIFByb3ZpZGVyMRgwFgYDVQQDEw9zcC50ZXN0
+ c2hpYi5vcmcwHhcNMDYwODMwMjEyNDM5WhcNMTYwODI3MjEyNDM5WjB3MQswCQYD
+ VQQGEwJVUzEVMBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYDVQQHEwpQaXR0c2J1
+ cmdoMSIwIAYDVQQKExlUZXN0U2hpYiBTZXJ2aWNlIFByb3ZpZGVyMRgwFgYDVQQD
+ Ew9zcC50ZXN0c2hpYi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+ AQDJyR6ZP6MXkQ9z6RRziT0AuCabDd3x1m7nLO9ZRPbr0v1LsU+nnC363jO8nGEq
+ sqkgiZ/bSsO5lvjEt4ehff57ERio2Qk9cYw8XCgmYccVXKH9M+QVO1MQwErNobWb
+ AjiVkuhWcwLWQwTDBowfKXI87SA7KR7sFUymNx5z1aoRvk3GM++tiPY6u4shy8c7
+ vpWbVfisfTfvef/y+galxjPUQYHmegu7vCbjYP3On0V7/Ivzr+r2aPhp8egxt00Q
+ XpilNai12LBYV3Nv/lMsUzBeB7+CdXRVjZOHGuQ8mGqEbsj8MBXvcxIKbcpeK5Zi
+ JCVXPfarzuriM1G5y5QkKW+LAgMBAAGjgdQwgdEwHQYDVR0OBBYEFKB6wPDxwYrY
+ StNjU5P4b4AjBVQVMIGhBgNVHSMEgZkwgZaAFKB6wPDxwYrYStNjU5P4b4AjBVQV
+ oXukeTB3MQswCQYDVQQGEwJVUzEVMBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYD
+ VQQHEwpQaXR0c2J1cmdoMSIwIAYDVQQKExlUZXN0U2hpYiBTZXJ2aWNlIFByb3Zp
+ ZGVyMRgwFgYDVQQDEw9zcC50ZXN0c2hpYi5vcmeCAQAwDAYDVR0TBAUwAwEB/zAN
+ BgkqhkiG9w0BAQUFAAOCAQEAc06Kgt7ZP6g2TIZgMbFxg6vKwvDL0+2dzF11Onpl
+ 5sbtkPaNIcj24lQ4vajCrrGKdzHXo9m54BzrdRJ7xDYtw0dbu37l1IZVmiZr12eE
+ Iay/5YMU+aWP1z70h867ZQ7/7Y4HW345rdiS6EW663oH732wSYNt9kr7/0Uer3KD
+ 9CuPuOidBacospDaFyfsaJruE99Kd6Eu/w5KLAGG+m0iqENCziDGzVA47TngKz2v
+ PVA+aokoOyoz3b53qeti77ijatSEoKjxheBWpO+eoJeGq/e49Um3M2ogIX/JAlMa
+ Inh+vYSYngQB2sx9LGkR9KHaMKNIGCDehk93Xla4pWJx1w==
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+ <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
+ Location="https://sp.testshib.org/Shibboleth.sso/SLO/SOAP" />
+ <SingleLogoutService
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+ Location="https://sp.testshib.org/Shibboleth.sso/SLO/Redirect" />
+ <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+ Location="https://sp.testshib.org/Shibboleth.sso/SLO/POST" />
+ <SingleLogoutService
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
+ Location="https://sp.testshib.org/Shibboleth.sso/SLO/Artifact" />
+ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+ </NameIDFormat>
+ <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+ <AssertionConsumerService
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://sp.testshib.org/Shibboleth.sso/SAML2/POST"
+ index="1" isDefault="true" />
+ <AssertionConsumerService
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
+ Location="https://sp.testshib.org/Shibboleth.sso/SAML2/POST-SimpleSign"
+ index="2" />
+ <AssertionConsumerService
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
+ Location="https://sp.testshib.org/Shibboleth.sso/SAML2/Artifact"
+ index="3" />
+ <AssertionConsumerService
+ Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
+ Location="https://sp.testshib.org/Shibboleth.sso/SAML/POST" index="4" />
+ <AssertionConsumerService
+ Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://sp.testshib.org/Shibboleth.sso/SAML/Artifact"
+ index="5" />
+ <AssertionConsumerService
+ Binding="http://schemas.xmlsoap.org/ws/2003/07/secext" Location="https://sp.testshib.org/Shibboleth.sso/ADFS"
+ index="6" />
+ <AssertionConsumerService
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.testshib.org/Shibboleth.sso/SAML2/POST"
+ index="7" />
+ <AssertionConsumerService
+ Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
+ Location="https://www.testshib.org/Shibboleth.sso/SAML/POST" index="8" />
+ </SPSSODescriptor>
+ <Organization>
+ <OrganizationName xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+ xml:lang="en">TestShib Two Service Provider</OrganizationName>
+ <OrganizationDisplayName xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+ xml:lang="en">TestShib Two</OrganizationDisplayName>
+ <OrganizationURL xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+ xml:lang="en">http://www.testshib.org/testshib-two/</OrganizationURL>
+ </Organization>
+ <ContactPerson contactType="technical">
+ <GivenName>Nate</GivenName>
+ <SurName>Klingenstein</SurName>
+ <EmailAddress>ndk(a)internet2.edu</EmailAddress>
+ </ContactPerson>
+ </EntityDescriptor>
+</EntitiesDescriptor>
\ No newline at end of file
13 years, 1 month
Picketlink SVN: r762 - integration-tests/trunk/picketlink-sts-tests.
by picketlink-commits@lists.jboss.org
Author: sguilhen(a)redhat.com
Date: 2011-02-22 15:07:48 -0500 (Tue, 22 Feb 2011)
New Revision: 762
Modified:
integration-tests/trunk/picketlink-sts-tests/pom.xml
Log:
Fixed maven deps to avoid bringing all AS client deps
Modified: integration-tests/trunk/picketlink-sts-tests/pom.xml
===================================================================
--- integration-tests/trunk/picketlink-sts-tests/pom.xml 2011-02-22 18:33:51 UTC (rev 761)
+++ integration-tests/trunk/picketlink-sts-tests/pom.xml 2011-02-22 20:07:48 UTC (rev 762)
@@ -132,13 +132,6 @@
<scope>test</scope>
</dependency>
<dependency>
- <groupId>org.jboss.jbossas</groupId>
- <artifactId>jboss-as-client</artifactId>
- <version>5.1.0.GA</version>
- <type>pom</type>
- <scope>test</scope>
- </dependency>
- <!--dependency>
<groupId>org.jboss.security</groupId>
<artifactId>jbosssx-client</artifactId>
<version>2.0.4.SP6</version>
@@ -150,8 +143,15 @@
<classifier>jmx-invoker-adaptor-client</classifier>
<version>5.1.0.GA</version>
<scope>test</scope>
- </dependency-->
+ </dependency>
<dependency>
+ <groupId>org.jboss.jbossas</groupId>
+ <artifactId>jboss-as-server</artifactId>
+ <classifier>client</classifier>
+ <version>5.1.0.GA</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
13 years, 1 month
Picketlink SVN: r761 - federation/trunk/picketlink-webapps/assembly.
by picketlink-commits@lists.jboss.org
Author: sguilhen(a)redhat.com
Date: 2011-02-22 13:33:51 -0500 (Tue, 22 Feb 2011)
New Revision: 761
Modified:
federation/trunk/picketlink-webapps/assembly/bin.xml
Log:
PLFED-132: Added missing file to bin.xml
Modified: federation/trunk/picketlink-webapps/assembly/bin.xml
===================================================================
--- federation/trunk/picketlink-webapps/assembly/bin.xml 2011-02-22 18:12:15 UTC (rev 760)
+++ federation/trunk/picketlink-webapps/assembly/bin.xml 2011-02-22 18:33:51 UTC (rev 761)
@@ -69,5 +69,10 @@
<outputDirectory>picketlink</outputDirectory>
<fileMode>0444</fileMode>
</file>
+ <file>
+ <source>${basedir}/src/main/resources/picketlink-sts-jboss-beans.xml</source>
+ <outputDirectory>picketlink</outputDirectory>
+ <fileMode>0444</fileMode>
+ </file>
</files>
</assembly>
13 years, 1 month
Picketlink SVN: r760 - in integration-tests/trunk/picketlink-sts-tests: src/test/java/org/picketlink/test/integration/sts and 1 other directories.
by picketlink-commits@lists.jboss.org
Author: sguilhen(a)redhat.com
Date: 2011-02-22 13:12:15 -0500 (Tue, 22 Feb 2011)
New Revision: 760
Added:
integration-tests/trunk/picketlink-sts-tests/src/test/java/org/picketlink/test/integration/sts/CacheInvalidationUnitTestCase.java
integration-tests/trunk/picketlink-sts-tests/src/test/resources/sts-config.properties
Modified:
integration-tests/trunk/picketlink-sts-tests/.classpath
integration-tests/trunk/picketlink-sts-tests/ant-build.xml
integration-tests/trunk/picketlink-sts-tests/pom.xml
Log:
PLFED-132: Added CacheInvalidationUnitTestCase
Modified: integration-tests/trunk/picketlink-sts-tests/.classpath
===================================================================
--- integration-tests/trunk/picketlink-sts-tests/.classpath 2011-02-22 18:10:31 UTC (rev 759)
+++ integration-tests/trunk/picketlink-sts-tests/.classpath 2011-02-22 18:12:15 UTC (rev 760)
@@ -1,17 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
<classpath>
- <classpathentry kind="src" path="src/test/java" output="target/test-classes" including="**/*.java"/>
- <classpathentry kind="src" path="src/test/resources" output="target/test-classes" excluding="**/*.java"/>
- <classpathentry kind="output" path="target/classes"/>
- <classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.3/servlet-api-2.3.jar" sourcepath="M2_REPO/javax/servlet/servlet-api/2.3/servlet-api-2.3-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/ant/ant/1.5/ant-1.5.jar"/>
- <classpathentry kind="var" path="M2_REPO/ant-contrib/ant-contrib/1.0b2/ant-contrib-1.0b2.jar" sourcepath="M2_REPO/ant-contrib/ant-contrib/1.0b2/ant-contrib-1.0b2-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/httpunit/httpunit/1.7/httpunit-1.7.jar" sourcepath="M2_REPO/httpunit/httpunit/1.7/httpunit-1.7-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/rhino/js/1.6R7/js-1.6R7.jar"/>
- <classpathentry kind="var" path="M2_REPO/jtidy/jtidy/4aug2000r7-dev/jtidy-4aug2000r7-dev.jar" sourcepath="M2_REPO/jtidy/jtidy/4aug2000r7-dev/jtidy-4aug2000r7-dev-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/junit/junit/4.4/junit-4.4.jar" sourcepath="M2_REPO/junit/junit/4.4/junit-4.4-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar" sourcepath="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/nekohtml/nekohtml/1.9.12/nekohtml-1.9.12.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-fed/2.0.0-SNAPSHOT/picketlink-fed-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-fed/2.0.0-SNAPSHOT/picketlink-fed-2.0.0-SNAPSHOT-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-xerces/xercesImpl/2.9.1/xercesImpl-2.9.1.jar"/>
- <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
-</classpath>
\ No newline at end of file
+ <classpathentry including="**/*.java" kind="src" output="target/test-classes" path="src/test/java"/>
+ <classpathentry excluding="**/*.java" kind="src" output="target/test-classes" path="src/test/resources"/>
+ <classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.3/servlet-api-2.3.jar" sourcepath="M2_REPO/javax/servlet/servlet-api/2.3/servlet-api-2.3-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/ant/ant/1.5/ant-1.5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/ant-contrib/ant-contrib/1.0b2/ant-contrib-1.0b2.jar" sourcepath="M2_REPO/ant-contrib/ant-contrib/1.0b2/ant-contrib-1.0b2-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/httpunit/httpunit/1.7/httpunit-1.7.jar" sourcepath="M2_REPO/httpunit/httpunit/1.7/httpunit-1.7-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/rhino/js/1.6R7/js-1.6R7.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jtidy/jtidy/4aug2000r7-dev/jtidy-4aug2000r7-dev.jar" sourcepath="M2_REPO/jtidy/jtidy/4aug2000r7-dev/jtidy-4aug2000r7-dev-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/junit/junit/4.4/junit-4.4.jar" sourcepath="M2_REPO/junit/junit/4.4/junit-4.4-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar" sourcepath="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/nekohtml/nekohtml/1.9.12/nekohtml-1.9.12.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-fed/2.0.0-SNAPSHOT/picketlink-fed-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-fed/2.0.0-SNAPSHOT/picketlink-fed-2.0.0-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-xerces/xercesImpl/2.9.1/xercesImpl-2.9.1.jar"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/jbossas/jboss-as-client/5.1.0.GA/jboss-as-client-5.1.0.GA.pom"/>
+ <classpathentry kind="lib" path="/opt/workspace-picketlink/integration-tests-trunk/picketlink-sts-tests/target/jboss-5.1.0.GA/client/jbossall-client.jar"/>
+ <classpathentry kind="output" path="target/classes"/>
+</classpath>
Modified: integration-tests/trunk/picketlink-sts-tests/ant-build.xml
===================================================================
--- integration-tests/trunk/picketlink-sts-tests/ant-build.xml 2011-02-22 18:10:31 UTC (rev 759)
+++ integration-tests/trunk/picketlink-sts-tests/ant-build.xml 2011-02-22 18:12:15 UTC (rev 760)
@@ -19,6 +19,8 @@
<copy file="${localRepository}/org/picketlink/picketlink-fed/${version}/picketlink-fed-${version}.jar" todir="${JBAS_DEPLOY}/picketlink"/>
<unzip src="${localRepository}/org/picketlink/picketlink-fed-webapps-assembly/${version}/picketlink-fed-webapps-assembly-${version}.zip"
dest="${JBAS_DEPLOY}"/>
+ <!-- the following props file needs to be copied to JBAS conf and is used by the cache invalidation test -->
+ <copy file="${basedir}/src/test/resources/sts-config.properties" todir="${JBAS_DEPLOY}/../conf/"/>
<chmod file="${basedir}/target/jboss-5.1.0.GA/bin/run.sh" perm="700"/>
</target>
@@ -26,7 +28,7 @@
<echo>Starting Local 8080</echo>
<exec executable="${basedir}/target/jboss-5.1.0.GA/bin/run.sh"
osfamily="unix" spawn="true" />
- <waitfor maxwait="1" maxwaitunit="minute"
+ <waitfor maxwait="2" maxwaitunit="minute"
checkevery="100" checkeveryunit="millisecond">
<http url="http://localhost:8080" />
</waitfor>
Modified: integration-tests/trunk/picketlink-sts-tests/pom.xml
===================================================================
--- integration-tests/trunk/picketlink-sts-tests/pom.xml 2011-02-22 18:10:31 UTC (rev 759)
+++ integration-tests/trunk/picketlink-sts-tests/pom.xml 2011-02-22 18:12:15 UTC (rev 760)
@@ -132,6 +132,26 @@
<scope>test</scope>
</dependency>
<dependency>
+ <groupId>org.jboss.jbossas</groupId>
+ <artifactId>jboss-as-client</artifactId>
+ <version>5.1.0.GA</version>
+ <type>pom</type>
+ <scope>test</scope>
+ </dependency>
+ <!--dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jbosssx-client</artifactId>
+ <version>2.0.4.SP6</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.jbossas</groupId>
+ <artifactId>jboss-as-server</artifactId>
+ <classifier>jmx-invoker-adaptor-client</classifier>
+ <version>5.1.0.GA</version>
+ <scope>test</scope>
+ </dependency-->
+ <dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
Added: integration-tests/trunk/picketlink-sts-tests/src/test/java/org/picketlink/test/integration/sts/CacheInvalidationUnitTestCase.java
===================================================================
--- integration-tests/trunk/picketlink-sts-tests/src/test/java/org/picketlink/test/integration/sts/CacheInvalidationUnitTestCase.java (rev 0)
+++ integration-tests/trunk/picketlink-sts-tests/src/test/java/org/picketlink/test/integration/sts/CacheInvalidationUnitTestCase.java 2011-02-22 18:12:15 UTC (rev 760)
@@ -0,0 +1,112 @@
+/*
+ * JBoss, Home of Professional Open Source. Copyright 2008, Red Hat Middleware LLC, and individual contributors as
+ * indicated by the @author tags. See the copyright.txt file in the distribution for a full listing of individual
+ * contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any
+ * later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License along with this software; if not, write to
+ * the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF site:
+ * http://www.fsf.org.
+ */
+package org.picketlink.test.integration.sts;
+
+import java.net.URI;
+import java.util.List;
+import java.util.Properties;
+
+import javax.management.ObjectName;
+import javax.naming.InitialContext;
+
+import org.jboss.jmx.adaptor.rmi.RMIAdaptor;
+import org.jboss.security.SimplePrincipal;
+import org.junit.Assert;
+import org.junit.Test;
+import org.picketlink.identity.federation.api.wstrust.WSTrustClient;
+import org.picketlink.identity.federation.api.wstrust.WSTrustClient.SecurityInfo;
+import org.picketlink.identity.federation.core.wstrust.SamlCredential;
+import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
+import org.picketlink.identity.federation.core.wstrust.WSTrustUtil;
+import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
+import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
+import org.w3c.dom.Element;
+
+/**
+ * <p>
+ * This class tests the invalidation of security cache entries that contain expired tokens. This mechanism is enabled by
+ * setting the {@code cache.invalidation} property of the {@code SAML2STSLoginModule} to {@code true} and causes the
+ * security cache of the JBoss Application Server to remove (logout) users whose SAML assertions have expired.
+ * </p>
+ *
+ * @author Anil.Saldhana(a)redhat.com
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ * @since Jun 8, 2010
+ */
+public class CacheInvalidationUnitTestCase
+{
+ /**
+ * <p>
+ * This test checks the invalidation of expired cache entries by requesting a short-lived assertion to the STS
+ * and then using this assertion to authenticate to the {@code JaasSecurityManagerService} MBean. The test checks
+ * if the cache contains the entry right after authentication takes place and then sleeps till the assertion
+ * expires. After that, the test checks the cache again to verify if the entry has been removed.
+ * </p>
+ *
+ * @throws Exception if an error occurs while running the test.
+ */
+ @Test
+ public void testCacheInvalidation() throws Exception
+ {
+ // initial context properties that specify how to connect to the JBoss JNDI server.
+ Properties props = new Properties();
+ props.put("java.naming.factory.initial", "org.jnp.interfaces.NamingContextFactory");
+ props.put("java.naming.factory.url.pkgs", "org.jboss.naming:org.jnp.interfaces");
+ props.put("java.naming.provider.url", "localhost:1099");
+
+ // lookup the RMIAdaptor instance in JNDI.
+ InitialContext ic = new InitialContext(props);
+ RMIAdaptor server = (RMIAdaptor) ic.lookup("jmx/invoker/RMIAdaptor");
+ Assert.assertNotNull("RMIAdaptor is null, lookup failed", server);
+
+ // invoke the token service to obtain a short-lived (10s) assertion.
+ WSTrustClient client = new WSTrustClient("PicketLinkSTS", "PicketLinkSTSPort",
+ "http://localhost:8080/picketlink-sts/PicketLinkSTS", new SecurityInfo("admin", "admin"));
+ RequestSecurityToken request = new RequestSecurityToken();
+ request.setRequestType(URI.create(WSTrustConstants.ISSUE_REQUEST));
+ request.setTokenType(URI.create(SAMLUtil.SAML2_TOKEN_TYPE));
+ request.setLifetime(WSTrustUtil.createDefaultLifetime(10000));
+ Element assertionElement = client.issueToken(request);
+ Assert.assertNotNull("SAML assertion is null, token request failed", assertionElement);
+
+ // invoke the JaasSecurityManagerService MBean to authenticate the client using the assertion.
+ ObjectName name = new ObjectName("jboss.security:service=JaasSecurityManager");
+ String[] methodSignature = {"java.lang.String", "java.security.Principal", "java.lang.Object"};
+ Object[] methodParams = {"cache-test", new SimplePrincipal("admin"), new SamlCredential(assertionElement)};
+ Object result = server.invoke(name, "isValid", methodParams, methodSignature);
+ Assert.assertTrue("isValid returned an invalid result object", result instanceof Boolean);
+ Assert.assertTrue("Authentication failed", (Boolean) result);
+
+ // check if the cache contains the authenticated principal.
+ methodSignature = new String[]{"java.lang.String"};
+ methodParams = new Object[]{"cache-test"};
+ result = server.invoke(name, "getAuthenticationCachePrincipals", methodParams, methodSignature);
+ Assert.assertTrue("getAuthenticationCachePrincipals returned an invalid result object", result instanceof List<?>);
+ List<?> resultList = (List<?>) result;
+ Assert.assertEquals("Unexpected cache size", 1, resultList.size());
+ Assert.assertEquals("Unexpected cached principal", "admin", resultList.get(0).toString());
+
+ // now wait till the assertion has expired and check the authentication cache again.
+ Thread.sleep(12000);
+ result = server.invoke(name, "getAuthenticationCachePrincipals", methodParams, methodSignature);
+ Assert.assertTrue("getAuthenticationCachePrincipals returned an invalid result object", result instanceof List<?>);
+ resultList = (List<?>) result;
+ Assert.assertEquals("Unexpected cache size", 0, resultList.size());
+
+ }
+}
Added: integration-tests/trunk/picketlink-sts-tests/src/test/resources/sts-config.properties
===================================================================
--- integration-tests/trunk/picketlink-sts-tests/src/test/resources/sts-config.properties (rev 0)
+++ integration-tests/trunk/picketlink-sts-tests/src/test/resources/sts-config.properties 2011-02-22 18:12:15 UTC (rev 760)
@@ -0,0 +1,6 @@
+serviceName=PicketLinkSTS
+portName=PicketLinkSTSPort
+endpointAddress=http://localhost:8080/picketlink-sts/PicketLinkSTS
+username=admin
+password=admin
+
13 years, 1 month
Picketlink SVN: r759 - in federation/trunk: picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/subject and 4 other directories.
by picketlink-commits@lists.jboss.org
Author: sguilhen(a)redhat.com
Date: 2011-02-22 13:10:31 -0500 (Tue, 22 Feb 2011)
New Revision: 759
Added:
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/subject/SecurityActions.java
federation/trunk/picketlink-webapps/assembly/src/main/resources/picketlink-sts-jboss-beans.xml
Modified:
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSLoginModule.java
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/subject/PicketLinkPrincipal.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/factories/SecurityActions.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTRequestSecurityTokenParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/writers/WSTrustRequestWriter.java
Log:
PLFED-132: Added lifetime support to the WSTrust token request writer and parser. Fixed the PicketLinkPrincipal equals and hashcode methods to match those of SimplePrincipal. Fixed the MBeanServer lookup code.
Modified: federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSLoginModule.java
===================================================================
--- federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSLoginModule.java 2011-02-22 17:33:12 UTC (rev 758)
+++ federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSLoginModule.java 2011-02-22 18:10:31 UTC (rev 759)
@@ -43,18 +43,18 @@
import org.picketlink.identity.federation.core.factories.JBossAuthCacheInvalidationFactory.TimeCacheExpiry;
import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
import org.picketlink.identity.federation.core.wstrust.STSClient;
-import org.picketlink.identity.federation.core.wstrust.STSClientConfig.Builder;
import org.picketlink.identity.federation.core.wstrust.SamlCredential;
import org.picketlink.identity.federation.core.wstrust.WSTrustException;
+import org.picketlink.identity.federation.core.wstrust.STSClientConfig.Builder;
import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType;
-import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.BaseIDAbstractType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.StatementAbstractType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
import org.w3c.dom.Element;
/**
Modified: federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/subject/PicketLinkPrincipal.java
===================================================================
--- federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/subject/PicketLinkPrincipal.java 2011-02-22 17:33:12 UTC (rev 758)
+++ federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/subject/PicketLinkPrincipal.java 2011-02-22 18:10:31 UTC (rev 759)
@@ -1,76 +1,83 @@
/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ * JBoss, Home of Professional Open Source. Copyright 2008, Red Hat Middleware LLC, and individual contributors as
+ * indicated by the @author tags. See the copyright.txt file in the distribution for a full listing of individual
+ * contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any
+ * later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License along with this software; if not, write to
+ * the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF site:
+ * http://www.fsf.org.
*/
package org.picketlink.identity.federation.bindings.jboss.subject;
import java.io.Serializable;
import java.security.Principal;
+import org.jboss.security.SimplePrincipal;
+
/**
* Simple Principal
+ *
* @author Anil.Saldhana(a)redhat.com
* @since Jan 16, 2009
*/
-public class PicketLinkPrincipal implements Principal,Serializable
-{
+public class PicketLinkPrincipal implements Principal, Serializable
+{
private static final long serialVersionUID = 1L;
protected String name;
-
+
+ private static final String OVERRIDE_EQUALS_BEHAVIOR = "org.picketlink.principal.equals.override";
+
public PicketLinkPrincipal(String name)
- {
+ {
this.name = name;
}
public String getName()
{
- return name;
+ return this.name;
}
@Override
public int hashCode()
{
- final int prime = 31;
- int result = 1;
- result = prime * result + ((name == null) ? 0 : name.hashCode());
- return result;
+ return (this.name == null ? 0 : this.name.hashCode());
}
@Override
public boolean equals(Object obj)
{
- if (this == obj)
- return true;
- if (obj == null)
+ if (!(obj instanceof Principal))
return false;
- if (getClass() != obj.getClass())
- return false;
- PicketLinkPrincipal other = (PicketLinkPrincipal) obj;
- if (name == null)
+
+ // if the org.picketlink.principal.equals.override system property has been set, narrow the allowed type.
+ if ("true".equals(SecurityActions.getSystemProperty(OVERRIDE_EQUALS_BEHAVIOR, "false")))
{
- if (other.name != null)
+ if (!(obj instanceof SimplePrincipal))
return false;
}
- else if (!name.equals(other.name))
- return false;
- return true;
- }
+
+ // compare the principal names.
+ String anotherName = ((Principal) obj).getName();
+ boolean equals = false;
+ if (this.name == null)
+ equals = anotherName == null;
+ else
+ equals = this.name.equals(anotherName);
+ return equals;
+ }
+
+ @Override
+ public String toString()
+ {
+ return this.name;
+ }
}
\ No newline at end of file
Added: federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/subject/SecurityActions.java
===================================================================
--- federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/subject/SecurityActions.java (rev 0)
+++ federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/subject/SecurityActions.java 2011-02-22 18:10:31 UTC (rev 759)
@@ -0,0 +1,56 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.bindings.jboss.subject;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+/**
+ * <p>
+ * This class contains operations that need privileged blocks to run.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+class SecurityActions
+{
+ /**
+ * <p>
+ * Obtains the system property identified by the provided key. If no property can be found, the specified default
+ * value will be returned.
+ * </p>
+ *
+ * @param key the system property key.
+ * @param defaultValue the value to be returned if no property was found under the provided key.
+ * @return a {@code String} representing the property value.
+ */
+ static String getSystemProperty(final String key, final String defaultValue)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ return System.getProperty(key, defaultValue);
+ }
+ });
+ }
+}
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/factories/SecurityActions.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/factories/SecurityActions.java 2011-02-22 17:33:12 UTC (rev 758)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/factories/SecurityActions.java 2011-02-22 18:10:31 UTC (rev 759)
@@ -25,6 +25,7 @@
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
+import java.util.Iterator;
import javax.management.MBeanServer;
import javax.management.MBeanServerFactory;
@@ -57,7 +58,15 @@
{
public MBeanServer run()
{
- return MBeanServerFactory.findMBeanServer( "jboss").get( 0 );
+ for (Iterator<MBeanServer> i = MBeanServerFactory.findMBeanServer(null).iterator(); i.hasNext(); )
+ {
+ MBeanServer server = i.next();
+ if (server.getDefaultDomain().equals("jboss"))
+ {
+ return server;
+ }
+ }
+ throw new IllegalStateException("No 'jboss' MBeanServer found!");
}
});
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTRequestSecurityTokenParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTRequestSecurityTokenParser.java 2011-02-22 17:33:12 UTC (rev 758)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTRequestSecurityTokenParser.java 2011-02-22 18:10:31 UTC (rev 759)
@@ -36,15 +36,18 @@
import org.picketlink.identity.federation.core.parsers.ParserNamespaceSupport;
import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil;
import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
+import org.picketlink.identity.federation.core.wstrust.wrappers.Lifetime;
import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
import org.picketlink.identity.federation.ws.policy.AppliesTo;
import org.picketlink.identity.federation.ws.trust.BinarySecretType;
import org.picketlink.identity.federation.ws.trust.CancelTargetType;
import org.picketlink.identity.federation.ws.trust.EntropyType;
+import org.picketlink.identity.federation.ws.trust.LifetimeType;
import org.picketlink.identity.federation.ws.trust.OnBehalfOfType;
import org.picketlink.identity.federation.ws.trust.RenewTargetType;
import org.picketlink.identity.federation.ws.trust.UseKeyType;
import org.picketlink.identity.federation.ws.trust.ValidateTargetType;
+import org.picketlink.identity.federation.ws.wss.utility.AttributedDateTime;
import org.w3c.dom.Element;
/**
@@ -116,6 +119,37 @@
String value = StaxParserUtil.getElementText(xmlEventReader);
requestToken.setTokenType( new URI( value ));
}
+ else if (tag.equals(WSTrustConstants.LIFETIME))
+ {
+ subEvent = StaxParserUtil.getNextStartElement(xmlEventReader);
+ StaxParserUtil.validate(subEvent, WSTrustConstants.LIFETIME);
+
+ LifetimeType lifeTime = new LifetimeType();
+ // Get the Created
+ subEvent = StaxParserUtil.getNextStartElement(xmlEventReader);
+ String subTag = StaxParserUtil.getStartElementName(subEvent);
+ if (subTag.equals(WSTrustConstants.CREATED))
+ {
+ AttributedDateTime created = new AttributedDateTime();
+ created.setValue(StaxParserUtil.getElementText(xmlEventReader));
+ lifeTime.setCreated(created);
+ }
+ subEvent = StaxParserUtil.getNextStartElement(xmlEventReader);
+ subTag = StaxParserUtil.getStartElementName(subEvent);
+
+ if (subTag.equals(WSTrustConstants.EXPIRES))
+ {
+ AttributedDateTime expires = new AttributedDateTime();
+ expires.setValue(StaxParserUtil.getElementText(xmlEventReader));
+ lifeTime.setExpires(expires);
+ }
+ else
+ throw new RuntimeException(subTag + " was unexpected");
+
+ requestToken.setLifetime(new Lifetime(lifeTime));
+ EndElement lifeTimeElement = StaxParserUtil.getNextEndElement(xmlEventReader);
+ StaxParserUtil.validate(lifeTimeElement, WSTrustConstants.LIFETIME);
+ }
else if( tag.equals( WSTrustConstants.CANCEL_TARGET ))
{
subEvent = StaxParserUtil.getNextStartElement(xmlEventReader);
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/writers/WSTrustRequestWriter.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/writers/WSTrustRequestWriter.java 2011-02-22 17:33:12 UTC (rev 758)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/writers/WSTrustRequestWriter.java 2011-02-22 18:10:31 UTC (rev 759)
@@ -38,6 +38,7 @@
import org.picketlink.identity.federation.core.saml.v2.writers.SAMLAssertionWriter;
import org.picketlink.identity.federation.core.util.StaxUtil;
import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
+import org.picketlink.identity.federation.core.wstrust.wrappers.Lifetime;
import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityTokenCollection;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
@@ -152,6 +153,17 @@
{
writeTokenType( writer, tokenType );
}
+
+ // deal with the token lifetime.
+ if (requestToken.getLifetime() != null)
+ {
+ Lifetime lifetime = requestToken.getLifetime();
+ StaxUtil.writeStartElement(this.writer, WSTrustConstants.PREFIX, WSTrustConstants.LIFETIME,
+ WSTrustConstants.BASE_NAMESPACE);
+ new WSSecurityWriter(this.writer).writeLifetime(lifetime.getCreated(), lifetime.getExpires());
+ StaxUtil.writeEndElement(this.writer);
+ }
+
//Deal with AppliesTo
AppliesTo appliesTo = requestToken.getAppliesTo();
if( appliesTo != null )
Added: federation/trunk/picketlink-webapps/assembly/src/main/resources/picketlink-sts-jboss-beans.xml
===================================================================
--- federation/trunk/picketlink-webapps/assembly/src/main/resources/picketlink-sts-jboss-beans.xml (rev 0)
+++ federation/trunk/picketlink-webapps/assembly/src/main/resources/picketlink-sts-jboss-beans.xml 2011-02-22 18:10:31 UTC (rev 759)
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<deployment xmlns="urn:jboss:bean-deployer:2.0">
+
+ <!-- ejb3 test application-policy definition -->
+ <application-policy xmlns="urn:jboss:security-beans:1.0" name="cache-test">
+ <authentication>
+ <login-module code="org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSLoginModule" flag="required">
+ <module-option name="password-stacking">useFirstPass</module-option>
+ <module-option name="configFile">sts-config.properties</module-option>
+ <module-option name="cache.invalidation">true</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+</deployment>
+
13 years, 1 month
Picketlink SVN: r758 - picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-02-22 12:33:12 -0500 (Tue, 22 Feb 2011)
New Revision: 758
Modified:
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/Configuration.java
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/FacebookConfiguration.java
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/OpenIdConfiguration.java
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlConfiguration.java
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlEndpoint.java
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlIdentityProvider.java
picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/ServiceProvider.java
Log:
PLFED-138: add a method to StringUtil to pick a system property if needed
Modified: picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/Configuration.java
===================================================================
--- picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/Configuration.java 2011-02-22 17:32:17 UTC (rev 757)
+++ picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/Configuration.java 2011-02-22 17:33:12 UTC (rev 758)
@@ -45,6 +45,7 @@
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.annotations.Startup;
import org.jboss.seam.web.ServletContexts;
+import org.picketlink.identity.federation.core.util.StringUtil;
import org.picketlink.identity.seam.federation.jaxb.config.ExternalAuthenticationConfigType;
import org.picketlink.identity.seam.federation.jaxb.config.ServiceProviderType;
import org.xml.sax.SAXException;
@@ -122,7 +123,7 @@
public void setContextRoot(String contextRoot)
{
- this.contextRoot = contextRoot;
+ this.contextRoot = StringUtil.getSystemPropertyAsString( contextRoot );
}
public String getContextRoot()
@@ -133,7 +134,7 @@
@Factory(scope = ScopeType.EVENT, autoCreate = true, value = "org.picketlink.identity.seam.federation.serviceProvider")
public ServiceProvider getServiceProvider()
{
- String hostname = ServletContexts.instance().getRequest().getServerName();;
+ String hostname = StringUtil.getSystemPropertyAsString( ServletContexts.instance().getRequest().getServerName() );
return serviceProviderMap.get(hostname);
}
Modified: picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/FacebookConfiguration.java
===================================================================
--- picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/FacebookConfiguration.java 2011-02-22 17:32:17 UTC (rev 757)
+++ picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/FacebookConfiguration.java 2011-02-22 17:33:12 UTC (rev 758)
@@ -21,6 +21,7 @@
*/
package org.picketlink.identity.seam.federation.configuration;
+import org.picketlink.identity.federation.core.util.StringUtil;
import org.picketlink.identity.seam.federation.jaxb.config.FacebookConfigType;
/**
@@ -37,9 +38,9 @@
public FacebookConfiguration(FacebookConfigType facebookConfiguration)
{
- clientId = facebookConfiguration.getClientId();
- clientSecret = facebookConfiguration.getClientSecret();
- scope = facebookConfiguration.getScope();
+ clientId = StringUtil.getSystemPropertyAsString( facebookConfiguration.getClientId() );
+ clientSecret = StringUtil.getSystemPropertyAsString( facebookConfiguration.getClientSecret() );
+ scope = StringUtil.getSystemPropertyAsString( facebookConfiguration.getScope() );
}
public String getClientId()
Modified: picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/OpenIdConfiguration.java
===================================================================
--- picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/OpenIdConfiguration.java 2011-02-22 17:32:17 UTC (rev 757)
+++ picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/OpenIdConfiguration.java 2011-02-22 17:33:12 UTC (rev 758)
@@ -23,6 +23,7 @@
import java.util.List;
+import org.picketlink.identity.federation.core.util.StringUtil;
import org.picketlink.identity.seam.federation.jaxb.config.OpenIdAttributeType;
import org.picketlink.identity.seam.federation.jaxb.config.OpenIdConfigType;
@@ -39,7 +40,7 @@
public OpenIdConfiguration(OpenIdConfigType openIdConfig)
{
attributes = openIdConfig.getAttribute();
- defaultOpenIdProvider = openIdConfig.getDefaultOpenIdProvider();
+ defaultOpenIdProvider = StringUtil.getSystemPropertyAsString( openIdConfig.getDefaultOpenIdProvider() );
}
public List<OpenIdAttributeType> getAttributes()
Modified: picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlConfiguration.java
===================================================================
--- picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlConfiguration.java 2011-02-22 17:32:17 UTC (rev 757)
+++ picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlConfiguration.java 2011-02-22 17:33:12 UTC (rev 758)
@@ -38,6 +38,7 @@
import java.util.Map;
import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
+import org.picketlink.identity.federation.core.util.StringUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntitiesDescriptorType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType.EDTChoiceType;
@@ -75,7 +76,7 @@
{
readSamlMetaInformation();
- this.entityId = samlConfig.getServiceProviderEntityId();
+ this.entityId = StringUtil.getSystemPropertyAsString( samlConfig.getServiceProviderEntityId() );
this.authnRequestsSigned = samlConfig.isAuthnRequestsSigned();
this.wantAssertionsSigned = samlConfig.isWantAssertionsSigned();
Modified: picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlEndpoint.java
===================================================================
--- picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlEndpoint.java 2011-02-22 17:32:17 UTC (rev 757)
+++ picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlEndpoint.java 2011-02-22 17:33:12 UTC (rev 758)
@@ -21,6 +21,8 @@
*/
package org.picketlink.identity.seam.federation.configuration;
+import org.picketlink.identity.federation.core.util.StringUtil;
+
/**
* @author Marcel Kolsteren
* @since Jan 24, 2010
@@ -40,8 +42,8 @@
super();
this.service = service;
this.binding = binding;
- this.location = location;
- this.responseLocation = responseLocation;
+ this.location = StringUtil.getSystemPropertyAsString( location );
+ this.responseLocation = StringUtil.getSystemPropertyAsString( responseLocation );
}
public SamlService getService()
Modified: picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlIdentityProvider.java
===================================================================
--- picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlIdentityProvider.java 2011-02-22 17:32:17 UTC (rev 757)
+++ picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/SamlIdentityProvider.java 2011-02-22 17:33:12 UTC (rev 758)
@@ -27,6 +27,7 @@
import java.util.Map;
import org.picketlink.identity.federation.api.saml.v2.metadata.MetaDataExtractor;
+import org.picketlink.identity.federation.core.util.StringUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.IDPSSODescriptorType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.KeyDescriptorType;
import org.picketlink.identity.federation.newmodel.saml.v2.metadata.KeyTypes;
@@ -52,7 +53,7 @@
public SamlIdentityProvider(String entityId, IDPSSODescriptorType IDPSSODescriptor)
{
- this.entityId = entityId;
+ this.entityId = StringUtil.getSystemPropertyAsString( entityId );
wantAuthnRequestsSigned = IDPSSODescriptor.isWantAuthnRequestsSigned();
Modified: picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/ServiceProvider.java
===================================================================
--- picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/ServiceProvider.java 2011-02-22 17:32:17 UTC (rev 757)
+++ picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/configuration/ServiceProvider.java 2011-02-22 17:33:12 UTC (rev 758)
@@ -28,6 +28,7 @@
import org.jboss.seam.core.Expressions;
import org.jboss.seam.core.Expressions.MethodExpression;
+import org.picketlink.identity.federation.core.util.StringUtil;
import org.picketlink.identity.seam.federation.ExternalAuthenticationService;
import org.picketlink.identity.seam.federation.jaxb.config.ServiceProviderType;
@@ -63,15 +64,16 @@
{
this.configuration = configuration;
- hostname = serviceProvider.getHostname();
- protocol = serviceProvider.getProtocol().value();
+ hostname = StringUtil.getSystemPropertyAsString( serviceProvider.getHostname() );
+ protocol = StringUtil.getSystemPropertyAsString( serviceProvider.getProtocol().value() );
- loggedOutUrl = serviceProvider.getLoggedOutUrl();
- unsolicitedAuthenticationUrl = serviceProvider.getUnsolicitedAuthenticationUrl();
- failedAuthenticationUrl = serviceProvider.getFailedAuthenticationUrl();
+ loggedOutUrl = StringUtil.getSystemPropertyAsString( serviceProvider.getLoggedOutUrl() );
+ unsolicitedAuthenticationUrl = StringUtil.getSystemPropertyAsString( serviceProvider.getUnsolicitedAuthenticationUrl() );
+ failedAuthenticationUrl = StringUtil.getSystemPropertyAsString( serviceProvider.getFailedAuthenticationUrl() );
internalAuthenticationMethod = Expressions.instance().createMethodExpression(
- serviceProvider.getInternalAuthenticationMethod(), Boolean.class, Principal.class, List.class);
+ StringUtil.getSystemPropertyAsString( serviceProvider.getInternalAuthenticationMethod() ),
+ Boolean.class, Principal.class, List.class);
if (serviceProvider.getPort() == null)
{
13 years, 1 month
Picketlink SVN: r757 - in federation/trunk/picketlink-fed-core/src: main/java/org/picketlink/identity/federation/core/util and 1 other directories.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-02-22 12:32:17 -0500 (Tue, 22 Feb 2011)
New Revision: 757
Added:
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/SystemPropertyAsStringUnitTestCase.java
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/StaxParserUtil.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StringUtil.java
Log:
PLFED-138: add a method to StringUtil to pick a system property if needed
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/StaxParserUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/StaxParserUtil.java 2011-02-18 19:17:35 UTC (rev 756)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/StaxParserUtil.java 2011-02-22 17:32:17 UTC (rev 757)
@@ -41,6 +41,7 @@
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.util.StringUtil;
import org.picketlink.identity.federation.core.util.TransformerUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -79,7 +80,9 @@
*/
public static String getAttributeValue(Attribute attribute)
{
- return trim(attribute.getValue());
+ String str = trim(attribute.getValue());
+ str = StringUtil.getSystemPropertyAsString(str);
+ return str;
}
/**
@@ -150,15 +153,18 @@
* @throws ParsingException
*/
public static String getElementText( XMLEventReader xmlEventReader ) throws ParsingException
- {
+ {
+ String str = null;
try
{
- return xmlEventReader.getElementText().trim();
+ str = xmlEventReader.getElementText().trim();
+ str = StringUtil.getSystemPropertyAsString(str);
}
catch (XMLStreamException e)
{
throw new ParsingException( e );
}
+ return str;
}
/**
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StringUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StringUtil.java 2011-02-18 19:17:35 UTC (rev 756)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StringUtil.java 2011-02-22 17:32:17 UTC (rev 757)
@@ -21,6 +21,7 @@
*/
package org.picketlink.identity.federation.core.util;
+
/**
* Utility dealing with Strings
* @author Anil.Saldhana(a)redhat.com
@@ -38,8 +39,32 @@
return str != null && !"".equals(str);
}
+ /**
+ * Check whether the string is null or empty
+ * @param str
+ * @return
+ */
public static boolean isNullOrEmpty(String str)
{
- return str == null || "".equals(str);
+ return str == null || str.isEmpty();
}
+
+ /**
+ * Get the system property value if the string is of the format ${sysproperty}
+ * @param str
+ * @return
+ */
+ public static String getSystemPropertyAsString( String str )
+ {
+ if( str.startsWith( "${") && str.endsWith( "}" ))
+ {
+ int len = str.length();
+ str = str.substring( 2, len -1 );
+ String sysPropertyValue = SecurityActions.getSystemProperty(str, "" );
+ if( sysPropertyValue.isEmpty() )
+ throw new IllegalArgumentException( "System Property " + str + " is not set" );
+ str = sysPropertyValue;
+ }
+ return str;
+ }
}
\ No newline at end of file
Added: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/SystemPropertyAsStringUnitTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/SystemPropertyAsStringUnitTestCase.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/SystemPropertyAsStringUnitTestCase.java 2011-02-22 17:32:17 UTC (rev 757)
@@ -0,0 +1,46 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.parser;
+
+import static org.junit.Assert.assertEquals;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.util.StringUtil;
+
+/**
+ * Unit Test {@link StringUtil#getSystemPropertyAsString(String)}
+ * that parses a string that represents a system property
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Feb 22, 2011
+ */
+public class SystemPropertyAsStringUnitTestCase
+{
+
+ @Test
+ public void testSystemProperty() throws Exception
+ {
+ System.setProperty( "test", "anil" );
+ String str = "${test}";
+ assertEquals( "anil", StringUtil.getSystemPropertyAsString( str ) );
+ }
+
+}
\ No newline at end of file
13 years, 1 month
Picketlink SVN: r755 - idm/branches/config.
by picketlink-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2011-02-18 12:57:47 -0500 (Fri, 18 Feb 2011)
New Revision: 755
Added:
idm/branches/config/1.1.0/
Log:
branch for config prototyping
13 years, 2 months