Picketlink SVN: r859 - trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-04-05 13:06:43 -0400 (Tue, 05 Apr 2011)
New Revision: 859
Modified:
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java
Log:
PLFED-164: pick assertion from subject
Modified: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java
===================================================================
--- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java 2011-04-05 17:01:06 UTC (rev 858)
+++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java 2011-04-05 17:06:43 UTC (rev 859)
@@ -35,6 +35,7 @@
import org.jboss.security.SecurityContext;
import org.jboss.wsf.common.handler.GenericSOAPHandler;
import org.picketlink.identity.federation.bindings.jboss.subject.PicketLinkPrincipal;
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.picketlink.identity.federation.core.wstrust.SamlCredential;
import org.picketlink.trust.jbossws.Constants;
@@ -53,7 +54,7 @@
* @author Anil Saldhana
* @version $Revision: 1 $
*/
-@SuppressWarnings({"rawtypes", "restriction"})
+@SuppressWarnings("rawtypes")
public class SAML2Handler extends GenericSOAPHandler
{
@@ -116,9 +117,15 @@
SOAPMessageContext ctx = (SOAPMessageContext) msgContext;
SOAPMessage soapMessage = ctx.getMessage();
- // retrieve assertion
+ // retrieve assertion first from the message context
Element assertion = (Element) ctx.get(SAML2Constants.SAML2_ASSERTION_PROPERTY);
+ //Assertion can also be obtained from the JAAS subject
+ if( assertion == null)
+ {
+ assertion = getAssertionFromSubject();
+ }
+
// add wsse header
Document document = soapMessage.getSOAPPart();
Element soapHeader = Util.findOrCreateSoapHeader(document.getDocumentElement());
@@ -173,5 +180,38 @@
}
return username;
}
-
-}
+
+ private Element getAssertionFromSubject()
+ {
+ Element assertion = null;
+ Subject subject = SecurityActions.getAuthenticatedSubject();
+
+ if(subject == null)
+ {
+ log.error("null subject, cannot extract SAML token required for WS-TRUST");
+ return assertion;
+ }
+
+ Set<Object> creds = subject.getPublicCredentials();
+ if( creds != null )
+ {
+ for( Object cred: creds)
+ {
+ if( cred instanceof SamlCredential)
+ {
+ SamlCredential samlCredential = (SamlCredential) cred;
+ try
+ {
+ assertion = samlCredential.getAssertionAsElement();
+ }
+ catch (ProcessingException e)
+ {
+ log.error("failed to process SAML credential", e);
+ }
+ break;
+ }
+ }
+ }
+ return assertion;
+ }
+}
\ No newline at end of file
Modified: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java
===================================================================
--- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java 2011-04-05 17:01:06 UTC (rev 858)
+++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java 2011-04-05 17:06:43 UTC (rev 859)
@@ -35,14 +35,14 @@
* Privileged actions.
*
* @author <a href="mmoyses(a)redhat.com">Marcus Moyses</a>
+ * @author Anil Saldhana
* @version $Revision: 1 $
*/
class SecurityActions
-{
-
+{
static SecurityContext createSecurityContext(final Principal p, final Object cred, final Subject subject)
{
- return (SecurityContext) AccessController.doPrivileged(new PrivilegedAction<SecurityContext>()
+ return AccessController.doPrivileged(new PrivilegedAction<SecurityContext>()
{
public SecurityContext run()
{
@@ -71,4 +71,21 @@
}
});
}
-}
+ /**
+ * Get the {@link Subject} from the {@link SecurityContextAssociation}
+ * @return authenticated subject or null
+ */
+ static Subject getAuthenticatedSubject()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Subject>()
+ {
+ public Subject run()
+ {
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ if( sc != null )
+ return sc.getUtil().getSubject();
+ return null;
+ }
+ });
+ }
+}
\ No newline at end of file
13 years
Picketlink SVN: r858 - federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-04-05 13:01:06 -0400 (Tue, 05 Apr 2011)
New Revision: 858
Modified:
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSLoginModule.java
Log:
minor error string change
Modified: federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSLoginModule.java
===================================================================
--- federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSLoginModule.java 2011-04-05 17:00:33 UTC (rev 857)
+++ federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSLoginModule.java 2011-04-05 17:01:06 UTC (rev 858)
@@ -92,7 +92,7 @@
* <pre>
* serviceName=PicketLinkSTS
* portName=PicketLinkSTSPort
- * endpointAddress=http://localhost:8080/picketlink-sts-1.0.0/PicketLinkSTS
+ * endpointAddress=http://localhost:8080/picketlink-sts/PicketLinkSTS
* username=JBoss
* password=JBoss
* </pre>
@@ -202,13 +202,14 @@
super.callbackHandler.handle(new Callback[]
{callback});
if (callback.getCredential() instanceof SamlCredential == false)
- throw new IllegalArgumentException("Supplied credential is not a SAML credential");
+ throw new IllegalArgumentException("Supplied credential is not a SAML credential.We got "
+ + callback.getCredential().getClass());
this.credential = (SamlCredential) callback.getCredential();
assertionElement = this.credential.getAssertionAsElement();
}
catch (Exception e)
{
- LoginException exception = new LoginException("Error handling callback" + e.getMessage());
+ LoginException exception = new LoginException("Error handling callback::" + e.getMessage());
exception.initCause(e);
throw exception;
}
13 years
Picketlink SVN: r857 - federation/trunk/picketlink-webapps/picketlink-sts/src/main/webapp/WEB-INF.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-04-05 13:00:33 -0400 (Tue, 05 Apr 2011)
New Revision: 857
Modified:
federation/trunk/picketlink-webapps/picketlink-sts/src/main/webapp/WEB-INF/web.xml
Log:
add additional role
Modified: federation/trunk/picketlink-webapps/picketlink-sts/src/main/webapp/WEB-INF/web.xml
===================================================================
--- federation/trunk/picketlink-webapps/picketlink-sts/src/main/webapp/WEB-INF/web.xml 2011-04-04 17:36:38 UTC (rev 856)
+++ federation/trunk/picketlink-webapps/picketlink-sts/src/main/webapp/WEB-INF/web.xml 2011-04-05 17:00:33 UTC (rev 857)
@@ -20,6 +20,7 @@
</web-resource-collection>
<auth-constraint>
<role-name>JBossAdmin</role-name>
+ <role-name>STSClient</role-name>
</auth-constraint>
</security-constraint>
@@ -31,5 +32,8 @@
<security-role>
<role-name>JBossAdmin</role-name>
</security-role>
+ <security-role>
+ <role-name>STSClient</role-name>
+ </security-role>
</web-app>
13 years
Picketlink SVN: r856 - integration-tests/trunk/picketlink-saml-tests/src/test/java/org/picketlink/test/integration/saml2.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-04-04 13:36:38 -0400 (Mon, 04 Apr 2011)
New Revision: 856
Added:
integration-tests/trunk/picketlink-saml-tests/src/test/java/org/picketlink/test/integration/saml2/SAML2PostSignatureGLOUnitTestCase.java
Modified:
integration-tests/trunk/picketlink-saml-tests/src/test/java/org/picketlink/test/integration/saml2/SAML2PostBindingGlobalLogOutUnitTestCase.java
Log:
add test for POST/Sig binding
Modified: integration-tests/trunk/picketlink-saml-tests/src/test/java/org/picketlink/test/integration/saml2/SAML2PostBindingGlobalLogOutUnitTestCase.java
===================================================================
--- integration-tests/trunk/picketlink-saml-tests/src/test/java/org/picketlink/test/integration/saml2/SAML2PostBindingGlobalLogOutUnitTestCase.java 2011-04-04 17:09:29 UTC (rev 855)
+++ integration-tests/trunk/picketlink-saml-tests/src/test/java/org/picketlink/test/integration/saml2/SAML2PostBindingGlobalLogOutUnitTestCase.java 2011-04-04 17:36:38 UTC (rev 856)
@@ -46,16 +46,17 @@
* @since Apr 8, 2010
*/
public class SAML2PostBindingGlobalLogOutUnitTestCase
-{
+{
+ String SERVICE_1_URL = System.getProperty( "SERVICE_1_URL", "http://localhost:8080/sales-post/" );
+ String SERVICE_2_URL = System.getProperty( "SERVICE_2_URL", "http://localhost:8080/employee-post/" );
+ String LOGOUT_URL = "?GLO=true";
+
@Test
public void testSAMLPostBindingGlobalLogOut() throws Exception
{
- String SERVICE_1_URL = System.getProperty( "SERVICE_1_URL", "http://localhost:8080/sales-post/" );
- String SERVICE_2_URL = System.getProperty( "SERVICE_2_URL", "http://localhost:8080/employee-post/" );
- String LOGOUT_URL = "?GLO=true";
//Sales Application Login
- WebRequest serviceRequest1 = new GetMethodWebRequest( SERVICE_1_URL );
+ WebRequest serviceRequest1 = new GetMethodWebRequest( getService1URL() );
WebConversation webConversation = new WebConversation();
WebResponse webResponse = webConversation.getResponse( serviceRequest1 );
@@ -69,19 +70,28 @@
assertTrue( " Reached the sales index page ", webResponse.getText().contains( "SalesTool" ));
//Employee Application Login
- webResponse = webConversation.getResponse( SERVICE_2_URL );
+ webResponse = webConversation.getResponse( getService2URL() );
assertTrue( " Reached the employee index page ", webResponse.getText().contains( "EmployeeDashboard" ));
//Logout from sales
- webResponse = webConversation.getResponse( SERVICE_1_URL + LOGOUT_URL );
+ webResponse = webConversation.getResponse( getService1URL() + LOGOUT_URL );
assertTrue( "Reached logged out page", webResponse.getText().contains( "logged" ) );
//Hit the Sales App again
- webResponse = webConversation.getResponse( SERVICE_1_URL );
+ webResponse = webConversation.getResponse( getService1URL() );
assertTrue( " Reached the Login page ", webResponse.getText().contains( "Login" ));
//Hit the Employee App again
- webResponse = webConversation.getResponse( SERVICE_2_URL );
+ webResponse = webConversation.getResponse( getService2URL() );
assertTrue( " Reached the Login page ", webResponse.getText().contains( "Login" ));
}
-}
+
+ public String getService1URL()
+ {
+ return SERVICE_1_URL;
+ }
+ public String getService2URL()
+ {
+ return SERVICE_2_URL;
+ }
+}
\ No newline at end of file
Added: integration-tests/trunk/picketlink-saml-tests/src/test/java/org/picketlink/test/integration/saml2/SAML2PostSignatureGLOUnitTestCase.java
===================================================================
--- integration-tests/trunk/picketlink-saml-tests/src/test/java/org/picketlink/test/integration/saml2/SAML2PostSignatureGLOUnitTestCase.java (rev 0)
+++ integration-tests/trunk/picketlink-saml-tests/src/test/java/org/picketlink/test/integration/saml2/SAML2PostSignatureGLOUnitTestCase.java 2011-04-04 17:36:38 UTC (rev 856)
@@ -0,0 +1,43 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2011, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.integration.saml2;
+
+/**
+ * Unit test the GLO scenarios involving two endpoints with SAML2 Post
+ * and Signature binding
+ * @author anil saldhana
+ */
+public class SAML2PostSignatureGLOUnitTestCase extends SAML2PostBindingGlobalLogOutUnitTestCase
+{
+ String SERVICE_5_URL = System.getProperty( "SERVICE_3_URL", "http://localhost:8080/sales-post-sig/" );
+ String SERVICE_6_URL = System.getProperty( "SERVICE_4_URL", "http://localhost:8080/employee-post-sig/" );
+ @Override
+ public String getService1URL()
+ {
+ return SERVICE_5_URL;
+ }
+ @Override
+ public String getService2URL()
+ {
+ return SERVICE_6_URL;
+ }
+}
\ No newline at end of file
13 years
Picketlink SVN: r855 - federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-04-04 13:09:29 -0400 (Mon, 04 Apr 2011)
New Revision: 855
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLStatusResponseTypeParser.java
Log:
fix parsing
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLStatusResponseTypeParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLStatusResponseTypeParser.java 2011-04-04 17:09:09 UTC (rev 854)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLStatusResponseTypeParser.java 2011-04-04 17:09:29 UTC (rev 855)
@@ -33,7 +33,7 @@
import org.picketlink.identity.federation.core.exceptions.ParsingException;
import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
-import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusCodeType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusResponseType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusType;
@@ -51,108 +51,109 @@
* @param response
* @throws ParsingException
*/
- protected void parseBaseAttributes( StartElement startElement , StatusResponseType response ) throws ParsingException
+ protected void parseBaseAttributes(StartElement startElement, StatusResponseType response) throws ParsingException
{
- Attribute idAttr = startElement.getAttributeByName( new QName( "ID" ));
- if( idAttr == null )
- throw new RuntimeException( "ID attribute is missing" );
- response.setID( StaxParserUtil.getAttributeValue( idAttr ));
-
- Attribute version = startElement.getAttributeByName( new QName( "Version" ));
- if( version == null )
- throw new RuntimeException( "Version attribute required in Response" );
- response.setVersion( StaxParserUtil.getAttributeValue( version ));
-
- Attribute issueInstant = startElement.getAttributeByName( new QName( "IssueInstant" ));
- if( issueInstant == null )
- throw new RuntimeException( "IssueInstant attribute required in Response" );
- response.setIssueInstant( XMLTimeUtil.parse( StaxParserUtil.getAttributeValue( issueInstant )));
-
- Attribute destination = startElement.getAttributeByName( new QName( "Destination" ));
- if( destination != null )
- response.setDestination( StaxParserUtil.getAttributeValue( destination ));
-
- Attribute consent = startElement.getAttributeByName( new QName( "Consent" ));
- if( consent != null )
- response.setConsent( StaxParserUtil.getAttributeValue( consent ));
-
- Attribute inResponseTo = startElement.getAttributeByName( new QName( "InResponseTo" ));
- if( inResponseTo != null )
- response.setInResponseTo( StaxParserUtil.getAttributeValue( inResponseTo ));
+ Attribute idAttr = startElement.getAttributeByName(new QName("ID"));
+ if (idAttr == null)
+ throw new RuntimeException("ID attribute is missing");
+ response.setID(StaxParserUtil.getAttributeValue(idAttr));
+
+ Attribute version = startElement.getAttributeByName(new QName("Version"));
+ if (version == null)
+ throw new RuntimeException("Version attribute required in Response");
+ response.setVersion(StaxParserUtil.getAttributeValue(version));
+
+ Attribute issueInstant = startElement.getAttributeByName(new QName("IssueInstant"));
+ if (issueInstant == null)
+ throw new RuntimeException("IssueInstant attribute required in Response");
+ response.setIssueInstant(XMLTimeUtil.parse(StaxParserUtil.getAttributeValue(issueInstant)));
+
+ Attribute destination = startElement.getAttributeByName(new QName("Destination"));
+ if (destination != null)
+ response.setDestination(StaxParserUtil.getAttributeValue(destination));
+
+ Attribute consent = startElement.getAttributeByName(new QName("Consent"));
+ if (consent != null)
+ response.setConsent(StaxParserUtil.getAttributeValue(consent));
+
+ Attribute inResponseTo = startElement.getAttributeByName(new QName("InResponseTo"));
+ if (inResponseTo != null)
+ response.setInResponseTo(StaxParserUtil.getAttributeValue(inResponseTo));
}
-
- /**
- * Parse the status element
- * @param xmlEventReader
- * @return
- * @throws ParsingException
- */
- protected StatusType parseStatus( XMLEventReader xmlEventReader ) throws ParsingException
+
+ /**
+ * Parse the status element
+ * @param xmlEventReader
+ * @return
+ * @throws ParsingException
+ */
+ protected StatusType parseStatus(XMLEventReader xmlEventReader) throws ParsingException
{
//Get the Start Element
StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
String STATUS = JBossSAMLConstants.STATUS.get();
- StaxParserUtil.validate(startElement, STATUS );
-
+ StaxParserUtil.validate(startElement, STATUS);
+
StatusType status = new StatusType();
-
- while( xmlEventReader.hasNext() )
+
+ while (xmlEventReader.hasNext())
{
startElement = StaxParserUtil.peekNextStartElement(xmlEventReader);
- if( startElement == null )
+ if (startElement == null)
break;
-
- QName startElementName = startElement.getName();
+
+ QName startElementName = startElement.getName();
String elementTag = startElementName.getLocalPart();
StatusCodeType statusCode = new StatusCodeType();
-
- if( JBossSAMLConstants.STATUS_CODE.get().equals( elementTag ))
+
+ if (JBossSAMLConstants.STATUS_CODE.get().equals(elementTag))
{
startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
- if( startElement == null )
+ if (startElement == null)
break;
- Attribute valueAttr = startElement.getAttributeByName( new QName( "Value" ));
- if( valueAttr != null )
+ Attribute valueAttr = startElement.getAttributeByName(new QName("Value"));
+ if (valueAttr != null)
{
- statusCode.setValue( URI.create( StaxParserUtil.getAttributeValue( valueAttr ) ));
+ statusCode.setValue(URI.create(StaxParserUtil.getAttributeValue(valueAttr)));
}
- status.setStatusCode( statusCode );
-
+ status.setStatusCode(statusCode);
+
//Peek at the next start element to see if it is status code
- startElement = StaxParserUtil.peekNextStartElement( xmlEventReader );
- if( JBossSAMLConstants.STATUS_CODE.get().equals( startElement.getName().getLocalPart() ))
+ startElement = StaxParserUtil.peekNextStartElement(xmlEventReader);
+ elementTag = startElement.getName().getLocalPart();
+ if (JBossSAMLConstants.STATUS_CODE.get().equals(elementTag))
{
StatusCodeType subStatusCodeType = new StatusCodeType();
startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
- Attribute subValueAttr = startElement.getAttributeByName( new QName( "Value" ));
- if( subValueAttr != null )
+ Attribute subValueAttr = startElement.getAttributeByName(new QName("Value"));
+ if (subValueAttr != null)
{
- subStatusCodeType.setValue( URI.create( StaxParserUtil.getAttributeValue( subValueAttr )));
- }
- statusCode.setStatusCode( subStatusCodeType );
-
+ subStatusCodeType.setValue(URI.create(StaxParserUtil.getAttributeValue(subValueAttr)));
+ }
+ statusCode.setStatusCode(subStatusCodeType);
+
// Go to Status code end element.
EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader);
StaxParserUtil.validate(endElement, JBossSAMLConstants.STATUS_CODE.get());
continue;
}
- else
- break;
- }
-
+ }
+
//Get the next end element
XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader);
- if( xmlEvent instanceof EndElement )
+ if (xmlEvent instanceof EndElement)
{
EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader);
- if( StaxParserUtil.matches(endElement, STATUS ))
+ if (StaxParserUtil.matches(endElement, STATUS))
break;
else
- throw new RuntimeException( "unknown end element:" + StaxParserUtil.getEndElementName( endElement ));
+ throw new RuntimeException("unknown end element:" + StaxParserUtil.getEndElementName(endElement));
}
- }
+ else
+ break;
+ }
return status;
- }
+ }
}
\ No newline at end of file
13 years
Picketlink SVN: r854 - federation/trunk/picketlink-webapps/employee-post-sig/src/main/webapp.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-04-04 13:09:09 -0400 (Mon, 04 Apr 2011)
New Revision: 854
Modified:
federation/trunk/picketlink-webapps/employee-post-sig/src/main/webapp/logout.jsp
Log:
update jsp
Modified: federation/trunk/picketlink-webapps/employee-post-sig/src/main/webapp/logout.jsp
===================================================================
--- federation/trunk/picketlink-webapps/employee-post-sig/src/main/webapp/logout.jsp 2011-04-04 17:08:36 UTC (rev 853)
+++ federation/trunk/picketlink-webapps/employee-post-sig/src/main/webapp/logout.jsp 2011-04-04 17:09:09 UTC (rev 854)
@@ -1,4 +1,2 @@
-<%
- session.invalidate();
-%>
+
You are logged out.
13 years
Picketlink SVN: r853 - federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-04-04 13:08:36 -0400 (Mon, 04 Apr 2011)
New Revision: 853
Modified:
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
Log:
add a null check
Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2011-04-04 17:08:04 UTC (rev 852)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2011-04-04 17:08:36 UTC (rev 853)
@@ -680,6 +680,8 @@
recycle(response);
WebRequestUtilHolder holder = webRequestUtil.getHolder();
+ if (destination == null)
+ throw new ServletException("Destination is null");
holder.setResponseDoc(samlResponse).setDestination(destination).setRelayState(relayState)
.setAreWeSendingRequest(willSendRequest).setPrivateKey(null).setSupportSignature(false)
.setServletResponse(response).setPostBindingRequested(requestedPostProfile);
13 years
Picketlink SVN: r852 - in federation/trunk/picketlink-fed-core/src/test: resources/parser/saml2 and 1 other directory.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-04-04 13:08:04 -0400 (Mon, 04 Apr 2011)
New Revision: 852
Added:
federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-logout-response-sig.xml
Modified:
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLSloResponseParserTestCase.java
Log:
add sig case
Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLSloResponseParserTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLSloResponseParserTestCase.java 2011-04-04 17:07:40 UTC (rev 851)
+++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLSloResponseParserTestCase.java 2011-04-04 17:08:04 UTC (rev 852)
@@ -23,8 +23,8 @@
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
-import static org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants.PROTOCOL_NSURI;
import static org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants.LOGOUT_RESPONSE;
+import static org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants.PROTOCOL_NSURI;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
@@ -37,9 +37,10 @@
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter;
-import org.picketlink.identity.federation.core.util.StaxUtil;
+import org.picketlink.identity.federation.core.util.StaxUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusResponseType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusType;
+
/**
* Validate the parsing of SLO Response
* @author Anil.Saldhana(a)redhat.com
@@ -51,33 +52,58 @@
public void testSAMLResponseParse() throws Exception
{
ClassLoader tcl = Thread.currentThread().getContextClassLoader();
- InputStream configStream = tcl.getResourceAsStream( "parser/saml2/saml2-logout-response.xml" );
-
+ InputStream configStream = tcl.getResourceAsStream("parser/saml2/saml2-logout-response.xml");
+
SAMLParser parser = new SAMLParser();
- StatusResponseType response = ( StatusResponseType ) parser.parse(configStream);
- assertNotNull( "ResponseType is not null", response );
-
- assertEquals( XMLTimeUtil.parse( "2010-07-29T13:46:03.862-05:00" ), response.getIssueInstant() );
- assertEquals( "2.0", response.getVersion() );
- assertEquals( "ID_97d332a8-3224-4653-a1ff-65c966e56852", response.getID() );
-
+ StatusResponseType response = (StatusResponseType) parser.parse(configStream);
+ assertNotNull("ResponseType is not null", response);
+
+ assertEquals(XMLTimeUtil.parse("2010-07-29T13:46:03.862-05:00"), response.getIssueInstant());
+ assertEquals("2.0", response.getVersion());
+ assertEquals("ID_97d332a8-3224-4653-a1ff-65c966e56852", response.getID());
+
//Issuer
- assertEquals( "http://localhost:8080/employee-post/", response.getIssuer().getValue() );
-
+ assertEquals("http://localhost:8080/employee-post/", response.getIssuer().getValue());
+
//Status
StatusType status = response.getStatus();
- assertEquals( "urn:oasis:names:tc:SAML:2.0:status:Responder", status.getStatusCode().getValue().toString() );
- assertEquals( "urn:oasis:names:tc:SAML:2.0:status:Success", status.getStatusCode().getStatusCode().getValue().toString() );
-
+ assertEquals("urn:oasis:names:tc:SAML:2.0:status:Responder", status.getStatusCode().getValue().toString());
+ assertEquals("urn:oasis:names:tc:SAML:2.0:status:Success", status.getStatusCode().getStatusCode().getValue()
+ .toString());
+
//Let us do some writing - currently only visual inspection. We will do proper validation later.
ByteArrayOutputStream baos = new ByteArrayOutputStream();
SAMLResponseWriter writer = new SAMLResponseWriter(StaxUtil.getXMLStreamWriter(baos));
- writer.write(response, new QName( PROTOCOL_NSURI.get(), LOGOUT_RESPONSE.get(), "samlp"));
-
- System.out.println( new String( baos.toByteArray() ));
-
- ByteArrayInputStream bis = new ByteArrayInputStream( baos.toByteArray() );
- DocumentUtil.getDocument( bis ); //throws exceptions
-
- }
+ writer.write(response, new QName(PROTOCOL_NSURI.get(), LOGOUT_RESPONSE.get(), "samlp"));
+
+ System.out.println(new String(baos.toByteArray()));
+
+ ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray());
+ DocumentUtil.getDocument(bis); //throws exceptions
+
+ }
+
+ @Test
+ public void testSLOResponseWithSig() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/saml2/saml2-logout-response-sig.xml");
+
+ SAMLParser parser = new SAMLParser();
+ StatusResponseType response = (StatusResponseType) parser.parse(configStream);
+ assertNotNull("ResponseType is not null", response);
+
+ assertEquals(XMLTimeUtil.parse("2011-04-04T11:48:32.372-05:00"), response.getIssueInstant());
+ assertEquals("2.0", response.getVersion());
+ assertEquals("ID_2b178fbb-224c-4f01-950d-e3d1be2d3821", response.getID());
+
+ //Issuer
+ assertEquals("http://localhost:8080/idp-sig/", response.getIssuer().getValue());
+
+ //Status
+ StatusType status = response.getStatus();
+ assertEquals("urn:oasis:names:tc:SAML:2.0:status:Responder", status.getStatusCode().getValue().toString());
+ assertEquals("urn:oasis:names:tc:SAML:2.0:status:Success", status.getStatusCode().getStatusCode().getValue()
+ .toString());
+ }
}
\ No newline at end of file
Added: federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-logout-response-sig.xml
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-logout-response-sig.xml (rev 0)
+++ federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-logout-response-sig.xml 2011-04-04 17:08:04 UTC (rev 852)
@@ -0,0 +1,40 @@
+<samlp:LogoutResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+ xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="ID_2b178fbb-224c-4f01-950d-e3d1be2d3821"
+ InResponseTo="ID_3709478a-4818-47d6-9d38-5cac7221ac0b" IssueInstant="2011-04-04T11:48:32.372-05:00"
+ Version="2.0">
+ <Issuer>http://localhost:8080/idp-sig/</Issuer>
+ <samlp:Status>
+ <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder">
+ <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
+ </samlp:StatusCode>
+ </samlp:Status>
+ <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:SignedInfo>
+ <dsig:CanonicalizationMethod
+ Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" />
+ <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
+ <dsig:Reference URI="#ID_2b178fbb-224c-4f01-950d-e3d1be2d3821">
+ <dsig:Transforms>
+ <dsig:Transform
+ Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <dsig:DigestValue>BPisd+dKE3LyHTXQUuYeVWr3rM8=</dsig:DigestValue>
+ </dsig:Reference>
+ </dsig:SignedInfo>
+ <dsig:SignatureValue>aCMsh9lMJ/YZYYUAUnj/mcwCnmKOVSRHeNSvYxARYCzZv3FU9ieL4X+vr5rQ+LgU98NVfMO9YmEh
+ hgNhOYy7klRTVDa0RsrYX56T99Dhun9hZIXBKxHbx9T9W3glU1uiCuT4zlJuKJA9nGNRdkstf3Fn
+ qy0vEhxhhZymvh1lkXQ=</dsig:SignatureValue>
+ <dsig:KeyInfo>
+ <dsig:KeyValue>
+ <dsig:RSAKeyValue>
+ <dsig:Modulus>7KiaO7wWGffrZcXyLcY3syZ7TWVE5wBzU08/DvglTvvSQeotmJDKBTea8N8Kf8SKqdBANH8dnYT0
+ wRXkedAQ+97YwwWKiwTz+EHYvfwBWQaV3BBu2kLVe9w+hykXPmEEIQzXXbfoBt9xi5pworDsjJJR
+ OifK5+eUtjIK2jkGzKM=</dsig:Modulus>
+ <dsig:Exponent>AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </dsig:KeyValue>
+ </dsig:KeyInfo>
+ </dsig:Signature>
+</samlp:LogoutResponse>
\ No newline at end of file
13 years
Picketlink SVN: r851 - federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/process.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-04-04 13:07:40 -0400 (Mon, 04 Apr 2011)
New Revision: 851
Modified:
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/process/ServiceProviderSAMLResponseProcessor.java
Log:
change to base class
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/process/ServiceProviderSAMLResponseProcessor.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/process/ServiceProviderSAMLResponseProcessor.java 2011-04-04 17:06:57 UTC (rev 850)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/process/ServiceProviderSAMLResponseProcessor.java 2011-04-04 17:07:40 UTC (rev 851)
@@ -48,8 +48,8 @@
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
import org.picketlink.identity.federation.core.util.CoreConfigUtil;
import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
-import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
-import org.picketlink.identity.federation.saml.v2.SAML2Object;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusResponseType;
+import org.picketlink.identity.federation.saml.v2.SAML2Object;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
import org.picketlink.identity.federation.web.core.HTTPContext;
import org.picketlink.identity.federation.web.util.PostBindingUtil;
@@ -63,9 +63,9 @@
* @since Oct 27, 2009
*/
public class ServiceProviderSAMLResponseProcessor extends ServiceProviderBaseProcessor
-{
+{
private boolean validateSignature = false;
-
+
/**
* Construct
* @param postBinding Whether it is the Post Binding
@@ -85,7 +85,6 @@
this.validateSignature = validateSignature;
}
-
/**
* Process the message
* @param samlResponse
@@ -98,76 +97,73 @@
* @throws ParsingException
* @throws ConfigurationException
*/
- public SAML2HandlerResponse process(String samlResponse, HTTPContext httpContext,
- Set<SAML2Handler> handlers,
- Lock chainLock)
- throws ProcessingException, IOException, ParsingException, ConfigurationException
+ public SAML2HandlerResponse process(String samlResponse, HTTPContext httpContext, Set<SAML2Handler> handlers,
+ Lock chainLock) throws ProcessingException, IOException, ParsingException, ConfigurationException
{
SAML2Response saml2Response = new SAML2Response();
SAMLDocumentHolder documentHolder = null;
SAML2Object samlObject = null;
-
- if(this.postBinding)
- {
+
+ if (this.postBinding)
+ {
//we got a logout request
//deal with SAML response from IDP
- InputStream is = PostBindingUtil.base64DecodeAsStream(samlResponse);
+ InputStream is = PostBindingUtil.base64DecodeAsStream(samlResponse);
samlObject = saml2Response.getSAML2ObjectFromStream(is);
- documentHolder = saml2Response.getSamlDocumentHolder();
+ documentHolder = saml2Response.getSamlDocumentHolder();
}
else
{
//deal with SAML response from IDP
- InputStream base64DecodedResponse = RedirectBindingUtil.base64DeflateDecode(samlResponse);
+ InputStream base64DecodedResponse = RedirectBindingUtil.base64DeflateDecode(samlResponse);
samlObject = saml2Response.getSAML2ObjectFromStream(base64DecodedResponse);
documentHolder = saml2Response.getSamlDocumentHolder();
}
-
- if( this.validateSignature )
+
+ if (this.validateSignature)
try
{
- if( ! this.verifySignature( documentHolder ) )
- throw new ProcessingException( "Signature Validation failed" );
+ if (!this.verifySignature(documentHolder))
+ throw new ProcessingException("Signature Validation failed");
}
catch (IssuerNotTrustedException e)
{
- throw new ProcessingException( e );
+ throw new ProcessingException(e);
}
-
+
//Create the request/response
- SAML2HandlerRequest saml2HandlerRequest = getSAML2HandlerRequest(documentHolder, httpContext);
- SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();
+ SAML2HandlerRequest saml2HandlerRequest = getSAML2HandlerRequest(documentHolder, httpContext);
+ SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();
SAMLHandlerChainProcessor chainProcessor = new SAMLHandlerChainProcessor(handlers);
-
+
//Set some request options
- if(spConfiguration != null)
+ if (spConfiguration != null)
{
- Map<String,Object> requestOptions = new HashMap<String,Object>();
+ Map<String, Object> requestOptions = new HashMap<String, Object>();
requestOptions.put(GeneralConstants.CONFIGURATION, spConfiguration);
- if(keyManager != null)
+ if (keyManager != null)
{
String remoteHost = httpContext.getRequest().getRemoteAddr();
- if(trace)
+ if (trace)
{
- log.trace("ServiceProviderSAMLResponseProcessor::Remote Host=" + remoteHost);
+ log.trace("ServiceProviderSAMLResponseProcessor::Remote Host=" + remoteHost);
}
- PublicKey validatingKey = CoreConfigUtil.getValidatingKey(keyManager, remoteHost );
- requestOptions.put(GeneralConstants.SENDER_PUBLIC_KEY, validatingKey);
- requestOptions.put( GeneralConstants.DECRYPTING_KEY, keyManager.getSigningKey() );
+ PublicKey validatingKey = CoreConfigUtil.getValidatingKey(keyManager, remoteHost);
+ requestOptions.put(GeneralConstants.SENDER_PUBLIC_KEY, validatingKey);
+ requestOptions.put(GeneralConstants.DECRYPTING_KEY, keyManager.getSigningKey());
}
saml2HandlerRequest.setOptions(requestOptions);
}
- chainProcessor.callHandlerChain(samlObject, saml2HandlerRequest,
- saml2HandlerResponse, httpContext, chainLock);
-
- return saml2HandlerResponse;
- }
+ chainProcessor.callHandlerChain(samlObject, saml2HandlerRequest, saml2HandlerResponse, httpContext, chainLock);
+ return saml2HandlerResponse;
+ }
+
/**
* Validate the signature of the IDP response
* @param samlDocumentHolder
@@ -175,17 +171,17 @@
* @throws IssuerNotTrustedException
*/
private boolean verifySignature(SAMLDocumentHolder samlDocumentHolder) throws IssuerNotTrustedException
- {
- if( keyManager == null )
- throw new IllegalStateException( "Key Manager is null" );
+ {
+ if (keyManager == null)
+ throw new IllegalStateException("Key Manager is null");
Document samlResponse = samlDocumentHolder.getSamlDocument();
- ResponseType response = (ResponseType) samlDocumentHolder.getSamlObject();
-
+ StatusResponseType response = (StatusResponseType) samlDocumentHolder.getSamlObject();
+
String issuerID = response.getIssuer().getValue();
-
- if(issuerID == null)
+
+ if (issuerID == null)
throw new IssuerNotTrustedException("Issue missing");
-
+
URL issuerURL;
try
{
@@ -195,30 +191,32 @@
{
throw new IssuerNotTrustedException(e1);
}
-
+
try
{
PublicKey publicKey = keyManager.getValidatingKey(issuerURL.getHost());
- if(trace) log.trace("Going to verify signature in the saml response from IDP");
- boolean sigResult = XMLSignatureUtil.validate(samlResponse, publicKey);
- if(trace) log.trace("Signature verification="+sigResult);
+ if (trace)
+ log.trace("Going to verify signature in the saml response from IDP");
+ boolean sigResult = XMLSignatureUtil.validate(samlResponse, publicKey);
+ if (trace)
+ log.trace("Signature verification=" + sigResult);
return sigResult;
}
catch (TrustKeyConfigurationException e)
{
- log.error("Unable to verify signature",e);
+ log.error("Unable to verify signature", e);
}
catch (TrustKeyProcessingException e)
{
- log.error("Unable to verify signature",e);
+ log.error("Unable to verify signature", e);
}
catch (MarshalException e)
{
- log.error("Unable to verify signature",e);
+ log.error("Unable to verify signature", e);
}
catch (XMLSignatureException e)
{
- log.error("Unable to verify signature",e);
+ log.error("Unable to verify signature", e);
}
return false;
}
13 years
Picketlink SVN: r850 - federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-04-04 13:06:57 -0400 (Mon, 04 Apr 2011)
New Revision: 850
Modified:
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java
Log:
add logger
Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java 2011-03-31 15:49:35 UTC (rev 849)
+++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java 2011-04-04 17:06:57 UTC (rev 850)
@@ -36,6 +36,7 @@
import javax.xml.namespace.QName;
import javax.xml.parsers.ParserConfigurationException;
+import org.apache.log4j.Logger;
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
import org.picketlink.identity.federation.core.exceptions.ParsingException;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
@@ -80,7 +81,11 @@
* @since Jan 5, 2009
*/
public class SAML2Response
-{
+{
+ private static Logger log = Logger.getLogger(SAML2Response.class);
+
+ private final boolean trace = log.isTraceEnabled();
+
private SAMLDocumentHolder samlDocumentHolder = null;
/**
@@ -91,7 +96,7 @@
*/
public AssertionType createAssertion(String id, NameIDType issuer)
{
- return AssertionUtil.createAssertion(id, issuer);
+ return AssertionUtil.createAssertion(id, issuer);
}
/**
@@ -100,13 +105,12 @@
* @param issueInstant
* @return
*/
- public AuthnStatementType createAuthnStatement(String authnContextDeclRef,
- XMLGregorianCalendar issueInstant)
- {
- AuthnStatementType authnStatement = new AuthnStatementType( issueInstant );
+ public AuthnStatementType createAuthnStatement(String authnContextDeclRef, XMLGregorianCalendar issueInstant)
+ {
+ AuthnStatementType authnStatement = new AuthnStatementType(issueInstant);
AuthnContextType act = new AuthnContextType();
String authContextDeclRef = JBossSAMLURIConstants.AC_PASSWORD_PROTECTED_TRANSPORT.get();
- act.addAuthenticatingAuthority( URI.create( authContextDeclRef ));
+ act.addAuthenticatingAuthority(URI.create(authContextDeclRef));
authnStatement.setAuthnContext(act);
return authnStatement;
}
@@ -119,20 +123,18 @@
* @param actions
* @return
*/
- public AuthzDecisionStatementType createAuthzDecisionStatementType(String resource,
- DecisionType decision,
- EvidenceType evidence,
- ActionType... actions)
- {
+ public AuthzDecisionStatementType createAuthzDecisionStatementType(String resource, DecisionType decision,
+ EvidenceType evidence, ActionType... actions)
+ {
AuthzDecisionStatementType authzDecST = new AuthzDecisionStatementType();
authzDecST.setResource(resource);
authzDecST.setDecision(decision);
- if(evidence != null)
+ if (evidence != null)
authzDecST.setEvidence(evidence);
- if(actions != null)
+ if (actions != null)
{
- authzDecST.getAction().addAll(Arrays.asList(actions));
+ authzDecST.getAction().addAll(Arrays.asList(actions));
}
return authzDecST;
@@ -148,12 +150,12 @@
* @throws ConfigurationException
* @throws ProcessingException
*/
- public ResponseType createResponseType(String ID, SPInfoHolder sp, IDPInfoHolder idp, IssuerInfoHolder issuerInfo)
- throws ConfigurationException, ProcessingException
- {
+ public ResponseType createResponseType(String ID, SPInfoHolder sp, IDPInfoHolder idp, IssuerInfoHolder issuerInfo)
+ throws ConfigurationException, ProcessingException
+ {
String responseDestinationURI = sp.getResponseDestinationURI();
- XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
+ XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
//Create an assertion
//String id = IDGenerator.create( "ID_" );
@@ -163,19 +165,19 @@
//subject -> nameid
NameIDType nameIDType = new NameIDType();
- nameIDType.setFormat( URI.create( idp.getNameIDFormat() ));
+ nameIDType.setFormat(URI.create(idp.getNameIDFormat()));
nameIDType.setValue(idp.getNameIDFormatValue());
SubjectType.STSubType subType = new SubjectType.STSubType();
- subType.addBaseID(nameIDType);
+ subType.addBaseID(nameIDType);
subjectType.setSubType(subType);
- SubjectConfirmationType subjectConfirmation = new SubjectConfirmationType();
- subjectConfirmation.setMethod( idp.getSubjectConfirmationMethod());
+ SubjectConfirmationType subjectConfirmation = new SubjectConfirmationType();
+ subjectConfirmation.setMethod(idp.getSubjectConfirmationMethod());
SubjectConfirmationDataType subjectConfirmationData = new SubjectConfirmationDataType();
- subjectConfirmationData.setInResponseTo( sp.getRequestID() );
- subjectConfirmationData.setRecipient( responseDestinationURI );
+ subjectConfirmationData.setInResponseTo(sp.getRequestID());
+ subjectConfirmationData.setRecipient(responseDestinationURI);
subjectConfirmationData.setNotBefore(issueInstant);
subjectConfirmationData.setNotOnOrAfter(issueInstant);
@@ -185,33 +187,32 @@
PicketLinkCoreSTS sts = PicketLinkCoreSTS.instance();
SAMLProtocolContext samlProtocolContext = new SAMLProtocolContext();
- samlProtocolContext.setSubjectType( subjectType );
- samlProtocolContext.setIssuerID(nameIDType);
+ samlProtocolContext.setSubjectType(subjectType);
+ samlProtocolContext.setIssuerID(nameIDType);
AssertionType assertionType = idp.getAssertion();
- if( assertionType != null )
+ if (assertionType != null)
{
samlProtocolContext.setIssuedAssertion(assertionType);
//renew it
- sts.renewToken( samlProtocolContext );
+ sts.renewToken(samlProtocolContext);
}
else
- sts.issueToken( samlProtocolContext );
+ sts.issueToken(samlProtocolContext);
assertionType = samlProtocolContext.getIssuedAssertion();
-
+
//Update the subjectConfirmationData expiry based on the assertion
- subjectConfirmationData.setNotOnOrAfter( assertionType.getConditions().getNotOnOrAfter() );
+ subjectConfirmationData.setNotOnOrAfter(assertionType.getConditions().getNotOnOrAfter());
-
- ResponseType responseType = createResponseType(ID, issuerInfo, assertionType);
+ ResponseType responseType = createResponseType(ID, issuerInfo, assertionType);
//InResponseTo ID
responseType.setInResponseTo(sp.getRequestID());
//Destination
responseType.setDestination(responseDestinationURI);
- return responseType;
- }
+ return responseType;
+ }
/**
* Create an empty response type
@@ -230,12 +231,12 @@
* @return
* @throws ConfigurationException
*/
- public ResponseType createResponseType(String ID, IssuerInfoHolder issuerInfo, AssertionType assertion)
- throws ConfigurationException
+ public ResponseType createResponseType(String ID, IssuerInfoHolder issuerInfo, AssertionType assertion)
+ throws ConfigurationException
{
return JBossSAMLAuthnResponseFactory.createResponseType(ID, issuerInfo, assertion);
}
-
+
/**
* Create a ResponseType
* @param ID
@@ -244,8 +245,8 @@
* @return
* @throws ConfigurationException
*/
- public ResponseType createResponseType(String ID, IssuerInfoHolder issuerInfo, Element encryptedAssertion)
- throws ConfigurationException
+ public ResponseType createResponseType(String ID, IssuerInfoHolder issuerInfo, Element encryptedAssertion)
+ throws ConfigurationException
{
return JBossSAMLAuthnResponseFactory.createResponseType(ID, issuerInfo, encryptedAssertion);
}
@@ -257,10 +258,10 @@
* @throws ConfigurationException
* @throws IssueInstantMissingException
*/
- public void createTimedConditions(AssertionType assertion, long durationInMilis)
- throws ConfigurationException, IssueInstantMissingException
+ public void createTimedConditions(AssertionType assertion, long durationInMilis) throws ConfigurationException,
+ IssueInstantMissingException
{
- AssertionUtil.createTimedConditions(assertion, durationInMilis);
+ AssertionUtil.createTimedConditions(assertion, durationInMilis);
}
/**
@@ -268,15 +269,15 @@
* @param is
* @return
* @throws ParsingException
- */
- public EncryptedAssertionType getEncryptedAssertion(InputStream is) throws ParsingException
+ */
+ public EncryptedAssertionType getEncryptedAssertion(InputStream is) throws ParsingException
{
- if(is == null)
- throw new IllegalArgumentException( "inputstream is null" );
+ if (is == null)
+ throw new IllegalArgumentException("inputstream is null");
SAMLParser samlParser = new SAMLParser();
- return ( EncryptedAssertionType ) samlParser.parse(is);
-
+ return (EncryptedAssertionType) samlParser.parse(is);
+
}
/**
@@ -284,11 +285,11 @@
* @param is
* @return
* @throws ParsingException
- */
+ */
public AssertionType getAssertionType(InputStream is) throws ParsingException
{
- if(is == null)
- throw new IllegalArgumentException( "inputstream is null" );
+ if (is == null)
+ throw new IllegalArgumentException("inputstream is null");
SAMLParser samlParser = new SAMLParser();
return (AssertionType) samlParser.parse(is);
@@ -309,23 +310,22 @@
* @return
* @throws ParsingException
* @throws ConfigurationException
- */
- public ResponseType getResponseType(InputStream is)
- throws ParsingException, ConfigurationException, ProcessingException
+ */
+ public ResponseType getResponseType(InputStream is) throws ParsingException, ConfigurationException,
+ ProcessingException
{
- if(is == null)
+ if (is == null)
throw new IllegalArgumentException("inputstream is null");
Document samlResponseDocument = DocumentUtil.getDocument(is);
SAMLParser samlParser = new SAMLParser();
- ResponseType responseType = (ResponseType) samlParser.parse( DocumentUtil.getNodeAsStream( samlResponseDocument ));
+ ResponseType responseType = (ResponseType) samlParser.parse(DocumentUtil.getNodeAsStream(samlResponseDocument));
samlDocumentHolder = new SAMLDocumentHolder(responseType, samlResponseDocument);
- return responseType;
+ return responseType;
}
-
/**
* Read a {@code SAML2Object} from an input stream
* @param is
@@ -333,18 +333,21 @@
* @throws ParsingException
* @throws ConfigurationException
* @throws ProcessingException
- */
- public SAML2Object getSAML2ObjectFromStream(InputStream is) throws ParsingException, ConfigurationException, ProcessingException
+ */
+ public SAML2Object getSAML2ObjectFromStream(InputStream is) throws ParsingException, ConfigurationException,
+ ProcessingException
{
- if(is == null)
+ if (is == null)
throw new IllegalArgumentException("inputstream is null");
- Document samlResponseDocument = DocumentUtil.getDocument(is);
+ Document samlResponseDocument = DocumentUtil.getDocument(is);
- System.out.println( "RESPONSE=" + DocumentUtil.asString(samlResponseDocument));
+ if (trace)
+ log.trace("RESPONSE=" + DocumentUtil.asString(samlResponseDocument));
SAMLParser samlParser = new SAMLParser();
- SAML2Object responseType = (SAML2Object) samlParser.parse( DocumentUtil.getNodeAsStream( samlResponseDocument ));
+ InputStream responseStream = DocumentUtil.getNodeAsStream(samlResponseDocument);
+ SAML2Object responseType = (SAML2Object) samlParser.parse(responseStream);
samlDocumentHolder = new SAMLDocumentHolder(responseType, samlResponseDocument);
return responseType;
@@ -357,16 +360,15 @@
* @return
* @throws ConfigurationException
*/
- public Document convert(EncryptedElementType encryptedElementType)
- throws ConfigurationException
- {
- if( encryptedElementType == null )
- throw new IllegalArgumentException( "encryptedElementType is null ");
+ public Document convert(EncryptedElementType encryptedElementType) throws ConfigurationException
+ {
+ if (encryptedElementType == null)
+ throw new IllegalArgumentException("encryptedElementType is null ");
Document doc = DocumentUtil.createDocument();
- Node importedNode = doc.importNode( encryptedElementType.getEncryptedElement(), true );
+ Node importedNode = doc.importNode(encryptedElementType.getEncryptedElement(), true);
doc.appendChild(importedNode);
- return doc;
+ return doc;
}
/**
@@ -376,25 +378,26 @@
* @throws ParsingException
* @throws ConfigurationException
* @throws ParserConfigurationException
- */
- public Document convert( StatusResponseType responseType) throws ProcessingException, ConfigurationException, ParsingException
+ */
+ public Document convert(StatusResponseType responseType) throws ProcessingException, ConfigurationException,
+ ParsingException
{
ByteArrayOutputStream bos = new ByteArrayOutputStream();
SAMLResponseWriter writer = new SAMLResponseWriter(StaxUtil.getXMLStreamWriter(bos));
- if( responseType instanceof ResponseType )
+ if (responseType instanceof ResponseType)
{
ResponseType response = (ResponseType) responseType;
writer.write(response);
}
else
{
- writer.write(responseType, new QName( PROTOCOL_NSURI.get(), LOGOUT_RESPONSE.get(), "samlp"));
+ writer.write(responseType, new QName(PROTOCOL_NSURI.get(), LOGOUT_RESPONSE.get(), "samlp"));
}
//System.out.println( new String( bos.toByteArray() ) );
- return DocumentUtil.getDocument( new ByteArrayInputStream( bos.toByteArray() ));
+ return DocumentUtil.getDocument(new ByteArrayInputStream(bos.toByteArray()));
}
/**
@@ -403,10 +406,10 @@
* @param os
* @throws ProcessingException
*/
- public void marshall(ResponseType responseType, OutputStream os) throws ProcessingException
- {
- SAMLResponseWriter samlWriter = new SAMLResponseWriter( StaxUtil.getXMLStreamWriter(os));
- samlWriter.write(responseType);
+ public void marshall(ResponseType responseType, OutputStream os) throws ProcessingException
+ {
+ SAMLResponseWriter samlWriter = new SAMLResponseWriter(StaxUtil.getXMLStreamWriter(os));
+ samlWriter.write(responseType);
}
/**
@@ -415,9 +418,9 @@
* @param writer
* @throws ProcessingException
*/
- public void marshall(ResponseType responseType, Writer writer) throws ProcessingException
+ public void marshall(ResponseType responseType, Writer writer) throws ProcessingException
{
- SAMLResponseWriter samlWriter = new SAMLResponseWriter( StaxUtil.getXMLStreamWriter( writer ));
+ SAMLResponseWriter samlWriter = new SAMLResponseWriter(StaxUtil.getXMLStreamWriter(writer));
samlWriter.write(responseType);
}
}
\ No newline at end of file
13 years