[picketlink-commits] Picketlink SVN: r439 - in trust/trunk: jbossws-native and 2 other directories.

Author: mmoyses Date: 2010-10-07 11:13:03 -0400 (Thu, 07 Oct 2010) New Revision: 439 Added: trust/trunk/README.txt Modified: trust/trunk/jbossws-native/pom.xml trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/SAML2Constants.java trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerClient.java trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerServer.java Log: adding README Added: trust/trunk/README.txt =================================================================== --- trust/trunk/README.txt (rev 0) +++ trust/trunk/README.txt 2010-10-07 15:13:03 UTC (rev 439) @@ -0,0 +1,5 @@ +PicketLink Trust was created to house modules that deal with trust among external projects, especially using tokens provided by PicketLink STS. + +Modules: + +- jbossws-native: Provides handlers for integration of JBoss WS Native stack with SAML v2 tokens. Modified: trust/trunk/jbossws-native/pom.xml =================================================================== --- trust/trunk/jbossws-native/pom.xml 2010-10-07 12:21:45 UTC (rev 438) +++ trust/trunk/jbossws-native/pom.xml 2010-10-07 15:13:03 UTC (rev 439) @@ -57,7 +57,27 @@ <groupId>org.picketlink</groupId> <artifactId>picketlink-bindings-jboss</artifactId> <version>2.0.0-SNAPSHOT</version> + <exclusions> + <exclusion> + <artifactId>jboss-security-spi</artifactId> + <groupId>org.jboss.security</groupId> + </exclusion> + <exclusion> + <artifactId>jbosssx</artifactId> + <groupId>org.jboss.security</groupId> + </exclusion> + </exclusions> </dependency> + <dependency> + <groupId>org.picketbox</groupId> + <artifactId>jboss-security-spi</artifactId> + <version>3.0.0.CR2</version> + </dependency> + <dependency> + <groupId>org.picketbox</groupId> + <artifactId>jbosssx</artifactId> + <version>3.0.0.CR2</version> + </dependency> </dependencies> <reporting> Modified: trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/SAML2Constants.java =================================================================== --- trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/SAML2Constants.java 2010-10-07 12:21:45 UTC (rev 438) +++ trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/SAML2Constants.java 2010-10-07 15:13:03 UTC (rev 439) @@ -21,6 +21,12 @@ */ package org.picketlink.trust.jbossws; +/** + * Constants for the SAML2 profile. + * + * @author <a href=&quot;mmoyses(a)redhat.com&quot;&gt;Marcus Moyses</a> + * @version $Revision: 1 $ + */ public interface SAML2Constants { Modified: trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerClient.java =================================================================== --- trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerClient.java 2010-10-07 12:21:45 UTC (rev 438) +++ trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerClient.java 2010-10-07 15:13:03 UTC (rev 439) @@ -33,6 +33,14 @@ import org.w3c.dom.Document; import org.w3c.dom.Element; +/** + * A client side WS handler. + * It expects a {@link SamlCredential} as the value of the {@link SAML2Constants#SAML2_ASSERTION_PROPERTY} property. + * The assertion contained in the credential is then included in the SOAP payload. + * + * @author <a href=&quot;mmoyses(a)redhat.com&quot;&gt;Marcus Moyses</a> + * @version $Revision: 1 $ + */ public class SAML2HandlerClient extends WSSecurityHandlerServer { Modified: trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerServer.java =================================================================== --- trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerServer.java 2010-10-07 12:21:45 UTC (rev 438) +++ trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerServer.java 2010-10-07 15:13:03 UTC (rev 439) @@ -21,23 +21,28 @@ */ package org.picketlink.trust.jbossws.handler; +import javax.security.auth.Subject; import javax.xml.namespace.QName; import javax.xml.ws.handler.MessageContext; +import org.jboss.security.SecurityContext; import org.jboss.ws.core.CommonMessageContext; import org.jboss.ws.core.soap.SOAPMessageImpl; import org.jboss.ws.extensions.security.Util; import org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer; -import org.jboss.wsf.spi.SPIProvider; -import org.jboss.wsf.spi.SPIProviderResolver; -import org.jboss.wsf.spi.invocation.SecurityAdaptor; -import org.jboss.wsf.spi.invocation.SecurityAdaptorFactory; import org.picketlink.identity.federation.bindings.jboss.subject.PicketLinkPrincipal; import org.picketlink.identity.federation.core.wstrust.SamlCredential; import org.picketlink.trust.jbossws.SAML2Constants; import org.w3c.dom.Document; import org.w3c.dom.Element; +/** + * A server side WS handler. + * Retrieves the SAML assertion from the SOAP payload and lets invocation go to JAAS for validation. + * + * @author <a href=&quot;mmoyses(a)redhat.com&quot;&gt;Marcus Moyses</a> + * @version $Revision: 1 $ + */ public class SAML2HandlerServer extends WSSecurityHandlerServer { @@ -56,10 +61,10 @@ Element subject = Util.findElement(assertion, new QName(SAML2Constants.SAML2_ASSERTION_URI, "Subject")); Element nameID = Util.findElement(subject, new QName(SAML2Constants.SAML2_ASSERTION_URI, "NameID")); String username = nameID.getNodeValue(); - SPIProvider spiProvider = SPIProviderResolver.getInstance().getProvider(); - SecurityAdaptor securityAdaptor = spiProvider.getSPI(SecurityAdaptorFactory.class).newSecurityAdapter(); - securityAdaptor.setPrincipal(new PicketLinkPrincipal(username)); - securityAdaptor.setCredential(credential); + // set SecurityContext + Subject s = new Subject(); + SecurityContext sc = SecurityActions.createSecurityContext(new PicketLinkPrincipal(username), credential, s); + SecurityActions.setSecurityContext(sc); } return true;