8:52 a.m.
Author: mmoyses
Date: 2010-10-21 09:52:06 -0400 (Thu, 21 Oct 2010)
New Revision: 497
Added:
trust/trunk/jbossws/
trust/trunk/jbossws/.classpath
trust/trunk/jbossws/.project
trust/trunk/jbossws/.settings/
trust/trunk/jbossws/.settings/org.eclipse.jdt.core.prefs
trust/trunk/jbossws/.settings/org.maven.ide.eclipse.prefs
trust/trunk/jbossws/pom.xml
trust/trunk/jbossws/src/
trust/trunk/jbossws/src/main/
trust/trunk/jbossws/src/main/java/
trust/trunk/jbossws/src/main/java/org/
trust/trunk/jbossws/src/main/java/org/picketlink/
trust/trunk/jbossws/src/main/java/org/picketlink/trust/
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/Constants.java
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/SAML2Constants.java
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/Util.java
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java
Log:
removing native name as it is stack agnostic now
Added: trust/trunk/jbossws/.classpath
===================================================================
--- trust/trunk/jbossws/.classpath (rev 0)
+++ trust/trunk/jbossws/.classpath 2010-10-21 13:52:06 UTC (rev 497)
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+ <classpathentry kind="src" path="src/main/java"/>
+ <classpathentry kind="con"
path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.6"/>
+ <classpathentry kind="con"
path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
+ <classpathentry kind="output" path="target/classes"/>
+</classpath>
Added: trust/trunk/jbossws/.project
===================================================================
--- trust/trunk/jbossws/.project (rev 0)
+++ trust/trunk/jbossws/.project 2010-10-21 13:52:06 UTC (rev 497)
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+ <name>jbossws</name>
+ <comment></comment>
+ <projects>
+ </projects>
+ <buildSpec>
+ <buildCommand>
+ <name>org.eclipse.jdt.core.javabuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.maven.ide.eclipse.maven2Builder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.maven.ide.eclipse.maven2Nature</nature>
+ <nature>org.eclipse.jdt.core.javanature</nature>
+ </natures>
+</projectDescription>
Added: trust/trunk/jbossws/.settings/org.eclipse.jdt.core.prefs
===================================================================
--- trust/trunk/jbossws/.settings/org.eclipse.jdt.core.prefs (rev
0)
+++ trust/trunk/jbossws/.settings/org.eclipse.jdt.core.prefs 2010-10-21 13:52:06 UTC (rev
497)
@@ -0,0 +1,9 @@
+#Tue Oct 05 15:54:38 BRT 2010
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6
+org.eclipse.jdt.core.compiler.compliance=1.6
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
+org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
+org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
+org.eclipse.jdt.core.compiler.source=1.6
Added: trust/trunk/jbossws/.settings/org.maven.ide.eclipse.prefs
===================================================================
--- trust/trunk/jbossws/.settings/org.maven.ide.eclipse.prefs (rev
0)
+++ trust/trunk/jbossws/.settings/org.maven.ide.eclipse.prefs 2010-10-21 13:52:06 UTC (rev
497)
@@ -0,0 +1,9 @@
+#Tue Oct 05 15:54:07 BRT 2010
+activeProfiles=
+eclipse.preferences.version=1
+fullBuildGoals=process-test-resources
+includeModules=false
+resolveWorkspaceProjects=true
+resourceFilterGoals=process-resources resources\:testResources
+skipCompilerPlugin=true
+version=1
Added: trust/trunk/jbossws/pom.xml
===================================================================
--- trust/trunk/jbossws/pom.xml (rev 0)
+++ trust/trunk/jbossws/pom.xml 2010-10-21 13:52:06 UTC (rev 497)
@@ -0,0 +1,113 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.picketlink</groupId>
+ <artifactId>picketlink-trust-parent</artifactId>
+ <version>1.0.0.CR2</version>
+ <relativePath>../parent</relativePath>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.picketlink</groupId>
+ <artifactId>picketlink-trust-jbossws</artifactId>
+ <packaging>jar</packaging>
+ <name>PicketLink Trust for JBossWS</name>
+ <url>http://labs.jboss.org/portal/picketlink/</url>
+ <description>Integration with JBossWS Native stack</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.4.3</version>
+ <configuration>
+ <printSummary>true</printSummary>
+ <disableXmlReport>false</disableXmlReport>
+ <testFailureIgnore>false</testFailureIgnore>
+ <includes>
+ <include>**/**TestCase.java</include>
+ </includes>
+ <forkMode>pertest</forkMode>
+
<argLine>-Djava.endorsed.dirs=${basedir}/src/test/resources/endorsed</argLine>
+ <useFile>false</useFile>
+ <trimStackTrace>false</trimStackTrace>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.jboss.ws</groupId>
+ <artifactId>jbossws-common</artifactId>
+ <version>1.4.0.CR1</version>
+ </dependency>
+ <dependency>
+ <groupId>org.picketlink</groupId>
+ <artifactId>picketlink-fed</artifactId>
+ <version>2.0.0-SNAPSHOT</version>
+ </dependency>
+ <dependency>
+ <groupId>org.picketlink</groupId>
+ <artifactId>picketlink-bindings-jboss</artifactId>
+ <version>2.0.0-SNAPSHOT</version>
+ <exclusions>
+ <exclusion>
+ <artifactId>jboss-security-spi</artifactId>
+ <groupId>org.jboss.security</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>jbosssx</artifactId>
+ <groupId>org.jboss.security</groupId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.picketbox</groupId>
+ <artifactId>jboss-security-spi</artifactId>
+ <version>3.0.0.CR2</version>
+ </dependency>
+ <dependency>
+ <groupId>org.picketbox</groupId>
+ <artifactId>jbosssx</artifactId>
+ <version>3.0.0.CR2</version>
+ </dependency>
+ </dependencies>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-javadoc-plugin</artifactId>
+ <configuration>
+ <doclet>org.jboss.apiviz.APIviz</doclet>
+ <docletArtifact>
+ <groupId>org.jboss.apiviz</groupId>
+ <artifactId>apiviz</artifactId>
+ <version>1.2.5.GA</version>
+ </docletArtifact>
+ <additionalparam>
+ -charset UTF-8
+ -docencoding UTF-8
+ -version
+ -author
+ -breakiterator
+ -windowtitle "${project.name} ${project.version} API Reference"
+ -doctitle "${project.name} ${project.version} API Reference"
+ -bottom "Copyright © ${project.inceptionYear}-Present
${project.organization.name}. All Rights Reserved."
+ -link http://java.sun.com/javase/6/docs/api/
+ -sourceclasspath ${project.build.outputDirectory}
+ </additionalparam>
+ <encoding>UTF-8</encoding>
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
+</project>
Added: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/Constants.java
===================================================================
--- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/Constants.java
(rev 0)
+++
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/Constants.java 2010-10-21
13:52:06 UTC (rev 497)
@@ -0,0 +1,72 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.trust.jbossws;
+
+import javax.xml.namespace.QName;
+
+import org.apache.xml.security.utils.EncryptionConstants;
+
+/**
+ * @author Jason T. Greene
+ */
+public class Constants
+{
+ public static final String WSS_SOAP_NS =
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0";
+
+ public static final String WSSE_PREFIX = "wsse";
+
+ public static final String WSSE_NS =
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
+
+ public static final String WSU_PREFIX = "wsu";
+
+ public static final String WSU_NS =
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
+
+ public static final String XML_SIGNATURE_NS =
org.apache.xml.security.utils.Constants.SignatureSpecNS;
+
+ public static final String XML_ENCRYPTION_NS = EncryptionConstants.EncryptionSpecNS;
+
+ public static final String XML_ENCRYPTION_PREFIX = "ds"; //xmlsec 1.4.2
requires this to be "ds" to correctly create KeyInfo elements
+
+ public static final String ID = "Id";
+
+ public static final String WSU_ID = WSU_PREFIX + ":" + ID;
+
+ public static final String BASE64_ENCODING_TYPE = WSS_SOAP_NS +
"#Base64Binary";
+
+ public static final String PASSWORD_TEXT_TYPE =
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";
+
+ public static final String PASSWORD_DIGEST_TYPE =
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest";
+
+ public static final String WSSE_HEADER = WSSE_PREFIX + ":Security";
+
+ public static final String XMLNS_NS = "http://www.w3.org/2000/xmlns/";
+
+ public static final String XENC_DATAREFERENCE = "DataReference";
+
+ public static final String XENC_REFERENCELIST = "ReferenceList";
+
+ public static final String XENC_ELEMENT_TYPE = EncryptionConstants.TYPE_ELEMENT;
+
+ public static final String XENC_CONTENT_TYPE = EncryptionConstants.TYPE_CONTENT;
+
+ public static final QName WSSE_HEADER_QNAME = new QName(WSSE_NS,
"Security");
+}
Added: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/SAML2Constants.java
===================================================================
--- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/SAML2Constants.java
(rev 0)
+++
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/SAML2Constants.java 2010-10-21
13:52:06 UTC (rev 497)
@@ -0,0 +1,36 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.trust.jbossws;
+
+/**
+ * Constants for the SAML2 profile.
+ *
+ * @author <a href="mmoyses(a)redhat.com">Marcus Moyses</a>
+ * @version $Revision: 1 $
+ */
+public interface SAML2Constants
+{
+
+ public static String SAML2_ASSERTION_PROPERTY =
"org.picketlink.trust.saml.assertion";
+
+ public static String SAML2_ASSERTION_URI =
"urn:oasis:names:tc:SAML:2.0:assertion";
+}
Added: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/Util.java
===================================================================
--- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/Util.java
(rev 0)
+++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/Util.java 2010-10-21
13:52:06 UTC (rev 497)
@@ -0,0 +1,216 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.trust.jbossws;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+/**
+ * @author Jason T. Greene
+ */
+public class Util
+{
+ public static int count = 0;
+
+ public static String assignWsuId(Element element)
+ {
+ String id = element.getAttributeNS(Constants.WSU_NS, Constants.ID);
+
+ if (id == null || id.length() < 1)
+ {
+ id = generateId();
+ element.setAttributeNS(Constants.WSU_NS, Constants.WSU_ID, id);
+ addNamespace(element, Constants.WSU_PREFIX, Constants.WSU_NS);
+ }
+
+ return id;
+ }
+
+ public static Element getFirstChildElement(Node node)
+ {
+ Node child = node.getFirstChild();
+ while (child != null && child.getNodeType() != Node.ELEMENT_NODE)
+ child = child.getNextSibling();
+
+ return (Element)child;
+ }
+
+ public static Element getNextSiblingElement(Element element)
+ {
+ Node sibling = element.getNextSibling();
+ while (sibling != null && sibling.getNodeType() != Node.ELEMENT_NODE)
+ sibling = sibling.getNextSibling();
+
+ return (Element)sibling;
+ }
+
+ public static Element getPreviousSiblingElement(Element element)
+ {
+ Node sibling = element.getPreviousSibling();
+ while (sibling != null && sibling.getNodeType() != Node.ELEMENT_NODE)
+ sibling = sibling.getPreviousSibling();
+
+ return (Element)sibling;
+ }
+
+ public static Element findElement(Element root, String localName, String namespace)
+ {
+ return findElement(root, new QName(namespace, localName));
+ }
+
+ public static Element findElement(Element root, QName name)
+ {
+ // Here lies your standard recusive DFS.....
+ if (matchNode(root, name))
+ return root;
+
+ // Search children
+ for (Node child = root.getFirstChild(); child != null; child =
child.getNextSibling())
+ {
+ if (child.getNodeType() != Node.ELEMENT_NODE)
+ continue;
+
+ Node possibleMatch = findElement((Element)child, name);
+ if (possibleMatch != null)
+ return (Element)possibleMatch;
+ }
+
+ return null;
+ }
+
+ public static List<Node> findAllElements(Element root, QName name, boolean
local)
+ {
+ List<Node> list = new ArrayList<Node>();
+ if (matchNode(root, name, local))
+ list.add(root);
+
+ for (Node child = root.getFirstChild(); child != null; child =
child.getNextSibling())
+ {
+ if (child.getNodeType() != Node.ELEMENT_NODE)
+ continue;
+
+ list.addAll(findAllElements((Element) child, name, local));
+ }
+
+ return list;
+ }
+
+ public static Element findElementByWsuId(Element root, String id)
+ {
+ // Here lies another standard recusive DFS.....
+ if (id.equals(getWsuId(root)))
+ return root;
+
+ // Search children
+ for (Node child = root.getFirstChild(); child != null; child =
child.getNextSibling())
+ {
+ if (child.getNodeType() != Node.ELEMENT_NODE)
+ continue;
+
+ Node possibleMatch = findElementByWsuId((Element)child, id);
+ if (possibleMatch != null)
+ return (Element)possibleMatch;
+ }
+
+ return null;
+ }
+
+ public static Element findOrCreateSoapHeader(Element envelope)
+ {
+ String prefix = envelope.getPrefix();
+ String uri = envelope.getNamespaceURI();
+ QName name = new QName(uri, "Header");
+ Element header = findElement(envelope, name);
+ if (header == null)
+ {
+ header = envelope.getOwnerDocument().createElementNS(uri, prefix +
":Header");
+ envelope.insertBefore(header, envelope.getFirstChild());
+ }
+
+ return header;
+ }
+
+ public static String getWsuId(Element element)
+ {
+ if (element.hasAttributeNS(Constants.WSU_NS, Constants.ID))
+ return element.getAttributeNS(Constants.WSU_NS, Constants.ID);
+
+ if (element.hasAttribute(Constants.ID))
+ {
+ String ns = element.getNamespaceURI();
+ if (Constants.XML_SIGNATURE_NS.equals(ns) ||
Constants.XML_ENCRYPTION_NS.equals(ns))
+ return element.getAttribute(Constants.ID);
+ }
+
+ return null;
+ }
+
+ public static boolean equalStrings(String string1, String string2)
+ {
+ if (string1 == null && string2 == null)
+ return true;
+
+ return string1 != null && string1.equals(string2);
+ }
+
+ public static boolean matchNode(Node node, QName name)
+ {
+ return matchNode(node, name, false);
+ }
+
+ public static boolean matchNode(Node node, QName name, boolean local)
+ {
+ return equalStrings(node.getLocalName(), name.getLocalPart())
+ && (local || equalStrings(node.getNamespaceURI(),
name.getNamespaceURI()));
+ }
+
+ public static String generateId()
+ {
+ return generateId("element");
+ }
+
+ public static void addNamespace(Element element, String prefix, String uri)
+ {
+ element.setAttributeNS(Constants.XMLNS_NS, "xmlns:" + prefix, uri);
+ }
+
+ public static String generateId(String prefix)
+ {
+ StringBuilder id = new StringBuilder();
+ long time = System.currentTimeMillis();
+
+ // reasonably gaurantee uniqueness
+ synchronized (Util.class)
+ {
+ count++;
+ }
+
+
id.append(prefix).append("-").append(count).append("-").append(time).append("-").append(id.hashCode());
+
+ return id.toString();
+ }
+}
Added:
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java
===================================================================
---
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java
(rev 0)
+++
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java 2010-10-21
13:52:06 UTC (rev 497)
@@ -0,0 +1,156 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.trust.jbossws.handler;
+
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.xml.namespace.QName;
+import javax.xml.soap.SOAPMessage;
+import javax.xml.ws.handler.MessageContext;
+import javax.xml.ws.handler.soap.SOAPMessageContext;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.SecurityContext;
+import org.jboss.wsf.common.handler.GenericSOAPHandler;
+import org.picketlink.identity.federation.bindings.jboss.subject.PicketLinkPrincipal;
+import org.picketlink.identity.federation.core.wstrust.SamlCredential;
+import org.picketlink.trust.jbossws.Constants;
+import org.picketlink.trust.jbossws.SAML2Constants;
+import org.picketlink.trust.jbossws.Util;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+/**
+ * A SAMLv2 WS handler.
+ *
+ * @author <a href="mmoyses(a)redhat.com">Marcus Moyses</a>
+ * @author <a href="alessio.soldano(a)jboss.com">Alessio Soldano</a>
+ * @version $Revision: 1 $
+ */
+public class SAML2Handler extends GenericSOAPHandler
+{
+
+ protected Logger log = Logger.getLogger(this.getClass());
+
+ private static Set<QName> headers;
+
+ static
+ {
+ HashSet<QName> set = new HashSet<QName>();
+ set.add(Constants.WSSE_HEADER_QNAME);
+ headers = Collections.unmodifiableSet(set);
+ }
+
+ public Set<QName> getHeaders()
+ {
+ //return a collection with just the wsse:Security header to pass the MustUnderstand
check on it
+ return headers;
+ }
+
+ /**
+ * Retrieves the SAML assertion from the SOAP payload and lets invocation go to JAAS
for validation.
+ */
+ protected boolean handleInbound(MessageContext msgContext)
+ {
+ SOAPMessageContext ctx = (SOAPMessageContext) msgContext;
+ SOAPMessage soapMessage = ctx.getMessage();
+
+ // retrieve the assertion
+ Document document = soapMessage.getSOAPPart();
+ Element soapHeader = Util.findOrCreateSoapHeader(document.getDocumentElement());
+ Element assertion = Util.findElement(soapHeader, new
QName(SAML2Constants.SAML2_ASSERTION_URI, "Assertion"));
+ if (assertion != null)
+ {
+ SamlCredential credential = new SamlCredential(assertion);
+ if (log.isTraceEnabled())
+ {
+ log.trace("Assertion included in SOAP payload:");
+ log.trace(credential.getAssertionAsString());
+ }
+ Element subject = Util.findElement(assertion, new
QName(SAML2Constants.SAML2_ASSERTION_URI, "Subject"));
+ Element nameID = Util.findElement(subject, new
QName(SAML2Constants.SAML2_ASSERTION_URI, "NameID"));
+ String username = nameID.getTextContent();
+ // set SecurityContext
+ Subject s = new Subject();
+ SecurityContext sc = SecurityActions.createSecurityContext(new
PicketLinkPrincipal(username), credential, s);
+ SecurityActions.setSecurityContext(sc);
+ }
+
+ return true;
+ }
+
+ /**
+ * It expects a {@link Element} assertion as the value of the {@link
SAML2Constants#SAML2_ASSERTION_PROPERTY} property.
+ * This assertion is then included in the SOAP payload.
+ */
+ protected boolean handleOutbound(MessageContext msgContext)
+ {
+ SOAPMessageContext ctx = (SOAPMessageContext) msgContext;
+ SOAPMessage soapMessage = ctx.getMessage();
+
+ // retrieve assertion
+ Element assertion = (Element) ctx.get(SAML2Constants.SAML2_ASSERTION_PROPERTY);
+
+ // add wsse header
+ Document document = soapMessage.getSOAPPart();
+ Element soapHeader = Util.findOrCreateSoapHeader(document.getDocumentElement());
+ try
+ {
+ Element wsse = getSecurityHeaderElement(document);
+ wsse.setAttributeNS(soapHeader.getNamespaceURI(), soapHeader.getPrefix() +
":mustUnderstand", "1");
+ if (assertion != null)
+ {
+ // add the assertion as a child of the wsse header
+ // check if the assertion element comes from the same document, otherwise
import the node
+ if (document != assertion.getOwnerDocument())
+ {
+ wsse.appendChild(document.importNode(assertion, true));
+ }
+ else
+ {
+ wsse.appendChild(assertion);
+ }
+ }
+ soapHeader.insertBefore(wsse, soapHeader.getFirstChild());
+ }
+ catch (Exception e)
+ {
+ log.error(e);
+ return false;
+ }
+
+ return true;
+ }
+
+ private Element getSecurityHeaderElement(Document document)
+ {
+ Element element = document.createElementNS(Constants.WSSE_NS,
Constants.WSSE_HEADER);
+ Util.addNamespace(element, Constants.WSSE_PREFIX, Constants.WSSE_NS);
+ Util.addNamespace(element, Constants.WSU_PREFIX, Constants.WSU_NS);
+ Util.addNamespace(element, Constants.XML_ENCRYPTION_PREFIX,
Constants.XML_SIGNATURE_NS);
+ return element;
+ }
+
+}
Added:
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java
===================================================================
---
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java
(rev 0)
+++
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java 2010-10-21
13:52:06 UTC (rev 497)
@@ -0,0 +1,74 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.trust.jbossws.handler;
+
+import java.security.AccessController;
+import java.security.Principal;
+import java.security.PrivilegedAction;
+
+import javax.security.auth.Subject;
+
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextAssociation;
+import org.jboss.security.SecurityContextFactory;
+
+/**
+ * Privileged actions.
+ *
+ * @author <a href="mmoyses(a)redhat.com">Marcus Moyses</a>
+ * @version $Revision: 1 $
+ */
+class SecurityActions
+{
+
+ static SecurityContext createSecurityContext(final Principal p, final Object cred,
final Subject subject)
+ {
+ return (SecurityContext) AccessController.doPrivileged(new
PrivilegedAction<SecurityContext>()
+ {
+ public SecurityContext run()
+ {
+ SecurityContext sc = null;
+ try
+ {
+ sc = SecurityContextFactory.createSecurityContext(p, cred, subject,
"SAML2_HANDLER");
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ return sc;
+ }
+ });
+ }
+
+ static void setSecurityContext(final SecurityContext sc)
+ {
+ AccessController.doPrivileged(new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ SecurityContextAssociation.setSecurityContext(sc);
+ return null;
+ }
+ });
+ }
+}