[picketlink-commits] Picketlink SVN: r1166 - in federation/trunk: picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp and 5 other directories.

Author: anil.saldhana(a)jboss.com Date: 2011-08-09 17:39:34 -0400 (Tue, 09 Aug 2011) New Revision: 1166 Added: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/config/PropertiesConfigurationProvider.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/config/SecurityActions.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/SAMLConfigurationProvider.java Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/config/ProviderType.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java Log: PLFED-203: SAMLConfigurationProvider is an injectable interface into the IDP/SP Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java =================================================================== --- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2011-08-09 16:16:04 UTC (rev 1165) +++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2011-08-09 21:39:34 UTC (rev 1166) @@ -123,6 +123,7 @@ import org.picketlink.identity.federation.web.util.IDPWebRequestUtil.WebRequestUtilHolder; import org.picketlink.identity.federation.web.util.RedirectBindingSignatureUtil; import org.picketlink.identity.federation.web.util.RedirectBindingUtil; +import org.picketlink.identity.federation.web.util.SAMLConfigurationProvider; import org.w3c.dom.Document; /** @@ -167,6 +168,11 @@ protected String canonicalizationMethod = CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS; /** + * The user can inject a fully qualified name of a {@link SAMLConfigurationProvider} + */ + protected SAMLConfigurationProvider configProvider = null; + + /** * If the user wants to set a particular {@link IdentityParticipantStack} */ protected String identityParticipantStack = null; @@ -186,6 +192,23 @@ } } + public void setConfigProvider(String cp) + { + if (cp == null) + throw new IllegalStateException(ErrorCodes.NULL_ARGUMENT + cp); + Class<?> clazz = SecurityActions.loadClass(getClass(), cp); + if (clazz == null) + throw new RuntimeException(ErrorCodes.CLASS_NOT_LOADED + cp); + try + { + configProvider = (SAMLConfigurationProvider) clazz.newInstance(); + } + catch (Exception e) + { + throw new RuntimeException(ErrorCodes.CANNOT_CREATE_INSTANCE + cp + ":" + e.getMessage()); + } + } + public Boolean getIgnoreIncomingSignatures() { return ignoreIncomingSignatures; @@ -970,6 +993,7 @@ if (StringUtil.isNullOrEmpty(samlHandlerChainClass)) chain = SAML2HandlerChainFactory.createChain(); else + { try { chain = SAML2HandlerChainFactory.createChain(this.samlHandlerChainClass); @@ -978,17 +1002,45 @@ { throw new LifecycleException(e1); } + } + //Work on the IDP Configuration + if (configProvider != null) + { + try + { + idpConfiguration = configProvider.getIDPConfiguration(); + } + catch (ProcessingException e) + { + throw new RuntimeException(ErrorCodes.PROCESSING_EXCEPTION + e.getLocalizedMessage()); + } + } + String configFile = GeneralConstants.CONFIG_FILE_LOCATION; context = (Context) getContainer(); - InputStream is = context.getServletContext().getResourceAsStream(configFile); - if (is == null) - throw new RuntimeException(ErrorCodes.IDP_WEBBROWSER_VALVE_CONF_FILE_MISSING + configFile); + if (idpConfiguration == null) + { + + InputStream is = context.getServletContext().getResourceAsStream(configFile); + if (is == null) + throw new RuntimeException(ErrorCodes.IDP_WEBBROWSER_VALVE_CONF_FILE_MISSING + configFile); + + try + { + idpConfiguration = ConfigurationUtil.getIDPConfiguration(is); + } + catch (ParsingException e) + { + if (trace) + log.trace(e); + throw new RuntimeException(ErrorCodes.PROCESSING_EXCEPTION, e); + } + } try { - idpConfiguration = ConfigurationUtil.getIDPConfiguration(is); this.identityURL = idpConfiguration.getIdentityURL(); if (trace) log.trace("Identity Provider URL=" + this.identityURL); @@ -1011,7 +1063,7 @@ } catch (Exception e) { - throw new RuntimeException(e); + throw new RuntimeException(ErrorCodes.PROCESSING_EXCEPTION, e); } //Ensure that the Core STS has the SAML20 Token Provider @@ -1107,18 +1159,10 @@ identityServer.setStack((IdentityParticipantStack) clazz.newInstance()); } - catch (ClassNotFoundException e) + catch (Exception e) { log.error("Unable to set the Identity Participant Stack Class. Will just use the default", e); } - catch (InstantiationException e) - { - log.error("Unable to set the Identity Participant Stack Class. Will just use the default", e); - } - catch (IllegalAccessException e) - { - log.error("Unable to set the Identity Participant Stack Class. Will just use the default", e); - } } } } @@ -1184,7 +1228,6 @@ result = JBossSAMLURIConstants.AC_PASSWORD_PROTECTED_TRANSPORT.get(); } } - return result; } Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java =================================================================== --- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2011-08-09 16:16:04 UTC (rev 1165) +++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2011-08-09 21:39:34 UTC (rev 1166) @@ -75,6 +75,7 @@ import org.picketlink.identity.federation.saml.v2.metadata.KeyDescriptorType; import org.picketlink.identity.federation.web.constants.GeneralConstants; import org.picketlink.identity.federation.web.util.ConfigurationUtil; +import org.picketlink.identity.federation.web.util.SAMLConfigurationProvider; import org.w3c.dom.Document; /** @@ -123,6 +124,11 @@ protected final String logOutPage = GeneralConstants.LOGOUT_PAGE_NAME; /** + * The user can inject a fully qualified name of a {@link SAMLConfigurationProvider} + */ + protected SAMLConfigurationProvider configProvider = null; + + /** * Servlet3 related changes forced Tomcat to change the authenticate method * signature in the FormAuthenticator. For now, we use reflection for forward * compatibility. This has to be changed in future. @@ -166,6 +172,23 @@ this.saveRestoreRequest = saveRestoreRequest; } + public void setConfigProvider(String cp) + { + if (cp == null) + throw new IllegalStateException(ErrorCodes.NULL_ARGUMENT + cp); + Class<?> clazz = SecurityActions.loadClass(getClass(), cp); + if (clazz == null) + throw new RuntimeException(ErrorCodes.CLASS_NOT_LOADED + cp); + try + { + configProvider = (SAMLConfigurationProvider) clazz.newInstance(); + } + catch (Exception e) + { + throw new RuntimeException(ErrorCodes.CANNOT_CREATE_INSTANCE + cp + ":" + e.getMessage()); + } + } + /** * Set a separate issuer id * @param issuerID @@ -365,7 +388,14 @@ throw new RuntimeException(ErrorCodes.SERVICE_PROVIDER_CONF_FILE_MISSING + configFile); try { - spConfiguration = ConfigurationUtil.getSPConfiguration(is); + if (configProvider != null) + { + spConfiguration = configProvider.getSPConfiguration(); + } + else + { + spConfiguration = ConfigurationUtil.getSPConfiguration(is); + } if (StringUtil.isNotNull(spConfiguration.getIdpMetadataFile())) { Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/config/ProviderType.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/config/ProviderType.java 2011-08-09 16:16:04 UTC (rev 1165) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/config/ProviderType.java 2011-08-09 21:39:34 UTC (rev 1166) @@ -21,6 +21,9 @@ */ package org.picketlink.identity.federation.core.config; +import java.util.HashMap; +import java.util.Map; + import javax.xml.crypto.dsig.CanonicalizationMethod; /** @@ -60,7 +63,6 @@ */ public class ProviderType { - protected String identityURL; protected TrustType trust; @@ -73,6 +75,8 @@ protected String canonicalizationMethod = CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS; + protected Map<String, Object> additionalOptions = new HashMap<String, Object>(); + /** * Gets the value of the identityURL property. * @@ -236,4 +240,32 @@ this.canonicalizationMethod = canonicalizationMethod; } + /** + * Add an option + * @param key + * @param value + */ + public void addAdditionalOption(String key, Object value) + { + additionalOptions.put(key, value); + } + + /** + * Remove an option + * @param key + */ + public void removeAdditionalOption(String key) + { + additionalOptions.remove(key); + } + + /** + * Get option + * @param key + * @return + */ + public Object getAdditionalOption(String key) + { + return additionalOptions.get(key); + } } \ No newline at end of file Added: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/config/PropertiesConfigurationProvider.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/config/PropertiesConfigurationProvider.java (rev 0) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/config/PropertiesConfigurationProvider.java 2011-08-09 21:39:34 UTC (rev 1166) @@ -0,0 +1,104 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.identity.federation.web.config; + +import java.io.IOException; +import java.io.InputStream; +import java.util.Properties; + +import org.picketlink.identity.federation.core.ErrorCodes; +import org.picketlink.identity.federation.core.config.IDPType; +import org.picketlink.identity.federation.core.config.SPType; +import org.picketlink.identity.federation.core.config.TrustType; +import org.picketlink.identity.federation.core.exceptions.ProcessingException; +import org.picketlink.identity.federation.core.util.StringUtil; +import org.picketlink.identity.federation.web.util.SAMLConfigurationProvider; + +/** + * A properties file based {@link SAMLConfigurationProvider}. + * For the IDP configuration, a idp_config.properties is expected. + * For the SP configuration, a sp_config.properties is expected. + * + * @author Anil.Saldhana(a)redhat.com + * @since Aug 9, 2011 + */ +public class PropertiesConfigurationProvider implements SAMLConfigurationProvider +{ + public static final String IDP_FILE = "idp_config.properties"; + + public static final String SP_FILE = "sp_config.properties"; + + public IDPType getIDPConfiguration() throws ProcessingException + { + InputStream is = SecurityActions.loadStream(getClass(), IDP_FILE); + if (is == null) + throw new IllegalStateException(ErrorCodes.NULL_VALUE + IDP_FILE); + Properties props = new Properties(); + try + { + props.load(is); + } + catch (IOException e) + { + throw new ProcessingException(e); + } + IDPType idp = new IDPType(); + idp.setIdentityURL(props.getProperty("idp.url")); + String domains = props.getProperty("domains"); + if (StringUtil.isNotNull(domains)) + { + TrustType trustType = new TrustType(); + trustType.setDomains(domains); + idp.setTrust(trustType); + } + + return idp; + } + + public SPType getSPConfiguration() throws ProcessingException + { + InputStream is = SecurityActions.loadStream(getClass(), SP_FILE); + if (is == null) + throw new IllegalStateException(ErrorCodes.NULL_VALUE + SP_FILE); + Properties props = new Properties(); + try + { + props.load(is); + } + catch (IOException e) + { + throw new ProcessingException(e); + } + SPType sp = new SPType(); + sp.setIdentityURL(props.getProperty("idp.url")); + sp.setServiceURL("service.url"); + String domains = props.getProperty("domains"); + if (StringUtil.isNotNull(domains)) + { + TrustType trustType = new TrustType(); + trustType.setDomains(domains); + sp.setTrust(trustType); + } + + return sp; + } +} \ No newline at end of file Added: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/config/SecurityActions.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/config/SecurityActions.java (rev 0) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/config/SecurityActions.java 2011-08-09 21:39:34 UTC (rev 1166) @@ -0,0 +1,88 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.identity.federation.web.config; + +import java.io.InputStream; +import java.security.AccessController; +import java.security.PrivilegedAction; + +/** + * Privileged Blocks + * @author Anil.Saldhana(a)redhat.com + * @since Dec 9, 2008 + */ +class SecurityActions +{ + static InputStream loadStream(final Class<?> theClass, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<InputStream>() + { + public InputStream run() + { + ClassLoader classLoader = theClass.getClassLoader(); + InputStream is = classLoader.getResourceAsStream(fqn); + if (is == null) + { + is = Thread.currentThread().getContextClassLoader().getResourceAsStream(fqn); + } + return is; + } + }); + } + + static Class<?> loadClass(final Class<?> theClass, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + ClassLoader classLoader = theClass.getClassLoader(); + + Class<?> clazz = loadClass(classLoader, fqn); + if (clazz == null) + { + classLoader = Thread.currentThread().getContextClassLoader(); + clazz = loadClass(classLoader, fqn); + } + return clazz; + } + }); + } + + static Class<?> loadClass(final ClassLoader cl, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + try + { + return cl.loadClass(fqn); + } + catch (ClassNotFoundException e) + { + } + return null; + } + }); + } +} \ No newline at end of file Property changes on: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/config/SecurityActions.java ___________________________________________________________________ Added: svn:executable + * Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java 2011-08-09 16:16:04 UTC (rev 1165) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java 2011-08-09 21:39:34 UTC (rev 1166) @@ -48,6 +48,8 @@ String CONFIG_FILE_LOCATION = "/WEB-INF/picketlink-idfed.xml"; + String CONFIG_PROVIDER = "CONFIG_PROVIDER"; + String LOCAL_LOGOUT = "LLO"; String GLOBAL_LOGOUT = "GLO"; Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java 2011-08-09 16:16:04 UTC (rev 1165) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java 2011-08-09 21:39:34 UTC (rev 1166) @@ -91,6 +91,7 @@ import org.picketlink.identity.federation.web.util.IDPWebRequestUtil; import org.picketlink.identity.federation.web.util.IDPWebRequestUtil.WebRequestUtilHolder; import org.picketlink.identity.federation.web.util.RedirectBindingSignatureUtil; +import org.picketlink.identity.federation.web.util.SAMLConfigurationProvider; import org.w3c.dom.Document; /** @@ -147,18 +148,44 @@ super.init(config); String configFile = GeneralConstants.CONFIG_FILE_LOCATION; + String configProviderStr = config.getInitParameter(GeneralConstants.CONFIG_PROVIDER); + if (StringUtil.isNotNull(configProviderStr)) + { + Class<?> clazz = SecurityActions.loadClass(getClass(), configProviderStr); + if (clazz == null) + throw new RuntimeException(ErrorCodes.CLASS_NOT_LOADED + configProviderStr); + try + { + idpConfiguration = ((SAMLConfigurationProvider) clazz.newInstance()).getIDPConfiguration(); + } + catch (Exception e) + { + throw new RuntimeException(ErrorCodes.PROCESSING_EXCEPTION, e); + } + } context = config.getServletContext(); - InputStream is = context.getResourceAsStream(configFile); - if (is == null) - throw new RuntimeException(ErrorCodes.RESOURCE_NOT_FOUND + configFile + " missing"); + if (idpConfiguration == null) + { + InputStream is = context.getResourceAsStream(configFile); + if (is == null) + throw new RuntimeException(ErrorCodes.RESOURCE_NOT_FOUND + configFile + " missing"); + try + { + idpConfiguration = ConfigurationUtil.getIDPConfiguration(is); + } + catch (ParsingException e) + { + throw new RuntimeException(ErrorCodes.PROCESSING_EXCEPTION, e); + } + } + //Get the chain from config chain = new DefaultSAML2HandlerChain(); try { - idpConfiguration = ConfigurationUtil.getIDPConfiguration(is); this.identityURL = idpConfiguration.getIdentityURL(); log.trace("Identity Provider URL=" + this.identityURL); this.assertionValidity = idpConfiguration.getAssertionValidity(); Added: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/SAMLConfigurationProvider.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/SAMLConfigurationProvider.java (rev 0) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/SAMLConfigurationProvider.java 2011-08-09 21:39:34 UTC (rev 1166) @@ -0,0 +1,48 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.identity.federation.web.util; + +import org.picketlink.identity.federation.core.config.IDPType; +import org.picketlink.identity.federation.core.config.SPType; +import org.picketlink.identity.federation.core.exceptions.ProcessingException; + +/** + * Returns configuration for an IDP or SP + * @author Anil.Saldhana(a)redhat.com + * @since Aug 9, 2011 + */ +public interface SAMLConfigurationProvider +{ + /** + * Get the {@link IDPType} configuration + * @return + * @throws ProcessingException + */ + IDPType getIDPConfiguration() throws ProcessingException; + + /** + * Get the {@l SPType} configuration + * @return + * @throws ProcessingException + */ + SPType getSPConfiguration() throws ProcessingException; +} \ No newline at end of file