[picketlink-commits] Picketlink SVN: r611 - in federation/trunk: picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml and 10 other directories.

Author: anil.saldhana(a)jboss.com Date: 2010-12-20 16:58:55 -0500 (Mon, 20 Dec 2010) New Revision: 611 Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SAMLXACMLUtil.java Modified: federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/InteropEndpointDebugTestCase.java federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/SOAPSAMLXACMLServletUnitTestCase.java federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/TestServletRequest.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAssertionParser.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLRequestAbstractParser.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/xacml/SAMLXACMLRequestParser.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/StaxParserUtil.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/TransformerUtil.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLResponseParserTestCase.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/util/SAMLXACMLUnitTestCase.java federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/profiles/xacml/assertion/XACMLAuthzDecisionStatementType.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java Log: saml xacml Modified: federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/InteropEndpointDebugTestCase.java =================================================================== --- federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/InteropEndpointDebugTestCase.java 2010-12-16 23:05:03 UTC (rev 610) +++ federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/InteropEndpointDebugTestCase.java 2010-12-20 21:58:55 UTC (rev 611) @@ -31,14 +31,15 @@ import junit.framework.TestCase; +import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; import org.picketlink.identity.federation.core.saml.v2.util.SOAPSAMLXACMLUtil; import org.picketlink.identity.federation.core.util.JAXBUtil; +import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType; import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType; import org.picketlink.identity.federation.org.xmlsoap.schemas.soap.envelope.Envelope; import org.picketlink.identity.federation.org.xmlsoap.schemas.soap.envelope.Fault; -//import org.picketlink.identity.federation.saml.v2.assertion.AssertionType; -import org.picketlink.identity.federation.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType; -import org.picketlink.identity.federation.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType; +//import org.picketlink.identity.federation.saml.v2.assertion.AssertionType; +import org.w3c.dom.Document; import org.jboss.security.xacml.core.model.context.DecisionType; import org.jboss.security.xacml.core.model.context.RequestType; import org.jboss.security.xacml.core.model.context.ResultType; @@ -78,31 +79,19 @@ } } - public void testHimss() throws Exception - { - if(endpoint != null) - { - JAXBElement<?> jb = getResponse("xacml/requests/himss-soap-request.xml"); - Envelope env = (Envelope) jb.getValue(); - Marshaller marshaller = JAXBUtil.getMarshaller(SOAPSAMLXACMLUtil.getPackage()); - marshaller.setProperty( Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE ); - marshaller.marshal(jb, System.out); - - check(env, false); - } - } - public void testSAMLXACML() throws Exception { //Read the saml request from the file ClassLoader tcl = Thread.currentThread().getContextClassLoader(); InputStream is = tcl.getResourceAsStream("xacml/requests/samlxacml.xml"); - Unmarshaller um = JAXBUtil.getUnmarshaller(SOAPSAMLXACMLUtil.getPackage()); + Document doc = DocumentUtil.getDocument(is); + + /*Unmarshaller um = JAXBUtil.getUnmarshaller(SOAPSAMLXACMLUtil.getPackage()); um.setEventHandler(new javax.xml.bind.helpers.DefaultValidationEventHandler()); - JAXBElement<?> obj = (JAXBElement<?>) um.unmarshal(is); - XACMLAuthzDecisionQueryType xat = (XACMLAuthzDecisionQueryType) obj.getValue(); + JAXBElement<?> obj = (JAXBElement<?>) um.unmarshal(is);*/ + XACMLAuthzDecisionQueryType xat = SOAPSAMLXACMLUtil.getXACMLQueryType(doc.getDocumentElement() ); assertNotNull(xat); RequestType requestType = xat.getRequest(); assertTrue(requestType.getEnvironment().getAttribute().size() > 0); @@ -134,7 +123,8 @@ private JAXBElement<?> getResponse(String fileName) throws Exception { - //Read the saml request from the file + throw new RuntimeException( "FIX" ); + /*//Read the saml request from the file ClassLoader tcl = Thread.currentThread().getContextClassLoader(); InputStream is = tcl.getResourceAsStream(fileName); @@ -149,6 +139,6 @@ m.marshal(soapRequest, System.out); m.marshal(soapRequest, conn.getOutputStream()); - return (JAXBElement<?>) um.unmarshal(conn.getInputStream()); + return (JAXBElement<?>) um.unmarshal(conn.getInputStream()); */ } } \ No newline at end of file Modified: federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/SOAPSAMLXACMLServletUnitTestCase.java =================================================================== --- federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/SOAPSAMLXACMLServletUnitTestCase.java 2010-12-16 23:05:03 UTC (rev 610) +++ federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/SOAPSAMLXACMLServletUnitTestCase.java 2010-12-20 21:58:55 UTC (rev 611) @@ -21,6 +21,10 @@ */ package org.picketlink.test.identity.federation.bindings.servlets; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; + import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.InputStream; @@ -29,91 +33,107 @@ import javax.servlet.ServletContext; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; -import javax.xml.bind.JAXBElement; -import javax.xml.bind.Unmarshaller; +import javax.xml.soap.MessageFactory; +import javax.xml.soap.SOAPBody; +import javax.xml.soap.SOAPEnvelope; +import javax.xml.soap.SOAPMessage; +import javax.xml.soap.SOAPPart; -import junit.framework.TestCase; - +import org.jboss.security.xacml.core.model.context.DecisionType; +import org.jboss.security.xacml.core.model.context.ResultType; +import org.junit.Test; import org.picketlink.identity.federation.bindings.servlets.SOAPSAMLXACMLServlet; +import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; import org.picketlink.identity.federation.core.saml.v2.util.SOAPSAMLXACMLUtil; -import org.picketlink.identity.federation.core.util.JAXBUtil; -import org.picketlink.identity.federation.org.xmlsoap.schemas.soap.envelope.Envelope; -import org.picketlink.identity.federation.org.xmlsoap.schemas.soap.envelope.Fault; -//import org.picketlink.identity.federation.saml.v2.assertion.AssertionType; -import org.picketlink.identity.federation.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType; -import org.jboss.security.xacml.core.model.context.DecisionType; -import org.jboss.security.xacml.core.model.context.ResultType; -import org.junit.Ignore; +import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType; +import org.w3c.dom.Element; +import org.w3c.dom.Node; /** * Unit Test the SOAP SAML XACML Servlet * @author Anil.Saldhana(a)redhat.com * @since Jan 28, 2009 - */ -@Ignore -public class SOAPSAMLXACMLServletUnitTestCase extends TestCase + */ +public class SOAPSAMLXACMLServletUnitTestCase { + @Test public void testPermit() throws Exception { - validate("xacml/requests/XacmlRequest-01-01.xml", DecisionType.PERMIT.value()); + validate("xacml/requests/XacmlRequest-01-01.xml", DecisionType.PERMIT.value(), true ); - validate("xacml/requests/XacmlRequest-format2-01-01.xml", DecisionType.PERMIT.value()); + validate("xacml/requests/XacmlRequest-format2-01-01.xml", DecisionType.PERMIT.value(), true ); } + @Test public void testDeny() throws Exception { - validate("xacml/requests/XacmlRequest-01-02.xml", DecisionType.DENY.value()); + validate("xacml/requests/XacmlRequest-01-02.xml", DecisionType.DENY.value(), true ); } - - @SuppressWarnings("unchecked") + + @Test public void testIncorrectInput() throws Exception { ByteArrayOutputStream baos = new ByteArrayOutputStream(); - String garbage = "fdfdsfdfk"; + String garbage = "<fdfdsfdfk/>"; ByteArrayInputStream bis = new ByteArrayInputStream(garbage.getBytes()); SOAPSAMLXACMLServlet servlet = new SOAPSAMLXACMLServlet(); servlet.init(new TestServletConfig(getServletContext())); - ServletRequest sreq = new TestServletRequest(bis); + ServletRequest sreq = new TestServletRequest( getSOAPStream( bis )); ServletResponse sresp = new TestServletResponse(baos); servlet.service(sreq, sresp); sresp.flushBuffer(); //Flush the servlet response ServletOutputStream to our baos bis = new ByteArrayInputStream(baos.toByteArray()); - Unmarshaller un = JAXBUtil.getUnmarshaller(SOAPSAMLXACMLUtil.getPackage()); + + SOAPMessage soapMessage = SOAPSAMLXACMLUtil.getSOAPMessage(bis); + Node xacmlNode = soapMessage.getSOAPBody().getChildNodes().item(0); + assertTrue( xacmlNode instanceof Element ); + Element xacmlElement = (Element) xacmlNode; + assertTrue( xacmlElement.getLocalName().equals( "Fault" ) ); + /*Unmarshaller un = JAXBUtil.getUnmarshaller(SOAPSAMLXACMLUtil.getPackage()); JAXBElement<Envelope> jax = (JAXBElement<Envelope>) un.unmarshal(bis); Envelope envelope = jax.getValue(); assertNotNull("Envelope is not null", envelope); JAXBElement<?> fault = (JAXBElement<?>) envelope.getBody().getAny().get(0); - assertTrue(fault.getValue() instanceof Fault); + assertTrue(fault.getValue() instanceof Fault);*/ } + @Test public void testInteropSOAPRequest() throws Exception { - validate("xacml/requests/interop-request.xml", DecisionType.PERMIT.value()); + validate("xacml/requests/interop-request.xml", DecisionType.PERMIT.value(), false ); } - - @SuppressWarnings("unchecked") - private void validate(String requestFile, String value) throws Exception - { - throw new RuntimeException(); - /*ByteArrayOutputStream baos = new ByteArrayOutputStream(); + + private void validate(String requestFile, String value, boolean needSOAPWrapping ) throws Exception + { + InputStream is = getInputStream(requestFile); + if(is == null) + throw new IllegalArgumentException("Input Stream to request file is null"); + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + SOAPSAMLXACMLServlet servlet = new SOAPSAMLXACMLServlet(); servlet.init(new TestServletConfig(getServletContext())); - InputStream is = getInputStream(requestFile); - if(is == null) - throw new IllegalArgumentException("Input Stream to request file is null"); - ServletRequest sreq = new TestServletRequest(is); + + if( needSOAPWrapping ) + is = getSOAPStream( is ); + + ServletRequest sreq = new TestServletRequest( is ); ServletResponse sresp = new TestServletResponse(baos); servlet.service(sreq, sresp); sresp.flushBuffer(); //Flush the servlet response ServletOutputStream to our baos + + ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray()); + + SOAPMessage soapMessage = SOAPSAMLXACMLUtil.getSOAPMessage(bis); - ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray()); - Unmarshaller un = JAXBUtil.getUnmarshaller(SOAPSAMLXACMLUtil.getPackage()); + Node xacmlNode = soapMessage.getSOAPBody().getChildNodes().item(0); + XACMLAuthzDecisionStatementType xacmlStatement = SOAPSAMLXACMLUtil.getDecisionStatement( xacmlNode ); + /*Unmarshaller un = JAXBUtil.getUnmarshaller(SOAPSAMLXACMLUtil.getPackage()); JAXBElement<Envelope> jax = (JAXBElement<Envelope>) un.unmarshal(bis); Envelope envelope = jax.getValue(); assertNotNull("Envelope is not null", envelope); @@ -124,12 +144,14 @@ assertNotNull("ResponseType is not null", responseType); AssertionType assertion = (AssertionType) responseType.getAssertionOrEncryptedAssertion().get(0); XACMLAuthzDecisionStatementType xacmlStatement = (XACMLAuthzDecisionStatementType) assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().get(0); + */ + assertNotNull("XACML Authorization Statement is not null", xacmlStatement); org.jboss.security.xacml.core.model.context.ResponseType xacmlResponse = xacmlStatement.getResponse(); ResultType resultType = xacmlResponse.getResult().get(0); DecisionType decision = resultType.getDecision(); assertNotNull("Decision is not null", decision); - assertEquals(value, decision.value());*/ + assertEquals(value, decision.value()); } private ServletContext getServletContext() @@ -144,4 +166,22 @@ ClassLoader tcl = Thread.currentThread().getContextClassLoader(); return tcl.getResourceAsStream(requestFileLoc); } + + private InputStream getSOAPStream( InputStream dataStream ) throws Exception + { + MessageFactory messageFactory = MessageFactory.newInstance(); + SOAPMessage message = messageFactory.createMessage(); + SOAPPart soapPart = message.getSOAPPart(); + SOAPEnvelope envelope = soapPart.getEnvelope(); + SOAPBody body = envelope.getBody(); + + body.addDocument( DocumentUtil.getDocument(dataStream)); + message.saveChanges(); + + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + message.writeTo(baos); + + System.out.println( new String( baos.toByteArray() ) ); + return new ByteArrayInputStream( baos.toByteArray() ); + } } \ No newline at end of file Modified: federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/TestServletRequest.java =================================================================== --- federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/TestServletRequest.java 2010-12-16 23:05:03 UTC (rev 610) +++ federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/TestServletRequest.java 2010-12-20 21:58:55 UTC (rev 611) @@ -74,14 +74,12 @@ } public String getHeader(String name) - { - + { return null; } public Enumeration getHeaderNames() - { - + { return null; } Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAssertionParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAssertionParser.java 2010-12-16 23:05:03 UTC (rev 610) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAssertionParser.java 2010-12-20 21:58:55 UTC (rev 611) @@ -21,6 +21,9 @@ */ package org.picketlink.identity.federation.core.parsers.saml; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.Unmarshaller; import javax.xml.datatype.XMLGregorianCalendar; import javax.xml.namespace.QName; import javax.xml.stream.XMLEventReader; @@ -29,6 +32,8 @@ import javax.xml.stream.events.StartElement; import javax.xml.stream.events.XMLEvent; +import org.jboss.security.xacml.core.model.context.RequestType; +import org.jboss.security.xacml.core.model.context.ResponseType; import org.picketlink.identity.federation.core.exceptions.ConfigurationException; import org.picketlink.identity.federation.core.exceptions.ParsingException; import org.picketlink.identity.federation.core.exceptions.ProcessingException; @@ -46,6 +51,7 @@ import org.picketlink.identity.federation.newmodel.saml.v2.assertion.EncryptedAssertionType; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType; +import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType; import org.w3c.dom.Element; /** @@ -156,6 +162,37 @@ AttributeStatementType attributeStatementType = SAMLParserUtil.parseAttributeStatement( xmlEventReader ); assertion.addStatement(attributeStatementType); } + else if( JBossSAMLConstants.STATEMENT.get().equalsIgnoreCase( tag ) ) + { + startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + + String xsiTypeValue = StaxParserUtil.getXSITypeValue(startElement); + if( xsiTypeValue.contains(JBossSAMLConstants.XACML_AUTHZ_DECISION_STATEMENT_TYPE.get() )) + { + XACMLAuthzDecisionStatementType authZStat = new XACMLAuthzDecisionStatementType(); + + startElement = StaxParserUtil.peekNextStartElement(xmlEventReader); + tag = StaxParserUtil.getStartElementName(startElement); + + if( tag.contains( JBossSAMLConstants.RESPONSE.get() ) ) + { + authZStat.setResponse( getXACMLResponse( xmlEventReader )); + startElement = StaxParserUtil.peekNextStartElement(xmlEventReader); + //There may be request also + tag = StaxParserUtil.getStartElementName(startElement); + if( tag.contains( JBossSAMLConstants.REQUEST.get() ) ) + { + authZStat.setRequest( getXACMLRequest( xmlEventReader )); + } + } + + EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader); + StaxParserUtil.validate(endElement, JBossSAMLConstants.STATEMENT.get() ); + assertion.addStatement(authZStat); + } + else + throw new RuntimeException( "Unknown xsi:type=" + xsiTypeValue ); + } else throw new RuntimeException( "SAMLAssertionParser:: unknown: " + tag ); } return assertion; @@ -186,4 +223,44 @@ return new AssertionType( id, issueInstant, version ); } + + @SuppressWarnings("unchecked") + private ResponseType getXACMLResponse( XMLEventReader xmlEventReader ) throws ParsingException + { + Element xacmlResponse = StaxParserUtil.getDOMElement(xmlEventReader); + //xacml request + String xacmlPath = "org.jboss.security.xacml.core.model.context"; + try + { + JAXBContext jaxb = JAXBContext.newInstance( xacmlPath ); + Unmarshaller un = jaxb.createUnmarshaller(); + un.setEventHandler(new javax.xml.bind.helpers.DefaultValidationEventHandler()); + JAXBElement<ResponseType> jaxbResponseType = (JAXBElement<ResponseType>) un.unmarshal( DocumentUtil.getNodeAsStream(xacmlResponse)); + return jaxbResponseType.getValue(); + } + catch ( Exception e) + { + throw new ParsingException( e ); + } + } + + @SuppressWarnings("unchecked") + private RequestType getXACMLRequest( XMLEventReader xmlEventReader ) throws ParsingException + { + Element xacmlRequest = StaxParserUtil.getDOMElement(xmlEventReader); + //xacml request + String xacmlPath = "org.jboss.security.xacml.core.model.context"; + try + { + JAXBContext jaxb = JAXBContext.newInstance( xacmlPath ); + Unmarshaller un = jaxb.createUnmarshaller(); + un.setEventHandler(new javax.xml.bind.helpers.DefaultValidationEventHandler()); + JAXBElement<RequestType> jaxbRequestType = (JAXBElement<RequestType>) un.unmarshal( DocumentUtil.getNodeAsStream(xacmlRequest)); + return jaxbRequestType.getValue(); + } + catch ( Exception e) + { + throw new ParsingException( e ); + } + } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLRequestAbstractParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLRequestAbstractParser.java 2010-12-16 23:05:03 UTC (rev 610) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLRequestAbstractParser.java 2010-12-20 21:58:55 UTC (rev 611) @@ -85,6 +85,8 @@ protected void parseCommonElements( StartElement startElement, XMLEventReader xmlEventReader, RequestAbstractType request ) throws ParsingException { + if( startElement == null ) + throw new IllegalArgumentException( " startElement is null" ); String elementName = StaxParserUtil.getStartElementName( startElement ); if( JBossSAMLConstants.ISSUER.get().equals( elementName )) Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/xacml/SAMLXACMLRequestParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/xacml/SAMLXACMLRequestParser.java 2010-12-16 23:05:03 UTC (rev 610) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/xacml/SAMLXACMLRequestParser.java 2010-12-20 21:58:55 UTC (rev 611) @@ -65,7 +65,7 @@ return parseXACMLAuthzDecisionQuery(startElement, xmlEventReader); } - return null; + throw new RuntimeException( "Parsing Failed: Unknown Tag=" + tag ); } public boolean supports(QName qname) @@ -106,6 +106,8 @@ break; } startElement = StaxParserUtil.peekNextStartElement( xmlEventReader ); + if( startElement == null ) + break; super.parseCommonElements(startElement, xmlEventReader, xacmlQuery); String tag = StaxParserUtil.getStartElementName(startElement); Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/StaxParserUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/StaxParserUtil.java 2010-12-16 23:05:03 UTC (rev 610) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/StaxParserUtil.java 2010-12-20 21:58:55 UTC (rev 611) @@ -142,7 +142,7 @@ throw new ParsingException( e ); } } - + /** * Get the element text. * @param xmlEventReader Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java 2010-12-16 23:05:03 UTC (rev 610) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java 2010-12-20 21:58:55 UTC (rev 611) @@ -102,6 +102,7 @@ SIGNATURE_SHA1_WITH_RSA("http://www.w3.org/2000/09/xmldsig#rsa-sha1&..., SINGLE_SIGNON_SERVICE( "SingleSignOnService" ), SINGLE_LOGOUT_SERVICE( "SingleLogoutService" ), + STATEMENT( "Statement" ), STATUS( "Status" ), STATUS_CODE( "StatusCode" ), STATUS_DETAIL( "StatusDetail" ), @@ -117,6 +118,7 @@ WANT_AUTHN_REQUESTS_SIGNED( "WantAuthnRequestsSigned" ), XACML_AUTHZ_DECISION_QUERY( "XACMLAuthzDecisionQuery" ), XACML_AUTHZ_DECISION_QUERY_TYPE( "XACMLAuthzDecisionQueryType" ), + XACML_AUTHZ_DECISION_STATEMENT_TYPE( "XACMLAuthzDecisionStatementType" ), HTTP_POST_BINDING("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); private String val; Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java 2010-12-16 23:05:03 UTC (rev 610) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java 2010-12-20 21:58:55 UTC (rev 611) @@ -104,6 +104,8 @@ X500_PREFIX("x500"), X500_NSURI("urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500"), + XACML_SAML_NSURI( "urn:oasis:names:tc:xacml:2.0:saml:assertion:schema:os" ), + XACML_SAML_PROTO_NSURI( "urn:oasis:xacml:2.0:saml:protocol:schema:os" ), XML( "http://www.w3.org/XML/1998/namespace" ), XMLSCHEMA_NSURI("http://www.w3.org/2001/XMLSchema"), XMLDSIG_NSURI("http://www.w3.org/2000/09/xmldsig#"), Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SAMLXACMLUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SAMLXACMLUtil.java (rev 0) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SAMLXACMLUtil.java 2010-12-20 21:58:55 UTC (rev 611) @@ -0,0 +1,88 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.identity.federation.core.saml.v2.util; + +import java.io.ByteArrayOutputStream; + +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.JAXBException; +import javax.xml.transform.stream.StreamResult; + +import org.jboss.security.xacml.core.model.context.ObjectFactory; +import org.jboss.security.xacml.core.model.context.RequestType; +import org.jboss.security.xacml.core.model.context.ResponseType; +import org.picketlink.identity.federation.core.exceptions.ProcessingException; +import org.picketlink.identity.federation.core.util.TransformerUtil; +import org.w3c.dom.Document; + +/** + * Utility for SAML and XACML + * @author Anil.Saldhana(a)redhat.com + * @since Dec 20, 2010 + */ +public class SAMLXACMLUtil +{ + public final static String XACML_PKG_PATH = "org.jboss.security.xacml.core.model.context"; + + public static JAXBContext getJAXBContext() throws JAXBException + { + return JAXBContext.newInstance( XACML_PKG_PATH ); + } + + public static Document getXACMLResponse( ResponseType responseType ) throws ProcessingException + { + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + JAXBElement<?> jaxb = (new ObjectFactory()).createResponse( responseType ); + + StreamResult result = new StreamResult( baos ); + + try + { + TransformerUtil.transform( SAMLXACMLUtil.getJAXBContext(), jaxb, result); + return DocumentUtil.getDocument( new String( baos.toByteArray() )); + } + catch ( Exception e ) + { + throw new ProcessingException( e ); + } + } + + public static Document getXACMLRequest( RequestType requestType ) throws ProcessingException + { + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + //Marshaller marshaller = getMarshaller(); + JAXBElement<?> jaxb = (new ObjectFactory()).createRequest( requestType ); + + StreamResult result = new StreamResult( baos ); + + try + { + TransformerUtil.transform( getJAXBContext(), jaxb, result); + return DocumentUtil.getDocument( new String( baos.toByteArray() )); + } + catch ( Exception e ) + { + throw new ProcessingException( e ); + } + } +} \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java 2010-12-16 23:05:03 UTC (rev 610) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java 2010-12-20 21:58:55 UTC (rev 611) @@ -21,21 +21,32 @@ */ package org.picketlink.identity.federation.core.saml.v2.util; -import java.io.StringReader; +import java.io.IOException; +import java.io.InputStream; +import java.util.List; +import java.util.Set; -import javax.xml.bind.JAXBElement; -import javax.xml.bind.JAXBException; -import javax.xml.bind.Marshaller; -import javax.xml.bind.Unmarshaller; -import javax.xml.transform.TransformerException; -import javax.xml.transform.TransformerFactoryConfigurationError; +import javax.xml.soap.MessageFactory; +import javax.xml.soap.SOAPBody; +import javax.xml.soap.SOAPEnvelope; +import javax.xml.soap.SOAPException; +import javax.xml.soap.SOAPFault; +import javax.xml.soap.SOAPMessage; +import javax.xml.stream.XMLEventReader; import org.picketlink.identity.federation.core.exceptions.ConfigurationException; +import org.picketlink.identity.federation.core.exceptions.ParsingException; import org.picketlink.identity.federation.core.exceptions.ProcessingException; -import org.picketlink.identity.federation.core.util.JAXBUtil; +import org.picketlink.identity.federation.core.parsers.saml.SAMLParser; +import org.picketlink.identity.federation.core.parsers.saml.xacml.SAMLXACMLRequestParser; +import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil; +import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType; +import org.picketlink.identity.federation.newmodel.saml.v2.assertion.StatementAbstractType; +import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType; import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType; -import org.picketlink.identity.federation.saml.v2.profiles.xacml.assertion.ObjectFactory; -import org.w3c.dom.Element; +import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType; +import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType.RTChoiceType; +import org.w3c.dom.Node; /** * Utility associated with SOAP 1.1 Envelope, @@ -44,60 +55,75 @@ * @since Jan 28, 2009 */ public class SOAPSAMLXACMLUtil -{ - private static String SOAP_PKG = "org.picketlink.identity.federation.org.xmlsoap.schemas.soap.envelope"; - private static String SAML_PROTO_PKG = "org.picketlink.identity.federation.saml.v2.protocol"; - private static String XACML_CTX_PKG = "org.jboss.security.xacml.core.model.context"; - private static String XACML_SAMLPROTO_PKG = "org.picketlink.identity.federation.saml.v2.profiles.xacml.protocol"; - private static String XACML_SAMLASSERT_PKG = "org.picketlink.identity.federation.saml.v2.profiles.xacml.assertion"; - - private static String COLON = ":"; - - private static String collectivePackage = getPackage(); - - private static org.picketlink.identity.federation.saml.v2.profiles.xacml.protocol.ObjectFactory - queryTypeObjectFactory = new org.picketlink.identity.federation.saml.v2.profiles.xacml.protocol.ObjectFactory(); - - private static ObjectFactory statementObjectFactory = new ObjectFactory(); - +{ /** * Parse the XACML Authorization Decision Query from the Dom Element * @param samlRequest * @return - * @throws TransformerException - * @throws TransformerFactoryConfigurationError - * @throws JAXBException + * @throws ProcessingException + * @throws ConfigurationException + * @throws ParsingException */ - public static XACMLAuthzDecisionQueryType getXACMLQueryType(Element samlRequest) - throws ConfigurationException, ProcessingException, JAXBException + public static XACMLAuthzDecisionQueryType getXACMLQueryType( Node samlRequest ) + throws ParsingException, ConfigurationException, ProcessingException { //We reparse it because the document may have issues with namespaces - String elementString = DocumentUtil.getDOMElementAsString(samlRequest); - Unmarshaller um = JAXBUtil.getUnmarshaller(collectivePackage); + //String elementString = DocumentUtil.getDOMElementAsString(samlRequest); + + XMLEventReader xmlEventReader = StaxParserUtil.getXMLEventReader( DocumentUtil.getNodeAsStream( samlRequest )); + SAMLXACMLRequestParser samlXACMLRequestParser = new SAMLXACMLRequestParser(); + return (XACMLAuthzDecisionQueryType) samlXACMLRequestParser.parse(xmlEventReader); + + /*Unmarshaller um = JAXBUtil.getUnmarshaller(collectivePackage); um.setEventHandler(new javax.xml.bind.helpers.DefaultValidationEventHandler()); JAXBElement<?> obj = (JAXBElement<?>) um.unmarshal(new StringReader(elementString)); Object xacmlObject = obj.getValue(); if(xacmlObject instanceof XACMLAuthzDecisionQueryType == false) throw new RuntimeException("Unsupported type:" + xacmlObject); - return (XACMLAuthzDecisionQueryType)xacmlObject; + return (XACMLAuthzDecisionQueryType)xacmlObject; */ } - public static Marshaller getMarshaller() throws JAXBException + public static XACMLAuthzDecisionStatementType getDecisionStatement( Node samlResponse ) throws ConfigurationException, ProcessingException, ParsingException { - return JAXBUtil.getMarshaller(getPackage()); + XMLEventReader xmlEventReader = StaxParserUtil.getXMLEventReader( DocumentUtil.getNodeAsStream( samlResponse )); + SAMLParser samlParser = new SAMLParser(); + ResponseType response = (ResponseType) samlParser.parse( xmlEventReader ); + List<RTChoiceType> choices = response.getAssertions(); + for( RTChoiceType rst: choices ) + { + AssertionType assertion = rst.getAssertion(); + if( assertion == null ) + continue; + Set<StatementAbstractType> stats = assertion.getStatements(); + for( StatementAbstractType stat: stats ) + { + if( stat instanceof XACMLAuthzDecisionStatementType ) + { + return (XACMLAuthzDecisionStatementType) stat; + } + } + } + + throw new RuntimeException( "Not found XACMLAuthzDecisionStatementType" ); } - public static Unmarshaller getUnmarshaller() throws JAXBException + public static SOAPMessage getSOAPMessage( InputStream is ) throws IOException, SOAPException { - return JAXBUtil.getUnmarshaller(getPackage()); + MessageFactory messageFactory = MessageFactory.newInstance(); + return messageFactory.createMessage(null, is ); } - public static String getPackage() + public static SOAPMessage createFault( String message ) throws SOAPException { - StringBuffer buf = new StringBuffer(); - buf.append(SOAP_PKG).append(COLON).append(SAML_PROTO_PKG).append(COLON); - buf.append(XACML_CTX_PKG).append(COLON).append(XACML_SAMLPROTO_PKG).append(COLON).append(XACML_SAMLASSERT_PKG); - return buf.toString(); + MessageFactory messageFactory = MessageFactory.newInstance(); + SOAPMessage msg = messageFactory.createMessage() ; + SOAPEnvelope envelope = msg.getSOAPPart().getEnvelope(); + SOAPBody body = envelope.getBody(); + SOAPFault fault = body.addFault(); + fault.setFaultCode("Server"); + fault.setFaultActor( "urn:picketlink" ); + fault.setFaultString( message ); + return msg; } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java 2010-12-16 23:05:03 UTC (rev 610) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java 2010-12-20 21:58:55 UTC (rev 611) @@ -49,6 +49,9 @@ { protected static String PROTOCOL_PREFIX = "samlp"; protected static String ASSERTION_PREFIX = "saml"; + protected static String XACML_SAML_PREFIX = "xacml-saml"; + protected static String XACML_SAML_PROTO_PREFIX = "xacml-samlp"; + protected static String XSI_PREFIX = "xsi"; protected XMLStreamWriter writer = null; Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java 2010-12-16 23:05:03 UTC (rev 610) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java 2010-12-20 21:58:55 UTC (rev 611) @@ -27,8 +27,12 @@ import javax.xml.namespace.QName; import javax.xml.stream.XMLStreamWriter; +import org.jboss.security.xacml.core.model.context.RequestType; +import org.jboss.security.xacml.core.model.context.ResponseType; import org.picketlink.identity.federation.core.exceptions.ProcessingException; import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants; +import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; +import org.picketlink.identity.federation.core.saml.v2.util.SAMLXACMLUtil; import org.picketlink.identity.federation.core.util.StaxUtil; import org.picketlink.identity.federation.core.util.StringUtil; import org.picketlink.identity.federation.core.wstrust.WSTrustConstants; @@ -56,9 +60,11 @@ import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType.STSubType; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.URIType; +import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType; import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType; import org.picketlink.identity.xmlsec.w3.xmldsig.X509CertificateType; import org.picketlink.identity.xmlsec.w3.xmldsig.X509DataType; +import org.w3c.dom.Document; import org.w3c.dom.Element; /** @@ -159,7 +165,11 @@ { write((AttributeStatementType) statement); } - else + else if (statement instanceof XACMLAuthzDecisionStatementType ) + { + write((XACMLAuthzDecisionStatementType) statement); + } + else throw new RuntimeException("unknown statement type=" + statement.getClass().getName()); } } @@ -215,8 +225,7 @@ */ public void write(AuthnStatementType authnStatement) throws ProcessingException { - StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUTHN_STATEMENT.get(), ASSERTION_NSURI - .get()); + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUTHN_STATEMENT.get(), ASSERTION_NSURI.get()); XMLGregorianCalendar authnInstant = authnStatement.getAuthnInstant(); if (authnInstant != null) @@ -231,7 +240,73 @@ StaxUtil.writeEndElement(writer); StaxUtil.flush(writer); } + + public void write( XACMLAuthzDecisionStatementType xacmlStat ) throws ProcessingException + { + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.STATEMENT.get(), ASSERTION_NSURI.get()); + + StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, ASSERTION_NSURI.get()); + StaxUtil.writeNameSpace(writer, XACML_SAML_PREFIX, JBossSAMLURIConstants.XACML_SAML_NSURI.get()); + StaxUtil.writeNameSpace(writer, XACML_SAML_PROTO_PREFIX, JBossSAMLURIConstants.XACML_SAML_PROTO_NSURI.get()); + StaxUtil.writeNameSpace(writer, XSI_PREFIX, JBossSAMLURIConstants.XSI_NSURI.get()); + + StaxUtil.writeAttribute( writer, + new QName( JBossSAMLURIConstants.XSI_NSURI.get(),JBossSAMLConstants.TYPE.get(), XSI_PREFIX), + XACMLAuthzDecisionStatementType.XSI_TYPE ); + + ResponseType responseType = xacmlStat.getResponse(); + if( responseType == null ) + throw new RuntimeException( " XACML response is null" ); + + Document doc = SAMLXACMLUtil.getXACMLResponse(responseType); + StaxUtil.writeDOMElement(writer, doc.getDocumentElement() ); + + /*try + { + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + //Marshaller marshaller = getMarshaller(); + JAXBElement<?> jaxb = (new ObjectFactory()).createResponse(responseType); + + StreamResult result = new StreamResult( baos ); + + TransformerUtil.transform( SAMLXACMLUtil.getJAXBContext(), jaxb, result); + Document doc = DocumentUtil.getDocument( new String( baos.toByteArray() )); + StaxUtil.writeDOMNode(writer, doc.getDocumentElement() ); + //marshaller.marshal(jaxb, writer); + } + catch ( Exception e) + { + throw new ProcessingException( e ); + }*/ + + RequestType requestType = xacmlStat.getRequest(); + if( requestType != null ) + { + StaxUtil.writeDOMNode(writer, SAMLXACMLUtil.getXACMLRequest(requestType).getDocumentElement() ); + + /*try + { + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + //Marshaller marshaller = getMarshaller(); + JAXBElement<?> jaxb = (new ObjectFactory()).createRequest( requestType ); + + StreamResult result = new StreamResult( baos ); + + TransformerUtil.transform( getJAXBContext(), jaxb, result); + Document doc = DocumentUtil.getDocument( new String( baos.toByteArray() )); + StaxUtil.writeDOMNode(writer, doc.getDocumentElement() ); + //marshaller.marshal( jaxb, writer ); + } + catch ( Exception e ) + { + throw new ProcessingException( e ); + }*/ + } + StaxUtil.writeEndElement(writer); + StaxUtil.flush(writer); + } + /** * Write an {@code AuthnContextType} to stream * @@ -241,8 +316,7 @@ */ public void write(AuthnContextType authContext) throws ProcessingException { - StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUTHN_CONTEXT.get(), ASSERTION_NSURI - .get()); + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUTHN_CONTEXT.get(), ASSERTION_NSURI.get()); AuthnContextTypeSequence sequence = authContext.getSequence(); if (sequence != null) Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java 2010-12-16 23:05:03 UTC (rev 610) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java 2010-12-20 21:58:55 UTC (rev 611) @@ -460,7 +460,7 @@ } catch (XMLStreamException e) { - throw new ProcessingException(e); + //throw new ProcessingException(e); } } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/TransformerUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/TransformerUtil.java 2010-12-16 23:05:03 UTC (rev 610) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/TransformerUtil.java 2010-12-20 21:58:55 UTC (rev 611) @@ -25,9 +25,14 @@ import java.util.Properties; import java.util.Stack; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.util.JAXBSource; import javax.xml.namespace.QName; import javax.xml.stream.XMLEventReader; import javax.xml.stream.events.Attribute; +import javax.xml.stream.events.Characters; +import javax.xml.stream.events.Comment; import javax.xml.stream.events.EndElement; import javax.xml.stream.events.Namespace; import javax.xml.stream.events.StartElement; @@ -115,7 +120,22 @@ throw new ParsingException( e ); } } + + public static void transform( JAXBContext context, JAXBElement<?> jaxb, Result result ) throws ParsingException + { + try + { + Transformer transformer = getTransformer(); + JAXBSource jaxbSource = new JAXBSource(context, jaxb ); + transformer.transform( jaxbSource , result ); + } + catch ( Exception e ) + { + throw new ParsingException( e ); + } + } + /** * Custom Project {@code Transformer} that can take in a {@link StAXSource} * and transform into {@link DOMResult} @@ -169,7 +189,12 @@ Element docStartElement = handleStartElement(xmlEventReader, startElement, holder ); Node el = doc.importNode(docStartElement, true); - Node top = stack.peek(); + Node top = null; + + if( !stack.isEmpty()) + { + top = stack.peek(); + } if( !holder.encounteredTextNode ) { @@ -310,13 +335,25 @@ } XMLEvent nextEvent = StaxParserUtil.peek(xmlEventReader); - if( nextEvent.getEventType() == XMLEvent.CHARACTERS ) - { - holder.encounteredTextNode = true; - String text = StaxParserUtil.getElementText(xmlEventReader); - Node textNode = doc.createTextNode( text ); - textNode = doc.importNode(textNode, true); - el.appendChild( textNode ); + if( nextEvent instanceof Comment ) + { + Comment commentEvent = (Comment) nextEvent; + Node commentNode = doc.createComment( commentEvent.getText() ); + commentNode = doc.importNode(commentNode, true); + el.appendChild(commentNode); + } + else if( nextEvent.getEventType() == XMLEvent.CHARACTERS ) + { + Characters characterEvent = (Characters) nextEvent; + String trimmedData = characterEvent.getData().trim(); + if( trimmedData != null && trimmedData.length() > 0 ) + { + holder.encounteredTextNode = true; + String text = StaxParserUtil.getElementText(xmlEventReader); + Node textNode = doc.createTextNode( text ); + textNode = doc.importNode(textNode, true); + el.appendChild( textNode ); + } } return el; } Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLResponseParserTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLResponseParserTestCase.java 2010-12-16 23:05:03 UTC (rev 610) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLResponseParserTestCase.java 2010-12-20 21:58:55 UTC (rev 611) @@ -47,6 +47,7 @@ import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectConfirmationDataType; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectConfirmationType; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType; +import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType; import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType; import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType.RTChoiceType; import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusType; @@ -177,10 +178,10 @@ AttributeStatementType attributeStatement = (AttributeStatementType) assertion.getStatements().iterator().next(); - List<org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType.ASTChoiceType> attributes = attributeStatement.getAttributes(); + List<AttributeStatementType.ASTChoiceType> attributes = attributeStatement.getAttributes(); assertEquals( 2, attributes.size() ); - for( org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType.ASTChoiceType attr: attributes ) + for( AttributeStatementType.ASTChoiceType attr: attributes ) { AttributeType attribute = attr.getAttribute(); assertEquals( "role", attribute.getFriendlyName() ); @@ -192,59 +193,27 @@ String str = (String ) attributeValues.get( 0 ); if( ! ( str.equals( "employee") || str.equals( "manager" ))) throw new RuntimeException( "attrib value not found" ); - } + } + } + + @Test + public void testXACMLDecisionStatements() throws Exception + { + ClassLoader tcl = Thread.currentThread().getContextClassLoader(); + InputStream configStream = tcl.getResourceAsStream( "saml-xacml/saml-xacml-response-1.xml" ); - /*List<JAXBElement<?>> content = subject.getContent(); + SAMLParser parser = new SAMLParser(); + ResponseType response = ( ResponseType ) parser.parse(configStream); + assertNotNull( "ResponseType is not null", response ); - int size = content.size(); + //Get the assertion + AssertionType assertion = (AssertionType) response.getAssertions().get(0).getAssertion(); + assertEquals( "ID_response-id:1", assertion.getID() ); + assertEquals( XMLTimeUtil.parse( "2008-03-19T22:17:13Z" ), assertion.getIssueInstant() ); + assertEquals( "2.0", assertion.getVersion() ); - for( int i = 0 ; i < size; i++ ) - { - JAXBElement<?> node = content.get(i); - Class<?> clazz = node.getDeclaredType(); - - if( clazz.equals( NameIDType.class )) - { - NameIDType subjectNameID = (NameIDType) node.getValue(); - - assertEquals( "anil", subjectNameID.getValue() ); - assertEquals( "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", subjectNameID.getFormat() ); - } - - else if( clazz.equals( SubjectConfirmationType.class )) - { - SubjectConfirmationType subjectConfirmation = (SubjectConfirmationType) node.getValue(); - assertEquals( "urn:oasis:names:tc:SAML:2.0:cm:bearer", subjectConfirmation.getMethod() ); - - SubjectConfirmationDataType subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); - assertEquals( "ID_04ded476-d73c-48af-b3a9-232a52905ffb", subjectConfirmationData.getInResponseTo() ); - assertEquals( XMLTimeUtil.parse( "2010-11-04T00:19:16.842-05:00" ), subjectConfirmationData.getNotBefore() ); - assertEquals( XMLTimeUtil.parse( "2010-11-04T00:19:16.842-05:00" ), subjectConfirmationData.getNotOnOrAfter() ); - assertEquals( "http://localhost:8080/employee/", subjectConfirmationData.getRecipient()); - } - - else if( clazz.equals( AttributeStatementType.class )) - { - AttributeStatementType attributeStatement = (AttributeStatementType) node.getValue(); - List<Object> attributes = attributeStatement.getAttributeOrEncryptedAttribute(); - assertEquals( 2, attributes.size() ); - - for( Object attr: attributes ) - { - AttributeType attribute = (AttributeType) attr; - assertEquals( "role", attribute.getFriendlyName() ); - assertEquals( "role", attribute.getName() ); - assertEquals( "role", attribute.getNameFormat() ); - List<Object> attributeValues = attribute.getAttributeValue(); - assertEquals( 1, attributeValues.size() ); - - String str = (String ) attributeValues.get( 0 ); - if( ! ( str.equals( "employee") || str.equals( "manager" ))) - throw new RuntimeException( "attrib value not found" ); - } - } - else - throw new RuntimeException( "unknown" ); - } */ + XACMLAuthzDecisionStatementType xacmlStat = (XACMLAuthzDecisionStatementType) assertion.getStatements().iterator().next(); + assertNotNull( xacmlStat.getRequest() ); + assertNotNull( xacmlStat.getResponse() ); } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/util/SAMLXACMLUnitTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/util/SAMLXACMLUnitTestCase.java 2010-12-16 23:05:03 UTC (rev 610) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/util/SAMLXACMLUnitTestCase.java 2010-12-20 21:58:55 UTC (rev 611) @@ -34,6 +34,8 @@ /** * Read a SAML-XACML request + * + * @see {@code SAMLResponseParserTestCase#testXACMLDecisionStatements()} * @author Anil.Saldhana(a)redhat.com * @since Jan 8, 2009 */ Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/profiles/xacml/assertion/XACMLAuthzDecisionStatementType.java =================================================================== --- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/profiles/xacml/assertion/XACMLAuthzDecisionStatementType.java 2010-12-16 23:05:03 UTC (rev 610) +++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/profiles/xacml/assertion/XACMLAuthzDecisionStatementType.java 2010-12-20 21:58:55 UTC (rev 611) @@ -49,6 +49,7 @@ public class XACMLAuthzDecisionStatementType extends StatementAbstractType { + public static final String XSI_TYPE = "xacml-samlp:XACMLAuthzDecisionStatementType"; protected ResponseType response; protected RequestType request; Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java 2010-12-16 23:05:03 UTC (rev 610) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java 2010-12-20 21:58:55 UTC (rev 611) @@ -21,6 +21,8 @@ */ package org.picketlink.identity.federation.web.servlets.saml; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; @@ -33,38 +35,44 @@ import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.xml.bind.JAXBElement; -import javax.xml.bind.JAXBException; -import javax.xml.bind.Marshaller; -import javax.xml.bind.Unmarshaller; -import javax.xml.bind.helpers.DefaultValidationEventHandler; +import javax.xml.soap.MessageFactory; +import javax.xml.soap.SOAPBody; +import javax.xml.soap.SOAPEnvelope; +import javax.xml.soap.SOAPException; +import javax.xml.soap.SOAPMessage; +import javax.xml.stream.XMLStreamWriter; import org.apache.log4j.Logger; +import org.jboss.security.xacml.core.JBossPDP; +import org.jboss.security.xacml.core.JBossRequestContext; +import org.jboss.security.xacml.core.model.context.RequestType; +import org.jboss.security.xacml.core.model.context.ResponseType; +import org.jboss.security.xacml.core.model.context.ResultType; +import org.jboss.security.xacml.interfaces.PolicyDecisionPoint; +import org.jboss.security.xacml.interfaces.RequestContext; +import org.jboss.security.xacml.interfaces.ResponseContext; import org.picketlink.identity.federation.api.saml.v2.response.SAML2Response; -import org.picketlink.identity.federation.core.factories.SOAPFactory; +import org.picketlink.identity.federation.core.exceptions.ConfigurationException; +import org.picketlink.identity.federation.core.exceptions.ParsingException; +import org.picketlink.identity.federation.core.exceptions.ProcessingException; import org.picketlink.identity.federation.core.factories.XACMLContextFactory; import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator; +import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants; import org.picketlink.identity.federation.core.saml.v2.factories.SAMLAssertionFactory; import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder; -import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; +import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; import org.picketlink.identity.federation.core.saml.v2.util.SOAPSAMLXACMLUtil; import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil; -import org.picketlink.identity.federation.core.util.JAXBUtil; +import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter; +import org.picketlink.identity.federation.core.util.StaxUtil; +import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType; +import org.picketlink.identity.federation.newmodel.saml.v2.assertion.StatementAbstractType; +import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType; import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType; -import org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestAbstractType; -import org.picketlink.identity.federation.org.xmlsoap.schemas.soap.envelope.Body; -import org.picketlink.identity.federation.org.xmlsoap.schemas.soap.envelope.Envelope; -import org.picketlink.identity.federation.org.xmlsoap.schemas.soap.envelope.Fault; -import org.jboss.security.xacml.core.JBossPDP; -import org.jboss.security.xacml.core.JBossRequestContext; -import org.jboss.security.xacml.core.model.context.RequestType; -import org.jboss.security.xacml.core.model.context.ResponseType; -import org.jboss.security.xacml.core.model.context.ResultType; -import org.jboss.security.xacml.interfaces.PolicyDecisionPoint; -import org.jboss.security.xacml.interfaces.RequestContext; -import org.jboss.security.xacml.interfaces.ResponseContext; import org.w3c.dom.Document; import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; /** * Servlet that can read SOAP 1.1 messages that contain @@ -76,16 +84,16 @@ { private static Logger log = Logger.getLogger(SOAPSAMLXACMLServlet.class); private boolean trace = log.isTraceEnabled(); - + private static final long serialVersionUID = 1L; - + private String policyConfigFileName = null; - + private String issuerId = null; private String issuer = null; - + boolean debug = false; - + private transient PolicyDecisionPoint pdp = null; public void init(ServletConfig config) throws ServletException @@ -93,15 +101,15 @@ issuerId = config.getInitParameter("issuerID"); if(issuerId == null) issuerId = "issue-id:1"; - + issuer = config.getInitParameter("issuer"); if(issuer == null) issuer = "urn:jboss-identity"; - + policyConfigFileName = config.getInitParameter("policyConfigFileName"); if(policyConfigFileName == null) policyConfigFileName = "policyConfig.xml"; - + String debugStr = config.getInitParameter("debug"); try { @@ -111,19 +119,19 @@ { debug = false; } - + if(trace) { log.trace("Issuer=" + issuer + " :: issuerID=" + issuerId); log.trace("PolicyConfig File:" + policyConfigFileName); log.trace("Debug="+debug); } - + if(debug) { SecurityActions.setSystemProperty("jaxb.debug", "true"); } - + try { pdp = this.getPDP(); @@ -136,29 +144,74 @@ super.init(config); } - - @SuppressWarnings("unchecked") @Override protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - throw new RuntimeException( "FIX" ); - /*JAXBElement<RequestAbstractType> jaxbRequestType = null; - + XACMLAuthzDecisionQueryType xacmlRequest = null; + MessageFactory messageFactory = null; + SOAPMessage returnSOAPMessage = null; + try + { + try + { + messageFactory = MessageFactory.newInstance(); + SOAPMessage soapMessage = messageFactory.createMessage( null, req.getInputStream() ); + SOAPEnvelope soapEnvelope = soapMessage.getSOAPPart().getEnvelope(); + SOAPBody soapBody = soapEnvelope.getBody(); + NodeList nl = soapBody.getChildNodes(); + Node node = null; + + int length = nl != null ? nl.getLength() : 0; + for( int i = 0; i < length; i++ ) + { + Node n = nl.item(i); + String localName = n.getLocalName(); + if( localName != null && ( localName.contains( JBossSAMLConstants.XACML_AUTHZ_DECISION_QUERY.get() ) + || localName.contains( JBossSAMLConstants.REQUEST_ABSTRACT.get() ))) + { + node = n; + break; + } + } + if( node == null ) + throw new ServletException( "Did not find XACML query nodes" ); + xacmlRequest = SOAPSAMLXACMLUtil.getXACMLQueryType( node ); + } + catch (SOAPException e) + { + e.printStackTrace(); + throw new ServletException( e ); + } + catch (ParsingException e) + { + throw new ServletException( e ); + } + catch (ConfigurationException e) + { + throw new ServletException( e ); + } + catch (ProcessingException e) + { + throw new ServletException( e ); + } + + /*JAXBElement<RequestAbstractType> jaxbRequestType = null; + Envelope envelope = null; XACMLAuthzDecisionQueryType xacmlRequest = null; - + try { Document inputDoc = DocumentUtil.getDocument(req.getInputStream()); if(debug && trace) log.trace("Received SOAP:"+DocumentUtil.asString(inputDoc)); - + Unmarshaller un = JAXBUtil.getUnmarshaller(SOAPSAMLXACMLUtil.getPackage()); if(debug) un.setEventHandler(new DefaultValidationEventHandler()); Object unmarshalledObject = un.unmarshal(DocumentUtil.getNodeAsStream(inputDoc)); - + if(unmarshalledObject instanceof JAXBElement) { JAXBElement<?> jaxbElement = (JAXBElement<?>) unmarshalledObject; @@ -185,57 +238,82 @@ xacmlRequest = (XACMLAuthzDecisionQueryType) element; } } + + */ + + if(xacmlRequest == null) throw new IOException("XACML Request not parsed"); RequestType requestType = xacmlRequest.getRequest(); - + RequestContext requestContext = new JBossRequestContext(); requestContext.setRequest(requestType); - + //pdp evaluation is thread safe ResponseContext responseContext = pdp.evaluate(requestContext); - + ResponseType responseType = new ResponseType(); ResultType resultType = responseContext.getResult(); responseType.getResult().add(resultType); XACMLAuthzDecisionStatementType xacmlStatement = XACMLContextFactory.createXACMLAuthzDecisionStatementType(requestType, responseType); - + //Place the xacml statement in an assertion //Then the assertion goes inside a SAML Response - + String ID = IDGenerator.create("ID_"); SAML2Response saml2Response = new SAML2Response(); IssuerInfoHolder issuerInfo = new IssuerInfoHolder(this.issuer); - + List<StatementAbstractType> statements = new ArrayList<StatementAbstractType>(); statements.add(xacmlStatement); - + AssertionType assertion = SAMLAssertionFactory.createAssertion(ID, issuerInfo.getIssuer(), XMLTimeUtil.getIssueInstant(), null, null, statements); - - JAXBElement<?> jaxbResponse = JAXBElementMappingUtil.get(saml2Response.createResponseType(ID, issuerInfo, assertion)); - + + org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType samlResponseType = saml2Response.createResponseType(ID, issuerInfo, assertion); + + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + XMLStreamWriter xmlStreamWriter = StaxUtil.getXMLStreamWriter(baos); + + SAMLResponseWriter samlResponseWriter = new SAMLResponseWriter( xmlStreamWriter ); + samlResponseWriter.write( samlResponseType ); + Document responseDocument = DocumentUtil.getDocument( new ByteArrayInputStream( baos.toByteArray() )); + + returnSOAPMessage = messageFactory.createMessage(); + SOAPBody returnSOAPBody = returnSOAPMessage.getSOAPBody(); + returnSOAPBody.addDocument( responseDocument ); + + /*JAXBElement<?> jaxbResponse = JAXBElementMappingUtil.get(); + //Create a SOAP Envelope to hold the SAML response - envelope = this.createEnvelope(jaxbResponse); + envelope = this.createEnvelope(jaxbResponse); */ } - catch (JAXBException e) + /*catch (JAXBException e)r { String id = IDGenerator.create(); log.error(id + "::Exception parsing SOAP:", e); envelope = this.createEnvelope(this.createFault("Parsing Error. Reference::" + id)); - } - catch (Exception e) + } */ + catch ( Exception e ) { + e.printStackTrace(); String id = IDGenerator.create(); log.error(id + "::Exception:", e); - envelope = this.createEnvelope(this.createFault("Server Error. Reference::" + id)); + try + { + returnSOAPMessage = SOAPSAMLXACMLUtil.createFault( "Server Error" ); + } + catch (SOAPException e1) + { + } + //envelope = this.createEnvelope(this.createFault("Server Error. Reference::" + id)); } finally { @@ -243,19 +321,22 @@ OutputStream os = resp.getOutputStream(); try { - if(envelope == null) + if( returnSOAPMessage == null ) + throw new RuntimeException( "SOAPMessage for return is null" ); + returnSOAPMessage.writeTo( os ); + /*if(envelope == null) throw new IllegalStateException("SOAPEnvelope is null"); JAXBElement<?> jaxbEnvelope = JAXBElementMappingUtil.get(envelope); Marshaller marshaller = JAXBUtil.getMarshaller(SOAPSAMLXACMLUtil.getPackage()); - marshaller.marshal(jaxbEnvelope, os); + marshaller.marshal(jaxbEnvelope, os); */ } - catch (JAXBException e) + catch ( Exception e ) { log("marshalling exception",e); } - } */ + } } - + private PolicyDecisionPoint getPDP() throws PrivilegedActionException { ClassLoader tcl = SecurityActions.getContextClassLoader(); @@ -263,21 +344,5 @@ if(is == null) throw new IllegalStateException(policyConfigFileName + " could not be located"); return new JBossPDP(is); - } - - private Envelope createEnvelope(Object obj) - { - Envelope envelope = SOAPFactory.getObjectFactory().createEnvelope(); - Body body = SOAPFactory.getObjectFactory().createBody(); - body.getAny().add(obj); - envelope.setBody(body); - return envelope; - } - - private JAXBElement<Fault> createFault(String msg) - { - Fault fault = SOAPFactory.getObjectFactory().createFault(); - fault.setFaultstring(msg); - return SOAPFactory.getObjectFactory().createFault(fault); - } + } } \ No newline at end of file