10:07 a.m.
Author: anil.saldhana(a)jboss.com
Date: 2010-11-30 11:07:32 -0500 (Tue, 30 Nov 2010)
New Revision: 570
Modified:
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML20TokenRoleAttributeProvider.java
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSLoginModule.java
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/mapping/STSGroupMappingProvider.java
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/mapping/STSPrincipalMappingProvider.java
federation/trunk/picketlink-bindings-jboss/src/test/java/org/picketlink/test/identity/federation/bindings/jboss/auth/STSMappingProviderUnitTestCase.java
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPUtil.java
federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/util/RedirectBindingSignatureUtilTestCase.java
federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/util/RedirectBindingUtilTestCase.java
federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/workflow/SAML2LogoutTomcatWorkflowUnitTestCase.java
federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/workflow/SAML2PostTomcatWorkflowUnitTestCase.java
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/sig/SAML2Signature.java
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/soap/SOAPSAMLXACML.java
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/DeflateEncodingDecodingUnitTestCase.java
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2AuthnRequestUnitTestCase.java
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2AuthnResponseUnitTestCase.java
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2RequestUnitTestCase.java
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/util/XMLEncryptionUnitTestCase.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/filters/SPFilter.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2LogOutHandler.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/IDPWebRequestUtil.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/RedirectBindingSignatureUtil.java
federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/saml/handlers/SAML2SignatureHandlerUnitTestCase.java
federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/saml2/SAML2LogoutWorkflowUnitTestCase.java
federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/saml2/SAML2PostWorkflowUnitTestCase.java
Log:
updated saml object model
Modified:
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
===================================================================
---
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -33,7 +33,6 @@
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletResponse;
-import javax.xml.bind.JAXBException;
import org.apache.catalina.Context;
import org.apache.catalina.Lifecycle;
@@ -62,16 +61,15 @@
import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.holders.SPInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.util.StatementUtil;
-import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
-import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType;
-import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
-import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType;
-import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestAbstractType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
import org.picketlink.identity.federation.web.util.ConfigurationUtil;
import org.picketlink.identity.federation.web.util.HTTPRedirectUtil;
import org.picketlink.identity.federation.web.util.RedirectBindingUtil;
-import org.xml.sax.SAXException;
/**
* Valve at the IDP that supports the HTTP/Redirect Binding
@@ -248,15 +246,7 @@
finalDest.append( getDestinationQueryString(urlEncodedResponse, relayState) );
HTTPRedirectUtil.sendRedirectForResponder(finalDest.toString(), response);
- }
- catch (JAXBException e)
- {
- throw new ParsingException(e);
- }
- catch (SAXException e)
- {
- throw new ParsingException(e);
- }
+ }
catch (IOException e)
{
throw new ProcessingException(e);
@@ -322,37 +312,16 @@
InputStream is = RedirectBindingUtil.base64DeflateDecode(samlMessage);
SAML2Request saml2Request = new SAML2Request();
- AuthnRequestType authnRequestType = null;
- try
- {
- authnRequestType = saml2Request.getAuthnRequestType(is);
- }
- catch (JAXBException e2)
- {
- throw new ParsingException(e2);
- }
- catch (SAXException e2)
- {
- throw new ParsingException(e2);
- }
+ AuthnRequestType authnRequestType = saml2Request.getAuthnRequestType(is);
+
if(authnRequestType == null)
throw new IllegalStateException("AuthnRequest is null");
if(log.isTraceEnabled())
{
StringWriter sw = new StringWriter();
- try
- {
- saml2Request.marshall(authnRequestType, sw);
- }
- catch (SAXException e)
- {
- log.trace(e);
- }
- catch (JAXBException e)
- {
- log.trace(e);
- }
+ saml2Request.marshall(authnRequestType, sw);
+
log.trace("IDPRedirectValve::AuthnRequest="+sw.toString());
}
SAML2Response saml2Response = new SAML2Response();
@@ -368,14 +337,14 @@
idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
SPInfoHolder sp = new SPInfoHolder();
- sp.setResponseDestinationURI(authnRequestType.getAssertionConsumerServiceURL());
+ sp.setResponseDestinationURI(
authnRequestType.getAssertionConsumerServiceURL().toASCIIString() );
responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
//Add information on the roles
List<String> roles = rg.generateRoles(userPrincipal);
- AssertionType assertion = (AssertionType)
responseType.getAssertionOrEncryptedAssertion().get(0);
+ AssertionType assertion = (AssertionType)
responseType.getAssertions().get(0).getAssertion();
AttributeStatementType attrStatement =
StatementUtil.createAttributeStatement(roles);
-
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attrStatement);
+ assertion.addStatement( attrStatement );
//Add timed conditions
try
@@ -391,18 +360,8 @@
if(log.isTraceEnabled())
{
StringWriter sw = new StringWriter();
- try
- {
- saml2Response.marshall(responseType, sw);
- }
- catch (JAXBException e)
- {
- log.trace(e);
- }
- catch (SAXException e)
- {
- log.trace(e);
- }
+ saml2Response.marshall(responseType, sw);
+
log.trace("IDPRedirectValve::Response="+sw.toString());
}
Modified:
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java
===================================================================
---
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -35,7 +35,6 @@
import java.util.List;
import javax.crypto.SecretKey;
-import javax.xml.bind.JAXBException;
import javax.xml.namespace.QName;
import org.apache.catalina.LifecycleException;
@@ -56,12 +55,12 @@
import org.picketlink.identity.federation.core.util.CoreConfigUtil;
import org.picketlink.identity.federation.core.util.XMLEncryptionUtil;
import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
-import org.picketlink.identity.federation.saml.v2.assertion.EncryptedElementType;
-import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.EncryptedAssertionType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType.RTChoiceType;
import org.picketlink.identity.federation.web.util.RedirectBindingSignatureUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import org.xml.sax.SAXException;
/**
@@ -214,21 +213,13 @@
publicKey, sk, keyLength, assertionQName, true);
- EncryptedElementType eet =
saml2Response.getEncryptedAssertion(DocumentUtil.getNodeAsStream(encAssertion));
- responseType.getAssertionOrEncryptedAssertion().set(0, eet);
+ EncryptedAssertionType eet =
saml2Response.getEncryptedAssertion(DocumentUtil.getNodeAsStream(encAssertion));
+ responseType.addAssertion( new RTChoiceType( eet ));
}
catch (MalformedURLException e)
{
throw new ParsingException(e);
- }
- catch (JAXBException e)
- {
- throw new ParsingException(e);
- }
- catch (SAXException e)
- {
- throw new ParsingException(e);
- }
+ }
catch (Exception e)
{
throw new ProcessingException(e);
@@ -238,18 +229,8 @@
if(log.isTraceEnabled())
{
StringWriter sw = new StringWriter();
- try
- {
- saml2Response.marshall(responseType, sw);
- }
- catch (JAXBException e)
- {
- if(trace) log.trace(e);
- }
- catch (SAXException e)
- {
- if(trace) log.trace(e);
- }
+ saml2Response.marshall(responseType, sw);
+
log.trace("IDPRedirectValveWithSignature::Response="+sw.toString());
}
return responseType;
Modified:
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
===================================================================
---
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -88,8 +88,8 @@
import org.picketlink.identity.federation.core.util.StringUtil;
import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
import org.picketlink.identity.federation.saml.v2.SAML2Object;
-import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType;
-import org.picketlink.identity.federation.saml.v2.protocol.StatusResponseType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestAbstractType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusResponseType;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
import org.picketlink.identity.federation.web.core.HTTPContext;
import org.picketlink.identity.federation.web.core.IdentityServer;
Modified:
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
===================================================================
---
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -33,7 +33,6 @@
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
-import javax.xml.bind.JAXBException;
import org.apache.catalina.Session;
import org.apache.catalina.authenticator.Constants;
@@ -53,8 +52,8 @@
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
-import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
import org.picketlink.identity.federation.web.core.HTTPContext;
import org.picketlink.identity.federation.web.process.ServiceProviderBaseProcessor;
@@ -62,10 +61,9 @@
import
org.picketlink.identity.federation.web.process.ServiceProviderSAMLResponseProcessor;
import org.picketlink.identity.federation.web.util.HTTPRedirectUtil;
import org.picketlink.identity.federation.web.util.RedirectBindingUtil;
-import org.picketlink.identity.federation.web.util.ServerDetector;
import
org.picketlink.identity.federation.web.util.RedirectBindingUtil.RedirectBindingUtilDestHolder;
+import org.picketlink.identity.federation.web.util.ServerDetector;
import org.w3c.dom.Document;
-import org.xml.sax.SAXException;
/**
* Authenticator at the Service Provider
@@ -332,7 +330,7 @@
}
protected String createSAMLRequestMessage(String relayState, Response response)
- throws ServletException, ConfigurationException, SAXException, JAXBException,
IOException
+ throws ServletException, ConfigurationException, IOException, ProcessingException
{
//create a saml request
if(this.serviceURL == null)
@@ -347,7 +345,7 @@
saml2Request.marshall(authnRequest, baos);
String base64Request =
RedirectBindingUtil.deflateBase64URLEncode(baos.toByteArray());
- String destination = authnRequest.getDestination();
+ String destination = authnRequest.getDestination().toASCIIString();
String destinationQueryString = getDestinationQueryString(base64Request,
relayState, true);
@@ -416,7 +414,5 @@
throws IOException, GeneralSecurityException, ConfigurationException,
ParsingException
{
throw new RuntimeException("This authenticator does not handle
encryption");
- }
-
-
+ }
}
\ No newline at end of file
Modified:
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java
===================================================================
---
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -29,8 +29,6 @@
import java.security.PublicKey;
import java.util.List;
-import javax.xml.bind.JAXBException;
-
import org.apache.catalina.Context;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.connector.Request;
@@ -48,8 +46,8 @@
import org.picketlink.identity.federation.core.saml.v2.util.SignatureUtil;
import org.picketlink.identity.federation.core.util.CoreConfigUtil;
import org.picketlink.identity.federation.core.util.XMLEncryptionUtil;
-import org.picketlink.identity.federation.saml.v2.assertion.EncryptedElementType;
-import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.EncryptedElementType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
import org.picketlink.identity.federation.web.process.ServiceProviderBaseProcessor;
import org.picketlink.identity.federation.web.util.RedirectBindingSignatureUtil;
@@ -192,7 +190,7 @@
SAML2Response saml2Response = new SAML2Response();
PrivateKey privateKey = keyManager.getSigningKey();
- EncryptedElementType myEET = (EncryptedElementType)
responseType.getAssertionOrEncryptedAssertion().get(0);
+ EncryptedElementType myEET = (EncryptedElementType)
responseType.getAssertions().get(0).getEncryptedAssertion();
Document eetDoc = saml2Response.convert(myEET);
Element decryptedDocumentElement =
XMLEncryptionUtil.decryptElementInDocument(eetDoc,privateKey);
@@ -200,10 +198,6 @@
//Let us use the encrypted doc element to decrypt it
return
saml2Response.getResponseType(DocumentUtil.getNodeAsStream(decryptedDocumentElement));
}
- catch (JAXBException e)
- {
- throw new ConfigurationException(e);
- }
catch (Exception e)
{
throw new GeneralSecurityException(e);
Modified:
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPUtil.java
===================================================================
---
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPUtil.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPUtil.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -25,8 +25,6 @@
import java.util.ArrayList;
import java.util.List;
-import javax.xml.bind.JAXBElement;
-
import org.apache.catalina.Context;
import org.apache.catalina.connector.Request;
import org.apache.catalina.realm.GenericPrincipal;
@@ -37,14 +35,16 @@
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import
org.picketlink.identity.federation.core.saml.v2.exceptions.AssertionExpiredException;
import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
-import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
-import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType;
-import org.picketlink.identity.federation.saml.v2.assertion.AttributeType;
-import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
-import org.picketlink.identity.federation.saml.v2.assertion.SubjectType;
-import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
-import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
-import org.picketlink.identity.federation.saml.v2.protocol.StatusType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType.RTChoiceType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusType;
/**
* Common code useful for a SP
@@ -79,8 +79,7 @@
* @param serverEnvironment tomcat,jboss etc
* @return
* @throws AssertionExpiredException
- */
- @SuppressWarnings("unchecked")
+ */
public Principal handleSAMLResponse(Request request, ResponseType responseType)
throws ConfigurationException, AssertionExpiredException
{
@@ -93,35 +92,36 @@
if(statusType == null)
throw new IllegalArgumentException("Status Type from the IDP is
null");
- String statusValue = statusType.getStatusCode().getValue();
+ String statusValue = statusType.getStatusCode().getValue().toASCIIString();
if(JBossSAMLURIConstants.STATUS_SUCCESS.get().equals(statusValue) == false)
throw new SecurityException("IDP forbid the user");
- List<Object> assertions = responseType.getAssertionOrEncryptedAssertion();
+ List<RTChoiceType> assertions = responseType.getAssertions();
if(assertions.size() == 0)
throw new IllegalStateException("No assertions in reply from IDP");
- AssertionType assertion = (AssertionType)assertions.get(0);
+ AssertionType assertion = assertions.get(0).getAssertion();
//Check for validity of assertion
boolean expiredAssertion = AssertionUtil.hasExpired(assertion);
if(expiredAssertion)
throw new AssertionExpiredException();
SubjectType subject = assertion.getSubject();
- JAXBElement<NameIDType> jnameID = (JAXBElement<NameIDType>)
subject.getContent().get(0);
- NameIDType nameID = jnameID.getValue();
+
+ //JAXBElement<NameIDType> jnameID = (JAXBElement<NameIDType>)
subject.getContent().get(0);
+ NameIDType nameID = (NameIDType) subject.getSubType().getBaseID();
String userName = nameID.getValue();
List<String> roles = new ArrayList<String>();
//Set it on a thread local for JBID integrators
-
StatementLocal.statements.set(assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement());
+ StatementLocal.statements.set(assertion.getStatements() );
//Let us get the roles
- AttributeStatementType attributeStatement = (AttributeStatementType)
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().get(0);
- List<Object> attList =
attributeStatement.getAttributeOrEncryptedAttribute();
- for(Object obj:attList)
+ AttributeStatementType attributeStatement = (AttributeStatementType)
assertion.getStatements().iterator().next();
+ List<ASTChoiceType> attList = attributeStatement.getAttributes();
+ for( ASTChoiceType obj:attList)
{
- AttributeType attr = (AttributeType) obj;
+ AttributeType attr = (AttributeType) obj.getAttribute();
String roleName = (String) attr.getAttributeValue().get(0);
roles.add(roleName);
}
Modified:
federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/util/RedirectBindingSignatureUtilTestCase.java
===================================================================
---
federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/util/RedirectBindingSignatureUtilTestCase.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/util/RedirectBindingSignatureUtilTestCase.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -31,7 +31,7 @@
import
org.picketlink.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory;
import org.picketlink.identity.federation.core.saml.v2.util.SignatureUtil;
import org.picketlink.identity.federation.core.util.KeyStoreUtil;
-import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
import org.picketlink.identity.federation.web.util.RedirectBindingSignatureUtil;
/**
Modified:
federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/util/RedirectBindingUtilTestCase.java
===================================================================
---
federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/util/RedirectBindingUtilTestCase.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/util/RedirectBindingUtilTestCase.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -30,8 +30,8 @@
import org.picketlink.identity.federation.api.saml.v2.request.SAML2Request;
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
import
org.picketlink.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory;
-import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
-import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestAbstractType;
import org.picketlink.identity.federation.web.util.RedirectBindingUtil;
/**
Modified:
federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/workflow/SAML2LogoutTomcatWorkflowUnitTestCase.java
===================================================================
---
federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/workflow/SAML2LogoutTomcatWorkflowUnitTestCase.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/workflow/SAML2LogoutTomcatWorkflowUnitTestCase.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -41,7 +41,7 @@
import org.picketlink.identity.federation.api.saml.v2.response.SAML2Response;
import org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve;
import
org.picketlink.identity.federation.bindings.tomcat.sp.SPRedirectFormAuthenticator;
-import org.picketlink.identity.federation.saml.v2.protocol.LogoutRequestType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.LogoutRequestType;
import org.picketlink.identity.federation.saml.v2.protocol.StatusResponseType;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
import org.picketlink.identity.federation.web.core.IdentityServer;
Modified:
federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/workflow/SAML2PostTomcatWorkflowUnitTestCase.java
===================================================================
---
federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/workflow/SAML2PostTomcatWorkflowUnitTestCase.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/workflow/SAML2PostTomcatWorkflowUnitTestCase.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -43,8 +43,8 @@
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.util.Base64;
-import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
-import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
import org.picketlink.identity.federation.web.core.IdentityServer;
import org.picketlink.identity.federation.web.util.PostBindingUtil;
@@ -197,4 +197,4 @@
server.sessionCreated(new HttpSessionEvent(session));
return server;
}
-}
+}
\ No newline at end of file
Modified:
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML20TokenRoleAttributeProvider.java
===================================================================
---
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML20TokenRoleAttributeProvider.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML20TokenRoleAttributeProvider.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -10,9 +10,10 @@
import org.apache.log4j.Logger;
import org.jboss.security.SecurityContextAssociation;
-import
org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenAttributeProvider;
-import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType;
-import org.picketlink.identity.federation.saml.v2.assertion.AttributeType;
+import
org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenAttributeProvider;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeType;
/**
* <p>
@@ -85,7 +86,7 @@
AttributeStatementType attributeStatement = new AttributeStatementType();
AttributeType rolesAttribute = new AttributeType();
rolesAttribute.setName(tokenRoleAttributeName);
- attributeStatement.getAttributeOrEncryptedAttribute().add(rolesAttribute);
+ attributeStatement.addAttribute( new ASTChoiceType(rolesAttribute) );
List<Object> roles = rolesAttribute.getAttributeValue();
for( Principal rolePrincipal : subject.getPrincipals() )
Modified:
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSLoginModule.java
===================================================================
---
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSLoginModule.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSLoginModule.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -32,23 +32,24 @@
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
-import javax.xml.bind.JAXBElement;
import org.jboss.security.auth.callback.ObjectCallback;
import org.jboss.security.auth.spi.AbstractServerLoginModule;
import org.picketlink.identity.federation.bindings.jboss.subject.PicketLinkGroup;
import org.picketlink.identity.federation.bindings.jboss.subject.PicketLinkPrincipal;
import org.picketlink.identity.federation.core.wstrust.STSClient;
+import org.picketlink.identity.federation.core.wstrust.STSClientConfig.Builder;
import org.picketlink.identity.federation.core.wstrust.SamlCredential;
import org.picketlink.identity.federation.core.wstrust.WSTrustException;
-import org.picketlink.identity.federation.core.wstrust.STSClientConfig.Builder;
import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
-import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
-import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType;
-import org.picketlink.identity.federation.saml.v2.assertion.AttributeType;
-import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
-import org.picketlink.identity.federation.saml.v2.assertion.StatementAbstractType;
-import org.picketlink.identity.federation.saml.v2.assertion.SubjectType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.BaseIDAbstractType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.StatementAbstractType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType;
import org.w3c.dom.Element;
/**
@@ -183,15 +184,22 @@
SubjectType subject = assertion.getSubject();
if (subject != null)
{
- for (JAXBElement<?> element : subject.getContent())
+ BaseIDAbstractType baseID = subject.getSubType().getBaseID();
+ if( baseID instanceof NameIDType )
{
+ NameIDType nameID = (NameIDType) baseID;
+ this.principal = new PicketLinkPrincipal(nameID.getValue());
+ }
+
+ /*for (JAXBElement<?> element : subject.getContent())
+ {
if (element.getDeclaredType().equals(NameIDType.class))
{
NameIDType nameID = (NameIDType) element.getValue();
this.principal = new PicketLinkPrincipal(nameID.getValue());
break;
}
- }
+ }*/
}
}
catch (Exception e)
@@ -246,12 +254,12 @@
if (attributeStatement != null)
{
Set<Principal> roles = new HashSet<Principal>();
- List<Object> attributeList =
attributeStatement.getAttributeOrEncryptedAttribute();
- for (Object obj : attributeList)
+ List<ASTChoiceType> attributeList = attributeStatement.getAttributes();
+ for ( ASTChoiceType obj : attributeList )
{
- if (obj instanceof AttributeType)
+ AttributeType attribute = obj.getAttribute();
+ if( attribute != null )
{
- AttributeType attribute = (AttributeType) obj;
// if this is a role attribute, get its values and add them to the role
set.
if (attribute.getName().equals("role"))
{
@@ -280,7 +288,7 @@
*/
private AttributeStatementType getAttributeStatement(AssertionType assertion)
{
- List<StatementAbstractType> statementList =
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement();
+ Set<StatementAbstractType> statementList = assertion.getStatements();
if (statementList.size() != 0)
{
for (StatementAbstractType statement : statementList)
Modified:
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/mapping/STSGroupMappingProvider.java
===================================================================
---
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/mapping/STSGroupMappingProvider.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/mapping/STSGroupMappingProvider.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -2,6 +2,7 @@
import java.util.List;
import java.util.Map;
+import java.util.Set;
import javax.xml.bind.JAXBException;
@@ -14,10 +15,11 @@
import
org.picketlink.identity.federation.bindings.jboss.auth.SAML20TokenRoleAttributeProvider;
import org.picketlink.identity.federation.core.wstrust.auth.AbstractSTSLoginModule;
import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
-import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
-import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType;
-import org.picketlink.identity.federation.saml.v2.assertion.AttributeType;
-import org.picketlink.identity.federation.saml.v2.assertion.StatementAbstractType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.StatementAbstractType;
import org.w3c.dom.Element;
/**
@@ -112,11 +114,23 @@
if (attributeStatement != null)
{
RoleGroup rolesGroup = new
SimpleRoleGroup(SAML20TokenRoleAttributeProvider.JBOSS_ROLE_PRINCIPAL_NAME);
- List<Object> attributeList =
attributeStatement.getAttributeOrEncryptedAttribute();
- for (Object obj : attributeList)
+ List<ASTChoiceType> attributeList =
attributeStatement.getAttributes();
+ for ( ASTChoiceType obj : attributeList)
{
- if (obj instanceof AttributeType)
+ AttributeType attribute = obj.getAttribute();
+ if( attribute != null )
{
+ // if this is a role attribute, get its values and add them to the role
set.
+ if (tokenRoleAttributeName.equals(attribute.getName()))
+ {
+ for (Object value : attribute.getAttributeValue())
+ {
+ rolesGroup.addRole(new SimpleRole((String) value));
+ }
+ }
+ }
+ /*if (obj instanceof AttributeType)
+ {
AttributeType attribute = (AttributeType) obj;
// if this is a role attribute, get its values and add them to the role
set.
if (tokenRoleAttributeName.equals(attribute.getName()))
@@ -126,7 +140,7 @@
rolesGroup.addRole(new SimpleRole((String) value));
}
}
- }
+ }*/
}
result.setMappedObject(rolesGroup);
if (log.isDebugEnabled())
@@ -169,7 +183,7 @@
*/
private AttributeStatementType getAttributeStatement(AssertionType assertion)
{
- List<StatementAbstractType> statementList =
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement();
+ Set<StatementAbstractType> statementList = assertion.getStatements();
if (statementList.size() != 0)
{
for (StatementAbstractType statement : statementList)
@@ -180,4 +194,4 @@
}
return null;
}
-}
+}
\ No newline at end of file
Modified:
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/mapping/STSPrincipalMappingProvider.java
===================================================================
---
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/mapping/STSPrincipalMappingProvider.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/mapping/STSPrincipalMappingProvider.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -3,7 +3,6 @@
import java.security.Principal;
import java.util.Map;
-import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import org.apache.log4j.Logger;
@@ -12,9 +11,10 @@
import org.jboss.security.mapping.providers.principal.AbstractPrincipalMappingProvider;
import org.picketlink.identity.federation.core.wstrust.auth.AbstractSTSLoginModule;
import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
-import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
-import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
-import org.picketlink.identity.federation.saml.v2.assertion.SubjectType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.BaseIDAbstractType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType;
import org.w3c.dom.Element;
/**
@@ -75,8 +75,20 @@
SubjectType subject = assertion.getSubject();
if (subject != null)
{
- for (JAXBElement<?> element : subject.getContent())
+ BaseIDAbstractType baseID = subject.getSubType().getBaseID();
+ if( baseID != null && baseID instanceof NameIDType )
{
+ NameIDType nameID = (NameIDType) baseID;
+ Principal mappedPrincipal = new SimplePrincipal(nameID.getValue());
+ result.setMappedObject(mappedPrincipal);
+ if (log.isDebugEnabled())
+ {
+ log.debug("Mapped principal to " + mappedPrincipal);
+ }
+ return;
+ }
+ /*for (JAXBElement<?> element : subject.getContent())
+ {
if (element.getDeclaredType().equals(NameIDType.class))
{
NameIDType nameID = (NameIDType) element.getValue();
@@ -88,7 +100,7 @@
}
return;
}
- }
+ }*/
}
}
catch (JAXBException e)
Modified:
federation/trunk/picketlink-bindings-jboss/src/test/java/org/picketlink/test/identity/federation/bindings/jboss/auth/STSMappingProviderUnitTestCase.java
===================================================================
---
federation/trunk/picketlink-bindings-jboss/src/test/java/org/picketlink/test/identity/federation/bindings/jboss/auth/STSMappingProviderUnitTestCase.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-bindings-jboss/src/test/java/org/picketlink/test/identity/federation/bindings/jboss/auth/STSMappingProviderUnitTestCase.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -25,9 +25,6 @@
import java.util.HashMap;
import java.util.Map;
-import javax.xml.bind.JAXBElement;
-import javax.xml.namespace.QName;
-
import junit.framework.TestCase;
import org.jboss.security.identity.RoleGroup;
@@ -36,14 +33,17 @@
import
org.picketlink.identity.federation.bindings.jboss.auth.SAML20TokenRoleAttributeProvider;
import
org.picketlink.identity.federation.bindings.jboss.auth.mapping.STSGroupMappingProvider;
import
org.picketlink.identity.federation.bindings.jboss.auth.mapping.STSPrincipalMappingProvider;
-import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.picketlink.identity.federation.core.wstrust.auth.AbstractSTSLoginModule;
import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
-import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
-import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType;
-import org.picketlink.identity.federation.saml.v2.assertion.AttributeType;
-import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
-import org.picketlink.identity.federation.saml.v2.assertion.SubjectType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType.STSubType;
import org.w3c.dom.Element;
/**
@@ -75,11 +75,11 @@
String role1 = "userRole1";
String role2 = "userRole2";
- AssertionType assertion = new AssertionType();
+ AssertionType assertion = new AssertionType( "ID_SOME",
XMLTimeUtil.getIssueInstant(), JBossSAMLConstants.VERSION_2_0.get());
AttributeStatementType attributeStatementType = new AttributeStatementType();
-
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attributeStatementType);
+ assertion.addStatement( attributeStatementType );
AttributeType attributeType = new AttributeType();
- attributeStatementType.getAttributeOrEncryptedAttribute().add(attributeType);
+ attributeStatementType.addAttribute( new ASTChoiceType(attributeType));
attributeType.setName(roleAttributeName);
attributeType.getAttributeValue().add(role1);
attributeType.getAttributeValue().add(role2);
@@ -112,16 +112,19 @@
{
String userId = "babak";
- AssertionType assertion = new AssertionType();
+ AssertionType assertion = new AssertionType( "ID_SOME",
XMLTimeUtil.getIssueInstant(), JBossSAMLConstants.VERSION_2_0.get() );
SubjectType subjectType = new SubjectType();
assertion.setSubject(subjectType);
- QName name = new QName(WSTrustConstants.SAML2_ASSERTION_NS, "NameID");
- Class<NameIDType> declaredType = NameIDType.class;
+ //QName name = new QName(WSTrustConstants.SAML2_ASSERTION_NS, "NameID");
NameIDType nameIDType = new NameIDType();
nameIDType.setValue(userId);
- JAXBElement<NameIDType> jaxbElement = new JAXBElement<NameIDType>(name,
declaredType, JAXBElement.GlobalScope.class, nameIDType);
- subjectType.getContent().add(jaxbElement);
+ STSubType subType = new STSubType();
+ subType.addBaseID( nameIDType );
+ subjectType.setSubType( subType );
+ /*JAXBElement<NameIDType> jaxbElement = new
JAXBElement<NameIDType>(name, declaredType, JAXBElement.GlobalScope.class,
nameIDType);
+ subjectType.getContent().add(jaxbElement);*/
+
MappingResult<Principal> mappingResult = new
MappingResult<Principal>();
Map<String, Object> contextMap = new HashMap<String, Object>();
Element assertionElement = SAMLUtil.toElement(assertion);
Modified:
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java
===================================================================
---
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -21,17 +21,16 @@
*/
package org.picketlink.identity.federation.api.saml.v2.request;
+import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.Writer;
-import javax.xml.bind.Binder;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
import javax.xml.parsers.ParserConfigurationException;
@@ -44,22 +43,20 @@
import org.picketlink.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
import
org.picketlink.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory;
-import org.picketlink.identity.federation.core.saml.v2.factories.JBossSAMLBaseFactory;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.picketlink.identity.federation.core.saml.v2.util.JAXBElementMappingUtil;
import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.picketlink.identity.federation.core.saml.v2.writers.SAMLRequestWriter;
+import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter;
import org.picketlink.identity.federation.core.util.JAXBUtil;
import org.picketlink.identity.federation.core.util.StaxUtil;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.LogoutRequestType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestAbstractType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
import org.picketlink.identity.federation.saml.v2.SAML2Object;
-import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
-import
org.picketlink.identity.federation.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType;
-import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
-import org.picketlink.identity.federation.saml.v2.protocol.LogoutRequestType;
-import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType;
-import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
import org.w3c.dom.Document;
-import org.w3c.dom.Node;
import org.xml.sax.SAXException;
/**
@@ -92,33 +89,23 @@
/**
* Get AuthnRequestType from a file
* @param fileName file with the serialized AuthnRequestType
- * @return AuthnRequestType
- * @throws SAXException
- * @throws JAXBException
+ * @return AuthnRequestType
+ * @throws ParsingException
+ * @throws ProcessingException
+ * @throws ConfigurationException
* @throws IllegalArgumentException if the input fileName is null
* IllegalStateException if the InputStream from the fileName is null
*/
- public AuthnRequestType getAuthnRequestType(String fileName) throws JAXBException,
SAXException
+ public AuthnRequestType getAuthnRequestType(String fileName) throws
ConfigurationException, ProcessingException, ParsingException
{
if(fileName == null)
throw new IllegalArgumentException("fileName is null");
ClassLoader tcl = SecurityActions.getContextClassLoader();
InputStream is = tcl.getResourceAsStream(fileName);
return getAuthnRequestType(is);
- }
+ }
/**
- * Get the Binder
- * @return
- * @throws JAXBException
- */
- public Binder<Node> getBinder() throws JAXBException
- {
- JAXBContext jaxb = JAXBUtil.getJAXBContext(RequestAbstractType.class);
- return jaxb.createBinder();
- }
-
- /**
* Get the Underlying SAML2Object from the input stream
* @param is
* @return
@@ -160,49 +147,51 @@
* @throws ConfigurationException
* @throws
* @throws IllegalArgumentException inputstream is null
- */
- @SuppressWarnings("unchecked")
+ */
public RequestAbstractType getRequestType(InputStream is)
throws ParsingException, ConfigurationException, ProcessingException
{
if(is == null)
throw new IllegalStateException("InputStream is null");
-
- Document samlDocument = DocumentUtil.getDocument(is);
-
- try
- {
- Binder<Node> binder = getBinder();
+
+ Document samlDocument = DocumentUtil.getDocument( is );
+
+ SAMLParser samlParser = new SAMLParser();
+ RequestAbstractType requestType = (RequestAbstractType) samlParser.parse(
DocumentUtil.getNodeAsStream(samlDocument));
+
+ /*Binder<Node> binder = getBinder();
JAXBElement<RequestAbstractType> jaxbAuthnRequestType =
(JAXBElement<RequestAbstractType>) binder.unmarshal(samlDocument);
- RequestAbstractType requestType = jaxbAuthnRequestType.getValue();
- samlDocumentHolder = new SAMLDocumentHolder(requestType, samlDocument);
- return requestType;
- }
- catch (JAXBException e)
- {
- throw new ParsingException(e);
- }
+ RequestAbstractType requestType = jaxbAuthnRequestType.getValue();*/
+ samlDocumentHolder = new SAMLDocumentHolder(requestType, samlDocument);
+ return requestType;
}
/**
* Get the AuthnRequestType from an input stream
* @param is Inputstream containing the AuthnRequest
- * @return
- * @throws SAXException
- * @throws JAXBException
+ * @return
+ * @throws ParsingException
+ * @throws ProcessingException
+ * @throws ConfigurationException
* @throws IllegalArgumentException inputstream is null
- */
- @SuppressWarnings("unchecked")
- public AuthnRequestType getAuthnRequestType(InputStream is) throws JAXBException,
SAXException
+ */
+ public AuthnRequestType getAuthnRequestType(InputStream is) throws
ConfigurationException, ProcessingException, ParsingException
{
if(is == null)
throw new IllegalStateException("InputStream is null");
String key = PicketLinkFederationConstants.JAXB_SCHEMA_VALIDATION;
- boolean validate = Boolean.parseBoolean(SecurityActions.getSystemProperty(key,
"false"));
+ //boolean validate = Boolean.parseBoolean(SecurityActions.getSystemProperty(key,
"false"));
- Unmarshaller un =
JBossSAMLAuthnRequestFactory.getValidatingUnmarshaller(validate);
+ Document samlDocument = DocumentUtil.getDocument( is );
+
+ SAMLParser samlParser = new SAMLParser();
+ AuthnRequestType requestType = (AuthnRequestType) samlParser.parse(
DocumentUtil.getNodeAsStream(samlDocument));
+ samlDocumentHolder = new SAMLDocumentHolder(requestType, samlDocument);
+ return requestType;
+
+ /*Unmarshaller un =
JBossSAMLAuthnRequestFactory.getValidatingUnmarshaller(validate);
JAXBElement<AuthnRequestType> jaxbAuthnRequestType =
(JAXBElement<AuthnRequestType>) un.unmarshal(is);
- return jaxbAuthnRequestType.getValue();
+ return jaxbAuthnRequestType.getValue();*/
}
@@ -222,17 +211,16 @@
* @throws ConfigurationException
*/
public LogoutRequestType createLogoutRequest(String issuer) throws
ConfigurationException
- {
- org.picketlink.identity.federation.saml.v2.protocol.ObjectFactory of
- = new org.picketlink.identity.federation.saml.v2.protocol.ObjectFactory();
- LogoutRequestType lrt = of.createLogoutRequestType();
+ {
+ LogoutRequestType lrt = new LogoutRequestType();
lrt.setID(IDGenerator.create("ID_"));
lrt.setIssueInstant(XMLTimeUtil.getIssueInstant());
lrt.setVersion( JBossSAMLConstants.VERSION_2_0.get() );
//Create an issuer
- NameIDType issuerNameID = JBossSAMLBaseFactory.createNameID();
+ NameIDType issuerNameID = new NameIDType();
issuerNameID.setValue(issuer);
+
lrt.setIssuer(issuerNameID);
return lrt;
@@ -323,14 +311,14 @@
* @throws JAXBException
* @throws ParserConfigurationException
*/
- public Document convert(ResponseType responseType) throws JAXBException,
ConfigurationException
+ public Document convert( ResponseType responseType) throws ProcessingException,
ParsingException, ConfigurationException
{
- JAXBContext jaxb = JAXBUtil.getJAXBContext(ResponseType.class);
- Binder<Node> binder = jaxb.createBinder();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ SAMLResponseWriter writer = new
SAMLResponseWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write( responseType );
- Document doc = DocumentUtil.createDocument();
- binder.marshal(JAXBElementMappingUtil.get(responseType), doc);
- return doc;
+ ByteArrayInputStream bis = new ByteArrayInputStream( baos.toByteArray() );
+ return DocumentUtil.getDocument(bis);
}
/**
@@ -340,14 +328,26 @@
* @throws JAXBException
* @throws SAXException
*/
- public void marshall(RequestAbstractType requestType, OutputStream os) throws
SAXException, JAXBException
+ public void marshall(RequestAbstractType requestType, OutputStream os) throws
ProcessingException
{
- String key = PicketLinkFederationConstants.JAXB_SCHEMA_VALIDATION;
+ /*String key = PicketLinkFederationConstants.JAXB_SCHEMA_VALIDATION;
boolean validate = Boolean.parseBoolean(SecurityActions.getSystemProperty(key,
"false"));
Marshaller marshaller =
JBossSAMLAuthnRequestFactory.getValidatingMarshaller(validate);
JAXBElement<?> j = JAXBElementMappingUtil.get(requestType);
marshaller.marshal(j, os);
+ */
+ SAMLRequestWriter samlRequestWriter = new SAMLRequestWriter(
StaxUtil.getXMLStreamWriter(os));
+ if( requestType instanceof AuthnRequestType )
+ {
+ samlRequestWriter.write((AuthnRequestType)requestType );
+ }
+ else if( requestType instanceof LogoutRequestType )
+ {
+ samlRequestWriter.write((LogoutRequestType)requestType );
+ }
+ else
+ throw new RuntimeException( "Unsupported" );
}
/**
@@ -357,13 +357,25 @@
* @throws JAXBException
* @throws SAXException
*/
- public void marshall(RequestAbstractType requestType, Writer writer) throws
SAXException, JAXBException
+ public void marshall(RequestAbstractType requestType, Writer writer) throws
ProcessingException
{
- String key = PicketLinkFederationConstants.JAXB_SCHEMA_VALIDATION;
+ /*String key = PicketLinkFederationConstants.JAXB_SCHEMA_VALIDATION;
boolean validate = Boolean.parseBoolean(SecurityActions.getSystemProperty(key,
"false"));
Marshaller marshaller =
JBossSAMLAuthnRequestFactory.getValidatingMarshaller(validate);
JAXBElement<?> j = JAXBElementMappingUtil.get(requestType);
- marshaller.marshal(j, writer);
+ marshaller.marshal(j, writer);*/
+
+ SAMLRequestWriter samlRequestWriter = new SAMLRequestWriter(
StaxUtil.getXMLStreamWriter( writer ));
+ if( requestType instanceof AuthnRequestType )
+ {
+ samlRequestWriter.write((AuthnRequestType)requestType );
+ }
+ else if( requestType instanceof LogoutRequestType )
+ {
+ samlRequestWriter.write((LogoutRequestType)requestType );
+ }
+ else
+ throw new RuntimeException( "Unsupported" );
}
}
\ No newline at end of file
Modified:
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java
===================================================================
---
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -31,17 +31,11 @@
import java.io.Writer;
import java.util.Arrays;
-import javax.xml.bind.Binder;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-import javax.xml.bind.Unmarshaller;
import javax.xml.datatype.XMLGregorianCalendar;
import javax.xml.namespace.QName;
import javax.xml.parsers.ParserConfigurationException;
-import org.picketlink.identity.federation.core.constants.PicketLinkFederationConstants;
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
import org.picketlink.identity.federation.core.exceptions.ParsingException;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
@@ -50,33 +44,29 @@
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import
org.picketlink.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
import
org.picketlink.identity.federation.core.saml.v2.factories.JBossSAMLAuthnResponseFactory;
-import org.picketlink.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
-import org.picketlink.identity.federation.core.saml.v2.factories.SAMLProtocolFactory;
import org.picketlink.identity.federation.core.saml.v2.holders.IDPInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.holders.SPInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.picketlink.identity.federation.core.saml.v2.util.JAXBElementMappingUtil;
import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter;
-import org.picketlink.identity.federation.core.util.JAXBUtil;
+import org.picketlink.identity.federation.core.util.NetworkUtil;
import org.picketlink.identity.federation.core.util.StaxUtil;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.ActionType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AuthnContextType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AuthnStatementType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.AuthzDecisionStatementType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.DecisionType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.EncryptedAssertionType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.EncryptedElementType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.EvidenceType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusResponseType;
import org.picketlink.identity.federation.saml.v2.SAML2Object;
-import org.picketlink.identity.federation.saml.v2.assertion.ActionType;
-import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
-import org.picketlink.identity.federation.saml.v2.assertion.AuthnContextType;
-import org.picketlink.identity.federation.saml.v2.assertion.AuthnStatementType;
-import org.picketlink.identity.federation.saml.v2.assertion.AuthzDecisionStatementType;
-import org.picketlink.identity.federation.saml.v2.assertion.DecisionType;
-import org.picketlink.identity.federation.saml.v2.assertion.EncryptedElementType;
-import org.picketlink.identity.federation.saml.v2.assertion.EvidenceType;
-import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
-import org.picketlink.identity.federation.saml.v2.assertion.ObjectFactory;
-import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
-import org.picketlink.identity.federation.saml.v2.protocol.StatusResponseType;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
-import org.xml.sax.SAXException;
/**
* API for dealing with SAML2 Response objects
@@ -106,13 +96,11 @@
*/
public AuthnStatementType createAuthnStatement(String authnContextDeclRef,
XMLGregorianCalendar issueInstant)
- {
- ObjectFactory objectFactory = SAMLAssertionFactory.getObjectFactory();
- AuthnStatementType authnStatement = objectFactory.createAuthnStatementType();
- authnStatement.setAuthnInstant(issueInstant);
- AuthnContextType act = objectFactory.createAuthnContextType();
+ {
+ AuthnStatementType authnStatement = new AuthnStatementType( issueInstant );
+ AuthnContextType act = new AuthnContextType();
String authContextDeclRef =
JBossSAMLURIConstants.AC_PASSWORD_PROTECTED_TRANSPORT.get();
- act.getContent().add(objectFactory.createAuthnContextDeclRef(authContextDeclRef));
+ act.addAuthenticatingAuthority( NetworkUtil.createURI( authContextDeclRef ));
authnStatement.setAuthnContext(act);
return authnStatement;
}
@@ -129,9 +117,8 @@
DecisionType decision,
EvidenceType evidence,
ActionType... actions)
- {
- ObjectFactory objectFactory = SAMLAssertionFactory.getObjectFactory();
- AuthzDecisionStatementType authzDecST =
objectFactory.createAuthzDecisionStatementType();
+ {
+ AuthzDecisionStatementType authzDecST = new AuthzDecisionStatementType();
authzDecST.setResource(resource);
authzDecST.setDecision(decision);
if(evidence != null)
@@ -199,37 +186,39 @@
/**
* Get an encrypted assertion from the stream
* @param is
- * @return
- * @throws SAXException
- * @throws JAXBException
- */
- @SuppressWarnings("unchecked")
- public EncryptedElementType getEncryptedAssertion(InputStream is) throws
JAXBException, SAXException
+ * @return
+ * @throws ParsingException
+ */
+ public EncryptedAssertionType getEncryptedAssertion(InputStream is) throws
ParsingException
{
if(is == null)
- throw new IllegalArgumentException("inputstream is null");
+ throw new IllegalArgumentException( "inputstream is null" );
- Unmarshaller un = JBossSAMLAuthnResponseFactory.getUnmarshaller();
+ SAMLParser samlParser = new SAMLParser();
+ return ( EncryptedAssertionType ) samlParser.parse(is);
+
+ /*Unmarshaller un = JBossSAMLAuthnResponseFactory.getUnmarshaller();
JAXBElement<EncryptedElementType> jaxb =
(JAXBElement<EncryptedElementType>) un.unmarshal(is);
- return jaxb.getValue();
+ return jaxb.getValue(); */
}
/**
* Read an assertion from an input stream
* @param is
- * @return
- * @throws JAXBException
- * @throws SAXException
- */
- @SuppressWarnings("unchecked")
- public AssertionType getAssertionType(InputStream is) throws JAXBException,
SAXException
+ * @return
+ * @throws ParsingException
+ */
+ public AssertionType getAssertionType(InputStream is) throws ParsingException
{
if(is == null)
- throw new IllegalArgumentException("inputstream is null");
+ throw new IllegalArgumentException( "inputstream is null" );
- Unmarshaller un = JBossSAMLAuthnResponseFactory.getUnmarshaller();
+ SAMLParser samlParser = new SAMLParser();
+ return (AssertionType) samlParser.parse(is);
+
+ /*Unmarshaller un = JBossSAMLAuthnResponseFactory.getUnmarshaller();
JAXBElement<AssertionType> jaxb = (JAXBElement<AssertionType>)
un.unmarshal(is);
- return jaxb.getValue();
+ return jaxb.getValue(); */
}
/**
@@ -247,28 +236,24 @@
* @return
* @throws ParsingException
* @throws ConfigurationException
- */
- @SuppressWarnings("unchecked")
+ */
public ResponseType getResponseType(InputStream is)
throws ParsingException, ConfigurationException, ProcessingException
{
if(is == null)
throw new IllegalArgumentException("inputstream is null");
-
+
Document samlResponseDocument = DocumentUtil.getDocument(is);
-
- try
- {
- Binder<Node> binder = getBinder();
+
+ SAMLParser samlParser = new SAMLParser();
+ ResponseType responseType = (ResponseType) samlParser.parse(
DocumentUtil.getNodeAsStream( samlResponseDocument ));
+
+
+ /*Binder<Node> binder = getBinder();
JAXBElement<ResponseType> jaxbResponseType =
(JAXBElement<ResponseType>) binder.unmarshal(samlResponseDocument);
- ResponseType responseType = jaxbResponseType.getValue();
- samlDocumentHolder = new SAMLDocumentHolder(responseType,
samlResponseDocument);
- return responseType;
- }
- catch (JAXBException e)
- {
- throw new ParsingException(e);
- }
+ ResponseType responseType = jaxbResponseType.getValue();*/
+ samlDocumentHolder = new SAMLDocumentHolder(responseType, samlResponseDocument);
+ return responseType;
}
@@ -311,33 +296,24 @@
/**
* Convert an EncryptedElement into a Document
* @param encryptedElementType
- * @return
- * @throws JAXBException
- * @throws ParserConfigurationException
+ * @return
+ * @throws ConfigurationException
*/
public Document convert(EncryptedElementType encryptedElementType)
- throws JAXBException, ConfigurationException
- {
- JAXBContext jaxb = JAXBUtil.getJAXBContext(EncryptedElementType.class);
+ throws ConfigurationException
+ {
+ /*JAXBContext jaxb = JAXBUtil.getJAXBContext(EncryptedElementType.class);
Binder<Node> binder = jaxb.createBinder();
-
+ */
Document doc = DocumentUtil.createDocument();
- binder.marshal(JAXBElementMappingUtil.get(encryptedElementType), doc);
+ Node importedNode = doc.importNode( encryptedElementType.getEncryptedElement(),
true );
+ doc.appendChild(importedNode);
+
+ //binder.marshal(JAXBElementMappingUtil.get(encryptedElementType), doc);
return doc;
}
/**
- * Get the Binder
- * @return
- * @throws JAXBException
- */
- public Binder<Node> getBinder() throws JAXBException
- {
- JAXBContext jaxb = JAXBUtil.getJAXBContext(ResponseType.class);
- return jaxb.createBinder();
- }
-
- /**
* Convert a SAML2 Response into a Document
* @param responseType
* @return
@@ -349,7 +325,7 @@
public Document convert(StatusResponseType responseType) throws JAXBException,
ConfigurationException*/
- public Document convert(StatusResponseType responseType) throws ProcessingException,
ConfigurationException, ParsingException
+ public Document convert( StatusResponseType responseType) throws ProcessingException,
ConfigurationException, ParsingException
{
ByteArrayOutputStream bos = new ByteArrayOutputStream();
@@ -385,12 +361,11 @@
*
* @param responseType
* @param os
- * @throws SAXException
- * @throws JAXBException
+ * @throws ProcessingException
*/
- public void marshall(ResponseType responseType, OutputStream os) throws JAXBException,
SAXException
+ public void marshall(ResponseType responseType, OutputStream os) throws
ProcessingException
{
- String key = PicketLinkFederationConstants.JAXB_SCHEMA_VALIDATION;
+ /*String key = PicketLinkFederationConstants.JAXB_SCHEMA_VALIDATION;
boolean validate = Boolean.parseBoolean(SecurityActions
.getSystemProperty(key, "false"));
@@ -398,20 +373,25 @@
.getValidatingMarshaller(validate);
JAXBElement<ResponseType> jaxb = SAMLProtocolFactory.getObjectFactory()
.createResponse(responseType);
- marshaller.marshal(jaxb, os);
+ marshaller.marshal(jaxb, os); */
+
+ SAMLResponseWriter samlWriter = new SAMLResponseWriter(
StaxUtil.getXMLStreamWriter(os));
+ samlWriter.write(responseType);
}
/**
* Marshall the ResponseType into a writer
* @param responseType
* @param writer
- * @throws SAXException
- * @throws JAXBException
+ * @throws ProcessingException
*/
- public void marshall(ResponseType responseType, Writer writer) throws JAXBException,
SAXException
+ public void marshall(ResponseType responseType, Writer writer) throws
ProcessingException
{
- Marshaller marshaller = JBossSAMLAuthnResponseFactory.getMarshaller();
+ SAMLResponseWriter samlWriter = new SAMLResponseWriter(
StaxUtil.getXMLStreamWriter( writer ));
+ samlWriter.write(responseType);
+
+ /*Marshaller marshaller = JBossSAMLAuthnResponseFactory.getMarshaller();
JAXBElement<ResponseType> jaxb =
SAMLProtocolFactory.getObjectFactory().createResponse(responseType);
- marshaller.marshal(jaxb, writer);
+ marshaller.marshal(jaxb, writer);*/
}
}
\ No newline at end of file
Modified:
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/sig/SAML2Signature.java
===================================================================
---
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/sig/SAML2Signature.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/sig/SAML2Signature.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -41,9 +41,9 @@
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
-import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType;
-import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
+import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestAbstractType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.xml.sax.SAXException;
Modified:
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/soap/SOAPSAMLXACML.java
===================================================================
---
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/soap/SOAPSAMLXACML.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/soap/SOAPSAMLXACML.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -32,18 +32,14 @@
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
-import org.picketlink.identity.federation.core.factories.SOAPFactory;
-import org.picketlink.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
+import org.picketlink.identity.federation.core.factories.SOAPFactory;
import org.picketlink.identity.federation.core.saml.v2.util.SOAPSAMLXACMLUtil;
import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType;
import org.picketlink.identity.federation.org.xmlsoap.schemas.soap.envelope.Body;
import org.picketlink.identity.federation.org.xmlsoap.schemas.soap.envelope.Envelope;
-import org.picketlink.identity.federation.org.xmlsoap.schemas.soap.envelope.Fault;
-import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
-import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
-import
org.picketlink.identity.federation.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType;
-import
org.picketlink.identity.federation.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType;
-import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
+import org.picketlink.identity.federation.org.xmlsoap.schemas.soap.envelope.Fault;
import org.jboss.security.xacml.core.model.context.DecisionType;
import org.jboss.security.xacml.core.model.context.RequestType;
import org.jboss.security.xacml.core.model.context.ResultType;
@@ -67,21 +63,21 @@
*/
public Result send(String endpoint, String issuer, RequestType xacmlRequest) throws
ProcessingException
{
+ throw new RuntimeException( "NYI" );/*
try
{
- XACMLAuthzDecisionQueryType queryType =
SOAPSAMLXACMLUtil.createXACMLAuthzDecisionQueryType();
+ XACMLAuthzDecisionQueryType queryType = new XACMLAuthzDecisionQueryType();
queryType.setRequest(xacmlRequest);
//Create Issue Instant
queryType.setIssueInstant(XMLTimeUtil.getIssueInstant());
//Create Issuer
- NameIDType nameIDType =
SAMLAssertionFactory.getObjectFactory().createNameIDType();
+ NameIDType nameIDType = new NameIDType();
nameIDType.setValue(issuer);
queryType.setIssuer(nameIDType);
+
- JAXBElement<?> jaxbQueryType = SOAPSAMLXACMLUtil.getJAXB(queryType);
-
Envelope envelope = createEnvelope(jaxbQueryType);
JAXBElement<?> soapRequest =
SOAPFactory.getObjectFactory().createEnvelope(envelope);
@@ -125,7 +121,7 @@
catch (ConfigurationException e)
{
throw new ProcessingException(e);
- }
+ }*/
}
private Envelope createEnvelope(JAXBElement<?> jaxbElement)
Modified:
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/DeflateEncodingDecodingUnitTestCase.java
===================================================================
---
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/DeflateEncodingDecodingUnitTestCase.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/DeflateEncodingDecodingUnitTestCase.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -32,8 +32,8 @@
import org.picketlink.identity.federation.api.util.DeflateUtil;
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
import
org.picketlink.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory;
-import org.picketlink.identity.federation.core.util.Base64;
-import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.picketlink.identity.federation.core.util.Base64;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
/**
* Unit test the DEFLATE compression
Modified:
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2AuthnRequestUnitTestCase.java
===================================================================
---
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2AuthnRequestUnitTestCase.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2AuthnRequestUnitTestCase.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -22,22 +22,22 @@
package org.picketlink.test.identity.federation.api.saml.v2;
import java.io.ByteArrayOutputStream;
+import java.net.URI;
import java.util.List;
-import javax.xml.bind.JAXBElement;
-
import junit.framework.TestCase;
import org.picketlink.identity.federation.api.saml.v2.request.SAML2Request;
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
-import org.picketlink.identity.federation.saml.v2.assertion.AudienceRestrictionType;
-import org.picketlink.identity.federation.saml.v2.assertion.ConditionAbstractType;
-import org.picketlink.identity.federation.saml.v2.assertion.ConditionsType;
-import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
-import org.picketlink.identity.federation.saml.v2.assertion.SubjectType;
-import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
-import org.picketlink.identity.federation.saml.v2.protocol.RequestedAuthnContextType;
-import org.picketlink.identity.xmlsec.w3.xmldsig.SignatureType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.AudienceRestrictionType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.ConditionAbstractType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.ConditionsType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType.STSubType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestedAuthnContextType;
+import org.w3c.dom.Element;
@@ -68,23 +68,22 @@
SubjectType subjectType = authnRequestType.getSubject();
assertNotNull(subjectType);
- List<JAXBElement<?>> subjectContentList = subjectType.getContent();
- JAXBElement<?> elem1 = subjectContentList.get(0);
- NameIDType nameIDType = (NameIDType) elem1.getValue();
+ STSubType subType = subjectType.getSubType();
+ NameIDType nameIDType = (NameIDType) subType.getBaseID();
assertEquals("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",nameIDType.getFormat());
assertEquals("j.doe(a)company.com",nameIDType.getValue());
ConditionsType conditionsType = authnRequestType.getConditions();
- List<ConditionAbstractType> conditions =
conditionsType.getConditionOrAudienceRestrictionOrOneTimeUse();
+ List<ConditionAbstractType> conditions = conditionsType.getConditions();
assertTrue(conditions.size() == 1);
ConditionAbstractType condition = conditions.get(0);
assertTrue(condition instanceof AudienceRestrictionType);
AudienceRestrictionType audienceRestrictionType = (AudienceRestrictionType)
condition;
- List<String> audiences = audienceRestrictionType.getAudience();
+ List<URI> audiences = audienceRestrictionType.getAudience();
assertTrue(audiences.size() == 1);
- assertEquals("urn:foo:sp.example.org", audiences.get(0));
+ assertEquals("urn:foo:sp.example.org",
audiences.get(0).toASCIIString());
RequestedAuthnContextType requestedAuthnContext =
authnRequestType.getRequestedAuthnContext();
assertEquals(
"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
@@ -109,7 +108,7 @@
AuthnRequestType authnRequestType = request.getAuthnRequestType(resourceName);
assertNotNull(authnRequestType);
- SignatureType signatureType = authnRequestType.getSignature();
+ Element signatureType = authnRequestType.getSignature();
assertNotNull("Signature is not null", signatureType);
//Let us marshall it back to an output stream
Modified:
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2AuthnResponseUnitTestCase.java
===================================================================
---
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2AuthnResponseUnitTestCase.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2AuthnResponseUnitTestCase.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -31,8 +31,8 @@
import
org.picketlink.identity.federation.core.saml.v2.factories.JBossSAMLAuthnResponseFactory;
import org.picketlink.identity.federation.core.saml.v2.holders.IDPInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
-import org.picketlink.identity.federation.core.saml.v2.holders.SPInfoHolder;
-import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
+import org.picketlink.identity.federation.core.saml.v2.holders.SPInfoHolder;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
/**
Modified:
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2RequestUnitTestCase.java
===================================================================
---
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2RequestUnitTestCase.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2RequestUnitTestCase.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -23,8 +23,8 @@
import junit.framework.TestCase;
-import org.picketlink.identity.federation.api.saml.v2.request.SAML2Request;
-import org.picketlink.identity.federation.saml.v2.protocol.LogoutRequestType;
+import org.picketlink.identity.federation.api.saml.v2.request.SAML2Request;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.LogoutRequestType;
/**
Modified:
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java
===================================================================
---
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -41,11 +41,11 @@
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.saml.v2.util.SignatureUtil;
import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
-import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
-import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
-import org.picketlink.identity.federation.saml.v2.assertion.AuthnStatementType;
-import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
-import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
+import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AuthnStatementType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
import org.junit.Test;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
@@ -109,7 +109,7 @@
// Create an assertion
AssertionType assertion = response.createAssertion(id, issuerInfo.getIssuer());
-
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(authnStatement);
+ assertion.addStatement( authnStatement );
KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
KeyPair kp = kpg.genKeyPair();
@@ -176,7 +176,7 @@
* Now the signed document is marshalled across the wire using dom
* write
*/
- Binder<Node> binder = response.getBinder();
+ //Binder<Node> binder = response.getBinder();
//We have to parse the dom coming from the stream and feed to binder
Document readDoc =
DocumentUtil.getDocument(DocumentUtil.getNodeAsStream(signedDoc));
@@ -191,9 +191,9 @@
// The client re-validates the signature.
assertTrue("Signature is valid:",
XMLSignatureUtil.validate(validatingDoc, kp.getPublic()));
- JAXBElement<ResponseType> jaxbresponseType =
(JAXBElement<ResponseType>) binder.unmarshal(readDoc);
+ /*JAXBElement<ResponseType> jaxbresponseType =
(JAXBElement<ResponseType>) binder.unmarshal(readDoc);
responseType = jaxbresponseType.getValue();
- assertNotNull(responseType);
+ assertNotNull(responseType); */
}
/**
Modified:
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/util/XMLEncryptionUnitTestCase.java
===================================================================
---
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/util/XMLEncryptionUnitTestCase.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/util/XMLEncryptionUnitTestCase.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -45,10 +45,11 @@
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.saml.v2.util.StatementUtil;
import org.picketlink.identity.federation.core.util.XMLEncryptionUtil;
-import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
-import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType;
-import org.picketlink.identity.federation.saml.v2.assertion.EncryptedElementType;
-import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.EncryptedAssertionType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType.RTChoiceType;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -79,18 +80,20 @@
Element docElement =
XMLEncryptionUtil.encryptElementInDocument(responseDoc,kp.getPublic(), sk,
128, assertionQName, true);
- EncryptedElementType eet =
sr.getEncryptedAssertion(DocumentUtil.getNodeAsStream(docElement));
- rt.getAssertionOrEncryptedAssertion().set(0,eet);
+ EncryptedAssertionType eet =
sr.getEncryptedAssertion(DocumentUtil.getNodeAsStream(docElement));
+ rt.addAssertion( new RTChoiceType( eet ) );
- EncryptedElementType myeet = (EncryptedElementType)
rt.getAssertionOrEncryptedAssertion().get(0);
- Document eetDoc = sr.convert(myeet);
+ RTChoiceType choiceType = rt.getAssertions().get(0);
+ EncryptedAssertionType encryptedAssertionType =
choiceType.getEncryptedAssertion();
+ Document eetDoc = sr.convert( encryptedAssertionType );
+
Element decryptedDocumentElement =
XMLEncryptionUtil.decryptElementInDocument(eetDoc,kp.getPrivate());
//Let us use the encrypted doc element to decrypt it
ResponseType newRT =
sr.getResponseType(DocumentUtil.getNodeAsStream(decryptedDocumentElement));
- AssertionType assertion = (AssertionType)
newRT.getAssertionOrEncryptedAssertion().get(0);
+ AssertionType assertion = (AssertionType)
newRT.getAssertions().get(0).getAssertion();
assertEquals("http://identityurl", assertion.getIssuer().getValue());
}
@@ -110,8 +113,8 @@
Element docElement =
XMLEncryptionUtil.encryptElementInDocument(responseDoc,kp.getPublic(), sk,
128, assertionQName, true);
- EncryptedElementType eet =
sr.getEncryptedAssertion(DocumentUtil.getNodeAsStream(docElement));
- rt.getAssertionOrEncryptedAssertion().set(0,eet);
+ EncryptedAssertionType eet =
sr.getEncryptedAssertion(DocumentUtil.getNodeAsStream(docElement));
+ rt.addAssertion( new RTChoiceType( eet ));
StringWriter sw = new StringWriter();
sr.marshall(rt, sw);
@@ -119,15 +122,15 @@
//Create a brand new ResponseType
ResponseType received = sr.getResponseType(new
ByteArrayInputStream(sw.toString().getBytes("UTF-8")));
- EncryptedElementType myeet = (EncryptedElementType)
received.getAssertionOrEncryptedAssertion().get(0);
- Document eetDoc = sr.convert(myeet);
+ EncryptedAssertionType encryptedAssertionType =
received.getAssertions().get(0).getEncryptedAssertion();
+ Document eetDoc = sr.convert( encryptedAssertionType );
Element decryptedDocumentElement =
XMLEncryptionUtil.decryptElementInDocument(eetDoc,kp.getPrivate());
//Let us use the encrypted doc element to decrypt it
ResponseType newRT =
sr.getResponseType(DocumentUtil.getNodeAsStream(decryptedDocumentElement));
- AssertionType assertion = (AssertionType)
newRT.getAssertionOrEncryptedAssertion().get(0);
+ AssertionType assertion = newRT.getAssertions().get(0).getAssertion();
assertEquals("http://identityurl", assertion.getIssuer().getValue());
}
@@ -210,10 +213,10 @@
SPInfoHolder sp = new SPInfoHolder();
sp.setResponseDestinationURI("http://service");
responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
- AssertionType assertion = (AssertionType)
responseType.getAssertionOrEncryptedAssertion().get(0);
+ AssertionType assertion = (AssertionType)
responseType.getAssertions().get(0).getAssertion();
AttributeStatementType attrStatement =
StatementUtil.createAttributeStatement(roles);
-
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attrStatement);
+ assertion.addStatement( attrStatement );
//Add timed conditions
saml2Response.createTimedConditions(assertion, 5000L);
Modified:
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/filters/SPFilter.java
===================================================================
---
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/filters/SPFilter.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/filters/SPFilter.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -95,17 +95,18 @@
import org.picketlink.identity.federation.core.util.CoreConfigUtil;
import org.picketlink.identity.federation.core.util.StringUtil;
import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
-import org.picketlink.identity.federation.saml.v2.SAML2Object;
-import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
-import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType;
-import org.picketlink.identity.federation.saml.v2.assertion.AttributeType;
-import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
-import org.picketlink.identity.federation.saml.v2.assertion.SubjectType;
-import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
-import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType;
-import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
-import org.picketlink.identity.federation.saml.v2.protocol.StatusResponseType;
-import org.picketlink.identity.federation.saml.v2.protocol.StatusType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestAbstractType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusResponseType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusType;
+import org.picketlink.identity.federation.saml.v2.SAML2Object;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
import org.picketlink.identity.federation.web.core.HTTPContext;
import org.picketlink.identity.federation.web.interfaces.IRoleValidator;
@@ -598,7 +599,7 @@
saml2Request.marshall(authnRequest, baos);
String samlMessage = PostBindingUtil.base64Encode(baos.toString());
- String destination = authnRequest.getDestination();
+ String destination = authnRequest.getDestination().toASCIIString();
PostBindingUtil.sendPost(new DestinationInfoHolder(destination, samlMessage,
relayState),
response, true);
}
@@ -727,32 +728,34 @@
if(statusType == null)
throw new IllegalArgumentException("Status Type from the IDP is
null");
- String statusValue = statusType.getStatusCode().getValue();
+ String statusValue = statusType.getStatusCode().getValue().toASCIIString();
if(JBossSAMLURIConstants.STATUS_SUCCESS.get().equals(statusValue) == false)
throw new SecurityException("IDP forbid the user");
- List<Object> assertions = responseType.getAssertionOrEncryptedAssertion();
+
List<org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType.RTChoiceType>
assertions = responseType.getAssertions();
if(assertions.size() == 0)
throw new IllegalStateException("No assertions in reply from IDP");
- AssertionType assertion = (AssertionType)assertions.get(0);
+ AssertionType assertion = assertions.get(0).getAssertion();
//Check for validity of assertion
boolean expiredAssertion = AssertionUtil.hasExpired(assertion);
if(expiredAssertion)
throw new AssertionExpiredException();
SubjectType subject = assertion.getSubject();
- JAXBElement<NameIDType> jnameID = (JAXBElement<NameIDType>)
subject.getContent().get(0);
- NameIDType nameID = jnameID.getValue();
+ /*JAXBElement<NameIDType> jnameID = (JAXBElement<NameIDType>)
subject.getContent().get(0);
+ NameIDType nameID = jnameID.getValue();*/
+ NameIDType nameID = (NameIDType) subject.getSubType().getBaseID();
+
final String userName = nameID.getValue();
List<String> roles = new ArrayList<String>();
//Let us get the roles
- AttributeStatementType attributeStatement = (AttributeStatementType)
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().get(0);
- List<Object> attList =
attributeStatement.getAttributeOrEncryptedAttribute();
- for(Object obj:attList)
+ AttributeStatementType attributeStatement = (AttributeStatementType)
assertion.getStatements().iterator().next();
+ List<ASTChoiceType> attList = attributeStatement.getAttributes();
+ for(ASTChoiceType obj:attList)
{
- AttributeType attr = (AttributeType) obj;
+ AttributeType attr = obj.getAttribute();
String roleName = (String) attr.getAttributeValue().get(0);
roles.add(roleName);
}
Modified:
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
===================================================================
---
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -29,8 +29,6 @@
import javax.servlet.ServletContext;
import javax.servlet.http.HttpSession;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
import org.apache.log4j.Logger;
import org.picketlink.identity.federation.api.saml.v2.request.SAML2Request;
@@ -45,26 +43,27 @@
import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.holders.SPInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
-import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
import
org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest.GENERATE_REQUEST_TYPE;
+import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
import org.picketlink.identity.federation.core.saml.v2.util.StatementUtil;
-import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
-import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType;
-import org.picketlink.identity.federation.saml.v2.assertion.AttributeType;
-import org.picketlink.identity.federation.saml.v2.assertion.EncryptedElementType;
-import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
-import org.picketlink.identity.federation.saml.v2.assertion.SubjectType;
-import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
-import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
-import org.picketlink.identity.federation.saml.v2.protocol.StatusType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.EncryptedAssertionType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType.RTChoiceType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusType;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
import org.picketlink.identity.federation.web.core.HTTPContext;
import org.picketlink.identity.federation.web.core.IdentityServer;
import org.picketlink.identity.federation.web.interfaces.IRoleValidator;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
-import org.xml.sax.SAXException;
/**
* Handles for dealing with SAML2 Authentication
@@ -160,7 +159,7 @@
{
Map<String,Object> attribs = (Map<String, Object>)
request.getOptions().get(GeneralConstants.ATTRIBUTES);
long assertionValidity = (Long)
request.getOptions().get(GeneralConstants.ASSERTIONS_VALIDITY);
- String destination = art.getAssertionConsumerServiceURL();
+ String destination = art.getAssertionConsumerServiceURL().toASCIIString();
Document samlResponse = this.getResponse(destination,
userPrincipal, roles, request.getIssuer().getValue(),
attribs,
@@ -216,10 +215,10 @@
responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
//Add information on the roles
- AssertionType assertion = (AssertionType)
responseType.getAssertionOrEncryptedAssertion().get(0);
+ AssertionType assertion = (AssertionType)
responseType.getAssertions().get(0).getAssertion();
AttributeStatementType attrStatement =
StatementUtil.createAttributeStatement(roles);
-
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attrStatement);
+ assertion.addStatement( attrStatement );
//Add timed conditions
saml2Response.createTimedConditions(assertion, assertionValidity);
@@ -228,7 +227,7 @@
if(attribs != null && attribs.size() > 0 )
{
AttributeStatementType attStatement =
StatementUtil.createAttributeStatement(attribs);
-
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attStatement);
+ assertion.addStatement( attStatement );
}
//Lets see how the response looks like
@@ -239,14 +238,10 @@
{
saml2Response.marshall(responseType, sw);
}
- catch (JAXBException e)
+ catch ( ProcessingException e)
{
log.trace(e);
- }
- catch (SAXException e)
- {
- log.trace(e);
- }
+ }
log.trace("Response="+sw.toString());
}
try
@@ -291,12 +286,12 @@
{
HTTPContext httpContext = (HTTPContext) request.getContext();
ResponseType responseType = (ResponseType) request.getSAML2Object();
- List<Object> assertions =
responseType.getAssertionOrEncryptedAssertion();
+ List<RTChoiceType> assertions = responseType.getAssertions();
if(assertions.size() == 0)
throw new IllegalStateException("No assertions in reply from IDP");
- Object assertion = assertions.get(0);
- if(assertion instanceof EncryptedElementType)
+ Object assertion = assertions.get(0).getEncryptedAssertion();
+ if(assertion instanceof EncryptedAssertionType)
{
responseType = this.decryptAssertion(responseType);
}
@@ -323,8 +318,7 @@
{
throw new RuntimeException("This authenticator does not handle
encryption");
}
-
- @SuppressWarnings("unchecked")
+
private Principal handleSAMLResponse(ResponseType responseType,
SAML2HandlerResponse response)
throws ProcessingException
{
@@ -335,15 +329,15 @@
if(statusType == null)
throw new IllegalArgumentException("Status Type from the IDP is
null");
- String statusValue = statusType.getStatusCode().getValue();
+ String statusValue = statusType.getStatusCode().getValue().toASCIIString();
if(JBossSAMLURIConstants.STATUS_SUCCESS.get().equals(statusValue) == false)
throw new SecurityException("IDP forbid the user");
- List<Object> assertions =
responseType.getAssertionOrEncryptedAssertion();
+ List<RTChoiceType> assertions = responseType.getAssertions();
if(assertions.size() == 0)
throw new IllegalStateException("No assertions in reply from IDP");
- AssertionType assertion = (AssertionType)assertions.get(0);
+ AssertionType assertion = assertions.get(0).getAssertion();
//Check for validity of assertion
boolean expiredAssertion;
try
@@ -361,17 +355,20 @@
}
SubjectType subject = assertion.getSubject();
- JAXBElement<NameIDType> jnameID = (JAXBElement<NameIDType>)
subject.getContent().get(0);
+ /*JAXBElement<NameIDType> jnameID = (JAXBElement<NameIDType>)
subject.getContent().get(0);
NameIDType nameID = jnameID.getValue();
+ */
+ NameIDType nameID = (NameIDType) subject.getSubType().getBaseID();
+
final String userName = nameID.getValue();
List<String> roles = new ArrayList<String>();
//Let us get the roles
- AttributeStatementType attributeStatement = (AttributeStatementType)
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().get(0);
- List<Object> attList =
attributeStatement.getAttributeOrEncryptedAttribute();
- for(Object obj:attList)
+ AttributeStatementType attributeStatement = (AttributeStatementType)
assertion.getStatements().iterator().next();
+ List<ASTChoiceType> attList = attributeStatement.getAttributes();
+ for(ASTChoiceType obj:attList)
{
- AttributeType attr = (AttributeType) obj;
+ AttributeType attr = obj.getAttribute();
List<Object> attributeValues = attr.getAttributeValue();
if( attributeValues != null)
{
Modified:
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2LogOutHandler.java
===================================================================
---
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2LogOutHandler.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2LogOutHandler.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -40,14 +40,13 @@
import
org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest.GENERATE_REQUEST_TYPE;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
-import org.picketlink.identity.federation.saml.v2.SAML2Object;
-import org.picketlink.identity.federation.saml.v2.protocol.LogoutRequestType;
-import org.picketlink.identity.federation.saml.v2.protocol.ObjectFactory;
-import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType;
-import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
-import org.picketlink.identity.federation.saml.v2.protocol.StatusCodeType;
-import org.picketlink.identity.federation.saml.v2.protocol.StatusResponseType;
-import org.picketlink.identity.federation.saml.v2.protocol.StatusType;
+import org.picketlink.identity.federation.core.util.NetworkUtil;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.LogoutRequestType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusCodeType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusResponseType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.StatusType;
+import org.picketlink.identity.federation.saml.v2.SAML2Object;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
import org.picketlink.identity.federation.web.core.HTTPContext;
import org.picketlink.identity.federation.web.core.IdentityServer;
@@ -64,9 +63,7 @@
private IDPLogOutHandler idp = new IDPLogOutHandler();
private SPLogOutHandler sp = new SPLogOutHandler();
-
- private ObjectFactory objectFactory = new ObjectFactory();
-
+
/**
* @see SAML2Handler#generateSAMLRequest(SAML2HandlerRequest, SAML2HandlerResponse)
*/
@@ -287,7 +284,7 @@
long assertionValidity = (Long)
request.getOptions().get(GeneralConstants.ASSERTIONS_VALIDITY);
lort.setNotOnOrAfter(XMLTimeUtil.add(lort.getIssueInstant(),
assertionValidity));
- lort.setDestination(participant);
+ lort.setDestination( NetworkUtil.createURI( participant ));
response.setResultingDocument(saml2Request.convert(lort));
response.setSendRequest(true);
@@ -328,16 +325,16 @@
String originalIssuer)
throws ConfigurationException, ParserConfigurationException,
ProcessingException
{
- StatusResponseType statusResponse = objectFactory.createStatusResponseType();
+ StatusResponseType statusResponse = new StatusResponseType();
//Status
- StatusType statusType = objectFactory.createStatusType();
- StatusCodeType statusCodeType = objectFactory.createStatusCodeType();
- statusCodeType.setValue(JBossSAMLURIConstants.STATUS_RESPONDER.get());
+ StatusType statusType = new StatusType();
+ StatusCodeType statusCodeType = new StatusCodeType();
+ statusCodeType.setValue( NetworkUtil.createURI(
JBossSAMLURIConstants.STATUS_RESPONDER.get() ));
//2nd level status code
- StatusCodeType status2ndLevel = objectFactory.createStatusCodeType();
- status2ndLevel.setValue(JBossSAMLURIConstants.STATUS_SUCCESS.get());
+ StatusCodeType status2ndLevel = new StatusCodeType();
+ status2ndLevel.setValue( NetworkUtil.createURI(
JBossSAMLURIConstants.STATUS_SUCCESS.get() ));
statusCodeType.setStatusCode(status2ndLevel);
statusType.setStatusCode(statusCodeType);
@@ -445,16 +442,16 @@
session.invalidate(); //Invalidate the current session at the SP
//Generate a Logout Response
- StatusResponseType statusResponse = objectFactory.createStatusResponseType();
+ StatusResponseType statusResponse = new StatusResponseType();
//Status
- StatusType statusType = objectFactory.createStatusType();
- StatusCodeType statusCodeType = objectFactory.createStatusCodeType();
- statusCodeType.setValue(JBossSAMLURIConstants.STATUS_RESPONDER.get());
+ StatusType statusType = new StatusType();
+ StatusCodeType statusCodeType = new StatusCodeType();
+ statusCodeType.setValue( NetworkUtil.createURI(
JBossSAMLURIConstants.STATUS_RESPONDER.get() ));
//2nd level status code
- StatusCodeType status2ndLevel = objectFactory.createStatusCodeType();
- status2ndLevel.setValue(JBossSAMLURIConstants.STATUS_SUCCESS.get());
+ StatusCodeType status2ndLevel = new StatusCodeType();
+ status2ndLevel.setValue( NetworkUtil.createURI(
JBossSAMLURIConstants.STATUS_SUCCESS.get() ));
statusCodeType.setStatusCode(status2ndLevel);
statusType.setStatusCode(statusCodeType);
Modified:
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java
===================================================================
---
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -51,14 +51,11 @@
import org.picketlink.identity.federation.core.saml.v2.util.SOAPSAMLXACMLUtil;
import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.picketlink.identity.federation.core.util.JAXBUtil;
+import
org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestAbstractType;
import org.picketlink.identity.federation.org.xmlsoap.schemas.soap.envelope.Body;
import org.picketlink.identity.federation.org.xmlsoap.schemas.soap.envelope.Envelope;
-import org.picketlink.identity.federation.org.xmlsoap.schemas.soap.envelope.Fault;
-import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
-import org.picketlink.identity.federation.saml.v2.assertion.StatementAbstractType;
-import
org.picketlink.identity.federation.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType;
-import
org.picketlink.identity.federation.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType;
-import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType;
+import org.picketlink.identity.federation.org.xmlsoap.schemas.soap.envelope.Fault;
import org.jboss.security.xacml.core.JBossPDP;
import org.jboss.security.xacml.core.JBossRequestContext;
import org.jboss.security.xacml.core.model.context.RequestType;
@@ -145,7 +142,8 @@
@Override
protected void service(HttpServletRequest req, HttpServletResponse resp) throws
ServletException, IOException
{
- JAXBElement<RequestAbstractType> jaxbRequestType = null;
+ throw new RuntimeException( "FIX" );
+ /*JAXBElement<RequestAbstractType> jaxbRequestType = null;
Envelope envelope = null;
XACMLAuthzDecisionQueryType xacmlRequest = null;
@@ -256,7 +254,7 @@
{
log("marshalling exception",e);
}
- }
+ } */
}
private PolicyDecisionPoint getPDP() throws PrivilegedActionException
Modified:
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/IDPWebRequestUtil.java
===================================================================
---
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/IDPWebRequestUtil.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/IDPWebRequestUtil.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -38,7 +38,6 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.xml.bind.JAXBException;
import javax.xml.crypto.dsig.CanonicalizationMethod;
import org.apache.log4j.Logger;
@@ -63,12 +62,11 @@
import org.picketlink.identity.federation.core.saml.v2.holders.SPInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.saml.v2.util.StatementUtil;
-import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
-import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType;
-import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType;
-import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.RequestAbstractType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
import org.w3c.dom.Document;
-import org.xml.sax.SAXException;
/**
* Request Util
@@ -220,10 +218,10 @@
responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
//Add information on the roles
- AssertionType assertion = (AssertionType)
responseType.getAssertionOrEncryptedAssertion().get(0);
+ AssertionType assertion = (AssertionType)
responseType.getAssertions().get(0).getAssertion();
AttributeStatementType attrStatement =
StatementUtil.createAttributeStatement(roles);
-
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attrStatement);
+ assertion.addStatement( attrStatement );
//Add timed conditions
saml2Response.createTimedConditions(assertion, assertionValidity);
@@ -236,7 +234,7 @@
Map<String, Object> attribs =
attributeManager.getAttributes(userPrincipal, this.attribKeys);
AttributeStatementType attStatement =
StatementUtil.createAttributeStatement(attribs);
-
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attStatement);
+ assertion.addStatement( attStatement );
}
catch(Exception e)
{
@@ -252,14 +250,10 @@
{
saml2Response.marshall(responseType, sw);
}
- catch (JAXBException e)
+ catch ( ProcessingException e)
{
log.trace(e);
- }
- catch (SAXException e)
- {
- log.trace(e);
- }
+ }
log.trace("Response="+sw.toString());
}
@@ -546,14 +540,10 @@
{
saml2Response.marshall(responseType, sw);
}
- catch (JAXBException e)
+ catch ( ProcessingException e)
{
log.trace(e);
- }
- catch (SAXException e)
- {
- log.trace(e);
- }
+ }
log.trace("Response="+sw.toString());
}
Modified:
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/RedirectBindingSignatureUtil.java
===================================================================
---
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/RedirectBindingSignatureUtil.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/RedirectBindingSignatureUtil.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -35,10 +35,13 @@
import org.picketlink.identity.federation.api.saml.v2.request.SAML2Request;
import org.picketlink.identity.federation.api.saml.v2.response.SAML2Response;
+import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
+import org.picketlink.identity.federation.core.exceptions.ParsingException;
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.picketlink.identity.federation.core.saml.v2.util.SignatureUtil;
-import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
-import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
+import org.picketlink.identity.federation.core.saml.v2.util.SignatureUtil;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
import org.w3c.dom.Document;
import org.xml.sax.SAXException;
@@ -152,13 +155,14 @@
/**
* From the SAML Request URL, get the Request object
* @param signedURL
- * @return
+ * @return
* @throws IOException
- * @throws SAXException
- * @throws JAXBException
+ * @throws ParsingException
+ * @throws ProcessingException
+ * @throws ConfigurationException
*/
public static AuthnRequestType getRequestFromSignedURL(String signedURL)
- throws JAXBException, SAXException, IOException
+ throws ConfigurationException, ProcessingException, ParsingException, IOException
{
String samlRequestTokenValue = getTokenValue(signedURL, "SAMLRequest");
Modified:
federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/saml/handlers/SAML2SignatureHandlerUnitTestCase.java
===================================================================
---
federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/saml/handlers/SAML2SignatureHandlerUnitTestCase.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/saml/handlers/SAML2SignatureHandlerUnitTestCase.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -42,8 +42,8 @@
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerConfig;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
-import
org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest.GENERATE_REQUEST_TYPE;
-import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
+import
org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest.GENERATE_REQUEST_TYPE;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
import org.picketlink.identity.federation.web.core.HTTPContext;
import org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler;
Modified:
federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/saml2/SAML2LogoutWorkflowUnitTestCase.java
===================================================================
---
federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/saml2/SAML2LogoutWorkflowUnitTestCase.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/saml2/SAML2LogoutWorkflowUnitTestCase.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -39,8 +39,8 @@
import org.picketlink.identity.federation.api.saml.v2.request.SAML2Request;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.util.Base64;
-import org.picketlink.identity.federation.saml.v2.SAML2Object;
-import org.picketlink.identity.federation.saml.v2.protocol.LogoutRequestType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.LogoutRequestType;
+import org.picketlink.identity.federation.saml.v2.SAML2Object;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
import org.picketlink.identity.federation.web.core.IdentityServer;
import org.picketlink.identity.federation.web.filters.SPFilter;
Modified:
federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/saml2/SAML2PostWorkflowUnitTestCase.java
===================================================================
---
federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/saml2/SAML2PostWorkflowUnitTestCase.java 2010-11-30
16:06:20 UTC (rev 569)
+++
federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/saml2/SAML2PostWorkflowUnitTestCase.java 2010-11-30
16:07:32 UTC (rev 570)
@@ -36,9 +36,9 @@
import org.picketlink.identity.federation.api.saml.v2.response.SAML2Response;
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.picketlink.identity.federation.core.util.Base64;
-import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
-import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
+import org.picketlink.identity.federation.core.util.Base64;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
import org.picketlink.identity.federation.web.core.IdentityServer;
import org.picketlink.identity.federation.web.filters.SPFilter;