Author: mmoyses Date: 2010-10-08 15:12:18 -0400 (Fri, 08 Oct 2010) New Revision: 442 Added: trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java Modified: trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerClient.java trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerServer.java Log: Preparing CR Added: trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java =================================================================== --- trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java (rev 0) +++ trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java 2010-10-08 19:12:18 UTC (rev 442) @@ -0,0 +1,115 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2010, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.trust.jbossws.handler; + +import javax.security.auth.Subject; +import javax.xml.namespace.QName; +import javax.xml.ws.handler.MessageContext; + +import org.jboss.logging.Logger; +import org.jboss.security.SecurityContext; +import org.jboss.ws.core.CommonMessageContext; +import org.jboss.ws.core.soap.SOAPMessageImpl; +import org.jboss.ws.extensions.security.Util; +import org.jboss.ws.extensions.security.element.SecurityHeader; +import org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer; +import org.picketlink.identity.federation.bindings.jboss.subject.PicketLinkPrincipal; +import org.picketlink.identity.federation.core.wstrust.SamlCredential; +import org.picketlink.trust.jbossws.SAML2Constants; +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +/** + * A SAMLv2 WS handler. + * + * @author <a href=&quot;mmoyses(a)redhat.com&quot;&gt;Marcus Moyses</a> + * @version $Revision: 1 $ + */ +public class SAML2Handler extends WSSecurityHandlerServer +{ + + protected Logger log = Logger.getLogger(this.getClass()); + + /** + * Retrieves the SAML assertion from the SOAP payload and lets invocation go to JAAS for validation. + */ + protected boolean handleInbound(MessageContext msgContext) + { + CommonMessageContext ctx = (CommonMessageContext) msgContext; + SOAPMessageImpl soapMessage = (SOAPMessageImpl) ctx.getSOAPMessage(); + + // retrieve the assertion + Document document = soapMessage.getSOAPPart(); + Element soapHeader = Util.findOrCreateSoapHeader(document.getDocumentElement()); + Element assertion = Util.findElement(soapHeader, new QName(SAML2Constants.SAML2_ASSERTION_URI, "Assertion")); + if (assertion != null) + { + SamlCredential credential = new SamlCredential(assertion); + Element subject = Util.findElement(assertion, new QName(SAML2Constants.SAML2_ASSERTION_URI, "Subject")); + Element nameID = Util.findElement(subject, new QName(SAML2Constants.SAML2_ASSERTION_URI, "NameID")); + String username = nameID.getNodeValue(); + // set SecurityContext + Subject s = new Subject(); + SecurityContext sc = SecurityActions.createSecurityContext(new PicketLinkPrincipal(username), credential, s); + SecurityActions.setSecurityContext(sc); + } + + return true; + } + + /** + * It expects a {@link Element} assertion as the value of the {@link SAML2Constants#SAML2_ASSERTION_PROPERTY} property. + * This assertion is then included in the SOAP payload. + */ + protected boolean handleOutbound(MessageContext msgContext) + { + CommonMessageContext ctx = (CommonMessageContext) msgContext; + SOAPMessageImpl soapMessage = (SOAPMessageImpl) ctx.getSOAPMessage(); + + // retrieve assertion + Element assertion = (Element) ctx.get(SAML2Constants.SAML2_ASSERTION_PROPERTY); + + // add wsse header + Document document = soapMessage.getSOAPPart(); + Element soapHeader = Util.findOrCreateSoapHeader(document.getDocumentElement()); + SecurityHeader secHeader = new SecurityHeader(document); + try + { + Element wsse = secHeader.getElement(); + wsse.setAttributeNS(soapHeader.getNamespaceURI(), soapHeader.getPrefix() + ":mustUnderstand", "1"); + if (assertion != null) + { + // add the assertion as a child of the wsse header + wsse.appendChild(assertion); + } + soapHeader.insertBefore(wsse, soapHeader.getFirstChild()); + } + catch (Exception e) + { + log.error(e); + return false; + } + + return true; + } + +} Modified: trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerClient.java =================================================================== --- trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerClient.java 2010-10-07 18:00:50 UTC (rev 441) +++ trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerClient.java 2010-10-08 19:12:18 UTC (rev 442) @@ -23,13 +23,7 @@ import javax.xml.ws.handler.MessageContext; -import org.jboss.ws.core.CommonMessageContext; -import org.jboss.ws.core.soap.SOAPMessageImpl; -import org.jboss.ws.extensions.security.Util; -import org.jboss.ws.extensions.security.element.SecurityHeader; -import org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer; import org.picketlink.trust.jbossws.SAML2Constants; -import org.w3c.dom.Document; import org.w3c.dom.Element; /** @@ -40,42 +34,17 @@ * @author <a href=&quot;mmoyses(a)redhat.com&quot;&gt;Marcus Moyses</a> * @version $Revision: 1 $ */ -public class SAML2HandlerClient extends WSSecurityHandlerServer +public class SAML2HandlerClient extends SAML2Handler { protected boolean handleInbound(MessageContext msgContext) { - // FIXME handleInbound return super.handleInbound(msgContext); } protected boolean handleOutbound(MessageContext msgContext) { - CommonMessageContext ctx = (CommonMessageContext) msgContext; - SOAPMessageImpl soapMessage = (SOAPMessageImpl) ctx.getSOAPMessage(); - - // retrieve assertion - Element assertion = (Element) ctx.get(SAML2Constants.SAML2_ASSERTION_PROPERTY); - - // add wsse header - Document document = soapMessage.getSOAPPart(); - Element soapHeader = Util.findOrCreateSoapHeader(document.getDocumentElement()); - SecurityHeader secHeader = new SecurityHeader(document); - try - { - Element wsse = secHeader.getElement(); - wsse.setAttributeNS(soapHeader.getNamespaceURI(), soapHeader.getPrefix() + ":mustUnderstand", "1"); - // add the assertion as a child of the wsse header - wsse.appendChild(assertion); - soapHeader.insertBefore(wsse, soapHeader.getFirstChild()); - } - catch (Exception e) - { - e.printStackTrace(); - return false; - } - - return true; + return super.handleOutbound(msgContext); } } Modified: trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerServer.java =================================================================== --- trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerServer.java 2010-10-07 18:00:50 UTC (rev 441) +++ trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerServer.java 2010-10-08 19:12:18 UTC (rev 442) @@ -21,21 +21,8 @@ */ package org.picketlink.trust.jbossws.handler; -import javax.security.auth.Subject; -import javax.xml.namespace.QName; import javax.xml.ws.handler.MessageContext; -import org.jboss.security.SecurityContext; -import org.jboss.ws.core.CommonMessageContext; -import org.jboss.ws.core.soap.SOAPMessageImpl; -import org.jboss.ws.extensions.security.Util; -import org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer; -import org.picketlink.identity.federation.bindings.jboss.subject.PicketLinkPrincipal; -import org.picketlink.identity.federation.core.wstrust.SamlCredential; -import org.picketlink.trust.jbossws.SAML2Constants; -import org.w3c.dom.Document; -import org.w3c.dom.Element; - /** * A server side WS handler. * Retrieves the SAML assertion from the SOAP payload and lets invocation go to JAAS for validation. @@ -43,39 +30,17 @@ * @author <a href=&quot;mmoyses(a)redhat.com&quot;&gt;Marcus Moyses</a> * @version $Revision: 1 $ */ -public class SAML2HandlerServer extends WSSecurityHandlerServer +public class SAML2HandlerServer extends SAML2Handler { protected boolean handleInbound(MessageContext msgContext) { - CommonMessageContext ctx = (CommonMessageContext) msgContext; - SOAPMessageImpl soapMessage = (SOAPMessageImpl) ctx.getSOAPMessage(); - - // retrieve the assertion - Document document = soapMessage.getSOAPPart(); - Element soapHeader = Util.findOrCreateSoapHeader(document.getDocumentElement()); - Element assertion = Util.findElement(soapHeader, new QName(SAML2Constants.SAML2_ASSERTION_URI, "Assertion")); - if (assertion != null) - { - SamlCredential credential = new SamlCredential(assertion); - Element subject = Util.findElement(assertion, new QName(SAML2Constants.SAML2_ASSERTION_URI, "Subject")); - Element nameID = Util.findElement(subject, new QName(SAML2Constants.SAML2_ASSERTION_URI, "NameID")); - String username = nameID.getNodeValue(); - // set SecurityContext - Subject s = new Subject(); - SecurityContext sc = SecurityActions.createSecurityContext(new PicketLinkPrincipal(username), credential, s); - SecurityActions.setSecurityContext(sc); - } - - return true; + return super.handleInbound(msgContext); } protected boolean handleOutbound(MessageContext msgContext) { - // FIXME handleOutbound return super.handleOutbound(msgContext); } - - }