Author: sguilhen(a)redhat.com
Date: 2011-02-22 13:10:31 -0500 (Tue, 22 Feb 2011)
New Revision: 759
Added:
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/subject/SecurityActions.java
federation/trunk/picketlink-webapps/assembly/src/main/resources/picketlink-sts-jboss-beans.xml
Modified:
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSLoginModule.java
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/subject/PicketLinkPrincipal.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/factories/SecurityActions.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTRequestSecurityTokenParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/writers/WSTrustRequestWriter.java
Log:
PLFED-132: Added lifetime support to the WSTrust token request writer and parser. Fixed
the PicketLinkPrincipal equals and hashcode methods to match those of SimplePrincipal.
Fixed the MBeanServer lookup code.
Modified:
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSLoginModule.java
===================================================================
---
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSLoginModule.java 2011-02-22
17:33:12 UTC (rev 758)
+++
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSLoginModule.java 2011-02-22
18:10:31 UTC (rev 759)
@@ -43,18 +43,18 @@
import
org.picketlink.identity.federation.core.factories.JBossAuthCacheInvalidationFactory.TimeCacheExpiry;
import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
import org.picketlink.identity.federation.core.wstrust.STSClient;
-import org.picketlink.identity.federation.core.wstrust.STSClientConfig.Builder;
import org.picketlink.identity.federation.core.wstrust.SamlCredential;
import org.picketlink.identity.federation.core.wstrust.WSTrustException;
+import org.picketlink.identity.federation.core.wstrust.STSClientConfig.Builder;
import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType;
-import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.BaseIDAbstractType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.StatementAbstractType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType;
+import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
import org.w3c.dom.Element;
/**
Modified:
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/subject/PicketLinkPrincipal.java
===================================================================
---
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/subject/PicketLinkPrincipal.java 2011-02-22
17:33:12 UTC (rev 758)
+++
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/subject/PicketLinkPrincipal.java 2011-02-22
18:10:31 UTC (rev 759)
@@ -1,76 +1,83 @@
/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ * JBoss, Home of Professional Open Source. Copyright 2008, Red Hat Middleware LLC, and
individual contributors as
+ * indicated by the @author tags. See the copyright.txt file in the distribution for a
full listing of individual
+ * contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the terms of the
GNU Lesser General Public
+ * License as published by the Free Software Foundation; either version 2.1 of the
License, or (at your option) any
+ * later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License along with
this software; if not, write to
+ * the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
USA, or see the FSF site:
+ *
http://www.fsf.org.
*/
package org.picketlink.identity.federation.bindings.jboss.subject;
import java.io.Serializable;
import java.security.Principal;
+import org.jboss.security.SimplePrincipal;
+
/**
* Simple Principal
+ *
* @author Anil.Saldhana(a)redhat.com
* @since Jan 16, 2009
*/
-public class PicketLinkPrincipal implements Principal,Serializable
-{
+public class PicketLinkPrincipal implements Principal, Serializable
+{
private static final long serialVersionUID = 1L;
protected String name;
-
+
+ private static final String OVERRIDE_EQUALS_BEHAVIOR =
"org.picketlink.principal.equals.override";
+
public PicketLinkPrincipal(String name)
- {
+ {
this.name = name;
}
public String getName()
{
- return name;
+ return this.name;
}
@Override
public int hashCode()
{
- final int prime = 31;
- int result = 1;
- result = prime * result + ((name == null) ? 0 : name.hashCode());
- return result;
+ return (this.name == null ? 0 : this.name.hashCode());
}
@Override
public boolean equals(Object obj)
{
- if (this == obj)
- return true;
- if (obj == null)
+ if (!(obj instanceof Principal))
return false;
- if (getClass() != obj.getClass())
- return false;
- PicketLinkPrincipal other = (PicketLinkPrincipal) obj;
- if (name == null)
+
+ // if the org.picketlink.principal.equals.override system property has been set,
narrow the allowed type.
+ if
("true".equals(SecurityActions.getSystemProperty(OVERRIDE_EQUALS_BEHAVIOR,
"false")))
{
- if (other.name != null)
+ if (!(obj instanceof SimplePrincipal))
return false;
}
- else if (!name.equals(other.name))
- return false;
- return true;
- }
+
+ // compare the principal names.
+ String anotherName = ((Principal) obj).getName();
+ boolean equals = false;
+ if (this.name == null)
+ equals = anotherName == null;
+ else
+ equals = this.name.equals(anotherName);
+ return equals;
+ }
+
+ @Override
+ public String toString()
+ {
+ return this.name;
+ }
}
\ No newline at end of file
Added:
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/subject/SecurityActions.java
===================================================================
---
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/subject/SecurityActions.java
(rev 0)
+++
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/subject/SecurityActions.java 2011-02-22
18:10:31 UTC (rev 759)
@@ -0,0 +1,56 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.bindings.jboss.subject;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+/**
+ * <p>
+ * This class contains operations that need privileged blocks to run.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+class SecurityActions
+{
+ /**
+ * <p>
+ * Obtains the system property identified by the provided key. If no property can be
found, the specified default
+ * value will be returned.
+ * </p>
+ *
+ * @param key the system property key.
+ * @param defaultValue the value to be returned if no property was found under the
provided key.
+ * @return a {@code String} representing the property value.
+ */
+ static String getSystemProperty(final String key, final String defaultValue)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ return System.getProperty(key, defaultValue);
+ }
+ });
+ }
+}
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/factories/SecurityActions.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/factories/SecurityActions.java 2011-02-22
17:33:12 UTC (rev 758)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/factories/SecurityActions.java 2011-02-22
18:10:31 UTC (rev 759)
@@ -25,6 +25,7 @@
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
+import java.util.Iterator;
import javax.management.MBeanServer;
import javax.management.MBeanServerFactory;
@@ -57,7 +58,15 @@
{
public MBeanServer run()
{
- return MBeanServerFactory.findMBeanServer( "jboss").get( 0 );
+ for (Iterator<MBeanServer> i =
MBeanServerFactory.findMBeanServer(null).iterator(); i.hasNext(); )
+ {
+ MBeanServer server = i.next();
+ if (server.getDefaultDomain().equals("jboss"))
+ {
+ return server;
+ }
+ }
+ throw new IllegalStateException("No 'jboss' MBeanServer
found!");
}
});
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTRequestSecurityTokenParser.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTRequestSecurityTokenParser.java 2011-02-22
17:33:12 UTC (rev 758)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTRequestSecurityTokenParser.java 2011-02-22
18:10:31 UTC (rev 759)
@@ -36,15 +36,18 @@
import org.picketlink.identity.federation.core.parsers.ParserNamespaceSupport;
import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil;
import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
+import org.picketlink.identity.federation.core.wstrust.wrappers.Lifetime;
import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
import org.picketlink.identity.federation.ws.policy.AppliesTo;
import org.picketlink.identity.federation.ws.trust.BinarySecretType;
import org.picketlink.identity.federation.ws.trust.CancelTargetType;
import org.picketlink.identity.federation.ws.trust.EntropyType;
+import org.picketlink.identity.federation.ws.trust.LifetimeType;
import org.picketlink.identity.federation.ws.trust.OnBehalfOfType;
import org.picketlink.identity.federation.ws.trust.RenewTargetType;
import org.picketlink.identity.federation.ws.trust.UseKeyType;
import org.picketlink.identity.federation.ws.trust.ValidateTargetType;
+import org.picketlink.identity.federation.ws.wss.utility.AttributedDateTime;
import org.w3c.dom.Element;
/**
@@ -116,6 +119,37 @@
String value = StaxParserUtil.getElementText(xmlEventReader);
requestToken.setTokenType( new URI( value ));
}
+ else if (tag.equals(WSTrustConstants.LIFETIME))
+ {
+ subEvent = StaxParserUtil.getNextStartElement(xmlEventReader);
+ StaxParserUtil.validate(subEvent, WSTrustConstants.LIFETIME);
+
+ LifetimeType lifeTime = new LifetimeType();
+ // Get the Created
+ subEvent = StaxParserUtil.getNextStartElement(xmlEventReader);
+ String subTag = StaxParserUtil.getStartElementName(subEvent);
+ if (subTag.equals(WSTrustConstants.CREATED))
+ {
+ AttributedDateTime created = new AttributedDateTime();
+ created.setValue(StaxParserUtil.getElementText(xmlEventReader));
+ lifeTime.setCreated(created);
+ }
+ subEvent = StaxParserUtil.getNextStartElement(xmlEventReader);
+ subTag = StaxParserUtil.getStartElementName(subEvent);
+
+ if (subTag.equals(WSTrustConstants.EXPIRES))
+ {
+ AttributedDateTime expires = new AttributedDateTime();
+ expires.setValue(StaxParserUtil.getElementText(xmlEventReader));
+ lifeTime.setExpires(expires);
+ }
+ else
+ throw new RuntimeException(subTag + " was unexpected");
+
+ requestToken.setLifetime(new Lifetime(lifeTime));
+ EndElement lifeTimeElement =
StaxParserUtil.getNextEndElement(xmlEventReader);
+ StaxParserUtil.validate(lifeTimeElement, WSTrustConstants.LIFETIME);
+ }
else if( tag.equals( WSTrustConstants.CANCEL_TARGET ))
{
subEvent = StaxParserUtil.getNextStartElement(xmlEventReader);
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/writers/WSTrustRequestWriter.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/writers/WSTrustRequestWriter.java 2011-02-22
17:33:12 UTC (rev 758)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/writers/WSTrustRequestWriter.java 2011-02-22
18:10:31 UTC (rev 759)
@@ -38,6 +38,7 @@
import org.picketlink.identity.federation.core.saml.v2.writers.SAMLAssertionWriter;
import org.picketlink.identity.federation.core.util.StaxUtil;
import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
+import org.picketlink.identity.federation.core.wstrust.wrappers.Lifetime;
import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
import
org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityTokenCollection;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
@@ -152,6 +153,17 @@
{
writeTokenType( writer, tokenType );
}
+
+ // deal with the token lifetime.
+ if (requestToken.getLifetime() != null)
+ {
+ Lifetime lifetime = requestToken.getLifetime();
+ StaxUtil.writeStartElement(this.writer, WSTrustConstants.PREFIX,
WSTrustConstants.LIFETIME,
+ WSTrustConstants.BASE_NAMESPACE);
+ new WSSecurityWriter(this.writer).writeLifetime(lifetime.getCreated(),
lifetime.getExpires());
+ StaxUtil.writeEndElement(this.writer);
+ }
+
//Deal with AppliesTo
AppliesTo appliesTo = requestToken.getAppliesTo();
if( appliesTo != null )
Added:
federation/trunk/picketlink-webapps/assembly/src/main/resources/picketlink-sts-jboss-beans.xml
===================================================================
---
federation/trunk/picketlink-webapps/assembly/src/main/resources/picketlink-sts-jboss-beans.xml
(rev 0)
+++
federation/trunk/picketlink-webapps/assembly/src/main/resources/picketlink-sts-jboss-beans.xml 2011-02-22
18:10:31 UTC (rev 759)
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<deployment xmlns="urn:jboss:bean-deployer:2.0">
+
+ <!-- ejb3 test application-policy definition -->
+ <application-policy xmlns="urn:jboss:security-beans:1.0"
name="cache-test">
+ <authentication>
+ <login-module
code="org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSLoginModule"
flag="required">
+ <module-option
name="password-stacking">useFirstPass</module-option>
+ <module-option
name="configFile">sts-config.properties</module-option>
+ <module-option
name="cache.invalidation">true</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+</deployment>
+