Author: anil.saldhana(a)jboss.com
Date: 2011-04-23 00:38:10 -0400 (Sat, 23 Apr 2011)
New Revision: 905
Added:
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/JBWSTokenIssuingLoginModule.java
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/SecurityActions.java
Log:
a subclass of the PicketLink STSIssuingLoginModule that allows us to inject JBWS client
handlers
Added:
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/JBWSTokenIssuingLoginModule.java
===================================================================
---
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/JBWSTokenIssuingLoginModule.java
(rev 0)
+++
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/JBWSTokenIssuingLoginModule.java 2011-04-23
04:38:10 UTC (rev 905)
@@ -0,0 +1,102 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.picketlink.trust.jbossws.jaas;
+
+import java.util.List;
+import java.util.Map;
+
+import javax.xml.transform.Source;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.Dispatch;
+import javax.xml.ws.handler.Handler;
+
+import org.picketlink.identity.federation.core.wstrust.STSClient;
+import org.picketlink.identity.federation.core.wstrust.STSClientConfig;
+import org.picketlink.identity.federation.core.wstrust.auth.STSIssuingLoginModule;
+import org.picketlink.trust.jbossws.handler.BinaryTokenHandler;
+import org.picketlink.trust.jbossws.handler.SAML2Handler;
+
+/**
+ * A subclass of {@link STSIssuingLoginModule} that adds in JBoss WS specific
+ * details
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Apr 22, 2011
+ */
+public class JBWSTokenIssuingLoginModule extends STSIssuingLoginModule
+{
+ @Override
+ protected STSClient createWSTrustClient(STSClientConfig config)
+ {
+ return new JBWSTokenClient(config);
+ }
+
+ public class JBWSTokenClient extends STSClient
+ {
+ public JBWSTokenClient()
+ {
+ super();
+ }
+
+ public JBWSTokenClient(STSClientConfig config)
+ {
+ super(config);
+ }
+
+ @SuppressWarnings("rawtypes")
+ public JBWSTokenClient(STSClientConfig config, Map<String,?> options)
+ {
+ super(config);
+
+ //Get pre-constructed Dispatch from super
+ Dispatch<Source> dispatch = super.getDispatch();
+
+ BindingProvider bp = (BindingProvider) dispatch.getBinding();
+ List<Handler> handlers = bp.getBinding().getHandlerChain();
+
+ String handlerStr = (String) options.get("handlerChain");
+
+ //Lets utilize the login module options
+ if( handlerStr != null && handlerStr.contains("binary"))
+ {
+ BinaryTokenHandler binaryTokenHandler = new BinaryTokenHandler();
+
+ handlers.add(binaryTokenHandler);
+ }
+ else if( handlerStr != null && handlerStr.contains("saml2"))
+ {
+ SAML2Handler samlHandler = new SAML2Handler();
+ handlers.add(samlHandler);
+ }
+
+ bp.getBinding().setHandlerChain(handlers);
+
+ //Check if we have security domain factory installed
+ String secDomainFactory =
SecurityActions.getSystemProperty("org.jboss.security.ssl.server.domain.name",
null);
+ if(secDomainFactory != null )
+ {
+ //StubExt.PROPERTY_SOCKET_FACTORY
+ bp.getRequestContext().put( "org.jboss.ws.socketFactory",
+
"org.jboss.security.ssl.JaasSecurityDomainServerSocketFactory");
+ }
+ }
+ }
+}
\ No newline at end of file
Added:
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/SecurityActions.java
===================================================================
---
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/SecurityActions.java
(rev 0)
+++
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/SecurityActions.java 2011-04-23
04:38:10 UTC (rev 905)
@@ -0,0 +1,141 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.picketlink.trust.jbossws.jaas;
+
+import java.security.AccessController;
+import java.security.Principal;
+import java.security.PrivilegedAction;
+
+import javax.security.auth.Subject;
+
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextAssociation;
+import org.jboss.security.SecurityContextFactory;
+
+/**
+ * Privileged actions.
+ *
+ * @author <a href="mmoyses(a)redhat.com">Marcus Moyses</a>
+ * @author Anil Saldhana
+ * @version $Revision: 1 $
+ */
+class SecurityActions
+{
+ static SecurityContext createSecurityContext(final Principal p, final Object cred,
final Subject subject)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<SecurityContext>()
+ {
+ public SecurityContext run()
+ {
+ SecurityContext sc = null;
+ try
+ {
+ sc = SecurityContextFactory.createSecurityContext(p, cred, subject,
"SAML2_HANDLER");
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ return sc;
+ }
+ });
+ }
+
+ static void setSecurityContext(final SecurityContext sc)
+ {
+ AccessController.doPrivileged(new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ SecurityContextAssociation.setSecurityContext(sc);
+ return null;
+ }
+ });
+ }
+
+ static SecurityContext getSecurityContext()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<SecurityContext>()
+ {
+ public SecurityContext run()
+ {
+ return SecurityContextAssociation.getSecurityContext();
+ }
+ });
+ }
+ /**
+ * Get the {@link Subject} from the {@link SecurityContextAssociation}
+ * @return authenticated subject or null
+ */
+ static Subject getAuthenticatedSubject()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Subject>()
+ {
+ public Subject run()
+ {
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ if( sc != null )
+ return sc.getUtil().getSubject();
+ return null;
+ }
+ });
+ }
+
+ /**
+ * Get a system property
+ * @param key the property name
+ * @param defaultValue default value in absence of property
+ * @return
+ */
+ static String getSystemProperty( final String key, final String defaultValue)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ return System.getProperty(key, defaultValue);
+ }
+ });
+ }
+
+ static ClassLoader getClassLoader( final Class<?> clazz)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ return clazz.getClassLoader();
+ }
+ });
+ }
+
+ static ClassLoader getContextClassLoader()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+}
\ No newline at end of file