Author: anil.saldhana(a)jboss.com Date: 2010-09-08 14:53:26 -0400 (Wed, 08 Sep 2010) New Revision: 391 Added: federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTSConstants.java federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/ federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/ClassPathConfigHandler.java federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/ConsoleHomeDirectoryConfigHandler.java federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/STSConfigHandler.java federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/SecurityActions.java federation/branches/Branch_1_x/picketlink-fed-core/src/main/resources/picketlink-sts-confighandlers.xml Modified: federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTS.java federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/SecurityActions.java Log: PLFED-103: config handler stack for the STS Modified: federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTS.java =================================================================== --- federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTS.java 2010-09-07 01:43:05 UTC (rev 390) +++ federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTS.java 2010-09-08 18:53:26 UTC (rev 391) @@ -17,11 +17,12 @@ */ package org.picketlink.identity.federation.core.wstrust; -import java.io.File; import java.io.InputStream; -import java.net.URL; +import java.util.List; import javax.annotation.Resource; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.Unmarshaller; import javax.xml.transform.Source; import javax.xml.transform.dom.DOMSource; import javax.xml.ws.Provider; @@ -32,8 +33,11 @@ import javax.xml.ws.WebServiceProvider; import org.apache.log4j.Logger; -import org.picketlink.identity.federation.core.config.STSType; import org.picketlink.identity.federation.core.exceptions.ConfigurationException; +import org.picketlink.identity.federation.core.handler.config.Handler; +import org.picketlink.identity.federation.core.handler.config.Handlers; +import org.picketlink.identity.federation.core.util.JAXBUtil; +import org.picketlink.identity.federation.core.wstrust.confighandlers.STSConfigHandler; import org.picketlink.identity.federation.core.wstrust.wrappers.BaseRequestSecurityToken; import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken; import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityTokenCollection; @@ -54,11 +58,11 @@ { private static Logger logger = Logger.getLogger(PicketLinkSTS.class); - private static final String SEPARATOR = System.getProperty("file.separator"); + /* private static final String SEPARATOR = System.getProperty("file.separator"); private static final String STS_CONFIG_FILE = "picketlink-sts.xml"; - private static final String STS_CONFIG_DIR = "picketlink-store" + SEPARATOR + "sts" + SEPARATOR; + private static final String STS_CONFIG_DIR = "picketlink-store" + SEPARATOR + "sts" + SEPARATOR;*/ @Resource protected WebServiceContext context; @@ -244,13 +248,41 @@ * * @return an instance of {@code STSConfiguration} containing the STS configuration properties. */ + @SuppressWarnings("unchecked") protected STSConfiguration getConfiguration() throws ConfigurationException { - URL configurationFileURL = null; - + //URL configurationFileURL = null; + STSConfiguration configuration = null; try { - // check the user home for a configuration file generated by the picketlink console. + JAXBElement<Handlers> handlersJaxb = (JAXBElement<Handlers>) this.unmarshall( PicketLinkSTSConstants.CONFIG_HANDLER_FILE ); + if( handlersJaxb == null ) + throw new RuntimeException( PicketLinkSTSConstants.CONFIG_HANDLER_FILE + " not found " ); + + Handlers handlers = handlersJaxb.getValue(); + List<Handler> handlerList = handlers.getHandler(); + + ClassLoader tcl = SecurityActions.getContextClassLoader(); + + if( handlerList != null ) + { + for( Handler handler: handlerList ) + { + Class<?> clazz = tcl.loadClass( handler.getClazz() ); + STSConfigHandler stsConfigHandler = (STSConfigHandler) clazz.newInstance(); + configuration = stsConfigHandler.getConfiguration(); + if( configuration != null ) + break; + } + } + + if ( configuration == null ) + { + logger.warn( "Configuration handlers returned null. Using default configuration values"); + return new PicketLinkSTSConfiguration(); + } + + /*// check the user home for a configuration file generated by the picketlink console. String configurationFilePath = System.getProperty("user.home") + SEPARATOR + STS_CONFIG_DIR + STS_CONFIG_FILE; File configurationFile = new File(configurationFilePath); if (configurationFile.exists()) @@ -270,7 +302,7 @@ STSType stsConfig = WSTrustUtil.getSTSConfiguration(stream); STSConfiguration configuration = new PicketLinkSTSConfiguration(stsConfig); if (logger.isInfoEnabled()) - logger.info(STS_CONFIG_FILE + " configuration file loaded"); + logger.info(STS_CONFIG_FILE + " configuration file loaded");*/ return configuration; } catch (Exception e) @@ -278,4 +310,20 @@ throw new ConfigurationException("Error parsing the configuration file:", e); } } + + private Object unmarshall(String configFile) throws Exception + { + String[] schemas = new String[] { "schema/config/picketlink-fed.xsd", + "schema/config/picketlink-fed-handler.xsd"}; + + ClassLoader tcl = SecurityActions.getContextClassLoader(); + InputStream is = tcl.getResourceAsStream(configFile); + if( is == null ) + throw new RuntimeException("Inputstream not null for config file:" + configFile ); + + String[] pkgNames = new String[] { "org.picketlink.identity.federation.core.config", + "org.picketlink.identity.federation.core.handler.config" }; + Unmarshaller un = JAXBUtil.getValidatingUnmarshaller(pkgNames, schemas); + return un.unmarshal(is); + } } \ No newline at end of file Added: federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTSConstants.java =================================================================== --- federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTSConstants.java (rev 0) +++ federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTSConstants.java 2010-09-08 18:53:26 UTC (rev 391) @@ -0,0 +1,52 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2010, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.identity.federation.core.wstrust; + +/** + * Define constants used by the PicketLink STS + * @author Anil.Saldhana(a)redhat.com + * @since Sep 8, 2010 + */ +public interface PicketLinkSTSConstants +{ + /** + * Constant for the home directory where the JDK is in operation + */ + String USER_HOME_DIR = SecurityActions.getSystemProperty( "user.home", null ); + + /** + * File separator (Dependent on the OS) + */ + String SEPARATOR = SecurityActions.getSystemProperty( "file.separator", "/" ); + + /** + * Configuration file for the STS - available in the deployment via TCCL + */ + String STS_CONFIG_FILE = "picketlink-sts.xml"; + + String STS_CONFIG_DIR = "picketlink-store" + SEPARATOR + "sts" + SEPARATOR; + + /** + * Configuration handlers for the STS + */ + String CONFIG_HANDLER_FILE = "picketlink-sts-confighandlers.xml"; +} \ No newline at end of file Modified: federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/SecurityActions.java =================================================================== --- federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/SecurityActions.java 2010-09-07 01:43:05 UTC (rev 390) +++ federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/SecurityActions.java 2010-09-08 18:53:26 UTC (rev 391) @@ -32,6 +32,8 @@ * </p> * * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + * @author Anil.Saldhana(a)redhat.com + * */ class SecurityActions { @@ -105,4 +107,23 @@ } }); } + + /** + * Get the system property + * @param key key for the system property + * @param defaultValue any default value + * @return + */ + static String getSystemProperty( final String key, final String defaultValue ) + { + return AccessController.doPrivileged( new PrivilegedAction< String >() + { + @Override + public String run() + { + return System.getProperty( key, defaultValue ); + } + }); + } + } \ No newline at end of file Added: federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/ClassPathConfigHandler.java =================================================================== --- federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/ClassPathConfigHandler.java (rev 0) +++ federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/ClassPathConfigHandler.java 2010-09-08 18:53:26 UTC (rev 391) @@ -0,0 +1,72 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2010, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.identity.federation.core.wstrust.confighandlers; + +import java.io.InputStream; +import java.net.URL; + +import org.apache.log4j.Logger; +import org.picketlink.identity.federation.core.config.STSType; +import org.picketlink.identity.federation.core.wstrust.PicketLinkSTSConfiguration; +import org.picketlink.identity.federation.core.wstrust.PicketLinkSTSConstants; +import org.picketlink.identity.federation.core.wstrust.STSConfiguration; +import org.picketlink.identity.federation.core.wstrust.WSTrustUtil; + +/** + * Configuration Handler that reads the configuration from the {@code PicketLinkSTSConstants#STS_CONFIG_FILE} that + * is from the classpath, reachable from the Thread Context Class Loader + * + * @author Anil.Saldhana(a)redhat.com + * @since Sep 8, 2010 + */ +public class ClassPathConfigHandler implements STSConfigHandler +{ + protected static Logger log = Logger.getLogger( ClassPathConfigHandler.class ); + + /* (non-Javadoc) + * @see org.picketlink.identity.federation.core.wstrust.confighandlers.STSConfigHandler#getConfiguration() + */ + public STSConfiguration getConfiguration() + { + STSConfiguration configuration = null; + + try + { + URL configurationFileURL = SecurityActions.getContextClassLoader().getResource( PicketLinkSTSConstants.STS_CONFIG_FILE ); + + if (configurationFileURL != null) + { + InputStream stream = configurationFileURL.openStream(); + STSType stsConfig = WSTrustUtil.getSTSConfiguration(stream); + configuration = new PicketLinkSTSConfiguration(stsConfig); + } + } + catch ( Exception e ) + { + if( log.isTraceEnabled() ) + { + log.trace( "Error in handling classpath based configuration:", e ); + } + } + return configuration; + } +} \ No newline at end of file Added: federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/ConsoleHomeDirectoryConfigHandler.java =================================================================== --- federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/ConsoleHomeDirectoryConfigHandler.java (rev 0) +++ federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/ConsoleHomeDirectoryConfigHandler.java 2010-09-08 18:53:26 UTC (rev 391) @@ -0,0 +1,86 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2010, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.identity.federation.core.wstrust.confighandlers; + +import java.io.File; +import java.io.InputStream; +import java.net.URL; + +import org.apache.log4j.Logger; +import org.picketlink.identity.federation.core.config.STSType; +import org.picketlink.identity.federation.core.wstrust.PicketLinkSTSConfiguration; +import org.picketlink.identity.federation.core.wstrust.PicketLinkSTSConstants; +import org.picketlink.identity.federation.core.wstrust.STSConfiguration; +import org.picketlink.identity.federation.core.wstrust.WSTrustUtil; + +/** + * PicketLink console stores the sts configuration in the home directory + * + * @author Anil.Saldhana(a)redhat.com + * @since Sep 8, 2010 + */ +public class ConsoleHomeDirectoryConfigHandler implements STSConfigHandler +{ + protected static Logger log = Logger.getLogger( ConsoleHomeDirectoryConfigHandler.class ); + + /* (non-Javadoc) + * @see org.picketlink.identity.federation.core.wstrust.confighandlers.STSConfigHandler#getConfiguration() + */ + public STSConfiguration getConfiguration() + { + STSConfiguration configuration = null; + + URL configurationFileURL = null; + + // Check the user home for a configuration file generated by the picketlink console. + try + { + StringBuilder builder = new StringBuilder( PicketLinkSTSConstants.USER_HOME_DIR ); + builder.append( PicketLinkSTSConstants.SEPARATOR ); + builder.append( PicketLinkSTSConstants.STS_CONFIG_DIR ); + builder.append( PicketLinkSTSConstants.STS_CONFIG_FILE ); + + String configurationFilePath = builder.toString(); + + /*String configurationFilePath = System.getProperty( "user.home" ) + PicketLinkSTSConstants.SEPARATOR + + PicketLinkSTSConstants.STS_CONFIG_DIR + PicketLinkSTSConstants.STS_CONFIG_FILE;*/ + + File configurationFile = new File( configurationFilePath ); + if ( configurationFile != null && configurationFile.exists() ) + { + configurationFileURL = configurationFile.toURI().toURL(); + InputStream stream = configurationFileURL.openStream(); + STSType stsConfig = WSTrustUtil.getSTSConfiguration(stream); + configuration = new PicketLinkSTSConfiguration(stsConfig); + } + } + catch ( Exception e ) + { + if( log.isTraceEnabled() ) + { + log.trace( "Error in handling Console based configuration in home directory:", e ); + } + } + + return configuration; + } +} \ No newline at end of file Added: federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/STSConfigHandler.java =================================================================== --- federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/STSConfigHandler.java (rev 0) +++ federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/STSConfigHandler.java 2010-09-08 18:53:26 UTC (rev 391) @@ -0,0 +1,39 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2010, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.identity.federation.core.wstrust.confighandlers; + +import org.picketlink.identity.federation.core.wstrust.STSConfiguration; + +/** + * An interface for the STS Configuration Handlers + * + * @author Anil.Saldhana(a)redhat.com + * @since Sep 8, 2010 + */ +public interface STSConfigHandler +{ + /** + * Return {@code STSConfiguration} or null + * @return + */ + STSConfiguration getConfiguration(); +} \ No newline at end of file Added: federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/SecurityActions.java =================================================================== --- federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/SecurityActions.java (rev 0) +++ federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/SecurityActions.java 2010-09-08 18:53:26 UTC (rev 391) @@ -0,0 +1,108 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.identity.federation.core.wstrust.confighandlers; + +import java.security.AccessController; +import java.security.PrivilegedAction; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; + +/** + * <p> + * Utility class that executes actions such as creating a class in privileged blocks. + * </p> + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +class SecurityActions +{ + + /** + * <p> + * Gets the thread context class loader using a privileged block. + * </p> + * + * @return a reference to the thread context {@code ClassLoader}. + */ + static ClassLoader getContextClassLoader() + { + return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() + { + public ClassLoader run() + { + return Thread.currentThread().getContextClassLoader(); + } + }); + } + + /** + * <p> + * Loads a class using the thread context class loader in a privileged block. + * </p> + * + * @param name the fully-qualified name of the class to be loaded. + * @return a reference to the loaded {@code Class}. + * @throws PrivilegedActionException if an error occurs while loading the class. This exception wraps the real cause + * of the error, so classes using this method must perform a {@code getCause()} in order to get a + * reference to the root of the error. + */ + static Class<?> loadClass(final String name) throws PrivilegedActionException + { + return AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>() + { + public Class<?> run() throws PrivilegedActionException + { + try + { + return getContextClassLoader().loadClass(name); + } + catch (Exception e) + { + throw new PrivilegedActionException(e); + } + } + }); + } + + /** + * <p> + * Creates an instance of the specified class in a privileged block. The class must define a default constructor. + * </p> + * + * @param className the fully-qualified name of the class to be instantiated. + * @return a reference to the instantiated {@code Object}. + * @throws PrivilegedActionException if an error occurs while instantiating the class. This exception wraps the real + * cause of the error, so classes using this method must perform a {@code getCause()} in order to get a + * reference to the root of the error. + */ + static Object instantiateClass(final String className) throws PrivilegedActionException + { + return AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + Class<?> objectClass = loadClass(className); + return objectClass.newInstance(); + } + }); + } +} \ No newline at end of file Added: federation/branches/Branch_1_x/picketlink-fed-core/src/main/resources/picketlink-sts-confighandlers.xml =================================================================== --- federation/branches/Branch_1_x/picketlink-fed-core/src/main/resources/picketlink-sts-confighandlers.xml (rev 0) +++ federation/branches/Branch_1_x/picketlink-fed-core/src/main/resources/picketlink-sts-confighandlers.xml 2010-09-08 18:53:26 UTC (rev 391) @@ -0,0 +1,10 @@ +<Handlers xmlns="urn:picketlink:identity-federation:handler:config:1.0"> + <Handler class="org.picketlink.identity.federation.core.wstrust.confighandlers.ConsoleHomeDirectoryConfigHandler"> + <Option Key="1" Value="1.1"/> + <Option Key="2" Value="2.2"/> + </Handler> + <Handler class="org.picketlink.identity.federation.core.wstrust.confighandlers.ClassPathConfigHandler"> + <Option Key="1" Value="1.1"/> + <Option Key="2" Value="2.2"/> + </Handler> +</Handlers> \ No newline at end of file