Author: anil.saldhana(a)jboss.com Date: 2011-03-15 15:09:44 -0400 (Tue, 15 Mar 2011) New Revision: 815 Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/StatementUtil.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AttributeHandler.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/saml/handlers/SAML2AttributeHandlerUnitTestCase.java Log: PLFED-159: saml attribute handler on sp side should populate the http session with idp passed attributes Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/StatementUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/StatementUtil.java 2011-03-15 17:22:40 UTC (rev 814) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/StatementUtil.java 2011-03-15 19:09:44 UTC (rev 815) @@ -124,7 +124,11 @@ att.setFriendlyName(key); } else - throw new RuntimeException("Unknown:" + key); + { + att = new AttributeType(key); + att.setFriendlyName(key); + att.setNameFormat(JBossSAMLURIConstants.ATTRIBUTE_FORMAT_URI.get()); + } att.addAttributeValue(value); attrStatement.addAttribute(new ASTChoiceType(att)); Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java 2011-03-15 17:22:40 UTC (rev 814) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java 2011-03-15 19:09:44 UTC (rev 815) @@ -88,6 +88,8 @@ String SIGN_OUTGOING_MESSAGES = "SIGN_OUTGOING_MESSAGES"; + String SESSION_ATTRIBUTE_MAP = "SESSION_ATTRIBUTE_MAP"; + String USERNAME_FIELD = "JBID_USERNAME"; String PASS_FIELD = "JBID_PASSWORD"; Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AttributeHandler.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AttributeHandler.java 2011-03-15 17:22:40 UTC (rev 814) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AttributeHandler.java 2011-03-15 19:09:44 UTC (rev 815) @@ -20,12 +20,13 @@ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. */ package org.picketlink.identity.federation.web.handlers.saml2; - import java.security.Principal; import java.util.ArrayList; +import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Set; import javax.servlet.http.HttpSession; @@ -38,7 +39,12 @@ import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerChainConfig; import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerConfig; import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest; -import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse; +import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse; +import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType; +import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType; +import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType.ASTChoiceType; +import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeType; +import org.picketlink.identity.federation.newmodel.saml.v2.assertion.StatementAbstractType; import org.picketlink.identity.federation.newmodel.saml.v2.protocol.LogoutRequestType; import org.picketlink.identity.federation.web.constants.GeneralConstants; import org.picketlink.identity.federation.web.core.HTTPContext; @@ -49,24 +55,26 @@ * @since Oct 12, 2009 */ public class SAML2AttributeHandler extends BaseSAML2Handler -{ +{ private static Logger log = Logger.getLogger(SAML2AttributeHandler.class); - private boolean trace = log.isTraceEnabled(); - - protected AttributeManager attribManager = new EmptyAttributeManager(); + + private final boolean trace = log.isTraceEnabled(); + + protected AttributeManager attribManager = new EmptyAttributeManager(); + protected List<String> attributeKeys = new ArrayList<String>(); - + @Override public void initChainConfig(SAML2HandlerChainConfig handlerChainConfig) throws ConfigurationException { super.initChainConfig(handlerChainConfig); Object config = this.handlerChainConfig.getParameter(GeneralConstants.CONFIGURATION); - if(config instanceof IDPType) + if (config instanceof IDPType) { IDPType idpType = (IDPType) config; String attribStr = idpType.getAttributeManager(); insantiateAttributeManager(attribStr); - } + } } @SuppressWarnings("unchecked") @@ -74,11 +82,11 @@ public void initHandlerConfig(SAML2HandlerConfig handlerConfig) throws ConfigurationException { super.initHandlerConfig(handlerConfig); - + String attribStr = (String) this.handlerConfig.getParameter(GeneralConstants.ATTIBUTE_MANAGER); this.insantiateAttributeManager(attribStr); List<String> ak = (List<String>) this.handlerConfig.getParameter(GeneralConstants.ATTRIBUTE_KEYS); - if(ak != null) + if (ak != null) this.attributeKeys.addAll(ak); } @@ -86,42 +94,83 @@ public void handleRequestType(SAML2HandlerRequest request, SAML2HandlerResponse response) throws ProcessingException { //Do not handle log out request interaction - if(request.getSAML2Object() instanceof LogoutRequestType) - return ; - + if (request.getSAML2Object() instanceof LogoutRequestType) + return; + //only handle IDP side - if(getType() == HANDLER_TYPE.SP) + if (getType() == HANDLER_TYPE.SP) return; - + HTTPContext httpContext = (HTTPContext) request.getContext(); HttpSession session = httpContext.getRequest().getSession(false); - + Principal userPrincipal = (Principal) session.getAttribute(GeneralConstants.PRINCIPAL_ID); Map<String, Object> attribs = (Map<String, Object>) session.getAttribute(GeneralConstants.ATTRIBUTES); - if(attribs == null) - { + if (attribs == null) + { attribs = this.attribManager.getAttributes(userPrincipal, attributeKeys); session.setAttribute(GeneralConstants.ATTRIBUTES, attribs); - } - } - - private void insantiateAttributeManager(String attribStr) - throws ConfigurationException + } + } + + @Override + public void handleStatusResponseType(SAML2HandlerRequest request, SAML2HandlerResponse response) + throws ProcessingException { - if(attribStr != null && !"".equals(attribStr)) + //only handle SP side + if (getType() == HANDLER_TYPE.IDP) + return; + handleIDPResponse(request); + } + + private void insantiateAttributeManager(String attribStr) throws ConfigurationException + { + if (attribStr != null && !"".equals(attribStr)) { ClassLoader tcl = SecurityActions.getContextClassLoader(); try { attribManager = (AttributeManager) tcl.loadClass(attribStr).newInstance(); - if(trace) + if (trace) log.trace("AttributeManager set to " + this.attribManager); } catch (Exception e) { - log.error("Exception initializing attribute manager:",e); - throw new ConfigurationException(); - } - } + log.error("Exception initializing attribute manager:", e); + throw new ConfigurationException(); + } + } } + + @SuppressWarnings("unchecked") + protected void handleIDPResponse(SAML2HandlerRequest request) + { + HTTPContext httpContext = (HTTPContext) request.getContext(); + HttpSession session = httpContext.getRequest().getSession(false); + + AssertionType assertion = (AssertionType) request.getOptions().get(GeneralConstants.ASSERTION); + if (assertion == null) + throw new RuntimeException("Assertion not found in the handler request"); + Set<StatementAbstractType> statements = assertion.getStatements(); + for (StatementAbstractType statement : statements) + { + if (statement instanceof AttributeStatementType) + { + AttributeStatementType attrStat = (AttributeStatementType) statement; + List<ASTChoiceType> attrs = attrStat.getAttributes(); + for (ASTChoiceType attrChoice : attrs) + { + AttributeType attr = attrChoice.getAttribute(); + Map<String, Object> attrMap = (Map<String, Object>) session + .getAttribute(GeneralConstants.SESSION_ATTRIBUTE_MAP); + if (attrMap == null) + { + attrMap = new HashMap<String, Object>(); + session.setAttribute(GeneralConstants.SESSION_ATTRIBUTE_MAP, attrMap); + } + attrMap.put(attr.getFriendlyName(), attr.getAttributeValue()); + } + } + } + } } \ No newline at end of file Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2011-03-15 17:22:40 UTC (rev 814) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2011-03-15 19:09:44 UTC (rev 815) @@ -374,6 +374,8 @@ assertion = assertions.get(0).getAssertion(); } + request.addOption(GeneralConstants.ASSERTION, assertion); + Principal userPrincipal = handleSAMLResponse(responseType, response); if (userPrincipal == null) { Modified: federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/saml/handlers/SAML2AttributeHandlerUnitTestCase.java =================================================================== --- federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/saml/handlers/SAML2AttributeHandlerUnitTestCase.java 2011-03-15 17:22:40 UTC (rev 814) +++ federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/saml/handlers/SAML2AttributeHandlerUnitTestCase.java 2011-03-15 19:09:44 UTC (rev 815) @@ -21,16 +21,21 @@ */ package org.picketlink.test.identity.federation.web.saml.handlers; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; + import java.security.Principal; import java.util.HashMap; import java.util.List; import java.util.Map; -import junit.framework.TestCase; - +import org.junit.Test; import org.picketlink.identity.federation.core.config.IDPType; +import org.picketlink.identity.federation.core.config.SPType; import org.picketlink.identity.federation.core.interfaces.AttributeManager; +import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator; import org.picketlink.identity.federation.core.saml.v2.common.SAMLDocumentHolder; +import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants; import org.picketlink.identity.federation.core.saml.v2.constants.X500SAMLProfileConstants; import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder; import org.picketlink.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerChainConfig; @@ -42,6 +47,10 @@ import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerConfig; import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest; import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse; +import org.picketlink.identity.federation.core.saml.v2.util.StatementUtil; +import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil; +import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType; +import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType; import org.picketlink.identity.federation.saml.v2.SAML2Object; import org.picketlink.identity.federation.web.constants.GeneralConstants; import org.picketlink.identity.federation.web.core.HTTPContext; @@ -56,13 +65,14 @@ * @author Anil.Saldhana(a)redhat.com * @since Oct 12, 2009 */ -public class SAML2AttributeHandlerUnitTestCase extends TestCase +public class SAML2AttributeHandlerUnitTestCase { private static String name = "anil"; private static String email = "anil@test"; @SuppressWarnings("unchecked") + @Test public void testAttributes() throws Exception { SAML2AttributeHandler handler = new SAML2AttributeHandler(); @@ -111,6 +121,59 @@ assertEquals(email, attribs.get(X500SAMLProfileConstants.EMAIL.getFriendlyName())); } + @SuppressWarnings("unchecked") + @Test + public void testAttribsOnSP() throws Exception + { + SAML2AttributeHandler handler = new SAML2AttributeHandler(); + + SAML2HandlerChainConfig chainConfig = new DefaultSAML2HandlerChainConfig(); + SAML2HandlerConfig handlerConfig = new DefaultSAML2HandlerConfig(); + + Map<String, Object> chainOptions = new HashMap<String, Object>(); + SPType spType = new SPType(); + chainOptions.put(GeneralConstants.CONFIGURATION, spType); + chainConfig.set(chainOptions); + + //Initialize the handler + handler.initChainConfig(chainConfig); + handler.initHandlerConfig(handlerConfig); + + //Create a Protocol Context + MockHttpSession session = new MockHttpSession(); + MockServletContext servletContext = new MockServletContext(); + MockHttpServletRequest servletRequest = new MockHttpServletRequest(session, "POST"); + MockHttpServletResponse servletResponse = new MockHttpServletResponse(); + HTTPContext httpContext = new HTTPContext(servletRequest, servletResponse, servletContext); + + SAML2Object saml2Object = new SAML2Object() + { + }; + + SAMLDocumentHolder docHolder = new SAMLDocumentHolder(saml2Object, null); + IssuerInfoHolder issuerInfo = new IssuerInfoHolder("http://localhost:8080/idp/"); + SAML2HandlerRequest request = new DefaultSAML2HandlerRequest(httpContext, issuerInfo.getIssuer(), docHolder, + SAML2Handler.HANDLER_TYPE.IDP); + SAML2HandlerResponse response = new DefaultSAML2HandlerResponse(); + + AssertionType assertion = new AssertionType(IDGenerator.create("ID_"), XMLTimeUtil.getIssueInstant(), + JBossSAMLConstants.VERSION_2_0.get()); + + Map<String, Object> myattr = new HashMap<String, Object>(); + myattr.put("testKey", "hello"); + AttributeStatementType attState = StatementUtil.createAttributeStatement(myattr); + assertion.addStatement(attState); + + request.addOption(GeneralConstants.ASSERTION, assertion); + handler.handleStatusResponseType(request, response); + + Map<String, Object> sessionMap = (Map<String, Object>) session + .getAttribute(GeneralConstants.SESSION_ATTRIBUTE_MAP); + assertNotNull(sessionMap); + List<Object> values = (List<Object>) sessionMap.get("testKey"); + assertEquals("hello", values.get(0)); + } + public static class TestAttributeManager implements AttributeManager { public Map<String, Object> getAttributes(Principal userPrincipal, List<String> attributeKeys)