Author: bmozaffa(a)redhat.com Date: 2010-06-11 15:51:14 -0400 (Fri, 11 Jun 2010) New Revision: 298 Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenAttributeProvider.java Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java Log: PLFED-88: Provided a pluggable interface for the SAML20TokenProvider that if configured, it calls to retrieve and include any potential attributes in the token Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenAttributeProvider.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenAttributeProvider.java (rev 0) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenAttributeProvider.java 2010-06-11 19:51:14 UTC (rev 298) @@ -0,0 +1,31 @@ +package org.picketlink.identity.federation.core.wstrust.plugins.saml; + +import java.util.Map; + +import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType; + +/** + * <p> + * An interface used by {@code SAML20TokenProvider} to retrieve an environment specific attribute that will be + * inserted into the Assertion. + * </p> + * + * @author <a href="mailto:Babak@redhat.com">Babak Mozaffari</a> + */ +public interface SAML20TokenAttributeProvider +{ + /** + * Sets properties on the Attribute Provider that may affect its behavior + * + * @param properties A set of string properties, some or all of which might impact the provider's behavior + */ + void setProperties( Map<String, String> properties ); + + /** + * Given the security context, environment or other static or non-static criteria, returns an attribute statement + * to be included in the SAML v2 Assertion + * + * @return An Attribute Statement to be inserted in the SAML v2 Assertion + */ + AttributeStatementType getAttributeStatement(); +} Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java 2010-06-11 19:40:21 UTC (rev 297) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java 2010-06-11 19:51:14 UTC (rev 298) @@ -44,11 +44,12 @@ import org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext; import org.picketlink.identity.federation.core.wstrust.WSTrustUtil; import org.picketlink.identity.federation.core.wstrust.plugins.DefaultRevocationRegistry; -import org.picketlink.identity.federation.core.wstrust.plugins.RevocationRegistry; import org.picketlink.identity.federation.core.wstrust.plugins.FileBasedRevocationRegistry; import org.picketlink.identity.federation.core.wstrust.plugins.JPABasedRevocationRegistry; +import org.picketlink.identity.federation.core.wstrust.plugins.RevocationRegistry; import org.picketlink.identity.federation.core.wstrust.wrappers.Lifetime; import org.picketlink.identity.federation.saml.v2.assertion.AssertionType; +import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType; import org.picketlink.identity.federation.saml.v2.assertion.AudienceRestrictionType; import org.picketlink.identity.federation.saml.v2.assertion.ConditionsType; import org.picketlink.identity.federation.saml.v2.assertion.KeyInfoConfirmationDataType; @@ -79,11 +80,15 @@ private static final String REVOCATION_REGISTRY_FILE = "RevocationRegistryFile"; private static final String REVOCATION_REGISTRY_JPA_CONFIG = "RevocationRegistryJPAConfig"; - + + private static final String ATTRIBUTE_PROVIDER = "AttributeProvider"; + private RevocationRegistry revocationRegistry; private Map<String, String> properties; + private SAML20TokenAttributeProvider attributeProvider; + /* * (non-Javadoc) * @@ -145,6 +150,29 @@ } } } + + // Check if an attribute provider has been set. + String attributeProviderClassName = this.properties.get(ATTRIBUTE_PROVIDER); + if (attributeProviderClassName == null) + { + if (logger.isDebugEnabled()) + logger.debug("No attribute provider set"); + } + else + { + try + { + @SuppressWarnings("unchecked") + Class<SAML20TokenAttributeProvider> attributeProviderClass = (Class<SAML20TokenAttributeProvider>) Class + .forName(attributeProviderClassName); + attributeProvider = attributeProviderClass.newInstance(); + attributeProvider.setProperties(properties); + } + catch (Exception e) + { + throw new IllegalStateException(e); + } + } } /* @@ -230,6 +258,15 @@ AssertionType assertion = SAMLAssertionFactory.createAssertion(assertionID, issuerID, lifetime.getCreated(), conditions, subject, statements); + if (attributeProvider != null) + { + AttributeStatementType attributeStatement = attributeProvider.getAttributeStatement(); + if (attributeStatement != null) + { + assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attributeStatement); + } + } + // convert the constructed assertion to element. Element assertionElement = null; try