Author: anil.saldhana(a)jboss.com
Date: 2011-07-01 12:24:49 -0400 (Fri, 01 Jul 2011)
New Revision: 1049
Added:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/SystemPropertiesUtil.java
Modified:
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/StaxParserUtil.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SOAPSAMLXACMLPDP.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/JAXPValidationUtil.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java
Log:
PLFED-199: centralize system prop
Modified:
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
===================================================================
---
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2011-07-01
15:40:09 UTC (rev 1048)
+++
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2011-07-01
16:24:49 UTC (rev 1049)
@@ -87,6 +87,7 @@
import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
import org.picketlink.identity.federation.core.util.CoreConfigUtil;
import org.picketlink.identity.federation.core.util.StringUtil;
+import org.picketlink.identity.federation.core.util.SystemPropertiesUtil;
import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
import org.picketlink.identity.federation.saml.v2.SAML2Object;
import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType;
@@ -864,6 +865,8 @@
lifecycle.fireLifecycleEvent(START_EVENT, null);
started = true;
+ SystemPropertiesUtil.ensure();
+
//Get the chain from config
if (StringUtil.isNullOrEmpty(samlHandlerChainClass))
chain = SAML2HandlerChainFactory.createChain();
Modified:
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java
===================================================================
---
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2011-07-01
15:40:09 UTC (rev 1048)
+++
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2011-07-01
16:24:49 UTC (rev 1049)
@@ -60,6 +60,7 @@
import org.picketlink.identity.federation.core.saml.v2.util.HandlerUtil;
import org.picketlink.identity.federation.core.util.CoreConfigUtil;
import org.picketlink.identity.federation.core.util.StringUtil;
+import org.picketlink.identity.federation.core.util.SystemPropertiesUtil;
import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
import org.picketlink.identity.federation.saml.v2.metadata.EndpointType;
import org.picketlink.identity.federation.saml.v2.metadata.EntitiesDescriptorType;
@@ -182,6 +183,7 @@
public void start() throws LifecycleException
{
super.start();
+ SystemPropertiesUtil.ensure();
processStart();
}
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/StaxParserUtil.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/StaxParserUtil.java 2011-07-01
15:40:09 UTC (rev 1048)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/StaxParserUtil.java 2011-07-01
16:24:49 UTC (rev 1049)
@@ -465,6 +465,12 @@
throw new RuntimeException("Expecting </" + tag + ">.
Found </" + elementTag + ">");
}
+ /**
+ * Get the {@link Validator} for JAXP Validation
+ * @return
+ * @throws SAXException
+ * @throws IOException
+ */
public static Validator getSchemaValidator() throws SAXException, IOException
{
return JAXPValidationUtil.validator();
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SOAPSAMLXACMLPDP.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SOAPSAMLXACMLPDP.java 2011-07-01
15:40:09 UTC (rev 1048)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SOAPSAMLXACMLPDP.java 2011-07-01
16:24:49 UTC (rev 1049)
@@ -43,6 +43,7 @@
import org.picketlink.identity.federation.core.saml.v2.util.SOAPSAMLXACMLUtil;
import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter;
import org.picketlink.identity.federation.core.util.StaxUtil;
+import org.picketlink.identity.federation.core.util.SystemPropertiesUtil;
import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
import org.picketlink.identity.federation.saml.v2.protocol.XACMLAuthzDecisionQueryType;
import org.w3c.dom.Document;
@@ -52,21 +53,20 @@
* @author Anil.Saldhana(a)redhat.com
* @since Jan 24, 2011
*/
-@WebServiceProvider(serviceName="SOAPSAMLXACMLPDP",portName="SOAPSAMLXACMLPort",
-
targetNamespace="urn:picketlink:identity-federation:pdp",wsdlLocation="WEB-INF/wsdl/SOAPSAMLXACMLPDP.wsdl")
+@WebServiceProvider(serviceName = "SOAPSAMLXACMLPDP", portName =
"SOAPSAMLXACMLPort", targetNamespace =
"urn:picketlink:identity-federation:pdp", wsdlLocation =
"WEB-INF/wsdl/SOAPSAMLXACMLPDP.wsdl")
public class SOAPSAMLXACMLPDP implements Provider<Source>
-{
- protected Logger log = Logger.getLogger( SOAPSAMLXACMLPDP.class );
-
+{
+ protected Logger log = Logger.getLogger(SOAPSAMLXACMLPDP.class);
+
@Resource
WebServiceContext context;
-
+
protected String policyConfigFileName = "policyConfig.xml";
-
+
protected PolicyDecisionPoint pdp;
-
+
protected String issuer = "PicketLinkPDP";
-
+
public SOAPSAMLXACMLPDP()
{
try
@@ -74,55 +74,55 @@
pdp = getPDP();
}
catch (PrivilegedActionException e)
- {
- throw new RuntimeException( e );
+ {
+ throw new RuntimeException(e);
}
}
-
+
public Source invoke(Source request)
- {
+ {
try
{
- Document doc = (Document) DocumentUtil.getNodeFromSource( request );
- if( log.isDebugEnabled() )
+ Document doc = (Document) DocumentUtil.getNodeFromSource(request);
+ if (log.isDebugEnabled())
{
- log.debug( "Received Message::" + DocumentUtil.asString(doc) );
+ log.debug("Received Message::" + DocumentUtil.asString(doc));
}
XACMLAuthzDecisionQueryType xacmlQuery =
SOAPSAMLXACMLUtil.getXACMLQueryType(doc);
ResponseType samlResponseType = SOAPSAMLXACMLUtil.handleXACMLQuery(pdp, issuer,
xacmlQuery);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
XMLStreamWriter xmlStreamWriter = StaxUtil.getXMLStreamWriter(baos);
- SAMLResponseWriter samlResponseWriter = new SAMLResponseWriter( xmlStreamWriter
);
- samlResponseWriter.write( samlResponseType );
- Document responseDocument = DocumentUtil.getDocument( new ByteArrayInputStream(
baos.toByteArray() ));
-
- return new DOMSource( responseDocument.getDocumentElement());
+ SAMLResponseWriter samlResponseWriter = new
SAMLResponseWriter(xmlStreamWriter);
+ samlResponseWriter.write(samlResponseType);
+ Document responseDocument = DocumentUtil.getDocument(new
ByteArrayInputStream(baos.toByteArray()));
+
+ return new DOMSource(responseDocument.getDocumentElement());
}
- catch ( Exception e )
- {
- throw new RuntimeException( e) ;
- }
- }
-
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
private PolicyDecisionPoint getPDP() throws PrivilegedActionException
- {
- SecurityActions.setSystemProperty(
"org.jboss.security.xacml.schema.validation", "false" );
-
+ {
+ SystemPropertiesUtil.ensure();
+
ClassLoader tcl = SecurityActions.getContextClassLoader();
- URL url = tcl.getResource( policyConfigFileName );
- if( url == null)
- throw new IllegalStateException(policyConfigFileName + " could not be
located");
-
+ URL url = tcl.getResource(policyConfigFileName);
+ if (url == null)
+ throw new IllegalStateException(policyConfigFileName + " could not be
located");
+
InputStream is;
try
{
is = url.openStream();
}
catch (IOException e)
- {
- throw new RuntimeException( e );
+ {
+ throw new RuntimeException(e);
}
- return new JBossPDP(is);
- }
+ return new JBossPDP(is);
+ }
}
\ No newline at end of file
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/JAXPValidationUtil.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/JAXPValidationUtil.java 2011-07-01
15:40:09 UTC (rev 1048)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/JAXPValidationUtil.java 2011-07-01
16:24:49 UTC (rev 1049)
@@ -26,7 +26,6 @@
import java.net.URL;
import java.util.List;
-import javax.xml.XMLConstants;
import javax.xml.transform.Source;
import javax.xml.transform.stream.StreamSource;
import javax.xml.validation.Schema;
@@ -89,8 +88,7 @@
public static Validator validator() throws SAXException, IOException
{
- String schemaFactoryProperty = "javax.xml.validation.SchemaFactory:" +
XMLConstants.W3C_XML_SCHEMA_NS_URI;
- SecurityActions.setSystemProperty(schemaFactoryProperty,
"org.apache.xerces.jaxp.validation.XMLSchemaFactory");
+ SystemPropertiesUtil.ensure();
if (validator == null)
{
Added:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/SystemPropertiesUtil.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/SystemPropertiesUtil.java
(rev 0)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/SystemPropertiesUtil.java 2011-07-01
16:24:49 UTC (rev 1049)
@@ -0,0 +1,64 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.util;
+
+import javax.xml.XMLConstants;
+
+/**
+ * Utility dealing with the system properties at the JVM level
+ * for PicketLink
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jul 1, 2011
+ */
+public class SystemPropertiesUtil
+{
+ static
+ {
+ //XML Signature
+ String xmlSec = "org.apache.xml.security.ignoreLineBreaks";
+ if (StringUtil.isNullOrEmpty(SecurityActions.getSystemProperty(xmlSec,
"")))
+ {
+ SecurityActions.setSystemProperty(xmlSec, "true");
+ }
+
+ //For JAXP Validation
+ String schemaFactoryProperty = "javax.xml.validation.SchemaFactory:" +
XMLConstants.W3C_XML_SCHEMA_NS_URI;
+ if
(StringUtil.isNullOrEmpty(SecurityActions.getSystemProperty(schemaFactoryProperty,
"")))
+ {
+ SecurityActions.setSystemProperty(schemaFactoryProperty,
"org.apache.xerces.jaxp.validation.XMLSchemaFactory");
+ }
+
+ //For the XACML Engine
+ String xacmlValidation = "org.jboss.security.xacml.schema.validation";
+ if (StringUtil.isNullOrEmpty(SecurityActions.getSystemProperty(xacmlValidation,
"")))
+ {
+ SecurityActions.setSystemProperty(xacmlValidation, "false");
+ }
+ };
+
+ /**
+ * No-op call such that the default system properties are set
+ */
+ public static void ensure()
+ {
+ }
+}
\ No newline at end of file
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java 2011-07-01
15:40:09 UTC (rev 1048)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java 2011-07-01
16:24:49 UTC (rev 1049)
@@ -23,12 +23,10 @@
import java.io.ByteArrayInputStream;
import java.io.OutputStream;
-import java.security.AccessController;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyPair;
import java.security.PrivateKey;
-import java.security.PrivilegedAction;
import java.security.PublicKey;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
@@ -106,14 +104,7 @@
//Set some system properties
static
{
- AccessController.doPrivileged(new PrivilegedAction<Object>()
- {
- public Object run()
- {
- System.setProperty("org.apache.xml.security.ignoreLineBreaks",
"true");
- return null;
- }
- });
+ SystemPropertiesUtil.ensure();
};
/**