Author: pskopek(a)redhat.com Date: 2012-02-16 04:35:25 -0500 (Thu, 16 Feb 2012) New Revision: 1399 Added: product/branches/Branch_6_plus/picketlink-webapps/pdp/SOAPSAMLXACMLPDPService.java Log: Missed file in previous commit. (eclipse showed, that it is already added :-() Added: product/branches/Branch_6_plus/picketlink-webapps/pdp/SOAPSAMLXACMLPDPService.java =================================================================== --- product/branches/Branch_6_plus/picketlink-webapps/pdp/SOAPSAMLXACMLPDPService.java (rev 0) +++ product/branches/Branch_6_plus/picketlink-webapps/pdp/SOAPSAMLXACMLPDPService.java 2012-02-16 09:35:25 UTC (rev 1399) @@ -0,0 +1,139 @@ +/* + * JBoss, Home of Professional Open Source. Copyright 2009, Red Hat Middleware LLC, and individual contributors as + * indicated by the @author tags. See the copyright.txt file in the distribution for a full listing of individual + * contributors. + * + * This is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any + * later version. + * + * This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied + * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more + * details. + * + * You should have received a copy of the GNU Lesser General Public License along with this software; if not, write to + * the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF site: + * http://www.fsf.org. + */ + +package org.picketlink.identity.federation.app.pdp; + + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.net.URL; +import java.security.PrivilegedActionException; + +import javax.annotation.Resource; +import javax.xml.stream.XMLStreamWriter; +import javax.xml.transform.Source; +import javax.xml.transform.dom.DOMSource; +import javax.xml.ws.Service; +import javax.xml.ws.ServiceMode; +import javax.xml.ws.WebServiceContext; +import javax.xml.ws.WebServiceProvider; +import javax.xml.ws.Provider; + +import org.apache.log4j.Logger; +import org.jboss.security.xacml.core.JBossPDP; +import org.jboss.security.xacml.interfaces.PolicyDecisionPoint; +import org.picketlink.identity.federation.core.ErrorCodes; +import org.picketlink.identity.federation.core.pdp.SOAPSAMLXACMLPDP; +import org.picketlink.identity.federation.app.pdp.SecurityActions; +import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; +import org.picketlink.identity.federation.core.saml.v2.util.SOAPSAMLXACMLUtil; +import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter; +import org.picketlink.identity.federation.core.util.StaxUtil; +import org.picketlink.identity.federation.core.util.SystemPropertiesUtil; +import org.picketlink.identity.federation.saml.v2.protocol.ResponseType; +import org.picketlink.identity.federation.saml.v2.protocol.XACMLAuthzDecisionQueryType; +import org.w3c.dom.Document; + +/** + * <p> + * Default implementation of the {@code SecurityTokenService} interface. + * </p> + * + * @author Anil.Saldhana(a)redhat.com + * @author <a href="mailto:pskopek@redhat.com">Peter Skopek</a> + */ +@WebServiceProvider(serviceName = "SOAPSAMLXACMLPDP", portName = "SOAPSAMLXACMLPort", targetNamespace = "urn:picketlink:identity-federation:pdp", wsdlLocation = "WEB-INF/wsdl/SOAPSAMLXACMLPDP.wsdl") +@ServiceMode(value = Service.Mode.MESSAGE) +public class SOAPSAMLXACMLPDPService implements Provider<Source> +{ + + @Resource + protected WebServiceContext context; + + protected Logger log = Logger.getLogger(SOAPSAMLXACMLPDP.class); + + protected String policyConfigFileName = "policyConfig.xml"; + + protected PolicyDecisionPoint pdp; + + protected String issuer = "PicketLinkPDP"; + + public SOAPSAMLXACMLPDPService() + { + try + { + pdp = getPDP(); + } + catch (PrivilegedActionException e) + { + throw new RuntimeException(e); + } + } + + public Source invoke(Source request) + { + + try + { + Document doc = (Document) DocumentUtil.getNodeFromSource(request); + if (log.isDebugEnabled()) + { + log.debug("Received Message::" + DocumentUtil.asString(doc)); + } + XACMLAuthzDecisionQueryType xacmlQuery = SOAPSAMLXACMLUtil.getXACMLQueryType(doc); + ResponseType samlResponseType = SOAPSAMLXACMLUtil.handleXACMLQuery(pdp, issuer, xacmlQuery); + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + XMLStreamWriter xmlStreamWriter = StaxUtil.getXMLStreamWriter(baos); + + SAMLResponseWriter samlResponseWriter = new SAMLResponseWriter(xmlStreamWriter); + samlResponseWriter.write(samlResponseType); + Document responseDocument = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray())); + + return new DOMSource(responseDocument.getDocumentElement()); + } + catch (Exception e) + { + throw new RuntimeException(e); + } + + } + + + private PolicyDecisionPoint getPDP() throws PrivilegedActionException + { + SystemPropertiesUtil.ensure(); + + URL url = SecurityActions.loadResource(getClass(), policyConfigFileName); + if (url == null) + throw new IllegalStateException(ErrorCodes.FILE_NOT_LOCATED + policyConfigFileName); + + InputStream is; + try + { + is = url.openStream(); + } + catch (IOException e) + { + throw new RuntimeException(e); + } + return new JBossPDP(is); + } + +} \ No newline at end of file