Author: anil.saldhana(a)jboss.com Date: 2011-06-17 14:30:34 -0400 (Fri, 17 Jun 2011) New Revision: 1008 Modified: federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/SOAPSAMLXACMLServletUnitTestCase.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/DocumentUtil.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/SOAPUtil.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/identity/federation/core/wstrust/handlers/STSSaml20HandlerTestCase.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java Log: soap util Modified: federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/SOAPSAMLXACMLServletUnitTestCase.java =================================================================== --- federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/SOAPSAMLXACMLServletUnitTestCase.java 2011-06-17 18:29:57 UTC (rev 1007) +++ federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/SOAPSAMLXACMLServletUnitTestCase.java 2011-06-17 18:30:34 UTC (rev 1008) @@ -33,7 +33,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; -import javax.xml.soap.MessageFactory; import javax.xml.soap.SOAPBody; import javax.xml.soap.SOAPEnvelope; import javax.xml.soap.SOAPMessage; @@ -45,6 +44,7 @@ import org.picketlink.identity.federation.bindings.servlets.SOAPSAMLXACMLServlet; import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; import org.picketlink.identity.federation.core.saml.v2.util.SOAPSAMLXACMLUtil; +import org.picketlink.identity.federation.core.util.SOAPUtil; import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -88,7 +88,7 @@ bis = new ByteArrayInputStream(baos.toByteArray()); - SOAPMessage soapMessage = SOAPSAMLXACMLUtil.getSOAPMessage(bis); + SOAPMessage soapMessage = SOAPUtil.getSOAPMessage(bis); Node xacmlNode = soapMessage.getSOAPBody().getChildNodes().item(0); assertTrue(xacmlNode instanceof Element); Element xacmlElement = (Element) xacmlNode; @@ -129,7 +129,7 @@ ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray()); - SOAPMessage soapMessage = SOAPSAMLXACMLUtil.getSOAPMessage(bis); + SOAPMessage soapMessage = SOAPUtil.getSOAPMessage(bis); Node xacmlNode = soapMessage.getSOAPBody().getChildNodes().item(0); XACMLAuthzDecisionStatementType xacmlStatement = SOAPSAMLXACMLUtil.getDecisionStatement(xacmlNode); @@ -169,8 +169,7 @@ private InputStream getSOAPStream(InputStream dataStream) throws Exception { - MessageFactory messageFactory = MessageFactory.newInstance(); - SOAPMessage message = messageFactory.createMessage(); + SOAPMessage message = SOAPUtil.create(); SOAPPart soapPart = message.getSOAPPart(); SOAPEnvelope envelope = soapPart.getEnvelope(); SOAPBody body = envelope.getBody(); Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/DocumentUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/DocumentUtil.java 2011-06-17 18:29:57 UTC (rev 1007) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/DocumentUtil.java 2011-06-17 18:30:34 UTC (rev 1008) @@ -268,7 +268,7 @@ return sw.toString(); } - + /** * <p>Get an element from the document given its {@link QName} </p> * <p>First an attempt to get the element based on its namespace is made, failing which @@ -277,16 +277,16 @@ * @param elementQName * @return */ - public static Element getElement( Document doc, QName elementQName ) + public static Element getElement(Document doc, QName elementQName) { - NodeList nl = doc.getElementsByTagNameNS( elementQName.getNamespaceURI(), elementQName.getLocalPart() ); - if( nl.getLength() == 0 ) + NodeList nl = doc.getElementsByTagNameNS(elementQName.getNamespaceURI(), elementQName.getLocalPart()); + if (nl.getLength() == 0) { - nl = doc.getElementsByTagNameNS( "*", elementQName.getLocalPart() ); - if( nl.getLength() == 0 ) - nl = doc.getElementsByTagName( elementQName.getPrefix() + ":" + elementQName.getLocalPart() ); - if( nl.getLength() == 0 ) - return null; + nl = doc.getElementsByTagNameNS("*", elementQName.getLocalPart()); + if (nl.getLength() == 0) + nl = doc.getElementsByTagName(elementQName.getPrefix() + ":" + elementQName.getLocalPart()); + if (nl.getLength() == 0) + return null; } return (Element) nl.item(0); } @@ -310,7 +310,7 @@ * @throws ConfigurationException * @throws ProcessingException */ - public static InputStream getSourceAsStream(Source source) throws ConfigurationException, ProcessingException + public static InputStream getSourceAsStream(Source source) throws ConfigurationException, ProcessingException { ByteArrayOutputStream baos = new ByteArrayOutputStream(); Result streamResult = new StreamResult(baos); @@ -327,7 +327,7 @@ return new ByteArrayInputStream(baos.toByteArray()); } - + /** * Stream a DOM Node as a String * @param node @@ -460,6 +460,21 @@ } } + public static Document getDocumentFromSource(Source source) throws ProcessingException, ConfigurationException + { + try + { + Transformer transformer = TransformerUtil.getTransformer(); + DOMResult result = new DOMResult(); + transformer.transform(source, result); + return (Document) result.getNode(); + } + catch (TransformerException te) + { + throw new ProcessingException(te); + } + } + private static void visit(Node node, int level) { // Visit each child @@ -485,5 +500,5 @@ factory.setNamespaceAware(true); factory.setXIncludeAware(true); return factory; - } + } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java 2011-06-17 18:29:57 UTC (rev 1007) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java 2011-06-17 18:30:34 UTC (rev 1008) @@ -22,17 +22,10 @@ package org.picketlink.identity.federation.core.saml.v2.util; import java.io.IOException; -import java.io.InputStream; import java.util.ArrayList; import java.util.List; import java.util.Set; -import javax.xml.soap.MessageFactory; -import javax.xml.soap.SOAPBody; -import javax.xml.soap.SOAPEnvelope; -import javax.xml.soap.SOAPException; -import javax.xml.soap.SOAPFault; -import javax.xml.soap.SOAPMessage; import javax.xml.stream.XMLEventReader; import org.jboss.security.xacml.core.JBossRequestContext; @@ -56,7 +49,7 @@ import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.StatementAbstractType; import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType; -import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType; +import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType; import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType.RTChoiceType; import org.w3c.dom.Node; @@ -67,7 +60,7 @@ * @since Jan 28, 2009 */ public class SOAPSAMLXACMLUtil -{ +{ /** * Parse the XACML Authorization Decision Query from the Dom Element * @param samlRequest @@ -76,16 +69,16 @@ * @throws ConfigurationException * @throws ParsingException */ - public static XACMLAuthzDecisionQueryType getXACMLQueryType( Node samlRequest ) - throws ParsingException, ConfigurationException, ProcessingException + public static XACMLAuthzDecisionQueryType getXACMLQueryType(Node samlRequest) throws ParsingException, + ConfigurationException, ProcessingException { //We reparse it because the document may have issues with namespaces //String elementString = DocumentUtil.getDOMElementAsString(samlRequest); - - XMLEventReader xmlEventReader = StaxParserUtil.getXMLEventReader( DocumentUtil.getNodeAsStream( samlRequest )); + + XMLEventReader xmlEventReader = StaxParserUtil.getXMLEventReader(DocumentUtil.getNodeAsStream(samlRequest)); SAMLXACMLRequestParser samlXACMLRequestParser = new SAMLXACMLRequestParser(); return (XACMLAuthzDecisionQueryType) samlXACMLRequestParser.parse(xmlEventReader); - + /*Unmarshaller um = JAXBUtil.getUnmarshaller(collectivePackage); um.setEventHandler(new javax.xml.bind.helpers.DefaultValidationEventHandler()); @@ -95,54 +88,37 @@ throw new RuntimeException("Unsupported type:" + xacmlObject); return (XACMLAuthzDecisionQueryType)xacmlObject; */ } - - public static XACMLAuthzDecisionStatementType getDecisionStatement( Node samlResponse ) throws ConfigurationException, ProcessingException, ParsingException + + public static XACMLAuthzDecisionStatementType getDecisionStatement(Node samlResponse) throws ConfigurationException, + ProcessingException, ParsingException { - XMLEventReader xmlEventReader = StaxParserUtil.getXMLEventReader( DocumentUtil.getNodeAsStream( samlResponse )); + XMLEventReader xmlEventReader = StaxParserUtil.getXMLEventReader(DocumentUtil.getNodeAsStream(samlResponse)); SAMLParser samlParser = new SAMLParser(); - org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType response = - (org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType) samlParser.parse( xmlEventReader ); + org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType response = (org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType) samlParser + .parse(xmlEventReader); List<RTChoiceType> choices = response.getAssertions(); - for( RTChoiceType rst: choices ) + for (RTChoiceType rst : choices) { AssertionType assertion = rst.getAssertion(); - if( assertion == null ) + if (assertion == null) continue; Set<StatementAbstractType> stats = assertion.getStatements(); - for( StatementAbstractType stat: stats ) + for (StatementAbstractType stat : stats) { - if( stat instanceof XACMLAuthzDecisionStatementType ) + if (stat instanceof XACMLAuthzDecisionStatementType) { return (XACMLAuthzDecisionStatementType) stat; } } } - - throw new RuntimeException( "Not found XACMLAuthzDecisionStatementType" ); + + throw new RuntimeException("Not found XACMLAuthzDecisionStatementType"); } - - public static SOAPMessage getSOAPMessage( InputStream is ) throws IOException, SOAPException + + public synchronized static org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType handleXACMLQuery( + PolicyDecisionPoint pdp, String issuer, XACMLAuthzDecisionQueryType xacmlRequest) throws ProcessingException, + ConfigurationException { - MessageFactory messageFactory = MessageFactory.newInstance(); - return messageFactory.createMessage(null, is ); - } - - public static SOAPMessage createFault( String message ) throws SOAPException - { - MessageFactory messageFactory = MessageFactory.newInstance(); - SOAPMessage msg = messageFactory.createMessage() ; - SOAPEnvelope envelope = msg.getSOAPPart().getEnvelope(); - SOAPBody body = envelope.getBody(); - SOAPFault fault = body.addFault(); - fault.setFaultCode("Server"); - fault.setFaultActor( "urn:picketlink" ); - fault.setFaultString( message ); - return msg; - } - - public synchronized static org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType handleXACMLQuery( - PolicyDecisionPoint pdp, String issuer, XACMLAuthzDecisionQueryType xacmlRequest ) throws ProcessingException, ConfigurationException - { RequestType requestType = xacmlRequest.getRequest(); RequestContext requestContext = new JBossRequestContext(); @@ -152,38 +128,34 @@ } catch (IOException e) { - throw new ProcessingException( e ); + throw new ProcessingException(e); } //pdp evaluation is thread safe - ResponseContext responseContext = pdp.evaluate(requestContext); + ResponseContext responseContext = pdp.evaluate(requestContext); ResponseType responseType = new ResponseType(); ResultType resultType = responseContext.getResult(); responseType.getResult().add(resultType); - XACMLAuthzDecisionStatementType xacmlStatement = - XACMLContextFactory.createXACMLAuthzDecisionStatementType(requestType, responseType); + XACMLAuthzDecisionStatementType xacmlStatement = XACMLContextFactory.createXACMLAuthzDecisionStatementType( + requestType, responseType); //Place the xacml statement in an assertion //Then the assertion goes inside a SAML Response - String ID = IDGenerator.create("ID_"); - IssuerInfoHolder issuerInfo = new IssuerInfoHolder( issuer ); + String ID = IDGenerator.create("ID_"); + IssuerInfoHolder issuerInfo = new IssuerInfoHolder(issuer); List<StatementAbstractType> statements = new ArrayList<StatementAbstractType>(); statements.add(xacmlStatement); - AssertionType assertion = SAMLAssertionFactory.createAssertion(ID, - issuerInfo.getIssuer(), - XMLTimeUtil.getIssueInstant(), - null, - null, - statements); + AssertionType assertion = SAMLAssertionFactory.createAssertion(ID, issuerInfo.getIssuer(), + XMLTimeUtil.getIssueInstant(), null, null, statements); - org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType samlResponseType = JBossSAMLAuthnResponseFactory.createResponseType( ID, issuerInfo, assertion ); + org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType samlResponseType = JBossSAMLAuthnResponseFactory + .createResponseType(ID, issuerInfo, assertion); - return samlResponseType; } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/SOAPUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/SOAPUtil.java 2011-06-17 18:29:57 UTC (rev 1007) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/SOAPUtil.java 2011-06-17 18:30:34 UTC (rev 1008) @@ -21,10 +21,21 @@ */ package org.picketlink.identity.federation.core.util; +import java.io.IOException; +import java.io.InputStream; +import java.security.GeneralSecurityException; + import javax.xml.soap.MessageFactory; +import javax.xml.soap.SOAPBody; +import javax.xml.soap.SOAPEnvelope; import javax.xml.soap.SOAPException; +import javax.xml.soap.SOAPFault; import javax.xml.soap.SOAPMessage; +import javax.xml.transform.Source; +import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; +import org.w3c.dom.Node; + /** * Utility class dealing with SAAJ * @author Anil.Saldhana(a)redhat.com @@ -40,4 +51,39 @@ return soapMessage; } + public static SOAPMessage getSOAPMessage(InputStream is) throws IOException, SOAPException + { + MessageFactory messageFactory = MessageFactory.newInstance(); + return messageFactory.createMessage(null, is); + } + + public static SOAPMessage createFault(String message) throws SOAPException + { + MessageFactory messageFactory = MessageFactory.newInstance(); + SOAPMessage msg = messageFactory.createMessage(); + SOAPEnvelope envelope = msg.getSOAPPart().getEnvelope(); + SOAPBody body = envelope.getBody(); + SOAPFault fault = body.addFault(); + fault.setFaultCode("Server"); + fault.setFaultActor("urn:picketlink"); + fault.setFaultString(message); + return msg; + } + + public static Node getSOAPData(SOAPMessage soapMessage) throws SOAPException + { + return soapMessage.getSOAPBody().getFirstChild(); + } + + public static void addData(Source data, SOAPMessage soapMessage) throws SOAPException + { + try + { + soapMessage.getSOAPBody().addDocument(DocumentUtil.getDocumentFromSource(data)); + } + catch (GeneralSecurityException e) + { + throw new RuntimeException(e); + } + } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/identity/federation/core/wstrust/handlers/STSSaml20HandlerTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/identity/federation/core/wstrust/handlers/STSSaml20HandlerTestCase.java 2011-06-17 18:29:57 UTC (rev 1007) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/identity/federation/core/wstrust/handlers/STSSaml20HandlerTestCase.java 2011-06-17 18:30:34 UTC (rev 1008) @@ -20,30 +20,30 @@ */ package org.picketlink.identity.federation.core.wstrust.handlers; -import static org.junit.Assert.*; +import static javax.xml.ws.handler.MessageContext.MESSAGE_OUTBOUND_PROPERTY; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; import static org.mockito.Matchers.any; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; -import static javax.xml.ws.handler.soap.SOAPMessageContext.MESSAGE_OUTBOUND_PROPERTY; -import javax.xml.ws.handler.soap.SOAPMessageContext; import javax.xml.namespace.QName; -import javax.xml.soap.MessageFactory; import javax.xml.soap.SOAPElement; import javax.xml.soap.SOAPException; import javax.xml.soap.SOAPFault; import javax.xml.soap.SOAPHeader; import javax.xml.soap.SOAPHeaderElement; import javax.xml.soap.SOAPMessage; +import javax.xml.ws.handler.soap.SOAPMessageContext; import javax.xml.ws.soap.SOAPFaultException; import org.junit.Before; import org.junit.Test; import org.picketlink.identity.federation.core.exceptions.ParsingException; +import org.picketlink.identity.federation.core.util.SOAPUtil; import org.picketlink.identity.federation.core.wstrust.STSClient; import org.picketlink.identity.federation.core.wstrust.STSClientConfig.Builder; -import org.picketlink.identity.federation.core.wstrust.handlers.STSSaml20Handler; -import org.picketlink.identity.federation.core.wstrust.handlers.STSSecurityHandler; import org.w3c.dom.Element; /** @@ -63,174 +63,178 @@ */ public class STSSaml20HandlerTestCase { - private SOAPMessageContext soapMessageContext; - private SOAPMessage soapMessage; - private STSClient wsTrustClient; - private STSSaml20Handler samlHandler; - - @Test - public void handleMessageValidToken() throws Exception - { - when(wsTrustClient.validateToken((any(Element.class)))).thenReturn(true); - - final SOAPHeaderElement securityHeader = addSecurityHeader(soapMessage.getSOAPHeader()); - addSecurityAssertionElement(securityHeader); - - when(soapMessageContext.get(MESSAGE_OUTBOUND_PROPERTY)).thenReturn(false); - when(soapMessageContext.getMessage()).thenReturn(soapMessage); - - boolean result = samlHandler.handleMessage(soapMessageContext); - assertTrue(result); - } - - @Test - public void handleMessageInValidToken() throws Exception - { - when(wsTrustClient.validateToken((any(Element.class)))).thenReturn(false); - - final SOAPHeaderElement securityHeader = addSecurityHeader(soapMessage.getSOAPHeader()); - addSecurityAssertionElement(securityHeader); + private SOAPMessageContext soapMessageContext; - when(soapMessageContext.get(MESSAGE_OUTBOUND_PROPERTY)).thenReturn(false); - when(soapMessageContext.getMessage()).thenReturn(soapMessage); - try - { - samlHandler.handleMessage(soapMessageContext); - fail("handleMessage should have thrown an exception"); - } - catch (final Exception e) - { - assertTrue (e instanceof SOAPFaultException); - assertSoapFaultString(e, "The security token could not be authenticated or authorized"); - } - } - - @Test - public void handleMessageMissingSecurityToken() throws Exception - { - when(soapMessageContext.get(MESSAGE_OUTBOUND_PROPERTY)).thenReturn(false); - when(soapMessageContext.getMessage()).thenReturn(soapMessage); - try - { - samlHandler.handleMessage(soapMessageContext); - fail("handleMessage should have thrown a exception!"); - } - catch (final Exception e) - { - assertTrue (e instanceof SOAPFaultException); - assertSoapFaultString(e, "No security token could be found in the SOAP Header"); - } - } + private SOAPMessage soapMessage; - @Test - public void handleMessageInvalidSecurityToken() throws Exception - { - when(wsTrustClient.validateToken((any(Element.class)))).thenReturn(false); - - final SOAPHeaderElement securityHeader = addSecurityHeader(soapMessage.getSOAPHeader()); - addSecurityAssertionElement(securityHeader); - - when(soapMessageContext.get(MESSAGE_OUTBOUND_PROPERTY)).thenReturn(false); - when(soapMessageContext.getMessage()).thenReturn(soapMessage); - try - { - samlHandler.handleMessage(soapMessageContext); - fail("handleMessage should have thrown a exception!"); - } - catch (final Exception e) - { - assertTrue (e instanceof SOAPFaultException); - assertSoapFaultString(e, "The security token could not be authenticated or authorized"); - } - } + private STSClient wsTrustClient; - @Test - public void usernamePasswordFromSOAPMessageContext() throws Exception - { - when(wsTrustClient.validateToken((any(Element.class)))).thenReturn(true); - - final SOAPHeaderElement securityHeader = addSecurityHeader(soapMessage.getSOAPHeader()); - addSecurityAssertionElement(securityHeader); - - when(soapMessageContext.get(MESSAGE_OUTBOUND_PROPERTY)).thenReturn(false); - when(soapMessageContext.getMessage()).thenReturn(soapMessage); - - when(soapMessageContext.get(STSSecurityHandler.USERNAME_MSG_CONTEXT_PROPERTY)).thenReturn("Fletch"); - when(soapMessageContext.get(STSSecurityHandler.PASSWORD_MSG_CONTEXT_PROPERTY)).thenReturn("letmein"); - - samlHandler.handleMessage(soapMessageContext); - - assertEquals("Fletch", samlHandler.getConfigBuilder().getUsername()); - assertEquals("letmein", samlHandler.getConfigBuilder().getPassword()); - } - - @Test - public void handleMessageOutbound() - { - when(soapMessageContext.get(MESSAGE_OUTBOUND_PROPERTY)).thenReturn(true); - assertTrue(new STSSaml20Handler().handleMessage(soapMessageContext)); - } + private STSSaml20Handler samlHandler; - @Before - public void setUp() - { - // Create a Mock for WSTrustClient. - wsTrustClient = mock(STSClient.class); - - samlHandler = new FakeSamlHandler(wsTrustClient); - samlHandler.setConfigFile("wstrust/auth/jboss-sts-client.properties"); - // Simulate the WS Engine calling @PostConstruct. - samlHandler.parseSTSConfig(); - - soapMessageContext = mock(SOAPMessageContext.class); - - try - { - soapMessage = MessageFactory.newInstance().createMessage(); - } - catch (SOAPException e) - { - e.printStackTrace(); - fail(e.getMessage()); - } - } - - private SOAPHeaderElement addSecurityHeader(final SOAPHeader soapHeader) throws SOAPException - { - final QName securityQName = samlHandler.getSecurityElementQName(); - final SOAPHeaderElement securityHeader = soapHeader.addHeaderElement(new QName(securityQName.getNamespaceURI(), securityQName.getLocalPart(), "wsse")); - soapHeader.addChildElement(securityHeader); - return securityHeader; - } + @Test + public void handleMessageValidToken() throws Exception + { + when(wsTrustClient.validateToken((any(Element.class)))).thenReturn(true); - private SOAPElement addSecurityAssertionElement(final SOAPHeaderElement securityHeader) throws SOAPException - { - final QName tokenElementQName = this.samlHandler.getTokenElementQName(); - final SOAPElement tokenElement = securityHeader.addChildElement(new QName(tokenElementQName.getNamespaceURI(), tokenElementQName.getLocalPart(), "saml")); - return securityHeader.addChildElement(tokenElement); - } + final SOAPHeaderElement securityHeader = addSecurityHeader(soapMessage.getSOAPHeader()); + addSecurityAssertionElement(securityHeader); - private void assertSoapFaultString(final Exception e, final String str) - { - SOAPFaultException soapFaultException = (SOAPFaultException) e; - SOAPFault fault = soapFaultException.getFault(); - assertEquals(str, fault.getFaultString()); - } + when(soapMessageContext.get(MESSAGE_OUTBOUND_PROPERTY)).thenReturn(false); + when(soapMessageContext.getMessage()).thenReturn(soapMessage); - private class FakeSamlHandler extends STSSaml20Handler - { - private final STSClient stsClient; + boolean result = samlHandler.handleMessage(soapMessageContext); + assertTrue(result); + } - public FakeSamlHandler(final STSClient stsClient) - { - this.stsClient = stsClient; - } + @Test + public void handleMessageInValidToken() throws Exception + { + when(wsTrustClient.validateToken((any(Element.class)))).thenReturn(false); - @Override - protected STSClient createSTSClient(Builder builder) throws ParsingException - { - return stsClient; - } - } + final SOAPHeaderElement securityHeader = addSecurityHeader(soapMessage.getSOAPHeader()); + addSecurityAssertionElement(securityHeader); + + when(soapMessageContext.get(MESSAGE_OUTBOUND_PROPERTY)).thenReturn(false); + when(soapMessageContext.getMessage()).thenReturn(soapMessage); + try + { + samlHandler.handleMessage(soapMessageContext); + fail("handleMessage should have thrown an exception"); + } + catch (final Exception e) + { + assertTrue(e instanceof SOAPFaultException); + assertSoapFaultString(e, "The security token could not be authenticated or authorized"); + } + } + + @Test + public void handleMessageMissingSecurityToken() throws Exception + { + when(soapMessageContext.get(MESSAGE_OUTBOUND_PROPERTY)).thenReturn(false); + when(soapMessageContext.getMessage()).thenReturn(soapMessage); + try + { + samlHandler.handleMessage(soapMessageContext); + fail("handleMessage should have thrown a exception!"); + } + catch (final Exception e) + { + assertTrue(e instanceof SOAPFaultException); + assertSoapFaultString(e, "No security token could be found in the SOAP Header"); + } + } + + @Test + public void handleMessageInvalidSecurityToken() throws Exception + { + when(wsTrustClient.validateToken((any(Element.class)))).thenReturn(false); + + final SOAPHeaderElement securityHeader = addSecurityHeader(soapMessage.getSOAPHeader()); + addSecurityAssertionElement(securityHeader); + + when(soapMessageContext.get(MESSAGE_OUTBOUND_PROPERTY)).thenReturn(false); + when(soapMessageContext.getMessage()).thenReturn(soapMessage); + try + { + samlHandler.handleMessage(soapMessageContext); + fail("handleMessage should have thrown a exception!"); + } + catch (final Exception e) + { + assertTrue(e instanceof SOAPFaultException); + assertSoapFaultString(e, "The security token could not be authenticated or authorized"); + } + } + + @Test + public void usernamePasswordFromSOAPMessageContext() throws Exception + { + when(wsTrustClient.validateToken((any(Element.class)))).thenReturn(true); + + final SOAPHeaderElement securityHeader = addSecurityHeader(soapMessage.getSOAPHeader()); + addSecurityAssertionElement(securityHeader); + + when(soapMessageContext.get(MESSAGE_OUTBOUND_PROPERTY)).thenReturn(false); + when(soapMessageContext.getMessage()).thenReturn(soapMessage); + + when(soapMessageContext.get(STSSecurityHandler.USERNAME_MSG_CONTEXT_PROPERTY)).thenReturn("Fletch"); + when(soapMessageContext.get(STSSecurityHandler.PASSWORD_MSG_CONTEXT_PROPERTY)).thenReturn("letmein"); + + samlHandler.handleMessage(soapMessageContext); + + assertEquals("Fletch", samlHandler.getConfigBuilder().getUsername()); + assertEquals("letmein", samlHandler.getConfigBuilder().getPassword()); + } + + @Test + public void handleMessageOutbound() + { + when(soapMessageContext.get(MESSAGE_OUTBOUND_PROPERTY)).thenReturn(true); + assertTrue(new STSSaml20Handler().handleMessage(soapMessageContext)); + } + + @Before + public void setUp() + { + // Create a Mock for WSTrustClient. + wsTrustClient = mock(STSClient.class); + + samlHandler = new FakeSamlHandler(wsTrustClient); + samlHandler.setConfigFile("wstrust/auth/jboss-sts-client.properties"); + // Simulate the WS Engine calling @PostConstruct. + samlHandler.parseSTSConfig(); + + soapMessageContext = mock(SOAPMessageContext.class); + + try + { + soapMessage = SOAPUtil.create(); + } + catch (SOAPException e) + { + e.printStackTrace(); + fail(e.getMessage()); + } + } + + private SOAPHeaderElement addSecurityHeader(final SOAPHeader soapHeader) throws SOAPException + { + final QName securityQName = samlHandler.getSecurityElementQName(); + final SOAPHeaderElement securityHeader = soapHeader.addHeaderElement(new QName(securityQName.getNamespaceURI(), + securityQName.getLocalPart(), "wsse")); + soapHeader.addChildElement(securityHeader); + return securityHeader; + } + + private SOAPElement addSecurityAssertionElement(final SOAPHeaderElement securityHeader) throws SOAPException + { + final QName tokenElementQName = this.samlHandler.getTokenElementQName(); + final SOAPElement tokenElement = securityHeader.addChildElement(new QName(tokenElementQName.getNamespaceURI(), + tokenElementQName.getLocalPart(), "saml")); + return securityHeader.addChildElement(tokenElement); + } + + private void assertSoapFaultString(final Exception e, final String str) + { + SOAPFaultException soapFaultException = (SOAPFaultException) e; + SOAPFault fault = soapFaultException.getFault(); + assertEquals(str, fault.getFaultString()); + } + + private class FakeSamlHandler extends STSSaml20Handler + { + private final STSClient stsClient; + + public FakeSamlHandler(final STSClient stsClient) + { + this.stsClient = stsClient; + } + + @Override + protected STSClient createSTSClient(Builder builder) throws ParsingException + { + return stsClient; + } + } } - Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java 2011-06-17 18:29:57 UTC (rev 1007) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java 2011-06-17 18:30:34 UTC (rev 1008) @@ -33,7 +33,6 @@ import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.xml.soap.MessageFactory; import javax.xml.soap.SOAPBody; import javax.xml.soap.SOAPEnvelope; import javax.xml.soap.SOAPException; @@ -51,6 +50,7 @@ import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; import org.picketlink.identity.federation.core.saml.v2.util.SOAPSAMLXACMLUtil; import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter; +import org.picketlink.identity.federation.core.util.SOAPUtil; import org.picketlink.identity.federation.core.util.StaxUtil; import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType; import org.w3c.dom.Document; @@ -64,15 +64,17 @@ * @since Jan 27, 2009 */ public class SOAPSAMLXACMLServlet extends HttpServlet -{ +{ private static Logger log = Logger.getLogger(SOAPSAMLXACMLServlet.class); - private boolean trace = log.isTraceEnabled(); + private final boolean trace = log.isTraceEnabled(); + private static final long serialVersionUID = 1L; private String policyConfigFileName = null; private String issuerId = null; + private String issuer = null; boolean debug = false; @@ -80,37 +82,37 @@ private transient PolicyDecisionPoint pdp = null; public void init(ServletConfig config) throws ServletException - { + { issuerId = config.getInitParameter("issuerID"); - if(issuerId == null) + if (issuerId == null) issuerId = "issue-id:1"; - issuer = config.getInitParameter("issuer"); - if(issuer == null) + issuer = config.getInitParameter("issuer"); + if (issuer == null) issuer = "urn:jboss-identity"; policyConfigFileName = config.getInitParameter("policyConfigFileName"); - if(policyConfigFileName == null) - policyConfigFileName = "policyConfig.xml"; + if (policyConfigFileName == null) + policyConfigFileName = "policyConfig.xml"; String debugStr = config.getInitParameter("debug"); try { debug = Boolean.parseBoolean(debugStr); } - catch(Exception ignore) + catch (Exception ignore) { debug = false; } - if(trace) + if (trace) { log.trace("Issuer=" + issuer + " :: issuerID=" + issuerId); log.trace("PolicyConfig File:" + policyConfigFileName); - log.trace("Debug="+debug); + log.trace("Debug=" + debug); } - if(debug) + if (debug) { SecurityActions.setSystemProperty("jaxb.debug", "true"); } @@ -121,70 +123,69 @@ } catch (PrivilegedActionException e) { - log("Exception loading PDP::",e); + log("Exception loading PDP::", e); throw new ServletException("Unable to load PDP"); } - super.init(config); + super.init(config); } @Override protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { XACMLAuthzDecisionQueryType xacmlRequest = null; - MessageFactory messageFactory = null; SOAPMessage returnSOAPMessage = null; try { try { - messageFactory = MessageFactory.newInstance(); - SOAPMessage soapMessage = messageFactory.createMessage( null, req.getInputStream() ); + SOAPMessage soapMessage = SOAPUtil.getSOAPMessage(req.getInputStream()); SOAPEnvelope soapEnvelope = soapMessage.getSOAPPart().getEnvelope(); SOAPBody soapBody = soapEnvelope.getBody(); NodeList nl = soapBody.getChildNodes(); Node node = null; - + int length = nl != null ? nl.getLength() : 0; - for( int i = 0; i < length; i++ ) + for (int i = 0; i < length; i++) { - Node n = nl.item(i); + Node n = nl.item(i); String localName = n.getLocalName(); - if( localName != null && ( localName.contains( JBossSAMLConstants.XACML_AUTHZ_DECISION_QUERY.get() ) - || localName.contains( JBossSAMLConstants.REQUEST_ABSTRACT.get() ))) + if (localName != null + && (localName.contains(JBossSAMLConstants.XACML_AUTHZ_DECISION_QUERY.get()) || localName + .contains(JBossSAMLConstants.REQUEST_ABSTRACT.get()))) { node = n; break; } } - if( node == null ) - throw new ServletException( "Did not find XACML query nodes" ); - xacmlRequest = SOAPSAMLXACMLUtil.getXACMLQueryType( node ); + if (node == null) + throw new ServletException("Did not find XACML query nodes"); + xacmlRequest = SOAPSAMLXACMLUtil.getXACMLQueryType(node); } catch (SOAPException e) - { + { e.printStackTrace(); - throw new ServletException( e ); + throw new ServletException(e); } catch (ParsingException e) { - throw new ServletException( e ); + throw new ServletException(e); } catch (ConfigurationException e) { - throw new ServletException( e ); + throw new ServletException(e); } catch (ProcessingException e) { - throw new ServletException( e ); + throw new ServletException(e); } /*JAXBElement<RequestAbstractType> jaxbRequestType = null; - Envelope envelope = null; - XACMLAuthzDecisionQueryType xacmlRequest = null; + Envelope envelope = null; + XACMLAuthzDecisionQueryType xacmlRequest = null; - try - { + try + { Document inputDoc = DocumentUtil.getDocument(req.getInputStream()); if(debug && trace) log.trace("Received SOAP:"+DocumentUtil.asString(inputDoc)); @@ -224,12 +225,11 @@ */ + if (xacmlRequest == null) + throw new IOException("XACML Request not parsed"); - if(xacmlRequest == null) - throw new IOException("XACML Request not parsed"); - - org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType samlResponseType = - SOAPSAMLXACMLUtil.handleXACMLQuery(pdp, issuer, xacmlRequest); + org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType samlResponseType = SOAPSAMLXACMLUtil + .handleXACMLQuery(pdp, issuer, xacmlRequest); /*RequestType requestType = xacmlRequest.getRequest(); @@ -264,65 +264,65 @@ statements); org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType samlResponseType = saml2Response.createResponseType(ID, issuerInfo, assertion); -*/ + */ ByteArrayOutputStream baos = new ByteArrayOutputStream(); XMLStreamWriter xmlStreamWriter = StaxUtil.getXMLStreamWriter(baos); - SAMLResponseWriter samlResponseWriter = new SAMLResponseWriter( xmlStreamWriter ); - samlResponseWriter.write( samlResponseType ); - Document responseDocument = DocumentUtil.getDocument( new ByteArrayInputStream( baos.toByteArray() )); + SAMLResponseWriter samlResponseWriter = new SAMLResponseWriter(xmlStreamWriter); + samlResponseWriter.write(samlResponseType); + Document responseDocument = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray())); - returnSOAPMessage = messageFactory.createMessage(); + returnSOAPMessage = SOAPUtil.create(); SOAPBody returnSOAPBody = returnSOAPMessage.getSOAPBody(); - returnSOAPBody.addDocument( responseDocument ); + returnSOAPBody.addDocument(responseDocument); /*JAXBElement<?> jaxbResponse = JAXBElementMappingUtil.get(); //Create a SOAP Envelope to hold the SAML response envelope = this.createEnvelope(jaxbResponse); */ } - catch ( Exception e ) - { + catch (Exception e) + { e.printStackTrace(); String id = IDGenerator.create(); - log.error(id + "::Exception:", e); + log.error(id + "::Exception:", e); try { - returnSOAPMessage = SOAPSAMLXACMLUtil.createFault( "Server Error" ); + returnSOAPMessage = SOAPUtil.createFault("Server Error"); } catch (SOAPException e1) - { + { } //envelope = this.createEnvelope(this.createFault("Server Error. Reference::" + id)); - } + } finally { resp.setContentType("text/xml;charset=utf-8");; - OutputStream os = resp.getOutputStream(); + OutputStream os = resp.getOutputStream(); try { - if( returnSOAPMessage == null ) - throw new RuntimeException( "SOAPMessage for return is null" ); - returnSOAPMessage.writeTo( os ); + if (returnSOAPMessage == null) + throw new RuntimeException("SOAPMessage for return is null"); + returnSOAPMessage.writeTo(os); /*if(envelope == null) throw new IllegalStateException("SOAPEnvelope is null"); JAXBElement<?> jaxbEnvelope = JAXBElementMappingUtil.get(envelope); Marshaller marshaller = JAXBUtil.getMarshaller(SOAPSAMLXACMLUtil.getPackage()); marshaller.marshal(jaxbEnvelope, os); */ } - catch ( Exception e ) + catch (Exception e) { - log("marshalling exception",e); - } - } - } + log("marshalling exception", e); + } + } + } private PolicyDecisionPoint getPDP() throws PrivilegedActionException { ClassLoader tcl = SecurityActions.getContextClassLoader(); InputStream is = tcl.getResourceAsStream(this.policyConfigFileName); - if(is == null) - throw new IllegalStateException(policyConfigFileName + " could not be located"); - return new JBossPDP(is); - } + if (is == null) + throw new IllegalStateException(policyConfigFileName + " could not be located"); + return new JBossPDP(is); + } } \ No newline at end of file