Author: anil.saldhana(a)jboss.com Date: 2011-04-05 13:06:43 -0400 (Tue, 05 Apr 2011) New Revision: 859 Modified: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java Log: PLFED-164: pick assertion from subject Modified: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java =================================================================== --- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java 2011-04-05 17:01:06 UTC (rev 858) +++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java 2011-04-05 17:06:43 UTC (rev 859) @@ -35,6 +35,7 @@ import org.jboss.security.SecurityContext; import org.jboss.wsf.common.handler.GenericSOAPHandler; import org.picketlink.identity.federation.bindings.jboss.subject.PicketLinkPrincipal; +import org.picketlink.identity.federation.core.exceptions.ProcessingException; import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; import org.picketlink.identity.federation.core.wstrust.SamlCredential; import org.picketlink.trust.jbossws.Constants; @@ -53,7 +54,7 @@ * @author Anil Saldhana * @version $Revision: 1 $ */ -@SuppressWarnings({"rawtypes", "restriction"}) +@SuppressWarnings("rawtypes") public class SAML2Handler extends GenericSOAPHandler { @@ -116,9 +117,15 @@ SOAPMessageContext ctx = (SOAPMessageContext) msgContext; SOAPMessage soapMessage = ctx.getMessage(); - // retrieve assertion + // retrieve assertion first from the message context Element assertion = (Element) ctx.get(SAML2Constants.SAML2_ASSERTION_PROPERTY); + //Assertion can also be obtained from the JAAS subject + if( assertion == null) + { + assertion = getAssertionFromSubject(); + } + // add wsse header Document document = soapMessage.getSOAPPart(); Element soapHeader = Util.findOrCreateSoapHeader(document.getDocumentElement()); @@ -173,5 +180,38 @@ } return username; } - -} + + private Element getAssertionFromSubject() + { + Element assertion = null; + Subject subject = SecurityActions.getAuthenticatedSubject(); + + if(subject == null) + { + log.error("null subject, cannot extract SAML token required for WS-TRUST"); + return assertion; + } + + Set<Object> creds = subject.getPublicCredentials(); + if( creds != null ) + { + for( Object cred: creds) + { + if( cred instanceof SamlCredential) + { + SamlCredential samlCredential = (SamlCredential) cred; + try + { + assertion = samlCredential.getAssertionAsElement(); + } + catch (ProcessingException e) + { + log.error("failed to process SAML credential", e); + } + break; + } + } + } + return assertion; + } +} \ No newline at end of file Modified: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java =================================================================== --- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java 2011-04-05 17:01:06 UTC (rev 858) +++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java 2011-04-05 17:06:43 UTC (rev 859) @@ -35,14 +35,14 @@ * Privileged actions. * * @author <a href=&quot;mmoyses(a)redhat.com&quot;&gt;Marcus Moyses</a> + * @author Anil Saldhana * @version $Revision: 1 $ */ class SecurityActions -{ - +{ static SecurityContext createSecurityContext(final Principal p, final Object cred, final Subject subject) { - return (SecurityContext) AccessController.doPrivileged(new PrivilegedAction<SecurityContext>() + return AccessController.doPrivileged(new PrivilegedAction<SecurityContext>() { public SecurityContext run() { @@ -71,4 +71,21 @@ } }); } -} + /** + * Get the {@link Subject} from the {@link SecurityContextAssociation} + * @return authenticated subject or null + */ + static Subject getAuthenticatedSubject() + { + return AccessController.doPrivileged(new PrivilegedAction<Subject>() + { + public Subject run() + { + SecurityContext sc = SecurityContextAssociation.getSecurityContext(); + if( sc != null ) + return sc.getUtil().getSubject(); + return null; + } + }); + } +} \ No newline at end of file