Author: anil.saldhana(a)jboss.com
Date: 2011-04-05 13:06:43 -0400 (Tue, 05 Apr 2011)
New Revision: 859
Modified:
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java
Log:
PLFED-164: pick assertion from subject
Modified:
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java
===================================================================
---
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java 2011-04-05
17:01:06 UTC (rev 858)
+++
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java 2011-04-05
17:06:43 UTC (rev 859)
@@ -35,6 +35,7 @@
import org.jboss.security.SecurityContext;
import org.jboss.wsf.common.handler.GenericSOAPHandler;
import org.picketlink.identity.federation.bindings.jboss.subject.PicketLinkPrincipal;
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.picketlink.identity.federation.core.wstrust.SamlCredential;
import org.picketlink.trust.jbossws.Constants;
@@ -53,7 +54,7 @@
* @author Anil Saldhana
* @version $Revision: 1 $
*/
-@SuppressWarnings({"rawtypes", "restriction"})
+@SuppressWarnings("rawtypes")
public class SAML2Handler extends GenericSOAPHandler
{
@@ -116,9 +117,15 @@
SOAPMessageContext ctx = (SOAPMessageContext) msgContext;
SOAPMessage soapMessage = ctx.getMessage();
- // retrieve assertion
+ // retrieve assertion first from the message context
Element assertion = (Element) ctx.get(SAML2Constants.SAML2_ASSERTION_PROPERTY);
+ //Assertion can also be obtained from the JAAS subject
+ if( assertion == null)
+ {
+ assertion = getAssertionFromSubject();
+ }
+
// add wsse header
Document document = soapMessage.getSOAPPart();
Element soapHeader = Util.findOrCreateSoapHeader(document.getDocumentElement());
@@ -173,5 +180,38 @@
}
return username;
}
-
-}
+
+ private Element getAssertionFromSubject()
+ {
+ Element assertion = null;
+ Subject subject = SecurityActions.getAuthenticatedSubject();
+
+ if(subject == null)
+ {
+ log.error("null subject, cannot extract SAML token required for
WS-TRUST");
+ return assertion;
+ }
+
+ Set<Object> creds = subject.getPublicCredentials();
+ if( creds != null )
+ {
+ for( Object cred: creds)
+ {
+ if( cred instanceof SamlCredential)
+ {
+ SamlCredential samlCredential = (SamlCredential) cred;
+ try
+ {
+ assertion = samlCredential.getAssertionAsElement();
+ }
+ catch (ProcessingException e)
+ {
+ log.error("failed to process SAML credential", e);
+ }
+ break;
+ }
+ }
+ }
+ return assertion;
+ }
+}
\ No newline at end of file
Modified:
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java
===================================================================
---
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java 2011-04-05
17:01:06 UTC (rev 858)
+++
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java 2011-04-05
17:06:43 UTC (rev 859)
@@ -35,14 +35,14 @@
* Privileged actions.
*
* @author <a href="mmoyses(a)redhat.com">Marcus Moyses</a>
+ * @author Anil Saldhana
* @version $Revision: 1 $
*/
class SecurityActions
-{
-
+{
static SecurityContext createSecurityContext(final Principal p, final Object cred,
final Subject subject)
{
- return (SecurityContext) AccessController.doPrivileged(new
PrivilegedAction<SecurityContext>()
+ return AccessController.doPrivileged(new PrivilegedAction<SecurityContext>()
{
public SecurityContext run()
{
@@ -71,4 +71,21 @@
}
});
}
-}
+ /**
+ * Get the {@link Subject} from the {@link SecurityContextAssociation}
+ * @return authenticated subject or null
+ */
+ static Subject getAuthenticatedSubject()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Subject>()
+ {
+ public Subject run()
+ {
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ if( sc != null )
+ return sc.getUtil().getSubject();
+ return null;
+ }
+ });
+ }
+}
\ No newline at end of file
Show replies by thread