Author: anil.saldhana(a)jboss.com Date: 2011-01-26 21:58:50 -0500 (Wed, 26 Jan 2011) New Revision: 663 Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SOAPSAMLXACMLPDP.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SecurityActions.java Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/soap/SOAPSAMLXACML.java federation/trunk/picketlink-fed-core/pom.xml federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java federation/trunk/picketlink-webapps/assembly/bin.xml Log: PLFED-121: SOAPSAMLXACMLPDP is a jaxws ws Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/soap/SOAPSAMLXACML.java =================================================================== --- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/soap/SOAPSAMLXACML.java 2011-01-27 02:55:46 UTC (rev 662) +++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/soap/SOAPSAMLXACML.java 2011-01-27 02:58:50 UTC (rev 663) @@ -34,6 +34,7 @@ import javax.xml.stream.XMLEventReader; import javax.xml.stream.XMLStreamWriter; +import org.apache.log4j.Logger; import org.jboss.security.xacml.core.model.context.DecisionType; import org.jboss.security.xacml.core.model.context.RequestType; import org.jboss.security.xacml.core.model.context.ResultType; @@ -67,6 +68,8 @@ */ public class SOAPSAMLXACML { + protected Logger log = Logger.getLogger( SOAPSAMLXACML.class ); + /** * Given an xacml request * @param endpoint @@ -92,10 +95,7 @@ NameIDType nameIDType = new NameIDType(); nameIDType.setValue(issuer); queryType.setIssuer(nameIDType); - - - MessageFactory messageFactory = MessageFactory.newInstance(); SOAPMessage soapMessage = messageFactory.createMessage(); @@ -105,8 +105,14 @@ SAMLRequestWriter samlRequestWriter = new SAMLRequestWriter( xmlStreamWriter ); samlRequestWriter.write( queryType ); - - Document reqDocument = DocumentUtil.getDocument( new ByteArrayInputStream( baos.toByteArray() )); + + if( log.isDebugEnabled() ) + { + log.debug( "Sending::" + new String( baos.toByteArray() ) ); + } + + Document reqDocument = DocumentUtil.getDocument( new ByteArrayInputStream( baos.toByteArray() )); + soapMessage.getSOAPBody().addDocument(reqDocument); Modified: federation/trunk/picketlink-fed-core/pom.xml =================================================================== --- federation/trunk/picketlink-fed-core/pom.xml 2011-01-27 02:55:46 UTC (rev 662) +++ federation/trunk/picketlink-fed-core/pom.xml 2011-01-27 02:58:50 UTC (rev 663) @@ -75,6 +75,12 @@ <scope>compile</scope> </dependency> <dependency> + <groupId>javax.servlet</groupId> + <artifactId>servlet-api</artifactId> + <version>2.4</version> + <scope>compile</scope> + </dependency> + <dependency> <groupId>org.jboss.security</groupId> <artifactId>jbosssx</artifactId> <version>2.0.4</version> Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SOAPSAMLXACMLPDP.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SOAPSAMLXACMLPDP.java (rev 0) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SOAPSAMLXACMLPDP.java 2011-01-27 02:58:50 UTC (rev 663) @@ -0,0 +1,128 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.identity.federation.core.pdp; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.net.URL; +import java.security.PrivilegedActionException; + +import javax.annotation.Resource; +import javax.xml.stream.XMLStreamWriter; +import javax.xml.transform.Source; +import javax.xml.transform.dom.DOMSource; +import javax.xml.ws.Provider; +import javax.xml.ws.WebServiceContext; +import javax.xml.ws.WebServiceProvider; + +import org.apache.log4j.Logger; +import org.jboss.security.xacml.core.JBossPDP; +import org.jboss.security.xacml.interfaces.PolicyDecisionPoint; +import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; +import org.picketlink.identity.federation.core.saml.v2.util.SOAPSAMLXACMLUtil; +import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter; +import org.picketlink.identity.federation.core.util.StaxUtil; +import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType; +import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType; +import org.w3c.dom.Document; + +/** + * SOAP 1.2 based XACML PDP that accepts SAML requests + * @author Anil.Saldhana(a)redhat.com + * @since Jan 24, 2011 + */ +@WebServiceProvider(serviceName="SOAPSAMLXACMLPDP",portName="SOAPSAMLXACMLPort", + targetNamespace="urn:picketlink:identity-federation:pdp",wsdlLocation="WEB-INF/wsdl/SOAPSAMLXACMLPDP.wsdl") +public class SOAPSAMLXACMLPDP implements Provider<Source> +{ + protected Logger log = Logger.getLogger( SOAPSAMLXACMLPDP.class ); + + @Resource + WebServiceContext context; + + protected String policyConfigFileName = "policyConfig.xml"; + + protected PolicyDecisionPoint pdp; + + protected String issuer = "PicketLinkPDP"; + + public SOAPSAMLXACMLPDP() + { + try + { + pdp = getPDP(); + } + catch (PrivilegedActionException e) + { + throw new RuntimeException( e ); + } + } + + public Source invoke(Source request) + { + try + { + Document doc = (Document) DocumentUtil.getNodeFromSource( request ); + if( log.isDebugEnabled() ) + { + log.debug( "Received Message::" + DocumentUtil.asString(doc) ); + } + XACMLAuthzDecisionQueryType xacmlQuery = SOAPSAMLXACMLUtil.getXACMLQueryType(doc); + ResponseType samlResponseType = SOAPSAMLXACMLUtil.handleXACMLQuery(pdp, issuer, xacmlQuery); + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + XMLStreamWriter xmlStreamWriter = StaxUtil.getXMLStreamWriter(baos); + + SAMLResponseWriter samlResponseWriter = new SAMLResponseWriter( xmlStreamWriter ); + samlResponseWriter.write( samlResponseType ); + Document responseDocument = DocumentUtil.getDocument( new ByteArrayInputStream( baos.toByteArray() )); + + return new DOMSource( responseDocument.getDocumentElement()); + } + catch ( Exception e ) + { + throw new RuntimeException( e) ; + } + } + + private PolicyDecisionPoint getPDP() throws PrivilegedActionException + { + SecurityActions.setSystemProperty( "org.jboss.security.xacml.schema.validation", "false" ); + + ClassLoader tcl = SecurityActions.getContextClassLoader(); + URL url = tcl.getResource( policyConfigFileName ); + if( url == null) + throw new IllegalStateException(policyConfigFileName + " could not be located"); + + InputStream is; + try + { + is = url.openStream(); + } + catch (IOException e) + { + throw new RuntimeException( e ); + } + return new JBossPDP(is); + } +} \ No newline at end of file Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SecurityActions.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SecurityActions.java (rev 0) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SecurityActions.java 2011-01-27 02:58:50 UTC (rev 663) @@ -0,0 +1,57 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.identity.federation.core.pdp; + +import java.security.AccessController; +import java.security.PrivilegedAction; + +/** + * Privileged Blocks + * @author Anil.Saldhana(a)redhat.com + * @since Mar 17, 2009 + */ +class SecurityActions +{ + static void setSystemProperty( final String key, final String value) + { + AccessController.doPrivileged(new PrivilegedAction<Object>() + { + public Object run() + { + System.setProperty(key, value); + return null; + } + }); + } + + static ClassLoader getContextClassLoader() + { + return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() + { + public ClassLoader run() + { + return Thread.currentThread().getContextClassLoader(); + } + }); + } + +} \ No newline at end of file Property changes on: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SecurityActions.java ___________________________________________________________________ Name: svn:executable + * Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java 2011-01-27 02:55:46 UTC (rev 662) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java 2011-01-27 02:58:50 UTC (rev 663) @@ -102,8 +102,10 @@ TRANSFORM_C14N_EXCL_OMIT_COMMENTS("http://www.w3.org/2001/10/xml-exc..., + XSI_PREFIX( "xsi" ), X500_PREFIX("x500"), X500_NSURI("urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500"), + XACML_NSURI( "urn:oasis:names:tc:xacml:2.0:context:schema:os" ), XACML_SAML_NSURI( "urn:oasis:names:tc:xacml:2.0:saml:assertion:schema:os" ), XACML_SAML_PROTO_NSURI( "urn:oasis:xacml:2.0:saml:protocol:schema:os" ), XML( "http://www.w3.org/XML/1998/namespace" ), Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java 2011-01-27 02:55:46 UTC (rev 662) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java 2011-01-27 02:58:50 UTC (rev 663) @@ -23,6 +23,7 @@ import java.io.IOException; import java.io.InputStream; +import java.util.ArrayList; import java.util.List; import java.util.Set; @@ -34,17 +35,28 @@ import javax.xml.soap.SOAPMessage; import javax.xml.stream.XMLEventReader; +import org.jboss.security.xacml.core.JBossRequestContext; +import org.jboss.security.xacml.core.model.context.RequestType; +import org.jboss.security.xacml.core.model.context.ResponseType; +import org.jboss.security.xacml.core.model.context.ResultType; +import org.jboss.security.xacml.interfaces.PolicyDecisionPoint; +import org.jboss.security.xacml.interfaces.RequestContext; +import org.jboss.security.xacml.interfaces.ResponseContext; import org.picketlink.identity.federation.core.exceptions.ConfigurationException; import org.picketlink.identity.federation.core.exceptions.ParsingException; import org.picketlink.identity.federation.core.exceptions.ProcessingException; +import org.picketlink.identity.federation.core.factories.XACMLContextFactory; import org.picketlink.identity.federation.core.parsers.saml.SAMLParser; import org.picketlink.identity.federation.core.parsers.saml.xacml.SAMLXACMLRequestParser; import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil; +import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator; +import org.picketlink.identity.federation.core.saml.v2.factories.JBossSAMLAuthnResponseFactory; +import org.picketlink.identity.federation.core.saml.v2.factories.SAMLAssertionFactory; +import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.StatementAbstractType; import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType; -import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType; -import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType; +import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType; import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType.RTChoiceType; import org.w3c.dom.Node; @@ -88,7 +100,8 @@ { XMLEventReader xmlEventReader = StaxParserUtil.getXMLEventReader( DocumentUtil.getNodeAsStream( samlResponse )); SAMLParser samlParser = new SAMLParser(); - ResponseType response = (ResponseType) samlParser.parse( xmlEventReader ); + org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType response = + (org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType) samlParser.parse( xmlEventReader ); List<RTChoiceType> choices = response.getAssertions(); for( RTChoiceType rst: choices ) { @@ -126,4 +139,51 @@ fault.setFaultString( message ); return msg; } + + public synchronized static org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType handleXACMLQuery( + PolicyDecisionPoint pdp, String issuer, XACMLAuthzDecisionQueryType xacmlRequest ) throws ProcessingException, ConfigurationException + { + RequestType requestType = xacmlRequest.getRequest(); + + RequestContext requestContext = new JBossRequestContext(); + try + { + requestContext.setRequest(requestType); + } + catch (IOException e) + { + throw new ProcessingException( e ); + } + + //pdp evaluation is thread safe + ResponseContext responseContext = pdp.evaluate(requestContext); + + ResponseType responseType = new ResponseType(); + ResultType resultType = responseContext.getResult(); + responseType.getResult().add(resultType); + + XACMLAuthzDecisionStatementType xacmlStatement = + XACMLContextFactory.createXACMLAuthzDecisionStatementType(requestType, responseType); + + //Place the xacml statement in an assertion + //Then the assertion goes inside a SAML Response + + String ID = IDGenerator.create("ID_"); + IssuerInfoHolder issuerInfo = new IssuerInfoHolder( issuer ); + + List<StatementAbstractType> statements = new ArrayList<StatementAbstractType>(); + statements.add(xacmlStatement); + + AssertionType assertion = SAMLAssertionFactory.createAssertion(ID, + issuerInfo.getIssuer(), + XMLTimeUtil.getIssueInstant(), + null, + null, + statements); + + org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType samlResponseType = JBossSAMLAuthnResponseFactory.createResponseType( ID, issuerInfo, assertion ); + + + return samlResponseType; + } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java 2011-01-27 02:55:46 UTC (rev 662) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java 2011-01-27 02:58:50 UTC (rev 663) @@ -176,7 +176,7 @@ { StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ATTRIBUTE_VALUE.get(), ASSERTION_NSURI.get()); - StaxUtil.writeNameSpace(writer, "xsi", JBossSAMLURIConstants.XSI_NSURI.get()); + StaxUtil.writeNameSpace(writer, JBossSAMLURIConstants.XSI_PREFIX.get(), JBossSAMLURIConstants.XSI_NSURI.get()); StaxUtil.writeNameSpace(writer, "xs", JBossSAMLURIConstants.XMLSCHEMA_NSURI.get()); StaxUtil.writeAttribute(writer, JBossSAMLURIConstants.XSI_NSURI.get(), "type", "xs:string"); StaxUtil.writeCharacters(writer, attributeValue ); Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java 2011-01-27 02:55:46 UTC (rev 662) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java 2011-01-27 02:58:50 UTC (rev 663) @@ -24,13 +24,23 @@ import static org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants.ASSERTION_NSURI; import static org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants.PROTOCOL_NSURI; +import java.io.StringWriter; import java.net.URI; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Marshaller; import javax.xml.namespace.QName; import javax.xml.stream.XMLStreamWriter; +import org.jboss.security.xacml.core.model.context.ObjectFactory; +import org.jboss.security.xacml.core.model.context.RequestType; +import org.picketlink.identity.federation.core.exceptions.ConfigurationException; +import org.picketlink.identity.federation.core.exceptions.ParsingException; import org.picketlink.identity.federation.core.exceptions.ProcessingException; import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants; +import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; +import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; +import org.picketlink.identity.federation.core.util.JAXBUtil; import org.picketlink.identity.federation.core.util.StaxUtil; import org.picketlink.identity.federation.core.util.StringUtil; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType; @@ -38,6 +48,7 @@ import org.picketlink.identity.federation.newmodel.saml.v2.protocol.AuthnRequestType; import org.picketlink.identity.federation.newmodel.saml.v2.protocol.LogoutRequestType; import org.picketlink.identity.federation.newmodel.saml.v2.protocol.NameIDPolicyType; +import org.w3c.dom.Document; /** * Writes a SAML2 Request Type to Stream @@ -162,6 +173,73 @@ public void write( XACMLAuthzDecisionQueryType xacmlQuery ) throws ProcessingException { - throw new RuntimeException( "NYI" ); + StaxUtil.writeStartElement( writer, PROTOCOL_PREFIX, JBossSAMLConstants.REQUEST_ABSTRACT.get(), PROTOCOL_NSURI.get() ); + StaxUtil.writeNameSpace( writer, PROTOCOL_PREFIX, PROTOCOL_NSURI.get() ); + StaxUtil.writeNameSpace(writer, XACML_SAML_PROTO_PREFIX, JBossSAMLURIConstants.XACML_SAML_PROTO_NSURI.get() ); + StaxUtil.writeDefaultNameSpace( writer, JBossSAMLURIConstants.XACML_NSURI.get() ); + + //Attributes + StaxUtil.writeAttribute( writer, JBossSAMLConstants.ID.get(), xacmlQuery.getID() ); + StaxUtil.writeAttribute( writer, JBossSAMLConstants.VERSION.get(), xacmlQuery.getVersion() ); + StaxUtil.writeAttribute( writer, JBossSAMLConstants.ISSUE_INSTANT.get(), xacmlQuery.getIssueInstant().toString() ); + + StaxUtil.writeAttribute( writer, new QName( JBossSAMLURIConstants.XACML_SAML_PROTO_NSURI.get(), + JBossSAMLConstants.INPUT_CONTEXT_ONLY.get() , XACML_SAML_PROTO_PREFIX ), "true" ); + + StaxUtil.writeAttribute( writer, new QName( JBossSAMLURIConstants.XACML_SAML_PROTO_NSURI.get(), + JBossSAMLConstants.RETURN_CONTEXT.get(), XACML_SAML_PROTO_PREFIX ), "true" ); + + StaxUtil.writeNameSpace(writer, JBossSAMLURIConstants.XSI_PREFIX.get(), JBossSAMLURIConstants.XSI_NSURI.get()); + StaxUtil.writeNameSpace(writer, "xs", JBossSAMLURIConstants.XMLSCHEMA_NSURI.get()); + + StaxUtil.writeAttribute(writer, JBossSAMLURIConstants.XSI_NSURI.get(), "type", + "xacml-samlp:XACMLAuthzDecisionQueryType" ); + + URI destination = xacmlQuery.getDestination(); + if( destination != null ) + StaxUtil.writeAttribute( writer, JBossSAMLConstants.DESTINATION.get(), destination.toASCIIString() ); + + String consent = xacmlQuery.getConsent(); + if( StringUtil.isNotNull( consent )) + StaxUtil.writeAttribute( writer, JBossSAMLConstants.CONSENT.get(), consent ); + + + NameIDType issuer = xacmlQuery.getIssuer(); + if( issuer != null ) + { + write( issuer, new QName( ASSERTION_NSURI.get(), JBossSAMLConstants.ISSUER.get())); + } + + RequestType xacmlRequest = xacmlQuery.getRequest(); + + ObjectFactory of = new ObjectFactory(); + + StringWriter sw = new StringWriter(); + try + { + Marshaller m = JAXBUtil.getMarshaller( RequestType.class.getPackage().getName() ); + m.marshal( of.createRequest(xacmlRequest), sw ); + } + catch (JAXBException e) + { + throw new ProcessingException(e); + } + + try + { + Document xacmlDoc = DocumentUtil.getDocument( sw.toString() ); + StaxUtil.writeDOMNode(writer, xacmlDoc.getDocumentElement() ); + } + catch (ConfigurationException e) + { + throw new ProcessingException(e); + } + catch (ParsingException e) + { + throw new ProcessingException(e); + } + + StaxUtil.writeEndElement( writer); + StaxUtil.flush( writer ); } } \ No newline at end of file Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java 2011-01-27 02:55:46 UTC (rev 662) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java 2011-01-27 02:58:50 UTC (rev 663) @@ -27,8 +27,6 @@ import java.io.InputStream; import java.io.OutputStream; import java.security.PrivilegedActionException; -import java.util.ArrayList; -import java.util.List; import javax.servlet.ServletConfig; import javax.servlet.ServletException; @@ -44,30 +42,16 @@ import org.apache.log4j.Logger; import org.jboss.security.xacml.core.JBossPDP; -import org.jboss.security.xacml.core.JBossRequestContext; -import org.jboss.security.xacml.core.model.context.RequestType; -import org.jboss.security.xacml.core.model.context.ResponseType; -import org.jboss.security.xacml.core.model.context.ResultType; import org.jboss.security.xacml.interfaces.PolicyDecisionPoint; -import org.jboss.security.xacml.interfaces.RequestContext; -import org.jboss.security.xacml.interfaces.ResponseContext; -import org.picketlink.identity.federation.api.saml.v2.response.SAML2Response; import org.picketlink.identity.federation.core.exceptions.ConfigurationException; import org.picketlink.identity.federation.core.exceptions.ParsingException; import org.picketlink.identity.federation.core.exceptions.ProcessingException; -import org.picketlink.identity.federation.core.factories.XACMLContextFactory; import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator; import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants; -import org.picketlink.identity.federation.core.saml.v2.factories.SAMLAssertionFactory; -import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder; import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; import org.picketlink.identity.federation.core.saml.v2.util.SOAPSAMLXACMLUtil; -import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil; import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter; import org.picketlink.identity.federation.core.util.StaxUtil; -import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType; -import org.picketlink.identity.federation.newmodel.saml.v2.assertion.StatementAbstractType; -import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType; import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType; import org.w3c.dom.Document; import org.w3c.dom.Node; @@ -243,8 +227,11 @@ if(xacmlRequest == null) throw new IOException("XACML Request not parsed"); + + org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType samlResponseType = + SOAPSAMLXACMLUtil.handleXACMLQuery(pdp, issuer, xacmlRequest); - RequestType requestType = xacmlRequest.getRequest(); + /*RequestType requestType = xacmlRequest.getRequest(); RequestContext requestContext = new JBossRequestContext(); requestContext.setRequest(requestType); @@ -277,7 +264,7 @@ statements); org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType samlResponseType = saml2Response.createResponseType(ID, issuerInfo, assertion); - +*/ ByteArrayOutputStream baos = new ByteArrayOutputStream(); XMLStreamWriter xmlStreamWriter = StaxUtil.getXMLStreamWriter(baos); Modified: federation/trunk/picketlink-webapps/assembly/bin.xml =================================================================== --- federation/trunk/picketlink-webapps/assembly/bin.xml 2011-01-27 02:55:46 UTC (rev 662) +++ federation/trunk/picketlink-webapps/assembly/bin.xml 2011-01-27 02:58:50 UTC (rev 663) @@ -60,6 +60,11 @@ <fileMode>0444</fileMode> </file> <file> + <source>${basedir}/../pdp/target/pdp.war</source> + <outputDirectory>picketlink</outputDirectory> + <fileMode>0444</fileMode> + </file> + <file> <source>${basedir}/src/main/resources/picketlink-sp-jboss-beans.xml</source> <outputDirectory>picketlink</outputDirectory> <fileMode>0444</fileMode>