Author: anil.saldhana(a)jboss.com
Date: 2011-06-06 18:10:38 -0400 (Mon, 06 Jun 2011)
New Revision: 974
Added:
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/SAMLRoleLoginModule.java
Log:
add a role extracting LM
Added:
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/SAMLRoleLoginModule.java
===================================================================
---
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/SAMLRoleLoginModule.java
(rev 0)
+++
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/SAMLRoleLoginModule.java 2011-06-06
22:10:38 UTC (rev 974)
@@ -0,0 +1,115 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.picketlink.trust.jbossws.jaas;
+
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.SimpleGroup;
+import org.jboss.security.SimplePrincipal;
+import org.jboss.security.auth.spi.AbstractServerLoginModule;
+import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
+import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.wstrust.SamlCredential;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
+import org.w3c.dom.Element;
+
+/**
+ * A login module that extracts the roles from the SAML assertion
+ * that has been set in the Subject. This module is always a follow up
+ * to other modules such as {@code JBWSTokenIssuingLoginModule}
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jun 6, 2011
+ */
+public class SAMLRoleLoginModule extends AbstractServerLoginModule
+{
+ protected Subject theSubject = null;
+
+ @Override
+ public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String, ?> sharedState,
+ Map<String, ?> options)
+ {
+ super.initialize(subject, callbackHandler, sharedState, options);
+ theSubject = subject;
+ }
+
+ @Override
+ protected Principal getIdentity()
+ {
+ Set<Principal> principals = subject.getPrincipals();
+ for(Principal p: principals)
+ {
+ if(!(p instanceof Group))
+ {
+ return p;
+ }
+ }
+ throw new RuntimeException("Unable to get the Identity from the
subject");
+ }
+
+ @SuppressWarnings("static-access")
+ @Override
+ protected Group[] getRoleSets() throws LoginException
+ {
+ //Get the SAML Assertion
+ SamlCredential samlCredential = null;
+ Set<Object> creds = subject.getPublicCredentials();
+ for(Object cred: creds)
+ {
+ if( cred instanceof SamlCredential)
+ {
+ samlCredential = (SamlCredential) cred;
+ break;
+ }
+ }
+ if( samlCredential == null)
+ throw new RuntimeException("SAML Credential not found in the
subject");
+
+ try
+ {
+ DocumentUtil util = new DocumentUtil();
+ Element assertionEl = samlCredential.getAssertionAsElement();
+ SAMLParser parser = new SAMLParser();
+ AssertionType assertion = (AssertionType)
parser.parse(util.getNodeAsStream(assertionEl));
+ List<String> roles = AssertionUtil.getRoles(assertion, null);
+ Group roleGroup = new SimpleGroup(SecurityConstants.ROLES_IDENTIFIER);
+ for(String role: roles)
+ {
+ roleGroup.addMember(new SimplePrincipal(role));
+ }
+ return new Group[] { roleGroup};
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+}
\ No newline at end of file