[jboss-cvs] JBossAS SVN: r71737 - projects/security/security-xacml/trunk/jboss-xacml-saml/src/main/java/org/jboss/security/xacml/saml/integration/opensaml/servlets.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Apr 4 18:27:54 EDT 2008
Author: anil.saldhana at jboss.com
Date: 2008-04-04 18:27:54 -0400 (Fri, 04 Apr 2008)
New Revision: 71737
Added:
projects/security/security-xacml/trunk/jboss-xacml-saml/src/main/java/org/jboss/security/xacml/saml/integration/opensaml/servlets/SOAPSAMLXACMLServlet.java
Log:
SECURITY-182: soap saml servlet
Added: projects/security/security-xacml/trunk/jboss-xacml-saml/src/main/java/org/jboss/security/xacml/saml/integration/opensaml/servlets/SOAPSAMLXACMLServlet.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml-saml/src/main/java/org/jboss/security/xacml/saml/integration/opensaml/servlets/SOAPSAMLXACMLServlet.java (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml-saml/src/main/java/org/jboss/security/xacml/saml/integration/opensaml/servlets/SOAPSAMLXACMLServlet.java 2008-04-04 22:27:54 UTC (rev 71737)
@@ -0,0 +1,258 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.xacml.saml.integration.opensaml.servlets;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.OutputStreamWriter;
+import java.io.PrintWriter;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.jboss.security.xacml.core.JBossPDP;
+import org.jboss.security.xacml.interfaces.PolicyDecisionPoint;
+import org.jboss.security.xacml.interfaces.RequestContext;
+import org.jboss.security.xacml.interfaces.ResponseContext;
+import org.jboss.security.xacml.saml.integration.opensaml.core.JBossXACMLSAMLConfiguration;
+import org.jboss.security.xacml.saml.integration.opensaml.core.OpenSAMLUtil;
+import org.jboss.security.xacml.saml.integration.opensaml.request.JBossSAMLRequest;
+import org.jboss.security.xacml.saml.integration.opensaml.request.JBossSAMLResponse;
+import org.jboss.security.xacml.saml.integration.opensaml.types.XACMLAuthzDecisionQueryType;
+import org.jboss.security.xacml.saml.integration.opensaml.types.XACMLAuthzDecisionStatementType;
+import org.joda.time.DateTime;
+import org.joda.time.chrono.ISOChronology;
+import org.opensaml.common.SAMLObject;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.impl.AssertionImpl;
+import org.opensaml.ws.soap.soap11.Body;
+import org.opensaml.ws.soap.soap11.Envelope;
+import org.opensaml.ws.soap.soap11.Fault;
+import org.opensaml.ws.soap.soap11.FaultString;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+
+/**
+ * Servlet that reads in SOAP11 request that
+ * contain SAML Requests and then calls the PDP.
+ * Once a response comes from the PDP, it then
+ * creates a SAML Object
+ * and plugs it into a SOAP11 response and sends it
+ * back
+ *
+ * You need to provide a policyConfig.xml that
+ * lists the locations of the policy files in the
+ * classpath
+ *
+ * @author Anil.Saldhana at redhat.com
+ * @since Apr 2, 2008
+ * @version $Revision$
+ */
+public class SOAPSAMLXACMLServlet extends HttpServlet
+{
+ private static final long serialVersionUID = 1L;
+
+ private String responseId = null;
+
+ private String issuerId = null;
+
+ private String policyConfigFileName = "policyConfig.xml";
+
+ private boolean debug = false;
+
+ static
+ {
+ try
+ {
+ JBossXACMLSAMLConfiguration.initialize();
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public void init() throws ServletException
+ {
+ responseId = getServletContext().getInitParameter("responseID");
+ if(responseId == null)
+ responseId = "response-id:1";
+
+ issuerId = getServletContext().getInitParameter("issuerID");
+ if(issuerId == null)
+ issuerId = "issue-id:1";
+
+ policyConfigFileName = getServletContext().getInitParameter("policyConfigFileName");
+ if(policyConfigFileName == null)
+ policyConfigFileName = "policyConfig.xml";
+
+ String debugStr = getServletContext().getInitParameter("debug");
+ if("TRUE".equalsIgnoreCase(debugStr))
+ debug = true;
+
+ super.init();
+ }
+
+
+ @Override
+ protected void doPost(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException
+ {
+ Envelope envelope = null;
+ JBossSAMLRequest samlRequest = new JBossSAMLRequest();
+ try
+ {
+ SAMLObject samlObject = samlRequest.getSAMLRequest(request.getInputStream());
+ if(debug)
+ logXMLObject(samlObject);
+
+ XACMLAuthzDecisionQueryType xacmlRequest = (XACMLAuthzDecisionQueryType)samlObject;
+
+ RequestContext requestContext = xacmlRequest.getRequest();
+ if(requestContext == null)
+ throw new IllegalStateException("XACML Request Context is null");
+ ResponseContext responseContext = getPDP().evaluate(requestContext);
+
+ DateTime issueInstant = getIssueInstant();
+
+ //We need to create a response to send back
+ Response samlResponse = (new JBossSAMLResponse()).getSAMLResponse(issueInstant,
+ responseId, issuerId);
+ //Create samlp:Assertion
+ Assertion assertion = (Assertion) OpenSAMLUtil.buildXMLObject(Assertion.DEFAULT_ELEMENT_NAME);
+ assertion.setID(responseId);
+ assertion.setIssueInstant(issueInstant);
+
+ Issuer issuer = (Issuer) OpenSAMLUtil.buildXMLObject(Issuer.DEFAULT_ELEMENT_NAME);
+ issuer.setValue(issuerId);
+ assertion.setIssuer(issuer);
+
+ XACMLAuthzDecisionStatementType decision = (XACMLAuthzDecisionStatementType)
+ OpenSAMLUtil.buildXMLObject(XACMLAuthzDecisionStatementType.DEFAULT_ELEMENT_NAME_XACML20);
+
+ decision.setResponse(responseContext);
+ decision.setRequest(requestContext);
+
+ //Some mismatch in the Statements for XACML
+ AssertionImpl assertionImpl = (AssertionImpl) assertion;
+ assertionImpl.getStatements().add(decision);
+
+ samlResponse.getAssertions().add(assertionImpl);
+ if(debug)
+ logXMLObject(samlResponse);
+
+ envelope = (Envelope) OpenSAMLUtil.buildXMLObject(Envelope.DEFAULT_ELEMENT_NAME);
+ Body soapBody = (Body) OpenSAMLUtil.buildXMLObject(Body.DEFAULT_ELEMENT_NAME);
+ envelope.setBody(soapBody);
+
+ envelope.getBody().getUnknownXMLObjects().add(samlResponse);
+
+ }
+ catch (Exception e)
+ {
+ envelope = (Envelope) OpenSAMLUtil.buildXMLObject(Envelope.DEFAULT_ELEMENT_NAME);
+ Body soapBody = (Body) OpenSAMLUtil.buildXMLObject(Body.DEFAULT_ELEMENT_NAME);
+ envelope.setBody(soapBody);
+
+ Fault fault = (Fault) OpenSAMLUtil.buildXMLObject(Fault.DEFAULT_ELEMENT_NAME);
+ FaultString fs = (FaultString) OpenSAMLUtil.buildXMLObject(FaultString.DEFAULT_ELEMENT_NAME);
+ fs.setValue(e.getLocalizedMessage());
+ fault.setMessage(fs);
+
+ soapBody.getUnknownXMLObjects().add(fault);
+ throw new ServletException(e);
+ }
+ finally
+ {
+ Marshaller soapResponseMarshaller = OpenSAMLUtil.getMarshaller(envelope);
+
+ response.setContentType("text/xml;charset=utf-8");;
+ OutputStream os = response.getOutputStream();
+ OutputStreamWriter osw = new OutputStreamWriter(os , "UTF-8");
+ PrintWriter pw = new PrintWriter(osw);
+
+ String resp = null;
+ try
+ {
+ resp = XMLHelper.nodeToString(soapResponseMarshaller.marshall(envelope));
+ }
+ catch (MarshallingException e)
+ {
+ log("marshalling exception",e);
+ }
+ log(resp);
+ pw.print(resp);
+ pw.flush();
+ }
+ }
+
+ public static DateTime getIssueInstant()
+ {
+ return new DateTime(ISOChronology.getInstanceUTC());
+ }
+
+ private Element logXMLObject(XMLObject xmlObject)
+ {
+ Marshaller marshaller = OpenSAMLUtil.getMarshaller(xmlObject);
+ Element elem = null;
+ try
+ {
+ elem = marshaller.marshall(xmlObject);
+ log(XMLHelper.prettyPrintXML(elem));
+ }
+ catch (MarshallingException e)
+ {
+ log("Error trying to log the XML Object:");
+ log(e.getLocalizedMessage(),e);
+ log("End of the error");
+ }
+ return elem;
+ }
+
+ private PolicyDecisionPoint getPDP() throws PrivilegedActionException
+ {
+ ClassLoader tcl = AccessController.doPrivileged(new PrivilegedExceptionAction<ClassLoader>()
+ {
+ public ClassLoader run() throws Exception
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ InputStream is = tcl.getResourceAsStream(this.policyConfigFileName);
+ if(is == null)
+ throw new IllegalStateException(policyConfigFileName + " could not be located");
+ return new JBossPDP(is);
+ }
+
+}
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list