[jboss-cvs] Picketlink SVN: r207 - in federation/trunk/picketlink-bindings-jboss: src/main/java/org/picketlink/identity/federation/bindings/jboss/auth and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Apr 13 17:49:31 EDT 2010
Author: mmoyses
Date: 2010-04-13 17:49:31 -0400 (Tue, 13 Apr 2010)
New Revision: 207
Added:
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/STSClientInterceptor.java
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SecurityActions.java
Modified:
federation/trunk/picketlink-bindings-jboss/pom.xml
Log:
PLFED-61: EJB3 client interceptor
Modified: federation/trunk/picketlink-bindings-jboss/pom.xml
===================================================================
--- federation/trunk/picketlink-bindings-jboss/pom.xml 2010-04-13 17:58:56 UTC (rev 206)
+++ federation/trunk/picketlink-bindings-jboss/pom.xml 2010-04-13 21:49:31 UTC (rev 207)
@@ -82,6 +82,12 @@
<scope>compile</scope>
</dependency>
<dependency>
+ <groupId>org.jboss.aop</groupId>
+ <artifactId>jboss-aop</artifactId>
+ <version>2.1.6.GA</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
Added: federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/STSClientInterceptor.java
===================================================================
--- federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/STSClientInterceptor.java (rev 0)
+++ federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/STSClientInterceptor.java 2010-04-13 21:49:31 UTC (rev 207)
@@ -0,0 +1,117 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.bindings.jboss.auth;
+
+import java.io.Serializable;
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+
+import org.jboss.aop.advice.Interceptor;
+import org.jboss.aop.joinpoint.Invocation;
+import org.jboss.logging.Logger;
+import org.jboss.security.SecurityContext;
+import org.picketlink.identity.federation.api.wstrust.WSTrustClient;
+import org.picketlink.identity.federation.api.wstrust.WSTrustClient.SecurityInfo;
+import org.picketlink.identity.federation.core.wstrust.SamlCredential;
+import org.picketlink.identity.federation.core.wstrust.WSTrustException;
+import org.picketlink.identity.federation.core.wstrust.STSClientConfig.Builder;
+import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
+import org.w3c.dom.Element;
+
+/**
+ * <p>
+ * A client side EJB3 interceptor to automatically create a STS token and use it as the credential to invoke an EJB.
+ * This interceptor must be included after <code>org.jboss.ejb3.security.client.SecurityClientInterceptor</code>
+ * in the client interceptor stack in deploy/ejb3-interceptors-aop.xml
+ * This interceptor requires a resource named sts.properties in the classpath to read the parameters
+ * necessary to connect to the STS application.
+ * The properties file must contain the following parameters:
+ * <pre>
+ * serviceName=[service name]
+ * portName=[port name]
+ * endpointAddress=[endpoint URI]
+ * </pre>
+ * </p>
+ *
+ * @author <a href="mailto:mmoyses at redhat.com">Marcus Moyses</a>
+ * @version $Revision: 1 $
+ */
+public class STSClientInterceptor implements Interceptor, Serializable
+{
+ private static final long serialVersionUID = -4351623612864518960L;
+
+ private static final Logger log = Logger.getLogger(STSClientInterceptor.class);
+
+ private static boolean trace = log.isTraceEnabled();
+
+ private static Builder builder;
+
+ public String getName()
+ {
+ return getClass().getName();
+ }
+
+ public Object invoke(Invocation invocation) throws Throwable
+ {
+ SecurityContext sc = (SecurityContext) invocation.getMetaData("security", "context");
+ if (trace)
+ log.trace("Retrieved SecurityContext from invocation: " + sc);
+ if (sc != null)
+ {
+ // retrieve username and credential from invocation
+ Principal principal = sc.getUtil().getUserPrincipal();
+ String credential = (String) sc.getUtil().getCredential();
+ // look for the properties file in the classpath
+ if (builder == null)
+ builder = new Builder("sts.properties");
+ WSTrustClient client = new WSTrustClient(builder.getServiceName(), builder.getPortName(),
+ builder.getEndpointAddress(), new SecurityInfo(principal.getName(), credential));
+ Element assertion = null;
+ try
+ {
+ if (trace)
+ log.trace("Invoking token service to get SAML assertion for " + principal.getName());
+ // create the token
+ assertion = client.issueToken(SAMLUtil.SAML2_TOKEN_TYPE);
+ if (trace)
+ log.trace("SAML assertion for " + principal.getName() + " successfully obtained");
+ }
+ catch (WSTrustException wse)
+ {
+ log.error("Unable to issue assertion", wse);
+ }
+
+ if (assertion != null)
+ {
+ Subject subject = sc.getUtil().getSubject();
+ // create new SecurityContext with token credential
+ SecurityContext newSC = SecurityActions.createSecurityContext();
+ newSC.getUtil().createSubjectInfo(principal, new SamlCredential(assertion), subject);
+ // replace SecurityContext in the invocation
+ invocation.getMetaData().addMetaData("security", "context", newSC);
+ }
+ }
+
+ return invocation.invokeNext();
+ }
+}
\ No newline at end of file
Added: federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SecurityActions.java
===================================================================
--- federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SecurityActions.java (rev 0)
+++ federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SecurityActions.java 2010-04-13 21:49:31 UTC (rev 207)
@@ -0,0 +1,50 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.bindings.jboss.auth;
+
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextFactory;
+
+/**
+ * Privileged blocks
+ *
+ * @author <a href="mmoyses at redhat.com">Marcus Moyses</a>
+ * @version $Revision: 1 $
+ */
+class SecurityActions
+{
+ @SuppressWarnings("unchecked")
+ static SecurityContext createSecurityContext() throws PrivilegedActionException
+ {
+ return (SecurityContext) AccessController.doPrivileged(new PrivilegedExceptionAction()
+ {
+ public Object run() throws Exception
+ {
+ return SecurityContextFactory.createSecurityContext("CLIENT");
+ }
+ });
+ }
+}
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list