[jboss-cvs] Picketlink SVN: r872 - in trust/trunk/jbossws: src and 14 other directories.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Mon Apr 11 20:55:11 EDT 2011


Author: anil.saldhana at jboss.com
Date: 2011-04-11 20:55:10 -0400 (Mon, 11 Apr 2011)
New Revision: 872

Added:
   trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/AbstractPicketLinkTrustHandler.java
   trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthenticationHandler.java
   trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthorizationHandler.java
   trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/util/
   trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/util/JBossWSSERoleExtractor.java
   trust/trunk/jbossws/src/test/
   trust/trunk/jbossws/src/test/java/
   trust/trunk/jbossws/src/test/java/org/
   trust/trunk/jbossws/src/test/java/org/picketlink/
   trust/trunk/jbossws/src/test/java/org/picketlink/test/
   trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/
   trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/jbossws/
   trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/jbossws/xml/
   trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/jbossws/xml/JBossWSSEFileParseTestCase.java
   trust/trunk/jbossws/src/test/resources/
   trust/trunk/jbossws/src/test/resources/jbossws/
   trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/
   trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-port-ops.xml
   trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-port-role.xml
   trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-roles.xml
   trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-unchecked.xml
Modified:
   trust/trunk/jbossws/.classpath
   trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/BinaryTokenHandler.java
   trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java
   trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java
Log:
PLFED-167: handlers for auth/authz for POJO WS

Modified: trust/trunk/jbossws/.classpath
===================================================================
--- trust/trunk/jbossws/.classpath	2011-04-12 00:53:50 UTC (rev 871)
+++ trust/trunk/jbossws/.classpath	2011-04-12 00:55:10 UTC (rev 872)
@@ -1,39 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
 <classpath>
-  <classpathentry kind="src" path="src/main/java" including="**/*.java"/>
-  <classpathentry kind="src" path="src/main/resources" excluding="**/*.java"/>
-  <classpathentry kind="output" path="target/classes"/>
-  <classpathentry kind="var" path="M2_REPO/javax/persistence/persistence-api/1.0/persistence-api-1.0.jar" sourcepath="M2_REPO/javax/persistence/persistence-api/1.0/persistence-api-1.0-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4.jar" sourcepath="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/apache/ant/ant/1.7.1/ant-1.7.1.jar" sourcepath="M2_REPO/org/apache/ant/ant/1.7.1/ant-1.7.1-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/apache/ant/ant-launcher/1.7.1/ant-launcher-1.7.1.jar"/>
-  <classpathentry kind="var" path="M2_REPO/commons-beanutils/commons-beanutils/1.8.0/commons-beanutils-1.8.0.jar" sourcepath="M2_REPO/commons-beanutils/commons-beanutils/1.8.0/commons-beanutils-1.8.0-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/commons-codec/commons-codec/1.2/commons-codec-1.2.jar"/>
-  <classpathentry kind="var" path="M2_REPO/commons-httpclient/commons-httpclient/3.0.1/commons-httpclient-3.0.1.jar" sourcepath="M2_REPO/commons-httpclient/commons-httpclient/3.0.1/commons-httpclient-3.0.1-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.1.1/commons-logging-1.1.1.jar" sourcepath="M2_REPO/commons-logging/commons-logging/1.1.1/commons-logging-1.1.1-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/apache-logging/commons-logging-api/1.0.3/commons-logging-api-1.0.3.jar"/>
-  <classpathentry kind="var" path="M2_REPO/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar" sourcepath="M2_REPO/dom4j/dom4j/1.6.1/dom4j-1.6.1-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/gnu-getopt/getopt/1.0.13/getopt-1.0.13.jar"/>
-  <classpathentry kind="var" path="M2_REPO/jboss/jaxbintros/jboss-jaxb-intros/1.0.2.GA/jboss-jaxb-intros-1.0.2.GA.jar" sourcepath="M2_REPO/jboss/jaxbintros/jboss-jaxb-intros/1.0.2.GA/jboss-jaxb-intros-1.0.2.GA-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/jboss/spec/javax/xml/ws/jboss-jaxws-api_2.2_spec/1.0.0.Final/jboss-jaxws-api_2.2_spec-1.0.0.Final.jar" sourcepath="M2_REPO/org/jboss/spec/javax/xml/ws/jboss-jaxws-api_2.2_spec/1.0.0.Final/jboss-jaxws-api_2.2_spec-1.0.0.Final-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/jboss/logging/jboss-logging-spi/2.1.0.GA/jboss-logging-spi-2.1.0.GA.jar" sourcepath="M2_REPO/org/jboss/logging/jboss-logging-spi/2.1.0.GA/jboss-logging-spi-2.1.0.GA-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/picketbox/jboss-security-spi/3.0.0.Final/jboss-security-spi-3.0.0.Final.jar" sourcepath="M2_REPO/org/picketbox/jboss-security-spi/3.0.0.Final/jboss-security-spi-3.0.0.Final-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/picketbox/jbosssx/3.0.0.Final/jbosssx-3.0.0.Final.jar" sourcepath="M2_REPO/org/picketbox/jbosssx/3.0.0.Final/jbosssx-3.0.0.Final-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/jboss/ws/jbossws-common/1.4.1.GA/jbossws-common-1.4.1.GA.jar" sourcepath="M2_REPO/org/jboss/ws/jbossws-common/1.4.1.GA/jbossws-common-1.4.1.GA-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/jboss/ws/jbossws-spi/1.4.1.GA/jbossws-spi-1.4.1.GA.jar" sourcepath="M2_REPO/org/jboss/ws/jbossws-spi/1.4.1.GA/jbossws-spi-1.4.1.GA-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/jboss/security/jbossxacml/2.0.4/jbossxacml-2.0.4.jar" sourcepath="M2_REPO/org/jboss/security/jbossxacml/2.0.4/jbossxacml-2.0.4-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/junit/junit/3.8.2/junit-3.8.2.jar" sourcepath="M2_REPO/junit/junit/3.8.2/junit-3.8.2-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar" sourcepath="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar" sourcepath="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/openid4java/openid4java-nodeps/0.9.5/openid4java-nodeps-0.9.5.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-bindings/2.0.0-SNAPSHOT/picketlink-bindings-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-bindings/2.0.0-SNAPSHOT/picketlink-bindings-2.0.0-SNAPSHOT-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-bindings-jboss/2.0.0-SNAPSHOT/picketlink-bindings-jboss-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-bindings-jboss/2.0.0-SNAPSHOT/picketlink-bindings-jboss-2.0.0-SNAPSHOT-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-fed/2.0.0-SNAPSHOT/picketlink-fed-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-fed/2.0.0-SNAPSHOT/picketlink-fed-2.0.0-SNAPSHOT-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-fed-api/2.0.0-SNAPSHOT/picketlink-fed-api-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-fed-api/2.0.0-SNAPSHOT/picketlink-fed-api-2.0.0-SNAPSHOT-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-fed-core/2.0.0-SNAPSHOT/picketlink-fed-core-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-fed-core/2.0.0-SNAPSHOT/picketlink-fed-core-2.0.0-SNAPSHOT-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-fed-model/2.0.0-SNAPSHOT/picketlink-fed-model-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-fed-model/2.0.0-SNAPSHOT/picketlink-fed-model-2.0.0-SNAPSHOT-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-web/2.0.0-SNAPSHOT/picketlink-web-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-web/2.0.0-SNAPSHOT/picketlink-web-2.0.0-SNAPSHOT-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-xmlsec-model/2.0.0-SNAPSHOT/picketlink-xmlsec-model-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-xmlsec-model/2.0.0-SNAPSHOT/picketlink-xmlsec-model-2.0.0-SNAPSHOT-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/xml-apis/xml-apis/1.0.b2/xml-apis-1.0.b2.jar" sourcepath="M2_REPO/xml-apis/xml-apis/1.0.b2/xml-apis-1.0.b2-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/apache/xmlsec/1.4.3/xmlsec-1.4.3.jar"/>
-  <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
-</classpath>
\ No newline at end of file
+	<classpathentry including="**/*.java" kind="src" output="target/test-classes" path="src/test/java"/>
+	<classpathentry excluding="**/*.java" kind="src" output="target/test-classes" path="src/test/resources"/>
+	<classpathentry including="**/*.java" kind="src" path="src/main/java"/>
+	<classpathentry excluding="**/*.java" kind="src" path="src/main/resources"/>
+	<classpathentry kind="var" path="M2_REPO/javax/persistence/persistence-api/1.0/persistence-api-1.0.jar" sourcepath="M2_REPO/javax/persistence/persistence-api/1.0/persistence-api-1.0-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4.jar" sourcepath="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/apache/ant/ant/1.7.1/ant-1.7.1.jar" sourcepath="M2_REPO/org/apache/ant/ant/1.7.1/ant-1.7.1-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/apache/ant/ant-launcher/1.7.1/ant-launcher-1.7.1.jar"/>
+	<classpathentry kind="var" path="M2_REPO/commons-beanutils/commons-beanutils/1.8.0/commons-beanutils-1.8.0.jar" sourcepath="M2_REPO/commons-beanutils/commons-beanutils/1.8.0/commons-beanutils-1.8.0-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/commons-codec/commons-codec/1.2/commons-codec-1.2.jar"/>
+	<classpathentry kind="var" path="M2_REPO/commons-httpclient/commons-httpclient/3.0.1/commons-httpclient-3.0.1.jar" sourcepath="M2_REPO/commons-httpclient/commons-httpclient/3.0.1/commons-httpclient-3.0.1-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.1.1/commons-logging-1.1.1.jar" sourcepath="M2_REPO/commons-logging/commons-logging/1.1.1/commons-logging-1.1.1-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/apache-logging/commons-logging-api/1.0.3/commons-logging-api-1.0.3.jar"/>
+	<classpathentry kind="var" path="M2_REPO/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar" sourcepath="M2_REPO/dom4j/dom4j/1.6.1/dom4j-1.6.1-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/gnu-getopt/getopt/1.0.13/getopt-1.0.13.jar"/>
+	<classpathentry kind="var" path="M2_REPO/jboss/jaxbintros/jboss-jaxb-intros/1.0.2.GA/jboss-jaxb-intros-1.0.2.GA.jar" sourcepath="M2_REPO/jboss/jaxbintros/jboss-jaxb-intros/1.0.2.GA/jboss-jaxb-intros-1.0.2.GA-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/jboss/spec/javax/xml/ws/jboss-jaxws-api_2.2_spec/1.0.0.Final/jboss-jaxws-api_2.2_spec-1.0.0.Final.jar" sourcepath="M2_REPO/org/jboss/spec/javax/xml/ws/jboss-jaxws-api_2.2_spec/1.0.0.Final/jboss-jaxws-api_2.2_spec-1.0.0.Final-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/jboss/logging/jboss-logging-spi/2.1.0.GA/jboss-logging-spi-2.1.0.GA.jar" sourcepath="M2_REPO/org/jboss/logging/jboss-logging-spi/2.1.0.GA/jboss-logging-spi-2.1.0.GA-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/picketbox/jboss-security-spi/3.0.0.Final/jboss-security-spi-3.0.0.Final.jar" sourcepath="M2_REPO/org/picketbox/jboss-security-spi/3.0.0.Final/jboss-security-spi-3.0.0.Final-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/picketbox/jbosssx/3.0.0.Final/jbosssx-3.0.0.Final.jar" sourcepath="M2_REPO/org/picketbox/jbosssx/3.0.0.Final/jbosssx-3.0.0.Final-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/jboss/ws/jbossws-common/1.4.1.GA/jbossws-common-1.4.1.GA.jar" sourcepath="M2_REPO/org/jboss/ws/jbossws-common/1.4.1.GA/jbossws-common-1.4.1.GA-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/jboss/ws/jbossws-spi/1.4.1.GA/jbossws-spi-1.4.1.GA.jar" sourcepath="M2_REPO/org/jboss/ws/jbossws-spi/1.4.1.GA/jbossws-spi-1.4.1.GA-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/jboss/security/jbossxacml/2.0.4/jbossxacml-2.0.4.jar" sourcepath="M2_REPO/org/jboss/security/jbossxacml/2.0.4/jbossxacml-2.0.4-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/junit/junit/3.8.2/junit-3.8.2.jar" sourcepath="M2_REPO/junit/junit/3.8.2/junit-3.8.2-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar" sourcepath="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar" sourcepath="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/openid4java/openid4java-nodeps/0.9.5/openid4java-nodeps-0.9.5.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-bindings/2.0.0-SNAPSHOT/picketlink-bindings-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-bindings/2.0.0-SNAPSHOT/picketlink-bindings-2.0.0-SNAPSHOT-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-bindings-jboss/2.0.0-SNAPSHOT/picketlink-bindings-jboss-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-bindings-jboss/2.0.0-SNAPSHOT/picketlink-bindings-jboss-2.0.0-SNAPSHOT-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-fed/2.0.0-SNAPSHOT/picketlink-fed-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-fed/2.0.0-SNAPSHOT/picketlink-fed-2.0.0-SNAPSHOT-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-fed-api/2.0.0-SNAPSHOT/picketlink-fed-api-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-fed-api/2.0.0-SNAPSHOT/picketlink-fed-api-2.0.0-SNAPSHOT-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-fed-core/2.0.0-SNAPSHOT/picketlink-fed-core-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-fed-core/2.0.0-SNAPSHOT/picketlink-fed-core-2.0.0-SNAPSHOT-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-fed-model/2.0.0-SNAPSHOT/picketlink-fed-model-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-fed-model/2.0.0-SNAPSHOT/picketlink-fed-model-2.0.0-SNAPSHOT-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-web/2.0.0-SNAPSHOT/picketlink-web-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-web/2.0.0-SNAPSHOT/picketlink-web-2.0.0-SNAPSHOT-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-xmlsec-model/2.0.0-SNAPSHOT/picketlink-xmlsec-model-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-xmlsec-model/2.0.0-SNAPSHOT/picketlink-xmlsec-model-2.0.0-SNAPSHOT-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/xml-apis/xml-apis/1.0.b2/xml-apis-1.0.b2.jar" sourcepath="M2_REPO/xml-apis/xml-apis/1.0.b2/xml-apis-1.0.b2-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/apache/xmlsec/1.4.3/xmlsec-1.4.3.jar"/>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+	<classpathentry kind="con" path="org.eclipse.jdt.junit.JUNIT_CONTAINER/4"/>
+	<classpathentry kind="output" path="target/classes"/>
+</classpath>

Added: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/AbstractPicketLinkTrustHandler.java
===================================================================
--- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/AbstractPicketLinkTrustHandler.java	                        (rev 0)
+++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/AbstractPicketLinkTrustHandler.java	2011-04-12 00:55:10 UTC (rev 872)
@@ -0,0 +1,196 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors. 
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.trust.jbossws.handler;
+
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.naming.Context;
+import javax.naming.InitialContext;
+import javax.naming.NamingException;
+import javax.security.auth.Subject;
+import javax.xml.namespace.QName;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.AuthenticationManager;
+import org.jboss.security.AuthorizationManager;
+import org.jboss.wsf.common.handler.GenericSOAPHandler;
+import org.jboss.wsf.spi.SPIProvider;
+import org.jboss.wsf.spi.SPIProviderResolver;
+import org.jboss.wsf.spi.invocation.SecurityAdaptorFactory;
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.wstrust.SamlCredential;
+import org.picketlink.trust.jbossws.Constants;
+import org.picketlink.trust.jbossws.Util;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+/**
+ * Abstract base class for the PicketLink Trust Handlers
+ * @author Anil.Saldhana at redhat.com
+ * @since Apr 11, 2011
+ */
+ at SuppressWarnings("rawtypes")
+public abstract class AbstractPicketLinkTrustHandler extends GenericSOAPHandler
+{
+   protected Logger log = Logger.getLogger(this.getClass());
+   protected boolean trace = log.isTraceEnabled();
+   
+   protected static Set<QName> headers;
+   
+   protected static final String SEC_MGR_LOOKUP = "java:comp/env/security/securityMgr";
+   protected static final String AUTHZ_MGR_LOOKUP = "java:comp/env/security/authorizationMgr";
+   
+   protected SecurityAdaptorFactory secAdapterfactory;
+
+   static
+   {
+      HashSet<QName> set = new HashSet<QName>();
+      set.add(Constants.WSSE_HEADER_QNAME);
+      headers = Collections.unmodifiableSet(set);
+   }
+   
+   public Set<QName> getHeaders()
+   {
+      //return a collection with just the wsse:Security header to pass the MustUnderstand check on it
+      return headers;
+   }
+   
+   /**
+    * Get the JBoss Authentication Manager {@link AuthenticationManager} from JNDI
+    * @return
+    * @throws NamingException
+    */
+   protected AuthenticationManager getAuthenticationManager()
+   { 
+      if( secAdapterfactory == null)
+      {
+         SPIProvider spiProvider = SPIProviderResolver.getInstance().getProvider();
+         secAdapterfactory = spiProvider.getSPI(SecurityAdaptorFactory.class);
+      }
+      return (AuthenticationManager) lookupJNDI(SEC_MGR_LOOKUP);
+   }
+   
+   /**
+    * Get the JBoss Authorization Manager {@link AuthorizationManager} from JNDI
+    * @return
+    * @throws NamingException
+    */
+   protected AuthorizationManager getAuthorizationManager()
+   { 
+      if( secAdapterfactory == null)
+      {
+         SPIProvider spiProvider = SPIProviderResolver.getInstance().getProvider();
+         secAdapterfactory = spiProvider.getSPI(SecurityAdaptorFactory.class);
+      }
+      return (AuthorizationManager)lookupJNDI(AUTHZ_MGR_LOOKUP);
+   }
+   
+   /**
+    * Given a {@link Document}, create the WSSE element
+    * @param document
+    * @return
+    */
+   protected Element getSecurityHeaderElement(Document document)
+   {
+      Element element = document.createElementNS(Constants.WSSE_NS, Constants.WSSE_HEADER);
+      Util.addNamespace(element, Constants.WSSE_PREFIX, Constants.WSSE_NS);
+      Util.addNamespace(element, Constants.WSU_PREFIX, Constants.WSU_NS);
+      Util.addNamespace(element, Constants.XML_ENCRYPTION_PREFIX, Constants.XML_SIGNATURE_NS);
+      return element;
+   }
+
+   /**
+    * Given the NameID {@link Element}, return the user name
+    * @param nameID
+    * @return
+    */
+   protected String getUsername(final Element nameID) 
+   {
+      String username = nameID.getNodeValue();
+      if (username == null) {
+         final NodeList childNodes = nameID.getChildNodes();
+         final int size = childNodes.getLength();
+         for (int i = 0; i < size; i++) {
+            final Node childNode = childNodes.item(i);
+            if (childNode.getNodeType() == Node.TEXT_NODE) {
+               username = childNode.getNodeValue();
+            }
+         }
+      }
+      return username;
+   }
+    
+    /**
+     * Get the SAML Assertion from the subject
+     * @return
+     */
+    protected Element getAssertionFromSubject()
+    {
+       Element assertion = null;
+       Subject subject =  SecurityActions.getAuthenticatedSubject();
+
+       if(subject == null)
+       {
+          log.error("null subject, cannot extract SAML token required for WS-TRUST");
+          return assertion;
+       }
+
+       Set<Object> creds = subject.getPublicCredentials();
+       if( creds != null )
+       {
+          for( Object cred: creds)
+          {
+             if( cred instanceof SamlCredential)
+             {
+                SamlCredential samlCredential = (SamlCredential) cred;
+                try
+                {
+                   assertion = samlCredential.getAssertionAsElement();
+                }
+                catch (ProcessingException e)
+                {
+                   log.error("failed to process SAML credential", e);
+                }
+                break;
+             }
+          } 
+       }
+       return assertion;
+    }
+    
+    private Object lookupJNDI( String str)
+    {
+       try
+      {
+         Context context = new InitialContext();
+          return context.lookup(str);
+      }
+      catch (NamingException e)
+      { 
+         throw new RuntimeException(e);
+      }
+    }
+}
\ No newline at end of file

Modified: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/BinaryTokenHandler.java
===================================================================
--- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/BinaryTokenHandler.java	2011-04-12 00:53:50 UTC (rev 871)
+++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/BinaryTokenHandler.java	2011-04-12 00:55:10 UTC (rev 872)
@@ -21,10 +21,6 @@
  */
 package org.picketlink.trust.jbossws.handler;
 
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
-
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.xml.namespace.QName;
@@ -37,8 +33,6 @@
 import javax.xml.ws.handler.MessageContext;
 import javax.xml.ws.handler.soap.SOAPMessageContext;
 
-import org.apache.log4j.Logger;
-import org.jboss.wsf.common.handler.GenericSOAPHandler;
 import org.picketlink.trust.jbossws.Constants;
 import org.picketlink.trust.jbossws.Util;
 
@@ -76,14 +70,8 @@
  * @author Anil.Saldhana at redhat.com
  * @since Apr 5, 2011
  */
- at SuppressWarnings("rawtypes")
-public class BinaryTokenHandler extends GenericSOAPHandler
+public class BinaryTokenHandler extends AbstractPicketLinkTrustHandler
 {
-   protected static Logger log = Logger.getLogger(BinaryTokenHandler.class);
-   protected boolean trace = log.isTraceEnabled();
-   
-   private static Set<QName> headers;
-
    /**
     * The HTTP header name that this token looks for. Either this or the httpCookieName should be set.
     */
@@ -121,13 +109,6 @@
    private boolean cleanToken = Boolean.parseBoolean(SecurityActions.getSystemProperty("binary.http.cleanToken", "false"));
    
    private SOAPFactory factory = null;
-
-   static
-   {
-      HashSet<QName> set = new HashSet<QName>();
-      set.add(Constants.WSSE_HEADER_QNAME);
-      headers = Collections.unmodifiableSet(set);
-   } 
    
    /**
     * <p> Set the EncodingType value.</p>
@@ -173,12 +154,6 @@
       this.valueTypePrefix = binaryValuePrefix;
    }
 
-   public Set<QName> getHeaders()
-   {
-      //return a collection with just the wsse:Security header to pass the MustUnderstand check on it
-      return headers;
-   }
-
    /**
     * <p>
     * Set the Http Header Name
@@ -226,7 +201,12 @@
    
    @Override
    protected boolean handleOutbound(MessageContext msgContext)
-   {
+   { 
+      if(trace)
+      {
+         log.trace("Handling Outbound Message");
+      }
+      
       if( httpHeaderName == null && httpCookieName == null )
          throw new RuntimeException("Either httpHeaderName or httpCookieName should be set" );
       

Modified: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java
===================================================================
--- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java	2011-04-12 00:53:50 UTC (rev 871)
+++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java	2011-04-12 00:55:10 UTC (rev 872)
@@ -21,30 +21,20 @@
  */
 package org.picketlink.trust.jbossws.handler;
 
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
-
 import javax.security.auth.Subject;
 import javax.xml.namespace.QName;
 import javax.xml.soap.SOAPMessage;
 import javax.xml.ws.handler.MessageContext;
 import javax.xml.ws.handler.soap.SOAPMessageContext;
 
-import org.jboss.logging.Logger;
 import org.jboss.security.SecurityContext;
-import org.jboss.wsf.common.handler.GenericSOAPHandler;
 import org.picketlink.identity.federation.bindings.jboss.subject.PicketLinkPrincipal;
-import org.picketlink.identity.federation.core.exceptions.ProcessingException;
 import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
 import org.picketlink.identity.federation.core.wstrust.SamlCredential;
-import org.picketlink.trust.jbossws.Constants;
 import org.picketlink.trust.jbossws.SAML2Constants;
 import org.picketlink.trust.jbossws.Util;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
 
 /**
  * A SAMLv2 WS handler.
@@ -54,32 +44,17 @@
  * @author Anil Saldhana
  * @version $Revision: 1 $
  */
- at SuppressWarnings("rawtypes")
-public class SAML2Handler extends GenericSOAPHandler
-{
-
-   protected Logger log = Logger.getLogger(this.getClass());
-   
-   private static Set<QName> headers;
-
-   static
-   {
-      HashSet<QName> set = new HashSet<QName>();
-      set.add(Constants.WSSE_HEADER_QNAME);
-      headers = Collections.unmodifiableSet(set);
-   }
-
-   public Set<QName> getHeaders()
-   {
-      //return a collection with just the wsse:Security header to pass the MustUnderstand check on it
-      return headers;
-   }
-   
+public class SAML2Handler extends AbstractPicketLinkTrustHandler
+{ 
    /**
     * Retrieves the SAML assertion from the SOAP payload and lets invocation go to JAAS for validation.
     */
    protected boolean handleInbound(MessageContext msgContext)
-   {
+   { 
+      if(trace)
+      {
+         log.trace("Handling Inbound Message");
+      }
 	  String assertionNS = JBossSAMLURIConstants.ASSERTION_NSURI.get();
       SOAPMessageContext ctx = (SOAPMessageContext) msgContext;
       SOAPMessage soapMessage = ctx.getMessage();
@@ -104,6 +79,10 @@
          SecurityContext sc = SecurityActions.createSecurityContext(new PicketLinkPrincipal(username), credential, s);
          SecurityActions.setSecurityContext(sc);
       }
+      else
+      {
+         log.warn("We did not find any assertion");
+      }
       
       return true;
    }
@@ -113,7 +92,11 @@
     * This assertion is then included in the SOAP payload.
     */
    protected boolean handleOutbound(MessageContext msgContext)
-   {
+   { 
+      if(trace)
+      {
+         log.trace("Handling Outbound Message");
+      }
       SOAPMessageContext ctx = (SOAPMessageContext) msgContext;
       SOAPMessage soapMessage = ctx.getMessage();
       
@@ -155,63 +138,5 @@
       }
       
       return true;
-   }
-   
-   private Element getSecurityHeaderElement(Document document)
-   {
-      Element element = document.createElementNS(Constants.WSSE_NS, Constants.WSSE_HEADER);
-      Util.addNamespace(element, Constants.WSSE_PREFIX, Constants.WSSE_NS);
-      Util.addNamespace(element, Constants.WSU_PREFIX, Constants.WSU_NS);
-      Util.addNamespace(element, Constants.XML_ENCRYPTION_PREFIX, Constants.XML_SIGNATURE_NS);
-      return element;
-   }
-
-	private String getUsername(final Element nameID) {
-		String username = nameID.getNodeValue();
-		if (username == null) {
-			final NodeList childNodes = nameID.getChildNodes();
-			final int size = childNodes.getLength();
-			for (int i = 0; i < size; i++) {
-				final Node childNode = childNodes.item(i);
-				if (childNode.getNodeType() == Node.TEXT_NODE) {
-					username = childNode.getNodeValue();
-				}
-			}
-		}
-		return username;
-	}
-	
-	private Element getAssertionFromSubject()
-	{
-	   Element assertion = null;
-	   Subject subject =  SecurityActions.getAuthenticatedSubject();
-
-       if(subject == null)
-       {
-          log.error("null subject, cannot extract SAML token required for WS-TRUST");
-          return assertion;
-       }
-
-       Set<Object> creds = subject.getPublicCredentials();
-       if( creds != null )
-       {
-          for( Object cred: creds)
-          {
-             if( cred instanceof SamlCredential)
-             {
-                SamlCredential samlCredential = (SamlCredential) cred;
-                try
-                {
-                   assertion = samlCredential.getAssertionAsElement();
-                }
-                catch (ProcessingException e)
-                {
-                   log.error("failed to process SAML credential", e);
-                }
-                break;
-             }
-          } 
-       }
-       return assertion;
-	} 
+   } 
 }
\ No newline at end of file

Modified: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java
===================================================================
--- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java	2011-04-12 00:53:50 UTC (rev 871)
+++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java	2011-04-12 00:55:10 UTC (rev 872)
@@ -105,4 +105,26 @@
          }
       });
    }
+   
+   static ClassLoader getClassLoader( final Class<?> clazz)
+   {
+      return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+      { 
+         public ClassLoader run()
+         {
+            return clazz.getClassLoader();
+         }
+      });
+   }
+   
+   static ClassLoader getContextClassLoader()
+   {
+      return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+      { 
+         public ClassLoader run()
+         {
+            return Thread.currentThread().getContextClassLoader();
+         }
+      });
+   }
 }
\ No newline at end of file

Added: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthenticationHandler.java
===================================================================
--- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthenticationHandler.java	                        (rev 0)
+++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthenticationHandler.java	2011-04-12 00:55:10 UTC (rev 872)
@@ -0,0 +1,72 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors. 
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.trust.jbossws.handler;
+
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+import javax.xml.ws.handler.MessageContext;
+
+import org.jboss.security.AuthenticationManager;
+import org.jboss.wsf.spi.invocation.SecurityAdaptor;
+
+/**
+ * Perform Authentication for POJO Web Services
+ * 
+ * Based on the Authorize Operation on the JBossWS Native stack
+ * 
+ * @author <a href="mailto:darran.lofthouse at jboss.com">Darran Lofthouse</a>
+ * @author Anil.Saldhana at redhat.com
+ * @since Apr 11, 2011
+ */
+public class WSAuthenticationHandler extends AbstractPicketLinkTrustHandler
+{
+   @Override
+   protected boolean handleInbound(MessageContext msgContext)
+   { 
+      if(trace)
+      {
+         log.trace("Handling Inbound Message");
+      }
+      AuthenticationManager authenticationManager = getAuthenticationManager();
+      SecurityAdaptor securityAdaptor = secAdapterfactory.newSecurityAdapter();
+      Principal principal = securityAdaptor.getPrincipal();
+      Object credential = securityAdaptor.getCredential();
+
+      Subject subject = new Subject();
+
+      if (authenticationManager.isValid(principal, credential, subject) == false)
+      {
+         String msg = "Authentication failed, principal=" + principal;
+         log.error(msg);
+         SecurityException e = new SecurityException(msg);
+         throw new RuntimeException(e);
+      }
+      if(trace)
+      {
+         log.trace("Successfully Authenticated:Principal="+principal + "::subject="+subject);
+      }
+      securityAdaptor.pushSubjectContext(subject, principal, credential);
+
+      return true;
+   }
+}
\ No newline at end of file

Added: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthorizationHandler.java
===================================================================
--- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthorizationHandler.java	                        (rev 0)
+++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthorizationHandler.java	2011-04-12 00:55:10 UTC (rev 872)
@@ -0,0 +1,123 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors. 
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.trust.jbossws.handler;
+
+import java.io.InputStream;
+import java.security.Principal;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.servlet.ServletContext;
+import javax.xml.namespace.QName;
+import javax.xml.ws.handler.MessageContext;
+
+import org.jboss.security.AuthorizationManager;
+import org.jboss.security.SimplePrincipal;
+import org.jboss.wsf.spi.invocation.SecurityAdaptor;
+import org.picketlink.trust.jbossws.util.JBossWSSERoleExtractor;
+
+/**
+ * An authorization handler for the POJO Web services
+ * Based on the Authorize Operation on the JBossWS Native stack
+ * 
+ * @author <a href="mailto:darran.lofthouse at jboss.com">Darran Lofthouse</a>
+ * @author Anil.Saldhana at redhat.com
+ * @since Apr 11, 2011
+ */
+public class WSAuthorizationHandler extends AbstractPicketLinkTrustHandler
+{   
+   @Override
+   protected boolean handleInbound(MessageContext msgContext)
+   {   
+      if(trace)
+      {
+         log.trace("Handling Inbound Message");
+      }
+      ServletContext context = (ServletContext) msgContext.get(MessageContext.SERVLET_CONTEXT);
+      //Read the jboss-wsse.xml file
+      InputStream is = getWSSE(context);
+      if( is == null )
+         throw new RuntimeException( "unable to load jboss-wsse.xml");
+      
+      QName portName = (QName) msgContext.get(MessageContext.WSDL_PORT);
+      QName opName = (QName) msgContext.get(MessageContext.WSDL_OPERATION);
+      List<String> roles = JBossWSSERoleExtractor.getRoles(is, portName.getLocalPart(), opName.toString());
+      if( !roles.contains("unchecked"))
+      {
+         AuthorizationManager authorizationManager = getAuthorizationManager();
+
+         SecurityAdaptor securityAdaptor = secAdapterfactory.newSecurityAdapter();
+         Principal principal = securityAdaptor.getPrincipal();
+         Subject subject = SecurityActions.getAuthenticatedSubject();
+         
+         Set<Principal> expectedRoles = rolesSet(roles);
+         if(!authorizationManager.doesUserHaveRole(principal, expectedRoles ))
+         {
+            StringBuilder builder = new StringBuilder("Authorization Failed:Principal=");
+            builder.append(principal).append(":Expected Roles=").append(expectedRoles);
+            builder.append("::Actual Roles=").append(authorizationManager.getSubjectRoles(subject,null));
+            log.error(builder.toString() );
+            
+            throw new RuntimeException("Authorization Failed");
+         }
+      }
+      return true;
+   } 
+   
+   protected Set<Principal> rolesSet(List<String> roles)
+   {
+      Set<Principal> principals = new HashSet<Principal>();
+      for( String role: roles)
+      {
+         principals.add(new SimplePrincipal(role));
+      }
+      return principals;
+   }
+   
+   protected InputStream getWSSE(ServletContext context)
+   {
+      if( context == null )
+         throw new RuntimeException("Servlet Context is null");
+      
+      InputStream is = context.getResourceAsStream("/WEB-INF/jboss-wsse.xml");
+      /*InputStream is = null;
+      ClassLoader cl = SecurityActions.getClassLoader(getClass());
+      is = load(cl);
+      if( is == null)
+      {
+         cl = SecurityActions.getContextClassLoader();
+         is = load(cl);
+      }*/
+      return is;
+   }
+   
+   protected InputStream load( ClassLoader cl)
+   {
+      InputStream is = null;
+      is = cl.getResourceAsStream("WEB-INF/jboss-wsse.xml");
+      if( is == null)
+         is = cl.getResourceAsStream("/WEB-INF/jboss-wsse.xml");
+      return is;
+   }
+}
\ No newline at end of file

Added: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/util/JBossWSSERoleExtractor.java
===================================================================
--- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/util/JBossWSSERoleExtractor.java	                        (rev 0)
+++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/util/JBossWSSERoleExtractor.java	2011-04-12 00:55:10 UTC (rev 872)
@@ -0,0 +1,176 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors. 
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.trust.jbossws.util;
+
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+/**
+ * Given a jboss-wsse.xml file, extract the roles
+ * @author Anil.Saldhana at redhat.com
+ * @since Apr 11, 2011
+ */
+public class JBossWSSERoleExtractor
+{  
+   /**
+    * <p>
+    * Given the jboss-wsse.xml inputstream, return the configured roles
+    * </p>
+    * <p>
+    * Note that the <unchecked/> setting will yield a role of unchecked.
+    * So special handling needs to be done by the caller.
+    * </p>
+    * @param is
+    * @param portName optionally pass in a portName
+    * @return a {@link List} of role names
+    */
+   public static List<String> getRoles(InputStream is, String portName, String operationName)
+   {
+      List<String> roles = new ArrayList<String>();
+      try
+      {
+         Document doc = DocumentUtil.getDocument(is);
+         NodeList nl = doc.getElementsByTagName("port");
+         if( nl != null )
+         {
+            int len = nl.getLength();
+            if( len > 0)
+            {
+               Node portNode = getNamedNode(nl, portName);
+               if( portNode != null)
+               {
+                  roles.addAll( getRoles(portNode, operationName));
+                  return roles;
+               }
+            } 
+            return getDefaultRoles(doc.getDocumentElement());
+         }
+      }
+      catch (Exception e)
+      {
+         throw new RuntimeException(e);
+      }
+      return roles;
+   }
+   
+   private static Node getNamedNode( NodeList nl, String portName)
+   {
+      int len = nl.getLength();
+      for( int i = 0; i < len; i++)
+      {
+         Node n = nl.item(i);
+         if( n.getNodeType() == Node.ELEMENT_NODE)
+         {
+            Node name = n.getAttributes().getNamedItem("name");
+            if( portName.equals(name.getNodeValue()))
+               return n;
+         }
+      }
+      return null;
+   }
+   
+   private static List<String> getRoles(Node node, String operationName) throws ProcessingException
+   {
+      List<String> roles = new ArrayList<String>(); 
+      
+      Element elem = (Element) node;
+      //First check for operations
+      NodeList ops = elem.getElementsByTagName("operation");
+      if(ops.getLength() > 0 )
+      {
+         Node opNode = getNamedNode( ops, operationName);
+         if( opNode != null)
+            return getDefaultRoles((Element) opNode);
+         return roles;
+      }
+      NodeList nl = elem.getElementsByTagName("authorize");
+      if( nl != null )
+      {
+         int len = nl.getLength();
+
+         if( len > 1 )
+            throw new ProcessingException( "More than one authorize element");
+         Node authorize = nl.item(0);
+         roles.addAll(getRolesFromAuthorize((Element) authorize));
+      } 
+      return roles;
+   }
+   
+   private static List<String> getDefaultRoles(Element root) throws ProcessingException
+   { 
+      List<String> roles = new ArrayList<String>();
+      NodeList children = root.getChildNodes();
+      if( children != null )
+      {
+         int len  = children.getLength();
+         //Go down tree and if you hit port, return
+         for( int i = 0 ; i <len ; i++ )
+         {
+            Node n = children.item(i);
+            if(n.getNodeType() == Node.ELEMENT_NODE)
+            {
+               Element newNode = (Element) n;
+               if( newNode.getNodeName().equals("port"))
+                  return roles;
+               else if( newNode.getNodeName().equals("authorize"))
+                  return getRolesFromAuthorize(newNode);
+               else
+                  roles = getDefaultRoles(newNode);
+            }
+         } 
+      } 
+      return roles;
+   }
+   
+   private static List<String> getRolesFromAuthorize( Element authorize)
+   {
+      List<String> roles = new ArrayList<String>(); 
+      NodeList children = authorize.getChildNodes();
+
+      int len = children.getLength();
+      for( int i = 0 ; i < len; i++ )
+      {
+         Node child = children.item(i);
+         if( child instanceof Element)
+         {
+            String nodeName = child.getNodeName();
+            if( "unchecked".equals( nodeName) )
+            {
+               roles.add(nodeName); 
+            } 
+            else if("role".equals(nodeName))
+            {
+               roles.add(child.getChildNodes().item(0).getNodeValue());
+            }
+         } 
+      }
+      return roles;
+   }
+}
\ No newline at end of file

Added: trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/jbossws/xml/JBossWSSEFileParseTestCase.java
===================================================================
--- trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/jbossws/xml/JBossWSSEFileParseTestCase.java	                        (rev 0)
+++ trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/jbossws/xml/JBossWSSEFileParseTestCase.java	2011-04-12 00:55:10 UTC (rev 872)
@@ -0,0 +1,125 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors. 
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.trust.jbossws.xml;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+import java.io.InputStream;
+import java.util.List;
+
+import org.junit.Test;
+import org.picketlink.trust.jbossws.util.JBossWSSERoleExtractor;
+
+/**
+ * Unit test the parsing of the jboss-wsse.xml for the roles
+ * 
+ * @author Anil.Saldhana at redhat.com
+ * @since Apr 11, 2011
+ */
+public class JBossWSSEFileParseTestCase
+{
+   @Test
+   public void testUnchecked() throws Exception
+   {
+      ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+      InputStream is = tcl.getResourceAsStream("jbossws/jboss-wsse/jboss-wsse-unchecked.xml");
+      assertNotNull(is);
+      
+      List<String> roles = JBossWSSERoleExtractor.getRoles(is, null, null);
+      assertNotNull(roles);
+      assertEquals( 1, roles.size());
+      assertEquals( "unchecked", roles.get(0));
+   }
+   
+   @Test
+   public void testRoles() throws Exception
+   {
+      ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+      InputStream is = tcl.getResourceAsStream("jbossws/jboss-wsse/jboss-wsse-roles.xml");
+      assertNotNull(is);
+      
+      List<String> roles = JBossWSSERoleExtractor.getRoles(is, null, null);
+      assertNotNull(roles);
+      assertEquals( 2, roles.size());
+      assertTrue( roles.contains("friend"));
+      assertTrue( roles.contains("family")); 
+   }
+   
+   @Test
+   public void testRolesForPort() throws Exception
+   {
+      ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+      InputStream is = tcl.getResourceAsStream("jbossws/jboss-wsse/jboss-wsse-port-role.xml");
+      assertNotNull(is);
+      
+      List<String> roles = JBossWSSERoleExtractor.getRoles(is, "TestPort", null);
+      assertNotNull(roles);
+      assertEquals( 1, roles.size());
+      assertTrue( roles.contains("Trader"));
+      
+      is = tcl.getResourceAsStream("jbossws/jboss-wsse/jboss-wsse-port-role.xml");
+      assertNotNull(is);
+      roles = JBossWSSERoleExtractor.getRoles(is, "MaxiPort", null);
+      assertNotNull(roles);
+      assertEquals( 3, roles.size());
+      assertTrue( roles.contains("Trader"));
+      assertTrue( roles.contains("friend"));
+      assertTrue( roles.contains("family"));
+      
+      is = tcl.getResourceAsStream("jbossws/jboss-wsse/jboss-wsse-port-role.xml");
+      assertNotNull(is);
+      roles = JBossWSSERoleExtractor.getRoles(is, "NonExistingPort", null);
+      assertNotNull(roles);
+      assertEquals( 1, roles.size());
+      assertTrue( roles.contains("Trader"));
+   }
+   
+   @Test
+   public void testRolesForPortOps() throws Exception
+   {
+      ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+      InputStream is = tcl.getResourceAsStream("jbossws/jboss-wsse/jboss-wsse-port-ops.xml");
+      assertNotNull(is);
+      
+      List<String> roles = JBossWSSERoleExtractor.getRoles(is, "POJOBeanPort", "{http://ws.trust.test.picketlink.org/}echoUnchecked");
+      assertNotNull(roles);
+      assertEquals( 1, roles.size());
+      assertTrue( roles.contains("unchecked"));
+      
+      is = tcl.getResourceAsStream("jbossws/jboss-wsse/jboss-wsse-port-ops.xml");
+      assertNotNull(is);
+      roles = JBossWSSERoleExtractor.getRoles(is, "POJOBeanPort", "{http://ws.trust.test.picketlink.org/}echo");
+      assertNotNull(roles);
+      assertEquals( 1, roles.size());
+      assertTrue( roles.contains("JBossAdmin"));
+      
+      is = tcl.getResourceAsStream("jbossws/jboss-wsse/jboss-wsse-port-ops.xml");
+      assertNotNull(is);
+      roles = JBossWSSERoleExtractor.getRoles(is, "NonExistingPort", null);
+      assertNotNull(roles);
+      assertEquals( 2, roles.size());
+      assertTrue( roles.contains("friend"));
+      assertTrue( roles.contains("family"));
+   }
+}
\ No newline at end of file

Added: trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-port-ops.xml
===================================================================
--- trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-port-ops.xml	                        (rev 0)
+++ trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-port-ops.xml	2011-04-12 00:55:10 UTC (rev 872)
@@ -0,0 +1,30 @@
+<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
+                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                   xsi:schemaLocation="http://www.jboss.com/ws-security/config
+                   http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
+
+  <config>
+    <authorize>      
+      <role>friend</role>
+      <role>family</role>
+    </authorize>
+  </config>
+  
+  <port name="POJOBeanPort">
+    <operation name="{http://ws.trust.test.picketlink.org/}echoUnchecked">
+      <config>
+        <authorize>
+          <unchecked/>
+        </authorize>
+      </config>    
+    </operation>
+    
+    <operation name="{http://ws.trust.test.picketlink.org/}echo">
+      <config>
+        <authorize>
+          <role>JBossAdmin</role>
+        </authorize>
+      </config>    
+    </operation>        
+  </port>
+</jboss-ws-security>
\ No newline at end of file

Added: trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-port-role.xml
===================================================================
--- trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-port-role.xml	                        (rev 0)
+++ trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-port-role.xml	2011-04-12 00:55:10 UTC (rev 872)
@@ -0,0 +1,29 @@
+<jboss-ws-security xmlns='http://www.jboss.com/ws-security/config'
+                   xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
+                   xsi:schemaLocation='http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd'>
+
+  <config>
+    <authorize>
+      <role>Trader</role>
+    </authorize>
+  </config>  
+  
+  <port name="TestPort">
+    <config>
+      <authorize>
+        <role>Trader</role> 
+      </authorize>
+    </config>
+  </port>
+  
+  <port name="MaxiPort">
+    <config>
+      <authorize>
+        <role>Trader</role> 
+        <role>friend</role> 
+        <role>family</role> 
+      </authorize>
+    </config>
+  </port>
+  
+</jboss-ws-security>
\ No newline at end of file

Added: trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-roles.xml
===================================================================
--- trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-roles.xml	                        (rev 0)
+++ trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-roles.xml	2011-04-12 00:55:10 UTC (rev 872)
@@ -0,0 +1,10 @@
+<jboss-ws-security>
+  
+  <config>
+    <authorize>      
+      <role>friend</role>
+      <role>family</role>
+    </authorize>
+  </config>
+  
+</jboss-ws-security>
\ No newline at end of file

Added: trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-unchecked.xml
===================================================================
--- trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-unchecked.xml	                        (rev 0)
+++ trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-unchecked.xml	2011-04-12 00:55:10 UTC (rev 872)
@@ -0,0 +1,9 @@
+<jboss-ws-security>
+  
+  <config>
+    <authorize>      
+      <unchecked/>
+    </authorize>
+  </config>
+  
+</jboss-ws-security>
\ No newline at end of file



More information about the jboss-cvs-commits mailing list