[jboss-cvs] Picketlink SVN: r872 - in trust/trunk/jbossws: src and 14 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Apr 11 20:55:11 EDT 2011
Author: anil.saldhana at jboss.com
Date: 2011-04-11 20:55:10 -0400 (Mon, 11 Apr 2011)
New Revision: 872
Added:
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/AbstractPicketLinkTrustHandler.java
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthenticationHandler.java
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthorizationHandler.java
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/util/
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/util/JBossWSSERoleExtractor.java
trust/trunk/jbossws/src/test/
trust/trunk/jbossws/src/test/java/
trust/trunk/jbossws/src/test/java/org/
trust/trunk/jbossws/src/test/java/org/picketlink/
trust/trunk/jbossws/src/test/java/org/picketlink/test/
trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/
trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/jbossws/
trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/jbossws/xml/
trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/jbossws/xml/JBossWSSEFileParseTestCase.java
trust/trunk/jbossws/src/test/resources/
trust/trunk/jbossws/src/test/resources/jbossws/
trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/
trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-port-ops.xml
trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-port-role.xml
trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-roles.xml
trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-unchecked.xml
Modified:
trust/trunk/jbossws/.classpath
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/BinaryTokenHandler.java
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java
Log:
PLFED-167: handlers for auth/authz for POJO WS
Modified: trust/trunk/jbossws/.classpath
===================================================================
--- trust/trunk/jbossws/.classpath 2011-04-12 00:53:50 UTC (rev 871)
+++ trust/trunk/jbossws/.classpath 2011-04-12 00:55:10 UTC (rev 872)
@@ -1,39 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
<classpath>
- <classpathentry kind="src" path="src/main/java" including="**/*.java"/>
- <classpathentry kind="src" path="src/main/resources" excluding="**/*.java"/>
- <classpathentry kind="output" path="target/classes"/>
- <classpathentry kind="var" path="M2_REPO/javax/persistence/persistence-api/1.0/persistence-api-1.0.jar" sourcepath="M2_REPO/javax/persistence/persistence-api/1.0/persistence-api-1.0-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4.jar" sourcepath="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/apache/ant/ant/1.7.1/ant-1.7.1.jar" sourcepath="M2_REPO/org/apache/ant/ant/1.7.1/ant-1.7.1-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/apache/ant/ant-launcher/1.7.1/ant-launcher-1.7.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/commons-beanutils/commons-beanutils/1.8.0/commons-beanutils-1.8.0.jar" sourcepath="M2_REPO/commons-beanutils/commons-beanutils/1.8.0/commons-beanutils-1.8.0-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/commons-codec/commons-codec/1.2/commons-codec-1.2.jar"/>
- <classpathentry kind="var" path="M2_REPO/commons-httpclient/commons-httpclient/3.0.1/commons-httpclient-3.0.1.jar" sourcepath="M2_REPO/commons-httpclient/commons-httpclient/3.0.1/commons-httpclient-3.0.1-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.1.1/commons-logging-1.1.1.jar" sourcepath="M2_REPO/commons-logging/commons-logging/1.1.1/commons-logging-1.1.1-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-logging/commons-logging-api/1.0.3/commons-logging-api-1.0.3.jar"/>
- <classpathentry kind="var" path="M2_REPO/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar" sourcepath="M2_REPO/dom4j/dom4j/1.6.1/dom4j-1.6.1-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/gnu-getopt/getopt/1.0.13/getopt-1.0.13.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jaxbintros/jboss-jaxb-intros/1.0.2.GA/jboss-jaxb-intros-1.0.2.GA.jar" sourcepath="M2_REPO/jboss/jaxbintros/jboss-jaxb-intros/1.0.2.GA/jboss-jaxb-intros-1.0.2.GA-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/spec/javax/xml/ws/jboss-jaxws-api_2.2_spec/1.0.0.Final/jboss-jaxws-api_2.2_spec-1.0.0.Final.jar" sourcepath="M2_REPO/org/jboss/spec/javax/xml/ws/jboss-jaxws-api_2.2_spec/1.0.0.Final/jboss-jaxws-api_2.2_spec-1.0.0.Final-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/logging/jboss-logging-spi/2.1.0.GA/jboss-logging-spi-2.1.0.GA.jar" sourcepath="M2_REPO/org/jboss/logging/jboss-logging-spi/2.1.0.GA/jboss-logging-spi-2.1.0.GA-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/picketbox/jboss-security-spi/3.0.0.Final/jboss-security-spi-3.0.0.Final.jar" sourcepath="M2_REPO/org/picketbox/jboss-security-spi/3.0.0.Final/jboss-security-spi-3.0.0.Final-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/picketbox/jbosssx/3.0.0.Final/jbosssx-3.0.0.Final.jar" sourcepath="M2_REPO/org/picketbox/jbosssx/3.0.0.Final/jbosssx-3.0.0.Final-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/ws/jbossws-common/1.4.1.GA/jbossws-common-1.4.1.GA.jar" sourcepath="M2_REPO/org/jboss/ws/jbossws-common/1.4.1.GA/jbossws-common-1.4.1.GA-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/ws/jbossws-spi/1.4.1.GA/jbossws-spi-1.4.1.GA.jar" sourcepath="M2_REPO/org/jboss/ws/jbossws-spi/1.4.1.GA/jbossws-spi-1.4.1.GA-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/jbossxacml/2.0.4/jbossxacml-2.0.4.jar" sourcepath="M2_REPO/org/jboss/security/jbossxacml/2.0.4/jbossxacml-2.0.4-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/junit/junit/3.8.2/junit-3.8.2.jar" sourcepath="M2_REPO/junit/junit/3.8.2/junit-3.8.2-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar" sourcepath="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar" sourcepath="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/openid4java/openid4java-nodeps/0.9.5/openid4java-nodeps-0.9.5.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-bindings/2.0.0-SNAPSHOT/picketlink-bindings-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-bindings/2.0.0-SNAPSHOT/picketlink-bindings-2.0.0-SNAPSHOT-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-bindings-jboss/2.0.0-SNAPSHOT/picketlink-bindings-jboss-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-bindings-jboss/2.0.0-SNAPSHOT/picketlink-bindings-jboss-2.0.0-SNAPSHOT-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-fed/2.0.0-SNAPSHOT/picketlink-fed-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-fed/2.0.0-SNAPSHOT/picketlink-fed-2.0.0-SNAPSHOT-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-fed-api/2.0.0-SNAPSHOT/picketlink-fed-api-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-fed-api/2.0.0-SNAPSHOT/picketlink-fed-api-2.0.0-SNAPSHOT-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-fed-core/2.0.0-SNAPSHOT/picketlink-fed-core-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-fed-core/2.0.0-SNAPSHOT/picketlink-fed-core-2.0.0-SNAPSHOT-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-fed-model/2.0.0-SNAPSHOT/picketlink-fed-model-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-fed-model/2.0.0-SNAPSHOT/picketlink-fed-model-2.0.0-SNAPSHOT-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-web/2.0.0-SNAPSHOT/picketlink-web-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-web/2.0.0-SNAPSHOT/picketlink-web-2.0.0-SNAPSHOT-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-xmlsec-model/2.0.0-SNAPSHOT/picketlink-xmlsec-model-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-xmlsec-model/2.0.0-SNAPSHOT/picketlink-xmlsec-model-2.0.0-SNAPSHOT-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/xml-apis/xml-apis/1.0.b2/xml-apis-1.0.b2.jar" sourcepath="M2_REPO/xml-apis/xml-apis/1.0.b2/xml-apis-1.0.b2-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/apache/xmlsec/1.4.3/xmlsec-1.4.3.jar"/>
- <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
-</classpath>
\ No newline at end of file
+ <classpathentry including="**/*.java" kind="src" output="target/test-classes" path="src/test/java"/>
+ <classpathentry excluding="**/*.java" kind="src" output="target/test-classes" path="src/test/resources"/>
+ <classpathentry including="**/*.java" kind="src" path="src/main/java"/>
+ <classpathentry excluding="**/*.java" kind="src" path="src/main/resources"/>
+ <classpathentry kind="var" path="M2_REPO/javax/persistence/persistence-api/1.0/persistence-api-1.0.jar" sourcepath="M2_REPO/javax/persistence/persistence-api/1.0/persistence-api-1.0-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4.jar" sourcepath="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/apache/ant/ant/1.7.1/ant-1.7.1.jar" sourcepath="M2_REPO/org/apache/ant/ant/1.7.1/ant-1.7.1-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/apache/ant/ant-launcher/1.7.1/ant-launcher-1.7.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/commons-beanutils/commons-beanutils/1.8.0/commons-beanutils-1.8.0.jar" sourcepath="M2_REPO/commons-beanutils/commons-beanutils/1.8.0/commons-beanutils-1.8.0-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/commons-codec/commons-codec/1.2/commons-codec-1.2.jar"/>
+ <classpathentry kind="var" path="M2_REPO/commons-httpclient/commons-httpclient/3.0.1/commons-httpclient-3.0.1.jar" sourcepath="M2_REPO/commons-httpclient/commons-httpclient/3.0.1/commons-httpclient-3.0.1-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.1.1/commons-logging-1.1.1.jar" sourcepath="M2_REPO/commons-logging/commons-logging/1.1.1/commons-logging-1.1.1-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-logging/commons-logging-api/1.0.3/commons-logging-api-1.0.3.jar"/>
+ <classpathentry kind="var" path="M2_REPO/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar" sourcepath="M2_REPO/dom4j/dom4j/1.6.1/dom4j-1.6.1-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/gnu-getopt/getopt/1.0.13/getopt-1.0.13.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jaxbintros/jboss-jaxb-intros/1.0.2.GA/jboss-jaxb-intros-1.0.2.GA.jar" sourcepath="M2_REPO/jboss/jaxbintros/jboss-jaxb-intros/1.0.2.GA/jboss-jaxb-intros-1.0.2.GA-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/spec/javax/xml/ws/jboss-jaxws-api_2.2_spec/1.0.0.Final/jboss-jaxws-api_2.2_spec-1.0.0.Final.jar" sourcepath="M2_REPO/org/jboss/spec/javax/xml/ws/jboss-jaxws-api_2.2_spec/1.0.0.Final/jboss-jaxws-api_2.2_spec-1.0.0.Final-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/logging/jboss-logging-spi/2.1.0.GA/jboss-logging-spi-2.1.0.GA.jar" sourcepath="M2_REPO/org/jboss/logging/jboss-logging-spi/2.1.0.GA/jboss-logging-spi-2.1.0.GA-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/picketbox/jboss-security-spi/3.0.0.Final/jboss-security-spi-3.0.0.Final.jar" sourcepath="M2_REPO/org/picketbox/jboss-security-spi/3.0.0.Final/jboss-security-spi-3.0.0.Final-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/picketbox/jbosssx/3.0.0.Final/jbosssx-3.0.0.Final.jar" sourcepath="M2_REPO/org/picketbox/jbosssx/3.0.0.Final/jbosssx-3.0.0.Final-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/ws/jbossws-common/1.4.1.GA/jbossws-common-1.4.1.GA.jar" sourcepath="M2_REPO/org/jboss/ws/jbossws-common/1.4.1.GA/jbossws-common-1.4.1.GA-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/ws/jbossws-spi/1.4.1.GA/jbossws-spi-1.4.1.GA.jar" sourcepath="M2_REPO/org/jboss/ws/jbossws-spi/1.4.1.GA/jbossws-spi-1.4.1.GA-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jbossxacml/2.0.4/jbossxacml-2.0.4.jar" sourcepath="M2_REPO/org/jboss/security/jbossxacml/2.0.4/jbossxacml-2.0.4-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/junit/junit/3.8.2/junit-3.8.2.jar" sourcepath="M2_REPO/junit/junit/3.8.2/junit-3.8.2-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar" sourcepath="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar" sourcepath="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/openid4java/openid4java-nodeps/0.9.5/openid4java-nodeps-0.9.5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-bindings/2.0.0-SNAPSHOT/picketlink-bindings-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-bindings/2.0.0-SNAPSHOT/picketlink-bindings-2.0.0-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-bindings-jboss/2.0.0-SNAPSHOT/picketlink-bindings-jboss-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-bindings-jboss/2.0.0-SNAPSHOT/picketlink-bindings-jboss-2.0.0-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-fed/2.0.0-SNAPSHOT/picketlink-fed-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-fed/2.0.0-SNAPSHOT/picketlink-fed-2.0.0-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-fed-api/2.0.0-SNAPSHOT/picketlink-fed-api-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-fed-api/2.0.0-SNAPSHOT/picketlink-fed-api-2.0.0-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-fed-core/2.0.0-SNAPSHOT/picketlink-fed-core-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-fed-core/2.0.0-SNAPSHOT/picketlink-fed-core-2.0.0-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-fed-model/2.0.0-SNAPSHOT/picketlink-fed-model-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-fed-model/2.0.0-SNAPSHOT/picketlink-fed-model-2.0.0-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-web/2.0.0-SNAPSHOT/picketlink-web-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-web/2.0.0-SNAPSHOT/picketlink-web-2.0.0-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-xmlsec-model/2.0.0-SNAPSHOT/picketlink-xmlsec-model-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-xmlsec-model/2.0.0-SNAPSHOT/picketlink-xmlsec-model-2.0.0-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/xml-apis/xml-apis/1.0.b2/xml-apis-1.0.b2.jar" sourcepath="M2_REPO/xml-apis/xml-apis/1.0.b2/xml-apis-1.0.b2-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/apache/xmlsec/1.4.3/xmlsec-1.4.3.jar"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.junit.JUNIT_CONTAINER/4"/>
+ <classpathentry kind="output" path="target/classes"/>
+</classpath>
Added: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/AbstractPicketLinkTrustHandler.java
===================================================================
--- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/AbstractPicketLinkTrustHandler.java (rev 0)
+++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/AbstractPicketLinkTrustHandler.java 2011-04-12 00:55:10 UTC (rev 872)
@@ -0,0 +1,196 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.trust.jbossws.handler;
+
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.naming.Context;
+import javax.naming.InitialContext;
+import javax.naming.NamingException;
+import javax.security.auth.Subject;
+import javax.xml.namespace.QName;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.AuthenticationManager;
+import org.jboss.security.AuthorizationManager;
+import org.jboss.wsf.common.handler.GenericSOAPHandler;
+import org.jboss.wsf.spi.SPIProvider;
+import org.jboss.wsf.spi.SPIProviderResolver;
+import org.jboss.wsf.spi.invocation.SecurityAdaptorFactory;
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.wstrust.SamlCredential;
+import org.picketlink.trust.jbossws.Constants;
+import org.picketlink.trust.jbossws.Util;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+/**
+ * Abstract base class for the PicketLink Trust Handlers
+ * @author Anil.Saldhana at redhat.com
+ * @since Apr 11, 2011
+ */
+ at SuppressWarnings("rawtypes")
+public abstract class AbstractPicketLinkTrustHandler extends GenericSOAPHandler
+{
+ protected Logger log = Logger.getLogger(this.getClass());
+ protected boolean trace = log.isTraceEnabled();
+
+ protected static Set<QName> headers;
+
+ protected static final String SEC_MGR_LOOKUP = "java:comp/env/security/securityMgr";
+ protected static final String AUTHZ_MGR_LOOKUP = "java:comp/env/security/authorizationMgr";
+
+ protected SecurityAdaptorFactory secAdapterfactory;
+
+ static
+ {
+ HashSet<QName> set = new HashSet<QName>();
+ set.add(Constants.WSSE_HEADER_QNAME);
+ headers = Collections.unmodifiableSet(set);
+ }
+
+ public Set<QName> getHeaders()
+ {
+ //return a collection with just the wsse:Security header to pass the MustUnderstand check on it
+ return headers;
+ }
+
+ /**
+ * Get the JBoss Authentication Manager {@link AuthenticationManager} from JNDI
+ * @return
+ * @throws NamingException
+ */
+ protected AuthenticationManager getAuthenticationManager()
+ {
+ if( secAdapterfactory == null)
+ {
+ SPIProvider spiProvider = SPIProviderResolver.getInstance().getProvider();
+ secAdapterfactory = spiProvider.getSPI(SecurityAdaptorFactory.class);
+ }
+ return (AuthenticationManager) lookupJNDI(SEC_MGR_LOOKUP);
+ }
+
+ /**
+ * Get the JBoss Authorization Manager {@link AuthorizationManager} from JNDI
+ * @return
+ * @throws NamingException
+ */
+ protected AuthorizationManager getAuthorizationManager()
+ {
+ if( secAdapterfactory == null)
+ {
+ SPIProvider spiProvider = SPIProviderResolver.getInstance().getProvider();
+ secAdapterfactory = spiProvider.getSPI(SecurityAdaptorFactory.class);
+ }
+ return (AuthorizationManager)lookupJNDI(AUTHZ_MGR_LOOKUP);
+ }
+
+ /**
+ * Given a {@link Document}, create the WSSE element
+ * @param document
+ * @return
+ */
+ protected Element getSecurityHeaderElement(Document document)
+ {
+ Element element = document.createElementNS(Constants.WSSE_NS, Constants.WSSE_HEADER);
+ Util.addNamespace(element, Constants.WSSE_PREFIX, Constants.WSSE_NS);
+ Util.addNamespace(element, Constants.WSU_PREFIX, Constants.WSU_NS);
+ Util.addNamespace(element, Constants.XML_ENCRYPTION_PREFIX, Constants.XML_SIGNATURE_NS);
+ return element;
+ }
+
+ /**
+ * Given the NameID {@link Element}, return the user name
+ * @param nameID
+ * @return
+ */
+ protected String getUsername(final Element nameID)
+ {
+ String username = nameID.getNodeValue();
+ if (username == null) {
+ final NodeList childNodes = nameID.getChildNodes();
+ final int size = childNodes.getLength();
+ for (int i = 0; i < size; i++) {
+ final Node childNode = childNodes.item(i);
+ if (childNode.getNodeType() == Node.TEXT_NODE) {
+ username = childNode.getNodeValue();
+ }
+ }
+ }
+ return username;
+ }
+
+ /**
+ * Get the SAML Assertion from the subject
+ * @return
+ */
+ protected Element getAssertionFromSubject()
+ {
+ Element assertion = null;
+ Subject subject = SecurityActions.getAuthenticatedSubject();
+
+ if(subject == null)
+ {
+ log.error("null subject, cannot extract SAML token required for WS-TRUST");
+ return assertion;
+ }
+
+ Set<Object> creds = subject.getPublicCredentials();
+ if( creds != null )
+ {
+ for( Object cred: creds)
+ {
+ if( cred instanceof SamlCredential)
+ {
+ SamlCredential samlCredential = (SamlCredential) cred;
+ try
+ {
+ assertion = samlCredential.getAssertionAsElement();
+ }
+ catch (ProcessingException e)
+ {
+ log.error("failed to process SAML credential", e);
+ }
+ break;
+ }
+ }
+ }
+ return assertion;
+ }
+
+ private Object lookupJNDI( String str)
+ {
+ try
+ {
+ Context context = new InitialContext();
+ return context.lookup(str);
+ }
+ catch (NamingException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+}
\ No newline at end of file
Modified: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/BinaryTokenHandler.java
===================================================================
--- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/BinaryTokenHandler.java 2011-04-12 00:53:50 UTC (rev 871)
+++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/BinaryTokenHandler.java 2011-04-12 00:55:10 UTC (rev 872)
@@ -21,10 +21,6 @@
*/
package org.picketlink.trust.jbossws.handler;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
-
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.xml.namespace.QName;
@@ -37,8 +33,6 @@
import javax.xml.ws.handler.MessageContext;
import javax.xml.ws.handler.soap.SOAPMessageContext;
-import org.apache.log4j.Logger;
-import org.jboss.wsf.common.handler.GenericSOAPHandler;
import org.picketlink.trust.jbossws.Constants;
import org.picketlink.trust.jbossws.Util;
@@ -76,14 +70,8 @@
* @author Anil.Saldhana at redhat.com
* @since Apr 5, 2011
*/
- at SuppressWarnings("rawtypes")
-public class BinaryTokenHandler extends GenericSOAPHandler
+public class BinaryTokenHandler extends AbstractPicketLinkTrustHandler
{
- protected static Logger log = Logger.getLogger(BinaryTokenHandler.class);
- protected boolean trace = log.isTraceEnabled();
-
- private static Set<QName> headers;
-
/**
* The HTTP header name that this token looks for. Either this or the httpCookieName should be set.
*/
@@ -121,13 +109,6 @@
private boolean cleanToken = Boolean.parseBoolean(SecurityActions.getSystemProperty("binary.http.cleanToken", "false"));
private SOAPFactory factory = null;
-
- static
- {
- HashSet<QName> set = new HashSet<QName>();
- set.add(Constants.WSSE_HEADER_QNAME);
- headers = Collections.unmodifiableSet(set);
- }
/**
* <p> Set the EncodingType value.</p>
@@ -173,12 +154,6 @@
this.valueTypePrefix = binaryValuePrefix;
}
- public Set<QName> getHeaders()
- {
- //return a collection with just the wsse:Security header to pass the MustUnderstand check on it
- return headers;
- }
-
/**
* <p>
* Set the Http Header Name
@@ -226,7 +201,12 @@
@Override
protected boolean handleOutbound(MessageContext msgContext)
- {
+ {
+ if(trace)
+ {
+ log.trace("Handling Outbound Message");
+ }
+
if( httpHeaderName == null && httpCookieName == null )
throw new RuntimeException("Either httpHeaderName or httpCookieName should be set" );
Modified: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java
===================================================================
--- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java 2011-04-12 00:53:50 UTC (rev 871)
+++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java 2011-04-12 00:55:10 UTC (rev 872)
@@ -21,30 +21,20 @@
*/
package org.picketlink.trust.jbossws.handler;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
-
import javax.security.auth.Subject;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPMessage;
import javax.xml.ws.handler.MessageContext;
import javax.xml.ws.handler.soap.SOAPMessageContext;
-import org.jboss.logging.Logger;
import org.jboss.security.SecurityContext;
-import org.jboss.wsf.common.handler.GenericSOAPHandler;
import org.picketlink.identity.federation.bindings.jboss.subject.PicketLinkPrincipal;
-import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.picketlink.identity.federation.core.wstrust.SamlCredential;
-import org.picketlink.trust.jbossws.Constants;
import org.picketlink.trust.jbossws.SAML2Constants;
import org.picketlink.trust.jbossws.Util;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
/**
* A SAMLv2 WS handler.
@@ -54,32 +44,17 @@
* @author Anil Saldhana
* @version $Revision: 1 $
*/
- at SuppressWarnings("rawtypes")
-public class SAML2Handler extends GenericSOAPHandler
-{
-
- protected Logger log = Logger.getLogger(this.getClass());
-
- private static Set<QName> headers;
-
- static
- {
- HashSet<QName> set = new HashSet<QName>();
- set.add(Constants.WSSE_HEADER_QNAME);
- headers = Collections.unmodifiableSet(set);
- }
-
- public Set<QName> getHeaders()
- {
- //return a collection with just the wsse:Security header to pass the MustUnderstand check on it
- return headers;
- }
-
+public class SAML2Handler extends AbstractPicketLinkTrustHandler
+{
/**
* Retrieves the SAML assertion from the SOAP payload and lets invocation go to JAAS for validation.
*/
protected boolean handleInbound(MessageContext msgContext)
- {
+ {
+ if(trace)
+ {
+ log.trace("Handling Inbound Message");
+ }
String assertionNS = JBossSAMLURIConstants.ASSERTION_NSURI.get();
SOAPMessageContext ctx = (SOAPMessageContext) msgContext;
SOAPMessage soapMessage = ctx.getMessage();
@@ -104,6 +79,10 @@
SecurityContext sc = SecurityActions.createSecurityContext(new PicketLinkPrincipal(username), credential, s);
SecurityActions.setSecurityContext(sc);
}
+ else
+ {
+ log.warn("We did not find any assertion");
+ }
return true;
}
@@ -113,7 +92,11 @@
* This assertion is then included in the SOAP payload.
*/
protected boolean handleOutbound(MessageContext msgContext)
- {
+ {
+ if(trace)
+ {
+ log.trace("Handling Outbound Message");
+ }
SOAPMessageContext ctx = (SOAPMessageContext) msgContext;
SOAPMessage soapMessage = ctx.getMessage();
@@ -155,63 +138,5 @@
}
return true;
- }
-
- private Element getSecurityHeaderElement(Document document)
- {
- Element element = document.createElementNS(Constants.WSSE_NS, Constants.WSSE_HEADER);
- Util.addNamespace(element, Constants.WSSE_PREFIX, Constants.WSSE_NS);
- Util.addNamespace(element, Constants.WSU_PREFIX, Constants.WSU_NS);
- Util.addNamespace(element, Constants.XML_ENCRYPTION_PREFIX, Constants.XML_SIGNATURE_NS);
- return element;
- }
-
- private String getUsername(final Element nameID) {
- String username = nameID.getNodeValue();
- if (username == null) {
- final NodeList childNodes = nameID.getChildNodes();
- final int size = childNodes.getLength();
- for (int i = 0; i < size; i++) {
- final Node childNode = childNodes.item(i);
- if (childNode.getNodeType() == Node.TEXT_NODE) {
- username = childNode.getNodeValue();
- }
- }
- }
- return username;
- }
-
- private Element getAssertionFromSubject()
- {
- Element assertion = null;
- Subject subject = SecurityActions.getAuthenticatedSubject();
-
- if(subject == null)
- {
- log.error("null subject, cannot extract SAML token required for WS-TRUST");
- return assertion;
- }
-
- Set<Object> creds = subject.getPublicCredentials();
- if( creds != null )
- {
- for( Object cred: creds)
- {
- if( cred instanceof SamlCredential)
- {
- SamlCredential samlCredential = (SamlCredential) cred;
- try
- {
- assertion = samlCredential.getAssertionAsElement();
- }
- catch (ProcessingException e)
- {
- log.error("failed to process SAML credential", e);
- }
- break;
- }
- }
- }
- return assertion;
- }
+ }
}
\ No newline at end of file
Modified: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java
===================================================================
--- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java 2011-04-12 00:53:50 UTC (rev 871)
+++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java 2011-04-12 00:55:10 UTC (rev 872)
@@ -105,4 +105,26 @@
}
});
}
+
+ static ClassLoader getClassLoader( final Class<?> clazz)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ return clazz.getClassLoader();
+ }
+ });
+ }
+
+ static ClassLoader getContextClassLoader()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
}
\ No newline at end of file
Added: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthenticationHandler.java
===================================================================
--- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthenticationHandler.java (rev 0)
+++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthenticationHandler.java 2011-04-12 00:55:10 UTC (rev 872)
@@ -0,0 +1,72 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.trust.jbossws.handler;
+
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+import javax.xml.ws.handler.MessageContext;
+
+import org.jboss.security.AuthenticationManager;
+import org.jboss.wsf.spi.invocation.SecurityAdaptor;
+
+/**
+ * Perform Authentication for POJO Web Services
+ *
+ * Based on the Authorize Operation on the JBossWS Native stack
+ *
+ * @author <a href="mailto:darran.lofthouse at jboss.com">Darran Lofthouse</a>
+ * @author Anil.Saldhana at redhat.com
+ * @since Apr 11, 2011
+ */
+public class WSAuthenticationHandler extends AbstractPicketLinkTrustHandler
+{
+ @Override
+ protected boolean handleInbound(MessageContext msgContext)
+ {
+ if(trace)
+ {
+ log.trace("Handling Inbound Message");
+ }
+ AuthenticationManager authenticationManager = getAuthenticationManager();
+ SecurityAdaptor securityAdaptor = secAdapterfactory.newSecurityAdapter();
+ Principal principal = securityAdaptor.getPrincipal();
+ Object credential = securityAdaptor.getCredential();
+
+ Subject subject = new Subject();
+
+ if (authenticationManager.isValid(principal, credential, subject) == false)
+ {
+ String msg = "Authentication failed, principal=" + principal;
+ log.error(msg);
+ SecurityException e = new SecurityException(msg);
+ throw new RuntimeException(e);
+ }
+ if(trace)
+ {
+ log.trace("Successfully Authenticated:Principal="+principal + "::subject="+subject);
+ }
+ securityAdaptor.pushSubjectContext(subject, principal, credential);
+
+ return true;
+ }
+}
\ No newline at end of file
Added: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthorizationHandler.java
===================================================================
--- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthorizationHandler.java (rev 0)
+++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthorizationHandler.java 2011-04-12 00:55:10 UTC (rev 872)
@@ -0,0 +1,123 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.trust.jbossws.handler;
+
+import java.io.InputStream;
+import java.security.Principal;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.servlet.ServletContext;
+import javax.xml.namespace.QName;
+import javax.xml.ws.handler.MessageContext;
+
+import org.jboss.security.AuthorizationManager;
+import org.jboss.security.SimplePrincipal;
+import org.jboss.wsf.spi.invocation.SecurityAdaptor;
+import org.picketlink.trust.jbossws.util.JBossWSSERoleExtractor;
+
+/**
+ * An authorization handler for the POJO Web services
+ * Based on the Authorize Operation on the JBossWS Native stack
+ *
+ * @author <a href="mailto:darran.lofthouse at jboss.com">Darran Lofthouse</a>
+ * @author Anil.Saldhana at redhat.com
+ * @since Apr 11, 2011
+ */
+public class WSAuthorizationHandler extends AbstractPicketLinkTrustHandler
+{
+ @Override
+ protected boolean handleInbound(MessageContext msgContext)
+ {
+ if(trace)
+ {
+ log.trace("Handling Inbound Message");
+ }
+ ServletContext context = (ServletContext) msgContext.get(MessageContext.SERVLET_CONTEXT);
+ //Read the jboss-wsse.xml file
+ InputStream is = getWSSE(context);
+ if( is == null )
+ throw new RuntimeException( "unable to load jboss-wsse.xml");
+
+ QName portName = (QName) msgContext.get(MessageContext.WSDL_PORT);
+ QName opName = (QName) msgContext.get(MessageContext.WSDL_OPERATION);
+ List<String> roles = JBossWSSERoleExtractor.getRoles(is, portName.getLocalPart(), opName.toString());
+ if( !roles.contains("unchecked"))
+ {
+ AuthorizationManager authorizationManager = getAuthorizationManager();
+
+ SecurityAdaptor securityAdaptor = secAdapterfactory.newSecurityAdapter();
+ Principal principal = securityAdaptor.getPrincipal();
+ Subject subject = SecurityActions.getAuthenticatedSubject();
+
+ Set<Principal> expectedRoles = rolesSet(roles);
+ if(!authorizationManager.doesUserHaveRole(principal, expectedRoles ))
+ {
+ StringBuilder builder = new StringBuilder("Authorization Failed:Principal=");
+ builder.append(principal).append(":Expected Roles=").append(expectedRoles);
+ builder.append("::Actual Roles=").append(authorizationManager.getSubjectRoles(subject,null));
+ log.error(builder.toString() );
+
+ throw new RuntimeException("Authorization Failed");
+ }
+ }
+ return true;
+ }
+
+ protected Set<Principal> rolesSet(List<String> roles)
+ {
+ Set<Principal> principals = new HashSet<Principal>();
+ for( String role: roles)
+ {
+ principals.add(new SimplePrincipal(role));
+ }
+ return principals;
+ }
+
+ protected InputStream getWSSE(ServletContext context)
+ {
+ if( context == null )
+ throw new RuntimeException("Servlet Context is null");
+
+ InputStream is = context.getResourceAsStream("/WEB-INF/jboss-wsse.xml");
+ /*InputStream is = null;
+ ClassLoader cl = SecurityActions.getClassLoader(getClass());
+ is = load(cl);
+ if( is == null)
+ {
+ cl = SecurityActions.getContextClassLoader();
+ is = load(cl);
+ }*/
+ return is;
+ }
+
+ protected InputStream load( ClassLoader cl)
+ {
+ InputStream is = null;
+ is = cl.getResourceAsStream("WEB-INF/jboss-wsse.xml");
+ if( is == null)
+ is = cl.getResourceAsStream("/WEB-INF/jboss-wsse.xml");
+ return is;
+ }
+}
\ No newline at end of file
Added: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/util/JBossWSSERoleExtractor.java
===================================================================
--- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/util/JBossWSSERoleExtractor.java (rev 0)
+++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/util/JBossWSSERoleExtractor.java 2011-04-12 00:55:10 UTC (rev 872)
@@ -0,0 +1,176 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.trust.jbossws.util;
+
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+/**
+ * Given a jboss-wsse.xml file, extract the roles
+ * @author Anil.Saldhana at redhat.com
+ * @since Apr 11, 2011
+ */
+public class JBossWSSERoleExtractor
+{
+ /**
+ * <p>
+ * Given the jboss-wsse.xml inputstream, return the configured roles
+ * </p>
+ * <p>
+ * Note that the <unchecked/> setting will yield a role of unchecked.
+ * So special handling needs to be done by the caller.
+ * </p>
+ * @param is
+ * @param portName optionally pass in a portName
+ * @return a {@link List} of role names
+ */
+ public static List<String> getRoles(InputStream is, String portName, String operationName)
+ {
+ List<String> roles = new ArrayList<String>();
+ try
+ {
+ Document doc = DocumentUtil.getDocument(is);
+ NodeList nl = doc.getElementsByTagName("port");
+ if( nl != null )
+ {
+ int len = nl.getLength();
+ if( len > 0)
+ {
+ Node portNode = getNamedNode(nl, portName);
+ if( portNode != null)
+ {
+ roles.addAll( getRoles(portNode, operationName));
+ return roles;
+ }
+ }
+ return getDefaultRoles(doc.getDocumentElement());
+ }
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ return roles;
+ }
+
+ private static Node getNamedNode( NodeList nl, String portName)
+ {
+ int len = nl.getLength();
+ for( int i = 0; i < len; i++)
+ {
+ Node n = nl.item(i);
+ if( n.getNodeType() == Node.ELEMENT_NODE)
+ {
+ Node name = n.getAttributes().getNamedItem("name");
+ if( portName.equals(name.getNodeValue()))
+ return n;
+ }
+ }
+ return null;
+ }
+
+ private static List<String> getRoles(Node node, String operationName) throws ProcessingException
+ {
+ List<String> roles = new ArrayList<String>();
+
+ Element elem = (Element) node;
+ //First check for operations
+ NodeList ops = elem.getElementsByTagName("operation");
+ if(ops.getLength() > 0 )
+ {
+ Node opNode = getNamedNode( ops, operationName);
+ if( opNode != null)
+ return getDefaultRoles((Element) opNode);
+ return roles;
+ }
+ NodeList nl = elem.getElementsByTagName("authorize");
+ if( nl != null )
+ {
+ int len = nl.getLength();
+
+ if( len > 1 )
+ throw new ProcessingException( "More than one authorize element");
+ Node authorize = nl.item(0);
+ roles.addAll(getRolesFromAuthorize((Element) authorize));
+ }
+ return roles;
+ }
+
+ private static List<String> getDefaultRoles(Element root) throws ProcessingException
+ {
+ List<String> roles = new ArrayList<String>();
+ NodeList children = root.getChildNodes();
+ if( children != null )
+ {
+ int len = children.getLength();
+ //Go down tree and if you hit port, return
+ for( int i = 0 ; i <len ; i++ )
+ {
+ Node n = children.item(i);
+ if(n.getNodeType() == Node.ELEMENT_NODE)
+ {
+ Element newNode = (Element) n;
+ if( newNode.getNodeName().equals("port"))
+ return roles;
+ else if( newNode.getNodeName().equals("authorize"))
+ return getRolesFromAuthorize(newNode);
+ else
+ roles = getDefaultRoles(newNode);
+ }
+ }
+ }
+ return roles;
+ }
+
+ private static List<String> getRolesFromAuthorize( Element authorize)
+ {
+ List<String> roles = new ArrayList<String>();
+ NodeList children = authorize.getChildNodes();
+
+ int len = children.getLength();
+ for( int i = 0 ; i < len; i++ )
+ {
+ Node child = children.item(i);
+ if( child instanceof Element)
+ {
+ String nodeName = child.getNodeName();
+ if( "unchecked".equals( nodeName) )
+ {
+ roles.add(nodeName);
+ }
+ else if("role".equals(nodeName))
+ {
+ roles.add(child.getChildNodes().item(0).getNodeValue());
+ }
+ }
+ }
+ return roles;
+ }
+}
\ No newline at end of file
Added: trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/jbossws/xml/JBossWSSEFileParseTestCase.java
===================================================================
--- trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/jbossws/xml/JBossWSSEFileParseTestCase.java (rev 0)
+++ trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/jbossws/xml/JBossWSSEFileParseTestCase.java 2011-04-12 00:55:10 UTC (rev 872)
@@ -0,0 +1,125 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.trust.jbossws.xml;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+import java.io.InputStream;
+import java.util.List;
+
+import org.junit.Test;
+import org.picketlink.trust.jbossws.util.JBossWSSERoleExtractor;
+
+/**
+ * Unit test the parsing of the jboss-wsse.xml for the roles
+ *
+ * @author Anil.Saldhana at redhat.com
+ * @since Apr 11, 2011
+ */
+public class JBossWSSEFileParseTestCase
+{
+ @Test
+ public void testUnchecked() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream is = tcl.getResourceAsStream("jbossws/jboss-wsse/jboss-wsse-unchecked.xml");
+ assertNotNull(is);
+
+ List<String> roles = JBossWSSERoleExtractor.getRoles(is, null, null);
+ assertNotNull(roles);
+ assertEquals( 1, roles.size());
+ assertEquals( "unchecked", roles.get(0));
+ }
+
+ @Test
+ public void testRoles() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream is = tcl.getResourceAsStream("jbossws/jboss-wsse/jboss-wsse-roles.xml");
+ assertNotNull(is);
+
+ List<String> roles = JBossWSSERoleExtractor.getRoles(is, null, null);
+ assertNotNull(roles);
+ assertEquals( 2, roles.size());
+ assertTrue( roles.contains("friend"));
+ assertTrue( roles.contains("family"));
+ }
+
+ @Test
+ public void testRolesForPort() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream is = tcl.getResourceAsStream("jbossws/jboss-wsse/jboss-wsse-port-role.xml");
+ assertNotNull(is);
+
+ List<String> roles = JBossWSSERoleExtractor.getRoles(is, "TestPort", null);
+ assertNotNull(roles);
+ assertEquals( 1, roles.size());
+ assertTrue( roles.contains("Trader"));
+
+ is = tcl.getResourceAsStream("jbossws/jboss-wsse/jboss-wsse-port-role.xml");
+ assertNotNull(is);
+ roles = JBossWSSERoleExtractor.getRoles(is, "MaxiPort", null);
+ assertNotNull(roles);
+ assertEquals( 3, roles.size());
+ assertTrue( roles.contains("Trader"));
+ assertTrue( roles.contains("friend"));
+ assertTrue( roles.contains("family"));
+
+ is = tcl.getResourceAsStream("jbossws/jboss-wsse/jboss-wsse-port-role.xml");
+ assertNotNull(is);
+ roles = JBossWSSERoleExtractor.getRoles(is, "NonExistingPort", null);
+ assertNotNull(roles);
+ assertEquals( 1, roles.size());
+ assertTrue( roles.contains("Trader"));
+ }
+
+ @Test
+ public void testRolesForPortOps() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream is = tcl.getResourceAsStream("jbossws/jboss-wsse/jboss-wsse-port-ops.xml");
+ assertNotNull(is);
+
+ List<String> roles = JBossWSSERoleExtractor.getRoles(is, "POJOBeanPort", "{http://ws.trust.test.picketlink.org/}echoUnchecked");
+ assertNotNull(roles);
+ assertEquals( 1, roles.size());
+ assertTrue( roles.contains("unchecked"));
+
+ is = tcl.getResourceAsStream("jbossws/jboss-wsse/jboss-wsse-port-ops.xml");
+ assertNotNull(is);
+ roles = JBossWSSERoleExtractor.getRoles(is, "POJOBeanPort", "{http://ws.trust.test.picketlink.org/}echo");
+ assertNotNull(roles);
+ assertEquals( 1, roles.size());
+ assertTrue( roles.contains("JBossAdmin"));
+
+ is = tcl.getResourceAsStream("jbossws/jboss-wsse/jboss-wsse-port-ops.xml");
+ assertNotNull(is);
+ roles = JBossWSSERoleExtractor.getRoles(is, "NonExistingPort", null);
+ assertNotNull(roles);
+ assertEquals( 2, roles.size());
+ assertTrue( roles.contains("friend"));
+ assertTrue( roles.contains("family"));
+ }
+}
\ No newline at end of file
Added: trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-port-ops.xml
===================================================================
--- trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-port-ops.xml (rev 0)
+++ trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-port-ops.xml 2011-04-12 00:55:10 UTC (rev 872)
@@ -0,0 +1,30 @@
+<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.jboss.com/ws-security/config
+ http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
+
+ <config>
+ <authorize>
+ <role>friend</role>
+ <role>family</role>
+ </authorize>
+ </config>
+
+ <port name="POJOBeanPort">
+ <operation name="{http://ws.trust.test.picketlink.org/}echoUnchecked">
+ <config>
+ <authorize>
+ <unchecked/>
+ </authorize>
+ </config>
+ </operation>
+
+ <operation name="{http://ws.trust.test.picketlink.org/}echo">
+ <config>
+ <authorize>
+ <role>JBossAdmin</role>
+ </authorize>
+ </config>
+ </operation>
+ </port>
+</jboss-ws-security>
\ No newline at end of file
Added: trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-port-role.xml
===================================================================
--- trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-port-role.xml (rev 0)
+++ trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-port-role.xml 2011-04-12 00:55:10 UTC (rev 872)
@@ -0,0 +1,29 @@
+<jboss-ws-security xmlns='http://www.jboss.com/ws-security/config'
+ xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
+ xsi:schemaLocation='http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd'>
+
+ <config>
+ <authorize>
+ <role>Trader</role>
+ </authorize>
+ </config>
+
+ <port name="TestPort">
+ <config>
+ <authorize>
+ <role>Trader</role>
+ </authorize>
+ </config>
+ </port>
+
+ <port name="MaxiPort">
+ <config>
+ <authorize>
+ <role>Trader</role>
+ <role>friend</role>
+ <role>family</role>
+ </authorize>
+ </config>
+ </port>
+
+</jboss-ws-security>
\ No newline at end of file
Added: trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-roles.xml
===================================================================
--- trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-roles.xml (rev 0)
+++ trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-roles.xml 2011-04-12 00:55:10 UTC (rev 872)
@@ -0,0 +1,10 @@
+<jboss-ws-security>
+
+ <config>
+ <authorize>
+ <role>friend</role>
+ <role>family</role>
+ </authorize>
+ </config>
+
+</jboss-ws-security>
\ No newline at end of file
Added: trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-unchecked.xml
===================================================================
--- trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-unchecked.xml (rev 0)
+++ trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-unchecked.xml 2011-04-12 00:55:10 UTC (rev 872)
@@ -0,0 +1,9 @@
+<jboss-ws-security>
+
+ <config>
+ <authorize>
+ <unchecked/>
+ </authorize>
+ </config>
+
+</jboss-ws-security>
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list