[jboss-cvs] Picketlink SVN: r1174 - in product/trunk/picketlink-core/src: main/java/org/picketlink/identity/federation/api/saml/v2/response and 27 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Aug 10 23:13:46 EDT 2011
Author: anil.saldhana at jboss.com
Date: 2011-08-10 23:13:45 -0400 (Wed, 10 Aug 2011)
New Revision: 1174
Added:
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/config/PropertiesConfigurationProvider.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/config/SecurityActions.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/util/SAMLConfigurationProvider.java
Modified:
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPUtil.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/config/ProviderType.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions/
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces/
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces/SAML2Handler.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/IDFedLSInputResolver.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/JAXPValidationUtil.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/filters/SPFilter.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java
product/trunk/picketlink-core/src/test/java/org/picketlink/
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/util/AssertionUtilUnitTestCase.java
Log:
Merging r1159 through r1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation:1152-1154
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation:1152-1158
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation:1152-1154
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation:1152-1158
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation:1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1098-1132,1152-1154
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1152-1158
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1152-1154
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1152-1158
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1098-1132,1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings:1152-1158
/federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1155-1158
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/bindings:1152-1154
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/bindings:1152-1158
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/bindings:1152-1154
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/bindings:1152-1158
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings:1152-1173
/federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1155-1158
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/bindings:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/bindings:1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/bindings:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/bindings:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1158
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1144-1154
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1154
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1158
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1154
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1158
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1144-1154,1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1144-1158
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1152-1154
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1152-1158
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1152-1154
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1152-1158
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1144-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1152-1173
Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
===================================================================
--- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2011-08-11 02:49:53 UTC (rev 1173)
+++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2011-08-11 03:13:45 UTC (rev 1174)
@@ -53,6 +53,7 @@
import org.apache.catalina.Session;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
+import org.apache.catalina.deploy.LoginConfig;
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.catalina.util.LifecycleSupport;
import org.apache.catalina.valves.ValveBase;
@@ -122,6 +123,7 @@
import org.picketlink.identity.federation.web.util.IDPWebRequestUtil.WebRequestUtilHolder;
import org.picketlink.identity.federation.web.util.RedirectBindingSignatureUtil;
import org.picketlink.identity.federation.web.util.RedirectBindingUtil;
+import org.picketlink.identity.federation.web.util.SAMLConfigurationProvider;
import org.w3c.dom.Document;
/**
@@ -166,6 +168,11 @@
protected String canonicalizationMethod = CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS;
/**
+ * The user can inject a fully qualified name of a {@link SAMLConfigurationProvider}
+ */
+ protected SAMLConfigurationProvider configProvider = null;
+
+ /**
* If the user wants to set a particular {@link IdentityParticipantStack}
*/
protected String identityParticipantStack = null;
@@ -185,6 +192,23 @@
}
}
+ public void setConfigProvider(String cp)
+ {
+ if (cp == null)
+ throw new IllegalStateException(ErrorCodes.NULL_ARGUMENT + cp);
+ Class<?> clazz = SecurityActions.loadClass(getClass(), cp);
+ if (clazz == null)
+ throw new RuntimeException(ErrorCodes.CLASS_NOT_LOADED + cp);
+ try
+ {
+ configProvider = (SAMLConfigurationProvider) clazz.newInstance();
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(ErrorCodes.CANNOT_CREATE_INSTANCE + cp + ":" + e.getMessage());
+ }
+ }
+
public Boolean getIgnoreIncomingSignatures()
{
return ignoreIncomingSignatures;
@@ -961,6 +985,7 @@
if (StringUtil.isNullOrEmpty(samlHandlerChainClass))
chain = SAML2HandlerChainFactory.createChain();
else
+ {
try
{
chain = SAML2HandlerChainFactory.createChain(this.samlHandlerChainClass);
@@ -969,16 +994,44 @@
{
throw new LifecycleException(e1);
}
+ }
+ //Work on the IDP Configuration
+ if (configProvider != null)
+ {
+ try
+ {
+ idpConfiguration = configProvider.getIDPConfiguration();
+ }
+ catch (ProcessingException e)
+ {
+ throw new RuntimeException(ErrorCodes.PROCESSING_EXCEPTION + e.getLocalizedMessage());
+ }
+ }
+
String configFile = GeneralConstants.CONFIG_FILE_LOCATION;
context = (Context) getContainer();
- InputStream is = context.getServletContext().getResourceAsStream(configFile);
- if (is == null)
- throw new RuntimeException(ErrorCodes.IDP_WEBBROWSER_VALVE_CONF_FILE_MISSING + configFile);
+ if (idpConfiguration == null)
+ {
+
+ InputStream is = context.getServletContext().getResourceAsStream(configFile);
+ if (is == null)
+ throw new RuntimeException(ErrorCodes.IDP_WEBBROWSER_VALVE_CONF_FILE_MISSING + configFile);
+
+ try
+ {
+ idpConfiguration = ConfigurationUtil.getIDPConfiguration(is);
+ }
+ catch (ParsingException e)
+ {
+ if (trace)
+ log.trace(e);
+ throw new RuntimeException(ErrorCodes.PROCESSING_EXCEPTION, e);
+ }
+ }
try
{
- idpConfiguration = ConfigurationUtil.getIDPConfiguration(is);
this.identityURL = idpConfiguration.getIdentityURL();
if (trace)
log.trace("Identity Provider URL=" + this.identityURL);
@@ -1001,7 +1054,7 @@
}
catch (Exception e)
{
- throw new RuntimeException(e);
+ throw new RuntimeException(ErrorCodes.PROCESSING_EXCEPTION, e);
}
//Ensure that the Core STS has the SAML20 Token Provider
@@ -1097,18 +1150,10 @@
identityServer.setStack((IdentityParticipantStack) clazz.newInstance());
}
- catch (ClassNotFoundException e)
+ catch (Exception e)
{
log.error("Unable to set the Identity Participant Stack Class. Will just use the default", e);
}
- catch (InstantiationException e)
- {
- log.error("Unable to set the Identity Participant Stack Class. Will just use the default", e);
- }
- catch (IllegalAccessException e)
- {
- log.error("Unable to set the Identity Participant Stack Class. Will just use the default", e);
- }
}
}
}
@@ -1159,6 +1204,24 @@
response.recycle();
}
+ protected String determineLoginType(boolean isSecure)
+ {
+ String result = JBossSAMLURIConstants.AC_PASSWORD.get();
+ LoginConfig loginConfig = context.getLoginConfig();
+ if (loginConfig != null)
+ {
+ String auth = loginConfig.getAuthMethod();
+ if (StringUtil.isNotNull(auth))
+ {
+ if ("CLIENT-CERT".equals(auth))
+ result = JBossSAMLURIConstants.AC_TLS_CLIENT.get();
+ else if (isSecure)
+ result = JBossSAMLURIConstants.AC_PASSWORD_PROTECTED_TRANSPORT.get();
+ }
+ }
+ return result;
+ }
+
/**
* Given a set of roles, create an attribute statement
* @param roles
@@ -1175,4 +1238,4 @@
}
return attrStatement;
}
-}
\ No newline at end of file
+}
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1138-1158
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1152-1154
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1152-1158
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1152-1154
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1152-1158
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1138-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1152-1173
Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java
===================================================================
--- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2011-08-11 02:49:53 UTC (rev 1173)
+++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2011-08-11 03:13:45 UTC (rev 1174)
@@ -75,6 +75,7 @@
import org.picketlink.identity.federation.saml.v2.metadata.KeyDescriptorType;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
import org.picketlink.identity.federation.web.util.ConfigurationUtil;
+import org.picketlink.identity.federation.web.util.SAMLConfigurationProvider;
import org.w3c.dom.Document;
/**
@@ -123,6 +124,11 @@
protected final String logOutPage = GeneralConstants.LOGOUT_PAGE_NAME;
/**
+ * The user can inject a fully qualified name of a {@link SAMLConfigurationProvider}
+ */
+ protected SAMLConfigurationProvider configProvider = null;
+
+ /**
* Servlet3 related changes forced Tomcat to change the authenticate method
* signature in the FormAuthenticator. For now, we use reflection for forward
* compatibility. This has to be changed in future.
@@ -166,6 +172,23 @@
this.saveRestoreRequest = saveRestoreRequest;
}
+ public void setConfigProvider(String cp)
+ {
+ if (cp == null)
+ throw new IllegalStateException(ErrorCodes.NULL_ARGUMENT + cp);
+ Class<?> clazz = SecurityActions.loadClass(getClass(), cp);
+ if (clazz == null)
+ throw new RuntimeException(ErrorCodes.CLASS_NOT_LOADED + cp);
+ try
+ {
+ configProvider = (SAMLConfigurationProvider) clazz.newInstance();
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(ErrorCodes.CANNOT_CREATE_INSTANCE + cp + ":" + e.getMessage());
+ }
+ }
+
/**
* Set a separate issuer id
* @param issuerID
@@ -365,7 +388,14 @@
throw new RuntimeException(ErrorCodes.SERVICE_PROVIDER_CONF_FILE_MISSING + configFile);
try
{
- spConfiguration = ConfigurationUtil.getSPConfiguration(is);
+ if (configProvider != null)
+ {
+ spConfiguration = configProvider.getSPConfiguration();
+ }
+ else
+ {
+ spConfiguration = ConfigurationUtil.getSPConfiguration(is);
+ }
if (StringUtil.isNotNull(spConfiguration.getIdpMetadataFile()))
{
Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java
===================================================================
--- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java 2011-08-11 02:49:53 UTC (rev 1173)
+++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java 2011-08-11 03:13:45 UTC (rev 1174)
@@ -37,6 +37,8 @@
import org.picketlink.identity.federation.core.interfaces.TrustKeyManager;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.util.CoreConfigUtil;
+import org.picketlink.identity.federation.core.util.StringUtil;
+import org.picketlink.identity.federation.web.process.ServiceProviderBaseProcessor;
import org.w3c.dom.Document;
/**
@@ -51,26 +53,17 @@
private final boolean trace = log.isTraceEnabled();
+ protected String idpAddress = null;
+
/**
- * Flag to indicate whether we want to sign the assertions
+ * If the request.getRemoteAddr is not exactly the IDP address that you have keyed
+ * in your deployment descriptor for keystore alias, you can set it here explicitly
*/
- protected boolean signAssertions = false;
-
- public SPPostSignatureFormAuthenticator()
+ public void setIdpAddress(String idpAddress)
{
- this.validateSignature = true;
+ this.idpAddress = idpAddress;
}
- public boolean isSignAssertions()
- {
- return signAssertions;
- }
-
- public void setSignAssertions(boolean signAssertions)
- {
- this.signAssertions = signAssertions;
- }
-
@Override
public void start() throws LifecycleException
{
@@ -95,6 +88,16 @@
List<AuthPropertyType> authProperties = CoreConfigUtil.getKeyProviderProperties(keyProvider);
keyManager.setAuthProperties(authProperties);
keyManager.setValidatingAlias(keyProvider.getValidatingAlias());
+
+ /**
+ * Since the user has explicitly configured the idp address, we need
+ * to add an option on the keymanager such that users of keymanager
+ * can choose the proper idp key for validation
+ */
+ if (StringUtil.isNotNull(idpAddress))
+ {
+ keyManager.addAdditionalOption(ServiceProviderBaseProcessor.IDP_KEY, this.idpAddress);
+ }
}
catch (Exception e)
{
Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPUtil.java
===================================================================
--- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPUtil.java 2011-08-11 02:49:53 UTC (rev 1173)
+++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPUtil.java 2011-08-11 03:13:45 UTC (rev 1174)
@@ -22,7 +22,6 @@
package org.picketlink.identity.federation.bindings.tomcat.sp;
import java.security.Principal;
-import java.util.ArrayList;
import java.util.List;
import org.apache.catalina.Context;
@@ -32,20 +31,7 @@
import org.picketlink.identity.federation.core.ErrorCodes;
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
-import org.picketlink.identity.federation.core.saml.v2.common.StatementLocal;
-import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
-import org.picketlink.identity.federation.core.saml.v2.exceptions.AssertionExpiredException;
-import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
-import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
-import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType;
-import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
-import org.picketlink.identity.federation.saml.v2.assertion.AttributeType;
-import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
-import org.picketlink.identity.federation.saml.v2.assertion.SubjectType;
import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
-import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
-import org.picketlink.identity.federation.saml.v2.protocol.ResponseType.RTChoiceType;
-import org.picketlink.identity.federation.saml.v2.protocol.StatusType;
/**
* Common code useful for a SP
@@ -73,62 +59,6 @@
return saml2Request.createAuthnRequestType(id, serviceURL, identityURL, serviceURL);
}
- /**
- * Handle the SAMLResponse from the IDP
- * @param request entire request from IDP
- * @param responseType ResponseType that has been generated
- * @param serverEnvironment tomcat,jboss etc
- * @return
- * @throws AssertionExpiredException
- */
- public Principal handleSAMLResponse(Request request, ResponseType responseType) throws ConfigurationException,
- AssertionExpiredException
- {
- if (request == null)
- throw new IllegalArgumentException(ErrorCodes.NULL_ARGUMENT + "request");
- if (responseType == null)
- throw new IllegalArgumentException(ErrorCodes.NULL_ARGUMENT + "response type");
-
- StatusType statusType = responseType.getStatus();
- if (statusType == null)
- throw new IllegalArgumentException(ErrorCodes.NULL_VALUE + "Status Type from the IDP");
-
- String statusValue = statusType.getStatusCode().getValue().toASCIIString();
- if (JBossSAMLURIConstants.STATUS_SUCCESS.get().equals(statusValue) == false)
- throw new SecurityException(ErrorCodes.IDP_AUTH_FAILED);
-
- List<RTChoiceType> assertions = responseType.getAssertions();
- if (assertions.size() == 0)
- throw new IllegalStateException(ErrorCodes.NULL_VALUE + "No assertions in reply from IDP");
-
- AssertionType assertion = assertions.get(0).getAssertion();
- //Check for validity of assertion
- boolean expiredAssertion = AssertionUtil.hasExpired(assertion);
- if (expiredAssertion)
- throw new AssertionExpiredException();
-
- SubjectType subject = assertion.getSubject();
-
- //JAXBElement<NameIDType> jnameID = (JAXBElement<NameIDType>) subject.getContent().get(0);
- NameIDType nameID = (NameIDType) subject.getSubType().getBaseID();
- String userName = nameID.getValue();
- List<String> roles = new ArrayList<String>();
-
- //Set it on a thread local for JBID integrators
- StatementLocal.statements.set(assertion.getStatements());
-
- //Let us get the roles
- AttributeStatementType attributeStatement = (AttributeStatementType) assertion.getStatements().iterator().next();
- List<ASTChoiceType> attList = attributeStatement.getAttributes();
- for (ASTChoiceType obj : attList)
- {
- AttributeType attr = obj.getAttribute();
- String roleName = (String) attr.getAttributeValue().get(0);
- roles.add(roleName);
- }
- return this.createGenericPrincipal(request, userName, roles);
- }
-
public Principal createGenericPrincipal(Request request, String username, List<String> roles)
{
Context ctx = request.getContext();
Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/config/ProviderType.java
===================================================================
--- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/config/ProviderType.java 2011-08-11 02:49:53 UTC (rev 1173)
+++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/config/ProviderType.java 2011-08-11 03:13:45 UTC (rev 1174)
@@ -21,6 +21,9 @@
*/
package org.picketlink.identity.federation.core.config;
+import java.util.HashMap;
+import java.util.Map;
+
import javax.xml.crypto.dsig.CanonicalizationMethod;
/**
@@ -60,7 +63,6 @@
*/
public class ProviderType
{
-
protected String identityURL;
protected TrustType trust;
@@ -73,6 +75,8 @@
protected String canonicalizationMethod = CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS;
+ protected Map<String, Object> additionalOptions = new HashMap<String, Object>();
+
/**
* Gets the value of the identityURL property.
*
@@ -236,4 +240,32 @@
this.canonicalizationMethod = canonicalizationMethod;
}
+ /**
+ * Add an option
+ * @param key
+ * @param value
+ */
+ public void addAdditionalOption(String key, Object value)
+ {
+ additionalOptions.put(key, value);
+ }
+
+ /**
+ * Remove an option
+ * @param key
+ */
+ public void removeAdditionalOption(String key)
+ {
+ additionalOptions.remove(key);
+ }
+
+ /**
+ * Get option
+ * @param key
+ * @return
+ */
+ public Object getAdditionalOption(String key)
+ {
+ return additionalOptions.get(key);
+ }
}
\ No newline at end of file
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1152-1154
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1095-1096,1152-1158
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1152-1154
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1152-1158
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1095-1096,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1152-1154
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1095-1096,1098-1134,1152-1158
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1152-1154
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1152-1158
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1095-1096,1098-1134,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1152-1154
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1095-1108,1152-1158
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1152-1154
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1152-1158
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1095-1108,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1152-1154
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1133-1137,1152-1158
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1152-1154
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1152-1158
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1133-1137,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1152-1154
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1098-1134,1152-1158
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1152-1154
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1152-1158
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1098-1134,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1152-1154
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1095-1108,1152-1158
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1152-1154
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1152-1158
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1095-1108,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1152-1154
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1144-1145,1152-1158
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1152-1154
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1152-1158
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1144-1145,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1152-1154
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1144-1147,1152-1158
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1152-1154
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1152-1158
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1144-1147,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1152-1173
Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces/SAML2Handler.java
===================================================================
--- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces/SAML2Handler.java 2011-08-11 02:49:53 UTC (rev 1173)
+++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces/SAML2Handler.java 2011-08-11 03:13:45 UTC (rev 1174)
@@ -34,6 +34,8 @@
//Define some constants
String ASSERTION_CONSUMER_URL = "ASSERTION_CONSUMER_URL";
+ String CLOCK_SKEW_MILIS = "CLOCK_SKEW_MILIS";
+
String DISABLE_AUTHN_STATEMENT = "DISABLE_AUTHN_STATEMENT";
String DISABLE_SENDING_ROLES = "DISABLE_SENDING_ROLES";
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1152-1154
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1098-1110,1152-1158
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1152-1154
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1152-1158
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1098-1110,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1152-1173
Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java
===================================================================
--- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java 2011-08-11 02:49:53 UTC (rev 1173)
+++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java 2011-08-11 03:13:45 UTC (rev 1174)
@@ -285,6 +285,44 @@
}
/**
+ * Verify whether the assertion has expired.
+ * You can add in a clock skew to adapt to conditions where in the IDP
+ * and SP are out of sync.
+ *
+ * @param assertion
+ * @param clockSkewInMilis in miliseconds
+ * @return
+ * @throws ConfigurationException
+ */
+ public static boolean hasExpired(AssertionType assertion, long clockSkewInMilis) throws ConfigurationException
+ {
+ boolean expiry = false;
+
+ //Check for validity of assertion
+ ConditionsType conditionsType = assertion.getConditions();
+ if (conditionsType != null)
+ {
+ XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant();
+ XMLGregorianCalendar notBefore = conditionsType.getNotBefore();
+ XMLGregorianCalendar updatedNotBefore = XMLTimeUtil.subtract(notBefore, clockSkewInMilis);
+ XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter();
+ XMLGregorianCalendar updatedOnOrAfter = XMLTimeUtil.add(notOnOrAfter, clockSkewInMilis);
+
+ if (trace)
+ log.trace("Now=" + now.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat() + "::notOnOrAfter="
+ + notOnOrAfter);
+ expiry = !XMLTimeUtil.isValid(now, updatedNotBefore, updatedOnOrAfter);
+ if (expiry)
+ {
+ log.info("Assertion has expired with id=" + assertion.getID());
+ }
+ }
+
+ //TODO: if conditions do not exist, assume the assertion to be everlasting?
+ return expiry;
+ }
+
+ /**
* Check whether the assertion has expired
* @param assertion
* @return
@@ -316,6 +354,44 @@
}
/**
+ * Verify whether the assertion has expired.
+ * You can add in a clock skew to adapt to conditions where in the IDP
+ * and SP are out of sync.
+ *
+ * @param assertion
+ * @param clockSkewInMilis in miliseconds
+ * @return
+ * @throws ConfigurationException
+ */
+ public static boolean hasExpired(SAML11AssertionType assertion, long clockSkewInMilis) throws ConfigurationException
+ {
+ boolean expiry = false;
+
+ //Check for validity of assertion
+ SAML11ConditionsType conditionsType = assertion.getConditions();
+ if (conditionsType != null)
+ {
+ XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant();
+ XMLGregorianCalendar notBefore = conditionsType.getNotBefore();
+ XMLGregorianCalendar updatedNotBefore = XMLTimeUtil.subtract(notBefore, clockSkewInMilis);
+ XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter();
+ XMLGregorianCalendar updatedOnOrAfter = XMLTimeUtil.add(notOnOrAfter, clockSkewInMilis);
+
+ if (trace)
+ log.trace("Now=" + now.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat() + "::notOnOrAfter="
+ + notOnOrAfter);
+ expiry = !XMLTimeUtil.isValid(now, updatedNotBefore, updatedOnOrAfter);
+ if (expiry)
+ {
+ log.info("Assertion has expired with id=" + assertion.getID());
+ }
+ }
+
+ //TODO: if conditions do not exist, assume the assertion to be everlasting?
+ return expiry;
+ }
+
+ /**
* Extract the expiration time from an {@link AssertionType}
* @param assertion
* @return
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1152-1154
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1133-1137,1152-1158
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1152-1154
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1152-1158
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1133-1137,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1152-1154
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1095-1109,1152-1158
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1152-1154
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1152-1158
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1095-1109,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1152-1154
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1095-1096,1098-1134,1152-1158
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1152-1154
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1152-1158
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1095-1096,1098-1134,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1152-1154
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1098-1109,1152-1158
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1152-1154
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1152-1158
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1098-1109,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1152-1154
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1098-1109,1152-1158
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1152-1154
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1152-1158
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1098-1109,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/util:1152-1154
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util:1098-1111,1152-1158
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/util:1152-1154
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/util:1152-1158
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/util:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/util:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/util:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util:1098-1111,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/util:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/util:1152-1173
Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/IDFedLSInputResolver.java
===================================================================
--- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/IDFedLSInputResolver.java 2011-08-11 02:49:53 UTC (rev 1173)
+++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/IDFedLSInputResolver.java 2011-08-11 03:13:45 UTC (rev 1174)
@@ -44,6 +44,8 @@
{
protected static Logger log = Logger.getLogger(IDFedLSInputResolver.class);
+ protected static boolean trace = log.isTraceEnabled();
+
private static Map<String, LSInput> lsmap = new HashMap<String, LSInput>();
private static Map<String, String> schemaLocationMap = new LinkedHashMap<String, String>();
@@ -116,104 +118,137 @@
public LSInput resolveResource(String type, String namespaceURI, final String publicId, final String systemId,
final String baseURI)
{
+ LSInput lsi = null;
if (systemId == null)
throw new RuntimeException(ErrorCodes.NULL_VALUE + "systemid");
- LSInput lsi = lsmap.get(systemId);
+ if (StringUtil.isNotNull(systemId) && systemId.endsWith("dtd") && StringUtil.isNotNull(baseURI))
+ {
+ lsi = lsmap.get(baseURI);
+ }
if (lsi == null)
+ lsi = lsmap.get(systemId);
+ if (lsi == null)
{
final String loc = schemaLocationMap.get(systemId);
if (loc == null)
return null;
- lsi = new LSInput()
- {
- public String getBaseURI()
- {
- return baseURI;
- }
+ lsi = new PicketLinkLSInput(baseURI, loc, publicId, systemId);
- public InputStream getByteStream()
- {
- URL url = SecurityActions.loadResource(getClass(), loc);
- InputStream is;
- try
- {
- is = url.openStream();
- }
- catch (IOException e)
- {
- throw new RuntimeException(ErrorCodes.CLASS_NOT_LOADED + loc);
- }
- if (is == null)
- throw new RuntimeException(ErrorCodes.NULL_VALUE + "inputstream is null for " + loc);
- return is;
- }
+ if (trace)
+ log.trace("Loaded:" + lsi);
+ lsmap.put(systemId, lsi);
+ }
+ return lsi;
+ }
- public boolean getCertifiedText()
- {
- return false;
- }
+ public static class PicketLinkLSInput implements LSInput
+ {
+ private final String baseURI;
- public Reader getCharacterStream()
- {
- return null;
- }
+ private final String loc;
- public String getEncoding()
- {
- return null;
- }
+ private final String publicId;
- public String getPublicId()
- {
- return publicId;
- }
+ private final String systemId;
- public String getStringData()
- {
- return null;
- }
+ public PicketLinkLSInput(String baseURI, String loc, String publicID, String systemID)
+ {
+ this.baseURI = baseURI;
+ this.loc = loc;
+ this.publicId = publicID;
+ this.systemId = systemID;
+ }
- public String getSystemId()
- {
- return systemId;
- }
+ public String getBaseURI()
+ {
+ return baseURI;
+ }
- public void setBaseURI(String baseURI)
- {
- }
+ public InputStream getByteStream()
+ {
+ URL url = SecurityActions.loadResource(getClass(), loc);
+ InputStream is;
+ try
+ {
+ is = url.openStream();
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException(ErrorCodes.CLASS_NOT_LOADED + loc);
+ }
+ if (is == null)
+ throw new RuntimeException(ErrorCodes.NULL_VALUE + "inputstream is null for " + loc);
+ return is;
+ }
- public void setByteStream(InputStream byteStream)
- {
- }
+ public boolean getCertifiedText()
+ {
+ return false;
+ }
- public void setCertifiedText(boolean certifiedText)
- {
- }
+ public Reader getCharacterStream()
+ {
+ return null;
+ }
- public void setCharacterStream(Reader characterStream)
- {
- }
+ public String getEncoding()
+ {
+ return null;
+ }
- public void setEncoding(String encoding)
- {
- }
+ public String getPublicId()
+ {
+ return publicId;
+ }
- public void setPublicId(String publicId)
- {
- }
+ public String getStringData()
+ {
+ return null;
+ }
- public void setStringData(String stringData)
- {
- }
+ public String getSystemId()
+ {
+ return systemId;
+ }
- public void setSystemId(String systemId)
- {
- }
- };
+ public void setBaseURI(String baseURI)
+ {
+ }
- lsmap.put(systemId, lsi);
+ public void setByteStream(InputStream byteStream)
+ {
}
- return lsi;
+
+ public void setCertifiedText(boolean certifiedText)
+ {
+ }
+
+ public void setCharacterStream(Reader characterStream)
+ {
+ }
+
+ public void setEncoding(String encoding)
+ {
+ }
+
+ public void setPublicId(String publicId)
+ {
+ }
+
+ public void setStringData(String stringData)
+ {
+ }
+
+ public void setSystemId(String systemId)
+ {
+ }
+
+ @Override
+ public String toString()
+ {
+ return "PicketLinkLSInput [baseURI=" + baseURI + ", loc=" + loc + ", publicId=" + publicId + ", systemId="
+ + systemId + "]";
+ }
}
}
\ No newline at end of file
Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/JAXPValidationUtil.java
===================================================================
--- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/JAXPValidationUtil.java 2011-08-11 02:49:53 UTC (rev 1173)
+++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/JAXPValidationUtil.java 2011-08-11 03:13:45 UTC (rev 1174)
@@ -132,7 +132,7 @@
{
URL url = SecurityActions.loadResource(JAXPValidationUtil.class, schema);
if (url == null)
- throw new RuntimeException(ErrorCodes.NULL_VALUE + "schema url");
+ throw new RuntimeException(ErrorCodes.NULL_VALUE + "schema url:" + schema);
sourceArr[i++] = new StreamSource(url.openStream());
}
return sourceArr;
@@ -166,7 +166,10 @@
if (trace)
{
- builder.append("[").append(sax.getLineNumber()).append(",").append(sax.getColumnNumber()).append("]");
+ builder.append("[line:").append(sax.getLineNumber()).append(",").append("::col=")
+ .append(sax.getColumnNumber()).append("]");
+ builder.append("[publicID:").append(sax.getPublicId()).append(",systemId=").append(sax.getSystemId())
+ .append("]");
builder.append(":").append(sax.getLocalizedMessage());
log.trace(builder.toString());
}
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1152-1154
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1098-1111,1133-1137,1152-1158
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1152-1154
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1152-1158
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1098-1111,1133-1137,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1152-1154
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1098-1110,1152-1158
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1152-1154
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1152-1158
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1098-1110,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1152-1154
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1152-1158
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1098-1134,1152-1154
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1152-1158
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1098-1134,1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1152-1154
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1152-1158
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1095-1096,1152-1154
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1152-1158
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1095-1096,1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1152-1154
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1152-1158
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1095-1096,1152-1154
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1152-1158
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1095-1096,1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1152-1173
Copied: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/config/PropertiesConfigurationProvider.java (from rev 1173, federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/config/PropertiesConfigurationProvider.java)
===================================================================
--- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/config/PropertiesConfigurationProvider.java (rev 0)
+++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/config/PropertiesConfigurationProvider.java 2011-08-11 03:13:45 UTC (rev 1174)
@@ -0,0 +1,104 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.web.config;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Properties;
+
+import org.picketlink.identity.federation.core.ErrorCodes;
+import org.picketlink.identity.federation.core.config.IDPType;
+import org.picketlink.identity.federation.core.config.SPType;
+import org.picketlink.identity.federation.core.config.TrustType;
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.util.StringUtil;
+import org.picketlink.identity.federation.web.util.SAMLConfigurationProvider;
+
+/**
+ * A properties file based {@link SAMLConfigurationProvider}.
+ * For the IDP configuration, a idp_config.properties is expected.
+ * For the SP configuration, a sp_config.properties is expected.
+ *
+ * @author Anil.Saldhana at redhat.com
+ * @since Aug 9, 2011
+ */
+public class PropertiesConfigurationProvider implements SAMLConfigurationProvider
+{
+ public static final String IDP_FILE = "idp_config.properties";
+
+ public static final String SP_FILE = "sp_config.properties";
+
+ public IDPType getIDPConfiguration() throws ProcessingException
+ {
+ InputStream is = SecurityActions.loadStream(getClass(), IDP_FILE);
+ if (is == null)
+ throw new IllegalStateException(ErrorCodes.NULL_VALUE + IDP_FILE);
+ Properties props = new Properties();
+ try
+ {
+ props.load(is);
+ }
+ catch (IOException e)
+ {
+ throw new ProcessingException(e);
+ }
+ IDPType idp = new IDPType();
+ idp.setIdentityURL(props.getProperty("idp.url"));
+ String domains = props.getProperty("domains");
+ if (StringUtil.isNotNull(domains))
+ {
+ TrustType trustType = new TrustType();
+ trustType.setDomains(domains);
+ idp.setTrust(trustType);
+ }
+
+ return idp;
+ }
+
+ public SPType getSPConfiguration() throws ProcessingException
+ {
+ InputStream is = SecurityActions.loadStream(getClass(), SP_FILE);
+ if (is == null)
+ throw new IllegalStateException(ErrorCodes.NULL_VALUE + SP_FILE);
+ Properties props = new Properties();
+ try
+ {
+ props.load(is);
+ }
+ catch (IOException e)
+ {
+ throw new ProcessingException(e);
+ }
+ SPType sp = new SPType();
+ sp.setIdentityURL(props.getProperty("idp.url"));
+ sp.setServiceURL("service.url");
+ String domains = props.getProperty("domains");
+ if (StringUtil.isNotNull(domains))
+ {
+ TrustType trustType = new TrustType();
+ trustType.setDomains(domains);
+ sp.setTrust(trustType);
+ }
+
+ return sp;
+ }
+}
\ No newline at end of file
Copied: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/config/SecurityActions.java (from rev 1173, federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/config/SecurityActions.java)
===================================================================
--- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/config/SecurityActions.java (rev 0)
+++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/config/SecurityActions.java 2011-08-11 03:13:45 UTC (rev 1174)
@@ -0,0 +1,88 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.web.config;
+
+import java.io.InputStream;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana at redhat.com
+ * @since Dec 9, 2008
+ */
+class SecurityActions
+{
+ static InputStream loadStream(final Class<?> theClass, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<InputStream>()
+ {
+ public InputStream run()
+ {
+ ClassLoader classLoader = theClass.getClassLoader();
+ InputStream is = classLoader.getResourceAsStream(fqn);
+ if (is == null)
+ {
+ is = Thread.currentThread().getContextClassLoader().getResourceAsStream(fqn);
+ }
+ return is;
+ }
+ });
+ }
+
+ static Class<?> loadClass(final Class<?> theClass, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
+ {
+ public Class<?> run()
+ {
+ ClassLoader classLoader = theClass.getClassLoader();
+
+ Class<?> clazz = loadClass(classLoader, fqn);
+ if (clazz == null)
+ {
+ classLoader = Thread.currentThread().getContextClassLoader();
+ clazz = loadClass(classLoader, fqn);
+ }
+ return clazz;
+ }
+ });
+ }
+
+ static Class<?> loadClass(final ClassLoader cl, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
+ {
+ public Class<?> run()
+ {
+ try
+ {
+ return cl.loadClass(fqn);
+ }
+ catch (ClassNotFoundException e)
+ {
+ }
+ return null;
+ }
+ });
+ }
+}
\ No newline at end of file
Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java
===================================================================
--- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java 2011-08-11 02:49:53 UTC (rev 1173)
+++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java 2011-08-11 03:13:45 UTC (rev 1174)
@@ -48,6 +48,8 @@
String CONFIG_FILE_LOCATION = "/WEB-INF/picketlink-idfed.xml";
+ String CONFIG_PROVIDER = "CONFIG_PROVIDER";
+
String LOCAL_LOGOUT = "LLO";
String GLOBAL_LOGOUT = "GLO";
@@ -70,13 +72,13 @@
String NAMEID_FORMAT = "NAMEID_FORMAT";
- String PRINCIPAL_ID = "jboss_identity.principal";
+ String PRINCIPAL_ID = "picketlink.principal";
String RELAY_STATE = "RelayState";
String ROLES = "ROLES";
- String ROLES_ID = "jboss_identity.roles";
+ String ROLES_ID = "picketlink.roles";
String ROLE_GENERATOR = "ROLE_GENERATOR";
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1152-1154
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1152-1158
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1152-1154
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1138-1141,1152-1158
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1138-1141,1152-1173
Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/filters/SPFilter.java
===================================================================
--- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/filters/SPFilter.java 2011-08-11 02:49:53 UTC (rev 1173)
+++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/filters/SPFilter.java 2011-08-11 03:13:45 UTC (rev 1174)
@@ -163,7 +163,7 @@
HttpSession session = request.getSession();
- Principal userPrincipal = (Principal) session.getAttribute(GeneralConstants.PRINCIPAL_ID);;
+ Principal userPrincipal = (Principal) session.getAttribute(GeneralConstants.PRINCIPAL_ID);
String samlRequest = request.getParameter(GeneralConstants.SAML_REQUEST_KEY);
String samlResponse = request.getParameter(GeneralConstants.SAML_RESPONSE_KEY);
@@ -358,9 +358,8 @@
}
catch (Exception e)
{
- if (trace)
- log.trace("Server Exception:", e);
- throw new ServletException(ErrorCodes.SERVICE_PROVIDER_SERVER_EXCEPTION + "Server Exception");
+ log.error("Server Exception:", e);
+ throw new ServletException(ErrorCodes.SERVICE_PROVIDER_SERVER_EXCEPTION);
}
}
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/handlers/saml2
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1152-1154
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1152-1158
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1152-1154
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1144-1147,1152-1158
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1144-1147,1152-1173
Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
===================================================================
--- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2011-08-11 02:49:53 UTC (rev 1173)
+++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2011-08-11 03:13:45 UTC (rev 1174)
@@ -87,12 +87,13 @@
* </p>
* <p>
* Configuration Options:
+ * @see SAML2Handler#CLOCK_SKEW_MILIS: a milisecond value sets a skew for checking the validity of assertion (SP Setting)
* @see SAML2Handler#DISABLE_AUTHN_STATEMENT Setting a value will disable the generation of an AuthnStatement (IDP Setting)
* @see SAML2Handler#DISABLE_SENDING_ROLES Setting any value will disable the generation and return of roles to SP (IDP Setting)
* @see SAML2Handler#DISABLE_ROLE_PICKING Setting to true will disable picking IDP attribute statements (SP Setting)
* @see SAML2Handler#ROLE_KEY a csv list of strings that represent the roles coming from IDP (SP Setting)
* @see GeneralConstants#NAMEID_FORMAT Setting to a value will provide the nameid format to be sent to IDP (SP Setting)
- * @see SAML2Handler#ASSERTION_CONSUMER_URL: the url to be used for assertionConsumerURL
+ * @see SAML2Handler#ASSERTION_CONSUMER_URL: the url to be used for assertionConsumerURL (SP Setting)
* </p>
*
* @author Anil.Saldhana at redhat.com
@@ -460,7 +461,14 @@
boolean expiredAssertion;
try
{
- expiredAssertion = AssertionUtil.hasExpired(assertion);
+ String skew = (String) handlerConfig.getParameter(SAML2Handler.CLOCK_SKEW_MILIS);
+ if (StringUtil.isNotNull(skew))
+ {
+ long skewMilis = Long.parseLong(skew);
+ expiredAssertion = AssertionUtil.hasExpired(assertion, skewMilis);
+ }
+ else
+ expiredAssertion = AssertionUtil.hasExpired(assertion);
}
catch (ConfigurationException e)
{
Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java
===================================================================
--- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java 2011-08-11 02:49:53 UTC (rev 1173)
+++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java 2011-08-11 03:13:45 UTC (rev 1174)
@@ -91,6 +91,7 @@
import org.picketlink.identity.federation.web.util.IDPWebRequestUtil;
import org.picketlink.identity.federation.web.util.IDPWebRequestUtil.WebRequestUtilHolder;
import org.picketlink.identity.federation.web.util.RedirectBindingSignatureUtil;
+import org.picketlink.identity.federation.web.util.SAMLConfigurationProvider;
import org.w3c.dom.Document;
/**
@@ -147,18 +148,44 @@
super.init(config);
String configFile = GeneralConstants.CONFIG_FILE_LOCATION;
+ String configProviderStr = config.getInitParameter(GeneralConstants.CONFIG_PROVIDER);
+ if (StringUtil.isNotNull(configProviderStr))
+ {
+ Class<?> clazz = SecurityActions.loadClass(getClass(), configProviderStr);
+ if (clazz == null)
+ throw new RuntimeException(ErrorCodes.CLASS_NOT_LOADED + configProviderStr);
+ try
+ {
+ idpConfiguration = ((SAMLConfigurationProvider) clazz.newInstance()).getIDPConfiguration();
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(ErrorCodes.PROCESSING_EXCEPTION, e);
+ }
+ }
context = config.getServletContext();
- InputStream is = context.getResourceAsStream(configFile);
- if (is == null)
- throw new RuntimeException(ErrorCodes.RESOURCE_NOT_FOUND + configFile + " missing");
+ if (idpConfiguration == null)
+ {
+ InputStream is = context.getResourceAsStream(configFile);
+ if (is == null)
+ throw new RuntimeException(ErrorCodes.RESOURCE_NOT_FOUND + configFile + " missing");
+ try
+ {
+ idpConfiguration = ConfigurationUtil.getIDPConfiguration(is);
+ }
+ catch (ParsingException e)
+ {
+ throw new RuntimeException(ErrorCodes.PROCESSING_EXCEPTION, e);
+ }
+ }
+
//Get the chain from config
chain = new DefaultSAML2HandlerChain();
try
{
- idpConfiguration = ConfigurationUtil.getIDPConfiguration(is);
this.identityURL = idpConfiguration.getIdentityURL();
log.trace("Identity Provider URL=" + this.identityURL);
this.assertionValidity = idpConfiguration.getAssertionValidity();
Copied: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/util/SAMLConfigurationProvider.java (from rev 1173, federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/SAMLConfigurationProvider.java)
===================================================================
--- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/util/SAMLConfigurationProvider.java (rev 0)
+++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/util/SAMLConfigurationProvider.java 2011-08-11 03:13:45 UTC (rev 1174)
@@ -0,0 +1,48 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.web.util;
+
+import org.picketlink.identity.federation.core.config.IDPType;
+import org.picketlink.identity.federation.core.config.SPType;
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+
+/**
+ * Returns configuration for an IDP or SP
+ * @author Anil.Saldhana at redhat.com
+ * @since Aug 9, 2011
+ */
+public interface SAMLConfigurationProvider
+{
+ /**
+ * Get the {@link IDPType} configuration
+ * @return
+ * @throws ProcessingException
+ */
+ IDPType getIDPConfiguration() throws ProcessingException;
+
+ /**
+ * Get the {@l SPType} configuration
+ * @return
+ * @throws ProcessingException
+ */
+ SPType getSPConfiguration() throws ProcessingException;
+}
\ No newline at end of file
Property changes on: product/trunk/picketlink-core/src/test/java/org/picketlink
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-fed-core/src/test/java/org/picketlink:1152-1154
+ /federation/trunk/picketlink-fed-core/src/test/java/org/picketlink:1152-1154,1159-1173
Property changes on: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java:1109-1137
/federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java:1152-1154
+ /federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java:1109-1137
/federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java:1152-1154,1159-1173
Property changes on: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml:1098-1110,1152-1154
+ /federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml:1098-1110,1152-1154,1159-1173
Modified: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/util/AssertionUtilUnitTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/util/AssertionUtilUnitTestCase.java 2011-08-11 02:49:53 UTC (rev 1173)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/util/AssertionUtilUnitTestCase.java 2011-08-11 03:13:45 UTC (rev 1174)
@@ -22,6 +22,7 @@
package org.picketlink.test.identity.federation.core.saml.v2.util;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
@@ -91,6 +92,28 @@
}
@Test
+ public void testExpiredAssertionWithClockSkew() throws Exception
+ {
+ NameIDType nameIdType = new NameIDType();
+ nameIdType.setValue("somename");
+
+ AssertionType assertion = new AssertionType("SomeID", XMLTimeUtil.getIssueInstant());
+ assertion.setIssuer(nameIdType);
+
+ XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant();
+
+ XMLGregorianCalendar sometimeAgo = XMLTimeUtil.subtract(now, 55555);
+
+ ConditionsType conditions = new ConditionsType();
+ conditions.setNotBefore(XMLTimeUtil.subtract(now, 55575));
+ conditions.setNotOnOrAfter(sometimeAgo);
+ assertion.setConditions(conditions);
+
+ assertFalse(AssertionUtil.hasExpired(assertion, 60000));
+ assertTrue(AssertionUtil.hasExpired(assertion, 600));
+ }
+
+ @Test
public void testRoleExtraction() throws Exception
{
String file = "parser/saml2/saml2-response-assertion-subject.xml";
More information about the jboss-cvs-commits
mailing list