[jboss-cvs] Picketlink SVN: r1067 - in federation/trunk: picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/interfaces and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Jul 6 10:45:20 EDT 2011
Author: anil.saldhana at jboss.com
Date: 2011-07-06 10:45:20 -0400 (Wed, 06 Jul 2011)
New Revision: 1067
Modified:
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/interfaces/SecurityTokenProvider.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11ResponseParser.java
Log:
PLFED-189:
Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2011-07-06 14:44:27 UTC (rev 1066)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2011-07-06 14:45:20 UTC (rev 1067)
@@ -23,6 +23,8 @@
import static org.picketlink.identity.federation.core.util.StringUtil.isNotNull;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
@@ -38,6 +40,7 @@
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
+import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletResponse;
import javax.xml.crypto.dsig.CanonicalizationMethod;
@@ -68,6 +71,10 @@
import org.picketlink.identity.federation.core.interfaces.TrustKeyConfigurationException;
import org.picketlink.identity.federation.core.interfaces.TrustKeyManager;
import org.picketlink.identity.federation.core.interfaces.TrustKeyProcessingException;
+import org.picketlink.identity.federation.core.saml.v1.SAML11Constants;
+import org.picketlink.identity.federation.core.saml.v1.SAML11ProtocolContext;
+import org.picketlink.identity.federation.core.saml.v1.writers.SAML11ResponseWriter;
+import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
import org.picketlink.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.picketlink.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
@@ -82,12 +89,19 @@
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerChainConfig;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
+import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.saml.v2.util.HandlerUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
import org.picketlink.identity.federation.core.util.CoreConfigUtil;
+import org.picketlink.identity.federation.core.util.StaxUtil;
import org.picketlink.identity.federation.core.util.StringUtil;
import org.picketlink.identity.federation.core.util.SystemPropertiesUtil;
import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11AssertionType;
+import org.picketlink.identity.federation.saml.v1.protocol.SAML11ResponseType;
+import org.picketlink.identity.federation.saml.v1.protocol.SAML11StatusType;
import org.picketlink.identity.federation.saml.v2.SAML2Object;
import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType;
import org.picketlink.identity.federation.saml.v2.protocol.StatusResponseType;
@@ -341,7 +355,20 @@
else
{
//TODO: PLFED-193
- log.error("No SAML Request or Response Message");
+ String target = request.getParameter(SAML11Constants.TARGET);
+ if (isNotNull(target))
+ {
+ //We have SAML 1.1 IDP first scenario. Now we need to create a SAMLResponse and send back
+ //to SP as per target
+ handleSAML11(webRequestUtil, request, response);
+ }
+ else
+ {
+ //Send it to the hosted page
+ RequestDispatcher dispatch = request.getRequestDispatcher("/hosted/");
+ dispatch.forward(request, response);
+ }
+ /*log.error("No SAML Request or Response Message");
if (trace)
log.trace("Referer=" + referer);
@@ -353,9 +380,57 @@
{
if (trace)
log.trace(e);
+ }*/
+ }
+ }
+ }
+
+ protected void handleSAML11(IDPWebRequestUtil webRequestUtil, Request request, Response response)
+ throws ServletException, IOException
+ {
+ try
+ {
+ String target = request.getParameter(SAML11Constants.TARGET);
+
+ Session session = request.getSessionInternal();
+ SAML11AssertionType saml11Assertion = (SAML11AssertionType) session.getNote("SAML11");
+ if (saml11Assertion == null)
+ {
+ SAML11ProtocolContext saml11Protocol = new SAML11ProtocolContext();
+ PicketLinkCoreSTS.instance().issueToken(saml11Protocol);
+ saml11Assertion = saml11Protocol.getIssuedAssertion();
+ session.setNote("SAML11", saml11Assertion);
+
+ if (AssertionUtil.hasExpired(saml11Assertion))
+ {
+ saml11Protocol.setIssuedAssertion(saml11Assertion);
+ PicketLinkCoreSTS.instance().renewToken(saml11Protocol);
+ saml11Assertion = saml11Protocol.getIssuedAssertion();
+ session.setNote("SAML11", saml11Assertion);
}
}
+ //Send it as SAMLResponse
+ String id = IDGenerator.create("ID_");
+ SAML11ResponseType saml11Response = new SAML11ResponseType(id, XMLTimeUtil.getIssueInstant());
+ saml11Response.add(saml11Assertion);
+ saml11Response.setStatus(SAML11StatusType.successType());
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ SAML11ResponseWriter writer = new SAML11ResponseWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(saml11Response);
+
+ Document samlResponse = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray()));
+
+ WebRequestUtilHolder holder = webRequestUtil.getHolder();
+ holder.setResponseDoc(samlResponse).setDestination(target).setRelayState("").setAreWeSendingRequest(false)
+ .setPrivateKey(null).setSupportSignature(false).setServletResponse(response);
+ webRequestUtil.send(holder);
}
+ catch (GeneralSecurityException e)
+ {
+ log.error("Exception handling saml 11 use case:", e);
+ throw new ServletException();
+ }
}
protected void processSAMLRequestMessage(IDPWebRequestUtil webRequestUtil, Request request, Response response)
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/interfaces/SecurityTokenProvider.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/interfaces/SecurityTokenProvider.java 2011-07-06 14:44:27 UTC (rev 1066)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/interfaces/SecurityTokenProvider.java 2011-07-06 14:45:20 UTC (rev 1067)
@@ -26,7 +26,7 @@
import javax.xml.namespace.QName;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
-import org.picketlink.identity.federation.core.wstrust.WSTrustException;
+import org.picketlink.identity.federation.core.wstrust.WSTrustException;
/**
* <p>
@@ -41,11 +41,10 @@
* An enumeration that identifies the family to which
* the security token provider belongs
*/
- public enum FAMILY_TYPE
- {
- SAML2, WS_TRUST,OPENID,OAUTH, CUSTOM;
+ public enum FAMILY_TYPE {
+ SAML2, SAML11, WS_TRUST, OPENID, OAUTH, CUSTOM;
}
-
+
/**
* <p>
* Initializes the {@code SecurityTokenProvider} using the specified properties map.
@@ -55,27 +54,26 @@
* this {@code SecurityTokenProvider}.
*/
public void initialize(Map<String, String> properties);
-
+
/**
* Specify whether this token provider supports a particular namespace
* @param namespace a string value representing a namespace
* @return
*/
- public boolean supports( String namespace );
-
+ public boolean supports(String namespace);
+
/**
* Token Type
* @return
*/
public String tokenType();
-
+
/**
* Provide an optional {@code QName} for configuration
* @return
*/
public QName getSupportedQName();
-
-
+
/**
* The family where this security token provider belongs
* @see {@code FAMILY_TYPE}}
@@ -92,7 +90,7 @@
* @param context the {@code ProtocolContext} to be used when generating the token.
* @throws WSTrustException if an error occurs while creating the security token.
*/
- public void issueToken( ProtocolContext context) throws ProcessingException;
+ public void issueToken(ProtocolContext context) throws ProcessingException;
/**
* <p>
@@ -103,7 +101,7 @@
* @param context the {@code ProtocolContext} that contains the token to be renewed.
* @throws WSTrustException if an error occurs while renewing the security token.
*/
- public void renewToken( ProtocolContext context) throws ProcessingException;
+ public void renewToken(ProtocolContext context) throws ProcessingException;
/**
* <p>
@@ -114,7 +112,7 @@
* @param context the {@code ProtocolContext} that contains the token to be canceled.
* @throws WSTrustException if an error occurs while canceling the security token.
*/
- public void cancelToken( ProtocolContext context) throws ProcessingException;
+ public void cancelToken(ProtocolContext context) throws ProcessingException;
/**
* <p>
@@ -125,5 +123,5 @@
* @param context the {@code ProtocolContext} that contains the token to be validated.
* @throws WSTrustException if an error occurs while validating the security token.
*/
- public void validateToken( ProtocolContext context) throws ProcessingException;
+ public void validateToken(ProtocolContext context) throws ProcessingException;
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11ResponseParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11ResponseParser.java 2011-07-06 14:44:27 UTC (rev 1066)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11ResponseParser.java 2011-07-06 14:45:20 UTC (rev 1067)
@@ -124,7 +124,7 @@
QName startElementName = startElement.getName();
String elementTag = startElementName.getLocalPart();
- SAML11StatusCodeType statusCode = new SAML11StatusCodeType();
+ SAML11StatusCodeType statusCode = null;
if (JBossSAMLConstants.STATUS_CODE.get().equals(elementTag))
{
@@ -134,7 +134,7 @@
Attribute valueAttr = startElement.getAttributeByName(new QName("Value"));
if (valueAttr != null)
{
- statusCode.setValue(new QName(StaxParserUtil.getAttributeValue(valueAttr)));
+ statusCode = new SAML11StatusCodeType(new QName(StaxParserUtil.getAttributeValue(valueAttr)));
}
status.setStatusCode(statusCode);
@@ -143,12 +143,13 @@
elementTag = startElement.getName().getLocalPart();
if (JBossSAMLConstants.STATUS_CODE.get().equals(elementTag))
{
- SAML11StatusCodeType subStatusCodeType = new SAML11StatusCodeType();
+ SAML11StatusCodeType subStatusCodeType = null;
startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
Attribute subValueAttr = startElement.getAttributeByName(new QName("Value"));
if (subValueAttr != null)
{
- subStatusCodeType.setValue(new QName(StaxParserUtil.getAttributeValue(subValueAttr)));
+ subStatusCodeType = new SAML11StatusCodeType(
+ new QName(StaxParserUtil.getAttributeValue(subValueAttr)));
}
statusCode.setStatusCode(subStatusCodeType);
More information about the jboss-cvs-commits
mailing list