[jboss-cvs] Picketlink SVN: r1067 - in federation/trunk: picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/interfaces and 1 other directories.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Wed Jul 6 10:45:20 EDT 2011


Author: anil.saldhana at jboss.com
Date: 2011-07-06 10:45:20 -0400 (Wed, 06 Jul 2011)
New Revision: 1067

Modified:
   federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
   federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/interfaces/SecurityTokenProvider.java
   federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11ResponseParser.java
Log:
PLFED-189:

Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java	2011-07-06 14:44:27 UTC (rev 1066)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java	2011-07-06 14:45:20 UTC (rev 1067)
@@ -23,6 +23,8 @@
 
 import static org.picketlink.identity.federation.core.util.StringUtil.isNotNull;
 
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
@@ -38,6 +40,7 @@
 import java.util.concurrent.locks.Lock;
 import java.util.concurrent.locks.ReentrantLock;
 
+import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletResponse;
 import javax.xml.crypto.dsig.CanonicalizationMethod;
@@ -68,6 +71,10 @@
 import org.picketlink.identity.federation.core.interfaces.TrustKeyConfigurationException;
 import org.picketlink.identity.federation.core.interfaces.TrustKeyManager;
 import org.picketlink.identity.federation.core.interfaces.TrustKeyProcessingException;
+import org.picketlink.identity.federation.core.saml.v1.SAML11Constants;
+import org.picketlink.identity.federation.core.saml.v1.SAML11ProtocolContext;
+import org.picketlink.identity.federation.core.saml.v1.writers.SAML11ResponseWriter;
+import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
 import org.picketlink.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
 import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
 import org.picketlink.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
@@ -82,12 +89,19 @@
 import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerChainConfig;
 import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
 import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
+import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
 import org.picketlink.identity.federation.core.saml.v2.util.HandlerUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
 import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
 import org.picketlink.identity.federation.core.util.CoreConfigUtil;
+import org.picketlink.identity.federation.core.util.StaxUtil;
 import org.picketlink.identity.federation.core.util.StringUtil;
 import org.picketlink.identity.federation.core.util.SystemPropertiesUtil;
 import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11AssertionType;
+import org.picketlink.identity.federation.saml.v1.protocol.SAML11ResponseType;
+import org.picketlink.identity.federation.saml.v1.protocol.SAML11StatusType;
 import org.picketlink.identity.federation.saml.v2.SAML2Object;
 import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType;
 import org.picketlink.identity.federation.saml.v2.protocol.StatusResponseType;
@@ -341,7 +355,20 @@
          else
          {
             //TODO: PLFED-193
-            log.error("No SAML Request or Response Message");
+            String target = request.getParameter(SAML11Constants.TARGET);
+            if (isNotNull(target))
+            {
+               //We have SAML 1.1 IDP first scenario. Now we need to create a SAMLResponse and send back
+               //to SP as per target
+               handleSAML11(webRequestUtil, request, response);
+            }
+            else
+            {
+               //Send it to the hosted page
+               RequestDispatcher dispatch = request.getRequestDispatcher("/hosted/");
+               dispatch.forward(request, response);
+            }
+            /*log.error("No SAML Request or Response Message");
             if (trace)
                log.trace("Referer=" + referer);
 
@@ -353,9 +380,57 @@
             {
                if (trace)
                   log.trace(e);
+            }*/
+         }
+      }
+   }
+
+   protected void handleSAML11(IDPWebRequestUtil webRequestUtil, Request request, Response response)
+         throws ServletException, IOException
+   {
+      try
+      {
+         String target = request.getParameter(SAML11Constants.TARGET);
+
+         Session session = request.getSessionInternal();
+         SAML11AssertionType saml11Assertion = (SAML11AssertionType) session.getNote("SAML11");
+         if (saml11Assertion == null)
+         {
+            SAML11ProtocolContext saml11Protocol = new SAML11ProtocolContext();
+            PicketLinkCoreSTS.instance().issueToken(saml11Protocol);
+            saml11Assertion = saml11Protocol.getIssuedAssertion();
+            session.setNote("SAML11", saml11Assertion);
+
+            if (AssertionUtil.hasExpired(saml11Assertion))
+            {
+               saml11Protocol.setIssuedAssertion(saml11Assertion);
+               PicketLinkCoreSTS.instance().renewToken(saml11Protocol);
+               saml11Assertion = saml11Protocol.getIssuedAssertion();
+               session.setNote("SAML11", saml11Assertion);
             }
          }
+         //Send it as SAMLResponse
+         String id = IDGenerator.create("ID_");
+         SAML11ResponseType saml11Response = new SAML11ResponseType(id, XMLTimeUtil.getIssueInstant());
+         saml11Response.add(saml11Assertion);
+         saml11Response.setStatus(SAML11StatusType.successType());
+
+         ByteArrayOutputStream baos = new ByteArrayOutputStream();
+         SAML11ResponseWriter writer = new SAML11ResponseWriter(StaxUtil.getXMLStreamWriter(baos));
+         writer.write(saml11Response);
+
+         Document samlResponse = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray()));
+
+         WebRequestUtilHolder holder = webRequestUtil.getHolder();
+         holder.setResponseDoc(samlResponse).setDestination(target).setRelayState("").setAreWeSendingRequest(false)
+               .setPrivateKey(null).setSupportSignature(false).setServletResponse(response);
+         webRequestUtil.send(holder);
       }
+      catch (GeneralSecurityException e)
+      {
+         log.error("Exception handling saml 11 use case:", e);
+         throw new ServletException();
+      }
    }
 
    protected void processSAMLRequestMessage(IDPWebRequestUtil webRequestUtil, Request request, Response response)

Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/interfaces/SecurityTokenProvider.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/interfaces/SecurityTokenProvider.java	2011-07-06 14:44:27 UTC (rev 1066)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/interfaces/SecurityTokenProvider.java	2011-07-06 14:45:20 UTC (rev 1067)
@@ -26,7 +26,7 @@
 import javax.xml.namespace.QName;
 
 import org.picketlink.identity.federation.core.exceptions.ProcessingException;
-import org.picketlink.identity.federation.core.wstrust.WSTrustException; 
+import org.picketlink.identity.federation.core.wstrust.WSTrustException;
 
 /**
  * <p>
@@ -41,11 +41,10 @@
     * An enumeration that identifies the family to which
     * the security token provider belongs 
     */
-   public enum FAMILY_TYPE
-   {
-      SAML2, WS_TRUST,OPENID,OAUTH, CUSTOM;
+   public enum FAMILY_TYPE {
+      SAML2, SAML11, WS_TRUST, OPENID, OAUTH, CUSTOM;
    }
-   
+
    /**
     * <p>
     * Initializes the {@code SecurityTokenProvider} using the specified properties map.
@@ -55,27 +54,26 @@
     * this {@code SecurityTokenProvider}.
     */
    public void initialize(Map<String, String> properties);
-   
+
    /**
     * Specify whether this token provider supports a particular namespace
     * @param namespace a string value representing a namespace
     * @return
     */
-   public boolean supports( String namespace );
-   
+   public boolean supports(String namespace);
+
    /**
     * Token Type
     * @return
     */
    public String tokenType();
-   
+
    /**
     * Provide an optional {@code QName} for configuration
     * @return
     */
    public QName getSupportedQName();
-   
-   
+
    /**
     * The family where this security token provider belongs
     * @see {@code FAMILY_TYPE}}
@@ -92,7 +90,7 @@
     * @param context the {@code ProtocolContext} to be used when generating the token.
     * @throws WSTrustException if an error occurs while creating the security token.
     */
-   public void issueToken( ProtocolContext context) throws ProcessingException;
+   public void issueToken(ProtocolContext context) throws ProcessingException;
 
    /**
     * <p>
@@ -103,7 +101,7 @@
     * @param context the {@code ProtocolContext} that contains the token to be renewed.
     * @throws WSTrustException if an error occurs while renewing the security token.
     */
-   public void renewToken( ProtocolContext context) throws ProcessingException;
+   public void renewToken(ProtocolContext context) throws ProcessingException;
 
    /**
     * <p>
@@ -114,7 +112,7 @@
     * @param context the {@code ProtocolContext} that contains the token to be canceled.
     * @throws WSTrustException if an error occurs while canceling the security token.
     */
-   public void cancelToken( ProtocolContext context) throws ProcessingException;
+   public void cancelToken(ProtocolContext context) throws ProcessingException;
 
    /**
     * <p>
@@ -125,5 +123,5 @@
     * @param context the {@code ProtocolContext} that contains the token to be validated.
     * @throws WSTrustException if an error occurs while validating the security token.
     */
-   public void validateToken( ProtocolContext context) throws ProcessingException;
+   public void validateToken(ProtocolContext context) throws ProcessingException;
 }
\ No newline at end of file

Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11ResponseParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11ResponseParser.java	2011-07-06 14:44:27 UTC (rev 1066)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11ResponseParser.java	2011-07-06 14:45:20 UTC (rev 1067)
@@ -124,7 +124,7 @@
          QName startElementName = startElement.getName();
          String elementTag = startElementName.getLocalPart();
 
-         SAML11StatusCodeType statusCode = new SAML11StatusCodeType();
+         SAML11StatusCodeType statusCode = null;
 
          if (JBossSAMLConstants.STATUS_CODE.get().equals(elementTag))
          {
@@ -134,7 +134,7 @@
             Attribute valueAttr = startElement.getAttributeByName(new QName("Value"));
             if (valueAttr != null)
             {
-               statusCode.setValue(new QName(StaxParserUtil.getAttributeValue(valueAttr)));
+               statusCode = new SAML11StatusCodeType(new QName(StaxParserUtil.getAttributeValue(valueAttr)));
             }
             status.setStatusCode(statusCode);
 
@@ -143,12 +143,13 @@
             elementTag = startElement.getName().getLocalPart();
             if (JBossSAMLConstants.STATUS_CODE.get().equals(elementTag))
             {
-               SAML11StatusCodeType subStatusCodeType = new SAML11StatusCodeType();
+               SAML11StatusCodeType subStatusCodeType = null;
                startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
                Attribute subValueAttr = startElement.getAttributeByName(new QName("Value"));
                if (subValueAttr != null)
                {
-                  subStatusCodeType.setValue(new QName(StaxParserUtil.getAttributeValue(subValueAttr)));
+                  subStatusCodeType = new SAML11StatusCodeType(
+                        new QName(StaxParserUtil.getAttributeValue(subValueAttr)));
                }
                statusCode.setStatusCode(subStatusCodeType);
 



More information about the jboss-cvs-commits mailing list