[jboss-cvs] Picketlink SVN: r974 - trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Mon Jun 6 18:10:38 EDT 2011 

Author: anil.saldhana at jboss.com
Date: 2011-06-06 18:10:38 -0400 (Mon, 06 Jun 2011)
New Revision: 974

Added:
   trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/SAMLRoleLoginModule.java
Log:
add a role extracting LM

Added: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/SAMLRoleLoginModule.java
===================================================================
--- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/SAMLRoleLoginModule.java	                        (rev 0)
+++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/SAMLRoleLoginModule.java	2011-06-06 22:10:38 UTC (rev 974)
@@ -0,0 +1,115 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors. 
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.trust.jbossws.jaas;
+
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.SimpleGroup;
+import org.jboss.security.SimplePrincipal;
+import org.jboss.security.auth.spi.AbstractServerLoginModule;
+import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
+import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.wstrust.SamlCredential;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
+import org.w3c.dom.Element;
+
+/**
+ * A login module that extracts the roles from the SAML assertion 
+ * that has been set in the Subject. This module is always a follow up
+ * to other modules such as {@code JBWSTokenIssuingLoginModule}
+ * @author Anil.Saldhana at redhat.com
+ * @since Jun 6, 2011
+ */
+public class SAMLRoleLoginModule extends AbstractServerLoginModule
+{  
+   protected Subject theSubject = null;
+   
+   @Override
+   public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
+         Map<String, ?> options)
+   { 
+      super.initialize(subject, callbackHandler, sharedState, options);
+      theSubject = subject;
+   }
+
+   @Override
+   protected Principal getIdentity()
+   { 
+      Set<Principal> principals = subject.getPrincipals();
+      for(Principal p: principals)
+      {
+         if(!(p instanceof Group))
+         {
+            return p;
+         }
+      }
+      throw new RuntimeException("Unable to get the Identity from the subject");
+   }
+
+   @SuppressWarnings("static-access")
+   @Override
+   protected Group[] getRoleSets() throws LoginException
+   {
+      //Get the SAML Assertion
+      SamlCredential samlCredential = null;
+      Set<Object> creds = subject.getPublicCredentials();
+      for(Object cred: creds)
+      {
+         if( cred instanceof SamlCredential)
+         {
+            samlCredential = (SamlCredential) cred;
+            break;
+         } 
+      }
+      if( samlCredential == null)
+         throw new RuntimeException("SAML Credential not found in the subject");
+      
+      try
+      {
+         DocumentUtil util = new DocumentUtil();
+         Element assertionEl = samlCredential.getAssertionAsElement();
+         SAMLParser parser = new SAMLParser();
+         AssertionType assertion = (AssertionType) parser.parse(util.getNodeAsStream(assertionEl));
+         List<String> roles = AssertionUtil.getRoles(assertion, null);
+         Group roleGroup = new SimpleGroup(SecurityConstants.ROLES_IDENTIFIER);
+         for(String role: roles)
+         {
+            roleGroup.addMember(new SimplePrincipal(role));
+         }
+         return new Group[] { roleGroup};
+      }
+      catch (Exception e)
+      { 
+         throw new RuntimeException(e);
+      }
+   }
+}
\ No newline at end of file

More information about the jboss-cvs-commits mailing list