[jboss-cvs] Picketlink SVN: r815 - in federation/trunk: picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants and 2 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Mar 15 15:09:44 EDT 2011
Author: anil.saldhana at jboss.com
Date: 2011-03-15 15:09:44 -0400 (Tue, 15 Mar 2011)
New Revision: 815
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/StatementUtil.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AttributeHandler.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/saml/handlers/SAML2AttributeHandlerUnitTestCase.java
Log:
PLFED-159: saml attribute handler on sp side should populate the http session with idp passed attributes
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/StatementUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/StatementUtil.java 2011-03-15 17:22:40 UTC (rev 814)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/StatementUtil.java 2011-03-15 19:09:44 UTC (rev 815)
@@ -124,7 +124,11 @@
att.setFriendlyName(key);
}
else
- throw new RuntimeException("Unknown:" + key);
+ {
+ att = new AttributeType(key);
+ att.setFriendlyName(key);
+ att.setNameFormat(JBossSAMLURIConstants.ATTRIBUTE_FORMAT_URI.get());
+ }
att.addAttributeValue(value);
attrStatement.addAttribute(new ASTChoiceType(att));
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java 2011-03-15 17:22:40 UTC (rev 814)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java 2011-03-15 19:09:44 UTC (rev 815)
@@ -88,6 +88,8 @@
String SIGN_OUTGOING_MESSAGES = "SIGN_OUTGOING_MESSAGES";
+ String SESSION_ATTRIBUTE_MAP = "SESSION_ATTRIBUTE_MAP";
+
String USERNAME_FIELD = "JBID_USERNAME";
String PASS_FIELD = "JBID_PASSWORD";
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AttributeHandler.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AttributeHandler.java 2011-03-15 17:22:40 UTC (rev 814)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AttributeHandler.java 2011-03-15 19:09:44 UTC (rev 815)
@@ -20,12 +20,13 @@
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.picketlink.identity.federation.web.handlers.saml2;
-
import java.security.Principal;
import java.util.ArrayList;
+import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.Set;
import javax.servlet.http.HttpSession;
@@ -38,7 +39,12 @@
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerChainConfig;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerConfig;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
-import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
+import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.StatementAbstractType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.LogoutRequestType;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
import org.picketlink.identity.federation.web.core.HTTPContext;
@@ -49,24 +55,26 @@
* @since Oct 12, 2009
*/
public class SAML2AttributeHandler extends BaseSAML2Handler
-{
+{
private static Logger log = Logger.getLogger(SAML2AttributeHandler.class);
- private boolean trace = log.isTraceEnabled();
-
- protected AttributeManager attribManager = new EmptyAttributeManager();
+
+ private final boolean trace = log.isTraceEnabled();
+
+ protected AttributeManager attribManager = new EmptyAttributeManager();
+
protected List<String> attributeKeys = new ArrayList<String>();
-
+
@Override
public void initChainConfig(SAML2HandlerChainConfig handlerChainConfig) throws ConfigurationException
{
super.initChainConfig(handlerChainConfig);
Object config = this.handlerChainConfig.getParameter(GeneralConstants.CONFIGURATION);
- if(config instanceof IDPType)
+ if (config instanceof IDPType)
{
IDPType idpType = (IDPType) config;
String attribStr = idpType.getAttributeManager();
insantiateAttributeManager(attribStr);
- }
+ }
}
@SuppressWarnings("unchecked")
@@ -74,11 +82,11 @@
public void initHandlerConfig(SAML2HandlerConfig handlerConfig) throws ConfigurationException
{
super.initHandlerConfig(handlerConfig);
-
+
String attribStr = (String) this.handlerConfig.getParameter(GeneralConstants.ATTIBUTE_MANAGER);
this.insantiateAttributeManager(attribStr);
List<String> ak = (List<String>) this.handlerConfig.getParameter(GeneralConstants.ATTRIBUTE_KEYS);
- if(ak != null)
+ if (ak != null)
this.attributeKeys.addAll(ak);
}
@@ -86,42 +94,83 @@
public void handleRequestType(SAML2HandlerRequest request, SAML2HandlerResponse response) throws ProcessingException
{
//Do not handle log out request interaction
- if(request.getSAML2Object() instanceof LogoutRequestType)
- return ;
-
+ if (request.getSAML2Object() instanceof LogoutRequestType)
+ return;
+
//only handle IDP side
- if(getType() == HANDLER_TYPE.SP)
+ if (getType() == HANDLER_TYPE.SP)
return;
-
+
HTTPContext httpContext = (HTTPContext) request.getContext();
HttpSession session = httpContext.getRequest().getSession(false);
-
+
Principal userPrincipal = (Principal) session.getAttribute(GeneralConstants.PRINCIPAL_ID);
Map<String, Object> attribs = (Map<String, Object>) session.getAttribute(GeneralConstants.ATTRIBUTES);
- if(attribs == null)
- {
+ if (attribs == null)
+ {
attribs = this.attribManager.getAttributes(userPrincipal, attributeKeys);
session.setAttribute(GeneralConstants.ATTRIBUTES, attribs);
- }
- }
-
- private void insantiateAttributeManager(String attribStr)
- throws ConfigurationException
+ }
+ }
+
+ @Override
+ public void handleStatusResponseType(SAML2HandlerRequest request, SAML2HandlerResponse response)
+ throws ProcessingException
{
- if(attribStr != null && !"".equals(attribStr))
+ //only handle SP side
+ if (getType() == HANDLER_TYPE.IDP)
+ return;
+ handleIDPResponse(request);
+ }
+
+ private void insantiateAttributeManager(String attribStr) throws ConfigurationException
+ {
+ if (attribStr != null && !"".equals(attribStr))
{
ClassLoader tcl = SecurityActions.getContextClassLoader();
try
{
attribManager = (AttributeManager) tcl.loadClass(attribStr).newInstance();
- if(trace)
+ if (trace)
log.trace("AttributeManager set to " + this.attribManager);
}
catch (Exception e)
{
- log.error("Exception initializing attribute manager:",e);
- throw new ConfigurationException();
- }
- }
+ log.error("Exception initializing attribute manager:", e);
+ throw new ConfigurationException();
+ }
+ }
}
+
+ @SuppressWarnings("unchecked")
+ protected void handleIDPResponse(SAML2HandlerRequest request)
+ {
+ HTTPContext httpContext = (HTTPContext) request.getContext();
+ HttpSession session = httpContext.getRequest().getSession(false);
+
+ AssertionType assertion = (AssertionType) request.getOptions().get(GeneralConstants.ASSERTION);
+ if (assertion == null)
+ throw new RuntimeException("Assertion not found in the handler request");
+ Set<StatementAbstractType> statements = assertion.getStatements();
+ for (StatementAbstractType statement : statements)
+ {
+ if (statement instanceof AttributeStatementType)
+ {
+ AttributeStatementType attrStat = (AttributeStatementType) statement;
+ List<ASTChoiceType> attrs = attrStat.getAttributes();
+ for (ASTChoiceType attrChoice : attrs)
+ {
+ AttributeType attr = attrChoice.getAttribute();
+ Map<String, Object> attrMap = (Map<String, Object>) session
+ .getAttribute(GeneralConstants.SESSION_ATTRIBUTE_MAP);
+ if (attrMap == null)
+ {
+ attrMap = new HashMap<String, Object>();
+ session.setAttribute(GeneralConstants.SESSION_ATTRIBUTE_MAP, attrMap);
+ }
+ attrMap.put(attr.getFriendlyName(), attr.getAttributeValue());
+ }
+ }
+ }
+ }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2011-03-15 17:22:40 UTC (rev 814)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2011-03-15 19:09:44 UTC (rev 815)
@@ -374,6 +374,8 @@
assertion = assertions.get(0).getAssertion();
}
+ request.addOption(GeneralConstants.ASSERTION, assertion);
+
Principal userPrincipal = handleSAMLResponse(responseType, response);
if (userPrincipal == null)
{
Modified: federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/saml/handlers/SAML2AttributeHandlerUnitTestCase.java
===================================================================
--- federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/saml/handlers/SAML2AttributeHandlerUnitTestCase.java 2011-03-15 17:22:40 UTC (rev 814)
+++ federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/saml/handlers/SAML2AttributeHandlerUnitTestCase.java 2011-03-15 19:09:44 UTC (rev 815)
@@ -21,16 +21,21 @@
*/
package org.picketlink.test.identity.federation.web.saml.handlers;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
import java.security.Principal;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
-import junit.framework.TestCase;
-
+import org.junit.Test;
import org.picketlink.identity.federation.core.config.IDPType;
+import org.picketlink.identity.federation.core.config.SPType;
import org.picketlink.identity.federation.core.interfaces.AttributeManager;
+import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
import org.picketlink.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
import org.picketlink.identity.federation.core.saml.v2.constants.X500SAMLProfileConstants;
import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerChainConfig;
@@ -42,6 +47,10 @@
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerConfig;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
+import org.picketlink.identity.federation.core.saml.v2.util.StatementUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType;
import org.picketlink.identity.federation.saml.v2.SAML2Object;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
import org.picketlink.identity.federation.web.core.HTTPContext;
@@ -56,13 +65,14 @@
* @author Anil.Saldhana at redhat.com
* @since Oct 12, 2009
*/
-public class SAML2AttributeHandlerUnitTestCase extends TestCase
+public class SAML2AttributeHandlerUnitTestCase
{
private static String name = "anil";
private static String email = "anil at test";
@SuppressWarnings("unchecked")
+ @Test
public void testAttributes() throws Exception
{
SAML2AttributeHandler handler = new SAML2AttributeHandler();
@@ -111,6 +121,59 @@
assertEquals(email, attribs.get(X500SAMLProfileConstants.EMAIL.getFriendlyName()));
}
+ @SuppressWarnings("unchecked")
+ @Test
+ public void testAttribsOnSP() throws Exception
+ {
+ SAML2AttributeHandler handler = new SAML2AttributeHandler();
+
+ SAML2HandlerChainConfig chainConfig = new DefaultSAML2HandlerChainConfig();
+ SAML2HandlerConfig handlerConfig = new DefaultSAML2HandlerConfig();
+
+ Map<String, Object> chainOptions = new HashMap<String, Object>();
+ SPType spType = new SPType();
+ chainOptions.put(GeneralConstants.CONFIGURATION, spType);
+ chainConfig.set(chainOptions);
+
+ //Initialize the handler
+ handler.initChainConfig(chainConfig);
+ handler.initHandlerConfig(handlerConfig);
+
+ //Create a Protocol Context
+ MockHttpSession session = new MockHttpSession();
+ MockServletContext servletContext = new MockServletContext();
+ MockHttpServletRequest servletRequest = new MockHttpServletRequest(session, "POST");
+ MockHttpServletResponse servletResponse = new MockHttpServletResponse();
+ HTTPContext httpContext = new HTTPContext(servletRequest, servletResponse, servletContext);
+
+ SAML2Object saml2Object = new SAML2Object()
+ {
+ };
+
+ SAMLDocumentHolder docHolder = new SAMLDocumentHolder(saml2Object, null);
+ IssuerInfoHolder issuerInfo = new IssuerInfoHolder("http://localhost:8080/idp/");
+ SAML2HandlerRequest request = new DefaultSAML2HandlerRequest(httpContext, issuerInfo.getIssuer(), docHolder,
+ SAML2Handler.HANDLER_TYPE.IDP);
+ SAML2HandlerResponse response = new DefaultSAML2HandlerResponse();
+
+ AssertionType assertion = new AssertionType(IDGenerator.create("ID_"), XMLTimeUtil.getIssueInstant(),
+ JBossSAMLConstants.VERSION_2_0.get());
+
+ Map<String, Object> myattr = new HashMap<String, Object>();
+ myattr.put("testKey", "hello");
+ AttributeStatementType attState = StatementUtil.createAttributeStatement(myattr);
+ assertion.addStatement(attState);
+
+ request.addOption(GeneralConstants.ASSERTION, assertion);
+ handler.handleStatusResponseType(request, response);
+
+ Map<String, Object> sessionMap = (Map<String, Object>) session
+ .getAttribute(GeneralConstants.SESSION_ATTRIBUTE_MAP);
+ assertNotNull(sessionMap);
+ List<Object> values = (List<Object>) sessionMap.get("testKey");
+ assertEquals("hello", values.get(0));
+ }
+
public static class TestAttributeManager implements AttributeManager
{
public Map<String, Object> getAttributes(Principal userPrincipal, List<String> attributeKeys)
More information about the jboss-cvs-commits
mailing list