[jboss-cvs] Picketlink SVN: r1368 - in federation/trunk/picketlink-web/src: test/java/org/picketlink/test/identity/federation/web/saml/handlers and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Feb 3 11:47:39 EST 2012
Author: anil.saldhana at jboss.com
Date: 2012-02-03 11:47:37 -0500 (Fri, 03 Feb 2012)
New Revision: 1368
Modified:
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2InResponseToVerificationHandler.java
federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/saml/handlers/SAML2InResponseToVerificationHandlerUnitTestCase.java
Log:
warnings removed
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2InResponseToVerificationHandler.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2InResponseToVerificationHandler.java 2012-02-03 15:25:53 UTC (rev 1367)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2InResponseToVerificationHandler.java 2012-02-03 16:47:37 UTC (rev 1368)
@@ -23,6 +23,8 @@
package org.picketlink.identity.federation.web.handlers.saml2;
+import javax.servlet.http.HttpSession;
+
import org.apache.log4j.Logger;
import org.picketlink.identity.federation.core.ErrorCodes;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
@@ -31,8 +33,6 @@
import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
-import javax.servlet.http.HttpSession;
-
/**
* Handler is useful on SP side. It's used for verification that InResponseId from SAML Authentication Response is same
* as ID of previously sent SAML Authentication request
@@ -44,7 +44,7 @@
private static Logger log = Logger.getLogger(SAML2InResponseToVerificationHandler.class);
private final boolean trace = log.isTraceEnabled();
-
+
@Override
public void generateSAMLRequest(SAML2HandlerRequest request, SAML2HandlerResponse response)
throws ProcessingException
@@ -56,7 +56,7 @@
return;
// Determine Id of of request, which is saved into session thanks to SAML2AuthenticationHandler
- String authnRequestId = (String)request.getOptions().get(GeneralConstants.AUTH_REQUEST_ID);
+ String authnRequestId = (String) request.getOptions().get(GeneralConstants.AUTH_REQUEST_ID);
// Save it into session for later use
HttpSession session = BaseSAML2Handler.getHttpSession(request);
@@ -67,15 +67,15 @@
log.trace("ID of authentication request " + authnRequestId + " saved into HTTP session.");
}
}
-
- @Override
+
public void handleRequestType(SAML2HandlerRequest request, SAML2HandlerResponse response) throws ProcessingException
- {
+ {
}
@Override
- public void handleStatusResponseType(SAML2HandlerRequest request, SAML2HandlerResponse response) throws ProcessingException
- {
+ public void handleStatusResponseType(SAML2HandlerRequest request, SAML2HandlerResponse response)
+ throws ProcessingException
+ {
if (request.getSAML2Object() instanceof ResponseType == false)
return;
@@ -85,14 +85,14 @@
// Obtain inResponseTo ID from Authentication response
ResponseType responseType = (ResponseType) request.getSAML2Object();
String inResponseTo = responseType.getInResponseTo();
-
+
// Obtain ID from session, which was saved before sending AuthnRequest
HttpSession session = BaseSAML2Handler.getHttpSession(request);
- String authnRequestId = (String)session.getAttribute(GeneralConstants.AUTH_REQUEST_ID);
-
+ String authnRequestId = (String) session.getAttribute(GeneralConstants.AUTH_REQUEST_ID);
+
// Remove it from session now
session.removeAttribute(GeneralConstants.AUTH_REQUEST_ID);
-
+
// Compare both ID
if (inResponseTo != null && inResponseTo.equals(authnRequestId))
{
@@ -103,7 +103,8 @@
}
else
{
- log.error("Verification of InResponseTo failed. InResponseTo from SAML response is " + inResponseTo + ". Value of request Id from HTTP session is " + authnRequestId);
+ log.error("Verification of InResponseTo failed. InResponseTo from SAML response is " + inResponseTo
+ + ". Value of request Id from HTTP session is " + authnRequestId);
throw new ProcessingException(ErrorCodes.AUTHN_REQUEST_ID_VERIFICATION_FAILED);
}
}
Modified: federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/saml/handlers/SAML2InResponseToVerificationHandlerUnitTestCase.java
===================================================================
--- federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/saml/handlers/SAML2InResponseToVerificationHandlerUnitTestCase.java 2012-02-03 15:25:53 UTC (rev 1367)
+++ federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/saml/handlers/SAML2InResponseToVerificationHandlerUnitTestCase.java 2012-02-03 16:47:37 UTC (rev 1368)
@@ -23,7 +23,16 @@
package org.picketlink.test.identity.federation.web.saml.handlers;
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.security.Principal;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.http.HttpSession;
+
import junit.framework.TestCase;
+
import org.picketlink.identity.federation.api.saml.v2.response.SAML2Response;
import org.picketlink.identity.federation.core.ErrorCodes;
import org.picketlink.identity.federation.core.config.IDPType;
@@ -44,8 +53,8 @@
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
+import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
-import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
import org.picketlink.identity.federation.web.core.HTTPContext;
import org.picketlink.identity.federation.web.core.IdentityServer;
@@ -58,13 +67,6 @@
import org.picketlink.test.identity.federation.web.mock.MockServletContext;
import org.w3c.dom.Document;
-import javax.servlet.http.HttpSession;
-import java.io.ByteArrayInputStream;
-import java.io.InputStream;
-import java.security.Principal;
-import java.util.HashMap;
-import java.util.Map;
-
/**
* Unit test the {@link org.picketlink.identity.federation.web.handlers.saml2.SAML2InResponseToVerificationHandler}
*
@@ -113,8 +115,6 @@
request.setTypeOfRequestToBeGenerated(SAML2HandlerRequest.GENERATE_REQUEST_TYPE.AUTH);
SAML2HandlerResponse response = new DefaultSAML2HandlerResponse();
-
-
// 2) GENERATE SAML AUTHENTICATION REQUEST
// Generate SAML AuthnRequest with handlers
@@ -127,41 +127,40 @@
AuthnRequestType authnRequest = (AuthnRequestType) parser.parse(DocumentUtil.getNodeAsStream(samlReqDoc));
assertEquals(authnRequest.getID(), servletRequest.getSession().getAttribute(GeneralConstants.AUTH_REQUEST_ID));
-
-
// 3) SEND SAML AUTHENTICATION REQUEST TO IDP
// Generate request and response for IDP
- SAML2HandlerResponse handlerResponseFromIdp = sendRequestToIdp(authnRequest, samlReqDoc, httpContext, handlerConfig);
+ SAML2HandlerResponse handlerResponseFromIdp = sendRequestToIdp(authnRequest, samlReqDoc, httpContext,
+ handlerConfig);
// Parse SAML response from IDP
Document doc2response = handlerResponseFromIdp.getResultingDocument();
- assertNotNull(doc2response);
+ assertNotNull(doc2response);
String responseString = DocumentUtil.asString(doc2response);
-
// 4) PROCESS SAML RESPONSE FROM IDP. VERIFICATION OF InResponseId SHOULD BE SUCCESSFUL
HandlerContext handlerContext = getHandlerRequestAndResponse(httpContext, issuerInfo, responseString);
// Assert that ID from session is not null
- String inResponseIdFromSession = (String)servletRequest.getSession().getAttribute(GeneralConstants.AUTH_REQUEST_ID);
+ String inResponseIdFromSession = (String) servletRequest.getSession().getAttribute(
+ GeneralConstants.AUTH_REQUEST_ID);
assertNotNull(inResponseIdFromSession);
-
+
// Handle response from IDP
authenticationHandler.handleStatusResponseType(handlerContext.request, handlerContext.response);
verificationHandler.handleStatusResponseType(handlerContext.request, handlerContext.response);
-
+
// Verify that Id is not in session anymore. Becaue it was removed by SAML2ResponseIdVerificationHandler
assertNull(servletRequest.getSession().getAttribute(GeneralConstants.AUTH_REQUEST_ID));
-
-
// 5) CHANGE InResponseId IN SAML RESPONSE. VALIDATION MUST FAIL NOW.
// Change InResponseId
- String responseStringChangedId = responseString.replaceAll("InResponseTo=\"" + inResponseIdFromSession + "\"", "InResponseTo=\"ID_101dcb5e-f432-4f45-87cb-47daff92edef\"");
- HandlerContext handlerContextChangedId = getHandlerRequestAndResponse(httpContext, issuerInfo, responseStringChangedId);
+ String responseStringChangedId = responseString.replaceAll("InResponseTo=\"" + inResponseIdFromSession + "\"",
+ "InResponseTo=\"ID_101dcb5e-f432-4f45-87cb-47daff92edef\"");
+ HandlerContext handlerContextChangedId = getHandlerRequestAndResponse(httpContext, issuerInfo,
+ responseStringChangedId);
// Set Id to session again as it was removed in previous processing
servletRequest.getSession().setAttribute(GeneralConstants.AUTH_REQUEST_ID, inResponseIdFromSession);
@@ -169,9 +168,11 @@
// Handle response with changed Id. This time it should fail
try
{
- authenticationHandler.handleStatusResponseType(handlerContextChangedId.request, handlerContextChangedId.response);
- verificationHandler.handleStatusResponseType(handlerContextChangedId.request, handlerContextChangedId.response);
-
+ authenticationHandler.handleStatusResponseType(handlerContextChangedId.request,
+ handlerContextChangedId.response);
+ verificationHandler
+ .handleStatusResponseType(handlerContextChangedId.request, handlerContextChangedId.response);
+
fail("Verification of InResponseTo should fail.");
}
catch (ProcessingException pe)
@@ -179,12 +180,13 @@
assertEquals(ErrorCodes.AUTHN_REQUEST_ID_VERIFICATION_FAILED, pe.getMessage());
}
-
// 6) REMOVE InResponseId FROM SAML RESPONSE. VALIDATION MUST FAIL NOW.
// Remove inResponseId
- String responseStringRemovedId = responseString.replaceAll("InResponseTo=\"" + inResponseIdFromSession + "\"", "");
- HandlerContext handlerContextRemovedId = getHandlerRequestAndResponse(httpContext, issuerInfo, responseStringRemovedId);
+ String responseStringRemovedId = responseString
+ .replaceAll("InResponseTo=\"" + inResponseIdFromSession + "\"", "");
+ HandlerContext handlerContextRemovedId = getHandlerRequestAndResponse(httpContext, issuerInfo,
+ responseStringRemovedId);
// Set Id to session again as it was removed in previous processing
servletRequest.getSession().setAttribute(GeneralConstants.AUTH_REQUEST_ID, inResponseIdFromSession);
@@ -192,8 +194,10 @@
// Now handle again response from IDP. This time it should also fail as InResponseTo is null
try
{
- authenticationHandler.handleStatusResponseType(handlerContextRemovedId.request, handlerContextRemovedId.response);
- verificationHandler.handleStatusResponseType(handlerContextRemovedId.request, handlerContextRemovedId.response);
+ authenticationHandler.handleStatusResponseType(handlerContextRemovedId.request,
+ handlerContextRemovedId.response);
+ verificationHandler
+ .handleStatusResponseType(handlerContextRemovedId.request, handlerContextRemovedId.response);
fail("Verification of InResponseTo should fail.");
}
@@ -214,13 +218,13 @@
* @throws Exception
*/
private SAML2HandlerResponse sendRequestToIdp(AuthnRequestType authnRequest, Document samlReqDoc,
- HTTPContext httpContext, SAML2HandlerConfig handlerConfig) throws Exception
+ HTTPContext httpContext, SAML2HandlerConfig handlerConfig) throws Exception
{
// Generate handler request and handler response for IDP
IssuerInfoHolder issuerInfo = new IssuerInfoHolder("http://localhost:8080/idp/");
SAMLDocumentHolder docHolder = new SAMLDocumentHolder(authnRequest, samlReqDoc);
- SAML2HandlerRequest idpHandlerRequest = new DefaultSAML2HandlerRequest(httpContext, issuerInfo.getIssuer(), docHolder,
- SAML2Handler.HANDLER_TYPE.IDP);
+ SAML2HandlerRequest idpHandlerRequest = new DefaultSAML2HandlerRequest(httpContext, issuerInfo.getIssuer(),
+ docHolder, SAML2Handler.HANDLER_TYPE.IDP);
idpHandlerRequest.addOption(GeneralConstants.ASSERTIONS_VALIDITY, 10000l);
SAML2HandlerResponse idpHandlerResponse = new DefaultSAML2HandlerResponse();
@@ -228,7 +232,7 @@
Map<String, Object> chainOptionsIdp = new HashMap<String, Object>();
IDPType idpType = new IDPType();
chainOptionsIdp.put(GeneralConstants.CONFIGURATION, idpType);
- chainOptionsIdp.put(GeneralConstants.ROLE_VALIDATOR_IGNORE, "true");
+ chainOptionsIdp.put(GeneralConstants.ROLE_VALIDATOR_IGNORE, "true");
SAML2HandlerChainConfig chainConfigIdp = new DefaultSAML2HandlerChainConfig(chainOptionsIdp);
// Create and init handlers for IDP
@@ -242,7 +246,6 @@
HttpSession session = BaseSAML2Handler.getHttpSession(idpHandlerRequest);
session.setAttribute(GeneralConstants.PRINCIPAL_ID, new Principal()
{
- @Override
public String getName()
{
return "testPrincipal";
@@ -263,31 +266,34 @@
return idpHandlerResponse;
}
-
+
private ResponseType getResponseTypeFromString(String responseString) throws Exception
{
InputStream is = new ByteArrayInputStream(responseString.getBytes());
SAML2Response saml2Response = new SAML2Response();
return saml2Response.getResponseType(is);
}
-
- private HandlerContext getHandlerRequestAndResponse(HTTPContext httpContext, IssuerInfoHolder issuerInfo, String responseString) throws Exception
+
+ private HandlerContext getHandlerRequestAndResponse(HTTPContext httpContext, IssuerInfoHolder issuerInfo,
+ String responseString) throws Exception
{
ResponseType responseType = getResponseTypeFromString(responseString);
SAML2Response saml2Response = new SAML2Response();
Document doc = saml2Response.convert(responseType);
SAMLDocumentHolder docHolder = new SAMLDocumentHolder(responseType, doc);
- SAML2HandlerRequest request = new DefaultSAML2HandlerRequest(httpContext, issuerInfo.getIssuer(), docHolder, SAML2Handler.HANDLER_TYPE.SP);
+ SAML2HandlerRequest request = new DefaultSAML2HandlerRequest(httpContext, issuerInfo.getIssuer(), docHolder,
+ SAML2Handler.HANDLER_TYPE.SP);
SAML2HandlerResponse response = new DefaultSAML2HandlerResponse();
return new HandlerContext(request, response);
}
-
+
private class HandlerContext
{
- private SAML2HandlerRequest request;
- private SAML2HandlerResponse response;
-
+ private final SAML2HandlerRequest request;
+
+ private final SAML2HandlerResponse response;
+
private HandlerContext(SAML2HandlerRequest request, SAML2HandlerResponse response)
{
this.request = request;
More information about the jboss-cvs-commits
mailing list