[jboss-svn-commits] JBL Code SVN: r29902 - in labs/jbossesb/trunk/product: rosetta/src/org/jboss/internal/soa/esb/services/security and 13 other directories.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Mon Nov 2 15:02:23 EST 2009
Author: beve
Date: 2009-11-02 15:02:20 -0500 (Mon, 02 Nov 2009)
New Revision: 29902
Added:
labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSIssueCallbackHandler.java
labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSTokenCallbackHandler.java
labs/jbossesb/trunk/product/samples/quickstarts/security_saml/src/org/jboss/soa/esb/samples/quickstart/securitysaml/DisplaySubjectAction.java
labs/jbossesb/trunk/product/samples/quickstarts/security_saml/src/org/jboss/soa/esb/samples/quickstart/securitysaml/test/HttpClient.java
Removed:
labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/actions/security/
labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSCallbackHandler.java
labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSConstants.java
labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModule.java
labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/SamlCredential.java
labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/actions/security/JBossSTSActionUnitTest.java
labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/actions/security/jboss-sts-client.properties
labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModuleUnitTest.java
labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/SamlCredentialUnitTest.java
labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/assertion-expected.xml
labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/assertion.xml
labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/jboss-sts-client.properties
Modified:
labs/jbossesb/trunk/product/.classpath
labs/jbossesb/trunk/product/ivy.xml
labs/jbossesb/trunk/product/rosetta/src/org/jboss/internal/soa/esb/services/security/UserPassCallbackHandler.java
labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/client/ServiceInvoker.java
labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityContext.java
labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/SamlContext.java
labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SamlAssertionExtractor.java
labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SamlSoapAssertionExtractor.java
labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SamlVisitor.java
labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/SamlSoapAssertionExtractorUnitTest.java
labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/SamlVisitorUnitTest.java
labs/jbossesb/trunk/product/samples/quickstarts/security_saml/build.xml
labs/jbossesb/trunk/product/samples/quickstarts/security_saml/jboss-esb.xml
labs/jbossesb/trunk/product/samples/quickstarts/security_saml/login-config.xml
labs/jbossesb/trunk/product/samples/quickstarts/security_saml/readme.txt
labs/jbossesb/trunk/product/samples/quickstarts/security_saml/soap-request.xml
labs/jbossesb/trunk/product/services/soap/src/main/java/org/jboss/soa/esb/actions/soap/SOAPSamlHandler.java
labs/jbossesb/trunk/product/services/soap/src/test/java/org/jboss/soa/esb/actions/soap/SOAPSamlHandlerUnitTest.java
Log:
Work for https://jira.jboss.org/jira/browse/JBESB-2909 "Revisit SAML integration"
Modified: labs/jbossesb/trunk/product/.classpath
===================================================================
--- labs/jbossesb/trunk/product/.classpath 2009-11-02 16:07:37 UTC (rev 29901)
+++ labs/jbossesb/trunk/product/.classpath 2009-11-02 20:02:20 UTC (rev 29902)
@@ -129,13 +129,8 @@
<classpathentry kind="var" path="ESB_ROOT/testlib/mockito-all-1.8.0.jar"/>
<classpathentry kind="lib" path="build/lib/freemarker-2.3.11.jar"/>
<classpathentry kind="lib" path="build/lib/xstream-1.2.2.jar"/>
- <classpathentry kind="lib" path="build/lib/jboss-identity-bindings-1.0.0.beta3.pre.jar"/>
- <classpathentry kind="lib" path="build/lib/jboss-identity-bindings-jboss-1.0.0.beta3.pre.jar"/>
- <classpathentry kind="lib" path="build/lib/jboss-identity-fed-api-1.0.0.beta3.pre.jar"/>
- <classpathentry kind="lib" path="build/lib/jboss-identity-fed-core-1.0.0.beta3.pre.jar"/>
- <classpathentry kind="lib" path="build/lib/jboss-identity-fed-model-1.0.0.beta3.pre.jar"/>
- <classpathentry kind="lib" path="build/lib/jboss-identity-web-1.0.0.beta3.pre.jar"/>
- <classpathentry kind="lib" path="build/lib/jboss-identity-xmlsec-model-1.0.0.beta3.pre.jar"/>
+ <classpathentry kind="lib" path="build/lib/jboss-identity-fed-api-1.0.0.beta3.jar"/>
+ <classpathentry kind="lib" path="build/lib/jboss-identity-fed-core-1.0.0.beta3.jar"/>
<classpathentry kind="lib" path="build/lib/milyn-commons-1.2.3.jar"/>
<classpathentry kind="lib" path="build/lib/milyn-edisax-parser-1.2.3.jar"/>
<classpathentry kind="lib" path="build/lib/milyn-magger-1.2.3.jar"/>
Modified: labs/jbossesb/trunk/product/ivy.xml
===================================================================
--- labs/jbossesb/trunk/product/ivy.xml 2009-11-02 16:07:37 UTC (rev 29901)
+++ labs/jbossesb/trunk/product/ivy.xml 2009-11-02 20:02:20 UTC (rev 29902)
@@ -160,13 +160,13 @@
<dependency org="jboss" name="jbosssx" rev="4.2.3.GA"/>
<!-- JBoss Identity Federation -->
- <dependency org="org.jboss.identity" name="jboss-identity-fed-api" rev="1.0.0.beta3.pre"/>
- <dependency org="org.jboss.identity" name="jboss-identity-fed-core" rev="1.0.0.beta3.pre"/>
- <dependency org="org.jboss.identity" name="jboss-identity-fed-model" rev="1.0.0.beta3.pre"/>
- <dependency org="org.jboss.identity" name="jboss-identity-xmlsec-model" rev="1.0.0.beta3.pre"/>
- <dependency org="org.jboss.identity" name="jboss-identity-bindings" rev="1.0.0.beta3.pre"/>
- <dependency org="org.jboss.identity" name="jboss-identity-bindings-jboss" rev="1.0.0.beta3.pre"/>
- <dependency org="org.jboss.identity" name="jboss-identity-web" rev="1.0.0.beta3.pre"/>
+ <dependency org="org.jboss.identity" name="jboss-identity-fed-api" rev="1.0.0.beta3"/>
+ <dependency org="org.jboss.identity" name="jboss-identity-fed-core" rev="1.0.0.beta3"/>
+ <dependency org="org.jboss.identity" name="jboss-identity-fed-model" rev="1.0.0.beta3"/>
+ <dependency org="org.jboss.identity" name="jboss-identity-xmlsec-model" rev="1.0.0.beta3"/>
+ <dependency org="org.jboss.identity" name="jboss-identity-bindings" rev="1.0.0.beta3"/>
+ <dependency org="org.jboss.identity" name="jboss-identity-bindings-jboss" rev="1.0.0.beta3"/>
+ <dependency org="org.jboss.identity" name="jboss-identity-web" rev="1.0.0.beta3"/>
<dependency org="org.apache" name="xmlsec" rev="1.4.3"/>
<!-- Needed for WSTrustClient with JBoss AS 4.x :https://jira.jboss.org/jira/browse/JBWS-2346 -->
Modified: labs/jbossesb/trunk/product/rosetta/src/org/jboss/internal/soa/esb/services/security/UserPassCallbackHandler.java
===================================================================
--- labs/jbossesb/trunk/product/rosetta/src/org/jboss/internal/soa/esb/services/security/UserPassCallbackHandler.java 2009-11-02 16:07:37 UTC (rev 29901)
+++ labs/jbossesb/trunk/product/rosetta/src/org/jboss/internal/soa/esb/services/security/UserPassCallbackHandler.java 2009-11-02 20:02:20 UTC (rev 29902)
@@ -41,7 +41,20 @@
private Logger log = Logger.getLogger(UserPassCallbackHandler.class);
private AuthenticationRequest authRequest;
+
+ private final boolean throwUnsupportedCallbackException;
+
+ public UserPassCallbackHandler()
+ {
+ throwUnsupportedCallbackException = true;
+ }
+ public UserPassCallbackHandler(final AuthenticationRequest authRequest, final boolean throwUnsupportedCallbackException)
+ {
+ this.authRequest = authRequest;
+ this.throwUnsupportedCallbackException = throwUnsupportedCallbackException;
+ }
+
public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException
{
if ( authRequest == null )
@@ -73,15 +86,21 @@
}
else
{
- throw new UnsupportedCallbackException(callbacks[i], "UserPassCallbackHandler");
+ if (throwUnsupportedCallbackException)
+ throw new UnsupportedCallbackException(callbacks[i], "UserPassCallbackHandler");
}
}
}
-
+
public void setAuthenticationRequest(AuthenticationRequest authRequest)
{
this.authRequest = authRequest;
}
+
+ protected AuthenticationRequest getAuthRequest()
+ {
+ return authRequest;
+ }
public void setSecurityConfig(SecurityConfig config) { }
}
Modified: labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/client/ServiceInvoker.java
===================================================================
--- labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/client/ServiceInvoker.java 2009-11-02 16:07:37 UTC (rev 29901)
+++ labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/client/ServiceInvoker.java 2009-11-02 20:02:20 UTC (rev 29902)
@@ -19,11 +19,14 @@
*/
package org.jboss.soa.esb.client;
+import java.security.AccessController;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
+import java.util.Set;
import javax.crypto.SealedObject;
+import javax.security.auth.Subject;
import org.apache.log4j.Logger;
import org.jboss.internal.soa.esb.addressing.helpers.EPRHelper;
@@ -65,8 +68,10 @@
import org.jboss.soa.esb.services.persistence.RedeliverStore;
import org.jboss.soa.esb.services.registry.RegistryException;
import org.jboss.soa.esb.services.registry.ServiceNotFoundException;
+import org.jboss.soa.esb.services.security.PublicCryptoUtil;
import org.jboss.soa.esb.services.security.SecurityContext;
import org.jboss.soa.esb.services.security.SecurityService;
+import org.jboss.soa.esb.services.security.SecurityServiceException;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequestImpl;
import org.jboss.soa.esb.util.ClassUtil;
@@ -316,7 +321,7 @@
/*
* Re-attach encrypted AuthenticationRequest to outgoing message.
*/
- final byte[] encryptedAuthRequest = AuthenticationRequestImpl.getEncryptedAuthRequest();
+ byte[] encryptedAuthRequest = getEncryptedAuthRequest();//
if (encryptedAuthRequest != null)
{
message.getContext().setContext(SecurityService.AUTH_REQUEST, encryptedAuthRequest);
@@ -425,6 +430,36 @@
}
}
+ private byte[] getEncryptedAuthRequest()
+ {
+ byte[] encryptedAuthRequest = AuthenticationRequestImpl.getEncryptedAuthRequest();
+ if (encryptedAuthRequest != null)
+ {
+ final Subject subject = Subject.getSubject(AccessController.getContext());
+ if (subject != null)
+ {
+ try
+ {
+ // Decrypt the authentication request.
+ final AuthenticationRequestImpl authRequest = (AuthenticationRequestImpl) PublicCryptoUtil.INSTANCE.decrypt(encryptedAuthRequest);
+ // Get all public credentials from the authentication request.
+ final Set credentials = authRequest.getCredentials();
+ // Add all of the Subjects public credentials to the authentication request
+ credentials.addAll(subject.getPublicCredentials());
+ // "Re-encrypt" the updated authRequest.
+ byte[] encrypt = PublicCryptoUtil.INSTANCE.encrypt(authRequest);
+ encryptedAuthRequest = encrypt;
+ AuthenticationRequestImpl.setEncryptedAuthRequest(encrypt);
+ }
+ catch (SecurityServiceException e)
+ {
+ logger.error("SecurityException", e);
+ }
+ }
+ }
+ return encryptedAuthRequest;
+ }
+
/**
* Get the details of Service to which this invoker instance is delivering messages.
*
Modified: labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityContext.java
===================================================================
--- labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityContext.java 2009-11-02 16:07:37 UTC (rev 29901)
+++ labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityContext.java 2009-11-02 20:02:20 UTC (rev 29902)
@@ -212,6 +212,8 @@
{
return true;
}
+ if (timeout == 0)
+ return false;
return timeOfCreation + timeout > System.currentTimeMillis();
}
Deleted: labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSCallbackHandler.java
===================================================================
--- labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSCallbackHandler.java 2009-11-02 16:07:37 UTC (rev 29901)
+++ labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSCallbackHandler.java 2009-11-02 20:02:20 UTC (rev 29902)
@@ -1,61 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.soa.esb.services.security.auth.login;
-
-import java.io.IOException;
-
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-
-import org.jboss.internal.soa.esb.services.security.EsbCallbackHandler;
-import org.jboss.security.auth.callback.ObjectCallback;
-import org.jboss.soa.esb.services.security.SecurityConfig;
-import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
-
-public class JBossSTSCallbackHandler implements EsbCallbackHandler
-{
- private AuthenticationRequest authRequest;
-
- @SuppressWarnings("unused")
- private SecurityConfig securityConfig;
-
- public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException
- {
- for (Callback callback : callbacks)
- {
- if (callback instanceof ObjectCallback)
- {
- final ObjectCallback objectCallback = (ObjectCallback) callback;
- objectCallback.setCredential(authRequest);
- }
- }
- }
-
- public void setAuthenticationRequest(AuthenticationRequest authRequest)
- {
- this.authRequest = authRequest;
- }
-
- public void setSecurityConfig(final SecurityConfig config)
- {
- securityConfig = config;
- }
-}
Deleted: labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSConstants.java
===================================================================
--- labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSConstants.java 2009-11-02 16:07:37 UTC (rev 29901)
+++ labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSConstants.java 2009-11-02 20:02:20 UTC (rev 29902)
@@ -1,40 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.soa.esb.services.security.auth.login;
-
-/**
- *
- * @author <a href="mailto:dbevenius at jboss.com">Daniel Bevenius</a>
- *
- */
-public class JBossSTSConstants
-{
- public static final String SERVICE_NAME_OPTION = "serviceName";
- public static final String PORT_NAME_OPTION = "portName";
- public static final String ENDPOINT_ADDRESS_OPTION = "endpointAddress";
- public static final String USERNAME_OPTION = "username";
- public static final String PASSWORD_OPTION = "password";
- public static final String TOKEN_TYPE_OPTION = "tokenType";
-
- private JBossSTSConstants()
- {
- }
-}
Copied: labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSIssueCallbackHandler.java (from rev 29873, labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSCallbackHandler.java)
===================================================================
--- labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSIssueCallbackHandler.java (rev 0)
+++ labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSIssueCallbackHandler.java 2009-11-02 20:02:20 UTC (rev 29902)
@@ -0,0 +1,66 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security.auth.login;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.jboss.internal.soa.esb.services.security.EsbCallbackHandler;
+import org.jboss.internal.soa.esb.services.security.UserPassCallbackHandler;
+import org.jboss.soa.esb.services.security.SecurityConfig;
+import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
+
+/**
+ * JAAS Callbackhandler that can be used with JBossSTS login modules.
+ * <p/>
+ *
+ * This callback handler delegates to {@link UserPassCallbackHandler} to handle
+ * username and password callbacks.
+ *
+ * It also uses {@link JBossSTSTokenCallbackHandler} to retreive the token from the
+ * authentication request.
+ *
+ * @author <a href="mailto:dbevenius at jboss.com">Daniel Bevenius</a>
+ */
+public class JBossSTSIssueCallbackHandler implements EsbCallbackHandler
+{
+ private AuthenticationRequest authRequest;
+
+ public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException
+ {
+ final UserPassCallbackHandler userPassHandler = new UserPassCallbackHandler(authRequest, false);
+ userPassHandler.handle(callbacks);
+
+ final JBossSTSTokenCallbackHandler tokenHandler = new JBossSTSTokenCallbackHandler(authRequest);
+ tokenHandler.handle(callbacks);
+ }
+
+ public void setAuthenticationRequest(AuthenticationRequest authRequest)
+ {
+ this.authRequest = authRequest;
+ }
+
+ public void setSecurityConfig(SecurityConfig config)
+ {
+ }
+}
Deleted: labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModule.java
===================================================================
--- labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModule.java 2009-11-02 16:07:37 UTC (rev 29901)
+++ labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModule.java 2009-11-02 20:02:20 UTC (rev 29902)
@@ -1,295 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.soa.esb.services.security.auth.login;
-
-import java.io.IOException;
-import java.util.Map;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.auth.login.LoginException;
-import javax.security.auth.spi.LoginModule;
-
-import org.apache.log4j.Logger;
-import org.jboss.identity.federation.core.wstrust.STSClient;
-import org.jboss.identity.federation.core.wstrust.STSClientConfig;
-import org.jboss.identity.federation.core.wstrust.STSClientFactory;
-import org.jboss.identity.federation.core.exceptions.ParsingException;
-import org.jboss.identity.federation.core.wstrust.WSTrustException;
-import org.jboss.identity.federation.core.wstrust.STSClientConfig.Builder;
-import org.jboss.security.auth.callback.ObjectCallback;
-import org.jboss.soa.esb.services.security.PasswordUtil;
-import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
-import org.w3c.dom.Element;
-
-/**
- * JAAS LoginModule for JBoss SecurityTokenService (STS).
- *
- * This LoginModule only performs validation of existing SAML
- * Assertions and does not issue and such Assertions.
- *
- * <h3>Configuration example</h3>
- * <pre>{@code
- * <application-policy name="jbossesb-saml">
- * <authentication>
- * <login-module code="org.jboss.soa.esb.services.security.auth.login.JBossSTSLoginModule" flag="required">
- * <module-option name="configFile">/sts-client.properties</module-option>
- * </login-module>
- * </authentication>
- * </application-policy>
- * }</pre>
- *
- *
- * @author <a href="mailto:dbevenius at jboss.com">Daniel Bevenius</a>
- */
-public class JBossSTSLoginModule implements LoginModule
-{
- private Logger logger = Logger.getLogger(JBossSTSLoginModule.class);
-
- /**
- * This is the required option that should identify the configuration
- * file for WSTrustClient.
- */
- public static final String STS_CONFIG_FILE = "configFile";
-
- /**
- * The subject to be populated.
- */
- private Subject subject;
-
- /**
- * Callback handler used to gather information from the caller.
- */
- private CallbackHandler callbackHandler;
-
- /**
- * Client that takes care of invoking the SecurityTokenService.
- */
- private STSClient wsTrustClient;
-
- /**
- * WS-Trust SAML Assertion element.
- */
- private Element samlToken;
-
- /**
- * The outcome of the authentication process.
- */
- private boolean success;
-
- /**
- * Initialized this login module. Simple stores the passed in fields and
- * also validates the options.
- *
- * @param subject
- * The subject to authenticate/populate.
- * @param callbackHandler
- * The callbackhandler that will gather information required by
- * this login module.
- * @param sharedState
- * State that is shared with other login modules. Used when
- * modules are chained/stacked.
- * @param options
- * The options that were specified for this login module. See
- * "Usage" section of this types javadoc.
- */
- public void initialize(final Subject subject, final CallbackHandler callbackHandler, final Map<String, ?> sharedState, final Map<String, ?> options)
- {
- this.subject = subject;
-
-
- if (callbackHandler == null)
- {
- throw new IllegalArgumentException("CallbackHandler must not be null");
- }
- this.callbackHandler = callbackHandler;
-
- final String configFile = getRequiredOption(options, STS_CONFIG_FILE);
- // this call will not be required with the next version of jboss-identity
- // as it will be able to first parse and populate the builder so that
- // properties, like password, can be overridden.
- // http://jira.jboss.org/jira/browse/JBID-202
- final STSClientConfig config = checkTypeOfPassword(new STSClientConfig.Builder().build(configFile));
- wsTrustClient = createWSTrustClient(config);
- }
-
- private STSClientConfig checkTypeOfPassword(final STSClientConfig config)
- {
- final String password = config.getPassword();
-
- if (PasswordUtil.isPasswordFile(password))
- {
- final Builder builder = new STSClientConfig.Builder();
- builder.serviceName(config.getServiceName());
- builder.endpointAddress(config.getEndPointAddress());
- builder.portName(config.getPortName());
- builder.username(config.getUsername());
- try
- {
- // Set the password using password file.
- builder.password(new PasswordUtil(password).getPasswordAsString());
- return builder.build();
- }
- catch (final IOException e)
- {
- throw new IllegalArgumentException("Could not read password from file :" + config.getPassword(), e);
- }
- }
-
- return config;
- }
-
- STSClient createWSTrustClient(final STSClientConfig config)
- {
- try
- {
- return STSClientFactory.getInstance().create(config);
- }
- catch (final ParsingException e)
- {
- throw new IllegalStateException("Could not create WSTrustClient:", e);
- }
- }
-
- private String getRequiredOption(final Map<String, ?> options, final String optionName)
- {
- final String option = (String) options.get(optionName);
- if (option == null)
- {
- throw new IllegalArgumentException("Required option '" + optionName + "' was missing from the login modules configuration");
- }
-
- return option;
- }
-
- /**
- * @return true If the login was successful otherwise false.
- * @throws LoginException
- * If an error occurs while trying to perform the
- * authentication.
- */
- public boolean login() throws LoginException
- {
- try
- {
- // See if the AuthenticationRequest has a Saml Token associated with it.
- samlToken = getSamlTokenFromCaller();
-
- // Verify that the Saml Token is still valid.
- success = wsTrustClient.validateToken(samlToken);
- if (success == false)
- {
- // Throw an exception as returing false only says that this login module should be ignored.
- throw new LoginException("Could not validate the SAML Security Token :" + samlToken);
- }
-
- return success;
- }
- catch (WSTrustException e)
- {
- throw new LoginException("WSTrustException : " + e.getMessage());
- }
- catch (final IOException e)
- {
- throw new LoginException("IOException : " + e.getMessage());
- }
- catch (final UnsupportedCallbackException e)
- {
- throw new LoginException("UnsupportedCallbackException : " + e.getMessage());
- }
- }
-
- private Element getSamlTokenFromCaller() throws UnsupportedCallbackException, LoginException, IOException
- {
- final ObjectCallback objectCallback = new ObjectCallback("SamlToken: ");
-
- callbackHandler.handle(new Callback[] { objectCallback });
-
- final AuthenticationRequest authRequest = (AuthenticationRequest) objectCallback.getCredential();
- if (authRequest == null)
- {
- throw new LoginException("Could not locate a AuthenticationRequest from the callback.");
- }
-
- Set<?> credentials = authRequest.getCredentials();
-
- for (Object object : credentials)
- {
- if (object instanceof SamlCredential)
- {
- final SamlCredential samlCredential = (SamlCredential) object;
- return samlCredential.getAssertionElement();
- }
- }
-
- throw new LoginException("Could not locate a SamlCredential in the AuthenticationRequest.");
- }
-
- public boolean commit() throws LoginException
- {
- if (success)
- {
- logger.debug("Successfully validated Assertion. ");
- removeAllSamlCredentials(subject);
- // Add the SamlToken to the authenticated Subjects principals
- subject.getPublicCredentials().add(new SamlCredential(samlToken));
-
- return true;
- }
- else
- {
- removeAllSamlCredentials(subject);
- return false;
- }
- }
-
- /**
- * Called if the overall authentication failed (phase 2).
- */
- public boolean abort() throws LoginException
- {
- success = false;
- clearState();
- return true;
- }
-
- public boolean logout() throws LoginException
- {
- clearState();
- return true;
- }
-
- private void clearState()
- {
- samlToken = null;
- removeAllSamlCredentials(subject);
- }
-
- private void removeAllSamlCredentials(final Subject subject)
- {
- final Set<SamlCredential> samlCredentials = subject.getPublicCredentials(SamlCredential.class);
- subject.getPublicCredentials().removeAll(samlCredentials);
- }
-
-}
Added: labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSTokenCallbackHandler.java
===================================================================
--- labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSTokenCallbackHandler.java (rev 0)
+++ labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSTokenCallbackHandler.java 2009-11-02 20:02:20 UTC (rev 29902)
@@ -0,0 +1,88 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security.auth.login;
+
+import java.io.IOException;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.core.exceptions.ProcessingException;
+import org.jboss.identity.federation.core.wstrust.SamlCredential;
+import org.jboss.identity.federation.core.wstrust.auth.TokenCallback;
+import org.jboss.internal.soa.esb.services.security.EsbCallbackHandler;
+import org.jboss.soa.esb.services.security.SecurityConfig;
+import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
+
+/**
+ * JAAS callback handler that can be used with JBossSTS login modules.
+ * <p/>
+ *
+ * @author <a href="mailto:dbevenius at jboss.com">Daniel Bevenius</a>
+ */
+public class JBossSTSTokenCallbackHandler implements EsbCallbackHandler
+{
+ private Logger log = Logger.getLogger(JBossSTSTokenCallbackHandler.class);
+
+ private AuthenticationRequest authRequest;
+
+ public JBossSTSTokenCallbackHandler()
+ {
+ }
+
+ public JBossSTSTokenCallbackHandler(final AuthenticationRequest authRequest)
+ {
+ this.authRequest = authRequest;
+ }
+
+ public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException
+ {
+ for (Callback callback : callbacks)
+ {
+ if (callback instanceof TokenCallback)
+ {
+ final TokenCallback tokenCallback = (TokenCallback) callback;
+ for (Object object : authRequest.getCredentials())
+ {
+ if (object instanceof SamlCredential)
+ {
+ try
+ {
+ tokenCallback.setToken(((SamlCredential)object).getAssertionAsElement());
+ }
+ catch (ProcessingException e)
+ {
+ log.error(e.getMessage(), e);
+ }
+ }
+ }
+ }
+ }
+ }
+
+ public void setAuthenticationRequest(AuthenticationRequest authRequest)
+ {
+ this.authRequest = authRequest;
+ }
+
+ public void setSecurityConfig(SecurityConfig config)
+ {
+ }
+}
Modified: labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/SamlContext.java
===================================================================
--- labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/SamlContext.java 2009-11-02 16:07:37 UTC (rev 29901)
+++ labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/SamlContext.java 2009-11-02 20:02:20 UTC (rev 29902)
@@ -20,32 +20,53 @@
*/
package org.jboss.soa.esb.services.security.auth.login;
-import org.jboss.soa.esb.services.security.auth.login.SamlCredential;
+import java.security.AccessController;
+import java.util.Collections;
+import java.util.Set;
+import javax.security.auth.Subject;
+
+import org.jboss.identity.federation.core.wstrust.SamlCredential;
+
/**
+ * SamlContext provides a way to retreive a SamlCredential or Set
+ * of SamlCredentials from the current {@link Subject}.
+ * <p/>
*
* @author <a href="mailto:dbevenius at jboss.com">Daniel Bevenius</a>
- *
*/
public final class SamlContext
{
- private static final ThreadLocal<SamlCredential> CONTEXT = new ThreadLocal<SamlCredential>();
-
private SamlContext() {}
- public static void clearContext()
+ /**
+ * Get a list of the Subject SamlCredentials.
+ *
+ * @return Set Set of SamlCredentials. This method will return an empty set if no SamlCredentials exist.
+ */
+ public static Set<SamlCredential> getSamlCredentials()
{
- CONTEXT.set(null);
+ final Subject subject = Subject.getSubject(AccessController.getContext());
+ if (subject == null)
+ return Collections.emptySet();
+
+ return subject.<SamlCredential>getPublicCredentials(SamlCredential.class);
}
-
- public static SamlCredential getContext()
+
+ /**
+ * Gets the first SamlCredential belonging to the current Subject.
+ *
+ * @return SamlCredential The first SamlCredential or null if there are none.
+ */
+ public static SamlCredential getFirstSamlCredential()
{
- return CONTEXT.get();
+ final Set<SamlCredential> samlCredentials = getSamlCredentials();
+ if (samlCredentials.isEmpty())
+ {
+ return null;
+ }
+
+ return samlCredentials.iterator().next();
}
- public static void setContext(final SamlCredential principal)
- {
- CONTEXT.set(principal);
- }
-
}
Deleted: labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/SamlCredential.java
===================================================================
--- labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/SamlCredential.java 2009-11-02 16:07:37 UTC (rev 29901)
+++ labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/SamlCredential.java 2009-11-02 20:02:20 UTC (rev 29902)
@@ -1,108 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.soa.esb.services.security.auth.login;
-
-import java.io.IOException;
-import java.io.Serializable;
-import java.io.StringWriter;
-
-import javax.xml.transform.OutputKeys;
-import javax.xml.transform.Result;
-import javax.xml.transform.Source;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerConfigurationException;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.TransformerFactoryConfigurationError;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-
-import org.jboss.internal.soa.esb.assertion.AssertArgument;
-import org.jboss.util.xml.DOMUtils;
-import org.w3c.dom.Element;
-
-/**
- * Credential that wraps a SAML Assertion.
- *
- * @author <a href="mailto:dbevenius at jboss.com">Daniel Bevenius</a>
- *
- */
-public final class SamlCredential implements Serializable
-{
- private static final long serialVersionUID = -8496414959425288835L;
-
- private String assertion;
-
- public SamlCredential(final Element assertion)
- {
- this.assertion = SamlCredential.assertionToString(assertion);
- }
-
- public SamlCredential(final String assertion)
- {
- AssertArgument.isNotNull(assertion, "assertion");
- this.assertion = assertion;
- }
-
- public String getAssertion()
- {
- return assertion;
- }
-
- public Element getAssertionElement() throws IOException
- {
- return SamlCredential.assertionToElement(assertion);
- }
-
- public static Element assertionToElement(final String assertion) throws IOException
- {
- return DOMUtils.parse(assertion);
- }
-
- public static String assertionToString(final Element assertion)
- {
- AssertArgument.isNotNull(assertion, "assertion");
- try
- {
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
- final Source source = new DOMSource(assertion);
- final StringWriter writer = new StringWriter();
- final Result result = new StreamResult(writer);
-
- transformer.transform(source, result);
-
- return writer.toString();
- }
- catch (TransformerConfigurationException e)
- {
- throw new IllegalStateException(e.getMessage(), e);
- }
- catch (TransformerFactoryConfigurationError e)
- {
- throw new IllegalStateException(e.getMessage(), e);
- }
- catch (TransformerException e)
- {
- throw new IllegalStateException(e.getMessage(), e);
- }
- }
-}
Modified: labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SamlAssertionExtractor.java
===================================================================
--- labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SamlAssertionExtractor.java 2009-11-02 16:07:37 UTC (rev 29901)
+++ labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SamlAssertionExtractor.java 2009-11-02 20:02:20 UTC (rev 29902)
@@ -28,11 +28,11 @@
import javax.xml.transform.stream.StreamSource;
+import org.jboss.identity.federation.core.wstrust.SamlCredential;
import org.jboss.soa.esb.lifecycle.LifecycleResourceException;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequestImpl;
import org.jboss.soa.esb.services.security.auth.SecurityInfoExtractor;
-import org.jboss.soa.esb.services.security.auth.login.SamlCredential;
import org.jboss.soa.esb.smooks.resource.SmooksResource;
import org.jboss.soa.esb.util.ClassUtil;
import org.milyn.Smooks;
Modified: labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SamlSoapAssertionExtractor.java
===================================================================
--- labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SamlSoapAssertionExtractor.java 2009-11-02 16:07:37 UTC (rev 29901)
+++ labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SamlSoapAssertionExtractor.java 2009-11-02 20:02:20 UTC (rev 29902)
@@ -29,10 +29,10 @@
import javax.xml.soap.SOAPMessage;
import org.apache.log4j.Logger;
+import org.jboss.identity.federation.core.wstrust.SamlCredential;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequestImpl;
import org.jboss.soa.esb.services.security.auth.SecurityInfoExtractor;
-import org.jboss.soa.esb.services.security.auth.login.SamlCredential;
import org.jboss.soa.esb.services.security.principals.User;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
Modified: labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SamlVisitor.java
===================================================================
--- labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SamlVisitor.java 2009-11-02 16:07:37 UTC (rev 29901)
+++ labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SamlVisitor.java 2009-11-02 20:02:20 UTC (rev 29902)
@@ -20,9 +20,10 @@
*/
package org.jboss.soa.esb.services.security.auth.ws;
+import org.jboss.identity.federation.core.wstrust.SamlCredential;
import org.jboss.soa.esb.services.security.auth.login.SamlContext;
-import org.jboss.soa.esb.services.security.auth.login.SamlCredential;
+
/**
* Extends {@link SOAPSecurityHeaderVisitor} to add a SAML Assertion
* to a SOAP Security Header.
@@ -35,10 +36,10 @@
@Override
protected String getHeaderToInsert()
{
- SamlCredential samlPrincipal = SamlContext.getContext();
- if (samlPrincipal != null)
+ SamlCredential samlCredential = SamlContext.getFirstSamlCredential();
+ if (samlCredential != null)
{
- return samlPrincipal.getAssertion();
+ return samlCredential.getAssertionAsString();
}
return null;
}
Deleted: labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/actions/security/JBossSTSActionUnitTest.java
===================================================================
--- labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/actions/security/JBossSTSActionUnitTest.java 2009-11-02 16:07:37 UTC (rev 29901)
+++ labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/actions/security/JBossSTSActionUnitTest.java 2009-11-02 20:02:20 UTC (rev 29902)
@@ -1,135 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.soa.esb.actions.security;
-
-import static org.junit.Assert.assertTrue;
-import static org.mockito.Matchers.any;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-import junit.framework.JUnit4TestAdapter;
-
-import org.jboss.identity.federation.core.wstrust.STSClient;
-import org.jboss.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
-import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
-import org.jboss.soa.esb.ConfigurationException;
-import org.jboss.soa.esb.helpers.ConfigTree;
-import org.jboss.soa.esb.message.Message;
-import org.jboss.soa.esb.message.format.MessageFactory;
-import org.jboss.soa.esb.services.security.auth.login.JBossSTSConstants;
-import org.jboss.soa.esb.services.security.auth.login.SamlContext;
-import org.junit.Test;
-import org.w3c.dom.Element;
-
-/**
- * Unit test for {@link JBossSTSAction}.
- *
- * @author <a href="mailto:dbevenius at jboss.com">Daniel Bevenius</a>
- *
- */
-public class JBossSTSActionUnitTest
-{
- private String configFile = "org/jboss/soa/esb/actions/security/jboss-sts-client.properties";
-
- @Test
- public void process() throws Exception
- {
- STSClient mockWSTrustclient = mock(STSClient.class);
- Element securityToken = SAMLUtil.toElement(new AssertionType());
- when(mockWSTrustclient.issueToken((any(String.class)), any(String.class))).thenReturn(securityToken);
-
- ConfigTree config = new ConfigBuilder().configFile(configFile).tokenType("dummy").build();
- JBossSTSAction stsAction = new MockSTSAction(config, mockWSTrustclient);
- stsAction.initialise();
-
- Message message = MessageFactory.getInstance().getMessage();
- stsAction.process(message);
- Object object = SamlContext.getContext().getAssertionElement();
- assertTrue(object instanceof Element);
- SamlContext.clearContext();
- }
-
- @Test (expected = ConfigurationException.class)
- public void shouldThrowIfTokenTypeIsMissing() throws ConfigurationException
- {
- new JBossSTSAction(new ConfigBuilder().configFile(configFile).build());
- }
-
- private static class ConfigBuilder
- {
- private ConfigTree config;
-
- public ConfigBuilder()
- {
- config = new ConfigTree(getClass().getSimpleName());
- }
-
- public ConfigBuilder configFile(final String file)
- {
- config.setAttribute(JBossSTSAction.STS_CONFIG, file);
- return this;
- }
-
- public ConfigBuilder tokenType(final String tokenType)
- {
- config.setAttribute(JBossSTSConstants.TOKEN_TYPE_OPTION, tokenType);
- return this;
- }
-
- public ConfigBuilder addToEsbAuthRequestMessage(final boolean add)
- {
- config.setAttribute(JBossSTSAction.ADD_TO_ESB_AUTH_REQUEST, Boolean.toString(add));
- return this;
- }
-
- public ConfigTree build()
- {
- return config;
- }
- }
-
- private class MockSTSAction extends JBossSTSAction
- {
- private STSClient client;
-
- public MockSTSAction(ConfigTree config) throws ConfigurationException
- {
- super(config);
- }
-
- public MockSTSAction(ConfigTree config, final STSClient client) throws ConfigurationException
- {
- super(config);
- this.client = client;
- }
-
- @Override
- STSClient createWSTrustClient()
- {
- return client;
- }
- }
-
- public static junit.framework.Test suite()
- {
- return new JUnit4TestAdapter(JBossSTSActionUnitTest.class);
- }
-
-}
Deleted: labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/actions/security/jboss-sts-client.properties
===================================================================
--- labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/actions/security/jboss-sts-client.properties 2009-11-02 16:07:37 UTC (rev 29901)
+++ labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/actions/security/jboss-sts-client.properties 2009-11-02 20:02:20 UTC (rev 29902)
@@ -1,5 +0,0 @@
-serviceName=JBossSTS
-portName=JBossSTSPort
-endpointAddress=http://localhost:8080/jboss-sts/JBossSTS
-username=admin
-password=admin
Deleted: labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModuleUnitTest.java
===================================================================
--- labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModuleUnitTest.java 2009-11-02 16:07:37 UTC (rev 29901)
+++ labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModuleUnitTest.java 2009-11-02 20:02:20 UTC (rev 29902)
@@ -1,168 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.soa.esb.services.security.auth.login;
-
-import static org.junit.Assert.*;
-import static org.junit.Assert.assertTrue;
-import static org.mockito.Matchers.any;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-import javax.security.auth.login.LoginException;
-
-import junit.framework.JUnit4TestAdapter;
-
-import org.jboss.identity.federation.core.wstrust.STSClient;
-import org.jboss.identity.federation.core.wstrust.STSClientConfig;
-import org.jboss.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
-import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
-import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
-import org.jboss.soa.esb.services.security.auth.AuthenticationRequestImpl;
-import org.junit.Test;
-import org.w3c.dom.Element;
-
-/**
- * Unit test for {@link JBossSTSLoginModule}.
- *
- * @author <a href="mailto:dbevenius at jboss.com">Daniel Bevenius</a>
- *
- */
-public class JBossSTSLoginModuleUnitTest
-{
- @Test
- public void loginValidToken() throws Exception
- {
- final STSClient client = mock(STSClient.class);
- when(client.validateToken(any(Element.class))).thenReturn(true);
-
- final JBossSTSLoginModule loginModule = new MockSTSLoginModule(client);
-
- final Element samlToken = createSamlToken();
-
- final JBossSTSCallbackHandler callbackHandler = new JBossSTSCallbackHandler();
- final SamlCredential samlCredential = new SamlCredential(samlToken);
- Set credential = Collections.singleton(samlCredential);
- final AuthenticationRequest authRequest = new AuthenticationRequestImpl.Builder(null, credential).build();
- callbackHandler.setAuthenticationRequest(authRequest);
- callbackHandler.setSecurityConfig(null);
-
- Subject subject = new Subject();
- loginModule.initialize(subject, callbackHandler, null, allOptions());
-
- // Simulate Phase 1
- boolean login = loginModule.login();
- assertTrue(login);
-
- // Simulate Phase 2
- boolean commit = loginModule.commit();
- assertTrue(commit);
-
- Set<SamlCredential> samlCredentials = subject.getPublicCredentials(SamlCredential.class);
- assertEquals(1, samlCredentials.size());
-
- // Try to commit again to make sure the multiple SamlCredentials are not added to the
- // Subject public credentials.
- commit = loginModule.commit();
- samlCredentials = subject.getPublicCredentials(SamlCredential.class);
- assertEquals(1, samlCredentials.size());
- }
-
- @Test(expected = LoginException.class)
- public void loginInValidToken() throws Exception
- {
- final STSClient client = mock(STSClient.class);
- when(client.validateToken(any(Element.class))).thenReturn(false);
-
- final JBossSTSLoginModule loginModule = new MockSTSLoginModule(client);
-
- final Element samlToken = createSamlToken();
-
- final JBossSTSCallbackHandler callbackHandler = new JBossSTSCallbackHandler();
- final SamlCredential samlCredential = new SamlCredential(samlToken);
- Set credential = Collections.singleton(samlCredential);
- final AuthenticationRequest authRequest = new AuthenticationRequestImpl.Builder(null, credential).build();
- callbackHandler.setAuthenticationRequest(authRequest);
- callbackHandler.setSecurityConfig(null);
-
- loginModule.initialize(new Subject(), callbackHandler, null, allOptions());
-
- // Simulate Phase 1
- boolean login = loginModule.login();
- assertTrue(login);
- }
-
- @Test (expected = IllegalArgumentException.class)
- public void missingCallbackHanlder()
- {
- Map<String, String> allOptions = allOptions();
- allOptions.remove(JBossSTSConstants.SERVICE_NAME_OPTION);
- final JBossSTSLoginModule loginModule = new MockSTSLoginModule(mock(STSClient.class));
- loginModule.initialize(new Subject(), null, null, allOptions());
- }
-
- private Element createSamlToken() throws Exception
- {
- AssertionType assertionType = new AssertionType();
- return SAMLUtil.toElement(assertionType);
- }
-
- /**
- * Returns all requried options.
- *
- * @return Map Containing all the required options of the login module.
- */
- private Map<String, String> allOptions()
- {
- final Map<String, String> options = new HashMap<String, String>();
- options.put(JBossSTSLoginModule.STS_CONFIG_FILE, "org/jboss/soa/esb/services/security/auth/login/jboss-sts-client.properties");
- return options;
- }
-
- public static junit.framework.Test suite()
- {
- return new JUnit4TestAdapter(JBossSTSLoginModuleUnitTest.class);
- }
-
- private class MockSTSLoginModule extends JBossSTSLoginModule
- {
-
- private STSClient client;
-
- public MockSTSLoginModule(final STSClient client)
- {
- this.client = client;
- }
-
- @Override
- STSClient createWSTrustClient(final STSClientConfig config)
- {
- return client;
- }
-
-
- }
-}
Deleted: labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/SamlCredentialUnitTest.java
===================================================================
--- labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/SamlCredentialUnitTest.java 2009-11-02 16:07:37 UTC (rev 29901)
+++ labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/SamlCredentialUnitTest.java 2009-11-02 20:02:20 UTC (rev 29902)
@@ -1,74 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.soa.esb.services.security.auth.login;
-
-import static org.junit.Assert.assertTrue;
-import junit.framework.JUnit4TestAdapter;
-
-import org.jboss.internal.soa.esb.util.StreamUtils;
-import org.jboss.internal.soa.esb.util.XMLHelper;
-import org.jboss.util.xml.DOMUtils;
-import org.junit.Test;
-import org.w3c.dom.Element;
-
-/**
- * Unit test for {@link SamlCredential}.
- *
- * @author <a href="mailto:dbevenius at jboss.com">Daniel Bevenius</a>
- *
- */
-public class SamlCredentialUnitTest
-{
- @Test
- public void stringConstructor() throws Exception
- {
- final SamlCredential samlPrincipal = new SamlCredential(StreamUtils.readStreamString(getClass().getResourceAsStream("assertion.xml"), "UTF-8"));
-
- final String expected = StreamUtils.readStreamString(getClass().getResourceAsStream("assertion-expected.xml"), "UTF-8");
- final String actual = samlPrincipal.getAssertion();
-
- assertTrue(XMLHelper.compareXMLContent(expected, actual));
- }
-
- @Test
- public void elementConstructor() throws Exception
- {
- final Element assertionElement = DOMUtils.parse(getClass().getResourceAsStream("assertion.xml"));
- final String expectedAssertion = SamlCredential.assertionToString(assertionElement);
-
- final SamlCredential samlPrincipal = new SamlCredential(assertionElement);
- final String actualAssertion = samlPrincipal.getAssertion();
-
- assertTrue(XMLHelper.compareXMLContent(expectedAssertion, actualAssertion));
- }
-
- @Test (expected = IllegalArgumentException.class)
- public void shoudThrowIfStringIsNull()
- {
- new SamlCredential((String)null);
- }
-
- public static junit.framework.Test suite()
- {
- return new JUnit4TestAdapter(SamlCredentialUnitTest.class);
- }
-
-}
Deleted: labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/assertion-expected.xml
===================================================================
--- labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/assertion-expected.xml 2009-11-02 16:07:37 UTC (rev 29901)
+++ labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/assertion-expected.xml 2009-11-02 20:02:20 UTC (rev 29902)
@@ -1,30 +0,0 @@
-<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="ID_74414f7f-1339-4f80-b29a-c947d9177445" IssueInstant="2009-09-10T13:49:30.422Z" Version="2.0">
- <Issuer>JBossSTS</Issuer>
- <Subject>
- <NameID NameQualifier="urn:jboss:identity-federation">beve</NameID>
- <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
- </Subject>
- <Conditions NotBefore="2009-09-10T13:49:30.422Z" NotOnOrAfter="2009-09-10T15:49:30.422Z"/>
- <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
- <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
- <dsig:Reference URI="#ID_74414f7f-1339-4f80-b29a-c947d9177445" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
- </dsig:Transforms>
- <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
- <dsig:DigestValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">so9bv09wxSnauPiq6iC2zs6ubrQ=</dsig:DigestValue>
- </dsig:Reference>
- </dsig:SignedInfo>
- <dsig:SignatureValue>Lf4DYODLtVxSVmd23HJzHTy61ZYDnpaJRTVbRLR2i2zU7v9mskYCVbXY8gm5PYY2V+iYvi+dJ3QlWP9dQu+DHK9rVJSGxSmzfPjrnMC84HH9j2BZBEdKVCpNCAFJQRL+E1jlRB194sjCiuxoMnlR927uMiNcHJRoBSi03kP5tOw=</dsig:SignatureValue>
- <dsig:KeyInfo>
- <dsig:KeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:Modulus xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">suGIyhVTbFvDwZdx8Av62zmP+aGOlsBN8WUE3eEEcDtOIZgO78SImMQGwB2C0eIVMhiLRzVPqoW1dCPAveTm653zHOmubaps1fY0lLJDSZbTbhjeYhoQmmaBro/tDpVw5lKJns2qVnMuRK19ju2dxpKwlYGGtrP5VQv00dfNPbs=
- </dsig:Modulus>
- <dsig:Exponent xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">AQAB</dsig:Exponent>
- </dsig:RSAKeyValue>
- </dsig:KeyValue>
- </dsig:KeyInfo>
- </dsig:Signature>
-</Assertion>
Deleted: labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/assertion.xml
===================================================================
--- labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/assertion.xml 2009-11-02 16:07:37 UTC (rev 29901)
+++ labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/assertion.xml 2009-11-02 20:02:20 UTC (rev 29902)
@@ -1,31 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="ID_74414f7f-1339-4f80-b29a-c947d9177445" IssueInstant="2009-09-10T13:49:30.422Z" Version="2.0">
- <Issuer>JBossSTS</Issuer>
- <Subject>
- <NameID NameQualifier="urn:jboss:identity-federation">beve</NameID>
- <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
- </Subject>
- <Conditions NotBefore="2009-09-10T13:49:30.422Z" NotOnOrAfter="2009-09-10T15:49:30.422Z"/>
- <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
- <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
- <dsig:Reference URI="#ID_74414f7f-1339-4f80-b29a-c947d9177445" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
- </dsig:Transforms>
- <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
- <dsig:DigestValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">so9bv09wxSnauPiq6iC2zs6ubrQ=</dsig:DigestValue>
- </dsig:Reference>
- </dsig:SignedInfo>
- <dsig:SignatureValue>Lf4DYODLtVxSVmd23HJzHTy61ZYDnpaJRTVbRLR2i2zU7v9mskYCVbXY8gm5PYY2V+iYvi+dJ3QlWP9dQu+DHK9rVJSGxSmzfPjrnMC84HH9j2BZBEdKVCpNCAFJQRL+E1jlRB194sjCiuxoMnlR927uMiNcHJRoBSi03kP5tOw=</dsig:SignatureValue>
- <dsig:KeyInfo>
- <dsig:KeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:Modulus xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">suGIyhVTbFvDwZdx8Av62zmP+aGOlsBN8WUE3eEEcDtOIZgO78SImMQGwB2C0eIVMhiLRzVPqoW1dCPAveTm653zHOmubaps1fY0lLJDSZbTbhjeYhoQmmaBro/tDpVw5lKJns2qVnMuRK19ju2dxpKwlYGGtrP5VQv00dfNPbs=
- </dsig:Modulus>
- <dsig:Exponent xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">AQAB</dsig:Exponent>
- </dsig:RSAKeyValue>
- </dsig:KeyValue>
- </dsig:KeyInfo>
- </dsig:Signature>
-</Assertion>
Deleted: labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/jboss-sts-client.properties
===================================================================
--- labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/jboss-sts-client.properties 2009-11-02 16:07:37 UTC (rev 29901)
+++ labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/jboss-sts-client.properties 2009-11-02 20:02:20 UTC (rev 29902)
@@ -1,5 +0,0 @@
-serviceName=JBossSTS
-portName=JBossSTSPort
-endpointAddress=http://test:8080/JBossSTS
-username=user1
-password=pass1
Modified: labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/SamlSoapAssertionExtractorUnitTest.java
===================================================================
--- labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/SamlSoapAssertionExtractorUnitTest.java 2009-11-02 16:07:37 UTC (rev 29901)
+++ labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/SamlSoapAssertionExtractorUnitTest.java 2009-11-02 20:02:20 UTC (rev 29902)
@@ -32,11 +32,11 @@
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.soap.SOAPMessage;
+import org.jboss.identity.federation.core.wstrust.SamlCredential;
import org.jboss.internal.soa.esb.util.StreamUtils;
import org.jboss.internal.soa.esb.util.XMLHelper;
import org.jboss.soa.esb.ConfigurationException;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
-import org.jboss.soa.esb.services.security.auth.login.SamlCredential;
import org.jboss.soa.esb.util.ClassUtil;
import org.junit.Test;
import org.xml.sax.SAXException;
@@ -67,7 +67,7 @@
assertTrue(credential instanceof SamlCredential);
final String expectedAssertion = readFile("saml-expected-example.xml");
- final String actualAssertion = ((SamlCredential) credential).getAssertion();
+ final String actualAssertion = ((SamlCredential) credential).getAssertionAsString();
assertTrue(XMLHelper.compareXMLContent(expectedAssertion, actualAssertion));
}
Modified: labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/SamlVisitorUnitTest.java
===================================================================
--- labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/SamlVisitorUnitTest.java 2009-11-02 16:07:37 UTC (rev 29901)
+++ labs/jbossesb/trunk/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/SamlVisitorUnitTest.java 2009-11-02 20:02:20 UTC (rev 29902)
@@ -21,13 +21,16 @@
package org.jboss.soa.esb.services.security.auth.ws;
import static org.junit.Assert.assertTrue;
+
+import java.security.PrivilegedAction;
+
+import javax.security.auth.Subject;
+
import junit.framework.JUnit4TestAdapter;
+import org.jboss.identity.federation.core.wstrust.SamlCredential;
import org.jboss.internal.soa.esb.util.StreamUtils;
import org.jboss.internal.soa.esb.util.XMLHelper;
-import org.jboss.soa.esb.services.security.auth.login.SamlContext;
-import org.jboss.soa.esb.services.security.auth.login.SamlCredential;
-import org.junit.After;
import org.junit.Test;
import org.milyn.FilterSettings;
import org.milyn.Smooks;
@@ -56,12 +59,18 @@
final StringResult result = new StringResult();
final SamlCredential samlPrincipal = new SamlCredential("<dummyAssertion/>");
- SamlContext.setContext(samlPrincipal);
-
- smooks.filterSource(source, result);
-
+ final Subject subject = new Subject();
+ subject.getPublicCredentials().add(samlPrincipal);
+
final String expected = "<Envelope><Header>" + SECURITY_START + "<dummyAssertion/></t:Security></Header></Envelope>";
- final String actual = result.toString();
+ final String actual = (String) Subject.doAs(subject, new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ smooks.filterSource(source, result);
+ return result.toString();
+ }
+ });
assertTrue(XMLHelper.compareXMLContent(expected, actual));
}
@@ -96,12 +105,19 @@
final StringResult result = new StringResult();
final SamlCredential samlPrincipal = new SamlCredential("<dummyAssertion/>");
- SamlContext.setContext(samlPrincipal);
+ final Subject subject = new Subject();
+ subject.getPublicCredentials().add(samlPrincipal);
+
+ final String expected = "<Envelope>" + HEADER_START + SECURITY_START + "<dummyAssertion/></t:Security></h:Header></Envelope>";
+ final String actual = (String) Subject.doAs(subject, new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ smooks.filterSource(source, result);
+ return result.toString();
+ }
+ });
- smooks.filterSource(source, result);
-
- final String expected = "<Envelope>" + HEADER_START + SECURITY_START + "<dummyAssertion/></t:Security></h:Header></Envelope>";
- final String actual = result.toString();
assertTrue(XMLHelper.compareXMLContent(expected, actual));
}
@@ -115,12 +131,19 @@
final StringResult result = new StringResult();
final SamlCredential samlPrincipal = new SamlCredential("<dummyAssertion/>");
- SamlContext.setContext(samlPrincipal);
+ final Subject subject = new Subject();
+ subject.getPublicCredentials().add(samlPrincipal);
- smooks.filterSource(source, result);
+ final String expected = StreamUtils.readStreamString(getClass().getResourceAsStream("saml-inject-expected.xml"), "UTF-8");
+ final String actual = (String) Subject.doAs(subject, new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ smooks.filterSource(source, result);
+ return result.toString();
+ }
+ });
- final String expected = StreamUtils.readStreamString(getClass().getResourceAsStream("saml-inject-expected.xml"), "UTF-8");
- final String actual = result.toString();
assertTrue(XMLHelper.compareXMLContent(expected, actual));
}
@@ -134,12 +157,19 @@
final StringResult result = new StringResult();
final SamlCredential samlPrincipal = new SamlCredential("<dummyAssertion/>");
- SamlContext.setContext(samlPrincipal);
+ final Subject subject = new Subject();
+ subject.getPublicCredentials().add(samlPrincipal);
- smooks.filterSource(source, result);
+ final String expected = StreamUtils.readStreamString(getClass().getResourceAsStream("saml-inject-expected.xml"), "UTF-8");
+ final String actual = (String) Subject.doAs(subject, new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ smooks.filterSource(source, result);
+ return result.toString();
+ }
+ });
- final String expected = StreamUtils.readStreamString(getClass().getResourceAsStream("saml-inject-expected.xml"), "UTF-8");
- final String actual = result.toString();
assertTrue(XMLHelper.compareXMLContent(expected, actual));
}
@@ -156,12 +186,6 @@
return smooks;
}
- @After
- public void teardown()
- {
- SamlContext.clearContext();
- }
-
public static junit.framework.Test suite()
{
return new JUnit4TestAdapter(SamlVisitorUnitTest.class);
Modified: labs/jbossesb/trunk/product/samples/quickstarts/security_saml/build.xml
===================================================================
--- labs/jbossesb/trunk/product/samples/quickstarts/security_saml/build.xml 2009-11-02 16:07:37 UTC (rev 29901)
+++ labs/jbossesb/trunk/product/samples/quickstarts/security_saml/build.xml 2009-11-02 20:02:20 UTC (rev 29902)
@@ -21,7 +21,6 @@
<target name="quickstart-specific-checks" depends="assert-ws-available"/>
-
<target name="quickstart-specific-dependencies">
<path id="quickstart-dependencies-classpath">
<fileset dir="${org.jboss.esb.server.home}/client" includes="jbossws-client.jar,jboss-remoting.jar" />
@@ -41,15 +40,19 @@
</war>
</target>
- <target name="runtest" depends="compile" description="sends a JMS message to queue/quickstart_security_saml_gw">
- <echo>Runs Test JMS Sender</echo>
- <java fork="yes" classname="org.jboss.soa.esb.samples.quickstart.securitysaml.test.SendJMSMessage" failonerror="true">
- <arg value="queue/quickstart_security_saml_gw"/>
+ <target name="runtest" depends="compile"
+ description="sends a HTTP request to the JBossRemoting gateway">
+ <echo>Http Client</echo>
+ <java fork="yes" classname="org.jboss.soa.esb.samples.quickstart.securitysaml.test.HttpClient" failonerror="true">
+ <arg value="http"/>
+ <arg value="localhost"/>
+ <arg value="9888"/>
<arg value="soap-request.xml"/>
<classpath refid="exec-classpath"/>
</java>
</target>
+
<target name="quickstart-specific-deploys">
<copy todir="${build.dir}" filtering="true" overwrite="true">
Modified: labs/jbossesb/trunk/product/samples/quickstarts/security_saml/jboss-esb.xml
===================================================================
--- labs/jbossesb/trunk/product/samples/quickstarts/security_saml/jboss-esb.xml 2009-11-02 16:07:37 UTC (rev 29901)
+++ labs/jbossesb/trunk/product/samples/quickstarts/security_saml/jboss-esb.xml 2009-11-02 20:02:20 UTC (rev 29902)
@@ -12,31 +12,37 @@
<jms-message-filter dest-type="QUEUE" dest-name="queue/quickstart_security_saml_esb"/>
</jms-bus>
</jms-provider>
+
+ <jbr-provider name="JBR-Http" protocol="http" host="localhost">
+ <jbr-bus busid="Http-1" port="9888" />
+ </jbr-provider>
+
</providers>
<services>
<service category="SamlSecurityQuickstart" name="issueTokenService"
invmScope="GLOBAL"
- description="This service is used to demonstrate using the JBossSTSAction to request JBossSTS to issue a SAML Token for the user configured in jboss-sts-client.properites">
+ description="This service demonstrates how a service can be configured to issue and validate a security token">
+ <security moduleName="saml-issue-token" callbackHandler="org.jboss.soa.esb.services.security.auth.login.JBossSTSIssueCallbackHandler">
+ <!-- disable the security context timeout so that our security context is re-evaluated -->
+ <property name="org.jboss.soa.esb.services.security.contextTimeout" value="0"/>
+ </security>
+
<listeners>
<jms-listener name="JMSGatewayListener" busidref="quickstartGatewayChannel" is-gateway="true"/>
+ <jbr-listener name="Http-Gateway" busidref="Http-1" is-gateway="true">
+ <property name="synchronous" value="false"/>
+ </jbr-listener>
</listeners>
<actions mep="OneWay">
-
- <action name="issueToken" class="org.jboss.soa.esb.actions.security.JBossSTSAction">
- <property name="configFile" value="jboss-sts-client.properties"/>
- <!--property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"/-->
- <property name="endpointURI" value="http://security_saml/goodbyeworld"/>
- <property name="addToEsbAuthRequest" value="true"/>
- </action>
-
- <action name="addSamlSecurityHeader" class="org.jboss.soa.esb.smooks.SmooksAction">
- <property name="smooksConfig" value="/smooks/smooks-saml-injector.xml" />
- </action>
-
+
+ <!-- Uncomment if you'd like to print the current Subject
+ <action name="printSubject" class="org.jboss.soa.esb.samples.quickstart.securitysaml.DisplaySubjectAction"/>
+ -->
+
<action name="routeAction" class="org.jboss.soa.esb.actions.StaticRouter">
<property name="destinations">
<route-to service-category="SamlSecurityQuickstart" service-name="securedSamlService"/>
@@ -46,26 +52,46 @@
</actions>
</service>
-
<service category="SamlSecurityQuickstart" name="securedSamlService"
invmScope="GLOBAL"
- description="This service is used to demonstrate that an ESB service can be configured using SAML Security.">
- <security moduleName="jbossesb-saml" callbackHandler="org.jboss.soa.esb.services.security.auth.login.JBossSTSCallbackHandler"/>
+ description="This service demonstrates that an ESB service can be configured to only validate a security token.">
+
+ <security moduleName="saml-validate-token" callbackHandler="org.jboss.soa.esb.services.security.auth.login.JBossSTSTokenCallbackHandler">
+ <!-- disable the security context timeout so that our security context is re-evaluated -->
+ <property name="org.jboss.soa.esb.services.security.contextTimeout" value="0"/>
+ </security>
+
<actions mep="OneWay">
+ <!-- Uncomment if you'd like to print the current Subject
+ <action name="printSubject" class="org.jboss.soa.esb.samples.quickstart.securitysaml.DisplaySubjectAction"/>
+ -->
+
<action name="routeAction" class="org.jboss.soa.esb.actions.StaticRouter">
<property name="destinations">
- <route-to service-category="SamlSecurityQuickstart" service-name="unsecuredService"/>
+ <route-to service-category="SamlSecurityQuickstart" service-name="sendExternal"/>
</property>
</action>
+
</actions>
</service>
- <service category="SamlSecurityQuickstart" name="unsecuredService"
+ <service category="SamlSecurityQuickstart" name="sendExternal"
invmScope="GLOBAL"
- description="This service is used to demonstate calling a Web Service that has been configured for SAML Assertion validation using JBossSTS.">
+ description="This service demonstrates that an ESB service can be configured to only validate a security token and call an external WS with the security token.">
+
+ <security moduleName="saml-validate-token" callbackHandler="org.jboss.soa.esb.services.security.auth.login.JBossSTSTokenCallbackHandler"/>
+
<actions mep="OneWay">
+ <!-- Uncomment if you'd like to print the current Subject
+ <action name="printSubject" class="org.jboss.soa.esb.samples.quickstart.securitysaml.DisplaySubjectAction"/>
+ -->
+
+ <action name="addSamlSecurityHeader" class="org.jboss.soa.esb.smooks.SmooksAction">
+ <property name="smooksConfig" value="/smooks/smooks-saml-injector.xml" />
+ </action>
+
<action name="JBossWSAdapter" class="org.jboss.soa.esb.actions.soap.SOAPProcessor">
<property name="jbossws-endpoint" value="GoodbyeWorldWS"/>
</action>
Modified: labs/jbossesb/trunk/product/samples/quickstarts/security_saml/login-config.xml
===================================================================
--- labs/jbossesb/trunk/product/samples/quickstarts/security_saml/login-config.xml 2009-11-02 16:07:37 UTC (rev 29901)
+++ labs/jbossesb/trunk/product/samples/quickstarts/security_saml/login-config.xml 2009-11-02 20:02:20 UTC (rev 29902)
@@ -1,9 +1,21 @@
- <!-- Copy&Paste *into* <server>/<configname>/conf/login-config.xml -->
- <application-policy name = "jbossesb-saml">
+
+ <application-policy name="saml-issue-token">
<authentication>
- <login-module code="org.jboss.soa.esb.services.security.auth.login.JBossSTSLoginModule" flag="required">
+ <login-module code="org.jboss.identity.federation.core.wstrust.auth.STSIssuingLoginModule" flag="required">
<module-option name="configFile">@STS_CONFIG_FILE_PATH@</module-option>
+ <module-option name="endpointURI">http://security_saml/goodbyeworld</module-option>
</login-module>
+ <login-module code="org.jboss.identity.federation.core.wstrust.auth.STSValidatingLoginModule" flag="required">
+ <module-option name="configFile">@STS_CONFIG_FILE_PATH@</module-option>
+ </login-module>
</authentication>
</application-policy>
+ <application-policy name="saml-validate-token">
+ <authentication>
+ <login-module code="org.jboss.identity.federation.core.wstrust.auth.STSValidatingLoginModule" flag="required">
+ <module-option name="configFile">@STS_CONFIG_FILE_PATH@</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
Modified: labs/jbossesb/trunk/product/samples/quickstarts/security_saml/readme.txt
===================================================================
--- labs/jbossesb/trunk/product/samples/quickstarts/security_saml/readme.txt 2009-11-02 16:07:37 UTC (rev 29901)
+++ labs/jbossesb/trunk/product/samples/quickstarts/security_saml/readme.txt 2009-11-02 20:02:20 UTC (rev 29902)
@@ -1,12 +1,12 @@
Overview:
=========
- This quickstart demonstrates JBossESB support for SAML. The SAML support is provided by
- using JBoss Security Token Service (JBossSTS).
+ This quickstart demonstrates JBossESB support for SAML. SAML support is provided by
+ using JBoss Security Token Service (JBossSTS) from the JBoss Identity Project.
The following will be demonstrated by this quickstart:
- * Using the JBossSTSAction to isssue a SAML Assertion from JBossSTS
- * Injecting the SAML Assertion into a SOAP Message
- * Calling a second service in the esb that is secured using the JBossSTSLoginModule which will validate the security token.
+ * Using the JBoss Identity Project's STSIssuingLoginModule to isssue a SAML Assertion from JBossSTS.
+ * Using the JBoss Identity Project's STSValidatingLoginModule to validate a SAML Assertion from JBossSTS.
+ * Injecting the SAML Assertion into a SOAP Message.
* Using SOAPProcessor to invoke an externa Web Service that is secured by JBossSTS.
(Note that this quickstart only works with AS 5.1.0.GA or higher)
@@ -19,7 +19,7 @@
To Run:
========================
1. Type 'ant deploy'.
- 2. Copy&Paste the contents of build/login-config.xml into <server>/<configname>/conf/login-config.xml
+ 2. Copy & Paste the contents of build/login-config.xml into <server>/<configname>/conf/login-config.xml
3. Start the server.
4. 'ant runtest' will send a HTTP request to a JBossRemoting Gatway
@@ -32,15 +32,17 @@
The JBossSTS.war is the JBoss Identity WS-Trust Security Token Service implementation.
# jboss-sts-client.properties
-The configuration for the JBossSTSAction and JBossSTSLoginModule.
+The configuration for the both STSIssuingLoginModule and STSValidatingLoginModule.
+Note that the username and password in this file is only used by the STSValidatingLoginModule.
+The STSIssuingLoginModule uses callbacks to retreive the username and password from the authentication
+request, which is extraced from the SOAP Security header (see soap-request.xml below).
# login-config.xml
The JBoss security configuration fragment required for this quickstart. This will be filtered by Ant
-and the outputted login-config.xml content in the build directory should be compied into the servers
+and the outputted login-config.xml content in the build directory should be copied into the servers
login-config.xml
# soap-request.xml
-The soap request sent to the esb.
+The soap request sent to the esb. The UsernameToken security header information is used by the STSIssuingLoginModule
+as the username/credential for the user for whom a security token should be issued.
-
-
Modified: labs/jbossesb/trunk/product/samples/quickstarts/security_saml/soap-request.xml
===================================================================
--- labs/jbossesb/trunk/product/samples/quickstarts/security_saml/soap-request.xml 2009-11-02 16:07:37 UTC (rev 29901)
+++ labs/jbossesb/trunk/product/samples/quickstarts/security_saml/soap-request.xml 2009-11-02 20:02:20 UTC (rev 29902)
@@ -1,5 +1,11 @@
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:good="http://security_saml/goodbyeworld" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<soapenv:Header>
+ <wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/secext">
+ <wsse:UsernameToken>
+ <wsse:Username>admin</wsse:Username>
+ <wsse:Password>admin</wsse:Password>
+ </wsse:UsernameToken>
+ </wsse:Security>
</soapenv:Header>
<soapenv:Body>
<good:sayGoodbye>
Added: labs/jbossesb/trunk/product/samples/quickstarts/security_saml/src/org/jboss/soa/esb/samples/quickstart/securitysaml/DisplaySubjectAction.java
===================================================================
--- labs/jbossesb/trunk/product/samples/quickstarts/security_saml/src/org/jboss/soa/esb/samples/quickstart/securitysaml/DisplaySubjectAction.java (rev 0)
+++ labs/jbossesb/trunk/product/samples/quickstarts/security_saml/src/org/jboss/soa/esb/samples/quickstart/securitysaml/DisplaySubjectAction.java 2009-11-02 20:02:20 UTC (rev 29902)
@@ -0,0 +1,50 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2006, JBoss Inc., and others contributors as indicated
+ * by the @authors tag. All rights reserved.
+ * See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ * This copyrighted material is made available to anyone wishing to use,
+ * modify, copy, or redistribute it subject to the terms and conditions
+ * of the GNU Lesser General Public License, v. 2.1.
+ * This program is distributed in the hope that it will be useful, but WITHOUT A
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ * You should have received a copy of the GNU Lesser General Public License,
+ * v.2.1 along with this distribution; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02110-1301, USA.
+ *
+ * (C) 2005-2006,
+ * @author JBoss Inc.
+ */
+package org.jboss.soa.esb.samples.quickstart.securitysaml;
+
+import java.net.URL;
+import java.io.File;
+import java.io.FilePermission;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.CodeSource;
+import java.security.Permissions;
+import java.security.PermissionCollection;
+import java.security.Policy;
+
+import javax.security.auth.Subject;
+
+import org.jboss.soa.esb.ConfigurationException;
+import org.jboss.soa.esb.actions.AbstractActionLifecycle;
+import org.jboss.soa.esb.helpers.ConfigTree;
+import org.jboss.soa.esb.message.Message;
+
+public class DisplaySubjectAction extends AbstractActionLifecycle
+{
+ public DisplaySubjectAction(final ConfigTree config) {}
+
+ public Message process(final Message message) throws Exception
+ {
+ Subject subject = Subject.getSubject(AccessController.getContext());
+ System.out.println("Subject in MyListenerAction : " + subject);
+ return message;
+ }
+}
Added: labs/jbossesb/trunk/product/samples/quickstarts/security_saml/src/org/jboss/soa/esb/samples/quickstart/securitysaml/test/HttpClient.java
===================================================================
--- labs/jbossesb/trunk/product/samples/quickstarts/security_saml/src/org/jboss/soa/esb/samples/quickstart/securitysaml/test/HttpClient.java (rev 0)
+++ labs/jbossesb/trunk/product/samples/quickstarts/security_saml/src/org/jboss/soa/esb/samples/quickstart/securitysaml/test/HttpClient.java 2009-11-02 20:02:20 UTC (rev 29902)
@@ -0,0 +1,81 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.samples.quickstart.securitysaml.test;
+
+import org.jboss.remoting.Client;
+import org.jboss.remoting.InvokerLocator;
+import org.jboss.internal.soa.esb.util.StreamUtils;
+import org.jboss.remoting.transport.http.HTTPMetadataConstants;
+
+import java.util.HashMap;
+import java.util.Map;
+
+public class HttpClient
+{
+ // Default locator values
+ private static String transport = "http";
+ private static String host = "localhost";
+ private static int port = 5400;
+ private static String payload;
+
+ public void makeInvocation(String locatorURI) throws Throwable
+ {
+ InvokerLocator locator = new InvokerLocator(locatorURI);
+ System.out.println("Calling remoting server with locator uri of: " + locatorURI);
+
+ Client remotingClient = new Client(locator);
+ remotingClient.connect();
+
+ Map metadata = new HashMap();
+ metadata.put("TYPE", "POST");
+ remotingClient.invokeOneway(payload, metadata );
+
+ System.out.println("Sent http post to server.");
+ Integer responseCode = (Integer) metadata.get(HTTPMetadataConstants.RESPONSE_CODE);
+ String responseMessage = (String) metadata.get(HTTPMetadataConstants.RESPONSE_CODE_MESSAGE);
+ System.out.println("Response code from server: " + responseCode);
+ System.out.println("Response message from server: " + responseMessage);
+ remotingClient.disconnect();
+
+ }
+
+ public static void main(String[] args) throws Exception
+ {
+ if(args != null && args.length == 4)
+ {
+ transport = args[0];
+ host = args[1];
+ port = Integer.parseInt(args[2]);
+ payload = StreamUtils.getResourceAsString(args[3], "UTF-8");
+ }
+ String locatorURI = transport + "://" + host + ":" + port;
+ HttpClient client = new HttpClient();
+ try
+ {
+ client.makeInvocation(locatorURI);
+ }
+ catch(Throwable e)
+ {
+ e.printStackTrace();
+ }
+ }
+}
+
Modified: labs/jbossesb/trunk/product/services/soap/src/main/java/org/jboss/soa/esb/actions/soap/SOAPSamlHandler.java
===================================================================
--- labs/jbossesb/trunk/product/services/soap/src/main/java/org/jboss/soa/esb/actions/soap/SOAPSamlHandler.java 2009-11-02 16:07:37 UTC (rev 29901)
+++ labs/jbossesb/trunk/product/services/soap/src/main/java/org/jboss/soa/esb/actions/soap/SOAPSamlHandler.java 2009-11-02 20:02:20 UTC (rev 29902)
@@ -20,7 +20,6 @@
*/
package org.jboss.soa.esb.actions.soap;
-import java.io.IOException;
import java.util.Set;
import javax.xml.namespace.QName;
@@ -30,8 +29,9 @@
import javax.xml.ws.handler.soap.SOAPHandler;
import javax.xml.ws.handler.soap.SOAPMessageContext;
+import org.jboss.identity.federation.core.exceptions.ProcessingException;
+import org.jboss.identity.federation.core.wstrust.SamlCredential;
import org.jboss.soa.esb.services.security.auth.login.SamlContext;
-import org.jboss.soa.esb.services.security.auth.login.SamlCredential;
import org.w3c.dom.Element;
/**
@@ -54,10 +54,10 @@
try
{
- final SamlCredential samlPrincipal = SamlContext.getContext();
- if (samlPrincipal != null)
+ final SamlCredential samlCredential = SamlContext.getFirstSamlCredential();
+ if (samlCredential != null)
{
- final Element assertionElement = samlPrincipal.getAssertionElement();
+ final Element assertionElement = samlCredential.getAssertionAsElement();
SOAPSamlHandlerUtil.addAssertion(soapContext, securityQName, assertionElement);
}
}
@@ -65,11 +65,10 @@
{
throw new WebServiceException(e.getMessage(), e);
}
- catch (IOException e)
+ catch (ProcessingException e)
{
throw new WebServiceException(e.getMessage(), e);
}
-
return true;
}
Modified: labs/jbossesb/trunk/product/services/soap/src/test/java/org/jboss/soa/esb/actions/soap/SOAPSamlHandlerUnitTest.java
===================================================================
--- labs/jbossesb/trunk/product/services/soap/src/test/java/org/jboss/soa/esb/actions/soap/SOAPSamlHandlerUnitTest.java 2009-11-02 16:07:37 UTC (rev 29901)
+++ labs/jbossesb/trunk/product/services/soap/src/test/java/org/jboss/soa/esb/actions/soap/SOAPSamlHandlerUnitTest.java 2009-11-02 20:02:20 UTC (rev 29902)
@@ -36,10 +36,9 @@
import junit.framework.JUnit4TestAdapter;
+import org.jboss.identity.federation.core.wstrust.SamlCredential;
import org.jboss.internal.soa.esb.util.StreamUtils;
import org.jboss.internal.soa.esb.util.XMLHelper;
-import org.jboss.soa.esb.services.security.auth.login.SamlContext;
-import org.jboss.soa.esb.services.security.auth.login.SamlCredential;
import org.junit.Test;
/**
@@ -63,7 +62,6 @@
when(messageContext.getMessage()).thenReturn(soapMessage);
SamlCredential samlPrincipal = new SamlCredential(StreamUtils.readStreamString(getClass().getResourceAsStream("assertion.xml"), "UTF-8"));
- SamlContext.setContext(samlPrincipal);
boolean result = handler.handleMessage(messageContext);
assertTrue(result);
@@ -78,7 +76,7 @@
while (assertions.hasNext())
{
final SOAPElement assertionElement = assertions.next();
- final String expected = samlPrincipal.getAssertion();
+ final String expected = samlPrincipal.getAssertionAsString();
final String actual = SamlCredential.assertionToString(assertionElement);
assertTrue(XMLHelper.compareXMLContent(expected, actual));
}
More information about the jboss-svn-commits
mailing list