[jboss-svn-commits] JBL Code SVN: r29312 - in labs/jbossesb/workspace/dbevenius/saml_support/product: rosetta/src/org/jboss/soa/esb/actions/security and 5 other directories.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Fri Sep 11 09:28:02 EDT 2009
Author: beve
Date: 2009-09-11 09:28:01 -0400 (Fri, 11 Sep 2009)
New Revision: 29312
Added:
labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/SamlPrincipalUnitTest.java
labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/assertion.xml
Modified:
labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/internal/soa/esb/services/security/JBossASContextPropagator.java
labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/actions/security/JBossSTSAction.java
labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/AuthenticationRequestImpl.java
labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModule.java
labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/SamlPrincipal.java
labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/actions/security/JBossSTSActionUnitTest.java
labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModuleUnitTest.java
labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/jboss-esb.xml
Log:
Updates to JBossSTSAction and quickstart.
Modified: labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/internal/soa/esb/services/security/JBossASContextPropagator.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/internal/soa/esb/services/security/JBossASContextPropagator.java 2009-09-11 13:09:37 UTC (rev 29311)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/internal/soa/esb/services/security/JBossASContextPropagator.java 2009-09-11 13:28:01 UTC (rev 29312)
@@ -21,6 +21,7 @@
package org.jboss.internal.soa.esb.services.security;
import java.security.Principal;
+import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
@@ -54,7 +55,7 @@
// associate the subject with jboss security
Object credential = null;
- if (authCredentials != null)
+ if (authCredentials != null && authCredentials.isEmpty() == false)
{
credential = authCredentials.iterator().next();
}
Modified: labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/actions/security/JBossSTSAction.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/actions/security/JBossSTSAction.java 2009-09-11 13:09:37 UTC (rev 29311)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/actions/security/JBossSTSAction.java 2009-09-11 13:28:01 UTC (rev 29312)
@@ -20,9 +20,9 @@
*/
package org.jboss.soa.esb.actions.security;
+import java.io.Serializable;
import java.io.StringWriter;
-import javax.xml.bind.JAXBException;
import javax.xml.transform.Result;
import javax.xml.transform.Source;
import javax.xml.transform.Transformer;
@@ -41,46 +41,45 @@
import org.jboss.internal.soa.esb.assertion.AssertArgument;
import org.jboss.soa.esb.ConfigurationException;
import org.jboss.soa.esb.actions.AbstractActionPipelineProcessor;
-import org.jboss.soa.esb.actions.ActionLifecycleException;
import org.jboss.soa.esb.actions.ActionProcessingException;
import org.jboss.soa.esb.helpers.ConfigTree;
import org.jboss.soa.esb.listeners.message.MessageDeliverException;
import org.jboss.soa.esb.message.Message;
import org.jboss.soa.esb.message.MessagePayloadProxy;
+import org.jboss.soa.esb.services.security.PublicCryptoUtil;
+import org.jboss.soa.esb.services.security.SecurityService;
+import org.jboss.soa.esb.services.security.SecurityServiceException;
+import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
+import org.jboss.soa.esb.services.security.auth.AuthenticationRequestImpl;
import org.jboss.soa.esb.services.security.auth.login.JBossSTSConstants;
-import org.jboss.util.xml.DOMUtils;
+import org.jboss.soa.esb.services.security.auth.login.SamlPrincipal;
import org.w3c.dom.Element;
+
/**
- * This action support validation, issueing, and renewal of SAML Assertions by
- * calling JBossSTS (Security Token Service).
+ * This action support issueing SAML Assertions using JBossSTS (Security Token Service).
*
* @author <a href="mailto:dbevenius at jboss.com">Daniel Bevenius</a>
*
*/
public class JBossSTSAction extends AbstractActionPipelineProcessor
{
- private Logger log = Logger.getLogger(JBossSTSAction.class);
+ public static final String ADD_TO_ESB_AUTH_REQUEST = "addToEsbAuthRequest";
+ public static final String ADD_TO_ESB_MESSAGE = "addToEsbMessage";
- private String serviceName;
- private String portName;
- private String endpointAddress;
- private String username;
- private String password;
- private String tokenType;
+ private final Logger log = Logger.getLogger(JBossSTSAction.class);
+
+ private final String serviceName;
+ private final String portName;
+ private final String endpointAddress;
+ private final String username;
+ private final String password;
+ private final String tokenType;
+ private final MessagePayloadProxy payloadProxy;
- private boolean lazyInit;
+ private boolean addAssertionToEsbAuthRequest;
+ private boolean addAssertionToMessage;
- private WSTrustClient wsTrustClient;
- private MessagePayloadProxy payloadProxy;
-
- public JBossSTSAction(final ConfigTree config, final WSTrustClient wsTrustClient) throws ConfigurationException
- {
- this(config);
- AssertArgument.isNotNull(wsTrustClient, "wsTrustClient");
- this.wsTrustClient = wsTrustClient;
- }
-
public JBossSTSAction(final ConfigTree config) throws ConfigurationException
{
serviceName = config.getRequiredAttribute(JBossSTSConstants.SERVICE_NAME_OPTION);
@@ -89,56 +88,36 @@
username = config.getRequiredAttribute(JBossSTSConstants.USERNAME_OPTION);
password = config.getRequiredAttribute(JBossSTSConstants.PASSWORD_OPTION);
tokenType = config.getRequiredAttribute(JBossSTSConstants.TOKEN_TYPE_OPTION);
- lazyInit = config.getBooleanAttribute("layzInit", false);
payloadProxy = new MessagePayloadProxy(config);
- }
-
- @Override
- public void initialise() throws ActionLifecycleException
- {
- if (lazyInit == false)
+
+ addAssertionToEsbAuthRequest = config.getBooleanAttribute(ADD_TO_ESB_AUTH_REQUEST, false);
+ addAssertionToMessage = config.getBooleanAttribute(ADD_TO_ESB_MESSAGE, false);
+ if (!addAssertionToEsbAuthRequest && !addAssertionToMessage)
{
- try
- {
- initializeWSTrustClient();
- }
- catch (final ParsingException e)
- {
- throw new ActionLifecycleException("Caught ParsingException while creating WSTrustClient: ", e);
- }
+ throw new ConfigurationException("Atleast on of " + ADD_TO_ESB_AUTH_REQUEST + " or " + ADD_TO_ESB_MESSAGE + " properties must be set to true");
}
}
- private void initializeWSTrustClient() throws ParsingException
- {
- if (wsTrustClient == null)
- {
- wsTrustClient = new WSTrustClient(serviceName, portName, endpointAddress, new SecurityInfo(username, password));
- }
- }
-
public Message process(final Message message) throws ActionProcessingException
{
AssertArgument.isNotNull(message, "message");
- if (lazyInit)
+ try
{
- try
+ final WSTrustClient wsTrustClient = createWSTrustClient(message);
+ final Element assertion = wsTrustClient.issueToken(tokenType);
+
+ log.info("SecurityToken valid : " + wsTrustClient.validateToken(assertion));
+
+ if (addAssertionToMessage)
{
- initializeWSTrustClient();
+ payloadProxy.setPayload(message, assertion);
}
- catch (final ParsingException e)
+
+ if (addAssertionToEsbAuthRequest)
{
- throw new ActionProcessingException("Caught ParsingException while createing WSTrustClient: ", e);
+ addToEsbAuthRequest(assertion, message);
}
- }
-
- try
- {
- final Element assertion = wsTrustClient.issueToken(tokenType);
- logAssertion(assertion);
- log.info("SecurityToken valid : " + wsTrustClient.validateToken(assertion));
- payloadProxy.setPayload(message, assertion);
}
catch (final WSTrustException e)
{
@@ -148,35 +127,39 @@
{
throw new ActionProcessingException(e.getMessage(), e);
}
-
return message;
}
- private void logAssertion(final Element assertion)
+ private void addToEsbAuthRequest(final Element assertion, final Message message) throws ActionProcessingException
{
+ // create an AuthenticationRequest
+
+ final SamlPrincipal samlPrincipal = new SamlPrincipal(assertion);
+ final AuthenticationRequest authRequest = new AuthenticationRequestImpl.Builder(samlPrincipal).build();
try
{
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- Source source = new DOMSource(assertion);
- StringWriter writer = new StringWriter();
- Result result = new StreamResult(writer);
- transformer.transform(source, result);
- log.info("Assertion:");
- log.info(writer.toString());
+ // set the authentication request on the message
+ log.info("Adding SamlPrincipal to ESB Context as an AuthenticationRequest");
+ message.getContext().setContext(SecurityService.AUTH_REQUEST, PublicCryptoUtil.INSTANCE.encrypt((Serializable) authRequest));
}
- catch (TransformerConfigurationException e)
+ catch (final SecurityServiceException e)
{
- log.error(e.getMessage(), e);
+ throw new ActionProcessingException(e.getMessage(), e);
}
- catch (TransformerFactoryConfigurationError e)
+ }
+
+ WSTrustClient createWSTrustClient(final Message message) throws ActionProcessingException
+ {
+ try
{
- log.error(e.getMessage(), e);
+ return new WSTrustClient(serviceName, portName, endpointAddress, new SecurityInfo(username, password));
}
- catch (TransformerException e)
+ catch (final ParsingException e)
{
- log.error(e.getMessage(), e);
- }
-
+ throw new ActionProcessingException(e.getMessage(), e);
+ }
}
+
+
}
Modified: labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/AuthenticationRequestImpl.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/AuthenticationRequestImpl.java 2009-09-11 13:09:37 UTC (rev 29311)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/AuthenticationRequestImpl.java 2009-09-11 13:28:01 UTC (rev 29312)
@@ -88,10 +88,15 @@
private Map<String,Object> properties = new HashMap<String,Object>();
public Builder() {}
+
+ public Builder(final Principal principal)
+ {
+ this.principal = principal;
+ }
public Builder(final Principal principal, final Set<Object> credentials)
{
- this.principal = principal;
+ this(principal);
if ( credentials != null )
{
this.credentials.addAll(credentials);
Modified: labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModule.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModule.java 2009-09-11 13:09:37 UTC (rev 29311)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModule.java 2009-09-11 13:28:01 UTC (rev 29312)
@@ -41,6 +41,7 @@
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.identity.federation.saml.v2.assertion.SubjectType;
import org.jboss.security.auth.callback.ObjectCallback;
+import org.jboss.soa.esb.services.security.SecurityServiceException;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
import org.w3c.dom.Element;
@@ -118,18 +119,19 @@
throw new IllegalArgumentException("CallbackHandler must not be null");
}
this.callbackHandler = callbackHandler;
-
- if (wsTrustClient == null)
+ wsTrustClient = createWSTrustClient(stsServiceName, stsPortName, endpointAddress, stsUserName, stsPassword);
+ }
+
+ WSTrustClient createWSTrustClient(String stsServiceName, String stsPortName, String endpointAddress, String stsUserName, String stsPassword)
+ {
+ try
{
- try
- {
- wsTrustClient = new WSTrustClient(stsServiceName, stsPortName, endpointAddress, new SecurityInfo(stsUserName, stsPassword));
- }
- catch (final ParsingException e)
- {
- throw new IllegalStateException("Could not create WSTrustClient:", e);
- }
+ return new WSTrustClient(stsServiceName, stsPortName, endpointAddress, new SecurityInfo(stsUserName, stsPassword));
}
+ catch (final ParsingException e)
+ {
+ throw new IllegalStateException("Could not create WSTrustClient:", e);
+ }
}
private String getRequiredOption(final Map<String, ?> options, final String optionName)
@@ -143,11 +145,6 @@
return option;
}
- void setWSTrustClient(final WSTrustClient wsTrustClient)
- {
- this.wsTrustClient = wsTrustClient;
- }
-
/**
* @return true If the login was successful otherwise false.
* @throws LoginException
@@ -201,7 +198,7 @@
if (principal instanceof SamlPrincipal)
{
final SamlPrincipal samlPrincipal = (SamlPrincipal) principal;
- return samlPrincipal.getSamlToken();
+ return samlPrincipal.getAssertionElement();
}
throw new LoginException("Could not locate a SamplPrincipal in the AuthenticationRequest.");
@@ -214,14 +211,14 @@
if (success)
{
AssertionType samlTokenType = SAMLUtil.fromElement(samlToken);
- logger.info("Token : " + samlTokenType);
+ logger.info("Successfully validated Assertion. ");
// Use info to populate Subject.
SubjectType subjectType = samlTokenType.getSubject();
// Add the SamlToken to the authenticated Subjects principals
subject.getPrincipals().add(new SamlPrincipal(samlToken));
-
+
return true;
}
else
Modified: labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/SamlPrincipal.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/SamlPrincipal.java 2009-09-11 13:09:37 UTC (rev 29311)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/SamlPrincipal.java 2009-09-11 13:28:01 UTC (rev 29312)
@@ -20,34 +20,94 @@
*/
package org.jboss.soa.esb.services.security.auth.login;
+import java.io.IOException;
import java.io.Serializable;
+import java.io.StringWriter;
import java.security.Principal;
+import javax.xml.transform.Result;
+import javax.xml.transform.Source;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.TransformerFactoryConfigurationError;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.jboss.internal.soa.esb.assertion.AssertArgument;
+import org.jboss.soa.esb.services.security.SecurityServiceException;
+import org.jboss.util.xml.DOMUtils;
import org.w3c.dom.Element;
/**
* Principal that wraps a SAML Assertion.
*
* @author <a href="mailto:dbevenius at jboss.com">Daniel Bevenius</a>
- *
+ *
*/
public final class SamlPrincipal implements Principal, Serializable
{
- private Element samlToken;
+ private static final long serialVersionUID = -8496414959425288835L;
+
+ private String assertion;
- public SamlPrincipal(final Element samlToken)
+ public SamlPrincipal(final Element assertion)
{
- this.samlToken = samlToken;
+ this.assertion = SamlPrincipal.assertionToString(assertion);
}
+ public SamlPrincipal(final String assertion)
+ {
+ AssertArgument.isNotNull(assertion, "assertion");
+ this.assertion = assertion;
+ }
+
public String getName()
{
return "SamlPrincipal";
}
+
+ public String getAssertion()
+ {
+ return assertion;
+ }
- public Element getSamlToken()
+ public Element getAssertionElement() throws IOException
{
- return samlToken;
+ return SamlPrincipal.assertionToElement(assertion);
}
+
+ public static Element assertionToElement(final String assertion) throws IOException
+ {
+ return DOMUtils.parse(assertion);
+ }
+ public static String assertionToString(final Element assertion)
+ {
+ AssertArgument.isNotNull(assertion, "assertion");
+ try
+ {
+ Transformer transformer = TransformerFactory.newInstance().newTransformer();
+ final Source source = new DOMSource(assertion);
+ final StringWriter writer = new StringWriter();
+ final Result result = new StreamResult(writer);
+
+ transformer.transform(source, result);
+
+ return writer.toString();
+ }
+ catch (TransformerConfigurationException e)
+ {
+ throw new IllegalStateException(e.getMessage(), e);
+ }
+ catch (TransformerFactoryConfigurationError e)
+ {
+ throw new IllegalStateException(e.getMessage(), e);
+ }
+ catch (TransformerException e)
+ {
+ throw new IllegalStateException(e.getMessage(), e);
+ }
+ }
}
Modified: labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/actions/security/JBossSTSActionUnitTest.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/actions/security/JBossSTSActionUnitTest.java 2009-09-11 13:09:37 UTC (rev 29311)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/actions/security/JBossSTSActionUnitTest.java 2009-09-11 13:28:01 UTC (rev 29312)
@@ -30,6 +30,7 @@
import org.jboss.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.soa.esb.ConfigurationException;
+import org.jboss.soa.esb.actions.ActionProcessingException;
import org.jboss.soa.esb.helpers.ConfigTree;
import org.jboss.soa.esb.message.Message;
import org.jboss.soa.esb.message.format.MessageFactory;
@@ -53,7 +54,7 @@
when(mockWSTrustclient.issueToken((any(String.class)))).thenReturn(securityToken);
ConfigTree config = new ConfigBuilder().serviceName("dummy").portName("dummy").endpointAddress("dummy").tokenType("dummy").username("dummy").password("dummy").build();
- JBossSTSAction stsAction = new JBossSTSAction(config, mockWSTrustclient);
+ JBossSTSAction stsAction = new MockSTSAction(config, mockWSTrustclient);
stsAction.initialise();
Message message = MessageFactory.getInstance().getMessage();
@@ -144,12 +145,51 @@
return this;
}
+ public ConfigBuilder addToEsbMessage(final boolean add)
+ {
+ config.setAttribute(JBossSTSAction.ADD_TO_ESB_MESSAGE, Boolean.toString(add));
+ return this;
+ }
+
+ public ConfigBuilder addToEsbAuthRequestMessage(final boolean add)
+ {
+ config.setAttribute(JBossSTSAction.ADD_TO_ESB_AUTH_REQUEST, Boolean.toString(add));
+ return this;
+ }
+
public ConfigTree build()
{
+ if (config.getAttribute(JBossSTSAction.ADD_TO_ESB_MESSAGE) == null)
+ {
+ addToEsbMessage(true);
+ }
+
return config;
}
}
+ private class MockSTSAction extends JBossSTSAction
+ {
+ private WSTrustClient client;
+
+ public MockSTSAction(ConfigTree config) throws ConfigurationException
+ {
+ super(config);
+ }
+
+ public MockSTSAction(ConfigTree config, final WSTrustClient client) throws ConfigurationException
+ {
+ super(config);
+ this.client = client;
+ }
+
+ @Override
+ WSTrustClient createWSTrustClient(Message message) throws ActionProcessingException
+ {
+ return client;
+ }
+ }
+
public static junit.framework.Test suite()
{
return new JUnit4TestAdapter(JBossSTSActionUnitTest.class);
Modified: labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModuleUnitTest.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModuleUnitTest.java 2009-09-11 13:09:37 UTC (rev 29311)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModuleUnitTest.java 2009-09-11 13:28:01 UTC (rev 29312)
@@ -55,8 +55,7 @@
final WSTrustClient client = mock(WSTrustClient.class);
when(client.validateToken(any(Element.class))).thenReturn(true);
- final JBossSTSLoginModule loginModule = new JBossSTSLoginModule();
- loginModule.setWSTrustClient(client);
+ final JBossSTSLoginModule loginModule = new MockSTSLoginModule(client);
final Element samlToken = createSamlToken();
@@ -66,9 +65,6 @@
callbackHandler.setAuthenticationRequest(authRequest);
callbackHandler.setSecurityConfig(null);
- // Simulate that we already have an existing Saml Token set on the
- // Subject.
-
loginModule.initialize(new Subject(), callbackHandler, null, allOptions());
// Simulate Phase 1
@@ -86,8 +82,7 @@
final WSTrustClient client = mock(WSTrustClient.class);
when(client.validateToken(any(Element.class))).thenReturn(false);
- final JBossSTSLoginModule loginModule = new JBossSTSLoginModule();
- loginModule.setWSTrustClient(client);
+ final JBossSTSLoginModule loginModule = new MockSTSLoginModule(client);
final Element samlToken = createSamlToken();
@@ -109,8 +104,7 @@
{
Map<String, String> allOptions = allOptions();
allOptions.remove(JBossSTSConstants.SERVICE_NAME_OPTION);
- final JBossSTSLoginModule loginModule = new JBossSTSLoginModule();
- loginModule.setWSTrustClient(mock(WSTrustClient.class));
+ final JBossSTSLoginModule loginModule = new MockSTSLoginModule(mock(WSTrustClient.class));
loginModule.initialize(new Subject(), null, null, allOptions());
}
@@ -148,8 +142,7 @@
{
final Map<String, String> allOptions = allOptions();
allOptions.remove(optionName);
- final JBossSTSLoginModule loginModule = new JBossSTSLoginModule();
- loginModule.setWSTrustClient(mock(WSTrustClient.class));
+ final JBossSTSLoginModule loginModule = new MockSTSLoginModule(mock(WSTrustClient.class));
loginModule.initialize(new Subject(), new JBossSTSCallbackHandler(), null, allOptions);
}
@@ -225,6 +218,26 @@
{
return options;
}
+ }
+
+ private class MockSTSLoginModule extends JBossSTSLoginModule
+ {
+
+ private WSTrustClient client;
+ public MockSTSLoginModule() {}
+
+ public MockSTSLoginModule(final WSTrustClient client)
+ {
+ this.client = client;
+ }
+
+ @Override
+ WSTrustClient createWSTrustClient(String stsServiceName, String stsPortName, String endpointAddress, String stsUserName, String stsPassword)
+ {
+ return client;
+ }
+
+
}
}
Added: labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/SamlPrincipalUnitTest.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/SamlPrincipalUnitTest.java (rev 0)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/SamlPrincipalUnitTest.java 2009-09-11 13:28:01 UTC (rev 29312)
@@ -0,0 +1,88 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security.auth.login;
+
+import java.io.IOException;
+
+import javax.xml.transform.stream.StreamSource;
+
+import junit.framework.JUnit4TestAdapter;
+
+import org.custommonkey.xmlunit.XMLAssert;
+import org.custommonkey.xmlunit.XMLUnit;
+import org.jboss.internal.soa.esb.util.StreamUtils;
+import org.jboss.soa.esb.services.security.SecurityServiceException;
+import org.jboss.util.xml.DOMUtils;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
+
+/**
+ * Unit test for {@link SamlPrincipal}.
+ *
+ * @author <a href="mailto:dbevenius at jboss.com">Daniel Bevenius</a>
+ *
+ */
+public class SamlPrincipalUnitTest
+{
+ @BeforeClass
+ public static void setup()
+ {
+ XMLUnit.setIgnoreWhitespace( true );
+ }
+
+ @Test
+ public void stringConstructor() throws IOException, SecurityServiceException, SAXException
+ {
+ final SamlPrincipal samlPrincipal = new SamlPrincipal(StreamUtils.readStreamString(getClass().getResourceAsStream("assertion.xml"), "UTF-8"));
+ final Document expected = XMLUnit.buildControlDocument(new InputSource(getClass().getResourceAsStream("assertion.xml")));
+ final Document actual = XMLUnit.buildTestDocument(samlPrincipal.getAssertion());
+
+ XMLAssert.assertXMLEqual(expected, actual);
+ }
+
+ @Test
+ public void elementConstructor() throws IOException, SecurityServiceException, SAXException
+ {
+ final Element assertionElement = DOMUtils.parse(getClass().getResourceAsStream("assertion.xml"));
+ final String expectedAssertion = SamlPrincipal.assertionToString(assertionElement);
+
+ final SamlPrincipal samlPrincipal = new SamlPrincipal(assertionElement);
+ final String actualAssertion = samlPrincipal.getAssertion();
+
+ XMLAssert.assertXMLEqual(expectedAssertion, actualAssertion);
+ }
+
+ @Test (expected = IllegalArgumentException.class)
+ public void shoudThrowIfStringIsNull()
+ {
+ new SamlPrincipal((String)null);
+ }
+
+ public static junit.framework.Test suite()
+ {
+ return new JUnit4TestAdapter(SamlPrincipalUnitTest.class);
+ }
+
+}
Added: labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/assertion.xml
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/assertion.xml (rev 0)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/assertion.xml 2009-09-11 13:28:01 UTC (rev 29312)
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="ID_74414f7f-1339-4f80-b29a-c947d9177445" IssueInstant="2009-09-10T13:49:30.422Z" Version="2.0">
+ <Issuer>JBossSTS</Issuer>
+ <Subject>
+ <NameID NameQualifier="urn:jboss:identity-federation">beve</NameID>
+ <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
+ </Subject>
+ <Conditions NotBefore="2009-09-10T13:49:30.422Z" NotOnOrAfter="2009-09-10T15:49:30.422Z"/>
+ <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
+ <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
+ <dsig:Reference URI="#ID_74414f7f-1339-4f80-b29a-c947d9177445" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
+ <dsig:DigestValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">so9bv09wxSnauPiq6iC2zs6ubrQ=</dsig:DigestValue>
+ </dsig:Reference>
+ </dsig:SignedInfo>
+ <dsig:SignatureValue>Lf4DYODLtVxSVmd23HJzHTy61ZYDnpaJRTVbRLR2i2zU7v9mskYCVbXY8gm5PYY2V+iYvi+dJ3QlWP9dQu+DHK9rVJSGxSmzfPjrnMC84HH9j2BZBEdKVCpNCAFJQRL+E1jlRB194sjCiuxoMnlR927uMiNcHJRoBSi03kP5tOw=</dsig:SignatureValue>
+ <dsig:KeyInfo>
+ <dsig:KeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">suGIyhVTbFvDwZdx8Av62zmP+aGOlsBN8WUE3eEEcDtOIZgO78SImMQGwB2C0eIVMhiLRzVPqoW1dCPAveTm653zHOmubaps1fY0lLJDSZbTbhjeYhoQmmaBro/tDpVw5lKJns2qVnMuRK19ju2dxpKwlYGGtrP5VQv00dfNPbs=
+ </dsig:Modulus>
+ <dsig:Exponent xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </dsig:KeyValue>
+ </dsig:KeyInfo>
+ </dsig:Signature>
+</Assertion>
Modified: labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/jboss-esb.xml
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/jboss-esb.xml 2009-09-11 13:09:37 UTC (rev 29311)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/jboss-esb.xml 2009-09-11 13:28:01 UTC (rev 29312)
@@ -13,9 +13,9 @@
</jms-bus>
</jms-provider>
- <jbr-provider name="JBR-Http" protocol="http" host="localhost">
+ <!--jbr-provider name="JBR-Http" protocol="http" host="localhost">
<jbr-bus busid="Http-1" port="8765" />
- </jbr-provider>
+ </jbr-provider-->
</providers>
@@ -36,28 +36,36 @@
<property name="username" value="beve"/>
<property name="password" value="beve"/>
<property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"/>
- <property name="lazyInit" value="false"/>
+ <property name="addToEsbMessage" value="false"/>
+ <property name="addToEsbAuthRequest" value="true"/>
</action>
+ <action name="routeAction" class="org.jboss.soa.esb.actions.StaticRouter">
+ <property name="destinations">
+ <route-to service-category="SamlSecurityQuickstart" service-name="securedService"/>
+ </property>
+ </action>
+
</actions>
</service>
<service category="SamlSecurityQuickstart" name="securedService" description="">
- <security moduleName="jbossesb-saml" rolesAllowed="admin" callbackHandler="org.jboss.soa.esb.services.security.auth.login.JBossSTSCallbackHandler"/>
+ <security moduleName="jbossesb-saml" callbackHandler="org.jboss.soa.esb.services.security.auth.login.JBossSTSCallbackHandler"/>
+
<listeners>
- <jbr-listener name="Http-Gateway" busidref="Http-1" is-gateway="true"/>
+ <!--jbr-listener name="Http-Gateway" busidref="Http-1" is-gateway="true"/-->
<jms-listener name="JMS-ESBListener" busidref="quickstartEsbChannel"/>
</listeners>
- <actions>
+ <actions mep="OneWay">
<action name="print-before" class="org.jboss.soa.esb.samples.quickstart.securitysaml.PrintSubjectAction"/>
- <action name="JBossWSAdapter" class="org.jboss.soa.esb.actions.soap.SOAPProcessor">
+ <!--action name="JBossWSAdapter" class="org.jboss.soa.esb.actions.soap.SOAPProcessor">
<property name="jbossws-endpoint" value="GoodbyeWorldWS"/>
- </action>
- <action name="testStore" class="org.jboss.soa.esb.actions.TestMessageStore"/>
+ </action-->
+
</actions>
</service>
More information about the jboss-svn-commits
mailing list