[jboss-svn-commits] JBL Code SVN: r29404 - in labs/jbossesb/workspace/dbevenius/saml_support/product: rosetta/src/org/jboss/soa/esb/actions/security and 8 other directories.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Fri Sep 18 09:14:23 EDT 2009
Author: beve
Date: 2009-09-18 09:14:23 -0400 (Fri, 18 Sep 2009)
New Revision: 29404
Added:
labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/WSTrustClientConfig.java
labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/JBossSTSSAML20SecurityHandler.java
labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/jboss-sts-client.properties
labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/actions/security/jboss-sts-client.properties
labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/WSTrustClientConfigUnitTest.java
labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/jboss-sts-client.properties
labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/JBossSTSSAML20SecurityHandlerUnitTest.java
labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/jboss-sts-client.properties
labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/jboss-sts-client.properties
Removed:
labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/jboss-sts.properties
Modified:
labs/jbossesb/workspace/dbevenius/saml_support/product/.classpath
labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/actions/security/JBossSTSAction.java
labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModule.java
labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/JBossSTSSecurityHandler.java
labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/actions/security/JBossSTSActionUnitTest.java
labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModuleUnitTest.java
labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/build.xml
labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/jboss-esb.xml
labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/login-config.xml
labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/src/org/jboss/soa/esb/samples/quickstart/securitysaml/webservice/handlerchain.xml
Log:
updates to configuration handling with WSTrustClient. Work in progress.
Modified: labs/jbossesb/workspace/dbevenius/saml_support/product/.classpath
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/.classpath 2009-09-18 10:28:45 UTC (rev 29403)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/.classpath 2009-09-18 13:14:23 UTC (rev 29404)
@@ -43,7 +43,6 @@
<classpathentry kind="lib" path="build/lib/commons-lang-2.1.jar"/>
<classpathentry kind="lib" path="build/lib/commons-logging-1.1.jar"/>
<classpathentry kind="lib" path="build/lib/dom4j-1.6.1.jar"/>
- <classpathentry kind="lib" path="build/lib/freemarker-2.3.11.jar"/>
<classpathentry kind="lib" path="build/lib/groovy-all-1.5.4.jar"/>
<classpathentry kind="lib" path="build/lib/h2-1.0.68.jar"/>
<classpathentry kind="lib" path="build/lib/hibernate3-3.2.4.SP1.jar"/>
@@ -131,7 +130,6 @@
<classpathentry kind="var" path="ESB_ROOT/testlib/junit-4.1.jar"/>
<classpathentry kind="var" path="ESB_ROOT/testlib/mockejb.jar"/>
<classpathentry kind="var" path="ESB_ROOT/testlib/xmlunit-1.2.jar"/>
- <classpathentry kind="lib" path="build/lib/freemarker-2.3.11.jar"/>
<classpathentry kind="lib" path="lib/ext/mockito-all-1.8.0.jar"/>
<classpathentry kind="lib" path="lib/ext/milyn-smooks-core-1.3-20090908.125018-2.jar"/>
<classpathentry kind="lib" path="lib/ext/milyn-commons-1.3-20090908.105925-1.jar"/>
@@ -141,5 +139,6 @@
<classpathentry kind="lib" path="build/lib/jboss-identity-fed-core-1.0.0.beta2.jar"/>
<classpathentry kind="lib" path="build/lib/jboss-identity-fed-model-1.0.0.beta2.jar"/>
<classpathentry kind="lib" path="build/lib/jboss-identity-xmlsec-model-1.0.0.beta2.jar"/>
+ <classpathentry kind="lib" path="build/lib/freemarker-2.3.11.jar"/>
<classpathentry kind="output" path="bin"/>
</classpath>
Modified: labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/actions/security/JBossSTSAction.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/actions/security/JBossSTSAction.java 2009-09-18 10:28:45 UTC (rev 29403)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/actions/security/JBossSTSAction.java 2009-09-18 13:14:23 UTC (rev 29404)
@@ -21,18 +21,7 @@
package org.jboss.soa.esb.actions.security;
import java.io.Serializable;
-import java.io.StringWriter;
-import javax.xml.transform.Result;
-import javax.xml.transform.Source;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerConfigurationException;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.TransformerFactoryConfigurationError;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-
import org.apache.log4j.Logger;
import org.jboss.identity.federation.api.wstrust.WSTrustClient;
import org.jboss.identity.federation.api.wstrust.WSTrustClient.SecurityInfo;
@@ -43,7 +32,6 @@
import org.jboss.soa.esb.actions.AbstractActionPipelineProcessor;
import org.jboss.soa.esb.actions.ActionProcessingException;
import org.jboss.soa.esb.helpers.ConfigTree;
-import org.jboss.soa.esb.listeners.message.MessageDeliverException;
import org.jboss.soa.esb.message.Message;
import org.jboss.soa.esb.message.MessagePayloadProxy;
import org.jboss.soa.esb.services.security.PublicCryptoUtil;
@@ -51,9 +39,9 @@
import org.jboss.soa.esb.services.security.SecurityServiceException;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequestImpl;
-import org.jboss.soa.esb.services.security.auth.login.JBossSTSConstants;
import org.jboss.soa.esb.services.security.auth.login.SamlContext;
import org.jboss.soa.esb.services.security.auth.login.SamlPrincipal;
+import org.jboss.soa.esb.services.security.auth.login.WSTrustClientConfig;
import org.w3c.dom.Element;
@@ -66,28 +54,22 @@
public class JBossSTSAction extends AbstractActionPipelineProcessor
{
public static final String ADD_TO_ESB_AUTH_REQUEST = "addToEsbAuthRequest";
- public static final String ADD_TO_ESB_MESSAGE = "addToEsbMessage";
+ public static final String STS_CONFIG = "configFile";
+ public static final String TOKEN_TYPE_OPTION = "tokenType";
private final Logger log = Logger.getLogger(JBossSTSAction.class);
- private final String serviceName;
- private final String portName;
- private final String endpointAddress;
- private final String username;
- private final String password;
+ private WSTrustClientConfig wsTrustConfig;
private final String tokenType;
+
private final MessagePayloadProxy payloadProxy;
private boolean addAssertionToEsbAuthRequest;
public JBossSTSAction(final ConfigTree config) throws ConfigurationException
{
- serviceName = config.getRequiredAttribute(JBossSTSConstants.SERVICE_NAME_OPTION);
- portName = config.getRequiredAttribute(JBossSTSConstants.PORT_NAME_OPTION);
- endpointAddress = config.getRequiredAttribute(JBossSTSConstants.ENDPOINT_ADDRESS_OPTION);
- username = config.getRequiredAttribute(JBossSTSConstants.USERNAME_OPTION);
- password = config.getRequiredAttribute(JBossSTSConstants.PASSWORD_OPTION);
- tokenType = config.getRequiredAttribute(JBossSTSConstants.TOKEN_TYPE_OPTION);
+ wsTrustConfig = new WSTrustClientConfig.Builder().build(config.getRequiredAttribute(STS_CONFIG));
+ tokenType = config.getRequiredAttribute(TOKEN_TYPE_OPTION);
payloadProxy = new MessagePayloadProxy(config);
addAssertionToEsbAuthRequest = config.getBooleanAttribute(ADD_TO_ESB_AUTH_REQUEST, false);
}
@@ -139,7 +121,10 @@
{
try
{
- return new WSTrustClient(serviceName, portName, endpointAddress, new SecurityInfo(username, password));
+ return new WSTrustClient(wsTrustConfig.getServiceName(),
+ wsTrustConfig.getPortName(),
+ wsTrustConfig.getEndPointAddress(),
+ new SecurityInfo(wsTrustConfig.getUsername(), wsTrustConfig.getPassword()));
}
catch (final ParsingException e)
{
Modified: labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModule.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModule.java 2009-09-18 10:28:45 UTC (rev 29403)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModule.java 2009-09-18 13:14:23 UTC (rev 29404)
@@ -41,7 +41,6 @@
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.identity.federation.saml.v2.assertion.SubjectType;
import org.jboss.security.auth.callback.ObjectCallback;
-import org.jboss.soa.esb.services.security.SecurityServiceException;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
import org.w3c.dom.Element;
@@ -61,6 +60,12 @@
public class JBossSTSLoginModule implements LoginModule
{
private Logger logger = Logger.getLogger(JBossSTSLoginModule.class);
+
+ /**
+ * This is the required option that should identify the configuration
+ * file for WSTrustClient.
+ */
+ public static final String STS_CONFIG_FILE = "configFile";
/**
* The subject to be populated.
@@ -107,26 +112,26 @@
{
this.subject = subject;
- final String stsServiceName = getRequiredOption(options, JBossSTSConstants.SERVICE_NAME_OPTION);
- final String stsPortName = getRequiredOption(options, JBossSTSConstants.PORT_NAME_OPTION);
- final String endpointAddress = getRequiredOption(options, JBossSTSConstants.ENDPOINT_ADDRESS_OPTION);
-
- final String stsUserName = getRequiredOption(options, JBossSTSConstants.USERNAME_OPTION);
- final String stsPassword = getRequiredOption(options, JBossSTSConstants.PASSWORD_OPTION);
if (callbackHandler == null)
{
throw new IllegalArgumentException("CallbackHandler must not be null");
}
this.callbackHandler = callbackHandler;
- wsTrustClient = createWSTrustClient(stsServiceName, stsPortName, endpointAddress, stsUserName, stsPassword);
+
+ final String configFile = getRequiredOption(options, STS_CONFIG_FILE);
+ WSTrustClientConfig config = new WSTrustClientConfig.Builder().build(configFile);
+ wsTrustClient = createWSTrustClient(config);
}
- WSTrustClient createWSTrustClient(String stsServiceName, String stsPortName, String endpointAddress, String stsUserName, String stsPassword)
+ WSTrustClient createWSTrustClient(final WSTrustClientConfig config)
{
try
{
- return new WSTrustClient(stsServiceName, stsPortName, endpointAddress, new SecurityInfo(stsUserName, stsPassword));
+ return new WSTrustClient(config.getServiceName(),
+ config.getPortName(),
+ config.getEndPointAddress(),
+ new SecurityInfo(config.getUsername(), config.getPassword()));
}
catch (final ParsingException e)
{
Added: labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/WSTrustClientConfig.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/WSTrustClientConfig.java (rev 0)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/WSTrustClientConfig.java 2009-09-18 13:14:23 UTC (rev 29404)
@@ -0,0 +1,221 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security.auth.login;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Properties;
+
+/**
+ *
+ * @author <a href="mailto:dbevenius at jboss.com">Daniel Bevenius</a>
+ *
+ */
+public class WSTrustClientConfig
+{
+ public static final String DEFAULT_CONFIG_FILE = "jboss-sts-client.properties";
+
+ public static final String SERVICE_NAME = "serviceName";
+ public static final String PORT_NAME = "portName";
+ public static final String ENDPOINT_ADDRESS = "endpointAddress";
+ public static final String USERNAME = "username";
+ public static final String PASSWORD = "password";
+ public static final String TOKEN_TYPE = "tokenType";
+
+
+ private String serviceName;
+ private String portName;
+ private String endpointAddress;
+ private String username;
+ private String password;
+
+ private WSTrustClientConfig(final Builder builder)
+ {
+ serviceName = builder.serviceName;
+ portName = builder.portName;
+ endpointAddress = builder.endpointAddress;
+ username = builder.username;
+ password = builder.password;
+ }
+
+ public String getServiceName()
+ {
+ return serviceName;
+ }
+
+ public String getPortName()
+ {
+ return portName;
+ }
+
+ public String getEndPointAddress()
+ {
+ return endpointAddress;
+ }
+
+ public String getUsername()
+ {
+ return username;
+ }
+
+ public String getPassword()
+ {
+ return password;
+ }
+
+ public String toString()
+ {
+ return getClass().getSimpleName() + "[serviceName=" + serviceName + ", portName=" + portName + ", endpointAddress=" + endpointAddress + "]";
+ }
+
+ public static class Builder
+ {
+ private String serviceName;
+ private String portName;
+ private String endpointAddress;
+ private String username;
+ private String password;
+
+ public Builder serviceName(final String serviceName)
+ {
+ this.serviceName = serviceName;
+ return this;
+ }
+
+ public Builder portName(final String portName)
+ {
+ this.portName = portName;
+ return this;
+ }
+
+ public Builder endpointAddress(final String address)
+ {
+ this.endpointAddress = address;
+ return this;
+ }
+
+ public Builder username(final String username)
+ {
+ this.username = username;
+ return this;
+ }
+
+ public Builder password(final String password)
+ {
+ this.password = password;
+ return this;
+ }
+
+ public WSTrustClientConfig build()
+ {
+ validate(this);
+ return new WSTrustClientConfig(this);
+ }
+
+ private void validate(Builder builder)
+ {
+ checkPropertyShowValue(serviceName, SERVICE_NAME);
+ checkPropertyShowValue(portName, PORT_NAME);
+ checkPropertyShowValue(endpointAddress, endpointAddress);
+ checkProperty(username, USERNAME);
+ checkProperty(password, PASSWORD);
+ }
+
+ private void checkPropertyShowValue(final String propertyName, final String propertyValue)
+ {
+ if (propertyValue == null || propertyValue.equals(""))
+ throw new IllegalArgumentException(propertyName + " property must not be null or empty was:" + propertyValue);
+ }
+
+ private void checkProperty(final String propertyName, final String propertyValue)
+ {
+ if (propertyValue == null || propertyValue.equals(""))
+ throw new IllegalArgumentException(propertyName + " property must not be null");
+ }
+
+ public WSTrustClientConfig build(final String configFile)
+ {
+ InputStream in = null;
+
+ try
+ {
+ in = getResource(configFile);
+ if (in == null)
+ {
+ throw new IllegalStateException("Could not find properties file " + configFile);
+
+ }
+ final Properties properties = new Properties();
+ properties.load(in);
+ this.serviceName = properties.getProperty(SERVICE_NAME);
+ this.portName = properties.getProperty(PORT_NAME);
+ this.endpointAddress = properties.getProperty(ENDPOINT_ADDRESS);
+ this.username = properties.getProperty(USERNAME);
+ this.password = properties.getProperty(PASSWORD);
+ }
+ catch (IOException e)
+ {
+ throw new IllegalStateException("Could not load properties from " + configFile);
+ }
+ finally
+ {
+ try
+ {
+ if (in != null)
+ in.close();
+ }
+ catch (final IOException e)
+ {
+ e.printStackTrace();
+ }
+ }
+
+ validate(this);
+ return new WSTrustClientConfig(this);
+ }
+ }
+
+ private static InputStream getResource(String resource) throws IOException
+ {
+ // Try it as a File resource...
+ final File file = new File(resource);
+
+ if (file.exists() && !file.isDirectory())
+ {
+ return new FileInputStream(file);
+ }
+ // Try it as a classpath resource ...
+ final ClassLoader threadClassLoader = Thread.currentThread().getContextClassLoader() ;
+ if (threadClassLoader != null)
+ {
+ final InputStream is = threadClassLoader.getResourceAsStream(resource) ;
+ if (is != null)
+ {
+ return is ;
+ }
+ }
+
+ return null;
+ }
+
+}
Added: labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/JBossSTSSAML20SecurityHandler.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/JBossSTSSAML20SecurityHandler.java (rev 0)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/JBossSTSSAML20SecurityHandler.java 2009-09-18 13:14:23 UTC (rev 29404)
@@ -0,0 +1,50 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security.auth.ws;
+
+import javax.xml.namespace.QName;
+
+/**
+ *
+ * @author <a href="mailto:dbevenius at jboss.com">Daniel Bevenius</a>
+ *
+ */
+public class JBossSTSSAML20SecurityHandler extends JBossSTSSecurityHandler
+{
+ public static final String SECURITY_ELEMENT_NAME = "Security";
+ public static final String SECURITY_ELEMENT_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
+
+ public static final String SAML_TOKEN_NAME = "Assertion";
+ public static final String SAML_TOKEN_NS = "urn:oasis:names:tc:SAML:2.0:assertion";
+
+ @Override
+ public QName getSecurityElementQName()
+ {
+ return new QName(SECURITY_ELEMENT_NS, SECURITY_ELEMENT_NAME);
+ }
+
+ @Override
+ public QName getTokenElementQName()
+ {
+ return new QName(SAML_TOKEN_NS, SAML_TOKEN_NAME);
+ }
+
+}
Modified: labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/JBossSTSSecurityHandler.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/JBossSTSSecurityHandler.java 2009-09-18 10:28:45 UTC (rev 29403)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/JBossSTSSecurityHandler.java 2009-09-18 13:14:23 UTC (rev 29404)
@@ -1,9 +1,27 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
package org.jboss.soa.esb.services.security.auth.ws;
-import java.io.InputStream;
-import java.net.URL;
+import java.util.HashSet;
import java.util.Iterator;
-import java.util.Properties;
import java.util.Set;
import javax.xml.namespace.QName;
@@ -17,38 +35,42 @@
import org.apache.log4j.Logger;
import org.jboss.identity.federation.api.wstrust.WSTrustClient;
import org.jboss.identity.federation.api.wstrust.WSTrustClient.SecurityInfo;
-import org.jboss.identity.federation.core.exceptions.ConfigurationException;
-import org.jboss.soa.esb.services.security.auth.login.JBossSTSConstants;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.soa.esb.services.security.auth.login.WSTrustClientConfig;
import org.w3c.dom.Element;
-public class JBossSTSSecurityHandler implements SOAPHandler<SOAPMessageContext>
+/**
+ * JBossSTSSecurityHandler is a server side JAXWS SOAP Protocol handler
+ * that will extract a Security Token from the SOAP Security Header
+ * and validate the token with JBoss Security Token Service (STS)
+ * <p/>
+ *
+ * @author <a href="mailto:dbevenius at jboss.com">Daniel Bevenius</a>
+ *
+ */
+public abstract class JBossSTSSecurityHandler implements SOAPHandler<SOAPMessageContext>
{
private Logger log = Logger.getLogger(JBossSTSSecurityHandler.class);
-
- private static final String JBOSS_STS_PROPERTIES = "/jboss-sts.properties";
-
+
+ public abstract QName getSecurityElementQName();
+ public abstract QName getTokenElementQName();
+
+ /**
+ *
+ * @param messageContext
+ */
public boolean handleMessage(final SOAPMessageContext messageContext)
{
final Boolean outBound = (Boolean) messageContext.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
if (outBound.booleanValue())
- return false;
+ return true;
try
{
- final Properties conf = getConfiguration();
- log.info("Properties : " + conf);
- final String serviceName = conf.getProperty(JBossSTSConstants.SERVICE_NAME_OPTION);
- final String portName = conf.getProperty(JBossSTSConstants.PORT_NAME_OPTION);
- final String endpointAddress = conf.getProperty(JBossSTSConstants.ENDPOINT_ADDRESS_OPTION);
- final String username = conf.getProperty(JBossSTSConstants.USERNAME_OPTION);
- final String password = conf.getProperty(JBossSTSConstants.PASSWORD_OPTION);
-
- final WSTrustClient wsTrustClient = new WSTrustClient(serviceName, portName, endpointAddress, new SecurityInfo(username, password));
+ final WSTrustClientConfig config = new WSTrustClientConfig.Builder().build(WSTrustClientConfig.DEFAULT_CONFIG_FILE);
+ final WSTrustClient wsTrustClient = createWSTrustClient(config);
- QName securityQName = getSecurityQName(conf);
- QName tokenQName = getTokenQName(conf);
-
- Element securityToken = extractSecurityToken(messageContext, securityQName, tokenQName);
+ Element securityToken = extractSecurityToken(messageContext, getSecurityElementQName(), getTokenElementQName());
// Validate the security token with JBossSTS
final boolean valid = wsTrustClient.validateToken(securityToken);
if (valid == false)
@@ -69,21 +91,29 @@
}
return false;
}
+
+ protected WSTrustClient createWSTrustClient(final WSTrustClientConfig config) throws ParsingException
+ {
+ return new WSTrustClient(config.getServiceName(),
+ config.getPortName(),
+ config.getEndPointAddress(),
+ new SecurityInfo(config.getUsername(), config.getPassword()));
+ }
private Element extractSecurityToken(final SOAPMessageContext messageContext, final QName securityQName, final QName tokenQName) throws SOAPException
{
- SOAPHeader soapHeader = messageContext.getMessage().getSOAPHeader();
+ final SOAPHeader soapHeader = messageContext.getMessage().getSOAPHeader();
// Inspect all SOAP Headers
- Iterator examineAllHeaderElements = soapHeader.examineAllHeaderElements();
+ final Iterator examineAllHeaderElements = soapHeader.examineAllHeaderElements();
while (examineAllHeaderElements.hasNext())
{
- SOAPHeaderElement elem = (SOAPHeaderElement) examineAllHeaderElements.next();
- QName elementQName = elem.getElementQName();
+ final SOAPHeaderElement elem = (SOAPHeaderElement) examineAllHeaderElements.next();
+ final QName elementQName = elem.getElementQName();
if (elementQName.equals(securityQName))
{
// Get all(should only be one) the of the Security Headers
// that we are interested in.
- Iterator childElements = elem.getChildElements(tokenQName);
+ final Iterator childElements = elem.getChildElements(tokenQName);
while (childElements.hasNext())
{
return (Element) childElements.next();
@@ -93,32 +123,11 @@
return null;
}
- private QName getSecurityQName(final Properties conf)
- {
- String securityElementName = conf.getProperty("securityElementName");
- String securityElementNS = conf.getProperty("securityElementNS");
- if (securityElementName == null)
- securityElementName = "Security";
- if (securityElementNS == null)
- securityElementNS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
- return new QName(securityElementNS, securityElementName);
- }
-
- private QName getTokenQName(final Properties conf)
- {
- String tokenElementName = conf.getProperty("tokenElementName");
- if (tokenElementName == null)
- tokenElementName = "Assertion";
- String tokenElementNS = conf.getProperty("tokenElementNS");
- if (tokenElementNS == null)
- tokenElementNS = "urn:oasis:names:tc:SAML:2.0:assertion";
-
- return new QName(tokenElementNS, tokenElementName);
- }
-
public Set<QName> getHeaders()
{
- return null;
+ final HashSet<QName> headers = new HashSet<QName>();
+ headers.add(getSecurityElementQName());
+ return headers;
}
public void close(final MessageContext messageContext)
@@ -130,30 +139,4 @@
return false;
}
- protected Properties getConfiguration() throws Exception
- {
- // get the configuration file and parse it.
- URL configurationFile = getClass().getResource(JBOSS_STS_PROPERTIES);
- if (configurationFile == null)
- throw new ConfigurationException("Could not locate '" + JBOSS_STS_PROPERTIES + "'");
-
- InputStream in = null;
- ;
- try
- {
- final Properties properties = new Properties();
- in = configurationFile.openStream();
- properties.load(in);
- return properties;
- }
- catch (Exception e)
- {
- throw new RuntimeException("Error parsing the configuration file:", e);
- }
- finally
- {
- in.close();
- }
- }
-
}
Added: labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/jboss-sts-client.properties
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/jboss-sts-client.properties (rev 0)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/jboss-sts-client.properties 2009-09-18 13:14:23 UTC (rev 29404)
@@ -0,0 +1,5 @@
+serviceName=JBossSTS
+portName=JBossSTSPort
+endpointAddress=http://localhost:8080/jboss-sts/JBossSTS
+username=admin
+password=admin
Modified: labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/actions/security/JBossSTSActionUnitTest.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/actions/security/JBossSTSActionUnitTest.java 2009-09-18 10:28:45 UTC (rev 29403)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/actions/security/JBossSTSActionUnitTest.java 2009-09-18 13:14:23 UTC (rev 29404)
@@ -54,7 +54,7 @@
Element securityToken = SAMLUtil.toElement(new AssertionType());
when(mockWSTrustclient.issueToken((any(String.class)))).thenReturn(securityToken);
- ConfigTree config = new ConfigBuilder().serviceName("dummy").portName("dummy").endpointAddress("dummy").tokenType("dummy").username("dummy").password("dummy").build();
+ ConfigTree config = new ConfigBuilder().configFile("jboss-sts-client.properties").tokenType("dummy").build();
JBossSTSAction stsAction = new MockSTSAction(config, mockWSTrustclient);
stsAction.initialise();
@@ -65,40 +65,10 @@
SamlContext.clearContext();
}
- @Test (expected = ConfigurationException.class)
- public void shouldThrowIfServiceNameIsMissing() throws ConfigurationException
- {
- new JBossSTSAction(new ConfigBuilder().portName("dummy").endpointAddress("dummy").tokenType("dummy").username("dummy").password("dummy").build());
- }
-
- @Test (expected = ConfigurationException.class)
- public void shouldThrowIfPortNameIsMissing() throws ConfigurationException
- {
- new JBossSTSAction(new ConfigBuilder().serviceName("dummy").endpointAddress("dummy").tokenType("dummy").username("dummy").password("dummy").build());
- }
-
@Test (expected = ConfigurationException.class)
- public void shouldThrowIfEndpointAddresIsMissing() throws ConfigurationException
- {
- new JBossSTSAction(new ConfigBuilder().serviceName("dummy").portName("dummy").tokenType("dummy").username("dummy").password("dummy").build());
- }
-
- @Test (expected = ConfigurationException.class)
- public void shouldThrowIfUsernameIsMissing() throws ConfigurationException
- {
- new JBossSTSAction(new ConfigBuilder().serviceName("dummy").portName("dummy").endpointAddress("dummy").tokenType("dummy").password("dummy").build());
- }
-
- @Test (expected = ConfigurationException.class)
- public void shouldThrowIfPasswordIsMissing() throws ConfigurationException
- {
- new JBossSTSAction(new ConfigBuilder().serviceName("dummy").portName("dummy").endpointAddress("dummy").tokenType("dummy").username("dummy").build());
- }
-
- @Test (expected = ConfigurationException.class)
public void shouldThrowIfTokenTypeIsMissing() throws ConfigurationException
{
- new JBossSTSAction(new ConfigBuilder().serviceName("dummy").portName("dummy").endpointAddress("dummy").username("dummy").build());
+ new JBossSTSAction(new ConfigBuilder().configFile("jboss-sts-client.properties").build());
}
private static class ConfigBuilder
@@ -110,42 +80,18 @@
config = new ConfigTree(getClass().getSimpleName());
}
- public ConfigBuilder serviceName(final String serviceName)
+ public ConfigBuilder configFile(final String file)
{
- config.setAttribute(JBossSTSConstants.SERVICE_NAME_OPTION, serviceName);
+ config.setAttribute(JBossSTSAction.STS_CONFIG, file);
return this;
}
- public ConfigBuilder portName(final String portname)
- {
- config.setAttribute(JBossSTSConstants.PORT_NAME_OPTION, portname);
- return this;
- }
-
- public ConfigBuilder endpointAddress(final String endpoint)
- {
- config.setAttribute(JBossSTSConstants.ENDPOINT_ADDRESS_OPTION, endpoint);
- return this;
- }
-
public ConfigBuilder tokenType(final String tokenType)
{
config.setAttribute(JBossSTSConstants.TOKEN_TYPE_OPTION, tokenType);
return this;
}
- public ConfigBuilder username(final String username)
- {
- config.setAttribute(JBossSTSConstants.USERNAME_OPTION, username);
- return this;
- }
-
- public ConfigBuilder password(final String password)
- {
- config.setAttribute(JBossSTSConstants.PASSWORD_OPTION, password);
- return this;
- }
-
public ConfigBuilder addToEsbAuthRequestMessage(final boolean add)
{
config.setAttribute(JBossSTSAction.ADD_TO_ESB_AUTH_REQUEST, Boolean.toString(add));
Added: labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/actions/security/jboss-sts-client.properties
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/actions/security/jboss-sts-client.properties (rev 0)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/actions/security/jboss-sts-client.properties 2009-09-18 13:14:23 UTC (rev 29404)
@@ -0,0 +1,5 @@
+serviceName=JBossSTS
+portName=JBossSTSPort
+endpointAddress=http://localhost:8080/jboss-sts/JBossSTS
+username=admin
+password=admin
Modified: labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModuleUnitTest.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModuleUnitTest.java 2009-09-18 10:28:45 UTC (rev 29403)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModuleUnitTest.java 2009-09-18 13:14:23 UTC (rev 29404)
@@ -108,44 +108,6 @@
loginModule.initialize(new Subject(), null, null, allOptions());
}
- @Test (expected = IllegalArgumentException.class)
- public void missingServerNameOption()
- {
- assertMissingOption(JBossSTSConstants.SERVICE_NAME_OPTION);
- }
-
- @Test (expected = IllegalArgumentException.class)
- public void missingPortNameOption()
- {
- assertMissingOption(JBossSTSConstants.PORT_NAME_OPTION);
- }
-
- @Test (expected = IllegalArgumentException.class)
- public void missingEndpointAddressOption()
- {
- assertMissingOption(JBossSTSConstants.ENDPOINT_ADDRESS_OPTION);
- }
-
- @Test (expected = IllegalArgumentException.class)
- public void missingUsernameOption()
- {
- assertMissingOption(JBossSTSConstants.USERNAME_OPTION);
- }
-
- @Test (expected = IllegalArgumentException.class)
- public void missingPasswordOption()
- {
- assertMissingOption(JBossSTSConstants.PASSWORD_OPTION);
- }
-
- private void assertMissingOption(final String optionName)
- {
- final Map<String, String> allOptions = allOptions();
- allOptions.remove(optionName);
- final JBossSTSLoginModule loginModule = new MockSTSLoginModule(mock(WSTrustClient.class));
- loginModule.initialize(new Subject(), new JBossSTSCallbackHandler(), null, allOptions);
- }
-
private Element createSamlToken() throws Exception
{
AssertionType assertionType = new AssertionType();
@@ -159,14 +121,9 @@
*/
private Map<String, String> allOptions()
{
- OptionsBuilder optionsBuilder = new OptionsBuilder();
- optionsBuilder.serviceName("JBossSTS");
- optionsBuilder.portName("JBossSTSPort");
- optionsBuilder.endpointAddress("http://localhost:8080/jboss-sts/JBossSTS");
- optionsBuilder.username("admin");
- optionsBuilder.password("admin");
- optionsBuilder.samlTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
- return optionsBuilder.build();
+ final Map<String, String> options = new HashMap<String, String>();
+ options.put(JBossSTSLoginModule.STS_CONFIG_FILE, "jboss-sts-client.properties");
+ return options;
}
public static junit.framework.Test suite()
@@ -174,52 +131,6 @@
return new JUnit4TestAdapter(JBossSTSLoginModuleUnitTest.class);
}
- private class OptionsBuilder
- {
- private Map<String, String> options = new HashMap<String, String>();
-
- public OptionsBuilder serviceName(final String serviceName)
- {
- options.put(JBossSTSConstants.SERVICE_NAME_OPTION, serviceName);
- return this;
- }
-
- public OptionsBuilder portName(final String portName)
- {
- options.put(JBossSTSConstants.PORT_NAME_OPTION, portName);
- return this;
- }
-
- public OptionsBuilder endpointAddress(final String address)
- {
- options.put(JBossSTSConstants.ENDPOINT_ADDRESS_OPTION, address);
- return this;
- }
-
- public OptionsBuilder username(final String username)
- {
- options.put(JBossSTSConstants.USERNAME_OPTION, username);
- return this;
- }
-
- public OptionsBuilder password(final String password)
- {
- options.put(JBossSTSConstants.PASSWORD_OPTION, password);
- return this;
- }
-
- public OptionsBuilder samlTokenType(final String type)
- {
- options.put(JBossSTSConstants.TOKEN_TYPE_OPTION, type);
- return this;
- }
-
- public Map<String, String> build()
- {
- return options;
- }
- }
-
private class MockSTSLoginModule extends JBossSTSLoginModule
{
@@ -233,7 +144,7 @@
}
@Override
- WSTrustClient createWSTrustClient(String stsServiceName, String stsPortName, String endpointAddress, String stsUserName, String stsPassword)
+ WSTrustClient createWSTrustClient(final WSTrustClientConfig config)
{
return client;
}
Added: labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/WSTrustClientConfigUnitTest.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/WSTrustClientConfigUnitTest.java (rev 0)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/WSTrustClientConfigUnitTest.java 2009-09-18 13:14:23 UTC (rev 29404)
@@ -0,0 +1,75 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security.auth.login;
+
+import static org.junit.Assert.*;
+
+import org.jboss.soa.esb.services.security.auth.login.WSTrustClientConfig.Builder;
+import org.junit.Test;
+
+import junit.framework.JUnit4TestAdapter;
+
+/**
+ * Unit test for {@link WSTrustClientConfig}.
+ *
+ * @author <a href="mailto:dbevenius at jboss.com">Daniel Bevenius</a>
+ *
+ */
+public class WSTrustClientConfigUnitTest
+{
+ final String serviceName = "JBossSTS";
+ final String portName = "JBossSTSPort";
+ final String endpointAddress = "http://test:8080/JBossSTS";
+ final String username = "user1";
+ final String password = "pass1";
+
+ @Test
+ public void build()
+ {
+ final Builder builder = new WSTrustClientConfig.Builder();
+ final WSTrustClientConfig config = builder.serviceName(serviceName).portName(portName).endpointAddress(endpointAddress).username(username).password(password).build();
+ assertAllProperties(config);
+ }
+
+ @Test
+ public void buildFromConfigPropertiesFile()
+ {
+ final Builder builder = new WSTrustClientConfig.Builder();
+ WSTrustClientConfig config = builder.build(WSTrustClientConfig.DEFAULT_CONFIG_FILE);
+ assertAllProperties(config);
+ }
+
+ private void assertAllProperties(final WSTrustClientConfig config)
+ {
+ assertEquals(serviceName, config.getServiceName());
+ assertEquals(portName, config.getPortName());
+ assertEquals(endpointAddress, config.getEndPointAddress());
+ assertEquals(username, config.getUsername());
+ assertEquals(password, config.getPassword());
+
+ }
+
+ public static junit.framework.Test suite()
+ {
+ return new JUnit4TestAdapter(WSTrustClientConfigUnitTest.class);
+ }
+
+}
Added: labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/jboss-sts-client.properties
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/jboss-sts-client.properties (rev 0)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/jboss-sts-client.properties 2009-09-18 13:14:23 UTC (rev 29404)
@@ -0,0 +1,5 @@
+serviceName=JBossSTS
+portName=JBossSTSPort
+endpointAddress=http://test:8080/JBossSTS
+username=user1
+password=pass1
Added: labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/JBossSTSSAML20SecurityHandlerUnitTest.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/JBossSTSSAML20SecurityHandlerUnitTest.java (rev 0)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/JBossSTSSAML20SecurityHandlerUnitTest.java 2009-09-18 13:14:23 UTC (rev 29404)
@@ -0,0 +1,150 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security.auth.ws;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.Matchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import javax.xml.namespace.QName;
+import javax.xml.soap.MessageFactory;
+import javax.xml.soap.SOAPElement;
+import javax.xml.soap.SOAPException;
+import javax.xml.soap.SOAPHeader;
+import javax.xml.soap.SOAPHeaderElement;
+import javax.xml.soap.SOAPMessage;
+import javax.xml.ws.handler.MessageContext;
+import javax.xml.ws.handler.soap.SOAPMessageContext;
+
+import junit.framework.JUnit4TestAdapter;
+
+import org.jboss.identity.federation.api.wstrust.WSTrustClient;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.soa.esb.services.security.auth.login.WSTrustClientConfig;
+import org.junit.Test;
+import org.w3c.dom.Element;
+
+/**
+ * Unit test for {@link JBossSTSSecurityHandler}.
+ *
+ * @author <a href="mailto:dbevenius at jboss.com">Daniel Bevenius</a>
+ *
+ */
+public class JBossSTSSAML20SecurityHandlerUnitTest
+{
+ @Test
+ public void handleMessageValidateOutbound() throws SOAPException
+ {
+ final SOAPMessageContext messageContext = mock(SOAPMessageContext.class);
+
+ // Set it to be an outbound message.
+ when(messageContext.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY)).thenReturn(true);
+
+ boolean result = new MockSAMLHandler().handleMessage(messageContext);
+ assertTrue(result);
+ }
+
+ @Test
+ public void handleMessageValidToken() throws Exception
+ {
+ final SOAPMessageContext messageContext = mock(SOAPMessageContext.class);
+ final SOAPMessage soapMessage = MessageFactory.newInstance().createMessage();
+ final SOAPHeader soapHeader = soapMessage.getSOAPHeader();
+
+ final WSTrustClient client = mock(WSTrustClient.class);
+ when(client.validateToken((any(Element.class)))).thenReturn(true);
+
+ final MockSAMLHandler samlHandler = new MockSAMLHandler(client);
+
+ final QName securityQName = samlHandler.getSecurityElementQName();
+ final SOAPHeaderElement securityHeader = soapHeader.addHeaderElement(new QName(securityQName.getNamespaceURI(), securityQName.getLocalPart(), "wsse"));
+ soapHeader.addChildElement(securityHeader);
+
+ final QName tokenElementQName = samlHandler.getTokenElementQName();
+ SOAPElement tokenElement = securityHeader.addChildElement(new QName(tokenElementQName.getNamespaceURI(), tokenElementQName.getLocalPart(), "saml"));
+ securityHeader.addChildElement(tokenElement);
+
+ // Set it to be an inbound message.
+ when(messageContext.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY)).thenReturn(false);
+ when(messageContext.getMessage()).thenReturn(soapMessage);
+
+ boolean result = samlHandler.handleMessage(messageContext);
+ assertTrue(result);
+ }
+
+ @Test
+ public void handleMessageInValidToken() throws Exception
+ {
+ final SOAPMessageContext messageContext = mock(SOAPMessageContext.class);
+ final SOAPMessage soapMessage = MessageFactory.newInstance().createMessage();
+ final SOAPHeader soapHeader = soapMessage.getSOAPHeader();
+
+ final WSTrustClient client = mock(WSTrustClient.class);
+ when(client.validateToken((any(Element.class)))).thenReturn(false);
+
+ final MockSAMLHandler samlHandler = new MockSAMLHandler(client);
+
+ final QName securityQName = samlHandler.getSecurityElementQName();
+ final SOAPHeaderElement securityHeader = soapHeader.addHeaderElement(new QName(securityQName.getNamespaceURI(), securityQName.getLocalPart(), "wsse"));
+ soapHeader.addChildElement(securityHeader);
+
+ final QName tokenElementQName = samlHandler.getTokenElementQName();
+ SOAPElement tokenElement = securityHeader.addChildElement(new QName(tokenElementQName.getNamespaceURI(), tokenElementQName.getLocalPart(), "saml"));
+ securityHeader.addChildElement(tokenElement);
+
+ // Set it to be an inbound message.
+ when(messageContext.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY)).thenReturn(false);
+ when(messageContext.getMessage()).thenReturn(soapMessage);
+
+ boolean result = samlHandler.handleMessage(messageContext);
+ assertFalse(result);
+ }
+
+ private class MockSAMLHandler extends JBossSTSSAML20SecurityHandler
+ {
+ private WSTrustClient client;
+
+ public MockSAMLHandler()
+ {
+ }
+
+ public MockSAMLHandler(final WSTrustClient client)
+ {
+ this.client = client;
+
+ }
+
+ @Override
+ protected WSTrustClient createWSTrustClient(WSTrustClientConfig config) throws ParsingException
+ {
+ return client;
+ }
+
+ }
+
+ public static junit.framework.Test suite()
+ {
+ return new JUnit4TestAdapter(JBossSTSSAML20SecurityHandlerUnitTest.class);
+ }
+
+}
Added: labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/jboss-sts-client.properties
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/jboss-sts-client.properties (rev 0)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/jboss-sts-client.properties 2009-09-18 13:14:23 UTC (rev 29404)
@@ -0,0 +1,5 @@
+serviceName=JBossSTS
+portName=JBossSTSPort
+endpointAddress=http://localhost:8080/jboss-sts/JBossSTS
+username=admin
+password=admin
Modified: labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/build.xml
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/build.xml 2009-09-18 10:28:45 UTC (rev 29403)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/build.xml 2009-09-18 13:14:23 UTC (rev 29404)
@@ -6,7 +6,7 @@
</description>
<!-- additional deploys -->
- <property name="additional.deploys" value="jboss-wsse-client.xml, smooks/*.xml, jboss-sts.properties"/>
+ <property name="additional.deploys" value="jboss-wsse-client.xml, smooks/*.xml, jboss-sts-client.properties"/>
<target name="quickstart-specific-predeploys">
<copy file="${basedir}/jboss-sts.war" todir="${org.jboss.esb.server.deploy.dir}"/>
@@ -85,6 +85,7 @@
<filterset>
<filter token="KEYSTORE_PATH" value="${basedir}/keystore"/>
<filter token="ROLES_FILE_PATH" value="${basedir}/roles.properties"/>
+ <filter token="STS_CONFIG_FILE_PATH" value="${basedir}/jboss-sts-client.properties"/>
</filterset>
<fileset dir="${basedir}">
<include name="login-config.xml"/>
Modified: labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/jboss-esb.xml
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/jboss-esb.xml 2009-09-18 10:28:45 UTC (rev 29403)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/jboss-esb.xml 2009-09-18 13:14:23 UTC (rev 29404)
@@ -25,11 +25,7 @@
<actions mep="OneWay">
<action name="issueToken" class="org.jboss.soa.esb.actions.security.JBossSTSAction">
- <property name="serviceName" value="JBossSTS"/>
- <property name="portName" value="JBossSTSPort"/>
- <property name="endpointAddress" value="http://localhost:8080/jboss-sts/JBossSTS"/>
- <property name="username" value="admin"/>
- <property name="password" value="admin"/>
+ <property name="configFile" value="/jboss-sts-client.properties"/>
<property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"/>
<property name="addToEsbAuthRequest" value="true"/>
</action>
Added: labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/jboss-sts-client.properties
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/jboss-sts-client.properties (rev 0)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/jboss-sts-client.properties 2009-09-18 13:14:23 UTC (rev 29404)
@@ -0,0 +1,5 @@
+serviceName=JBossSTS
+portName=JBossSTSPort
+endpointAddress=http://localhost:8080/jboss-sts/JBossSTS
+username=admin
+password=admin
Deleted: labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/jboss-sts.properties
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/jboss-sts.properties 2009-09-18 10:28:45 UTC (rev 29403)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/jboss-sts.properties 2009-09-18 13:14:23 UTC (rev 29404)
@@ -1,5 +0,0 @@
-serviceName=JBossSTS
-portName=JBossSTSPort
-endpointAddress=http://localhost:8080/jboss-sts/JBossSTS
-username=admin
-password=admin
Modified: labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/login-config.xml
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/login-config.xml 2009-09-18 10:28:45 UTC (rev 29403)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/login-config.xml 2009-09-18 13:14:23 UTC (rev 29404)
@@ -13,11 +13,7 @@
<application-policy name = "jbossesb-saml">
<authentication>
<login-module code="org.jboss.soa.esb.services.security.auth.login.JBossSTSLoginModule" flag="required">
- <module-option name="serviceName">JBossSTS</module-option>
- <module-option name="portName">JBossSTSPort</module-option>
- <module-option name="endpointAddress">http://localhost:8080/jboss-sts/JBossSTS</module-option>
- <module-option name="username">admin</module-option>
- <module-option name="password">admin</module-option>
+ <module-option name="configFile">@STS_CONFIG_FILE_PATH@</module-option>
</login-module>
</authentication>
</application-policy>
Modified: labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/src/org/jboss/soa/esb/samples/quickstart/securitysaml/webservice/handlerchain.xml
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/src/org/jboss/soa/esb/samples/quickstart/securitysaml/webservice/handlerchain.xml 2009-09-18 10:28:45 UTC (rev 29403)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/src/org/jboss/soa/esb/samples/quickstart/securitysaml/webservice/handlerchain.xml 2009-09-18 13:14:23 UTC (rev 29404)
@@ -3,7 +3,7 @@
<jws:handler-chains>
<jws:handler-chain>
<jws:handler>
- <jws:handler-class>org.jboss.soa.esb.services.security.auth.ws.JBossSTSSecurityHandler</jws:handler-class>
+ <jws:handler-class>org.jboss.soa.esb.services.security.auth.ws.JBossSTSSAML20SecurityHandler</jws:handler-class>
</jws:handler>
</jws:handler-chain>
</jws:handler-chains>
More information about the jboss-svn-commits
mailing list