[jboss-svn-commits] JBL Code SVN: r29405 - in labs/jbossesb/workspace/dbevenius/saml_support/product: rosetta/src/org/jboss/soa/esb/services/security/auth/login and 4 other directories.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Fri Sep 18 10:30:38 EDT 2009
Author: beve
Date: 2009-09-18 10:30:38 -0400 (Fri, 18 Sep 2009)
New Revision: 29405
Added:
labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/WSTrustClientFactory.java
Modified:
labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/actions/security/JBossSTSAction.java
labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModule.java
labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/JBossSTSSecurityHandler.java
labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/JBossSTSSAML20SecurityHandlerUnitTest.java
labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/war/resources/WEB-INF/web.xml
labs/jbossesb/workspace/dbevenius/saml_support/product/services/soap/src/main/java/org/jboss/soa/esb/actions/soap/SOAPSamlHandler.java
Log:
Added a factory for creating WSTrustClients.
Modified: labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/actions/security/JBossSTSAction.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/actions/security/JBossSTSAction.java 2009-09-18 13:14:23 UTC (rev 29404)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/actions/security/JBossSTSAction.java 2009-09-18 14:30:38 UTC (rev 29405)
@@ -24,7 +24,6 @@
import org.apache.log4j.Logger;
import org.jboss.identity.federation.api.wstrust.WSTrustClient;
-import org.jboss.identity.federation.api.wstrust.WSTrustClient.SecurityInfo;
import org.jboss.identity.federation.core.exceptions.ParsingException;
import org.jboss.identity.federation.core.wstrust.WSTrustException;
import org.jboss.internal.soa.esb.assertion.AssertArgument;
@@ -42,6 +41,7 @@
import org.jboss.soa.esb.services.security.auth.login.SamlContext;
import org.jboss.soa.esb.services.security.auth.login.SamlPrincipal;
import org.jboss.soa.esb.services.security.auth.login.WSTrustClientConfig;
+import org.jboss.soa.esb.services.security.auth.login.WSTrustClientFactory;
import org.w3c.dom.Element;
@@ -121,10 +121,7 @@
{
try
{
- return new WSTrustClient(wsTrustConfig.getServiceName(),
- wsTrustConfig.getPortName(),
- wsTrustConfig.getEndPointAddress(),
- new SecurityInfo(wsTrustConfig.getUsername(), wsTrustConfig.getPassword()));
+ return WSTrustClientFactory.getInstance().create(wsTrustConfig);
}
catch (final ParsingException e)
{
Modified: labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModule.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModule.java 2009-09-18 13:14:23 UTC (rev 29404)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModule.java 2009-09-18 14:30:38 UTC (rev 29405)
@@ -34,7 +34,6 @@
import org.apache.log4j.Logger;
import org.jboss.identity.federation.api.wstrust.WSTrustClient;
-import org.jboss.identity.federation.api.wstrust.WSTrustClient.SecurityInfo;
import org.jboss.identity.federation.core.exceptions.ParsingException;
import org.jboss.identity.federation.core.wstrust.WSTrustException;
import org.jboss.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
@@ -128,10 +127,7 @@
{
try
{
- return new WSTrustClient(config.getServiceName(),
- config.getPortName(),
- config.getEndPointAddress(),
- new SecurityInfo(config.getUsername(), config.getPassword()));
+ return WSTrustClientFactory.getInstance().create(config);
}
catch (final ParsingException e)
{
Added: labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/WSTrustClientFactory.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/WSTrustClientFactory.java (rev 0)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/WSTrustClientFactory.java 2009-09-18 14:30:38 UTC (rev 29405)
@@ -0,0 +1,49 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security.auth.login;
+
+import org.jboss.identity.federation.api.wstrust.WSTrustClient;
+import org.jboss.identity.federation.api.wstrust.WSTrustClient.SecurityInfo;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+
+/**
+ * Simple factory for creating {@link WSTrustClient}s.
+ *
+ * @author <a href="mailto:dbevenius at jboss.com">Daniel Bevenius</a>
+ */
+public final class WSTrustClientFactory
+{
+ private static final WSTrustClientFactory INSTANCE = new WSTrustClientFactory();
+
+ private WSTrustClientFactory()
+ {
+ }
+
+ public static WSTrustClientFactory getInstance()
+ {
+ return INSTANCE;
+ }
+
+ public WSTrustClient create(final WSTrustClientConfig c) throws ParsingException
+ {
+ return new WSTrustClient(c.getServiceName(), c.getPortName(), c.getEndPointAddress(), new SecurityInfo(c.getUsername(), c.getPassword()));
+ }
+}
Modified: labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/JBossSTSSecurityHandler.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/JBossSTSSecurityHandler.java 2009-09-18 13:14:23 UTC (rev 29404)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/JBossSTSSecurityHandler.java 2009-09-18 14:30:38 UTC (rev 29405)
@@ -24,19 +24,22 @@
import java.util.Iterator;
import java.util.Set;
+import javax.annotation.Resource;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPHeaderElement;
+import javax.xml.ws.WebServiceException;
import javax.xml.ws.handler.MessageContext;
import javax.xml.ws.handler.soap.SOAPHandler;
import javax.xml.ws.handler.soap.SOAPMessageContext;
import org.apache.log4j.Logger;
import org.jboss.identity.federation.api.wstrust.WSTrustClient;
-import org.jboss.identity.federation.api.wstrust.WSTrustClient.SecurityInfo;
import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.wstrust.WSTrustException;
import org.jboss.soa.esb.services.security.auth.login.WSTrustClientConfig;
+import org.jboss.soa.esb.services.security.auth.login.WSTrustClientFactory;
import org.w3c.dom.Element;
/**
@@ -52,52 +55,79 @@
{
private Logger log = Logger.getLogger(JBossSTSSecurityHandler.class);
+ /**
+ * The path to the jboss-sts-client.properties file.
+ */
+ private String configFile = WSTrustClientConfig.DEFAULT_CONFIG_FILE;
+
+ /**
+ * Subclasses can return the QName of the Security header element in usage.
+ *
+ * @return QName
+ */
public abstract QName getSecurityElementQName();
+
+ /**
+ * Subclasses can return the QName of the Security Element that should be used
+ * as the token for validation.
+ *
+ * @return QName
+ */
public abstract QName getTokenElementQName();
/**
+ * Will process in-bound messages and extract a security token from the SOAP Header. This token
+ * will then be validated using by calling JBossSTS.
*
- * @param messageContext
+ * @param messageContext The {@link SOAPMessageContext}.
*/
public boolean handleMessage(final SOAPMessageContext messageContext)
{
- final Boolean outBound = (Boolean) messageContext.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
- if (outBound.booleanValue())
+ if (isOutBound(messageContext))
return true;
-
+
try
{
- final WSTrustClientConfig config = new WSTrustClientConfig.Builder().build(WSTrustClientConfig.DEFAULT_CONFIG_FILE);
+ log.info("Using configFile : " + configFile);
+ final WSTrustClientConfig config = new WSTrustClientConfig.Builder().build(configFile);
final WSTrustClient wsTrustClient = createWSTrustClient(config);
Element securityToken = extractSecurityToken(messageContext, getSecurityElementQName(), getTokenElementQName());
// Validate the security token with JBossSTS
final boolean valid = wsTrustClient.validateToken(securityToken);
- if (valid == false)
+ if (valid)
{
- log.info("Could not validate token");
- // TODO: Create fault.
- return false;
+ log.info("Succesfully validated Token : " + securityToken);
+ return true;
}
else
{
- log.info("Succesfully validated Token : " + securityToken);
- return true;
+ log.info("Could not validate token");
+ throw new WebServiceException("Could not validate security token "+ securityToken);
}
}
- catch (final Exception e)
+ catch (final SOAPException e)
{
- e.printStackTrace();
+ throw new WebServiceException(e.getMessage(), e);
}
- return false;
+ catch (final WSTrustException e)
+ {
+ throw new WebServiceException(e.getMessage(), e);
+ }
+ catch (final ParsingException e)
+ {
+ throw new WebServiceException(e.getMessage(), e);
+ }
}
+ private boolean isOutBound(final SOAPMessageContext messageContext)
+ {
+ return ((Boolean) messageContext.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY)).booleanValue();
+ }
+
protected WSTrustClient createWSTrustClient(final WSTrustClientConfig config) throws ParsingException
{
- return new WSTrustClient(config.getServiceName(),
- config.getPortName(),
- config.getEndPointAddress(),
- new SecurityInfo(config.getUsername(), config.getPassword()));
+ return WSTrustClientFactory.getInstance().create(config);
}
private Element extractSecurityToken(final SOAPMessageContext messageContext, final QName securityQName, final QName tokenQName) throws SOAPException
@@ -130,13 +160,38 @@
return headers;
}
+ public boolean handleFault(final SOAPMessageContext messageContext)
+ {
+ return false;
+ }
+ /**
+ * No cleanup is done here.
+ */
public void close(final MessageContext messageContext)
{
}
-
- public boolean handleFault(final SOAPMessageContext messageContext)
+
+ /**
+ * This setter enables the injection of the jboss-sts-client.properties file
+ * path.
+ * This can be specified for example in web.xml:
+ * <pre>
+ * <env-entry>
+ * <env-entry-name>JBossSTSClientConfig</env-entry-name>
+ * <env-entry-type>java.lang.String</env-entry-type>
+ * <env-entry-value>/jboss-sts-client.properties</env-entry-value>
+ * </env-entry>
+ * </pre>
+ *
+ * @param configFile
+ */
+ @Resource (name = "JBossSTSClientConfig")
+ public void setConfigFile(final String configFile)
{
- return false;
+ if (configFile != null)
+ {
+ this.configFile = configFile;
+ }
}
}
Modified: labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/JBossSTSSAML20SecurityHandlerUnitTest.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/JBossSTSSAML20SecurityHandlerUnitTest.java 2009-09-18 13:14:23 UTC (rev 29404)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/JBossSTSSAML20SecurityHandlerUnitTest.java 2009-09-18 14:30:38 UTC (rev 29405)
@@ -33,6 +33,7 @@
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPHeaderElement;
import javax.xml.soap.SOAPMessage;
+import javax.xml.ws.WebServiceException;
import javax.xml.ws.handler.MessageContext;
import javax.xml.ws.handler.soap.SOAPMessageContext;
@@ -92,7 +93,7 @@
assertTrue(result);
}
- @Test
+ @Test (expected = WebServiceException.class)
public void handleMessageInValidToken() throws Exception
{
final SOAPMessageContext messageContext = mock(SOAPMessageContext.class);
@@ -117,7 +118,6 @@
when(messageContext.getMessage()).thenReturn(soapMessage);
boolean result = samlHandler.handleMessage(messageContext);
- assertFalse(result);
}
private class MockSAMLHandler extends JBossSTSSAML20SecurityHandler
Modified: labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/war/resources/WEB-INF/web.xml
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/war/resources/WEB-INF/web.xml 2009-09-18 13:14:23 UTC (rev 29404)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/war/resources/WEB-INF/web.xml 2009-09-18 14:30:38 UTC (rev 29405)
@@ -15,4 +15,10 @@
<url-pattern>/GoodbyeWorldWS</url-pattern>
</servlet-mapping>
+ <env-entry>
+ <env-entry-name>JBossSTSClientConfig</env-entry-name>
+ <env-entry-type>java.lang.String</env-entry-type>
+ <env-entry-value>/jboss-sts-client.properties</env-entry-value>
+ </env-entry>
+
</web-app>
Modified: labs/jbossesb/workspace/dbevenius/saml_support/product/services/soap/src/main/java/org/jboss/soa/esb/actions/soap/SOAPSamlHandler.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/services/soap/src/main/java/org/jboss/soa/esb/actions/soap/SOAPSamlHandler.java 2009-09-18 13:14:23 UTC (rev 29404)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/services/soap/src/main/java/org/jboss/soa/esb/actions/soap/SOAPSamlHandler.java 2009-09-18 14:30:38 UTC (rev 29405)
@@ -54,8 +54,8 @@
public boolean handleMessage(final SOAPMessageContext soapContext)
{
final Boolean outBound = (Boolean) soapContext.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
- if (outBound.booleanValue() == false)
- return false;
+ if (outBound.booleanValue())
+ return true;
try
{
More information about the jboss-svn-commits
mailing list