[seam-commits] Seam SVN: r13608 - in modules/security/trunk/external: src/main/java/org/jboss/seam/security and 5 other directories.
seam-commits at lists.jboss.org
seam-commits at lists.jboss.org
Thu Aug 12 17:50:32 EDT 2010
Author: shane.bryzak at jboss.com
Date: 2010-08-12 17:50:30 -0400 (Thu, 12 Aug 2010)
New Revision: 13608
Added:
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticationFilter.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticationService.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticator.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/InternalAuthenticator.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/InvalidRequestException.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/LoggedInEvent.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdConsumerManagerFactory.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdPrincipal.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdRequest.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdSingleLoginReceiver.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdSingleLoginSender.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdXrdsProvider.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/PagesSupportingExternalAuthentication.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/RequestContext.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/RequestOrResponse.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/Requests.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlConstants.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageFactory.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageReceiver.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageSender.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMetaDataProvider.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlProfile.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSignatureUtilForPostBinding.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSignatureUtilForRedirectBinding.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleLogoutReceiver.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleLogoutSender.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleSignOnReceiver.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleSignOnSender.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlUtils.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SeamSamlPrincipal.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/
Removed:
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/ExternalAuthenticationFilter.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/ExternalAuthenticationService.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/ExternalAuthenticator.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/InternalAuthenticator.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/InvalidRequestException.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/LoggedInEvent.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdConsumerManagerFactory.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdPrincipal.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdRequest.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdSingleLoginReceiver.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdSingleLoginSender.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdXrdsProvider.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/PagesSupportingExternalAuthentication.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/RequestContext.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/RequestOrResponse.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/Requests.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlConstants.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMessageFactory.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMessageReceiver.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMessageSender.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMetaDataProvider.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlProfile.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSignatureUtilForPostBinding.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSignatureUtilForRedirectBinding.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleLogoutReceiver.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleLogoutSender.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleSignOnReceiver.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleSignOnSender.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlUtils.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SeamSamlPrincipal.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/configuration/
Modified:
modules/security/trunk/external/pom.xml
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/Binding.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/Configuration.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/OpenIdConfiguration.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlConfiguration.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlEndpoint.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlIdentityProvider.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlService.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/ServiceProvider.java
modules/security/trunk/external/src/main/resources/schema/config/external-authentication-config.xsd
modules/security/trunk/external/src/main/xjb/samlv2-bindings.xjb
Log:
renamed external_authentication package to just external
Modified: modules/security/trunk/external/pom.xml
===================================================================
--- modules/security/trunk/external/pom.xml 2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/pom.xml 2010-08-12 21:50:30 UTC (rev 13608)
@@ -12,7 +12,7 @@
<groupId>org.jboss.seam.security</groupId>
<artifactId>seam-security-external</artifactId>
<packaging>jar</packaging>
- <name>Seam Security External Authentication</name>
+ <name>Seam Security External Authentication Services</name>
<build>
<plugins>
@@ -38,7 +38,7 @@
<id>jaxb-xrds</id>
<configuration>
<schemaDirectory>${basedir}/src/main/resources/schema/xrds</schemaDirectory>
- <packageName>org.jboss.seam.security.external_authentication.jaxb.xrds</packageName>
+ <packageName>org.jboss.seam.security.external.jaxb.xrds</packageName>
<outputDirectory>${basedir}/src/main/generated-source</outputDirectory>
<clearOutputDir>false</clearOutputDir>
<staleFile>${project.build.directory}/.staleFlag_xrds</staleFile>
@@ -52,7 +52,7 @@
<id>jaxb-config</id>
<configuration>
<schemaDirectory>${basedir}/src/main/resources/schema/config</schemaDirectory>
- <packageName>org.jboss.seam.security.external_authentication.jaxb.config</packageName>
+ <packageName>org.jboss.seam.security.external.jaxb.config</packageName>
<outputDirectory>${basedir}/src/main/generated-source</outputDirectory>
<clearOutputDir>false</clearOutputDir>
<staleFile>${project.build.directory}/.staleFlag_config</staleFile>
@@ -106,6 +106,11 @@
</dependency>
<dependency>
+ <groupId>org.jboss.seam.security</groupId>
+ <artifactId>seam-security-impl</artifactId>
+ </dependency>
+
+ <dependency>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-core</artifactId>
<exclusions>
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticationFilter.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/ExternalAuthenticationFilter.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticationFilter.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticationFilter.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,220 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.io.IOException;
+
+import javax.enterprise.inject.Instance;
+import javax.inject.Inject;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.annotation.WebFilter;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.jboss.seam.security.Identity;
+import org.jboss.seam.security.external.configuration.Configuration;
+import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Seam Servlet Filter supporting SAMLv2 authentication. It implements the Web
+ * Browser SSO Profile. For outgoing authentication requests it can use either
+ * HTTP Post or HTTP Redirect binding. For the responses, it uses HTTP Post
+ * binding, with or without signature validation.
+ */
+ at WebFilter
+public class ExternalAuthenticationFilter implements Filter
+{
+ public static final String IDP_ENTITY_ID_PARAMETER = "idpEntityId";
+
+ public static final String RETURN_URL_PARAMETER = "returnUrl";
+
+ public static final String OPEN_ID_PARAMETER = "openId";
+
+ private final Logger log = LoggerFactory.getLogger(ExternalAuthenticationFilter.class);
+
+ @Inject
+ private Configuration configuration;
+
+ @Inject
+ private SamlMessageReceiver samlMessageReceiver;
+
+ @Inject
+ private OpenIdSingleLoginReceiver openIdSingleLoginReceiver;
+
+ @Inject
+ private SamlSingleSignOnSender samlSingleSignOnSender;
+
+ @Inject
+ private OpenIdSingleLoginSender openIdSingleLoginSender;
+
+ @Inject
+ private SamlSingleLogoutSender samlSingleLogoutSender;
+
+ @Inject
+ private SamlMetaDataProvider samlMetaDataProvider;
+
+ @Inject
+ private OpenIdXrdsProvider openIdXrdsProvider;
+
+ @Inject
+ private Instance<Identity> identity;
+
+ public void init(FilterConfig filterConfig) throws ServletException
+ {
+ configuration.setContextRoot(filterConfig.getServletContext().getContextPath());
+ }
+
+ public void doFilter(ServletRequest request, ServletResponse response, final FilterChain chain) throws IOException, ServletException
+ {
+ if (!(request instanceof HttpServletRequest))
+ {
+ throw new ServletException("This filter can only process HttpServletRequest requests");
+ }
+
+ final HttpServletRequest httpRequest = (HttpServletRequest) request;
+ final HttpServletResponse httpResponse = (HttpServletResponse) response;
+
+ final ExternalAuthenticationService service = determineService(httpRequest);
+
+ if (service != null)
+ {
+ try
+ {
+ doFilter(httpRequest, httpResponse, service);
+ }
+ catch (InvalidRequestException e)
+ {
+ httpResponse.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+ if (log.isInfoEnabled())
+ {
+ log.info("Bad request received from {0} ({1})", new Object[] { e.getCause(), httpRequest.getRemoteHost(), e.getDescription() });
+ }
+ }
+ }
+ else
+ {
+ // Request is not related to external authentication. Pass the request
+ // on to
+ // the next filter in the chain.
+ chain.doFilter(httpRequest, httpResponse);
+ }
+ }
+
+ private void doFilter(HttpServletRequest httpRequest, HttpServletResponse httpResponse, ExternalAuthenticationService service) throws InvalidRequestException, IOException, ServletException
+ {
+ switch (service)
+ {
+ case OPEN_ID_SERVICE:
+ openIdSingleLoginReceiver.handleIncomingMessage(httpRequest, httpResponse);
+ break;
+ case SAML_SINGLE_LOGOUT_SERVICE:
+ samlMessageReceiver.handleIncomingSamlMessage(SamlProfile.SINGLE_LOGOUT, httpRequest, httpResponse);
+ break;
+ case SAML_ASSERTION_CONSUMER_SERVICE:
+ samlMessageReceiver.handleIncomingSamlMessage(SamlProfile.SINGLE_SIGN_ON, httpRequest, httpResponse);
+ break;
+ case AUTHENTICATION_SERVICE:
+ String returnUrl = httpRequest.getParameter(RETURN_URL_PARAMETER);
+
+ String providerName = httpRequest.getParameter(IDP_ENTITY_ID_PARAMETER);
+ if (providerName != null)
+ {
+ SamlIdentityProvider identityProvider = configuration.getServiceProvider().getSamlConfiguration().getSamlIdentityProviderByEntityId(providerName);
+
+ // User requested a page for which login is required. Return a page
+ // that instructs the browser to post an authentication request to
+ // the IDP.
+ if (identityProvider instanceof SamlIdentityProvider)
+ {
+ samlSingleSignOnSender.sendAuthenticationRequestToIDP(httpRequest, httpResponse, (SamlIdentityProvider) identityProvider, returnUrl);
+ }
+ else
+ {
+ throw new RuntimeException("Only SAML identity providers are supported in this version");
+ }
+ }
+ else
+ {
+ String openId = httpRequest.getParameter(OPEN_ID_PARAMETER);
+ openIdSingleLoginSender.sendAuthRequest(openId, returnUrl, httpResponse);
+ }
+ break;
+ case LOGOUT_SERVICE:
+ if (!identity.get().isLoggedIn())
+ {
+ throw new RuntimeException("User not logged in.");
+ }
+ // FIXME SeamSamlPrincipal principal = (SeamSamlPrincipal)
+ // identity.getPrincipal();
+ SeamSamlPrincipal principal = (SeamSamlPrincipal) httpRequest.getUserPrincipal();
+ SamlIdentityProvider idp = principal.getIdentityProvider();
+ if (!(idp instanceof SamlIdentityProvider))
+ {
+ throw new RuntimeException("Only SAML identity providers are supported in this version");
+ }
+
+ samlSingleLogoutSender.sendSingleLogoutRequestToIDP(httpRequest, httpResponse, identity.get());
+ break;
+ case SAML_META_DATA_SERVICE:
+
+ samlMetaDataProvider.writeMetaData(httpResponse.getOutputStream());
+ httpResponse.setCharacterEncoding("UTF-8");
+ httpResponse.setContentType("application/xml");
+ httpResponse.flushBuffer();
+ break;
+ case OPEN_ID_XRDS_SERVICE:
+
+ openIdXrdsProvider.writeMetaData(httpResponse.getOutputStream());
+ httpResponse.setCharacterEncoding("UTF-8");
+ httpResponse.setContentType("application/xrds+xml");
+ httpResponse.flushBuffer();
+ break;
+ default:
+ throw new RuntimeException("Unsupported service " + service);
+ }
+ }
+
+ private ExternalAuthenticationService determineService(HttpServletRequest httpRequest)
+ {
+ String path = ((HttpServletRequest) httpRequest).getRequestURI().replace(".seam", "");
+
+ for (ExternalAuthenticationService service : ExternalAuthenticationService.values())
+ {
+ if (path.endsWith("/" + service.getName()))
+ {
+ return service;
+ }
+ }
+ return null;
+ }
+
+ public void destroy()
+ {
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticationService.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/ExternalAuthenticationService.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticationService.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticationService.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,52 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+public enum ExternalAuthenticationService
+{
+
+ AUTHENTICATION_SERVICE("AuthenticationService"),
+
+ LOGOUT_SERVICE("LogoutService"),
+
+ SAML_ASSERTION_CONSUMER_SERVICE("AssertionConsumerService"),
+
+ SAML_SINGLE_LOGOUT_SERVICE("SingleLogoutService"),
+
+ SAML_META_DATA_SERVICE("MetaDataService"),
+
+ OPEN_ID_SERVICE("OpenIdService"),
+
+ OPEN_ID_XRDS_SERVICE("OpenIdXrdsService");
+
+ private String name;
+
+ private ExternalAuthenticationService(String name)
+ {
+ this.name = name;
+ }
+
+ public String getName()
+ {
+ return name;
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticator.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/ExternalAuthenticator.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticator.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticator.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,174 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.faces.context.FacesContext;
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.servlet.annotation.WebFilter;
+
+import org.jboss.seam.security.Identity;
+import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
+import org.jboss.seam.security.external.configuration.ServiceProvider;
+
+/**
+ * Filter that manages the external authentication of users (using, for example,
+ * SAML or OpenID).
+ */
+ at Named("externalAuthenticator")
+ at WebFilter
+// FIXME: page scope
+public class ExternalAuthenticator
+{
+ private String returnUrl;
+
+ private String openId;
+
+ @Inject
+ private ServiceProvider serviceProvider;
+
+ @Inject
+ private Identity identity;
+
+ public void samlSignOn(String idpEntityId)
+ {
+ if (serviceProvider.getSamlConfiguration() == null)
+ {
+ throw new RuntimeException("SAML is not configured.");
+ }
+
+ SamlIdentityProvider idp = serviceProvider.getSamlConfiguration().getSamlIdentityProviderByEntityId(idpEntityId);
+ if (idp == null)
+ {
+ throw new RuntimeException("Identity provider " + idpEntityId + " not found");
+ }
+
+ String authenticationServiceURL = serviceProvider.getServiceURL(ExternalAuthenticationService.AUTHENTICATION_SERVICE);
+ Map<String, String> params = new HashMap<String, String>();
+ params.put(ExternalAuthenticationFilter.IDP_ENTITY_ID_PARAMETER, idpEntityId);
+ params.put(ExternalAuthenticationFilter.RETURN_URL_PARAMETER, returnUrl);
+ redirect(authenticationServiceURL, params);
+ }
+
+ public void openIdSignOn()
+ {
+ openIdSignOn(openId);
+ }
+
+ public void openIdSignOn(String openId)
+ {
+ if (serviceProvider.getOpenIdConfiguration() == null)
+ {
+ throw new RuntimeException("OpenID is not configured.");
+ }
+ String authenticationServiceURL = serviceProvider.getServiceURL(ExternalAuthenticationService.AUTHENTICATION_SERVICE);
+ Map<String, String> params = new HashMap<String, String>();
+ params.put(ExternalAuthenticationFilter.RETURN_URL_PARAMETER, returnUrl);
+ params.put(ExternalAuthenticationFilter.OPEN_ID_PARAMETER, openId);
+ redirect(authenticationServiceURL, params);
+ }
+
+ public void singleLogout()
+ {
+ if (!identity.isLoggedIn())
+ {
+ throw new RuntimeException("Not logged in");
+ }
+ if (false /* FIXME !(identity.getPrincipal() instanceof SeamSamlPrincipal) */)
+ {
+ throw new RuntimeException("Single logout is only supported for SAML");
+ }
+ String logoutServiceURL = serviceProvider.getServiceURL(ExternalAuthenticationService.LOGOUT_SERVICE);
+ redirect(logoutServiceURL, null);
+ }
+
+ private void redirect(String urlBase, Map<String, String> params)
+ {
+ StringBuilder url = new StringBuilder();
+ url.append(urlBase);
+ if (params != null && params.size() > 0)
+ {
+ url.append("?");
+ boolean first = true;
+ for (Map.Entry<String, String> paramEntry : params.entrySet())
+ {
+ if (first)
+ {
+ first = false;
+ }
+ else
+ {
+ url.append("&");
+ }
+ url.append(paramEntry.getKey());
+ url.append("=");
+ try
+ {
+ String paramValue = paramEntry.getValue();
+ if (paramValue == null || paramValue == "")
+ throw new RuntimeException("Param Key:" + paramEntry.getKey() + " has value that is null");
+ url.append(URLEncoder.encode(paramValue, "UTF-8"));
+ }
+ catch (UnsupportedEncodingException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+ }
+
+ try
+ {
+ FacesContext.getCurrentInstance().getExternalContext().redirect(url.toString());
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException(e);
+
+ }
+ }
+
+ public String getReturnUrl()
+ {
+ return returnUrl;
+ }
+
+ public void setReturnUrl(String returnUrl)
+ {
+ this.returnUrl = returnUrl;
+ }
+
+ public String getOpenId()
+ {
+ return openId;
+ }
+
+ public void setOpenId(String openId)
+ {
+ this.openId = openId;
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/InternalAuthenticator.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/InternalAuthenticator.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/InternalAuthenticator.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/InternalAuthenticator.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,78 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.security.Principal;
+import java.util.LinkedList;
+import java.util.List;
+
+import javax.enterprise.inject.spi.BeanManager;
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.security.auth.login.LoginException;
+import javax.servlet.http.HttpServletRequest;
+
+import org.jboss.seam.security.Identity;
+import org.jboss.seam.security.events.LoginFailedEvent;
+import org.jboss.seam.security.events.PostAuthenticateEvent;
+import org.jboss.seam.security.external.configuration.ServiceProvider;
+
+ at Named("internalAuthenticator")
+public class InternalAuthenticator
+{
+ @Inject
+ private Identity identity;
+
+ @Inject
+ private ServiceProvider serviceProvider;
+
+ @Inject
+ private BeanManager beanManager;
+
+ public boolean authenticate(Principal principal, HttpServletRequest httpRequest)
+ {
+ List<String> roles = new LinkedList<String>();
+ Boolean internallyAuthenticated = null; // FIXME =
+ // serviceProvider.getInternalAuthenticationMethod().invoke(principal,
+ // roles);
+
+ beanManager.fireEvent(new PostAuthenticateEvent());
+
+ if (internallyAuthenticated)
+ {
+ // FIXME identity.acceptExternallyAuthenticatedPrincipal(principal);
+
+ for (String role : roles)
+ {
+ // FIXME identity.addRole(role);
+ }
+
+ beanManager.fireEvent(new LoggedInEvent(null) /* FIXME: no user */);
+ }
+ else
+ {
+ beanManager.fireEvent(new LoginFailedEvent(new LoginException()));
+ }
+
+ return internallyAuthenticated;
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/InvalidRequestException.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/InvalidRequestException.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/InvalidRequestException.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/InvalidRequestException.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,61 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+/**
+ * Exception thrown to indicate that the request is invalid.
+ */
+public class InvalidRequestException extends Exception
+{
+ private static final long serialVersionUID = -9127592026257210986L;
+
+ private String description;
+
+ private Exception cause;
+
+ public InvalidRequestException(String description)
+ {
+ this(description, null);
+ }
+
+ public InvalidRequestException(String description, Exception cause)
+ {
+ super();
+ this.description = description;
+ this.cause = cause;
+ }
+
+ public String getDescription()
+ {
+ return description;
+ }
+
+ public Exception getCause()
+ {
+ return cause;
+ }
+
+ public void setCause(Exception cause)
+ {
+ this.cause = cause;
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/LoggedInEvent.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/LoggedInEvent.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/LoggedInEvent.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/LoggedInEvent.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,32 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+public class LoggedInEvent
+{
+
+ public LoggedInEvent(Object object)
+ {
+ // TODO Auto-generated constructor stub
+ }
+
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdConsumerManagerFactory.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdConsumerManagerFactory.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdConsumerManagerFactory.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdConsumerManagerFactory.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,48 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.inject.Produces;
+import javax.inject.Inject;
+import javax.inject.Named;
+
+import org.openid4java.consumer.ConsumerManager;
+
+ at Named("openIdConsumerManager")
+ at ApplicationScoped
+public class OpenIdConsumerManagerFactory
+{
+ private ConsumerManager consumerManager;
+
+ @Produces
+ public ConsumerManager getConsumerManager()
+ {
+ return consumerManager;
+ }
+
+ @Inject
+ public void startup() throws Exception
+ {
+ consumerManager = new ConsumerManager();
+ }
+}
\ No newline at end of file
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdPrincipal.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdPrincipal.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdPrincipal.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdPrincipal.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,65 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.net.URL;
+import java.security.Principal;
+import java.util.List;
+import java.util.Map;
+
+public class OpenIdPrincipal implements Principal
+{
+ private String identifier;
+
+ private URL openIdProvider;
+
+ private Map<String, List<String>> attributes;
+
+ public OpenIdPrincipal(String identifier, URL openIdProvider, Map<String, List<String>> attributes)
+ {
+ super();
+ this.identifier = identifier;
+ this.openIdProvider = openIdProvider;
+ this.attributes = attributes;
+ }
+
+ public String getName()
+ {
+ return identifier;
+ }
+
+ public String getIdentifier()
+ {
+ return identifier;
+ }
+
+ public URL getOpenIdProvider()
+ {
+ return openIdProvider;
+ }
+
+ public Map<String, List<String>> getAttributes()
+ {
+ return attributes;
+ }
+
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdRequest.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdRequest.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdRequest.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdRequest.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,56 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import javax.enterprise.context.SessionScoped;
+import javax.inject.Named;
+
+import org.openid4java.discovery.DiscoveryInformation;
+
+ at Named("openIdRequest")
+ at SessionScoped
+public class OpenIdRequest
+{
+ private DiscoveryInformation discoveryInformation;
+
+ private String returnUrl;
+
+ public DiscoveryInformation getDiscoveryInformation()
+ {
+ return discoveryInformation;
+ }
+
+ public void setDiscoveryInformation(DiscoveryInformation discoveryInformation)
+ {
+ this.discoveryInformation = discoveryInformation;
+ }
+
+ public String getReturnUrl()
+ {
+ return returnUrl;
+ }
+
+ public void setReturnUrl(String returnUrl)
+ {
+ this.returnUrl = returnUrl;
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdSingleLoginReceiver.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdSingleLoginReceiver.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdSingleLoginReceiver.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdSingleLoginReceiver.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,139 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.io.IOException;
+import java.net.URL;
+import java.util.List;
+import java.util.Map;
+
+import javax.enterprise.inject.spi.BeanManager;
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.security.auth.login.LoginException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.jboss.seam.security.events.LoginFailedEvent;
+import org.jboss.seam.security.external.configuration.ServiceProvider;
+import org.openid4java.OpenIDException;
+import org.openid4java.consumer.ConsumerManager;
+import org.openid4java.consumer.VerificationResult;
+import org.openid4java.discovery.DiscoveryInformation;
+import org.openid4java.discovery.Identifier;
+import org.openid4java.message.AuthSuccess;
+import org.openid4java.message.ParameterList;
+import org.openid4java.message.ax.AxMessage;
+import org.openid4java.message.ax.FetchResponse;
+
+ at Named("openIdSingleLoginReceiver")
+public class OpenIdSingleLoginReceiver
+{
+ @Inject
+ private OpenIdRequest openIdRequest;
+
+ @Inject
+ private ConsumerManager openIdConsumerManager;
+
+ @Inject
+ private InternalAuthenticator internalAuthenticator;
+
+ @Inject
+ private ServiceProvider serviceProvider;
+
+ @Inject
+ private BeanManager manager;
+
+ @SuppressWarnings("unchecked")
+ public void handleIncomingMessage(HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws InvalidRequestException
+ {
+ try
+ {
+ // extract the parameters from the authentication response
+ // (which comes in as a HTTP request from the OpenID provider)
+ ParameterList response = new ParameterList(httpRequest.getParameterMap());
+
+ // retrieve the previously stored discovery information
+ DiscoveryInformation discovered = openIdRequest.getDiscoveryInformation();
+
+ // extract the receiving URL from the HTTP request
+ StringBuffer receivingURL = httpRequest.getRequestURL();
+ String queryString = httpRequest.getQueryString();
+ if (queryString != null && queryString.length() > 0)
+ receivingURL.append("?").append(httpRequest.getQueryString());
+
+ // verify the response; ConsumerManager needs to be the same
+ // (static) instance used to place the authentication request
+ VerificationResult verification = openIdConsumerManager.verify(receivingURL.toString(), response, discovered);
+
+ boolean authenticated = true;
+
+ // examine the verification result and extract the verified identifier
+ Identifier identifier = verification.getVerifiedId();
+
+ if (identifier != null)
+ {
+ AuthSuccess authSuccess = (AuthSuccess) verification.getAuthResponse();
+
+ Map<String, List<String>> attributes = null;
+ if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX))
+ {
+ FetchResponse fetchResp = (FetchResponse) authSuccess.getExtension(AxMessage.OPENID_NS_AX);
+
+ attributes = fetchResp.getAttributes();
+ }
+
+ OpenIdPrincipal principal = createPrincipal(identifier.getIdentifier(), discovered.getOPEndpoint(), attributes);
+
+ authenticated = internalAuthenticator.authenticate(principal, httpRequest);
+ }
+ else
+ {
+ manager.fireEvent(new LoginFailedEvent(new LoginException()));
+ authenticated = false;
+ }
+
+ if (authenticated)
+ {
+ httpResponse.sendRedirect(openIdRequest.getReturnUrl());
+ }
+ else
+ {
+ httpResponse.sendRedirect(serviceProvider.getFailedAuthenticationUrl());
+ }
+ }
+ catch (OpenIDException e)
+ {
+ throw new RuntimeException(e);
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException(e);
+ }
+
+ }
+
+ private OpenIdPrincipal createPrincipal(String identifier, URL openIdProvider, Map<String, List<String>> attributes)
+ {
+ return new OpenIdPrincipal(identifier, openIdProvider, attributes);
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdSingleLoginSender.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdSingleLoginSender.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdSingleLoginSender.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdSingleLoginSender.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,113 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.io.IOException;
+import java.util.List;
+
+import javax.enterprise.inject.spi.BeanManager;
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.security.auth.login.LoginException;
+import javax.servlet.http.HttpServletResponse;
+
+import org.jboss.seam.security.events.LoginFailedEvent;
+import org.jboss.seam.security.events.PreAuthenticateEvent;
+import org.jboss.seam.security.external.configuration.ServiceProvider;
+import org.jboss.seam.security.external.jaxb.config.OpenIdAttributeType;
+import org.openid4java.OpenIDException;
+import org.openid4java.consumer.ConsumerManager;
+import org.openid4java.discovery.DiscoveryInformation;
+import org.openid4java.message.AuthRequest;
+import org.openid4java.message.ax.FetchRequest;
+
+ at Named("org.jboss.seam.security.external.openIdSingleLoginSender")
+public class OpenIdSingleLoginSender
+{
+ @Inject
+ private OpenIdRequest openIdRequest;
+
+ @Inject
+ private ConsumerManager openIdConsumerManager;
+
+ @Inject
+ private ServiceProvider serviceProvider;
+
+ @Inject
+ private BeanManager manager;
+
+ public String sendAuthRequest(String openId, String returnUrl, HttpServletResponse httpResponse)
+ {
+ try
+ {
+ @SuppressWarnings("unchecked")
+ List<DiscoveryInformation> discoveries = openIdConsumerManager.discover(openId);
+
+ DiscoveryInformation discovered = openIdConsumerManager.associate(discoveries);
+
+ openIdRequest.setDiscoveryInformation(discovered);
+ openIdRequest.setReturnUrl(returnUrl);
+
+ String openIdServiceUrl = serviceProvider.getServiceURL(ExternalAuthenticationService.OPEN_ID_SERVICE);
+ String realm = serviceProvider.getOpenIdRealm();
+ AuthRequest authReq = openIdConsumerManager.authenticate(discovered, openIdServiceUrl, realm);
+
+ // Request attributes
+ List<OpenIdAttributeType> attributes = serviceProvider.getOpenIdConfiguration().getAttributes();
+ if (attributes.size() > 0)
+ {
+ FetchRequest fetch = FetchRequest.createFetchRequest();
+ for (OpenIdAttributeType attribute : attributes)
+ {
+ fetch.addAttribute(attribute.getAlias(), attribute.getTypeUri(), attribute.isRequired());
+ }
+ // attach the extension to the authentication request
+ authReq.addExtension(fetch);
+ }
+
+ String url = authReq.getDestinationUrl(true);
+
+ manager.fireEvent(new PreAuthenticateEvent());
+
+ httpResponse.sendRedirect(url);
+ }
+ catch (OpenIDException e)
+ {
+ try
+ {
+ manager.fireEvent(new LoginFailedEvent(new LoginException()));
+
+ httpResponse.sendRedirect(serviceProvider.getFailedAuthenticationUrl());
+ }
+ catch (IOException e1)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException(e);
+ }
+
+ return null;
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdXrdsProvider.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdXrdsProvider.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdXrdsProvider.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdXrdsProvider.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,79 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.io.OutputStream;
+
+import javax.inject.Inject;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Marshaller;
+
+import org.jboss.seam.security.external.configuration.ServiceProvider;
+import org.jboss.seam.security.external.jaxb.xrds.ObjectFactory;
+import org.jboss.seam.security.external.jaxb.xrds.Service;
+import org.jboss.seam.security.external.jaxb.xrds.Type;
+import org.jboss.seam.security.external.jaxb.xrds.URIPriorityAppendPattern;
+import org.jboss.seam.security.external.jaxb.xrds.XRD;
+import org.jboss.seam.security.external.jaxb.xrds.XRDS;
+import org.openid4java.discovery.DiscoveryInformation;
+
+public class OpenIdXrdsProvider
+{
+ @Inject
+ private ServiceProvider serviceProvider;
+
+ public void writeMetaData(OutputStream stream)
+ {
+ try
+ {
+ ObjectFactory objectFactory = new ObjectFactory();
+
+ XRDS xrds = objectFactory.createXRDS();
+
+ XRD xrd = objectFactory.createXRD();
+
+ Type type = objectFactory.createType();
+ type.setValue(DiscoveryInformation.OPENID2_RP);
+ URIPriorityAppendPattern uri = objectFactory.createURIPriorityAppendPattern();
+ uri.setValue(serviceProvider.getServiceURL(ExternalAuthenticationService.OPEN_ID_SERVICE));
+
+ Service service = objectFactory.createService();
+ service.getType().add(type);
+ service.getURI().add(uri);
+
+ xrd.getService().add(service);
+
+ xrds.getOtherelement().add(xrd);
+
+ JAXBContext jaxbContext = JAXBContext.newInstance("org.jboss.seam.security.external.jaxb.xrds");
+ Marshaller marshaller = jaxbContext.createMarshaller();
+ marshaller.setProperty(Marshaller.JAXB_ENCODING, "UTF-8");
+ marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
+ marshaller.marshal(xrds, stream);
+ }
+ catch (JAXBException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/PagesSupportingExternalAuthentication.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/PagesSupportingExternalAuthentication.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/PagesSupportingExternalAuthentication.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/PagesSupportingExternalAuthentication.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,81 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+/**
+ * Override of Seam's Pages component. It replaces the login page redirection method with a version
+ * that redirects to an URL that is filtered by the SamlAuthenticationFilter.
+ */
+
+// FIXME
+
+//@ApplicationScoped
+//@BypassInterceptors
+//@Name("org.jboss.seam.navigation.pages")
+//@Injectstall(precedence = Install.FRAMEWORK, classDependencies = "javax.faces.context.FacesContext")
+//@Startup
+//public class PagesSupportingExternalAuthentication extends Pages
+//{
+// @Override
+// public void redirectToLoginView()
+// {
+// notLoggedIn();
+//
+// HttpServletRequest httpRequest = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext()
+// .getRequest();
+//
+// StringBuffer returnUrl = httpRequest.getRequestURL();
+//
+// ExternalAuthenticator externalAuthenticator = (ExternalAuthenticator) Component
+// .getInstance(ExternalAuthenticator.class);
+// externalAuthenticator.setReturnUrl(returnUrl.toString());
+//
+// ServiceProvider serviceProvider = Configuration.instance().getServiceProvider();
+//
+// // Use default SAML identity provider, if configured
+// SamlConfiguration samlConfiguration = serviceProvider.getSamlConfiguration();
+// if (samlConfiguration != null && samlConfiguration.getDefaultIdentityProvider() != null)
+// {
+// externalAuthenticator.samlSignOn(samlConfiguration.getDefaultIdentityProvider().getEntityId());
+// }
+// else
+// {
+// // Otherwise, use default OpenId identity provider, if configured
+// OpenIdConfiguration openIdConfiguration = serviceProvider.getOpenIdConfiguration();
+// if (openIdConfiguration != null && openIdConfiguration.getDefaultOpenIdProvider() != null)
+// {
+// externalAuthenticator.openIdSignOn(openIdConfiguration.getDefaultOpenIdProvider());
+// }
+// else
+// {
+// // Otherwise, redirect to the login view, so that the user can choose an IDP
+// if (getLoginViewId() == null)
+// {
+// throw new RuntimeException("Login view id not specified in pages.xml.");
+// }
+// Map<String, Object> parameters = new HashMap<String, Object>();
+// parameters.put(ExternalAuthenticationFilter.RETURN_URL_PARAMETER, returnUrl);
+// FacesManager.instance().redirect(getLoginViewId(), parameters, false);
+// }
+// }
+// }
+// }
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/RequestContext.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/RequestContext.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/RequestContext.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/RequestContext.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,75 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
+
+/**
+ * Context of an authentication request.
+ *
+ */
+public class RequestContext
+{
+ private String id;
+
+ private SamlIdentityProvider identityProvider;
+
+ private String urlToRedirectToAfterLogin;
+
+ public RequestContext(String id, SamlIdentityProvider identityProvider, String urlToRedirectToAfterLogin)
+ {
+ super();
+ this.id = id;
+ this.identityProvider = identityProvider;
+ this.urlToRedirectToAfterLogin = urlToRedirectToAfterLogin;
+ }
+
+ public String getId()
+ {
+ return id;
+ }
+
+ public void setId(String id)
+ {
+ this.id = id;
+ }
+
+ public SamlIdentityProvider getIdentityProvider()
+ {
+ return identityProvider;
+ }
+
+ public void setIdentityProvider(SamlIdentityProvider identityProvider)
+ {
+ this.identityProvider = identityProvider;
+ }
+
+ public String getUrlToRedirectToAfterLogin()
+ {
+ return urlToRedirectToAfterLogin;
+ }
+
+ public void setUrlToRedirectToAfterLogin(String urlToRedirectToAfterLogin)
+ {
+ this.urlToRedirectToAfterLogin = urlToRedirectToAfterLogin;
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/RequestOrResponse.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/RequestOrResponse.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/RequestOrResponse.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/RequestOrResponse.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,37 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+public enum RequestOrResponse
+{
+ REQUEST, RESPONSE;
+
+ public boolean isRequest()
+ {
+ return this == REQUEST;
+ }
+
+ public boolean isResponse()
+ {
+ return this == RESPONSE;
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/Requests.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/Requests.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/Requests.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/Requests.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,81 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.enterprise.context.SessionScoped;
+import javax.servlet.http.HttpServletResponse;
+
+import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Session scoped component that stores requests that have been sent to the
+ * identity provider.
+ */
+ at SessionScoped
+public class Requests
+{
+ private Map<String, RequestContext> requests = new HashMap<String, RequestContext>();
+
+ private Logger log = LoggerFactory.getLogger(Requests.class);
+
+ public void addRequest(String id, SamlIdentityProvider identityProvider, String urlToRedirectToAfterLogin)
+ {
+ requests.put(id, new RequestContext(id, identityProvider, urlToRedirectToAfterLogin));
+ }
+
+ public RequestContext getRequest(String id)
+ {
+ return requests.get(id);
+ }
+
+ public void removeRequest(String id)
+ {
+ requests.remove(id);
+ }
+
+ public void redirect(String id, HttpServletResponse response)
+ {
+ String requestURL = requests.get(id).getUrlToRedirectToAfterLogin();
+ if (requestURL == null)
+ {
+ throw new RuntimeException("Couldn't find URL to redirect to for request " + id);
+ }
+ try
+ {
+ if (log.isDebugEnabled())
+ {
+ log.debug("Redirecting to " + requestURL);
+ }
+ response.sendRedirect(requestURL);
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlConstants.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlConstants.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlConstants.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlConstants.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,59 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+public class SamlConstants
+{
+ // Query string parameters used by the HTTP_Redirect binding
+ public static final String QSP_SAML_REQUEST = "SAMLRequest";
+
+ public static final String QSP_SAML_RESPONSE = "SAMLResponse";
+
+ public static final String QSP_SIGNATURE = "Signature";
+
+ public static final String QSP_SIG_ALG = "SigAlg";
+
+ public static final String QSP_RELAY_STATE = "RelayState";
+
+ public static final String HTTP_POST_BINDING = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
+
+ public static final String HTTP_REDIRECT_BINDING = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect";
+
+ public static final String CONFIRMATION_METHOD_BEARER = "urn:oasis:names:tc:SAML:2.0:cm:bearer";
+
+ public static final String VERSION_2_0 = "2.0";
+
+ public static final String PROTOCOL_NSURI = "urn:oasis:names:tc:SAML:2.0:protocol";
+
+ public static final String STATUS_SUCCESS = "urn:oasis:names:tc:SAML:2.0:status:Success";
+
+ public static final String XMLDSIG_NSURI = "http://www.w3.org/2000/09/xmldsig#";
+
+ public static final String SIGNATURE_SHA1_WITH_DSA = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
+
+ public static final String SIGNATURE_SHA1_WITH_RSA = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
+
+ public static final String DSA_SIGNATURE_ALGORITHM = "SHA1withDSA";
+
+ public static final String RSA_SIGNATURE_ALGORITHM = "SHA1withRSA";
+
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageFactory.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMessageFactory.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageFactory.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageFactory.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,128 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.util.UUID;
+
+import javax.inject.Inject;
+import javax.naming.ConfigurationException;
+
+import org.jboss.seam.security.external.configuration.ServiceProvider;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.NameIDType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.AuthnRequestType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.LogoutRequestType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.ObjectFactory;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.RequestAbstractType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusCodeType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusResponseType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusType;
+
+public class SamlMessageFactory
+{
+ @Inject
+ private ServiceProvider serviceProvider;
+
+ public StatusResponseType createStatusResponse(RequestAbstractType request, String statusCode, String statusMessage)
+ {
+ ObjectFactory objectFactory = new ObjectFactory();
+ org.jboss.seam.security.external.jaxb.samlv2.assertion.ObjectFactory assertionObjectFactory = new org.jboss.seam.security.external.jaxb.samlv2.assertion.ObjectFactory();
+
+ StatusResponseType response = objectFactory.createStatusResponseType();
+
+ response.setID(generateId());
+ response.setIssueInstant(SamlUtils.getXMLGregorianCalendar());
+
+ NameIDType issuer = assertionObjectFactory.createNameIDType();
+ issuer.setValue(serviceProvider.getSamlConfiguration().getEntityId());
+ response.setIssuer(issuer);
+
+ response.setVersion(SamlConstants.VERSION_2_0);
+ response.setInResponseTo(request.getID());
+
+ StatusCodeType statusCodeJaxb = objectFactory.createStatusCodeType();
+ statusCodeJaxb.setValue(statusCode);
+
+ StatusType statusType = objectFactory.createStatusType();
+ statusType.setStatusCode(statusCodeJaxb);
+ if (statusMessage != null)
+ {
+ statusType.setStatusMessage(statusMessage);
+ }
+
+ response.setStatus(statusType);
+
+ return response;
+ }
+
+ public AuthnRequestType createAuthnRequest()
+ {
+ ObjectFactory objectFactory = new ObjectFactory();
+ org.jboss.seam.security.external.jaxb.samlv2.assertion.ObjectFactory assertionObjectFactory = new org.jboss.seam.security.external.jaxb.samlv2.assertion.ObjectFactory();
+
+ AuthnRequestType authnRequest = objectFactory.createAuthnRequestType();
+
+ authnRequest.setID(generateId());
+ authnRequest.setIssueInstant(SamlUtils.getXMLGregorianCalendar());
+
+ NameIDType issuer = assertionObjectFactory.createNameIDType();
+ issuer.setValue(serviceProvider.getSamlConfiguration().getEntityId());
+ authnRequest.setIssuer(issuer);
+
+ authnRequest.setVersion(SamlConstants.VERSION_2_0);
+
+ // Fill in the optional fields that indicate where and how the response
+ // should be delivered.
+ authnRequest.setAssertionConsumerServiceURL(serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE));
+ authnRequest.setProtocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
+
+ return authnRequest;
+ }
+
+ public LogoutRequestType createLogoutRequest(SeamSamlPrincipal principal) throws ConfigurationException
+ {
+ ObjectFactory objectFactory = new ObjectFactory();
+ org.jboss.seam.security.external.jaxb.samlv2.assertion.ObjectFactory assertionObjectFactory = new org.jboss.seam.security.external.jaxb.samlv2.assertion.ObjectFactory();
+
+ LogoutRequestType logoutRequest = objectFactory.createLogoutRequestType();
+
+ logoutRequest.setID(generateId());
+ logoutRequest.setIssueInstant(SamlUtils.getXMLGregorianCalendar());
+
+ NameIDType issuer = assertionObjectFactory.createNameIDType();
+ issuer.setValue(serviceProvider.getSamlConfiguration().getEntityId());
+ logoutRequest.setIssuer(issuer);
+
+ NameIDType nameID = assertionObjectFactory.createNameIDType();
+ nameID.setValue(principal.getNameId().getValue());
+ logoutRequest.setNameID(nameID);
+
+ logoutRequest.setVersion(SamlConstants.VERSION_2_0);
+ logoutRequest.getSessionIndex().add(principal.getSessionIndex());
+
+ return logoutRequest;
+ }
+
+ private String generateId()
+ {
+ return "ID_" + UUID.randomUUID();
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageReceiver.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMessageReceiver.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageReceiver.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageReceiver.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,279 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.UnsupportedEncodingException;
+import java.net.URLDecoder;
+import java.util.zip.Inflater;
+import java.util.zip.InflaterInputStream;
+
+import javax.inject.Inject;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
+import org.jboss.seam.security.external.configuration.ServiceProvider;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.RequestAbstractType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusResponseType;
+import org.jboss.seam.security.util.Base64;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.Document;
+import org.xml.sax.SAXException;
+
+public class SamlMessageReceiver
+{
+ private static final Logger log = LoggerFactory.getLogger(SamlMessageReceiver.class);
+
+ @Inject
+ private Requests requests;
+
+ @Inject
+ private SamlSingleLogoutReceiver samlSingleLogoutReceiver;
+
+ @Inject
+ private SamlSingleSignOnReceiver samlSingleSignOnReceiver;
+
+ @Inject
+ private ServiceProvider serviceProvider;
+
+ @Inject
+ private SamlSignatureUtilForPostBinding signatureUtilForPostBinding;
+
+ @Inject
+ private SamlSignatureUtilForRedirectBinding signatureUtilForRedirectBinding;
+
+ private JAXBContext jaxbContext;
+
+ @Inject
+ public void init()
+ {
+ try
+ {
+ jaxbContext = JAXBContext.newInstance(StatusResponseType.class);
+ }
+ catch (JAXBException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public void handleIncomingSamlMessage(SamlProfile samlProfile, HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws InvalidRequestException
+ {
+ String samlRequestParam = httpRequest.getParameter(SamlConstants.QSP_SAML_REQUEST);
+ String samlResponseParam = httpRequest.getParameter(SamlConstants.QSP_SAML_RESPONSE);
+
+ RequestOrResponse requestOrResponse;
+ String samlMessage;
+
+ if (samlRequestParam != null && samlResponseParam == null)
+ {
+ samlMessage = samlRequestParam;
+ requestOrResponse = RequestOrResponse.REQUEST;
+ }
+ else if (samlRequestParam == null && samlResponseParam != null)
+ {
+ samlMessage = samlResponseParam;
+ requestOrResponse = RequestOrResponse.RESPONSE;
+ }
+ else
+ {
+ throw new InvalidRequestException("SAML message should either have a SAMLRequest parameter or a SAMLResponse parameter");
+ }
+
+ InputStream is;
+ if (httpRequest.getMethod().equals("POST"))
+ {
+ byte[] decodedMessage = Base64.decode(samlMessage);
+ is = new ByteArrayInputStream(decodedMessage);
+ }
+ else
+ {
+ String urlDecoded;
+ try
+ {
+ urlDecoded = URLDecoder.decode(samlMessage, "UTF-8");
+ }
+ catch (UnsupportedEncodingException e)
+ {
+ throw new RuntimeException(e);
+ }
+ byte[] base64Decoded = Base64.decode(urlDecoded);
+ ByteArrayInputStream bais = new ByteArrayInputStream(base64Decoded);
+ is = new InflaterInputStream(bais, new Inflater(true));
+ }
+
+ Document document = getDocument(is);
+ String issuerEntityId;
+ RequestAbstractType samlRequest = null;
+ StatusResponseType samlResponse = null;
+ if (requestOrResponse.isRequest())
+ {
+ samlRequest = getSamlRequest(document);
+ issuerEntityId = samlRequest.getIssuer().getValue();
+ }
+ else
+ {
+ samlResponse = getSamlResponse(document);
+ issuerEntityId = samlResponse.getIssuer().getValue();
+ }
+ if (log.isDebugEnabled())
+ {
+ log.debug("Received from IDP: " + SamlUtils.getDocumentAsString(document));
+ }
+
+ SamlIdentityProvider idp = serviceProvider.getSamlConfiguration().getSamlIdentityProviderByEntityId(issuerEntityId);
+ if (idp == null)
+ {
+ throw new InvalidRequestException("Received message from unknown idp " + issuerEntityId);
+ }
+
+ boolean validate;
+ if (samlProfile == SamlProfile.SINGLE_SIGN_ON)
+ {
+ validate = serviceProvider.getSamlConfiguration().isWantAssertionsSigned();
+ }
+ else
+ {
+ validate = idp.isSingleLogoutMessagesSigned();
+ }
+
+ if (validate)
+ {
+ if (log.isDebugEnabled())
+ {
+ log.debug("Validating the signature");
+ }
+ if (httpRequest.getMethod().equals("POST"))
+ {
+ signatureUtilForPostBinding.validateSignature(idp, document);
+ }
+ else
+ {
+ signatureUtilForRedirectBinding.validateSignature(idp, httpRequest, requestOrResponse);
+ }
+ }
+
+ RequestContext requestContext = null;
+ if (requestOrResponse.isResponse() && samlResponse.getInResponseTo() != null)
+ {
+ requestContext = requests.getRequest(samlResponse.getInResponseTo());
+ if (requestContext == null)
+ {
+ throw new InvalidRequestException("No request that corresponds with the received response");
+ }
+ else if (!(requestContext.getIdentityProvider().equals(idp)))
+ {
+ throw new InvalidRequestException("Identity provider of request and response do not match");
+ }
+ }
+
+ if (samlProfile == SamlProfile.SINGLE_SIGN_ON)
+ {
+ if (requestOrResponse.isRequest())
+ {
+ throw new InvalidRequestException("Assertion consumer service can only process SAML responses");
+ }
+ else
+ {
+ samlSingleSignOnReceiver.processIDPResponse(httpRequest, httpResponse, samlResponse, requestContext, idp);
+ }
+ }
+ else
+ {
+ if (requestOrResponse.isRequest())
+ {
+ samlSingleLogoutReceiver.processIDPRequest(httpRequest, httpResponse, samlRequest, idp);
+ }
+ else
+ {
+ samlSingleLogoutReceiver.processIDPResponse(httpRequest, httpResponse, samlResponse, requestContext, idp);
+ }
+ }
+ }
+
+ private RequestAbstractType getSamlRequest(Document document) throws InvalidRequestException
+ {
+ try
+ {
+ Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
+ @SuppressWarnings("unchecked")
+ JAXBElement<RequestAbstractType> jaxbRequest = (JAXBElement<RequestAbstractType>) unmarshaller.unmarshal(document);
+ RequestAbstractType request = jaxbRequest.getValue();
+ return request;
+ }
+ catch (JAXBException e)
+ {
+ throw new InvalidRequestException("SAML message could not be parsed", e);
+ }
+ }
+
+ private StatusResponseType getSamlResponse(Document document) throws InvalidRequestException
+ {
+ try
+ {
+ Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
+ @SuppressWarnings("unchecked")
+ JAXBElement<StatusResponseType> jaxbResponseType = (JAXBElement<StatusResponseType>) unmarshaller.unmarshal(document);
+ StatusResponseType statusResponse = jaxbResponseType.getValue();
+ return statusResponse;
+ }
+ catch (JAXBException e)
+ {
+ throw new InvalidRequestException("SAML message could not be parsed", e);
+ }
+ }
+
+ private Document getDocument(InputStream is) throws InvalidRequestException
+ {
+ try
+ {
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ factory.setXIncludeAware(true);
+ DocumentBuilder builder = factory.newDocumentBuilder();
+ return builder.parse(is);
+ }
+ catch (ParserConfigurationException e)
+ {
+ throw new RuntimeException(e);
+ }
+ catch (SAXException e)
+ {
+ throw new InvalidRequestException("SAML request could not be parsed", e);
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageSender.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMessageSender.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageSender.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageSender.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,366 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.util.zip.Deflater;
+import java.util.zip.DeflaterOutputStream;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.bind.Binder;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.crypto.dsig.DigestMethod;
+import javax.xml.crypto.dsig.SignatureMethod;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.jboss.seam.security.external.configuration.Binding;
+import org.jboss.seam.security.external.configuration.SamlEndpoint;
+import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
+import org.jboss.seam.security.external.configuration.SamlService;
+import org.jboss.seam.security.external.configuration.ServiceProvider;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.AuthnRequestType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.LogoutRequestType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.ObjectFactory;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.RequestAbstractType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusResponseType;
+import org.jboss.seam.security.util.Base64;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.Node;
+
+ at Named("org.picketlink.identity.seam.federation.samlMessageSender")
+public class SamlMessageSender
+{
+ private Logger log = LoggerFactory.getLogger(SamlMessageSender.class);
+
+ @Inject
+ private ServiceProvider serviceProvider;
+
+ @Inject
+ private SamlSignatureUtilForPostBinding signatureUtilForPostBinding;
+
+ @Inject
+ private SamlSignatureUtilForRedirectBinding signatureUtilForRedirectBinding;
+
+ private JAXBContext jaxbContextRequestAbstractType;
+
+ private JAXBContext jaxbContextStatusResponseType;
+
+ @Inject
+ public void init()
+ {
+ try
+ {
+ jaxbContextRequestAbstractType = JAXBContext.newInstance(RequestAbstractType.class);
+ jaxbContextStatusResponseType = JAXBContext.newInstance(StatusResponseType.class);
+ }
+ catch (JAXBException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public void sendRequestToIDP(HttpServletRequest request, HttpServletResponse response, SamlIdentityProvider samlIdentityProvider, SamlProfile profile, RequestAbstractType samlRequest)
+ {
+ Document message = null;
+ SamlEndpoint endpoint = null;
+ try
+ {
+ SamlService service = samlIdentityProvider.getService(profile);
+ endpoint = service.getEndpointForBinding(Binding.HTTP_Post);
+ if (endpoint == null)
+ {
+ endpoint = service.getEndpointForBinding(Binding.HTTP_Redirect);
+ }
+ if (endpoint == null)
+ {
+ throw new RuntimeException("Idp " + samlIdentityProvider.getEntityId() + " has no endpoint found for profile " + profile);
+ }
+ samlRequest.setDestination(endpoint.getLocation());
+
+ JAXBElement<?> requestElement;
+ if (samlRequest instanceof AuthnRequestType)
+ {
+ AuthnRequestType authnRequest = (AuthnRequestType) samlRequest;
+ requestElement = new ObjectFactory().createAuthnRequest(authnRequest);
+ }
+ else if (samlRequest instanceof LogoutRequestType)
+ {
+ LogoutRequestType logoutRequest = (LogoutRequestType) samlRequest;
+ requestElement = new ObjectFactory().createLogoutRequest(logoutRequest);
+ }
+ else
+ {
+ throw new RuntimeException("Currently only authentication and logout requests can be sent");
+ }
+
+ Binder<Node> binder = jaxbContextRequestAbstractType.createBinder();
+
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ factory.setXIncludeAware(true);
+ DocumentBuilder builder;
+ builder = factory.newDocumentBuilder();
+ message = builder.newDocument();
+
+ binder.marshal(requestElement, message);
+ }
+ catch (JAXBException e)
+ {
+ throw new RuntimeException(e);
+ }
+ catch (ParserConfigurationException e)
+ {
+ throw new RuntimeException(e);
+ }
+
+ sendMessageToIDP(request, response, samlIdentityProvider, message, RequestOrResponse.REQUEST, endpoint);
+ }
+
+ public void sendResponseToIDP(HttpServletRequest request, HttpServletResponse response, SamlIdentityProvider samlIdentityProvider, SamlEndpoint endpoint, StatusResponseType samlResponse)
+ {
+ Document message = null;
+ try
+ {
+ samlResponse.setDestination(endpoint.getResponseLocation());
+
+ JAXBElement<StatusResponseType> responseElement;
+ if (endpoint.getService().getProfile().equals(SamlProfile.SINGLE_LOGOUT))
+ {
+ responseElement = new ObjectFactory().createLogoutResponse(samlResponse);
+ }
+ else
+ {
+ throw new RuntimeException("Responses can currently only be created for the single logout service");
+ }
+
+ Binder<Node> binder = jaxbContextStatusResponseType.createBinder();
+
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ factory.setXIncludeAware(true);
+ DocumentBuilder builder;
+ builder = factory.newDocumentBuilder();
+ message = builder.newDocument();
+
+ binder.marshal(responseElement, message);
+ }
+ catch (JAXBException e)
+ {
+ throw new RuntimeException(e);
+ }
+ catch (ParserConfigurationException e)
+ {
+ throw new RuntimeException(e);
+ }
+
+ sendMessageToIDP(request, response, samlIdentityProvider, message, RequestOrResponse.RESPONSE, endpoint);
+ }
+
+ private void sendMessageToIDP(HttpServletRequest request, HttpServletResponse response, SamlIdentityProvider samlIdentityProvider, Document message, RequestOrResponse requestOrResponse, SamlEndpoint endpoint)
+ {
+ if (log.isDebugEnabled())
+ {
+ log.debug("Sending over to IDP: " + SamlUtils.getDocumentAsString(message));
+ }
+
+ try
+ {
+ boolean signMessage;
+ if (endpoint.getService().getProfile().equals(SamlProfile.SINGLE_SIGN_ON))
+ {
+ signMessage = samlIdentityProvider.isWantAuthnRequestsSigned();
+ }
+ else
+ {
+ signMessage = samlIdentityProvider.isWantSingleLogoutMessagesSigned();
+ }
+
+ PrivateKey privateKey = serviceProvider.getSamlConfiguration().getPrivateKey();
+
+ if (endpoint.getBinding() == Binding.HTTP_Redirect)
+ {
+ byte[] responseBytes = SamlUtils.getDocumentAsString(message).getBytes("UTF-8");
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ Deflater deflater = new Deflater(Deflater.DEFLATED, true);
+ DeflaterOutputStream deflaterStream = new DeflaterOutputStream(baos, deflater);
+ deflaterStream.write(responseBytes);
+ deflaterStream.finish();
+
+ byte[] deflatedMsg = baos.toByteArray();
+ String urlEncodedResponse = Base64.encodeBytes(deflatedMsg);
+
+ String finalDest = endpoint.getLocation() + getQueryString(urlEncodedResponse, signMessage, requestOrResponse, privateKey);
+ SamlUtils.sendRedirect(finalDest, response);
+ }
+ else
+ {
+ if (signMessage)
+ {
+ PublicKey publicKey = serviceProvider.getSamlConfiguration().getCertificate().getPublicKey();
+ signSAMLDocument(message, new KeyPair(publicKey, privateKey));
+ }
+ byte[] responseBytes = SamlUtils.getDocumentAsString(message).getBytes("UTF-8");
+
+ String samlResponse = Base64.encodeBytes(responseBytes, Base64.DONT_BREAK_LINES);
+
+ sendPost(endpoint.getLocation(), samlResponse, response, requestOrResponse.isRequest());
+
+ }
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ private void signSAMLDocument(Document samlDocument, KeyPair keypair)
+ {
+ // Get the ID from the root
+ String id = samlDocument.getDocumentElement().getAttribute("ID");
+
+ String referenceURI = "#" + id;
+
+ signatureUtilForPostBinding.sign(samlDocument, keypair, DigestMethod.SHA1, SignatureMethod.RSA_SHA1, referenceURI);
+ }
+
+ private String getQueryString(String urlEncodedSamlMessage, boolean supportSignature, RequestOrResponse requestOrResponse, PrivateKey signingKey)
+ {
+ StringBuilder sb = new StringBuilder();
+ sb.append("?");
+
+ if (supportSignature)
+ {
+ try
+ {
+ sb.append(getURLWithSignature(requestOrResponse, urlEncodedSamlMessage, signingKey));
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException(e);
+ }
+ catch (GeneralSecurityException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+ else
+ {
+ if (requestOrResponse == RequestOrResponse.REQUEST)
+ {
+ sb.append(SamlConstants.QSP_SAML_REQUEST);
+ }
+ else
+ {
+ sb.append(SamlConstants.QSP_SAML_RESPONSE);
+ }
+ sb.append("=").append(urlEncodedSamlMessage);
+ }
+ return sb.toString();
+ }
+
+ private void sendPost(String destination, String samlMessage, HttpServletResponse response, boolean request) throws IOException
+ {
+ String key = request ? SamlConstants.QSP_SAML_REQUEST : SamlConstants.QSP_SAML_RESPONSE;
+
+ if (destination == null)
+ throw new IllegalStateException("Destination is null");
+
+ response.setContentType("text/html");
+ PrintWriter out = response.getWriter();
+ response.setCharacterEncoding("UTF-8");
+ response.setHeader("Pragma", "no-cache");
+ response.setHeader("Cache-Control", "no-cache, no-store");
+ StringBuilder builder = new StringBuilder();
+
+ builder.append("<HTML>");
+ builder.append("<HEAD>");
+ if (request)
+ builder.append("<TITLE>HTTP Post Binding (Request)</TITLE>");
+ else
+ builder.append("<TITLE>HTTP Post Binding Response (Response)</TITLE>");
+
+ builder.append("</HEAD>");
+ builder.append("<BODY Onload=\"document.forms[0].submit()\">");
+
+ builder.append("<FORM METHOD=\"POST\" ACTION=\"" + destination + "\">");
+ builder.append("<INPUT TYPE=\"HIDDEN\" NAME=\"" + key + "\"" + " VALUE=\"" + samlMessage + "\"/>");
+ builder.append("</FORM></BODY></HTML>");
+
+ String str = builder.toString();
+ out.println(str);
+ out.close();
+ }
+
+ private String getURLWithSignature(RequestOrResponse requestOrResponse, String urlEncodedResponse, PrivateKey signingKey) throws IOException, GeneralSecurityException
+ {
+ String messageParameter;
+ if (requestOrResponse == RequestOrResponse.REQUEST)
+ {
+ messageParameter = SamlConstants.QSP_SAML_REQUEST;
+ }
+ else
+ {
+ messageParameter = SamlConstants.QSP_SAML_RESPONSE;
+ }
+
+ byte[] signature = signatureUtilForRedirectBinding.computeSignature(messageParameter + "=" + urlEncodedResponse, signingKey);
+ String sigAlgo = signingKey.getAlgorithm();
+
+ StringBuilder sb = new StringBuilder();
+ sb.append(messageParameter + "=").append(urlEncodedResponse);
+
+ try
+ {
+ sb.append("&").append(SamlConstants.QSP_SIG_ALG).append("=");
+ String sigAlg = signatureUtilForRedirectBinding.getXMLSignatureAlgorithmURI(sigAlgo);
+ sb.append(URLEncoder.encode(sigAlg, "UTF-8"));
+
+ sb.append("&").append(SamlConstants.QSP_SIGNATURE).append("=");
+ String base64encodedSignature = Base64.encodeBytes(signature, Base64.DONT_BREAK_LINES);
+ sb.append(URLEncoder.encode(base64encodedSignature, "UTF-8"));
+ }
+ catch (UnsupportedEncodingException e)
+ {
+ throw new RuntimeException(e);
+ }
+
+ return sb.toString();
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMetaDataProvider.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMetaDataProvider.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMetaDataProvider.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMetaDataProvider.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,130 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.io.OutputStream;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.X509Certificate;
+
+import javax.inject.Inject;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Marshaller;
+
+import org.jboss.seam.security.external.configuration.ServiceProvider;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.EntityDescriptorType;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.IndexedEndpointType;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.KeyDescriptorType;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.KeyTypes;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.ObjectFactory;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.SPSSODescriptorType;
+import org.jboss.seam.security.external.jaxb.xmldsig.KeyInfoType;
+import org.jboss.seam.security.external.jaxb.xmldsig.X509DataType;
+
+public class SamlMetaDataProvider
+{
+ @Inject
+ private ServiceProvider serviceProvider;
+
+ public void writeMetaData(OutputStream stream)
+ {
+ try
+ {
+ ObjectFactory metaDataFactory = new ObjectFactory();
+
+ IndexedEndpointType acsRedirectEndpoint = metaDataFactory.createIndexedEndpointType();
+ acsRedirectEndpoint.setBinding(SamlConstants.HTTP_REDIRECT_BINDING);
+ acsRedirectEndpoint.setLocation(serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE));
+
+ IndexedEndpointType acsPostEndpoint = metaDataFactory.createIndexedEndpointType();
+ acsPostEndpoint.setBinding(SamlConstants.HTTP_POST_BINDING);
+ acsPostEndpoint.setLocation(serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE));
+
+ IndexedEndpointType sloRedirectEndpoint = metaDataFactory.createIndexedEndpointType();
+ sloRedirectEndpoint.setBinding(SamlConstants.HTTP_REDIRECT_BINDING);
+ sloRedirectEndpoint.setLocation(serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_SINGLE_LOGOUT_SERVICE));
+
+ IndexedEndpointType sloPostEndpoint = metaDataFactory.createIndexedEndpointType();
+ sloPostEndpoint.setBinding(SamlConstants.HTTP_POST_BINDING);
+ sloPostEndpoint.setLocation(serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_SINGLE_LOGOUT_SERVICE));
+
+ SPSSODescriptorType spSsoDescriptor = metaDataFactory.createSPSSODescriptorType();
+ spSsoDescriptor.setAuthnRequestsSigned(serviceProvider.getSamlConfiguration().isAuthnRequestsSigned());
+ spSsoDescriptor.setWantAssertionsSigned(serviceProvider.getSamlConfiguration().isWantAssertionsSigned());
+
+ spSsoDescriptor.getAssertionConsumerService().add(acsRedirectEndpoint);
+ spSsoDescriptor.getAssertionConsumerService().add(acsPostEndpoint);
+ spSsoDescriptor.getSingleLogoutService().add(sloRedirectEndpoint);
+ spSsoDescriptor.getSingleLogoutService().add(sloPostEndpoint);
+
+ spSsoDescriptor.getProtocolSupportEnumeration().add(SamlConstants.PROTOCOL_NSURI);
+
+ spSsoDescriptor.getNameIDFormat().add("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
+ spSsoDescriptor.getNameIDFormat().add("urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
+ spSsoDescriptor.getNameIDFormat().add("urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified");
+ spSsoDescriptor.getNameIDFormat().add("urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress");
+
+ org.jboss.seam.security.external.jaxb.xmldsig.ObjectFactory signatureFactory = new org.jboss.seam.security.external.jaxb.xmldsig.ObjectFactory();
+
+ X509Certificate certificate = serviceProvider.getSamlConfiguration().getCertificate();
+ if (certificate == null)
+ throw new RuntimeException("Certificate obtained from configuration is null");
+
+ JAXBElement<byte[]> X509Certificate;
+ try
+ {
+ X509Certificate = signatureFactory.createX509DataTypeX509Certificate(certificate.getEncoded());
+ }
+ catch (CertificateEncodingException e)
+ {
+ throw new RuntimeException(e);
+ }
+
+ X509DataType X509Data = signatureFactory.createX509DataType();
+ X509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(X509Certificate);
+
+ KeyInfoType keyInfo = signatureFactory.createKeyInfoType();
+ keyInfo.getContent().add(signatureFactory.createX509Data(X509Data));
+
+ KeyDescriptorType keyDescriptor = metaDataFactory.createKeyDescriptorType();
+ keyDescriptor.setUse(KeyTypes.SIGNING);
+ keyDescriptor.setKeyInfo(keyInfo);
+
+ spSsoDescriptor.getKeyDescriptor().add(keyDescriptor);
+
+ EntityDescriptorType entityDescriptor = metaDataFactory.createEntityDescriptorType();
+ entityDescriptor.setEntityID(serviceProvider.getSamlConfiguration().getEntityId());
+ entityDescriptor.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor().add(spSsoDescriptor);
+
+ JAXBContext jaxbContext = JAXBContext.newInstance("org.picketlink.identity.federation.saml.v2.metadata");
+ Marshaller marshaller = jaxbContext.createMarshaller();
+ marshaller.setProperty(Marshaller.JAXB_ENCODING, "UTF-8");
+ marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
+ marshaller.marshal(metaDataFactory.createEntityDescriptor(entityDescriptor), stream);
+ }
+ catch (JAXBException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlProfile.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlProfile.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlProfile.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlProfile.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,27 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+public enum SamlProfile
+{
+ SINGLE_SIGN_ON, SINGLE_LOGOUT
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSignatureUtilForPostBinding.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSignatureUtilForPostBinding.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSignatureUtilForPostBinding.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSignatureUtilForPostBinding.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,199 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.security.AccessController;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.Key;
+import java.security.KeyException;
+import java.security.KeyPair;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PrivilegedAction;
+import java.security.PublicKey;
+import java.security.Security;
+import java.util.Collections;
+import java.util.List;
+
+import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.dsig.CanonicalizationMethod;
+import javax.xml.crypto.dsig.DigestMethod;
+import javax.xml.crypto.dsig.Reference;
+import javax.xml.crypto.dsig.SignatureMethod;
+import javax.xml.crypto.dsig.SignedInfo;
+import javax.xml.crypto.dsig.Transform;
+import javax.xml.crypto.dsig.XMLSignature;
+import javax.xml.crypto.dsig.XMLSignatureException;
+import javax.xml.crypto.dsig.XMLSignatureFactory;
+import javax.xml.crypto.dsig.dom.DOMSignContext;
+import javax.xml.crypto.dsig.dom.DOMValidateContext;
+import javax.xml.crypto.dsig.keyinfo.KeyInfo;
+import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
+import javax.xml.crypto.dsig.keyinfo.KeyValue;
+import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
+import javax.xml.crypto.dsig.spec.TransformParameterSpec;
+
+import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.NodeList;
+
+public class SamlSignatureUtilForPostBinding
+{
+ private Logger log = LoggerFactory.getLogger(SamlSignatureUtilForPostBinding.class);
+
+ private XMLSignatureFactory fac = getXMLSignatureFactory();
+
+ private XMLSignatureFactory getXMLSignatureFactory()
+ {
+ if (Security.getProvider("DOM") != null)
+ {
+ return XMLSignatureFactory.getInstance("DOM");
+ }
+ else
+ {
+ // No security provider found for the XML Digital Signature API (JSR
+ // 105). Probably we have to do with JDK 1.5 or lower.
+ // See
+ // http://weblogs.java.net/blog/2008/02/27/using-jsr-105-jdk-14-or-15.
+ // We assume that the reference implementation of JSR 105 is available
+ // at runtime.
+ return XMLSignatureFactory.getInstance("DOM", new org.jcp.xml.dsig.internal.dom.XMLDSigRI());
+ }
+ }
+
+ static
+ {
+ AccessController.doPrivileged(new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ System.setProperty("org.apache.xml.security.ignoreLineBreaks", "true");
+ return null;
+ }
+ });
+ };
+
+ public Document sign(Document doc, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI)
+ {
+ if (log.isTraceEnabled())
+ {
+ log.trace("Document to be signed={0}", new Object[] { SamlUtils.getDocumentAsString(doc) });
+ }
+ PrivateKey signingKey = keyPair.getPrivate();
+ PublicKey publicKey = keyPair.getPublic();
+
+ DOMSignContext dsc = new DOMSignContext(signingKey, doc.getDocumentElement());
+ dsc.setDefaultNamespacePrefix("dsig");
+
+ try
+ {
+ DigestMethod digestMethodObj = fac.newDigestMethod(digestMethod, null);
+ Transform transform = fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null);
+
+ List<Transform> transformList = Collections.singletonList(transform);
+ Reference ref = fac.newReference(referenceURI, digestMethodObj, transformList, null, null);
+
+ String canonicalizationMethodType = CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS;
+ CanonicalizationMethod canonicalizationMethod = fac.newCanonicalizationMethod(canonicalizationMethodType, (C14NMethodParameterSpec) null);
+
+ List<Reference> referenceList = Collections.singletonList(ref);
+ SignatureMethod signatureMethodObj = fac.newSignatureMethod(signatureMethod, null);
+ SignedInfo si = fac.newSignedInfo(canonicalizationMethod, signatureMethodObj, referenceList);
+
+ KeyInfoFactory kif = fac.getKeyInfoFactory();
+ KeyValue kv = kif.newKeyValue(publicKey);
+ KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
+
+ XMLSignature signature = fac.newXMLSignature(si, ki);
+
+ signature.sign(dsc);
+ }
+ catch (XMLSignatureException e)
+ {
+ throw new RuntimeException(e);
+ }
+ catch (NoSuchAlgorithmException e)
+ {
+ throw new RuntimeException(e);
+ }
+ catch (InvalidAlgorithmParameterException e)
+ {
+ throw new RuntimeException(e);
+ }
+ catch (KeyException e)
+ {
+ throw new RuntimeException(e);
+ }
+ catch (MarshalException e)
+ {
+ throw new RuntimeException(e);
+
+ }
+ return doc;
+ }
+
+ public void validateSignature(SamlIdentityProvider idp, Document signedDoc) throws InvalidRequestException
+ {
+ Key publicKey = idp.getPublicKey();
+
+ NodeList nl = signedDoc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
+ if (nl == null || nl.getLength() == 0)
+ {
+ throw new InvalidRequestException("Signature element is not present or has zero length.");
+ }
+
+ try
+ {
+ DOMValidateContext valContext = new DOMValidateContext(publicKey, nl.item(0));
+ XMLSignature signature = fac.unmarshalXMLSignature(valContext);
+ boolean signatureValid = signature.validate(valContext);
+
+ if (log.isTraceEnabled() && !signatureValid)
+ {
+ boolean sv = signature.getSignatureValue().validate(valContext);
+ log.trace("Signature validation status: " + sv);
+
+ @SuppressWarnings("unchecked")
+ List<Reference> references = signature.getSignedInfo().getReferences();
+ for (Reference ref : references)
+ {
+ log.trace("[Ref id=" + ref.getId() + ":uri=" + ref.getURI() + "] validity status:" + ref.validate(valContext));
+ }
+ }
+
+ if (!signatureValid)
+ {
+ throw new InvalidRequestException("Invalid signature.");
+ }
+ }
+ catch (XMLSignatureException e)
+ {
+ throw new RuntimeException(e);
+ }
+ catch (MarshalException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+}
\ No newline at end of file
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSignatureUtilForRedirectBinding.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSignatureUtilForRedirectBinding.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSignatureUtilForRedirectBinding.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSignatureUtilForRedirectBinding.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,174 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.net.URLDecoder;
+import java.net.URLEncoder;
+import java.security.GeneralSecurityException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.Signature;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
+import org.jboss.seam.security.util.Base64;
+
+public class SamlSignatureUtilForRedirectBinding
+{
+ byte[] computeSignature(String requestOrResponseKeyValuePair, PrivateKey signingKey) throws IOException, GeneralSecurityException
+ {
+ StringBuilder sb = new StringBuilder();
+ sb.append(requestOrResponseKeyValuePair);
+ String algo = signingKey.getAlgorithm();
+
+ String sigAlg = getXMLSignatureAlgorithmURI(algo);
+ sigAlg = URLEncoder.encode(sigAlg, "UTF-8");
+ sb.append("&SigAlg=").append(sigAlg);
+
+ byte[] sigValue = sign(sb.toString(), signingKey);
+
+ return sigValue;
+ }
+
+ private byte[] sign(String stringToBeSigned, PrivateKey signingKey) throws GeneralSecurityException
+ {
+ String algo = signingKey.getAlgorithm();
+ Signature sig = getSignature(algo);
+ sig.initSign(signingKey);
+ sig.update(stringToBeSigned.getBytes());
+ return sig.sign();
+ }
+
+ public void validateSignature(SamlIdentityProvider idp, HttpServletRequest httpRequest, RequestOrResponse requestOrResponse) throws InvalidRequestException
+ {
+ String sigValueParam = httpRequest.getParameter(SamlConstants.QSP_SIGNATURE);
+ if (sigValueParam == null)
+ {
+ throw new InvalidRequestException("Signature parameter is not present.");
+ }
+
+ String decodedString;
+ try
+ {
+ decodedString = URLDecoder.decode(sigValueParam, "UTF-8");
+ }
+ catch (UnsupportedEncodingException e)
+ {
+ throw new RuntimeException(e);
+ }
+
+ byte[] sigValue = Base64.decode(decodedString);
+
+ String samlMessageParameter;
+ if (requestOrResponse == RequestOrResponse.REQUEST)
+ {
+ samlMessageParameter = SamlConstants.QSP_SAML_REQUEST;
+ }
+ else
+ {
+ samlMessageParameter = SamlConstants.QSP_SAML_RESPONSE;
+ }
+
+ // Construct the url again
+ String reqFromURL = httpRequest.getParameter(samlMessageParameter);
+ String relayStateFromURL = httpRequest.getParameter(SamlConstants.QSP_RELAY_STATE);
+ String sigAlgFromURL = httpRequest.getParameter(SamlConstants.QSP_SIG_ALG);
+
+ StringBuilder sb = new StringBuilder();
+ sb.append(samlMessageParameter).append("=").append(reqFromURL);
+
+ if (relayStateFromURL != null && relayStateFromURL.length() != 0)
+ {
+ sb.append("&").append(SamlConstants.QSP_RELAY_STATE).append("=").append(relayStateFromURL);
+ }
+ sb.append("&").append(SamlConstants.QSP_SIG_ALG).append("=").append(sigAlgFromURL);
+
+ PublicKey validatingKey = idp.getPublicKey();
+
+ boolean isValid;
+ try
+ {
+ isValid = validate(sb.toString().getBytes("UTF-8"), sigValue, validatingKey);
+ }
+ catch (UnsupportedEncodingException e)
+ {
+ throw new RuntimeException(e);
+ }
+ catch (GeneralSecurityException e)
+ {
+ throw new RuntimeException(e);
+ }
+
+ if (!isValid)
+ {
+ throw new InvalidRequestException("Invalid signature.");
+ }
+ }
+
+ private boolean validate(byte[] signedContent, byte[] signatureValue, PublicKey validatingKey) throws GeneralSecurityException
+ {
+ // We assume that the sigatureValue has the same algorithm as the public
+ // key
+ // If not, there will be an exception anyway
+ String algo = validatingKey.getAlgorithm();
+ Signature sig = getSignature(algo);
+
+ sig.initVerify(validatingKey);
+ sig.update(signedContent);
+ return sig.verify(signatureValue);
+ }
+
+ private Signature getSignature(String algo) throws GeneralSecurityException
+ {
+ Signature sig = null;
+
+ if ("DSA".equalsIgnoreCase(algo))
+ {
+ sig = Signature.getInstance(SamlConstants.DSA_SIGNATURE_ALGORITHM);
+ }
+ else if ("RSA".equalsIgnoreCase(algo))
+ {
+ sig = Signature.getInstance(SamlConstants.RSA_SIGNATURE_ALGORITHM);
+ }
+ else
+ throw new RuntimeException("Unknown signature algorithm:" + algo);
+ return sig;
+ }
+
+ public String getXMLSignatureAlgorithmURI(String algo)
+ {
+ String xmlSignatureAlgo = null;
+
+ if ("DSA".equalsIgnoreCase(algo))
+ {
+ xmlSignatureAlgo = SamlConstants.SIGNATURE_SHA1_WITH_DSA;
+ }
+ else if ("RSA".equalsIgnoreCase(algo))
+ {
+ xmlSignatureAlgo = SamlConstants.SIGNATURE_SHA1_WITH_RSA;
+ }
+ return xmlSignatureAlgo;
+ }
+}
\ No newline at end of file
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleLogoutReceiver.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleLogoutReceiver.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleLogoutReceiver.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleLogoutReceiver.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,94 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.io.IOException;
+
+import javax.inject.Inject;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.jboss.seam.security.Identity;
+import org.jboss.seam.security.external.configuration.Binding;
+import org.jboss.seam.security.external.configuration.SamlEndpoint;
+import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
+import org.jboss.seam.security.external.configuration.ServiceProvider;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.LogoutRequestType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.RequestAbstractType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusResponseType;
+
+public class SamlSingleLogoutReceiver
+{
+ @Inject
+ private SamlMessageFactory samlMessageFactory;
+
+ @Inject
+ private SamlMessageSender samlMessageSender;
+
+ @Inject
+ private Identity identity;
+
+ @Inject
+ private ServiceProvider serviceProvider;
+
+ public void processIDPRequest(HttpServletRequest httpRequest, HttpServletResponse httpResponse, RequestAbstractType request, SamlIdentityProvider idp) throws InvalidRequestException
+ {
+ if (!(request instanceof LogoutRequestType))
+ {
+ throw new InvalidRequestException("Request should be a single logout request.");
+ }
+
+ if (!identity.isLoggedIn())
+ {
+ throw new InvalidRequestException("No active session to logout.");
+ }
+
+ // FIXME: Identity.instance().logout();
+
+ StatusResponseType response = samlMessageFactory.createStatusResponse(request, SamlConstants.STATUS_SUCCESS, null);
+
+ Binding binding = httpRequest.getMethod().equals("POST") ? Binding.HTTP_Post : Binding.HTTP_Redirect;
+ SamlEndpoint endpoint = idp.getService(SamlProfile.SINGLE_LOGOUT).getEndpointForBinding(binding);
+
+ samlMessageSender.sendResponseToIDP(httpRequest, httpResponse, idp, endpoint, response);
+ }
+
+ public void processIDPResponse(HttpServletRequest httpRequest, HttpServletResponse httpResponse, StatusResponseType response, RequestContext requestContext, SamlIdentityProvider idp)
+ {
+ if (response.getStatus() != null && response.getStatus().getStatusCode().getValue().equals(SamlConstants.STATUS_SUCCESS))
+ {
+ // FIXME Identity.instance().logout();
+ }
+ else
+ {
+ throw new RuntimeException("Single logout failed. Status code: " + (response.getStatus() == null ? "null" : response.getStatus().getStatusCode().getValue()));
+ }
+ try
+ {
+ httpResponse.sendRedirect(serviceProvider.getLoggedOutUrl());
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleLogoutSender.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleLogoutSender.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleLogoutSender.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleLogoutSender.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,65 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import javax.inject.Inject;
+import javax.naming.ConfigurationException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.jboss.seam.security.Identity;
+import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.LogoutRequestType;
+
+public class SamlSingleLogoutSender
+{
+ @Inject
+ private Requests requests;
+
+ @Inject
+ private SamlMessageSender samlMessageSender;
+
+ @Inject
+ private SamlMessageFactory samlMessageFactory;
+
+ public void sendSingleLogoutRequestToIDP(HttpServletRequest request, HttpServletResponse response, Identity identity)
+ {
+ SeamSamlPrincipal principal = (SeamSamlPrincipal) null; // FIXME:
+ // identity.getPrincipal()
+ // is not
+ // available any
+ // more
+ SamlIdentityProvider idp = (SamlIdentityProvider) principal.getIdentityProvider();
+ LogoutRequestType logoutRequest;
+ try
+ {
+ logoutRequest = samlMessageFactory.createLogoutRequest(principal);
+ requests.addRequest(logoutRequest.getID(), idp, null);
+ }
+ catch (ConfigurationException e)
+ {
+ throw new RuntimeException(e);
+ }
+
+ samlMessageSender.sendRequestToIDP(request, response, idp, SamlProfile.SINGLE_LOGOUT, logoutRequest);
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleSignOnReceiver.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleSignOnReceiver.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleSignOnReceiver.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleSignOnReceiver.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,314 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.io.IOException;
+import java.util.LinkedList;
+import java.util.List;
+
+import javax.enterprise.inject.spi.BeanManager;
+import javax.inject.Inject;
+import javax.security.auth.login.LoginException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.bind.JAXBElement;
+import javax.xml.datatype.DatatypeConstants;
+
+import org.jboss.seam.security.Identity;
+import org.jboss.seam.security.events.LoginFailedEvent;
+import org.jboss.seam.security.events.PostAuthenticateEvent;
+import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
+import org.jboss.seam.security.external.configuration.ServiceProvider;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.AssertionType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.AttributeStatementType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.AttributeType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.AuthnStatementType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.NameIDType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.StatementAbstractType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.SubjectConfirmationDataType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.SubjectConfirmationType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.ResponseType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusResponseType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusType;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class SamlSingleSignOnReceiver
+{
+ private Logger log = LoggerFactory.getLogger(SamlSingleSignOnReceiver.class);
+
+ @Inject
+ private Requests requests;
+
+ @Inject
+ private Identity identity;
+
+ @Inject
+ private InternalAuthenticator internalAuthenticator;
+
+ @Inject
+ private ServiceProvider serviceProvider;
+
+ @Inject
+ private BeanManager beanManager;
+
+ public void processIDPResponse(HttpServletRequest httpRequest, HttpServletResponse httpResponse, StatusResponseType statusResponse, RequestContext requestContext, SamlIdentityProvider idp) throws InvalidRequestException
+ {
+ StatusType status = statusResponse.getStatus();
+ if (status == null)
+ {
+ throw new InvalidRequestException("Response does not contain a status");
+ }
+
+ String statusValue = status.getStatusCode().getValue();
+ if (SamlConstants.STATUS_SUCCESS.equals(statusValue) == false)
+ {
+ throw new RuntimeException("IDP returned status " + statusValue);
+ }
+
+ if (!(statusResponse instanceof ResponseType))
+ {
+ throw new InvalidRequestException("Response does not have type ResponseType");
+ }
+
+ ResponseType response = (ResponseType) statusResponse;
+
+ List<Object> assertions = response.getAssertionOrEncryptedAssertion();
+ if (assertions.size() == 0)
+ {
+ throw new RuntimeException("IDP response does not contain assertions");
+ }
+
+ SeamSamlPrincipal principal = getAuthenticatedUser(response, requestContext);
+ if (principal == null)
+ {
+ try
+ {
+ beanManager.fireEvent(new PostAuthenticateEvent());
+ beanManager.fireEvent(new LoginFailedEvent(new LoginException()));
+
+ httpResponse.sendRedirect(serviceProvider.getFailedAuthenticationUrl());
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+ else
+ {
+ // Login the user, and redirect to the requested page.
+ principal.setIdentityProvider(idp);
+ loginUser(httpRequest, httpResponse, principal, requestContext);
+ }
+ }
+
+ private SeamSamlPrincipal getAuthenticatedUser(ResponseType responseType, RequestContext requestContext)
+ {
+ SeamSamlPrincipal principal = null;
+
+ for (Object assertion : responseType.getAssertionOrEncryptedAssertion())
+ {
+ if (assertion instanceof AssertionType)
+ {
+ SeamSamlPrincipal assertionSubject = handleAssertion((AssertionType) assertion, requestContext);
+ if (principal == null)
+ {
+ principal = assertionSubject;
+ }
+ else
+ {
+ log.warn("Multiple authenticated users found in assertions. Using the first one.");
+ }
+ }
+ else
+ {
+ /* assertion instanceof EncryptedElementType */
+ log.warn("Encountered encrypted assertion. Skipping it because decryption is not yet supported.");
+ }
+ }
+ return principal;
+ }
+
+ private SeamSamlPrincipal handleAssertion(AssertionType assertion, RequestContext requestContext)
+ {
+ if (SamlUtils.hasAssertionExpired(assertion))
+ {
+ log.warn("Received assertion not processed because it has expired.");
+ return null;
+ }
+
+ AuthnStatementType authnStatement = extractValidAuthnStatement(assertion);
+ if (authnStatement == null)
+ {
+ log.warn("Received assertion not processed because it doesn't contain a valid authnStatement.");
+ return null;
+ }
+
+ NameIDType nameId = validateSubjectAndExtractNameID(assertion, requestContext);
+ if (nameId == null)
+ {
+ log.warn("Received assertion not processed because it doesn't contain a valid subject.");
+ return null;
+ }
+
+ SeamSamlPrincipal principal = new SeamSamlPrincipal();
+ principal.setAssertion(assertion);
+ principal.setSessionIndex(authnStatement.getSessionIndex());
+ principal.setNameId(nameId);
+
+ for (StatementAbstractType statement : assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement())
+ {
+ if (statement instanceof AttributeStatementType)
+ {
+ AttributeStatementType attributeStatement = (AttributeStatementType) statement;
+ List<AttributeType> attributes = new LinkedList<AttributeType>();
+ for (Object object : attributeStatement.getAttributeOrEncryptedAttribute())
+ {
+ if (object instanceof AttributeType)
+ {
+ attributes.add((AttributeType) object);
+ }
+ else
+ {
+ log.warn("Encrypted attributes are not supported. Ignoring the attribute.");
+ }
+ }
+ principal.setAttributes(attributes);
+ }
+ }
+
+ return principal;
+ }
+
+ private AuthnStatementType extractValidAuthnStatement(AssertionType assertion)
+ {
+ for (StatementAbstractType statement : assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement())
+ {
+ if (statement instanceof AuthnStatementType)
+ {
+ AuthnStatementType authnStatement = (AuthnStatementType) statement;
+ return authnStatement;
+ }
+ }
+
+ return null;
+ }
+
+ private NameIDType validateSubjectAndExtractNameID(AssertionType assertion, RequestContext requestContext)
+ {
+ NameIDType nameId = null;
+ boolean validConfirmationFound = false;
+
+ for (JAXBElement<?> contentElement : assertion.getSubject().getContent())
+ {
+ if (contentElement.getValue() instanceof NameIDType)
+ {
+ nameId = (NameIDType) contentElement.getValue();
+ }
+ if (contentElement.getValue() instanceof SubjectConfirmationType)
+ {
+ SubjectConfirmationType confirmation = (SubjectConfirmationType) contentElement.getValue();
+ if (confirmation.getMethod().equals(SamlConstants.CONFIRMATION_METHOD_BEARER))
+ {
+ SubjectConfirmationDataType confirmationData = confirmation.getSubjectConfirmationData();
+
+ boolean validRecipient = confirmationData.getRecipient().equals(serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE));
+
+ boolean notTooLate = confirmationData.getNotOnOrAfter().compare(SamlUtils.getXMLGregorianCalendar()) == DatatypeConstants.GREATER;
+
+ boolean validInResponseTo = requestContext == null || confirmationData.getInResponseTo().equals(requestContext.getId());
+
+ if (validRecipient && notTooLate && validInResponseTo)
+ {
+ validConfirmationFound = true;
+ }
+ }
+ }
+ }
+
+ if (validConfirmationFound)
+ {
+ return nameId;
+ }
+ else
+ {
+ return null;
+ }
+ }
+
+ private void loginUser(HttpServletRequest httpRequest, HttpServletResponse httpResponse, SeamSamlPrincipal principal, RequestContext requestContext)
+ {
+ if (identity.isLoggedIn())
+ {
+ throw new RuntimeException("User is already logged in.");
+ }
+
+ boolean internallyAuthenticated = internalAuthenticator.authenticate(principal, httpRequest);
+
+ try
+ {
+ if (internallyAuthenticated)
+ {
+ if (requestContext == null)
+ {
+ redirectForUnsolicitedAuthentication(httpRequest, httpResponse);
+ }
+ else
+ {
+ requests.redirect(requestContext.getId(), httpResponse);
+ }
+ }
+ else
+ {
+ httpResponse.sendRedirect(serviceProvider.getFailedAuthenticationUrl());
+ }
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ private void redirectForUnsolicitedAuthentication(HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws IOException
+ {
+ String relayState = httpRequest.getParameter("RelayState");
+
+ /* Unsolicited authentication. */
+
+ if (relayState != null)
+ {
+ httpResponse.sendRedirect(relayState);
+ }
+ else
+ {
+ String unsolicitedAuthenticationUrl = serviceProvider.getUnsolicitedAuthenticationUrl();
+ if (unsolicitedAuthenticationUrl != null)
+ {
+ httpResponse.sendRedirect(unsolicitedAuthenticationUrl);
+ }
+ else
+ {
+ throw new RuntimeException("Unsolicited login could not be handled because the unsolicitedAuthenticationViewId property has not been configured");
+ }
+ }
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleSignOnSender.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleSignOnSender.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleSignOnSender.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleSignOnSender.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,35 @@
+package org.jboss.seam.security.external;
+
+import javax.enterprise.inject.spi.BeanManager;
+import javax.inject.Inject;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.jboss.seam.security.events.PreAuthenticateEvent;
+import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.AuthnRequestType;
+
+public class SamlSingleSignOnSender
+{
+ @Inject
+ private Requests requests;
+
+ @Inject
+ private SamlMessageFactory samlMessageFactory;
+
+ @Inject
+ private SamlMessageSender samlMessageSender;
+
+ @Inject
+ private BeanManager beanManager;
+
+ public void sendAuthenticationRequestToIDP(HttpServletRequest request, HttpServletResponse response, SamlIdentityProvider samlIdentityProvider, String returnUrl)
+ {
+ AuthnRequestType authnRequest = samlMessageFactory.createAuthnRequest();
+ requests.addRequest(authnRequest.getID(), samlIdentityProvider, returnUrl);
+
+ beanManager.fireEvent(new PreAuthenticateEvent());
+
+ samlMessageSender.sendRequestToIDP(request, response, samlIdentityProvider, SamlProfile.SINGLE_SIGN_ON, authnRequest);
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlUtils.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlUtils.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlUtils.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlUtils.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,128 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.io.IOException;
+import java.io.StringWriter;
+import java.util.GregorianCalendar;
+
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.datatype.DatatypeConfigurationException;
+import javax.xml.datatype.DatatypeConstants;
+import javax.xml.datatype.DatatypeFactory;
+import javax.xml.datatype.XMLGregorianCalendar;
+import javax.xml.transform.OutputKeys;
+import javax.xml.transform.Result;
+import javax.xml.transform.Source;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.AssertionType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.ConditionsType;
+import org.w3c.dom.Document;
+
+public class SamlUtils
+{
+
+ public static XMLGregorianCalendar getXMLGregorianCalendar()
+ {
+ try
+ {
+ DatatypeFactory dtf = DatatypeFactory.newInstance();
+ return dtf.newXMLGregorianCalendar(new GregorianCalendar());
+ }
+ catch (DatatypeConfigurationException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public static boolean hasAssertionExpired(AssertionType assertion)
+ {
+ ConditionsType conditionsType = assertion.getConditions();
+ if (conditionsType != null)
+ {
+ XMLGregorianCalendar now = getXMLGregorianCalendar();
+ XMLGregorianCalendar notBefore = conditionsType.getNotBefore();
+ XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter();
+
+ int val = notBefore.compare(now);
+ if (val == DatatypeConstants.INDETERMINATE || val == DatatypeConstants.GREATER)
+ {
+ return true;
+ }
+
+ val = notOnOrAfter.compare(now);
+ if (val != DatatypeConstants.GREATER)
+ {
+ return true;
+ }
+
+ return false;
+ }
+ else
+ {
+ return false;
+ }
+ }
+
+ public static String getDocumentAsString(Document document)
+ {
+ Source source = new DOMSource(document);
+ StringWriter sw = new StringWriter();
+
+ Result streamResult = new StreamResult(sw);
+ try
+ {
+ Transformer transformer = TransformerFactory.newInstance().newTransformer();
+ transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
+ transformer.setOutputProperty(OutputKeys.INDENT, "no");
+ transformer.transform(source, streamResult);
+ }
+ catch (TransformerException e)
+ {
+ throw new RuntimeException(e);
+ }
+
+ return sw.toString();
+ }
+
+ public static void sendRedirect(String destination, HttpServletResponse response)
+ {
+ response.setCharacterEncoding("UTF-8");
+ response.setHeader("Location", destination);
+ response.setHeader("Pragma", "no-cache");
+ response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate,private");
+ response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY);
+ try
+ {
+ response.sendRedirect(destination);
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException();
+ }
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SeamSamlPrincipal.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SeamSamlPrincipal.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SeamSamlPrincipal.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SeamSamlPrincipal.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,99 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.security.Principal;
+import java.util.LinkedList;
+import java.util.List;
+
+import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.AssertionType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.AttributeType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.NameIDType;
+
+public class SeamSamlPrincipal implements Principal
+{
+ private NameIDType nameId;
+
+ private SamlIdentityProvider identityProvider;
+
+ private List<AttributeType> attributes = new LinkedList<AttributeType>();
+
+ private String sessionIndex;
+
+ private AssertionType assertion;
+
+ public NameIDType getNameId()
+ {
+ return nameId;
+ }
+
+ public void setNameId(NameIDType nameId)
+ {
+ this.nameId = nameId;
+ }
+
+ public SamlIdentityProvider getIdentityProvider()
+ {
+ return identityProvider;
+ }
+
+ public void setIdentityProvider(SamlIdentityProvider identityProvider)
+ {
+ this.identityProvider = identityProvider;
+ }
+
+ public List<AttributeType> getAttributes()
+ {
+ return attributes;
+ }
+
+ public void setAttributes(List<AttributeType> attributes)
+ {
+ this.attributes = attributes;
+ }
+
+ public String getSessionIndex()
+ {
+ return sessionIndex;
+ }
+
+ public void setSessionIndex(String sessionIndex)
+ {
+ this.sessionIndex = sessionIndex;
+ }
+
+ public AssertionType getAssertion()
+ {
+ return assertion;
+ }
+
+ public void setAssertion(AssertionType assertion)
+ {
+ this.assertion = assertion;
+ }
+
+ public String getName()
+ {
+ return nameId.getValue();
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/configuration)
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/Binding.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/configuration/Binding.java 2010-08-12 09:37:21 UTC (rev 13603)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/Binding.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -19,7 +19,7 @@
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
-package org.jboss.seam.security.external_authentication.configuration;
+package org.jboss.seam.security.external.configuration;
public enum Binding
{
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/Configuration.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/configuration/Configuration.java 2010-08-12 09:37:21 UTC (rev 13603)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/Configuration.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -19,7 +19,7 @@
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
-package org.jboss.seam.security.external_authentication.configuration;
+package org.jboss.seam.security.external.configuration;
import java.net.URL;
import java.util.HashMap;
@@ -38,8 +38,8 @@
import javax.xml.validation.Schema;
import javax.xml.validation.SchemaFactory;
-import org.jboss.seam.security.external_authentication.jaxb.config.ExternalAuthenticationConfigType;
-import org.jboss.seam.security.external_authentication.jaxb.config.ServiceProviderType;
+import org.jboss.seam.security.external.jaxb.config.ExternalAuthenticationConfigType;
+import org.jboss.seam.security.external.jaxb.config.ServiceProviderType;
import org.xml.sax.SAXException;
@Named("configuration")
@@ -78,7 +78,7 @@
ExternalAuthenticationConfigType externalAuthenticationConfig;
try
{
- JAXBContext jaxbContext = JAXBContext.newInstance("org.jboss.seam.security.external_authentication.jaxb.config");
+ JAXBContext jaxbContext = JAXBContext.newInstance("org.jboss.seam.security.external.jaxb.config");
Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
URL schemaURL = getClass().getResource("/schema/config/external-authentication-config.xsd");
Schema schema;
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/OpenIdConfiguration.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/configuration/OpenIdConfiguration.java 2010-08-12 09:37:21 UTC (rev 13603)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/OpenIdConfiguration.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -19,12 +19,12 @@
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
-package org.jboss.seam.security.external_authentication.configuration;
+package org.jboss.seam.security.external.configuration;
import java.util.List;
-import org.jboss.seam.security.external_authentication.jaxb.config.OpenIdAttributeType;
-import org.jboss.seam.security.external_authentication.jaxb.config.OpenIdConfigType;
+import org.jboss.seam.security.external.jaxb.config.OpenIdAttributeType;
+import org.jboss.seam.security.external.jaxb.config.OpenIdConfigType;
public class OpenIdConfiguration
{
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlConfiguration.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/configuration/SamlConfiguration.java 2010-08-12 09:37:21 UTC (rev 13603)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlConfiguration.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -19,7 +19,7 @@
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
-package org.jboss.seam.security.external_authentication.configuration;
+package org.jboss.seam.security.external.configuration;
import java.io.IOException;
import java.io.InputStream;
@@ -42,12 +42,12 @@
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
-import org.jboss.seam.security.external_authentication.jaxb.config.SamlConfigType;
-import org.jboss.seam.security.external_authentication.jaxb.config.SamlIdentityProviderType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.metadata.EntitiesDescriptorType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.metadata.EntityDescriptorType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.metadata.IDPSSODescriptorType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.metadata.RoleDescriptorType;
+import org.jboss.seam.security.external.jaxb.config.SamlConfigType;
+import org.jboss.seam.security.external.jaxb.config.SamlIdentityProviderType;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.EntitiesDescriptorType;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.EntityDescriptorType;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.IDPSSODescriptorType;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.RoleDescriptorType;
public class SamlConfiguration
{
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlEndpoint.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/configuration/SamlEndpoint.java 2010-08-12 09:37:21 UTC (rev 13603)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlEndpoint.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -19,7 +19,7 @@
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
-package org.jboss.seam.security.external_authentication.configuration;
+package org.jboss.seam.security.external.configuration;
public class SamlEndpoint
{
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlIdentityProvider.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/configuration/SamlIdentityProvider.java 2010-08-12 09:37:21 UTC (rev 13603)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlIdentityProvider.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -19,7 +19,7 @@
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
-package org.jboss.seam.security.external_authentication.configuration;
+package org.jboss.seam.security.external.configuration;
import java.security.PublicKey;
import java.util.HashMap;
@@ -28,11 +28,11 @@
import javax.security.cert.X509Certificate;
import javax.xml.bind.JAXBElement;
-import org.jboss.seam.security.external_authentication.SamlProfile;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.metadata.IDPSSODescriptorType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.metadata.KeyDescriptorType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.metadata.KeyTypes;
-import org.jboss.seam.security.external_authentication.jaxb.xmldsig.X509DataType;
+import org.jboss.seam.security.external.SamlProfile;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.IDPSSODescriptorType;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.KeyDescriptorType;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.KeyTypes;
+import org.jboss.seam.security.external.jaxb.xmldsig.X509DataType;
public class SamlIdentityProvider
{
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlService.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/configuration/SamlService.java 2010-08-12 09:37:21 UTC (rev 13603)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlService.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -19,13 +19,13 @@
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
-package org.jboss.seam.security.external_authentication.configuration;
+package org.jboss.seam.security.external.configuration;
import java.util.LinkedList;
import java.util.List;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.metadata.EndpointType;
-import org.jboss.seam.security.external_authentication.SamlProfile;
+import org.jboss.seam.security.external.SamlProfile;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.EndpointType;
public class SamlService
{
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/ServiceProvider.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/configuration/ServiceProvider.java 2010-08-12 09:37:21 UTC (rev 13603)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/ServiceProvider.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -19,15 +19,15 @@
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
-package org.jboss.seam.security.external_authentication.configuration;
+package org.jboss.seam.security.external.configuration;
import java.net.MalformedURLException;
import java.net.URL;
import javax.el.MethodExpression;
-import org.jboss.seam.security.external_authentication.ExternalAuthenticationService;
-import org.jboss.seam.security.external_authentication.jaxb.config.ServiceProviderType;
+import org.jboss.seam.security.external.ExternalAuthenticationService;
+import org.jboss.seam.security.external.jaxb.config.ServiceProviderType;
public class ServiceProvider
{
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/ExternalAuthenticationFilter.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/ExternalAuthenticationFilter.java 2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/ExternalAuthenticationFilter.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,220 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.io.IOException;
-
-import javax.enterprise.inject.Instance;
-import javax.inject.Inject;
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.annotation.WebFilter;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.jboss.seam.security.Identity;
-import org.jboss.seam.security.external_authentication.configuration.Configuration;
-import org.jboss.seam.security.external_authentication.configuration.SamlIdentityProvider;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Seam Servlet Filter supporting SAMLv2 authentication. It implements the Web
- * Browser SSO Profile. For outgoing authentication requests it can use either
- * HTTP Post or HTTP Redirect binding. For the responses, it uses HTTP Post
- * binding, with or without signature validation.
- */
- at WebFilter
-public class ExternalAuthenticationFilter implements Filter
-{
- public static final String IDP_ENTITY_ID_PARAMETER = "idpEntityId";
-
- public static final String RETURN_URL_PARAMETER = "returnUrl";
-
- public static final String OPEN_ID_PARAMETER = "openId";
-
- private final Logger log = LoggerFactory.getLogger(ExternalAuthenticationFilter.class);
-
- @Inject
- private Configuration configuration;
-
- @Inject
- private SamlMessageReceiver samlMessageReceiver;
-
- @Inject
- private OpenIdSingleLoginReceiver openIdSingleLoginReceiver;
-
- @Inject
- private SamlSingleSignOnSender samlSingleSignOnSender;
-
- @Inject
- private OpenIdSingleLoginSender openIdSingleLoginSender;
-
- @Inject
- private SamlSingleLogoutSender samlSingleLogoutSender;
-
- @Inject
- private SamlMetaDataProvider samlMetaDataProvider;
-
- @Inject
- private OpenIdXrdsProvider openIdXrdsProvider;
-
- @Inject
- private Instance<Identity> identity;
-
- public void init(FilterConfig filterConfig) throws ServletException
- {
- configuration.setContextRoot(filterConfig.getServletContext().getContextPath());
- }
-
- public void doFilter(ServletRequest request, ServletResponse response, final FilterChain chain) throws IOException, ServletException
- {
- if (!(request instanceof HttpServletRequest))
- {
- throw new ServletException("This filter can only process HttpServletRequest requests");
- }
-
- final HttpServletRequest httpRequest = (HttpServletRequest) request;
- final HttpServletResponse httpResponse = (HttpServletResponse) response;
-
- final ExternalAuthenticationService service = determineService(httpRequest);
-
- if (service != null)
- {
- try
- {
- doFilter(httpRequest, httpResponse, service);
- }
- catch (InvalidRequestException e)
- {
- httpResponse.setStatus(HttpServletResponse.SC_BAD_REQUEST);
- if (log.isInfoEnabled())
- {
- log.info("Bad request received from {0} ({1})", new Object[] { e.getCause(), httpRequest.getRemoteHost(), e.getDescription() });
- }
- }
- }
- else
- {
- // Request is not related to external authentication. Pass the request
- // on to
- // the next filter in the chain.
- chain.doFilter(httpRequest, httpResponse);
- }
- }
-
- private void doFilter(HttpServletRequest httpRequest, HttpServletResponse httpResponse, ExternalAuthenticationService service) throws InvalidRequestException, IOException, ServletException
- {
- switch (service)
- {
- case OPEN_ID_SERVICE:
- openIdSingleLoginReceiver.handleIncomingMessage(httpRequest, httpResponse);
- break;
- case SAML_SINGLE_LOGOUT_SERVICE:
- samlMessageReceiver.handleIncomingSamlMessage(SamlProfile.SINGLE_LOGOUT, httpRequest, httpResponse);
- break;
- case SAML_ASSERTION_CONSUMER_SERVICE:
- samlMessageReceiver.handleIncomingSamlMessage(SamlProfile.SINGLE_SIGN_ON, httpRequest, httpResponse);
- break;
- case AUTHENTICATION_SERVICE:
- String returnUrl = httpRequest.getParameter(RETURN_URL_PARAMETER);
-
- String providerName = httpRequest.getParameter(IDP_ENTITY_ID_PARAMETER);
- if (providerName != null)
- {
- SamlIdentityProvider identityProvider = configuration.getServiceProvider().getSamlConfiguration().getSamlIdentityProviderByEntityId(providerName);
-
- // User requested a page for which login is required. Return a page
- // that instructs the browser to post an authentication request to
- // the IDP.
- if (identityProvider instanceof SamlIdentityProvider)
- {
- samlSingleSignOnSender.sendAuthenticationRequestToIDP(httpRequest, httpResponse, (SamlIdentityProvider) identityProvider, returnUrl);
- }
- else
- {
- throw new RuntimeException("Only SAML identity providers are supported in this version");
- }
- }
- else
- {
- String openId = httpRequest.getParameter(OPEN_ID_PARAMETER);
- openIdSingleLoginSender.sendAuthRequest(openId, returnUrl, httpResponse);
- }
- break;
- case LOGOUT_SERVICE:
- if (!identity.get().isLoggedIn())
- {
- throw new RuntimeException("User not logged in.");
- }
- // FIXME SeamSamlPrincipal principal = (SeamSamlPrincipal)
- // identity.getPrincipal();
- SeamSamlPrincipal principal = (SeamSamlPrincipal) httpRequest.getUserPrincipal();
- SamlIdentityProvider idp = principal.getIdentityProvider();
- if (!(idp instanceof SamlIdentityProvider))
- {
- throw new RuntimeException("Only SAML identity providers are supported in this version");
- }
-
- samlSingleLogoutSender.sendSingleLogoutRequestToIDP(httpRequest, httpResponse, identity.get());
- break;
- case SAML_META_DATA_SERVICE:
-
- samlMetaDataProvider.writeMetaData(httpResponse.getOutputStream());
- httpResponse.setCharacterEncoding("UTF-8");
- httpResponse.setContentType("application/xml");
- httpResponse.flushBuffer();
- break;
- case OPEN_ID_XRDS_SERVICE:
-
- openIdXrdsProvider.writeMetaData(httpResponse.getOutputStream());
- httpResponse.setCharacterEncoding("UTF-8");
- httpResponse.setContentType("application/xrds+xml");
- httpResponse.flushBuffer();
- break;
- default:
- throw new RuntimeException("Unsupported service " + service);
- }
- }
-
- private ExternalAuthenticationService determineService(HttpServletRequest httpRequest)
- {
- String path = ((HttpServletRequest) httpRequest).getRequestURI().replace(".seam", "");
-
- for (ExternalAuthenticationService service : ExternalAuthenticationService.values())
- {
- if (path.endsWith("/" + service.getName()))
- {
- return service;
- }
- }
- return null;
- }
-
- public void destroy()
- {
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/ExternalAuthenticationService.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/ExternalAuthenticationService.java 2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/ExternalAuthenticationService.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,52 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-public enum ExternalAuthenticationService
-{
-
- AUTHENTICATION_SERVICE("AuthenticationService"),
-
- LOGOUT_SERVICE("LogoutService"),
-
- SAML_ASSERTION_CONSUMER_SERVICE("AssertionConsumerService"),
-
- SAML_SINGLE_LOGOUT_SERVICE("SingleLogoutService"),
-
- SAML_META_DATA_SERVICE("MetaDataService"),
-
- OPEN_ID_SERVICE("OpenIdService"),
-
- OPEN_ID_XRDS_SERVICE("OpenIdXrdsService");
-
- private String name;
-
- private ExternalAuthenticationService(String name)
- {
- this.name = name;
- }
-
- public String getName()
- {
- return name;
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/ExternalAuthenticator.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/ExternalAuthenticator.java 2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/ExternalAuthenticator.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,174 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.net.URLEncoder;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.faces.context.FacesContext;
-import javax.inject.Inject;
-import javax.inject.Named;
-import javax.servlet.annotation.WebFilter;
-
-import org.jboss.seam.security.Identity;
-import org.jboss.seam.security.external_authentication.configuration.SamlIdentityProvider;
-import org.jboss.seam.security.external_authentication.configuration.ServiceProvider;
-
-/**
- * Filter that manages the external authentication of users (using, for example,
- * SAML or OpenID).
- */
- at Named("externalAuthenticator")
- at WebFilter
-// FIXME: page scope
-public class ExternalAuthenticator
-{
- private String returnUrl;
-
- private String openId;
-
- @Inject
- private ServiceProvider serviceProvider;
-
- @Inject
- private Identity identity;
-
- public void samlSignOn(String idpEntityId)
- {
- if (serviceProvider.getSamlConfiguration() == null)
- {
- throw new RuntimeException("SAML is not configured.");
- }
-
- SamlIdentityProvider idp = serviceProvider.getSamlConfiguration().getSamlIdentityProviderByEntityId(idpEntityId);
- if (idp == null)
- {
- throw new RuntimeException("Identity provider " + idpEntityId + " not found");
- }
-
- String authenticationServiceURL = serviceProvider.getServiceURL(ExternalAuthenticationService.AUTHENTICATION_SERVICE);
- Map<String, String> params = new HashMap<String, String>();
- params.put(ExternalAuthenticationFilter.IDP_ENTITY_ID_PARAMETER, idpEntityId);
- params.put(ExternalAuthenticationFilter.RETURN_URL_PARAMETER, returnUrl);
- redirect(authenticationServiceURL, params);
- }
-
- public void openIdSignOn()
- {
- openIdSignOn(openId);
- }
-
- public void openIdSignOn(String openId)
- {
- if (serviceProvider.getOpenIdConfiguration() == null)
- {
- throw new RuntimeException("OpenID is not configured.");
- }
- String authenticationServiceURL = serviceProvider.getServiceURL(ExternalAuthenticationService.AUTHENTICATION_SERVICE);
- Map<String, String> params = new HashMap<String, String>();
- params.put(ExternalAuthenticationFilter.RETURN_URL_PARAMETER, returnUrl);
- params.put(ExternalAuthenticationFilter.OPEN_ID_PARAMETER, openId);
- redirect(authenticationServiceURL, params);
- }
-
- public void singleLogout()
- {
- if (!identity.isLoggedIn())
- {
- throw new RuntimeException("Not logged in");
- }
- if (false /* FIXME !(identity.getPrincipal() instanceof SeamSamlPrincipal) */)
- {
- throw new RuntimeException("Single logout is only supported for SAML");
- }
- String logoutServiceURL = serviceProvider.getServiceURL(ExternalAuthenticationService.LOGOUT_SERVICE);
- redirect(logoutServiceURL, null);
- }
-
- private void redirect(String urlBase, Map<String, String> params)
- {
- StringBuilder url = new StringBuilder();
- url.append(urlBase);
- if (params != null && params.size() > 0)
- {
- url.append("?");
- boolean first = true;
- for (Map.Entry<String, String> paramEntry : params.entrySet())
- {
- if (first)
- {
- first = false;
- }
- else
- {
- url.append("&");
- }
- url.append(paramEntry.getKey());
- url.append("=");
- try
- {
- String paramValue = paramEntry.getValue();
- if (paramValue == null || paramValue == "")
- throw new RuntimeException("Param Key:" + paramEntry.getKey() + " has value that is null");
- url.append(URLEncoder.encode(paramValue, "UTF-8"));
- }
- catch (UnsupportedEncodingException e)
- {
- throw new RuntimeException(e);
- }
- }
- }
-
- try
- {
- FacesContext.getCurrentInstance().getExternalContext().redirect(url.toString());
- }
- catch (IOException e)
- {
- throw new RuntimeException(e);
-
- }
- }
-
- public String getReturnUrl()
- {
- return returnUrl;
- }
-
- public void setReturnUrl(String returnUrl)
- {
- this.returnUrl = returnUrl;
- }
-
- public String getOpenId()
- {
- return openId;
- }
-
- public void setOpenId(String openId)
- {
- this.openId = openId;
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/InternalAuthenticator.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/InternalAuthenticator.java 2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/InternalAuthenticator.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,78 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.security.Principal;
-import java.util.LinkedList;
-import java.util.List;
-
-import javax.enterprise.inject.spi.BeanManager;
-import javax.inject.Inject;
-import javax.inject.Named;
-import javax.security.auth.login.LoginException;
-import javax.servlet.http.HttpServletRequest;
-
-import org.jboss.seam.security.Identity;
-import org.jboss.seam.security.events.LoginFailedEvent;
-import org.jboss.seam.security.events.PostAuthenticateEvent;
-import org.jboss.seam.security.external_authentication.configuration.ServiceProvider;
-
- at Named("internalAuthenticator")
-public class InternalAuthenticator
-{
- @Inject
- private Identity identity;
-
- @Inject
- private ServiceProvider serviceProvider;
-
- @Inject
- private BeanManager beanManager;
-
- public boolean authenticate(Principal principal, HttpServletRequest httpRequest)
- {
- List<String> roles = new LinkedList<String>();
- Boolean internallyAuthenticated = null; // FIXME =
- // serviceProvider.getInternalAuthenticationMethod().invoke(principal,
- // roles);
-
- beanManager.fireEvent(new PostAuthenticateEvent());
-
- if (internallyAuthenticated)
- {
- // FIXME identity.acceptExternallyAuthenticatedPrincipal(principal);
-
- for (String role : roles)
- {
- // FIXME identity.addRole(role);
- }
-
- beanManager.fireEvent(new LoggedInEvent(null) /* FIXME: no user */);
- }
- else
- {
- beanManager.fireEvent(new LoginFailedEvent(new LoginException()));
- }
-
- return internallyAuthenticated;
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/InvalidRequestException.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/InvalidRequestException.java 2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/InvalidRequestException.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,61 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-/**
- * Exception thrown to indicate that the request is invalid.
- */
-public class InvalidRequestException extends Exception
-{
- private static final long serialVersionUID = -9127592026257210986L;
-
- private String description;
-
- private Exception cause;
-
- public InvalidRequestException(String description)
- {
- this(description, null);
- }
-
- public InvalidRequestException(String description, Exception cause)
- {
- super();
- this.description = description;
- this.cause = cause;
- }
-
- public String getDescription()
- {
- return description;
- }
-
- public Exception getCause()
- {
- return cause;
- }
-
- public void setCause(Exception cause)
- {
- this.cause = cause;
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/LoggedInEvent.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/LoggedInEvent.java 2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/LoggedInEvent.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,32 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-public class LoggedInEvent
-{
-
- public LoggedInEvent(Object object)
- {
- // TODO Auto-generated constructor stub
- }
-
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdConsumerManagerFactory.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdConsumerManagerFactory.java 2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdConsumerManagerFactory.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,48 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import javax.enterprise.context.ApplicationScoped;
-import javax.enterprise.inject.Produces;
-import javax.inject.Inject;
-import javax.inject.Named;
-
-import org.openid4java.consumer.ConsumerManager;
-
- at Named("openIdConsumerManager")
- at ApplicationScoped
-public class OpenIdConsumerManagerFactory
-{
- private ConsumerManager consumerManager;
-
- @Produces
- public ConsumerManager getConsumerManager()
- {
- return consumerManager;
- }
-
- @Inject
- public void startup() throws Exception
- {
- consumerManager = new ConsumerManager();
- }
-}
\ No newline at end of file
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdPrincipal.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdPrincipal.java 2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdPrincipal.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,65 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.net.URL;
-import java.security.Principal;
-import java.util.List;
-import java.util.Map;
-
-public class OpenIdPrincipal implements Principal
-{
- private String identifier;
-
- private URL openIdProvider;
-
- private Map<String, List<String>> attributes;
-
- public OpenIdPrincipal(String identifier, URL openIdProvider, Map<String, List<String>> attributes)
- {
- super();
- this.identifier = identifier;
- this.openIdProvider = openIdProvider;
- this.attributes = attributes;
- }
-
- public String getName()
- {
- return identifier;
- }
-
- public String getIdentifier()
- {
- return identifier;
- }
-
- public URL getOpenIdProvider()
- {
- return openIdProvider;
- }
-
- public Map<String, List<String>> getAttributes()
- {
- return attributes;
- }
-
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdRequest.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdRequest.java 2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdRequest.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,56 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import javax.enterprise.context.SessionScoped;
-import javax.inject.Named;
-
-import org.openid4java.discovery.DiscoveryInformation;
-
- at Named("openIdRequest")
- at SessionScoped
-public class OpenIdRequest
-{
- private DiscoveryInformation discoveryInformation;
-
- private String returnUrl;
-
- public DiscoveryInformation getDiscoveryInformation()
- {
- return discoveryInformation;
- }
-
- public void setDiscoveryInformation(DiscoveryInformation discoveryInformation)
- {
- this.discoveryInformation = discoveryInformation;
- }
-
- public String getReturnUrl()
- {
- return returnUrl;
- }
-
- public void setReturnUrl(String returnUrl)
- {
- this.returnUrl = returnUrl;
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdSingleLoginReceiver.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdSingleLoginReceiver.java 2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdSingleLoginReceiver.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,139 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.io.IOException;
-import java.net.URL;
-import java.util.List;
-import java.util.Map;
-
-import javax.enterprise.inject.spi.BeanManager;
-import javax.inject.Inject;
-import javax.inject.Named;
-import javax.security.auth.login.LoginException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.jboss.seam.security.events.LoginFailedEvent;
-import org.jboss.seam.security.external_authentication.configuration.ServiceProvider;
-import org.openid4java.OpenIDException;
-import org.openid4java.consumer.ConsumerManager;
-import org.openid4java.consumer.VerificationResult;
-import org.openid4java.discovery.DiscoveryInformation;
-import org.openid4java.discovery.Identifier;
-import org.openid4java.message.AuthSuccess;
-import org.openid4java.message.ParameterList;
-import org.openid4java.message.ax.AxMessage;
-import org.openid4java.message.ax.FetchResponse;
-
- at Named("openIdSingleLoginReceiver")
-public class OpenIdSingleLoginReceiver
-{
- @Inject
- private OpenIdRequest openIdRequest;
-
- @Inject
- private ConsumerManager openIdConsumerManager;
-
- @Inject
- private InternalAuthenticator internalAuthenticator;
-
- @Inject
- private ServiceProvider serviceProvider;
-
- @Inject
- private BeanManager manager;
-
- @SuppressWarnings("unchecked")
- public void handleIncomingMessage(HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws InvalidRequestException
- {
- try
- {
- // extract the parameters from the authentication response
- // (which comes in as a HTTP request from the OpenID provider)
- ParameterList response = new ParameterList(httpRequest.getParameterMap());
-
- // retrieve the previously stored discovery information
- DiscoveryInformation discovered = openIdRequest.getDiscoveryInformation();
-
- // extract the receiving URL from the HTTP request
- StringBuffer receivingURL = httpRequest.getRequestURL();
- String queryString = httpRequest.getQueryString();
- if (queryString != null && queryString.length() > 0)
- receivingURL.append("?").append(httpRequest.getQueryString());
-
- // verify the response; ConsumerManager needs to be the same
- // (static) instance used to place the authentication request
- VerificationResult verification = openIdConsumerManager.verify(receivingURL.toString(), response, discovered);
-
- boolean authenticated = true;
-
- // examine the verification result and extract the verified identifier
- Identifier identifier = verification.getVerifiedId();
-
- if (identifier != null)
- {
- AuthSuccess authSuccess = (AuthSuccess) verification.getAuthResponse();
-
- Map<String, List<String>> attributes = null;
- if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX))
- {
- FetchResponse fetchResp = (FetchResponse) authSuccess.getExtension(AxMessage.OPENID_NS_AX);
-
- attributes = fetchResp.getAttributes();
- }
-
- OpenIdPrincipal principal = createPrincipal(identifier.getIdentifier(), discovered.getOPEndpoint(), attributes);
-
- authenticated = internalAuthenticator.authenticate(principal, httpRequest);
- }
- else
- {
- manager.fireEvent(new LoginFailedEvent(new LoginException()));
- authenticated = false;
- }
-
- if (authenticated)
- {
- httpResponse.sendRedirect(openIdRequest.getReturnUrl());
- }
- else
- {
- httpResponse.sendRedirect(serviceProvider.getFailedAuthenticationUrl());
- }
- }
- catch (OpenIDException e)
- {
- throw new RuntimeException(e);
- }
- catch (IOException e)
- {
- throw new RuntimeException(e);
- }
-
- }
-
- private OpenIdPrincipal createPrincipal(String identifier, URL openIdProvider, Map<String, List<String>> attributes)
- {
- return new OpenIdPrincipal(identifier, openIdProvider, attributes);
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdSingleLoginSender.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdSingleLoginSender.java 2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdSingleLoginSender.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,113 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.io.IOException;
-import java.util.List;
-
-import javax.enterprise.inject.spi.BeanManager;
-import javax.inject.Inject;
-import javax.inject.Named;
-import javax.security.auth.login.LoginException;
-import javax.servlet.http.HttpServletResponse;
-
-import org.jboss.seam.security.events.LoginFailedEvent;
-import org.jboss.seam.security.events.PreAuthenticateEvent;
-import org.jboss.seam.security.external_authentication.configuration.ServiceProvider;
-import org.jboss.seam.security.external_authentication.jaxb.config.OpenIdAttributeType;
-import org.openid4java.OpenIDException;
-import org.openid4java.consumer.ConsumerManager;
-import org.openid4java.discovery.DiscoveryInformation;
-import org.openid4java.message.AuthRequest;
-import org.openid4java.message.ax.FetchRequest;
-
- at Named("org.jboss.seam.security.external_authentication.openIdSingleLoginSender")
-public class OpenIdSingleLoginSender
-{
- @Inject
- private OpenIdRequest openIdRequest;
-
- @Inject
- private ConsumerManager openIdConsumerManager;
-
- @Inject
- private ServiceProvider serviceProvider;
-
- @Inject
- private BeanManager manager;
-
- public String sendAuthRequest(String openId, String returnUrl, HttpServletResponse httpResponse)
- {
- try
- {
- @SuppressWarnings("unchecked")
- List<DiscoveryInformation> discoveries = openIdConsumerManager.discover(openId);
-
- DiscoveryInformation discovered = openIdConsumerManager.associate(discoveries);
-
- openIdRequest.setDiscoveryInformation(discovered);
- openIdRequest.setReturnUrl(returnUrl);
-
- String openIdServiceUrl = serviceProvider.getServiceURL(ExternalAuthenticationService.OPEN_ID_SERVICE);
- String realm = serviceProvider.getOpenIdRealm();
- AuthRequest authReq = openIdConsumerManager.authenticate(discovered, openIdServiceUrl, realm);
-
- // Request attributes
- List<OpenIdAttributeType> attributes = serviceProvider.getOpenIdConfiguration().getAttributes();
- if (attributes.size() > 0)
- {
- FetchRequest fetch = FetchRequest.createFetchRequest();
- for (OpenIdAttributeType attribute : attributes)
- {
- fetch.addAttribute(attribute.getAlias(), attribute.getTypeUri(), attribute.isRequired());
- }
- // attach the extension to the authentication request
- authReq.addExtension(fetch);
- }
-
- String url = authReq.getDestinationUrl(true);
-
- manager.fireEvent(new PreAuthenticateEvent());
-
- httpResponse.sendRedirect(url);
- }
- catch (OpenIDException e)
- {
- try
- {
- manager.fireEvent(new LoginFailedEvent(new LoginException()));
-
- httpResponse.sendRedirect(serviceProvider.getFailedAuthenticationUrl());
- }
- catch (IOException e1)
- {
- throw new RuntimeException(e);
- }
- }
- catch (IOException e)
- {
- throw new RuntimeException(e);
- }
-
- return null;
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdXrdsProvider.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdXrdsProvider.java 2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdXrdsProvider.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,79 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.io.OutputStream;
-
-import javax.inject.Inject;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-
-import org.jboss.seam.security.external_authentication.configuration.ServiceProvider;
-import org.jboss.seam.security.external_authentication.jaxb.xrds.ObjectFactory;
-import org.jboss.seam.security.external_authentication.jaxb.xrds.Service;
-import org.jboss.seam.security.external_authentication.jaxb.xrds.Type;
-import org.jboss.seam.security.external_authentication.jaxb.xrds.URIPriorityAppendPattern;
-import org.jboss.seam.security.external_authentication.jaxb.xrds.XRD;
-import org.jboss.seam.security.external_authentication.jaxb.xrds.XRDS;
-import org.openid4java.discovery.DiscoveryInformation;
-
-public class OpenIdXrdsProvider
-{
- @Inject
- private ServiceProvider serviceProvider;
-
- public void writeMetaData(OutputStream stream)
- {
- try
- {
- ObjectFactory objectFactory = new ObjectFactory();
-
- XRDS xrds = objectFactory.createXRDS();
-
- XRD xrd = objectFactory.createXRD();
-
- Type type = objectFactory.createType();
- type.setValue(DiscoveryInformation.OPENID2_RP);
- URIPriorityAppendPattern uri = objectFactory.createURIPriorityAppendPattern();
- uri.setValue(serviceProvider.getServiceURL(ExternalAuthenticationService.OPEN_ID_SERVICE));
-
- Service service = objectFactory.createService();
- service.getType().add(type);
- service.getURI().add(uri);
-
- xrd.getService().add(service);
-
- xrds.getOtherelement().add(xrd);
-
- JAXBContext jaxbContext = JAXBContext.newInstance("org.jboss.seam.security.external_authentication.jaxb.xrds");
- Marshaller marshaller = jaxbContext.createMarshaller();
- marshaller.setProperty(Marshaller.JAXB_ENCODING, "UTF-8");
- marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
- marshaller.marshal(xrds, stream);
- }
- catch (JAXBException e)
- {
- throw new RuntimeException(e);
- }
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/PagesSupportingExternalAuthentication.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/PagesSupportingExternalAuthentication.java 2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/PagesSupportingExternalAuthentication.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,81 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-/**
- * Override of Seam's Pages component. It replaces the login page redirection method with a version
- * that redirects to an URL that is filtered by the SamlAuthenticationFilter.
- */
-
-// FIXME
-
-//@ApplicationScoped
-//@BypassInterceptors
-//@Name("org.jboss.seam.navigation.pages")
-//@Injectstall(precedence = Install.FRAMEWORK, classDependencies = "javax.faces.context.FacesContext")
-//@Startup
-//public class PagesSupportingExternalAuthentication extends Pages
-//{
-// @Override
-// public void redirectToLoginView()
-// {
-// notLoggedIn();
-//
-// HttpServletRequest httpRequest = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext()
-// .getRequest();
-//
-// StringBuffer returnUrl = httpRequest.getRequestURL();
-//
-// ExternalAuthenticator externalAuthenticator = (ExternalAuthenticator) Component
-// .getInstance(ExternalAuthenticator.class);
-// externalAuthenticator.setReturnUrl(returnUrl.toString());
-//
-// ServiceProvider serviceProvider = Configuration.instance().getServiceProvider();
-//
-// // Use default SAML identity provider, if configured
-// SamlConfiguration samlConfiguration = serviceProvider.getSamlConfiguration();
-// if (samlConfiguration != null && samlConfiguration.getDefaultIdentityProvider() != null)
-// {
-// externalAuthenticator.samlSignOn(samlConfiguration.getDefaultIdentityProvider().getEntityId());
-// }
-// else
-// {
-// // Otherwise, use default OpenId identity provider, if configured
-// OpenIdConfiguration openIdConfiguration = serviceProvider.getOpenIdConfiguration();
-// if (openIdConfiguration != null && openIdConfiguration.getDefaultOpenIdProvider() != null)
-// {
-// externalAuthenticator.openIdSignOn(openIdConfiguration.getDefaultOpenIdProvider());
-// }
-// else
-// {
-// // Otherwise, redirect to the login view, so that the user can choose an IDP
-// if (getLoginViewId() == null)
-// {
-// throw new RuntimeException("Login view id not specified in pages.xml.");
-// }
-// Map<String, Object> parameters = new HashMap<String, Object>();
-// parameters.put(ExternalAuthenticationFilter.RETURN_URL_PARAMETER, returnUrl);
-// FacesManager.instance().redirect(getLoginViewId(), parameters, false);
-// }
-// }
-// }
-// }
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/RequestContext.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/RequestContext.java 2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/RequestContext.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,75 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import org.jboss.seam.security.external_authentication.configuration.SamlIdentityProvider;
-
-/**
- * Context of an authentication request.
- *
- */
-public class RequestContext
-{
- private String id;
-
- private SamlIdentityProvider identityProvider;
-
- private String urlToRedirectToAfterLogin;
-
- public RequestContext(String id, SamlIdentityProvider identityProvider, String urlToRedirectToAfterLogin)
- {
- super();
- this.id = id;
- this.identityProvider = identityProvider;
- this.urlToRedirectToAfterLogin = urlToRedirectToAfterLogin;
- }
-
- public String getId()
- {
- return id;
- }
-
- public void setId(String id)
- {
- this.id = id;
- }
-
- public SamlIdentityProvider getIdentityProvider()
- {
- return identityProvider;
- }
-
- public void setIdentityProvider(SamlIdentityProvider identityProvider)
- {
- this.identityProvider = identityProvider;
- }
-
- public String getUrlToRedirectToAfterLogin()
- {
- return urlToRedirectToAfterLogin;
- }
-
- public void setUrlToRedirectToAfterLogin(String urlToRedirectToAfterLogin)
- {
- this.urlToRedirectToAfterLogin = urlToRedirectToAfterLogin;
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/RequestOrResponse.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/RequestOrResponse.java 2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/RequestOrResponse.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,37 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-public enum RequestOrResponse
-{
- REQUEST, RESPONSE;
-
- public boolean isRequest()
- {
- return this == REQUEST;
- }
-
- public boolean isResponse()
- {
- return this == RESPONSE;
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/Requests.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/Requests.java 2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/Requests.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,81 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.io.IOException;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.enterprise.context.SessionScoped;
-import javax.servlet.http.HttpServletResponse;
-
-import org.jboss.seam.security.external_authentication.configuration.SamlIdentityProvider;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Session scoped component that stores requests that have been sent to the
- * identity provider.
- */
- at SessionScoped
-public class Requests
-{
- private Map<String, RequestContext> requests = new HashMap<String, RequestContext>();
-
- private Logger log = LoggerFactory.getLogger(Requests.class);
-
- public void addRequest(String id, SamlIdentityProvider identityProvider, String urlToRedirectToAfterLogin)
- {
- requests.put(id, new RequestContext(id, identityProvider, urlToRedirectToAfterLogin));
- }
-
- public RequestContext getRequest(String id)
- {
- return requests.get(id);
- }
-
- public void removeRequest(String id)
- {
- requests.remove(id);
- }
-
- public void redirect(String id, HttpServletResponse response)
- {
- String requestURL = requests.get(id).getUrlToRedirectToAfterLogin();
- if (requestURL == null)
- {
- throw new RuntimeException("Couldn't find URL to redirect to for request " + id);
- }
- try
- {
- if (log.isDebugEnabled())
- {
- log.debug("Redirecting to " + requestURL);
- }
- response.sendRedirect(requestURL);
- }
- catch (IOException e)
- {
- throw new RuntimeException(e);
- }
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlConstants.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlConstants.java 2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlConstants.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,59 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-public class SamlConstants
-{
- // Query string parameters used by the HTTP_Redirect binding
- public static final String QSP_SAML_REQUEST = "SAMLRequest";
-
- public static final String QSP_SAML_RESPONSE = "SAMLResponse";
-
- public static final String QSP_SIGNATURE = "Signature";
-
- public static final String QSP_SIG_ALG = "SigAlg";
-
- public static final String QSP_RELAY_STATE = "RelayState";
-
- public static final String HTTP_POST_BINDING = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
-
- public static final String HTTP_REDIRECT_BINDING = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect";
-
- public static final String CONFIRMATION_METHOD_BEARER = "urn:oasis:names:tc:SAML:2.0:cm:bearer";
-
- public static final String VERSION_2_0 = "2.0";
-
- public static final String PROTOCOL_NSURI = "urn:oasis:names:tc:SAML:2.0:protocol";
-
- public static final String STATUS_SUCCESS = "urn:oasis:names:tc:SAML:2.0:status:Success";
-
- public static final String XMLDSIG_NSURI = "http://www.w3.org/2000/09/xmldsig#";
-
- public static final String SIGNATURE_SHA1_WITH_DSA = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
-
- public static final String SIGNATURE_SHA1_WITH_RSA = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
-
- public static final String DSA_SIGNATURE_ALGORITHM = "SHA1withDSA";
-
- public static final String RSA_SIGNATURE_ALGORITHM = "SHA1withRSA";
-
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMessageFactory.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMessageFactory.java 2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMessageFactory.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,128 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.util.UUID;
-
-import javax.inject.Inject;
-import javax.naming.ConfigurationException;
-
-import org.jboss.seam.security.external_authentication.configuration.ServiceProvider;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.NameIDType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.AuthnRequestType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.LogoutRequestType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.ObjectFactory;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.RequestAbstractType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.StatusCodeType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.StatusResponseType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.StatusType;
-
-public class SamlMessageFactory
-{
- @Inject
- private ServiceProvider serviceProvider;
-
- public StatusResponseType createStatusResponse(RequestAbstractType request, String statusCode, String statusMessage)
- {
- ObjectFactory objectFactory = new ObjectFactory();
- org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.ObjectFactory assertionObjectFactory = new org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.ObjectFactory();
-
- StatusResponseType response = objectFactory.createStatusResponseType();
-
- response.setID(generateId());
- response.setIssueInstant(SamlUtils.getXMLGregorianCalendar());
-
- NameIDType issuer = assertionObjectFactory.createNameIDType();
- issuer.setValue(serviceProvider.getSamlConfiguration().getEntityId());
- response.setIssuer(issuer);
-
- response.setVersion(SamlConstants.VERSION_2_0);
- response.setInResponseTo(request.getID());
-
- StatusCodeType statusCodeJaxb = objectFactory.createStatusCodeType();
- statusCodeJaxb.setValue(statusCode);
-
- StatusType statusType = objectFactory.createStatusType();
- statusType.setStatusCode(statusCodeJaxb);
- if (statusMessage != null)
- {
- statusType.setStatusMessage(statusMessage);
- }
-
- response.setStatus(statusType);
-
- return response;
- }
-
- public AuthnRequestType createAuthnRequest()
- {
- ObjectFactory objectFactory = new ObjectFactory();
- org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.ObjectFactory assertionObjectFactory = new org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.ObjectFactory();
-
- AuthnRequestType authnRequest = objectFactory.createAuthnRequestType();
-
- authnRequest.setID(generateId());
- authnRequest.setIssueInstant(SamlUtils.getXMLGregorianCalendar());
-
- NameIDType issuer = assertionObjectFactory.createNameIDType();
- issuer.setValue(serviceProvider.getSamlConfiguration().getEntityId());
- authnRequest.setIssuer(issuer);
-
- authnRequest.setVersion(SamlConstants.VERSION_2_0);
-
- // Fill in the optional fields that indicate where and how the response
- // should be delivered.
- authnRequest.setAssertionConsumerServiceURL(serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE));
- authnRequest.setProtocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
-
- return authnRequest;
- }
-
- public LogoutRequestType createLogoutRequest(SeamSamlPrincipal principal) throws ConfigurationException
- {
- ObjectFactory objectFactory = new ObjectFactory();
- org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.ObjectFactory assertionObjectFactory = new org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.ObjectFactory();
-
- LogoutRequestType logoutRequest = objectFactory.createLogoutRequestType();
-
- logoutRequest.setID(generateId());
- logoutRequest.setIssueInstant(SamlUtils.getXMLGregorianCalendar());
-
- NameIDType issuer = assertionObjectFactory.createNameIDType();
- issuer.setValue(serviceProvider.getSamlConfiguration().getEntityId());
- logoutRequest.setIssuer(issuer);
-
- NameIDType nameID = assertionObjectFactory.createNameIDType();
- nameID.setValue(principal.getNameId().getValue());
- logoutRequest.setNameID(nameID);
-
- logoutRequest.setVersion(SamlConstants.VERSION_2_0);
- logoutRequest.getSessionIndex().add(principal.getSessionIndex());
-
- return logoutRequest;
- }
-
- private String generateId()
- {
- return "ID_" + UUID.randomUUID();
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMessageReceiver.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMessageReceiver.java 2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMessageReceiver.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,279 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.UnsupportedEncodingException;
-import java.net.URLDecoder;
-import java.util.zip.Inflater;
-import java.util.zip.InflaterInputStream;
-
-import javax.inject.Inject;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Unmarshaller;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.jboss.seam.security.external_authentication.configuration.SamlIdentityProvider;
-import org.jboss.seam.security.external_authentication.configuration.ServiceProvider;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.RequestAbstractType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.StatusResponseType;
-import org.jboss.seam.security.util.Base64;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.w3c.dom.Document;
-import org.xml.sax.SAXException;
-
-public class SamlMessageReceiver
-{
- private static final Logger log = LoggerFactory.getLogger(SamlMessageReceiver.class);
-
- @Inject
- private Requests requests;
-
- @Inject
- private SamlSingleLogoutReceiver samlSingleLogoutReceiver;
-
- @Inject
- private SamlSingleSignOnReceiver samlSingleSignOnReceiver;
-
- @Inject
- private ServiceProvider serviceProvider;
-
- @Inject
- private SamlSignatureUtilForPostBinding signatureUtilForPostBinding;
-
- @Inject
- private SamlSignatureUtilForRedirectBinding signatureUtilForRedirectBinding;
-
- private JAXBContext jaxbContext;
-
- @Inject
- public void init()
- {
- try
- {
- jaxbContext = JAXBContext.newInstance(StatusResponseType.class);
- }
- catch (JAXBException e)
- {
- throw new RuntimeException(e);
- }
- }
-
- public void handleIncomingSamlMessage(SamlProfile samlProfile, HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws InvalidRequestException
- {
- String samlRequestParam = httpRequest.getParameter(SamlConstants.QSP_SAML_REQUEST);
- String samlResponseParam = httpRequest.getParameter(SamlConstants.QSP_SAML_RESPONSE);
-
- RequestOrResponse requestOrResponse;
- String samlMessage;
-
- if (samlRequestParam != null && samlResponseParam == null)
- {
- samlMessage = samlRequestParam;
- requestOrResponse = RequestOrResponse.REQUEST;
- }
- else if (samlRequestParam == null && samlResponseParam != null)
- {
- samlMessage = samlResponseParam;
- requestOrResponse = RequestOrResponse.RESPONSE;
- }
- else
- {
- throw new InvalidRequestException("SAML message should either have a SAMLRequest parameter or a SAMLResponse parameter");
- }
-
- InputStream is;
- if (httpRequest.getMethod().equals("POST"))
- {
- byte[] decodedMessage = Base64.decode(samlMessage);
- is = new ByteArrayInputStream(decodedMessage);
- }
- else
- {
- String urlDecoded;
- try
- {
- urlDecoded = URLDecoder.decode(samlMessage, "UTF-8");
- }
- catch (UnsupportedEncodingException e)
- {
- throw new RuntimeException(e);
- }
- byte[] base64Decoded = Base64.decode(urlDecoded);
- ByteArrayInputStream bais = new ByteArrayInputStream(base64Decoded);
- is = new InflaterInputStream(bais, new Inflater(true));
- }
-
- Document document = getDocument(is);
- String issuerEntityId;
- RequestAbstractType samlRequest = null;
- StatusResponseType samlResponse = null;
- if (requestOrResponse.isRequest())
- {
- samlRequest = getSamlRequest(document);
- issuerEntityId = samlRequest.getIssuer().getValue();
- }
- else
- {
- samlResponse = getSamlResponse(document);
- issuerEntityId = samlResponse.getIssuer().getValue();
- }
- if (log.isDebugEnabled())
- {
- log.debug("Received from IDP: " + SamlUtils.getDocumentAsString(document));
- }
-
- SamlIdentityProvider idp = serviceProvider.getSamlConfiguration().getSamlIdentityProviderByEntityId(issuerEntityId);
- if (idp == null)
- {
- throw new InvalidRequestException("Received message from unknown idp " + issuerEntityId);
- }
-
- boolean validate;
- if (samlProfile == SamlProfile.SINGLE_SIGN_ON)
- {
- validate = serviceProvider.getSamlConfiguration().isWantAssertionsSigned();
- }
- else
- {
- validate = idp.isSingleLogoutMessagesSigned();
- }
-
- if (validate)
- {
- if (log.isDebugEnabled())
- {
- log.debug("Validating the signature");
- }
- if (httpRequest.getMethod().equals("POST"))
- {
- signatureUtilForPostBinding.validateSignature(idp, document);
- }
- else
- {
- signatureUtilForRedirectBinding.validateSignature(idp, httpRequest, requestOrResponse);
- }
- }
-
- RequestContext requestContext = null;
- if (requestOrResponse.isResponse() && samlResponse.getInResponseTo() != null)
- {
- requestContext = requests.getRequest(samlResponse.getInResponseTo());
- if (requestContext == null)
- {
- throw new InvalidRequestException("No request that corresponds with the received response");
- }
- else if (!(requestContext.getIdentityProvider().equals(idp)))
- {
- throw new InvalidRequestException("Identity provider of request and response do not match");
- }
- }
-
- if (samlProfile == SamlProfile.SINGLE_SIGN_ON)
- {
- if (requestOrResponse.isRequest())
- {
- throw new InvalidRequestException("Assertion consumer service can only process SAML responses");
- }
- else
- {
- samlSingleSignOnReceiver.processIDPResponse(httpRequest, httpResponse, samlResponse, requestContext, idp);
- }
- }
- else
- {
- if (requestOrResponse.isRequest())
- {
- samlSingleLogoutReceiver.processIDPRequest(httpRequest, httpResponse, samlRequest, idp);
- }
- else
- {
- samlSingleLogoutReceiver.processIDPResponse(httpRequest, httpResponse, samlResponse, requestContext, idp);
- }
- }
- }
-
- private RequestAbstractType getSamlRequest(Document document) throws InvalidRequestException
- {
- try
- {
- Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
- @SuppressWarnings("unchecked")
- JAXBElement<RequestAbstractType> jaxbRequest = (JAXBElement<RequestAbstractType>) unmarshaller.unmarshal(document);
- RequestAbstractType request = jaxbRequest.getValue();
- return request;
- }
- catch (JAXBException e)
- {
- throw new InvalidRequestException("SAML message could not be parsed", e);
- }
- }
-
- private StatusResponseType getSamlResponse(Document document) throws InvalidRequestException
- {
- try
- {
- Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
- @SuppressWarnings("unchecked")
- JAXBElement<StatusResponseType> jaxbResponseType = (JAXBElement<StatusResponseType>) unmarshaller.unmarshal(document);
- StatusResponseType statusResponse = jaxbResponseType.getValue();
- return statusResponse;
- }
- catch (JAXBException e)
- {
- throw new InvalidRequestException("SAML message could not be parsed", e);
- }
- }
-
- private Document getDocument(InputStream is) throws InvalidRequestException
- {
- try
- {
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
- factory.setNamespaceAware(true);
- factory.setXIncludeAware(true);
- DocumentBuilder builder = factory.newDocumentBuilder();
- return builder.parse(is);
- }
- catch (ParserConfigurationException e)
- {
- throw new RuntimeException(e);
- }
- catch (SAXException e)
- {
- throw new InvalidRequestException("SAML request could not be parsed", e);
- }
- catch (IOException e)
- {
- throw new RuntimeException(e);
- }
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMessageSender.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMessageSender.java 2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMessageSender.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,366 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.io.UnsupportedEncodingException;
-import java.net.URLEncoder;
-import java.security.GeneralSecurityException;
-import java.security.KeyPair;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.util.zip.Deflater;
-import java.util.zip.DeflaterOutputStream;
-
-import javax.inject.Inject;
-import javax.inject.Named;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.bind.Binder;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.crypto.dsig.DigestMethod;
-import javax.xml.crypto.dsig.SignatureMethod;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.jboss.seam.security.external_authentication.configuration.Binding;
-import org.jboss.seam.security.external_authentication.configuration.SamlEndpoint;
-import org.jboss.seam.security.external_authentication.configuration.SamlIdentityProvider;
-import org.jboss.seam.security.external_authentication.configuration.SamlService;
-import org.jboss.seam.security.external_authentication.configuration.ServiceProvider;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.AuthnRequestType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.LogoutRequestType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.ObjectFactory;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.RequestAbstractType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.StatusResponseType;
-import org.jboss.seam.security.util.Base64;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.w3c.dom.Document;
-import org.w3c.dom.Node;
-
- at Named("org.picketlink.identity.seam.federation.samlMessageSender")
-public class SamlMessageSender
-{
- private Logger log = LoggerFactory.getLogger(SamlMessageSender.class);
-
- @Inject
- private ServiceProvider serviceProvider;
-
- @Inject
- private SamlSignatureUtilForPostBinding signatureUtilForPostBinding;
-
- @Inject
- private SamlSignatureUtilForRedirectBinding signatureUtilForRedirectBinding;
-
- private JAXBContext jaxbContextRequestAbstractType;
-
- private JAXBContext jaxbContextStatusResponseType;
-
- @Inject
- public void init()
- {
- try
- {
- jaxbContextRequestAbstractType = JAXBContext.newInstance(RequestAbstractType.class);
- jaxbContextStatusResponseType = JAXBContext.newInstance(StatusResponseType.class);
- }
- catch (JAXBException e)
- {
- throw new RuntimeException(e);
- }
- }
-
- public void sendRequestToIDP(HttpServletRequest request, HttpServletResponse response, SamlIdentityProvider samlIdentityProvider, SamlProfile profile, RequestAbstractType samlRequest)
- {
- Document message = null;
- SamlEndpoint endpoint = null;
- try
- {
- SamlService service = samlIdentityProvider.getService(profile);
- endpoint = service.getEndpointForBinding(Binding.HTTP_Post);
- if (endpoint == null)
- {
- endpoint = service.getEndpointForBinding(Binding.HTTP_Redirect);
- }
- if (endpoint == null)
- {
- throw new RuntimeException("Idp " + samlIdentityProvider.getEntityId() + " has no endpoint found for profile " + profile);
- }
- samlRequest.setDestination(endpoint.getLocation());
-
- JAXBElement<?> requestElement;
- if (samlRequest instanceof AuthnRequestType)
- {
- AuthnRequestType authnRequest = (AuthnRequestType) samlRequest;
- requestElement = new ObjectFactory().createAuthnRequest(authnRequest);
- }
- else if (samlRequest instanceof LogoutRequestType)
- {
- LogoutRequestType logoutRequest = (LogoutRequestType) samlRequest;
- requestElement = new ObjectFactory().createLogoutRequest(logoutRequest);
- }
- else
- {
- throw new RuntimeException("Currently only authentication and logout requests can be sent");
- }
-
- Binder<Node> binder = jaxbContextRequestAbstractType.createBinder();
-
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
- factory.setNamespaceAware(true);
- factory.setXIncludeAware(true);
- DocumentBuilder builder;
- builder = factory.newDocumentBuilder();
- message = builder.newDocument();
-
- binder.marshal(requestElement, message);
- }
- catch (JAXBException e)
- {
- throw new RuntimeException(e);
- }
- catch (ParserConfigurationException e)
- {
- throw new RuntimeException(e);
- }
-
- sendMessageToIDP(request, response, samlIdentityProvider, message, RequestOrResponse.REQUEST, endpoint);
- }
-
- public void sendResponseToIDP(HttpServletRequest request, HttpServletResponse response, SamlIdentityProvider samlIdentityProvider, SamlEndpoint endpoint, StatusResponseType samlResponse)
- {
- Document message = null;
- try
- {
- samlResponse.setDestination(endpoint.getResponseLocation());
-
- JAXBElement<StatusResponseType> responseElement;
- if (endpoint.getService().getProfile().equals(SamlProfile.SINGLE_LOGOUT))
- {
- responseElement = new ObjectFactory().createLogoutResponse(samlResponse);
- }
- else
- {
- throw new RuntimeException("Responses can currently only be created for the single logout service");
- }
-
- Binder<Node> binder = jaxbContextStatusResponseType.createBinder();
-
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
- factory.setNamespaceAware(true);
- factory.setXIncludeAware(true);
- DocumentBuilder builder;
- builder = factory.newDocumentBuilder();
- message = builder.newDocument();
-
- binder.marshal(responseElement, message);
- }
- catch (JAXBException e)
- {
- throw new RuntimeException(e);
- }
- catch (ParserConfigurationException e)
- {
- throw new RuntimeException(e);
- }
-
- sendMessageToIDP(request, response, samlIdentityProvider, message, RequestOrResponse.RESPONSE, endpoint);
- }
-
- private void sendMessageToIDP(HttpServletRequest request, HttpServletResponse response, SamlIdentityProvider samlIdentityProvider, Document message, RequestOrResponse requestOrResponse, SamlEndpoint endpoint)
- {
- if (log.isDebugEnabled())
- {
- log.debug("Sending over to IDP: " + SamlUtils.getDocumentAsString(message));
- }
-
- try
- {
- boolean signMessage;
- if (endpoint.getService().getProfile().equals(SamlProfile.SINGLE_SIGN_ON))
- {
- signMessage = samlIdentityProvider.isWantAuthnRequestsSigned();
- }
- else
- {
- signMessage = samlIdentityProvider.isWantSingleLogoutMessagesSigned();
- }
-
- PrivateKey privateKey = serviceProvider.getSamlConfiguration().getPrivateKey();
-
- if (endpoint.getBinding() == Binding.HTTP_Redirect)
- {
- byte[] responseBytes = SamlUtils.getDocumentAsString(message).getBytes("UTF-8");
-
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- Deflater deflater = new Deflater(Deflater.DEFLATED, true);
- DeflaterOutputStream deflaterStream = new DeflaterOutputStream(baos, deflater);
- deflaterStream.write(responseBytes);
- deflaterStream.finish();
-
- byte[] deflatedMsg = baos.toByteArray();
- String urlEncodedResponse = Base64.encodeBytes(deflatedMsg);
-
- String finalDest = endpoint.getLocation() + getQueryString(urlEncodedResponse, signMessage, requestOrResponse, privateKey);
- SamlUtils.sendRedirect(finalDest, response);
- }
- else
- {
- if (signMessage)
- {
- PublicKey publicKey = serviceProvider.getSamlConfiguration().getCertificate().getPublicKey();
- signSAMLDocument(message, new KeyPair(publicKey, privateKey));
- }
- byte[] responseBytes = SamlUtils.getDocumentAsString(message).getBytes("UTF-8");
-
- String samlResponse = Base64.encodeBytes(responseBytes, Base64.DONT_BREAK_LINES);
-
- sendPost(endpoint.getLocation(), samlResponse, response, requestOrResponse.isRequest());
-
- }
- }
- catch (IOException e)
- {
- throw new RuntimeException(e);
- }
- }
-
- private void signSAMLDocument(Document samlDocument, KeyPair keypair)
- {
- // Get the ID from the root
- String id = samlDocument.getDocumentElement().getAttribute("ID");
-
- String referenceURI = "#" + id;
-
- signatureUtilForPostBinding.sign(samlDocument, keypair, DigestMethod.SHA1, SignatureMethod.RSA_SHA1, referenceURI);
- }
-
- private String getQueryString(String urlEncodedSamlMessage, boolean supportSignature, RequestOrResponse requestOrResponse, PrivateKey signingKey)
- {
- StringBuilder sb = new StringBuilder();
- sb.append("?");
-
- if (supportSignature)
- {
- try
- {
- sb.append(getURLWithSignature(requestOrResponse, urlEncodedSamlMessage, signingKey));
- }
- catch (IOException e)
- {
- throw new RuntimeException(e);
- }
- catch (GeneralSecurityException e)
- {
- throw new RuntimeException(e);
- }
- }
- else
- {
- if (requestOrResponse == RequestOrResponse.REQUEST)
- {
- sb.append(SamlConstants.QSP_SAML_REQUEST);
- }
- else
- {
- sb.append(SamlConstants.QSP_SAML_RESPONSE);
- }
- sb.append("=").append(urlEncodedSamlMessage);
- }
- return sb.toString();
- }
-
- private void sendPost(String destination, String samlMessage, HttpServletResponse response, boolean request) throws IOException
- {
- String key = request ? SamlConstants.QSP_SAML_REQUEST : SamlConstants.QSP_SAML_RESPONSE;
-
- if (destination == null)
- throw new IllegalStateException("Destination is null");
-
- response.setContentType("text/html");
- PrintWriter out = response.getWriter();
- response.setCharacterEncoding("UTF-8");
- response.setHeader("Pragma", "no-cache");
- response.setHeader("Cache-Control", "no-cache, no-store");
- StringBuilder builder = new StringBuilder();
-
- builder.append("<HTML>");
- builder.append("<HEAD>");
- if (request)
- builder.append("<TITLE>HTTP Post Binding (Request)</TITLE>");
- else
- builder.append("<TITLE>HTTP Post Binding Response (Response)</TITLE>");
-
- builder.append("</HEAD>");
- builder.append("<BODY Onload=\"document.forms[0].submit()\">");
-
- builder.append("<FORM METHOD=\"POST\" ACTION=\"" + destination + "\">");
- builder.append("<INPUT TYPE=\"HIDDEN\" NAME=\"" + key + "\"" + " VALUE=\"" + samlMessage + "\"/>");
- builder.append("</FORM></BODY></HTML>");
-
- String str = builder.toString();
- out.println(str);
- out.close();
- }
-
- private String getURLWithSignature(RequestOrResponse requestOrResponse, String urlEncodedResponse, PrivateKey signingKey) throws IOException, GeneralSecurityException
- {
- String messageParameter;
- if (requestOrResponse == RequestOrResponse.REQUEST)
- {
- messageParameter = SamlConstants.QSP_SAML_REQUEST;
- }
- else
- {
- messageParameter = SamlConstants.QSP_SAML_RESPONSE;
- }
-
- byte[] signature = signatureUtilForRedirectBinding.computeSignature(messageParameter + "=" + urlEncodedResponse, signingKey);
- String sigAlgo = signingKey.getAlgorithm();
-
- StringBuilder sb = new StringBuilder();
- sb.append(messageParameter + "=").append(urlEncodedResponse);
-
- try
- {
- sb.append("&").append(SamlConstants.QSP_SIG_ALG).append("=");
- String sigAlg = signatureUtilForRedirectBinding.getXMLSignatureAlgorithmURI(sigAlgo);
- sb.append(URLEncoder.encode(sigAlg, "UTF-8"));
-
- sb.append("&").append(SamlConstants.QSP_SIGNATURE).append("=");
- String base64encodedSignature = Base64.encodeBytes(signature, Base64.DONT_BREAK_LINES);
- sb.append(URLEncoder.encode(base64encodedSignature, "UTF-8"));
- }
- catch (UnsupportedEncodingException e)
- {
- throw new RuntimeException(e);
- }
-
- return sb.toString();
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMetaDataProvider.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMetaDataProvider.java 2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMetaDataProvider.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,130 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.io.OutputStream;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-
-import javax.inject.Inject;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-
-import org.jboss.seam.security.external_authentication.configuration.ServiceProvider;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.metadata.EntityDescriptorType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.metadata.IndexedEndpointType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.metadata.KeyDescriptorType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.metadata.KeyTypes;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.metadata.ObjectFactory;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.metadata.SPSSODescriptorType;
-import org.jboss.seam.security.external_authentication.jaxb.xmldsig.KeyInfoType;
-import org.jboss.seam.security.external_authentication.jaxb.xmldsig.X509DataType;
-
-public class SamlMetaDataProvider
-{
- @Inject
- private ServiceProvider serviceProvider;
-
- public void writeMetaData(OutputStream stream)
- {
- try
- {
- ObjectFactory metaDataFactory = new ObjectFactory();
-
- IndexedEndpointType acsRedirectEndpoint = metaDataFactory.createIndexedEndpointType();
- acsRedirectEndpoint.setBinding(SamlConstants.HTTP_REDIRECT_BINDING);
- acsRedirectEndpoint.setLocation(serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE));
-
- IndexedEndpointType acsPostEndpoint = metaDataFactory.createIndexedEndpointType();
- acsPostEndpoint.setBinding(SamlConstants.HTTP_POST_BINDING);
- acsPostEndpoint.setLocation(serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE));
-
- IndexedEndpointType sloRedirectEndpoint = metaDataFactory.createIndexedEndpointType();
- sloRedirectEndpoint.setBinding(SamlConstants.HTTP_REDIRECT_BINDING);
- sloRedirectEndpoint.setLocation(serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_SINGLE_LOGOUT_SERVICE));
-
- IndexedEndpointType sloPostEndpoint = metaDataFactory.createIndexedEndpointType();
- sloPostEndpoint.setBinding(SamlConstants.HTTP_POST_BINDING);
- sloPostEndpoint.setLocation(serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_SINGLE_LOGOUT_SERVICE));
-
- SPSSODescriptorType spSsoDescriptor = metaDataFactory.createSPSSODescriptorType();
- spSsoDescriptor.setAuthnRequestsSigned(serviceProvider.getSamlConfiguration().isAuthnRequestsSigned());
- spSsoDescriptor.setWantAssertionsSigned(serviceProvider.getSamlConfiguration().isWantAssertionsSigned());
-
- spSsoDescriptor.getAssertionConsumerService().add(acsRedirectEndpoint);
- spSsoDescriptor.getAssertionConsumerService().add(acsPostEndpoint);
- spSsoDescriptor.getSingleLogoutService().add(sloRedirectEndpoint);
- spSsoDescriptor.getSingleLogoutService().add(sloPostEndpoint);
-
- spSsoDescriptor.getProtocolSupportEnumeration().add(SamlConstants.PROTOCOL_NSURI);
-
- spSsoDescriptor.getNameIDFormat().add("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
- spSsoDescriptor.getNameIDFormat().add("urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
- spSsoDescriptor.getNameIDFormat().add("urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified");
- spSsoDescriptor.getNameIDFormat().add("urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress");
-
- org.jboss.seam.security.external_authentication.jaxb.xmldsig.ObjectFactory signatureFactory = new org.jboss.seam.security.external_authentication.jaxb.xmldsig.ObjectFactory();
-
- X509Certificate certificate = serviceProvider.getSamlConfiguration().getCertificate();
- if (certificate == null)
- throw new RuntimeException("Certificate obtained from configuration is null");
-
- JAXBElement<byte[]> X509Certificate;
- try
- {
- X509Certificate = signatureFactory.createX509DataTypeX509Certificate(certificate.getEncoded());
- }
- catch (CertificateEncodingException e)
- {
- throw new RuntimeException(e);
- }
-
- X509DataType X509Data = signatureFactory.createX509DataType();
- X509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(X509Certificate);
-
- KeyInfoType keyInfo = signatureFactory.createKeyInfoType();
- keyInfo.getContent().add(signatureFactory.createX509Data(X509Data));
-
- KeyDescriptorType keyDescriptor = metaDataFactory.createKeyDescriptorType();
- keyDescriptor.setUse(KeyTypes.SIGNING);
- keyDescriptor.setKeyInfo(keyInfo);
-
- spSsoDescriptor.getKeyDescriptor().add(keyDescriptor);
-
- EntityDescriptorType entityDescriptor = metaDataFactory.createEntityDescriptorType();
- entityDescriptor.setEntityID(serviceProvider.getSamlConfiguration().getEntityId());
- entityDescriptor.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor().add(spSsoDescriptor);
-
- JAXBContext jaxbContext = JAXBContext.newInstance("org.picketlink.identity.federation.saml.v2.metadata");
- Marshaller marshaller = jaxbContext.createMarshaller();
- marshaller.setProperty(Marshaller.JAXB_ENCODING, "UTF-8");
- marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
- marshaller.marshal(metaDataFactory.createEntityDescriptor(entityDescriptor), stream);
- }
- catch (JAXBException e)
- {
- throw new RuntimeException(e);
- }
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlProfile.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlProfile.java 2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlProfile.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,27 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-public enum SamlProfile
-{
- SINGLE_SIGN_ON, SINGLE_LOGOUT
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSignatureUtilForPostBinding.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSignatureUtilForPostBinding.java 2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSignatureUtilForPostBinding.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,199 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.security.AccessController;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.Key;
-import java.security.KeyException;
-import java.security.KeyPair;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.PrivilegedAction;
-import java.security.PublicKey;
-import java.security.Security;
-import java.util.Collections;
-import java.util.List;
-
-import javax.xml.crypto.MarshalException;
-import javax.xml.crypto.dsig.CanonicalizationMethod;
-import javax.xml.crypto.dsig.DigestMethod;
-import javax.xml.crypto.dsig.Reference;
-import javax.xml.crypto.dsig.SignatureMethod;
-import javax.xml.crypto.dsig.SignedInfo;
-import javax.xml.crypto.dsig.Transform;
-import javax.xml.crypto.dsig.XMLSignature;
-import javax.xml.crypto.dsig.XMLSignatureException;
-import javax.xml.crypto.dsig.XMLSignatureFactory;
-import javax.xml.crypto.dsig.dom.DOMSignContext;
-import javax.xml.crypto.dsig.dom.DOMValidateContext;
-import javax.xml.crypto.dsig.keyinfo.KeyInfo;
-import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
-import javax.xml.crypto.dsig.keyinfo.KeyValue;
-import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
-import javax.xml.crypto.dsig.spec.TransformParameterSpec;
-
-import org.jboss.seam.security.external_authentication.configuration.SamlIdentityProvider;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.w3c.dom.Document;
-import org.w3c.dom.NodeList;
-
-public class SamlSignatureUtilForPostBinding
-{
- private Logger log = LoggerFactory.getLogger(SamlSignatureUtilForPostBinding.class);
-
- private XMLSignatureFactory fac = getXMLSignatureFactory();
-
- private XMLSignatureFactory getXMLSignatureFactory()
- {
- if (Security.getProvider("DOM") != null)
- {
- return XMLSignatureFactory.getInstance("DOM");
- }
- else
- {
- // No security provider found for the XML Digital Signature API (JSR
- // 105). Probably we have to do with JDK 1.5 or lower.
- // See
- // http://weblogs.java.net/blog/2008/02/27/using-jsr-105-jdk-14-or-15.
- // We assume that the reference implementation of JSR 105 is available
- // at runtime.
- return XMLSignatureFactory.getInstance("DOM", new org.jcp.xml.dsig.internal.dom.XMLDSigRI());
- }
- }
-
- static
- {
- AccessController.doPrivileged(new PrivilegedAction<Object>()
- {
- public Object run()
- {
- System.setProperty("org.apache.xml.security.ignoreLineBreaks", "true");
- return null;
- }
- });
- };
-
- public Document sign(Document doc, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI)
- {
- if (log.isTraceEnabled())
- {
- log.trace("Document to be signed={0}", new Object[] { SamlUtils.getDocumentAsString(doc) });
- }
- PrivateKey signingKey = keyPair.getPrivate();
- PublicKey publicKey = keyPair.getPublic();
-
- DOMSignContext dsc = new DOMSignContext(signingKey, doc.getDocumentElement());
- dsc.setDefaultNamespacePrefix("dsig");
-
- try
- {
- DigestMethod digestMethodObj = fac.newDigestMethod(digestMethod, null);
- Transform transform = fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null);
-
- List<Transform> transformList = Collections.singletonList(transform);
- Reference ref = fac.newReference(referenceURI, digestMethodObj, transformList, null, null);
-
- String canonicalizationMethodType = CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS;
- CanonicalizationMethod canonicalizationMethod = fac.newCanonicalizationMethod(canonicalizationMethodType, (C14NMethodParameterSpec) null);
-
- List<Reference> referenceList = Collections.singletonList(ref);
- SignatureMethod signatureMethodObj = fac.newSignatureMethod(signatureMethod, null);
- SignedInfo si = fac.newSignedInfo(canonicalizationMethod, signatureMethodObj, referenceList);
-
- KeyInfoFactory kif = fac.getKeyInfoFactory();
- KeyValue kv = kif.newKeyValue(publicKey);
- KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
-
- XMLSignature signature = fac.newXMLSignature(si, ki);
-
- signature.sign(dsc);
- }
- catch (XMLSignatureException e)
- {
- throw new RuntimeException(e);
- }
- catch (NoSuchAlgorithmException e)
- {
- throw new RuntimeException(e);
- }
- catch (InvalidAlgorithmParameterException e)
- {
- throw new RuntimeException(e);
- }
- catch (KeyException e)
- {
- throw new RuntimeException(e);
- }
- catch (MarshalException e)
- {
- throw new RuntimeException(e);
-
- }
- return doc;
- }
-
- public void validateSignature(SamlIdentityProvider idp, Document signedDoc) throws InvalidRequestException
- {
- Key publicKey = idp.getPublicKey();
-
- NodeList nl = signedDoc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
- if (nl == null || nl.getLength() == 0)
- {
- throw new InvalidRequestException("Signature element is not present or has zero length.");
- }
-
- try
- {
- DOMValidateContext valContext = new DOMValidateContext(publicKey, nl.item(0));
- XMLSignature signature = fac.unmarshalXMLSignature(valContext);
- boolean signatureValid = signature.validate(valContext);
-
- if (log.isTraceEnabled() && !signatureValid)
- {
- boolean sv = signature.getSignatureValue().validate(valContext);
- log.trace("Signature validation status: " + sv);
-
- @SuppressWarnings("unchecked")
- List<Reference> references = signature.getSignedInfo().getReferences();
- for (Reference ref : references)
- {
- log.trace("[Ref id=" + ref.getId() + ":uri=" + ref.getURI() + "] validity status:" + ref.validate(valContext));
- }
- }
-
- if (!signatureValid)
- {
- throw new InvalidRequestException("Invalid signature.");
- }
- }
- catch (XMLSignatureException e)
- {
- throw new RuntimeException(e);
- }
- catch (MarshalException e)
- {
- throw new RuntimeException(e);
- }
- }
-}
\ No newline at end of file
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSignatureUtilForRedirectBinding.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSignatureUtilForRedirectBinding.java 2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSignatureUtilForRedirectBinding.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,174 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.net.URLDecoder;
-import java.net.URLEncoder;
-import java.security.GeneralSecurityException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.Signature;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.jboss.seam.security.external_authentication.configuration.SamlIdentityProvider;
-import org.jboss.seam.security.util.Base64;
-
-public class SamlSignatureUtilForRedirectBinding
-{
- byte[] computeSignature(String requestOrResponseKeyValuePair, PrivateKey signingKey) throws IOException, GeneralSecurityException
- {
- StringBuilder sb = new StringBuilder();
- sb.append(requestOrResponseKeyValuePair);
- String algo = signingKey.getAlgorithm();
-
- String sigAlg = getXMLSignatureAlgorithmURI(algo);
- sigAlg = URLEncoder.encode(sigAlg, "UTF-8");
- sb.append("&SigAlg=").append(sigAlg);
-
- byte[] sigValue = sign(sb.toString(), signingKey);
-
- return sigValue;
- }
-
- private byte[] sign(String stringToBeSigned, PrivateKey signingKey) throws GeneralSecurityException
- {
- String algo = signingKey.getAlgorithm();
- Signature sig = getSignature(algo);
- sig.initSign(signingKey);
- sig.update(stringToBeSigned.getBytes());
- return sig.sign();
- }
-
- public void validateSignature(SamlIdentityProvider idp, HttpServletRequest httpRequest, RequestOrResponse requestOrResponse) throws InvalidRequestException
- {
- String sigValueParam = httpRequest.getParameter(SamlConstants.QSP_SIGNATURE);
- if (sigValueParam == null)
- {
- throw new InvalidRequestException("Signature parameter is not present.");
- }
-
- String decodedString;
- try
- {
- decodedString = URLDecoder.decode(sigValueParam, "UTF-8");
- }
- catch (UnsupportedEncodingException e)
- {
- throw new RuntimeException(e);
- }
-
- byte[] sigValue = Base64.decode(decodedString);
-
- String samlMessageParameter;
- if (requestOrResponse == RequestOrResponse.REQUEST)
- {
- samlMessageParameter = SamlConstants.QSP_SAML_REQUEST;
- }
- else
- {
- samlMessageParameter = SamlConstants.QSP_SAML_RESPONSE;
- }
-
- // Construct the url again
- String reqFromURL = httpRequest.getParameter(samlMessageParameter);
- String relayStateFromURL = httpRequest.getParameter(SamlConstants.QSP_RELAY_STATE);
- String sigAlgFromURL = httpRequest.getParameter(SamlConstants.QSP_SIG_ALG);
-
- StringBuilder sb = new StringBuilder();
- sb.append(samlMessageParameter).append("=").append(reqFromURL);
-
- if (relayStateFromURL != null && relayStateFromURL.length() != 0)
- {
- sb.append("&").append(SamlConstants.QSP_RELAY_STATE).append("=").append(relayStateFromURL);
- }
- sb.append("&").append(SamlConstants.QSP_SIG_ALG).append("=").append(sigAlgFromURL);
-
- PublicKey validatingKey = idp.getPublicKey();
-
- boolean isValid;
- try
- {
- isValid = validate(sb.toString().getBytes("UTF-8"), sigValue, validatingKey);
- }
- catch (UnsupportedEncodingException e)
- {
- throw new RuntimeException(e);
- }
- catch (GeneralSecurityException e)
- {
- throw new RuntimeException(e);
- }
-
- if (!isValid)
- {
- throw new InvalidRequestException("Invalid signature.");
- }
- }
-
- private boolean validate(byte[] signedContent, byte[] signatureValue, PublicKey validatingKey) throws GeneralSecurityException
- {
- // We assume that the sigatureValue has the same algorithm as the public
- // key
- // If not, there will be an exception anyway
- String algo = validatingKey.getAlgorithm();
- Signature sig = getSignature(algo);
-
- sig.initVerify(validatingKey);
- sig.update(signedContent);
- return sig.verify(signatureValue);
- }
-
- private Signature getSignature(String algo) throws GeneralSecurityException
- {
- Signature sig = null;
-
- if ("DSA".equalsIgnoreCase(algo))
- {
- sig = Signature.getInstance(SamlConstants.DSA_SIGNATURE_ALGORITHM);
- }
- else if ("RSA".equalsIgnoreCase(algo))
- {
- sig = Signature.getInstance(SamlConstants.RSA_SIGNATURE_ALGORITHM);
- }
- else
- throw new RuntimeException("Unknown signature algorithm:" + algo);
- return sig;
- }
-
- public String getXMLSignatureAlgorithmURI(String algo)
- {
- String xmlSignatureAlgo = null;
-
- if ("DSA".equalsIgnoreCase(algo))
- {
- xmlSignatureAlgo = SamlConstants.SIGNATURE_SHA1_WITH_DSA;
- }
- else if ("RSA".equalsIgnoreCase(algo))
- {
- xmlSignatureAlgo = SamlConstants.SIGNATURE_SHA1_WITH_RSA;
- }
- return xmlSignatureAlgo;
- }
-}
\ No newline at end of file
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleLogoutReceiver.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleLogoutReceiver.java 2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleLogoutReceiver.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,94 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.io.IOException;
-
-import javax.inject.Inject;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.jboss.seam.security.Identity;
-import org.jboss.seam.security.external_authentication.configuration.Binding;
-import org.jboss.seam.security.external_authentication.configuration.SamlEndpoint;
-import org.jboss.seam.security.external_authentication.configuration.SamlIdentityProvider;
-import org.jboss.seam.security.external_authentication.configuration.ServiceProvider;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.LogoutRequestType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.RequestAbstractType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.StatusResponseType;
-
-public class SamlSingleLogoutReceiver
-{
- @Inject
- private SamlMessageFactory samlMessageFactory;
-
- @Inject
- private SamlMessageSender samlMessageSender;
-
- @Inject
- private Identity identity;
-
- @Inject
- private ServiceProvider serviceProvider;
-
- public void processIDPRequest(HttpServletRequest httpRequest, HttpServletResponse httpResponse, RequestAbstractType request, SamlIdentityProvider idp) throws InvalidRequestException
- {
- if (!(request instanceof LogoutRequestType))
- {
- throw new InvalidRequestException("Request should be a single logout request.");
- }
-
- if (!identity.isLoggedIn())
- {
- throw new InvalidRequestException("No active session to logout.");
- }
-
- // FIXME: Identity.instance().logout();
-
- StatusResponseType response = samlMessageFactory.createStatusResponse(request, SamlConstants.STATUS_SUCCESS, null);
-
- Binding binding = httpRequest.getMethod().equals("POST") ? Binding.HTTP_Post : Binding.HTTP_Redirect;
- SamlEndpoint endpoint = idp.getService(SamlProfile.SINGLE_LOGOUT).getEndpointForBinding(binding);
-
- samlMessageSender.sendResponseToIDP(httpRequest, httpResponse, idp, endpoint, response);
- }
-
- public void processIDPResponse(HttpServletRequest httpRequest, HttpServletResponse httpResponse, StatusResponseType response, RequestContext requestContext, SamlIdentityProvider idp)
- {
- if (response.getStatus() != null && response.getStatus().getStatusCode().getValue().equals(SamlConstants.STATUS_SUCCESS))
- {
- // FIXME Identity.instance().logout();
- }
- else
- {
- throw new RuntimeException("Single logout failed. Status code: " + (response.getStatus() == null ? "null" : response.getStatus().getStatusCode().getValue()));
- }
- try
- {
- httpResponse.sendRedirect(serviceProvider.getLoggedOutUrl());
- }
- catch (IOException e)
- {
- throw new RuntimeException(e);
- }
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleLogoutSender.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleLogoutSender.java 2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleLogoutSender.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,65 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import javax.inject.Inject;
-import javax.naming.ConfigurationException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.jboss.seam.security.Identity;
-import org.jboss.seam.security.external_authentication.configuration.SamlIdentityProvider;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.LogoutRequestType;
-
-public class SamlSingleLogoutSender
-{
- @Inject
- private Requests requests;
-
- @Inject
- private SamlMessageSender samlMessageSender;
-
- @Inject
- private SamlMessageFactory samlMessageFactory;
-
- public void sendSingleLogoutRequestToIDP(HttpServletRequest request, HttpServletResponse response, Identity identity)
- {
- SeamSamlPrincipal principal = (SeamSamlPrincipal) null; // FIXME:
- // identity.getPrincipal()
- // is not
- // available any
- // more
- SamlIdentityProvider idp = (SamlIdentityProvider) principal.getIdentityProvider();
- LogoutRequestType logoutRequest;
- try
- {
- logoutRequest = samlMessageFactory.createLogoutRequest(principal);
- requests.addRequest(logoutRequest.getID(), idp, null);
- }
- catch (ConfigurationException e)
- {
- throw new RuntimeException(e);
- }
-
- samlMessageSender.sendRequestToIDP(request, response, idp, SamlProfile.SINGLE_LOGOUT, logoutRequest);
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleSignOnReceiver.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleSignOnReceiver.java 2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleSignOnReceiver.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,314 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.io.IOException;
-import java.util.LinkedList;
-import java.util.List;
-
-import javax.enterprise.inject.spi.BeanManager;
-import javax.inject.Inject;
-import javax.security.auth.login.LoginException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.bind.JAXBElement;
-import javax.xml.datatype.DatatypeConstants;
-
-import org.jboss.seam.security.Identity;
-import org.jboss.seam.security.events.LoginFailedEvent;
-import org.jboss.seam.security.events.PostAuthenticateEvent;
-import org.jboss.seam.security.external_authentication.configuration.SamlIdentityProvider;
-import org.jboss.seam.security.external_authentication.configuration.ServiceProvider;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.AssertionType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.AttributeStatementType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.AttributeType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.AuthnStatementType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.NameIDType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.StatementAbstractType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.SubjectConfirmationDataType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.SubjectConfirmationType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.ResponseType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.StatusResponseType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.StatusType;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class SamlSingleSignOnReceiver
-{
- private Logger log = LoggerFactory.getLogger(SamlSingleSignOnReceiver.class);
-
- @Inject
- private Requests requests;
-
- @Inject
- private Identity identity;
-
- @Inject
- private InternalAuthenticator internalAuthenticator;
-
- @Inject
- private ServiceProvider serviceProvider;
-
- @Inject
- private BeanManager beanManager;
-
- public void processIDPResponse(HttpServletRequest httpRequest, HttpServletResponse httpResponse, StatusResponseType statusResponse, RequestContext requestContext, SamlIdentityProvider idp) throws InvalidRequestException
- {
- StatusType status = statusResponse.getStatus();
- if (status == null)
- {
- throw new InvalidRequestException("Response does not contain a status");
- }
-
- String statusValue = status.getStatusCode().getValue();
- if (SamlConstants.STATUS_SUCCESS.equals(statusValue) == false)
- {
- throw new RuntimeException("IDP returned status " + statusValue);
- }
-
- if (!(statusResponse instanceof ResponseType))
- {
- throw new InvalidRequestException("Response does not have type ResponseType");
- }
-
- ResponseType response = (ResponseType) statusResponse;
-
- List<Object> assertions = response.getAssertionOrEncryptedAssertion();
- if (assertions.size() == 0)
- {
- throw new RuntimeException("IDP response does not contain assertions");
- }
-
- SeamSamlPrincipal principal = getAuthenticatedUser(response, requestContext);
- if (principal == null)
- {
- try
- {
- beanManager.fireEvent(new PostAuthenticateEvent());
- beanManager.fireEvent(new LoginFailedEvent(new LoginException()));
-
- httpResponse.sendRedirect(serviceProvider.getFailedAuthenticationUrl());
- }
- catch (IOException e)
- {
- throw new RuntimeException(e);
- }
- }
- else
- {
- // Login the user, and redirect to the requested page.
- principal.setIdentityProvider(idp);
- loginUser(httpRequest, httpResponse, principal, requestContext);
- }
- }
-
- private SeamSamlPrincipal getAuthenticatedUser(ResponseType responseType, RequestContext requestContext)
- {
- SeamSamlPrincipal principal = null;
-
- for (Object assertion : responseType.getAssertionOrEncryptedAssertion())
- {
- if (assertion instanceof AssertionType)
- {
- SeamSamlPrincipal assertionSubject = handleAssertion((AssertionType) assertion, requestContext);
- if (principal == null)
- {
- principal = assertionSubject;
- }
- else
- {
- log.warn("Multiple authenticated users found in assertions. Using the first one.");
- }
- }
- else
- {
- /* assertion instanceof EncryptedElementType */
- log.warn("Encountered encrypted assertion. Skipping it because decryption is not yet supported.");
- }
- }
- return principal;
- }
-
- private SeamSamlPrincipal handleAssertion(AssertionType assertion, RequestContext requestContext)
- {
- if (SamlUtils.hasAssertionExpired(assertion))
- {
- log.warn("Received assertion not processed because it has expired.");
- return null;
- }
-
- AuthnStatementType authnStatement = extractValidAuthnStatement(assertion);
- if (authnStatement == null)
- {
- log.warn("Received assertion not processed because it doesn't contain a valid authnStatement.");
- return null;
- }
-
- NameIDType nameId = validateSubjectAndExtractNameID(assertion, requestContext);
- if (nameId == null)
- {
- log.warn("Received assertion not processed because it doesn't contain a valid subject.");
- return null;
- }
-
- SeamSamlPrincipal principal = new SeamSamlPrincipal();
- principal.setAssertion(assertion);
- principal.setSessionIndex(authnStatement.getSessionIndex());
- principal.setNameId(nameId);
-
- for (StatementAbstractType statement : assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement())
- {
- if (statement instanceof AttributeStatementType)
- {
- AttributeStatementType attributeStatement = (AttributeStatementType) statement;
- List<AttributeType> attributes = new LinkedList<AttributeType>();
- for (Object object : attributeStatement.getAttributeOrEncryptedAttribute())
- {
- if (object instanceof AttributeType)
- {
- attributes.add((AttributeType) object);
- }
- else
- {
- log.warn("Encrypted attributes are not supported. Ignoring the attribute.");
- }
- }
- principal.setAttributes(attributes);
- }
- }
-
- return principal;
- }
-
- private AuthnStatementType extractValidAuthnStatement(AssertionType assertion)
- {
- for (StatementAbstractType statement : assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement())
- {
- if (statement instanceof AuthnStatementType)
- {
- AuthnStatementType authnStatement = (AuthnStatementType) statement;
- return authnStatement;
- }
- }
-
- return null;
- }
-
- private NameIDType validateSubjectAndExtractNameID(AssertionType assertion, RequestContext requestContext)
- {
- NameIDType nameId = null;
- boolean validConfirmationFound = false;
-
- for (JAXBElement<?> contentElement : assertion.getSubject().getContent())
- {
- if (contentElement.getValue() instanceof NameIDType)
- {
- nameId = (NameIDType) contentElement.getValue();
- }
- if (contentElement.getValue() instanceof SubjectConfirmationType)
- {
- SubjectConfirmationType confirmation = (SubjectConfirmationType) contentElement.getValue();
- if (confirmation.getMethod().equals(SamlConstants.CONFIRMATION_METHOD_BEARER))
- {
- SubjectConfirmationDataType confirmationData = confirmation.getSubjectConfirmationData();
-
- boolean validRecipient = confirmationData.getRecipient().equals(serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE));
-
- boolean notTooLate = confirmationData.getNotOnOrAfter().compare(SamlUtils.getXMLGregorianCalendar()) == DatatypeConstants.GREATER;
-
- boolean validInResponseTo = requestContext == null || confirmationData.getInResponseTo().equals(requestContext.getId());
-
- if (validRecipient && notTooLate && validInResponseTo)
- {
- validConfirmationFound = true;
- }
- }
- }
- }
-
- if (validConfirmationFound)
- {
- return nameId;
- }
- else
- {
- return null;
- }
- }
-
- private void loginUser(HttpServletRequest httpRequest, HttpServletResponse httpResponse, SeamSamlPrincipal principal, RequestContext requestContext)
- {
- if (identity.isLoggedIn())
- {
- throw new RuntimeException("User is already logged in.");
- }
-
- boolean internallyAuthenticated = internalAuthenticator.authenticate(principal, httpRequest);
-
- try
- {
- if (internallyAuthenticated)
- {
- if (requestContext == null)
- {
- redirectForUnsolicitedAuthentication(httpRequest, httpResponse);
- }
- else
- {
- requests.redirect(requestContext.getId(), httpResponse);
- }
- }
- else
- {
- httpResponse.sendRedirect(serviceProvider.getFailedAuthenticationUrl());
- }
- }
- catch (IOException e)
- {
- throw new RuntimeException(e);
- }
- }
-
- private void redirectForUnsolicitedAuthentication(HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws IOException
- {
- String relayState = httpRequest.getParameter("RelayState");
-
- /* Unsolicited authentication. */
-
- if (relayState != null)
- {
- httpResponse.sendRedirect(relayState);
- }
- else
- {
- String unsolicitedAuthenticationUrl = serviceProvider.getUnsolicitedAuthenticationUrl();
- if (unsolicitedAuthenticationUrl != null)
- {
- httpResponse.sendRedirect(unsolicitedAuthenticationUrl);
- }
- else
- {
- throw new RuntimeException("Unsolicited login could not be handled because the unsolicitedAuthenticationViewId property has not been configured");
- }
- }
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleSignOnSender.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleSignOnSender.java 2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleSignOnSender.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,35 +0,0 @@
-package org.jboss.seam.security.external_authentication;
-
-import javax.enterprise.inject.spi.BeanManager;
-import javax.inject.Inject;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.jboss.seam.security.events.PreAuthenticateEvent;
-import org.jboss.seam.security.external_authentication.configuration.SamlIdentityProvider;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.AuthnRequestType;
-
-public class SamlSingleSignOnSender
-{
- @Inject
- private Requests requests;
-
- @Inject
- private SamlMessageFactory samlMessageFactory;
-
- @Inject
- private SamlMessageSender samlMessageSender;
-
- @Inject
- private BeanManager beanManager;
-
- public void sendAuthenticationRequestToIDP(HttpServletRequest request, HttpServletResponse response, SamlIdentityProvider samlIdentityProvider, String returnUrl)
- {
- AuthnRequestType authnRequest = samlMessageFactory.createAuthnRequest();
- requests.addRequest(authnRequest.getID(), samlIdentityProvider, returnUrl);
-
- beanManager.fireEvent(new PreAuthenticateEvent());
-
- samlMessageSender.sendRequestToIDP(request, response, samlIdentityProvider, SamlProfile.SINGLE_SIGN_ON, authnRequest);
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlUtils.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlUtils.java 2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlUtils.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,128 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.io.IOException;
-import java.io.StringWriter;
-import java.util.GregorianCalendar;
-
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.datatype.DatatypeConfigurationException;
-import javax.xml.datatype.DatatypeConstants;
-import javax.xml.datatype.DatatypeFactory;
-import javax.xml.datatype.XMLGregorianCalendar;
-import javax.xml.transform.OutputKeys;
-import javax.xml.transform.Result;
-import javax.xml.transform.Source;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.AssertionType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.ConditionsType;
-import org.w3c.dom.Document;
-
-public class SamlUtils
-{
-
- public static XMLGregorianCalendar getXMLGregorianCalendar()
- {
- try
- {
- DatatypeFactory dtf = DatatypeFactory.newInstance();
- return dtf.newXMLGregorianCalendar(new GregorianCalendar());
- }
- catch (DatatypeConfigurationException e)
- {
- throw new RuntimeException(e);
- }
- }
-
- public static boolean hasAssertionExpired(AssertionType assertion)
- {
- ConditionsType conditionsType = assertion.getConditions();
- if (conditionsType != null)
- {
- XMLGregorianCalendar now = getXMLGregorianCalendar();
- XMLGregorianCalendar notBefore = conditionsType.getNotBefore();
- XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter();
-
- int val = notBefore.compare(now);
- if (val == DatatypeConstants.INDETERMINATE || val == DatatypeConstants.GREATER)
- {
- return true;
- }
-
- val = notOnOrAfter.compare(now);
- if (val != DatatypeConstants.GREATER)
- {
- return true;
- }
-
- return false;
- }
- else
- {
- return false;
- }
- }
-
- public static String getDocumentAsString(Document document)
- {
- Source source = new DOMSource(document);
- StringWriter sw = new StringWriter();
-
- Result streamResult = new StreamResult(sw);
- try
- {
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
- transformer.setOutputProperty(OutputKeys.INDENT, "no");
- transformer.transform(source, streamResult);
- }
- catch (TransformerException e)
- {
- throw new RuntimeException(e);
- }
-
- return sw.toString();
- }
-
- public static void sendRedirect(String destination, HttpServletResponse response)
- {
- response.setCharacterEncoding("UTF-8");
- response.setHeader("Location", destination);
- response.setHeader("Pragma", "no-cache");
- response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate,private");
- response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY);
- try
- {
- response.sendRedirect(destination);
- }
- catch (IOException e)
- {
- throw new RuntimeException();
- }
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SeamSamlPrincipal.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SeamSamlPrincipal.java 2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SeamSamlPrincipal.java 2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,99 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.security.Principal;
-import java.util.LinkedList;
-import java.util.List;
-
-import org.jboss.seam.security.external_authentication.configuration.SamlIdentityProvider;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.AssertionType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.AttributeType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.NameIDType;
-
-public class SeamSamlPrincipal implements Principal
-{
- private NameIDType nameId;
-
- private SamlIdentityProvider identityProvider;
-
- private List<AttributeType> attributes = new LinkedList<AttributeType>();
-
- private String sessionIndex;
-
- private AssertionType assertion;
-
- public NameIDType getNameId()
- {
- return nameId;
- }
-
- public void setNameId(NameIDType nameId)
- {
- this.nameId = nameId;
- }
-
- public SamlIdentityProvider getIdentityProvider()
- {
- return identityProvider;
- }
-
- public void setIdentityProvider(SamlIdentityProvider identityProvider)
- {
- this.identityProvider = identityProvider;
- }
-
- public List<AttributeType> getAttributes()
- {
- return attributes;
- }
-
- public void setAttributes(List<AttributeType> attributes)
- {
- this.attributes = attributes;
- }
-
- public String getSessionIndex()
- {
- return sessionIndex;
- }
-
- public void setSessionIndex(String sessionIndex)
- {
- this.sessionIndex = sessionIndex;
- }
-
- public AssertionType getAssertion()
- {
- return assertion;
- }
-
- public void setAssertion(AssertionType assertion)
- {
- this.assertion = assertion;
- }
-
- public String getName()
- {
- return nameId.getValue();
- }
-}
Modified: modules/security/trunk/external/src/main/resources/schema/config/external-authentication-config.xsd
===================================================================
--- modules/security/trunk/external/src/main/resources/schema/config/external-authentication-config.xsd 2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/resources/schema/config/external-authentication-config.xsd 2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
-<schema xmlns="http://www.w3.org/2001/XMLSchema" targetNamespace="urn:seam:security:external_authentication:config"
- xmlns:tns="urn:seam:security:external_authentication:config" elementFormDefault="qualified">
+<schema xmlns="http://www.w3.org/2001/XMLSchema" targetNamespace="urn:seam:security:external:config"
+ xmlns:tns="urn:seam:security:external:config" elementFormDefault="qualified">
<complexType name="ExternalAuthenticationConfigType">
<annotation>
<documentation>
@@ -199,4 +199,4 @@
</attribute>
</complexType>
<element name="ExternalAuthenticationConfig" type="tns:ExternalAuthenticationConfigType" />
-</schema>
\ No newline at end of file
+</schema>
Modified: modules/security/trunk/external/src/main/xjb/samlv2-bindings.xjb
===================================================================
--- modules/security/trunk/external/src/main/xjb/samlv2-bindings.xjb 2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/xjb/samlv2-bindings.xjb 2010-08-12 21:50:30 UTC (rev 13608)
@@ -6,7 +6,7 @@
schemaLocation="../resources/schema/samlv2/saml-schema-assertion-2.0.xsd">
<jaxb:bindings node="/xs:schema">
<jaxb:schemaBindings>
- <jaxb:package name="org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion" />
+ <jaxb:package name="org.jboss.seam.security.external.jaxb.samlv2.assertion" />
</jaxb:schemaBindings>
</jaxb:bindings>
</jaxb:bindings>
@@ -15,7 +15,7 @@
schemaLocation="../resources/schema/samlv2/saml-schema-protocol-2.0.xsd">
<jaxb:bindings node="/xs:schema">
<jaxb:schemaBindings>
- <jaxb:package name="org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol" />
+ <jaxb:package name="org.jboss.seam.security.external.jaxb.samlv2.protocol" />
</jaxb:schemaBindings>
</jaxb:bindings>
</jaxb:bindings>
@@ -24,7 +24,7 @@
schemaLocation="../resources/schema/samlv2/saml-schema-metadata-2.0.xsd">
<jaxb:bindings node="/xs:schema">
<jaxb:schemaBindings>
- <jaxb:package name="org.jboss.seam.security.external_authentication.jaxb.samlv2.metadata" />
+ <jaxb:package name="org.jboss.seam.security.external.jaxb.samlv2.metadata" />
</jaxb:schemaBindings>
</jaxb:bindings>
</jaxb:bindings>
@@ -32,7 +32,7 @@
<jaxb:bindings schemaLocation="../resources/schema/samlv2/xenc-schema.xsd">
<jaxb:bindings node="/xs:schema">
<jaxb:schemaBindings>
- <jaxb:package name="org.jboss.seam.external_authentication.jaxb.xenc" />
+ <jaxb:package name="org.jboss.seam.external.jaxb.xenc" />
</jaxb:schemaBindings>
</jaxb:bindings>
</jaxb:bindings>
@@ -40,7 +40,7 @@
<jaxb:bindings schemaLocation="../resources/schema/samlv2/xmldsig-core-schema.xsd">
<jaxb:bindings node="/xs:schema">
<jaxb:schemaBindings>
- <jaxb:package name="org.jboss.seam.security.external_authentication.jaxb.xmldsig" />
+ <jaxb:package name="org.jboss.seam.security.external.jaxb.xmldsig" />
</jaxb:schemaBindings>
</jaxb:bindings>
</jaxb:bindings>
More information about the seam-commits
mailing list