Author: muthulee
Date: Thu Jul 26 04:04:00 2007
New Revision: 559780
URL: http://svn.apache.org/viewvc?view=rev&rev=559780
Log:
SAML improvements
Added:
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLAttributeCallback.java
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallback.java
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallbackHandler.java
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLNameIdentifierCallback.java
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/MessageOptimizer.java
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
webservices/rampart/trunk/java/src/site/resources/download/1.2/download.html
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java?view=diff&rev=559780&r1=559779&r2=559780
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java
Thu Jul 26 04:04:00 2007
@@ -137,7 +137,9 @@
if(rpd.isMTOMSerialize()){
msgCtx.setProperty(Constants.Configuration.ENABLE_MTOM,
Constants.VALUE_TRUE);
OptimizePartsConfig config= rpd.getOptimizePartsConfig();
- MessageOptimizer.optimize(msgCtx.getEnvelope(),
config.getExpressions(), config.getNamespaces());
+ if(config != null){
+ MessageOptimizer.optimize(msgCtx.getEnvelope(),
config.getExpressions(), config.getNamespaces());
+ }
}
}
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java?view=diff&rev=559780&r1=559779&r2=559780
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
Thu Jul 26 04:04:00 2007
@@ -48,7 +48,7 @@
public class RampartEngine {
- private static Log log =
LogFactory.getLog(RampartEngine.class.getName());
+ private static Log log = LogFactory.getLog(RampartEngine.class);
private static Log tlog = LogFactory.getLog(RampartConstants.TIME_LOG);
public Vector process(MessageContext msgCtx) throws WSSPolicyException,
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/MessageOptimizer.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/MessageOptimizer.java?view=diff&rev=559780&r1=559779&r2=559780
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/MessageOptimizer.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/MessageOptimizer.java
Thu Jul 26 04:04:00 2007
@@ -56,7 +56,6 @@
}
try {
- if(expressions.size() > 0){
for(int i=0; i<expressions.size(); i++){
String exp = (String)expressions.get(i);
XPath xp = new AXIOMXPath(exp);
@@ -69,18 +68,6 @@
text.setOptimize(true);
}
}
- }else{
- String exp = CIPHER_ELEMENT;
- XPath xp = new AXIOMXPath(exp);
- xp.setNamespaceContext(nsCtx);
- List list = xp.selectNodes(env);
- Iterator elements = list.iterator();
- while (elements.hasNext()) {
- OMElement element = (OMElement)
elements.next();
- OMText text =
(OMText)element.getFirstOMChild();
- text.setOptimize(true);
- }
- }
} catch (JaxenException e) {
throw new RampartException("Error in XPath ", e);
}
Modified:
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java?view=diff&rev=559780&r1=559779&r2=559780
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java
Thu Jul 26 04:04:00 2007
@@ -16,6 +16,13 @@
package org.apache.rahas.impl;
+import java.security.Principal;
+import java.security.SecureRandom;
+import java.security.cert.X509Certificate;
+import java.text.DateFormat;
+import java.util.Arrays;
+import java.util.Date;
+
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMNode;
import org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl;
@@ -28,6 +35,9 @@
import org.apache.rahas.TokenIssuer;
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
+import org.apache.rahas.impl.util.SAMLAttributeCallback;
+import org.apache.rahas.impl.util.SAMLCallbackHandler;
+import org.apache.rahas.impl.util.SAMLNameIdentifierCallback;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.WSUsernameTokenPrincipal;
@@ -51,13 +61,6 @@
import org.w3c.dom.Node;
import org.w3c.dom.Text;
-import java.security.Principal;
-import java.security.SecureRandom;
-import java.security.cert.X509Certificate;
-import java.text.DateFormat;
-import java.util.Arrays;
-import java.util.Date;
-
/**
* Issuer to issue SAMl tokens
*/
@@ -251,10 +254,19 @@
Principal principal = data.getPrincipal();
// In the case where the principal is a UT
if (principal instanceof WSUsernameTokenPrincipal) {
- // TODO: Find the email address
- String subjectNameId = "[EMAIL PROTECTED]";
- SAMLNameIdentifier nameId = new SAMLNameIdentifier(
- subjectNameId, null, SAMLNameIdentifier.FORMAT_EMAIL);
+ SAMLNameIdentifier nameId = null;
+ if(config.getCallbackHander() != null){
+ SAMLNameIdentifierCallback cb = new
SAMLNameIdentifierCallback(data);
+ cb.setUserId(principal.getName());
+ SAMLCallbackHandler callbackHandler =
config.getCallbackHander();
+ callbackHandler.handle(cb);
+ nameId = cb.getNameId();
+ }else{
+ //TODO Remove
+ nameId = new SAMLNameIdentifier(
+ principal.getName(), null,
SAMLNameIdentifier.FORMAT_EMAIL);
+ }
+
return createAuthAssertion(doc, SAMLSubject.CONF_BEARER,
nameId, null, config, crypto, creationTime,
expirationTime);
@@ -321,11 +333,12 @@
new String[] { serviceCert.getSubjectDN().getName() },
e);
}
- return this.createAttributeAssertion(doc, encryptedKeyElem, config,
+ return this.createAttributeAssertion(doc, data ,encryptedKeyElem,
config,
crypto, creationTime, expirationTime);
} else {
try {
String subjectNameId = data.getPrincipal().getName();
+
SAMLNameIdentifier nameId = new SAMLNameIdentifier(
subjectNameId, null, SAMLNameIdentifier.FORMAT_EMAIL);
@@ -404,7 +417,7 @@
* @return
* @throws TrustException
*/
- private SAMLAssertion createAttributeAssertion(Document doc,
+ private SAMLAssertion createAttributeAssertion(Document doc, RahasData
data,
Element keyInfoContent, SAMLTokenIssuerConfig config,
Crypto crypto, Date notBefore, Date notAfter) throws
TrustException {
try {
@@ -422,11 +435,22 @@
SAMLSubject subject = new SAMLSubject(null, Arrays
.asList(confirmationMethods), null, keyInfoElem);
- SAMLAttribute attribute = new SAMLAttribute("Name",
- "https://rahas.apache.org/saml/attrns";, null, -1, Arrays
- .asList(new String[] { "Colombo/Rahas" }));
+
+ SAMLAttribute[] attrs = null;
+ if(config.getCallbackHander() != null){
+ SAMLAttributeCallback cb = new SAMLAttributeCallback(data);
+ SAMLCallbackHandler handler = config.getCallbackHander();
+ attrs = cb.getAttributes();
+ }else{
+ //TODO Remove this after discussing
+ SAMLAttribute attribute = new SAMLAttribute("Name",
+ "https://rahas.apache.org/saml/attrns";, null, -1,
Arrays
+ .asList(new String[] { "Colombo/Rahas" }));
+ attrs = new SAMLAttribute[]{attribute};
+ }
+
SAMLAttributeStatement attrStmt = new SAMLAttributeStatement(
- subject, Arrays.asList(new SAMLAttribute[] { attribute }));
+ subject, Arrays.asList(attrs ));
SAMLStatement[] statements = { attrStmt };
Modified:
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java?view=diff&rev=559780&r1=559779&r2=559780
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
Thu Jul 26 04:04:00 2007
@@ -16,22 +16,25 @@
package org.apache.rahas.impl;
+import java.io.FileInputStream;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Properties;
+
+import javax.xml.namespace.QName;
+
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMAttribute;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.axis2.description.Parameter;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.apache.rahas.TrustException;
-
-import javax.xml.namespace.QName;
-
-import java.io.FileInputStream;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Properties;
+import org.apache.rahas.impl.util.SAMLCallbackHandler;
/**
* Configuration manager for the <code>SAMLTokenIssuer</code>
@@ -40,6 +43,9 @@
*/
public class SAMLTokenIssuerConfig extends AbstractIssuerConfig {
+
+ Log log = LogFactory.getLog(SAMLTokenIssuerConfig.class);
+
/**
* The QName of the configuration element of the SAMLTokenIssuer
*/
@@ -76,13 +82,16 @@
public final static QName USE_SAML_ATTRIBUTE_STATEMENT = new
QName("useSAMLAttributeStatement");
public final static QName ISSUER_NAME = new QName("issuerName");
-
+
+ public final static QName SAML_CALLBACK_CLASS = new
QName("dataCallbackHandlerClass");
+
protected String issuerKeyAlias;
protected String issuerKeyPassword;
protected String issuerName;
protected Map trustedServices = new HashMap();
protected String trustStorePropFile;
-
+ protected SAMLCallbackHandler callbackHander;
+
/**
* Create a new configuration with issuer name and crypto information
* @param issuerName Name of the issuer
@@ -228,6 +237,27 @@
//throw an exception when there are no trusted in the list at the
//moment
}
+
+
+ OMElement attrElemet =
elem.getFirstChildWithName(SAML_CALLBACK_CLASS);
+ if (attrElemet != null) {
+ try {
+ String value = attrElemet.getText();
+ Class handlerClass =
Class.forName(value);
+ this.callbackHander =
(SAMLCallbackHandler)handlerClass.newInstance();
+ } catch (ClassNotFoundException e) {
+ log.debug("Error loading class" , e);
+ throw new TrustException("Error loading
class" , e);
+ } catch (InstantiationException e) {
+ log.debug("Error instantiating class" ,
e);
+ throw new TrustException("Error
instantiating class" , e);
+ } catch (IllegalAccessException e) {
+ log.debug("Illegal Access" , e);
+ throw new TrustException("Illegal
Access" , e);
+ }
+ }
+
+
}
/**
@@ -349,5 +379,15 @@
public Map getTrustedServices() {
return trustedServices;
}
+
+ public SAMLCallbackHandler getCallbackHander() {
+ return callbackHander;
+ }
+
+ public void setCallbackHander(SAMLCallbackHandler callbackHander) {
+ this.callbackHander = callbackHander;
+ }
+
+
}
Added:
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLAttributeCallback.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLAttributeCallback.java?view=auto&rev=559780
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLAttributeCallback.java
(added)
+++
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLAttributeCallback.java
Thu Jul 26 04:04:00 2007
@@ -0,0 +1,33 @@
+package org.apache.rahas.impl.util;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.rahas.RahasData;
+import org.opensaml.SAMLAttribute;
+
+public class SAMLAttributeCallback implements SAMLCallback{
+
+ private List attributes = null;
+ private RahasData data = null;
+
+ public SAMLAttributeCallback(RahasData data){
+ attributes = new ArrayList();
+ this.data = data;
+ }
+
+ public int getCallbackType(){
+ return SAMLCallback.ATTR_CALLBACK;
+ }
+
+ public void addAttributes(SAMLAttribute attribute){
+ attributes.add(attribute);
+ }
+
+ public SAMLAttribute[] getAttributes(){
+ return (SAMLAttribute[])attributes.toArray(new
SAMLAttribute[attributes.size()]);
+
+ }
+
+
+}
Added:
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallback.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallback.java?view=auto&rev=559780
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallback.java
(added)
+++
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallback.java
Thu Jul 26 04:04:00 2007
@@ -0,0 +1,17 @@
+package org.apache.rahas.impl.util;
+
+public interface SAMLCallback {
+
+ /**
+ * Attribute callback
+ */
+ public static final int ATTR_CALLBACK = 1;
+
+ /**
+ * Subject name identifier
+ */
+ public static final int NAME_IDENTIFIER_CALLBACK = 2;
+
+ int getCallbackType();
+
+}
Added:
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallbackHandler.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallbackHandler.java?view=auto&rev=559780
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallbackHandler.java
(added)
+++
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallbackHandler.java
Thu Jul 26 04:04:00 2007
@@ -0,0 +1,9 @@
+package org.apache.rahas.impl.util;
+
+import org.opensaml.SAMLException;
+
+public interface SAMLCallbackHandler {
+
+ public void handle(SAMLCallback callback) throws SAMLException;
+
+}
Added:
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLNameIdentifierCallback.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLNameIdentifierCallback.java?view=auto&rev=559780
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLNameIdentifierCallback.java
(added)
+++
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLNameIdentifierCallback.java
Thu Jul 26 04:04:00 2007
@@ -0,0 +1,36 @@
+package org.apache.rahas.impl.util;
+
+import org.apache.rahas.RahasData;
+import org.opensaml.SAMLNameIdentifier;
+
+public class SAMLNameIdentifierCallback implements SAMLCallback{
+
+ private SAMLNameIdentifier nameId = null;
+ private String userId = null;
+ private RahasData data = null;
+
+ public SAMLNameIdentifierCallback(RahasData data){
+ this.data = data;
+ }
+
+ public int getCallbackType(){
+ return SAMLCallback.NAME_IDENTIFIER_CALLBACK;
+ }
+
+ public SAMLNameIdentifier getNameId() {
+ return nameId;
+ }
+
+ public void setNameId(SAMLNameIdentifier nameId) {
+ this.nameId = nameId;
+ }
+
+ public void setUserId(String userId) {
+ this.userId = userId;
+ }
+
+ public String getUserId() {
+ return userId;
+ }
+
+}
Modified:
webservices/rampart/trunk/java/src/site/resources/download/1.2/download.html
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/src/site/resources/download/1.2/download.html?view=diff&rev=559780&r1=559779&r2=559780
==============================================================================
---
webservices/rampart/trunk/java/src/site/resources/download/1.2/download.html
(original)
+++
webservices/rampart/trunk/java/src/site/resources/download/1.2/download.html
Thu Jul 26 04:04:00 2007
@@ -109,8 +109,8 @@
as well.</td>
<td>
<a
-href="[preferred]/ws/rampart/1_2/rampart-docs-1.2.zip"
-title="[preferred]/ws/rampart/1_2/rampart-docs-1.2.zip">zip</a>
+href="[preferred]/ws/rampart/1_2/rampart-1.2.zip"
+title="[preferred]/ws/rampart/1_2/rampart-1.2.zip">zip</a>
<a
href="http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip.md5";
class="externalLink"
@@ -128,8 +128,8 @@
install' followed by 'mvn assembly:assembly -Drelease'</td>
<td>
<a
-href="[preferred]/ws/rampart/1_2/rampart-docs-1.2.zip"
-title="[preferred]/ws/rampart/1_2/rampart-docs-1.2.zip">zip</a>
+href="[preferred]/ws/rampart/1_2/rampart-src-1.2.zip"
+title="[preferred]/ws/rampart/1_2/rampart-src-1.2.zip">zip</a>
<a
href="http://www.apache.org/dist/ws/rampart/1_2/rampart-src-1.2.zip.md5";
class="externalLink"
