private void logException(SAXParseException sax) { StringBuilder builder = new StringBuilder(); if (logger.isTraceEnabled()) { builder.append("[line:").append(sax.getLineNumber()).append(",").append("::col=").append(sax.getColumnNumber()) .append("]"); builder.append("[publicID:").append(sax.getPublicId()).append(",systemId=").append(sax.getSystemId()) .append("]"); builder.append(":").append(sax.getLocalizedMessage()); logger.trace(builder.toString()); } } }
private void logException(SAXParseException sax) { StringBuilder builder = new StringBuilder(); if (logger.isTraceEnabled()) { builder.append("[line:").append(sax.getLineNumber()).append(",").append("::col=").append(sax.getColumnNumber()) .append("]"); builder.append("[publicID:").append(sax.getPublicId()).append(",systemId=").append(sax.getSystemId()) .append("]"); builder.append(":").append(sax.getLocalizedMessage()); logger.trace(builder.toString()); } } }
/** * Get the value of a cookie if the name matches the token * * @param cookies array of cookies * @param numCookies number of cookies in the array * @param token Key * * @return value of cookie */ protected String getCookieValue(Cookie[] cookies, int numCookies, String token) { for (int i = 0; i < numCookies; i++) { Cookie cookie = cookies[i]; log.trace("Matching cookieToken:" + token + " with cookie name=" + cookie.getName()); if (token.equals(cookie.getName())) { if (log.isTraceEnabled()) { log.trace("Cookie-" + token + " value=" + cookie.getValue()); } return cookie.getValue(); } } return null; } }
/** * Get the value of a cookie if the name matches the token * * @param cookies array of cookies * @param numCookies number of cookies in the array * @param token Key * * @return value of cookie */ protected String getCookieValue(Cookie[] cookies, int numCookies, String token) { for (int i = 0; i < numCookies; i++) { Cookie cookie = cookies[i]; log.trace("Matching cookieToken:" + token + " with cookie name=" + cookie.getName()); if (token.equals(cookie.getName())) { if (log.isTraceEnabled()) { log.trace("Cookie-" + token + " value=" + cookie.getValue()); } return cookie.getValue(); } } return null; } }
/** * Get the value of a cookie if the name matches the token * * @param cookies array of cookies * @param numCookies number of cookies in the array * @param token Key * * @return value of cookie */ protected String getCookieValue(Cookie[] cookies, int numCookies, String token) { for (int i = 0; i < numCookies; i++) { Cookie cookie = cookies[i]; log.trace("Matching cookieToken:" + token + " with cookie name=" + cookie.getName()); if (token.equals(cookie.getName())) { if (log.isTraceEnabled()) { log.trace("Cookie-" + token + " value=" + cookie.getValue()); } return cookie.getValue(); } } return null; } }
/** * Get the username from the request header * * @param request * * @return */ protected String getUserId(Request request) { String ssoid = null; // We can have a comma-separated ids String ids = this.httpHeaderForSSOAuth; if (ids == null || ids.length() == 0) { throw new IllegalStateException("Http headers configuration in tomcat service missing"); } StringTokenizer st = new StringTokenizer(ids, ","); while (st.hasMoreTokens()) { ssoid = request.getHeader(st.nextToken()); if (ssoid != null) { break; } } if (log.isTraceEnabled()) { log.trace("SSOID-" + ssoid); } return ssoid; }
@Override public boolean commit() throws LoginException { if (super.commit()) { final boolean added = subject.getPublicCredentials().add(this.credential); if (added && logger.isTraceEnabled()) { logger.trace("Added Credential " + this.credential); } return true; } else { return false; } }
@Override public boolean commit() throws LoginException { if (super.commit()) { final boolean added = subject.getPublicCredentials().add(this.credential); if (added && logger.isTraceEnabled()) { logger.trace("Added Credential " + this.credential); } return true; } else { return false; } }
@Override public boolean commit() throws LoginException { if (super.commit()) { final boolean added = subject.getPublicCredentials().add(this.credential); if (added && logger.isTraceEnabled()) { logger.trace("Added Credential " + this.credential); } return true; } else { return false; } }
@Override public boolean commit() throws LoginException { if (super.commit()) { final boolean added = subject.getPublicCredentials().add(this.credential); if (added && logger.isTraceEnabled()) { logger.trace("Added Credential " + this.credential); } return true; } else { return false; } }
/** * <p> * Utility method that marshals the specified {@code AssertionType} object into an {@code Element} instance. * </p> * * @param assertion an {@code AssertionType} object representing the SAML assertion to be marshaled. * * @return a reference to the {@code Element} that contains the marshaled SAML assertion. * * @throws Exception if an error occurs while marshaling the assertion. */ public static Element toElement(AssertionType assertion) throws Exception { ByteArrayOutputStream baos = new ByteArrayOutputStream(); SAMLAssertionWriter writer = new SAMLAssertionWriter(StaxUtil.getXMLStreamWriter(baos)); writer.write(assertion); byte[] assertionBytes = baos.toByteArray(); ByteArrayInputStream bis = new ByteArrayInputStream(assertionBytes); Document document = DocumentUtil.getDocument(bis); if (logger.isTraceEnabled()) { logger.samlAssertion(DocumentUtil.asString(document)); } return document.getDocumentElement(); }
/** * <p> * Utility method that marshals the specified {@code AssertionType} object into an {@code Element} instance. * </p> * * @param assertion an {@code AssertionType} object representing the SAML assertion to be marshaled. * * @return a reference to the {@code Element} that contains the marshaled SAML assertion. * * @throws Exception if an error occurs while marshaling the assertion. */ public static Element toElement(AssertionType assertion) throws Exception { ByteArrayOutputStream baos = new ByteArrayOutputStream(); SAMLAssertionWriter writer = new SAMLAssertionWriter(StaxUtil.getXMLStreamWriter(baos)); writer.write(assertion); byte[] assertionBytes = baos.toByteArray(); ByteArrayInputStream bis = new ByteArrayInputStream(assertionBytes); Document document = DocumentUtil.getDocument(bis); if (logger.isTraceEnabled()) { logger.samlAssertion(DocumentUtil.asString(document)); } return document.getDocumentElement(); }
public Source invoke(Source request) { try { Document doc = (Document) DocumentUtil.getNodeFromSource(request); if (logger.isTraceEnabled()) { logger.trace("XACML Received Message: " + DocumentUtil.asString(doc)); } XACMLAuthzDecisionQueryType xacmlQuery = SOAPSAMLXACMLUtil.getXACMLQueryType(doc); ResponseType samlResponseType = SOAPSAMLXACMLUtil.handleXACMLQuery(pdp, issuer, xacmlQuery); ByteArrayOutputStream baos = new ByteArrayOutputStream(); XMLStreamWriter xmlStreamWriter = StaxUtil.getXMLStreamWriter(baos); SAMLResponseWriter samlResponseWriter = new SAMLResponseWriter(xmlStreamWriter); samlResponseWriter.write(samlResponseType); Document responseDocument = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray())); return new DOMSource(responseDocument.getDocumentElement()); } catch (Exception e) { throw logger.xacmlPDPMessageProcessingError(e); } }
public Source invoke(Source request) { try { Document doc = (Document) DocumentUtil.getNodeFromSource(request); if (logger.isTraceEnabled()) { logger.trace("XACML Received Message: " + DocumentUtil.asString(doc)); } XACMLAuthzDecisionQueryType xacmlQuery = SOAPSAMLXACMLUtil.getXACMLQueryType(doc); ResponseType samlResponseType = SOAPSAMLXACMLUtil.handleXACMLQuery(pdp, issuer, xacmlQuery); ByteArrayOutputStream baos = new ByteArrayOutputStream(); XMLStreamWriter xmlStreamWriter = StaxUtil.getXMLStreamWriter(baos); SAMLResponseWriter samlResponseWriter = new SAMLResponseWriter(xmlStreamWriter); samlResponseWriter.write(samlResponseType); Document responseDocument = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray())); return new DOMSource(responseDocument.getDocumentElement()); } catch (Exception e) { throw logger.xacmlPDPMessageProcessingError(e); } }
protected void trace(MessageContext msgContext) { if (logger.isTraceEnabled()) { if (msgContext instanceof SOAPMessageContext) { SOAPMessageContext soapMessageContext = (SOAPMessageContext) msgContext; logger.trace("WSDL_PORT=" + soapMessageContext.get(SOAPMessageContext.WSDL_PORT)); logger.trace("WSDL_OPERATION=" + soapMessageContext.get(SOAPMessageContext.WSDL_OPERATION)); logger.trace("WSDL_INTERFACE=" + soapMessageContext.get(SOAPMessageContext.WSDL_INTERFACE)); logger.trace("WSDL_SERVICE=" + soapMessageContext.get(SOAPMessageContext.WSDL_SERVICE)); } } }
protected void trace(MessageContext msgContext) { if (logger.isTraceEnabled()) { if (msgContext instanceof SOAPMessageContext) { SOAPMessageContext soapMessageContext = (SOAPMessageContext) msgContext; logger.trace("WSDL_PORT=" + soapMessageContext.get(SOAPMessageContext.WSDL_PORT)); logger.trace("WSDL_OPERATION=" + soapMessageContext.get(SOAPMessageContext.WSDL_OPERATION)); logger.trace("WSDL_INTERFACE=" + soapMessageContext.get(SOAPMessageContext.WSDL_INTERFACE)); logger.trace("WSDL_SERVICE=" + soapMessageContext.get(SOAPMessageContext.WSDL_SERVICE)); } } }
@Override protected Group[] getRoleSets() throws LoginException { if (this.assertion == null) { try { this.assertion = SAMLUtil.fromElement(this.credential.getAssertionAsElement()); } catch (Exception e) { throw logger.authFailedToParseSAMLAssertion(e); } } if (logger.isTraceEnabled()) { try { logger.trace("Assertion from where roles will be sought = " + AssertionUtil.asString(assertion)); } catch (ProcessingException ignore) { } } List<String> roleKeys = new ArrayList<String>(); if (StringUtil.isNotNull(roleKey)) { roleKeys.addAll(StringUtil.tokenize(roleKey)); } String groupName = SecurityConstants.ROLES_IDENTIFIER; Group rolesGroup = new PicketLinkGroup(groupName); List<String> roles = AssertionUtil.getRoles(assertion, roleKeys); for (String role : roles) { rolesGroup.addMember(new SimplePrincipal(role)); } return new Group[]{rolesGroup}; }
@Override protected boolean handleInbound(MessageContext msgContext) { String username = getUserPrincipalName(msgContext); SOAPMessage sm = ((SOAPMessageContext) msgContext).getMessage(); SOAPEnvelope envelope; try { envelope = sm.getSOAPPart().getEnvelope(); SOAPBodyElement rst = (SOAPBodyElement) Util .findElement(envelope, new QName(WSTrustConstants.BASE_NAMESPACE, WSTrustConstants.RST)); if (rst != null) { rst.addChildElement(createUsernameToken(username)); } } catch (SOAPException e) { logger.jbossWSUnableToCreateBinaryToken(e); } if (logger.isTraceEnabled()) { logger.trace("SOAPMessage(SamlRequestSecurityTokenHandler)=" + SOAPUtil.soapMessageAsString(sm)); } return true; }
@Override protected boolean handleInbound(MessageContext msgContext) { String username = getUserPrincipalName(msgContext); SOAPMessage sm = ((SOAPMessageContext) msgContext).getMessage(); SOAPEnvelope envelope; try { envelope = sm.getSOAPPart().getEnvelope(); SOAPBodyElement rst = (SOAPBodyElement) Util .findElement(envelope, new QName(WSTrustConstants.BASE_NAMESPACE, WSTrustConstants.RST)); if (rst != null) { rst.addChildElement(createUsernameToken(username)); } } catch (SOAPException e) { logger.jbossWSUnableToCreateBinaryToken(e); } if (logger.isTraceEnabled()) { logger.trace("SOAPMessage(SamlRequestSecurityTokenHandler)=" + SOAPUtil.soapMessageAsString(sm)); } return true; }
/** * Read a {@code SAML2Object} from an input stream * * @param is * * @return * * @throws ParsingException * @throws ConfigurationException * @throws ProcessingException */ public SAML2Object getSAML2ObjectFromStream(InputStream is) throws ParsingException, ConfigurationException, ProcessingException { if (is == null) throw logger.nullArgumentError("InputStream"); Document samlResponseDocument = DocumentUtil.getDocument(is); if (logger.isTraceEnabled()) { logger.trace("SAML Response Document: " + DocumentUtil.asString(samlResponseDocument)); } SAMLParser samlParser = new SAMLParser(); JAXPValidationUtil.checkSchemaValidation(samlResponseDocument); InputStream responseStream = DocumentUtil.getNodeAsStream(samlResponseDocument); SAML2Object responseType = (SAML2Object) samlParser.parse(responseStream); samlDocumentHolder = new SAMLDocumentHolder(responseType, samlResponseDocument); return responseType; }