gateway-provider-security-picketlink/src/main/java/org/apache/hadoop/gateway/picketlink/deploy/PicketlinkFederationProviderContributor.java - knox - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.hadoop.gateway.picketlink.deploy;

 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;

 import org.apache.hadoop.gateway.deploy.DeploymentContext;
 import org.apache.hadoop.gateway.deploy.ProviderDeploymentContributorBase;
 import org.apache.hadoop.gateway.descriptor.FilterParamDescriptor;
 import org.apache.hadoop.gateway.descriptor.ResourceDescriptor;
 import org.apache.hadoop.gateway.services.security.AliasService;
 import org.apache.hadoop.gateway.services.security.MasterService;
 import org.apache.hadoop.gateway.topology.Provider;
 import org.apache.hadoop.gateway.topology.Service;
 import org.jboss.shrinkwrap.api.asset.StringAsset;
 import org.picketlink.identity.federation.web.filters.ServiceProviderContextInitializer;

 public class PicketlinkFederationProviderContributor extends
     ProviderDeploymentContributorBase {
   private static final String ROLE = "federation";
   private static final String NAME = "Picketlink";
   private static final String PICKETLINK_FILTER_CLASSNAME = "org.picketlink.identity.federation.web.filters.SPFilter";
   private static final String CAPTURE_URL_FILTER_CLASSNAME = "org.apache.hadoop.gateway.picketlink.filter.CaptureOriginalURLFilter";
   private static final String IDENTITY_ADAPTER_CLASSNAME = "org.apache.hadoop.gateway.picketlink.filter.PicketlinkIdentityAdapter";
   private static final String IDENTITY_URL_PARAM = "identity.url";
   private static final String SERVICE_URL_PARAM = "service.url";
   private static final String KEYSTORE_URL_PARAM = "keystore.url";
   private static final String SIGNINGKEY_ALIAS = "gateway-identity";
   private static final String VALIDATING_ALIAS_KEY = "validating.alias.key";
   private static final String VALIDATING_ALIAS_VALUE = "validating.alias.value";
   private static final String CLOCK_SKEW_MILIS = "clock.skew.milis";

   private MasterService ms = null;
   private AliasService as = null;

   @Override
   public String getRole() {
     return ROLE;
   }

   @Override
   public String getName() {
     return NAME;
   }

   public void setMasterService(MasterService ms) {
     this.ms = ms;
   }

   public void setAliasService(AliasService as) {
     this.as = as;
   }

   @Override
   public void initializeContribution(DeploymentContext context) {
     super.initializeContribution(context);
   }

   @Override
   public void contributeProvider(DeploymentContext context, Provider provider) {
     // LJM TODO: consider creating a picketlink configuration provider to
     // handle the keystore secrets without putting them in a config file directly.
     // Once that is done then we can remove the unneeded gateway services from those
     // that are available to providers.
     context.getWebAppDescriptor().createListener().listenerClass( ServiceProviderContextInitializer.class.getName());

     PicketlinkConf config = new PicketlinkConf( );
     Map<String,String> params = provider.getParams();
     config.setIdentityURL(params.get(IDENTITY_URL_PARAM));
     config.setServiceURL(params.get(SERVICE_URL_PARAM));
     config.setKeystoreURL(params.get(KEYSTORE_URL_PARAM));
     if (ms != null) {
       config.setKeystorePass(new String(ms.getMasterSecret()));
     }
     config.setSigningKeyAlias(SIGNINGKEY_ALIAS);
     if (as != null) {
       config.setSigningKeyPass(new String(as.getPasswordFromAliasForGateway("gateway-identity-passphrase")));
     }
     config.setValidatingAliasKey(params.get(VALIDATING_ALIAS_KEY));
     config.setValidatingAliasValue(params.get(VALIDATING_ALIAS_VALUE));
     config.setClockSkewMilis(params.get(CLOCK_SKEW_MILIS));
     String configStr = config.toString();
     if( config != null ) {
       context.getWebArchive().addAsWebInfResource( new StringAsset( configStr ), "picketlink.xml" );
     }
   }

   @Override
   public void contributeFilter(DeploymentContext context, Provider provider, Service service,
       ResourceDescriptor resource, List<FilterParamDescriptor> params) {
     // blindly add all the provider params as filter init params
     if (params == null) {
       params = new ArrayList<FilterParamDescriptor>();
     }
     Map<String, String> providerParams = provider.getParams();
     for(Entry<String, String> entry : providerParams.entrySet()) {
       params.add( resource.createFilterParam().name( entry.getKey().toLowerCase() ).value( entry.getValue() ) );
     }
     resource.addFilter().name( getName() ).role( getRole() ).impl( CAPTURE_URL_FILTER_CLASSNAME ).params( params );
     resource.addFilter().name( getName() ).role( getRole() ).impl( PICKETLINK_FILTER_CLASSNAME ).params( params );
     resource.addFilter().name( getName() ).role( getRole() ).impl( IDENTITY_ADAPTER_CLASSNAME ).params( params );
   }

 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.hadoop.gateway.picketlink.deploy;

	import java.util.ArrayList;
	import java.util.List;
	import java.util.Map;
	import java.util.Map.Entry;

	import org.apache.hadoop.gateway.deploy.DeploymentContext;
	import org.apache.hadoop.gateway.deploy.ProviderDeploymentContributorBase;
	import org.apache.hadoop.gateway.descriptor.FilterParamDescriptor;
	import org.apache.hadoop.gateway.descriptor.ResourceDescriptor;
	import org.apache.hadoop.gateway.services.security.AliasService;
	import org.apache.hadoop.gateway.services.security.MasterService;
	import org.apache.hadoop.gateway.topology.Provider;
	import org.apache.hadoop.gateway.topology.Service;
	import org.jboss.shrinkwrap.api.asset.StringAsset;
	import org.picketlink.identity.federation.web.filters.ServiceProviderContextInitializer;

	public class PicketlinkFederationProviderContributor extends
	ProviderDeploymentContributorBase {
	private static final String ROLE = "federation";
	private static final String NAME = "Picketlink";
	private static final String PICKETLINK_FILTER_CLASSNAME = "org.picketlink.identity.federation.web.filters.SPFilter";
	private static final String CAPTURE_URL_FILTER_CLASSNAME = "org.apache.hadoop.gateway.picketlink.filter.CaptureOriginalURLFilter";
	private static final String IDENTITY_ADAPTER_CLASSNAME = "org.apache.hadoop.gateway.picketlink.filter.PicketlinkIdentityAdapter";
	private static final String IDENTITY_URL_PARAM = "identity.url";
	private static final String SERVICE_URL_PARAM = "service.url";
	private static final String KEYSTORE_URL_PARAM = "keystore.url";
	private static final String SIGNINGKEY_ALIAS = "gateway-identity";
	private static final String VALIDATING_ALIAS_KEY = "validating.alias.key";
	private static final String VALIDATING_ALIAS_VALUE = "validating.alias.value";
	private static final String CLOCK_SKEW_MILIS = "clock.skew.milis";

	private MasterService ms = null;
	private AliasService as = null;

	@Override
	public String getRole() {
	return ROLE;
	}

	@Override
	public String getName() {
	return NAME;
	}

	public void setMasterService(MasterService ms) {
	this.ms = ms;
	}

	public void setAliasService(AliasService as) {
	this.as = as;
	}

	@Override
	public void initializeContribution(DeploymentContext context) {
	super.initializeContribution(context);
	}

	@Override
	public void contributeProvider(DeploymentContext context, Provider provider) {
	// LJM TODO: consider creating a picketlink configuration provider to
	// handle the keystore secrets without putting them in a config file directly.
	// Once that is done then we can remove the unneeded gateway services from those
	// that are available to providers.
	context.getWebAppDescriptor().createListener().listenerClass( ServiceProviderContextInitializer.class.getName());

	PicketlinkConf config = new PicketlinkConf( );
	Map<String,String> params = provider.getParams();
	config.setIdentityURL(params.get(IDENTITY_URL_PARAM));
	config.setServiceURL(params.get(SERVICE_URL_PARAM));
	config.setKeystoreURL(params.get(KEYSTORE_URL_PARAM));
	if (ms != null) {
	config.setKeystorePass(new String(ms.getMasterSecret()));
	}
	config.setSigningKeyAlias(SIGNINGKEY_ALIAS);
	if (as != null) {
	config.setSigningKeyPass(new String(as.getPasswordFromAliasForGateway("gateway-identity-passphrase")));
	}
	config.setValidatingAliasKey(params.get(VALIDATING_ALIAS_KEY));
	config.setValidatingAliasValue(params.get(VALIDATING_ALIAS_VALUE));
	config.setClockSkewMilis(params.get(CLOCK_SKEW_MILIS));
	String configStr = config.toString();
	if( config != null ) {
	context.getWebArchive().addAsWebInfResource( new StringAsset( configStr ), "picketlink.xml" );
	}
	}

	@Override
	public void contributeFilter(DeploymentContext context, Provider provider, Service service,
	ResourceDescriptor resource, List<FilterParamDescriptor> params) {
	// blindly add all the provider params as filter init params
	if (params == null) {
	params = new ArrayList<FilterParamDescriptor>();
	}
	Map<String, String> providerParams = provider.getParams();
	for(Entry<String, String> entry : providerParams.entrySet()) {
	params.add( resource.createFilterParam().name( entry.getKey().toLowerCase() ).value( entry.getValue() ) );
	}
	resource.addFilter().name( getName() ).role( getRole() ).impl( CAPTURE_URL_FILTER_CLASSNAME ).params( params );
	resource.addFilter().name( getName() ).role( getRole() ).impl( PICKETLINK_FILTER_CLASSNAME ).params( params );
	resource.addFilter().name( getName() ).role( getRole() ).impl( IDENTITY_ADAPTER_CLASSNAME ).params( params );
	}

	}