| /** |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| package org.apache.hadoop.gateway.picketlink.deploy; |
| |
| import java.util.ArrayList; |
| import java.util.List; |
| import java.util.Map; |
| import java.util.Map.Entry; |
| |
| import org.apache.hadoop.gateway.deploy.DeploymentContext; |
| import org.apache.hadoop.gateway.deploy.ProviderDeploymentContributorBase; |
| import org.apache.hadoop.gateway.descriptor.FilterParamDescriptor; |
| import org.apache.hadoop.gateway.descriptor.ResourceDescriptor; |
| import org.apache.hadoop.gateway.services.security.AliasService; |
| import org.apache.hadoop.gateway.services.security.MasterService; |
| import org.apache.hadoop.gateway.topology.Provider; |
| import org.apache.hadoop.gateway.topology.Service; |
| import org.jboss.shrinkwrap.api.asset.StringAsset; |
| import org.picketlink.identity.federation.web.filters.ServiceProviderContextInitializer; |
| |
| public class PicketlinkFederationProviderContributor extends |
| ProviderDeploymentContributorBase { |
| private static final String ROLE = "federation"; |
| private static final String NAME = "Picketlink"; |
| private static final String PICKETLINK_FILTER_CLASSNAME = "org.picketlink.identity.federation.web.filters.SPFilter"; |
| private static final String CAPTURE_URL_FILTER_CLASSNAME = "org.apache.hadoop.gateway.picketlink.filter.CaptureOriginalURLFilter"; |
| private static final String IDENTITY_ADAPTER_CLASSNAME = "org.apache.hadoop.gateway.picketlink.filter.PicketlinkIdentityAdapter"; |
| private static final String IDENTITY_URL_PARAM = "identity.url"; |
| private static final String SERVICE_URL_PARAM = "service.url"; |
| private static final String KEYSTORE_URL_PARAM = "keystore.url"; |
| private static final String SIGNINGKEY_ALIAS = "gateway-identity"; |
| private static final String VALIDATING_ALIAS_KEY = "validating.alias.key"; |
| private static final String VALIDATING_ALIAS_VALUE = "validating.alias.value"; |
| private static final String CLOCK_SKEW_MILIS = "clock.skew.milis"; |
| |
| private MasterService ms = null; |
| private AliasService as = null; |
| |
| @Override |
| public String getRole() { |
| return ROLE; |
| } |
| |
| @Override |
| public String getName() { |
| return NAME; |
| } |
| |
| public void setMasterService(MasterService ms) { |
| this.ms = ms; |
| } |
| |
| public void setAliasService(AliasService as) { |
| this.as = as; |
| } |
| |
| @Override |
| public void initializeContribution(DeploymentContext context) { |
| super.initializeContribution(context); |
| } |
| |
| @Override |
| public void contributeProvider(DeploymentContext context, Provider provider) { |
| // LJM TODO: consider creating a picketlink configuration provider to |
| // handle the keystore secrets without putting them in a config file directly. |
| // Once that is done then we can remove the unneeded gateway services from those |
| // that are available to providers. |
| context.getWebAppDescriptor().createListener().listenerClass( ServiceProviderContextInitializer.class.getName()); |
| |
| PicketlinkConf config = new PicketlinkConf( ); |
| Map<String,String> params = provider.getParams(); |
| config.setIdentityURL(params.get(IDENTITY_URL_PARAM)); |
| config.setServiceURL(params.get(SERVICE_URL_PARAM)); |
| config.setKeystoreURL(params.get(KEYSTORE_URL_PARAM)); |
| if (ms != null) { |
| config.setKeystorePass(new String(ms.getMasterSecret())); |
| } |
| config.setSigningKeyAlias(SIGNINGKEY_ALIAS); |
| if (as != null) { |
| config.setSigningKeyPass(new String(as.getPasswordFromAliasForGateway("gateway-identity-passphrase"))); |
| } |
| config.setValidatingAliasKey(params.get(VALIDATING_ALIAS_KEY)); |
| config.setValidatingAliasValue(params.get(VALIDATING_ALIAS_VALUE)); |
| config.setClockSkewMilis(params.get(CLOCK_SKEW_MILIS)); |
| String configStr = config.toString(); |
| if( config != null ) { |
| context.getWebArchive().addAsWebInfResource( new StringAsset( configStr ), "picketlink.xml" ); |
| } |
| } |
| |
| @Override |
| public void contributeFilter(DeploymentContext context, Provider provider, Service service, |
| ResourceDescriptor resource, List<FilterParamDescriptor> params) { |
| // blindly add all the provider params as filter init params |
| if (params == null) { |
| params = new ArrayList<FilterParamDescriptor>(); |
| } |
| Map<String, String> providerParams = provider.getParams(); |
| for(Entry<String, String> entry : providerParams.entrySet()) { |
| params.add( resource.createFilterParam().name( entry.getKey().toLowerCase() ).value( entry.getValue() ) ); |
| } |
| resource.addFilter().name( getName() ).role( getRole() ).impl( CAPTURE_URL_FILTER_CLASSNAME ).params( params ); |
| resource.addFilter().name( getName() ).role( getRole() ).impl( PICKETLINK_FILTER_CLASSNAME ).params( params ); |
| resource.addFilter().name( getName() ).role( getRole() ).impl( IDENTITY_ADAPTER_CLASSNAME ).params( params ); |
| } |
| |
| } |