diff --git a/components/agents/org.wso2.carbon.identity.entitlement.filter/pom.xml b/components/agents/org.wso2.carbon.identity.entitlement.filter/pom.xml index e037be3088..cc0b9971aa 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.filter/pom.xml +++ b/components/agents/org.wso2.carbon.identity.entitlement.filter/pom.xml @@ -1,27 +1,29 @@ org.wso2.carbon.identity agents - 4.4.2-SNAPSHOT + 4.5.6-SNAPSHOT ../pom.xml diff --git a/components/agents/org.wso2.carbon.identity.entitlement.filter/src/main/java/org/wso2/carbon/identity/entitlement/filter/EntitlementCacheUpdateServlet.java b/components/agents/org.wso2.carbon.identity.entitlement.filter/src/main/java/org/wso2/carbon/identity/entitlement/filter/EntitlementCacheUpdateServlet.java index 064e4ed681..56264a14ea 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.filter/src/main/java/org/wso2/carbon/identity/entitlement/filter/EntitlementCacheUpdateServlet.java +++ b/components/agents/org.wso2.carbon.identity.entitlement.filter/src/main/java/org/wso2/carbon/identity/entitlement/filter/EntitlementCacheUpdateServlet.java @@ -1,12 +1,12 @@ /* - * Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an @@ -14,7 +14,9 @@ * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. + * */ + package org.wso2.carbon.identity.entitlement.filter; import org.apache.axiom.util.base64.Base64Utils; @@ -28,6 +30,7 @@ import org.apache.commons.logging.LogFactory; import org.wso2.carbon.authenticator.stub.AuthenticationAdminStub; import org.wso2.carbon.authenticator.stub.LoginAuthenticationExceptionException; +import org.wso2.carbon.identity.entitlement.filter.exception.EntitlementCacheUpdateServletDataHolder; import org.wso2.carbon.identity.entitlement.filter.exception.EntitlementCacheUpdateServletException; import javax.servlet.RequestDispatcher; @@ -37,6 +40,7 @@ import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.io.InputStream; +import java.nio.charset.Charset; import java.util.NoSuchElementException; import java.util.Scanner; @@ -44,61 +48,69 @@ public class EntitlementCacheUpdateServlet extends HttpServlet { private static final Log log = LogFactory.getLog(EntitlementCacheUpdateServlet.class); - private String httpsPort; - private ConfigurationContext configCtx; - private String remoteServiceUserName; - private String remoteServicePassword; - private String remoteServiceUrl; - private String authCookie; - private ServletConfig servletConfig; - private String authentication; - private String authenticationPage; - private String authenticationPageURL; + private static final String USERNAME_STRING = "username"; + private static final String PSWD_STRING = "password"; + private static final String NULL_STRING = "null"; + private static final String ADMIN = "AuthenticationAdmin"; + private static final String UPDATE_CACHE = "/updateCacheAuth.do"; + private static final String SUBJECT_SCOPE = "subjectScope"; + private static final String UPDATE_CACHE_HTML = "/updateCache.html"; + + @Override public void init(ServletConfig config) throws EntitlementCacheUpdateServletException { - servletConfig = config; + EntitlementCacheUpdateServletDataHolder.getInstance().setServletConfig(config); try { - configCtx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null); + EntitlementCacheUpdateServletDataHolder.getInstance().setConfigCtx(ConfigurationContextFactory + .createConfigurationContextFromFileSystem(null, null)); } catch (AxisFault e) { log.error("Error while initializing Configuration Context", e); throw new EntitlementCacheUpdateServletException("Error while initializing Configuration Context", e); } - httpsPort = config.getInitParameter(EntitlementConstants.HTTPS_PORT); - authentication = config.getInitParameter(EntitlementConstants.AUTHENTICATION); - remoteServiceUrl = config.getServletContext().getInitParameter(EntitlementConstants.REMOTE_SERVICE_URL); - remoteServiceUserName = config.getServletContext().getInitParameter(EntitlementConstants.USERNAME); - remoteServicePassword = config.getServletContext().getInitParameter(EntitlementConstants.PASSWORD); - authenticationPage = config.getInitParameter(EntitlementConstants.AUTHENTICATION_PAGE); - authenticationPageURL = config.getInitParameter(EntitlementConstants.AUTHENTICATION_PAGE_URL); - } + EntitlementCacheUpdateServletDataHolder.getInstance().setHttpsPort(config.getInitParameter(EntitlementConstants.HTTPS_PORT)); + EntitlementCacheUpdateServletDataHolder.getInstance().setAuthentication(config.getInitParameter(EntitlementConstants.AUTHENTICATION)); + EntitlementCacheUpdateServletDataHolder.getInstance().setRemoteServiceUrl(config.getServletContext().getInitParameter(EntitlementConstants.REMOTE_SERVICE_URL)); + EntitlementCacheUpdateServletDataHolder.getInstance().setRemoteServiceUserName(config.getServletContext().getInitParameter(EntitlementConstants.USERNAME)); + EntitlementCacheUpdateServletDataHolder.getInstance().setRemoteServicePassword(config.getServletContext().getInitParameter(EntitlementConstants.PASSWORD)); + EntitlementCacheUpdateServletDataHolder.getInstance().setAuthenticationPage(config.getInitParameter(EntitlementConstants.AUTHENTICATION_PAGE)); + EntitlementCacheUpdateServletDataHolder.getInstance().setAuthenticationPageURL(config.getInitParameter(EntitlementConstants.AUTHENTICATION_PAGE_URL)); + } + + @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws EntitlementCacheUpdateServletException { doPost(req, resp); } + @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws EntitlementCacheUpdateServletException { if (!req.isSecure()) { redirectToHTTPS(req, resp); - } else if (req.getParameter("username") != null && req.getParameter("password") != null - && !req.getParameter("username").equals("null") && !req.getParameter("password").equals("null")) { + } else if (req.getParameter(USERNAME_STRING) != null && req.getParameter(PSWD_STRING) != null + && !NULL_STRING.equals(req.getParameter(USERNAME_STRING)) && !NULL_STRING.equals(req.getParameter(PSWD_STRING) + )) { doAuthentication(req, resp); } else { - if (req.getParameter("username") == null) { - log.info("\'username\' parameter not available in request. Redirecting to " + authenticationPageURL); + if (req.getParameter(USERNAME_STRING) == null) { + log.info("\'username\' parameter not available in request. Redirecting to " + + EntitlementCacheUpdateServletDataHolder.getInstance().getAuthenticationPageURL()); } - if (req.getParameter("password") == null) { - log.info("\'password\' parameter not available in request. Redirecting to " + authenticationPageURL); + if (req.getParameter(PSWD_STRING) == null) { + log.info("\'password\' parameter not available in request. Redirecting to " + + EntitlementCacheUpdateServletDataHolder.getInstance().getAuthenticationPageURL()); } - if (req.getParameter("username") != null && req.getParameter("username").equals("null")) { - log.info("\'username\' is empty in request. Redirecting to " + authenticationPageURL); + if (req.getParameter(USERNAME_STRING) != null && NULL_STRING.equals(req.getParameter(USERNAME_STRING))) { + log.info("\'username\' is empty in request. Redirecting to " + EntitlementCacheUpdateServletDataHolder + .getInstance().getAuthenticationPageURL()); } - if (req.getParameter("password") != null && req.getParameter("password").equals("null")) { - log.info("\'password\' is empty in request. Redirecting to " + authenticationPageURL); + if (req.getParameter(PSWD_STRING) != null && NULL_STRING.equals(req.getParameter(PSWD_STRING))) { + log.info("\'password\' is empty in request. Redirecting to " + + EntitlementCacheUpdateServletDataHolder.getInstance().getAuthenticationPageURL()); } showAuthPage(req, resp); } @@ -108,11 +120,17 @@ private boolean authenticate(String userName, String password, String remoteIp) throws EntitlementCacheUpdateServletException { boolean isAuthenticated = false; + String authentication = EntitlementCacheUpdateServletDataHolder.getInstance().getAuthentication(); + String remoteServiceUrl = EntitlementCacheUpdateServletDataHolder.getInstance().getRemoteServiceUrl(); + ConfigurationContext configCtx = EntitlementCacheUpdateServletDataHolder.getInstance().getConfigCtx(); + String authCookie = EntitlementCacheUpdateServletDataHolder.getInstance().getAuthCookie(); + String remoteServiceUserName = EntitlementCacheUpdateServletDataHolder.getInstance().getRemoteServiceUserName(); + String remoteServicePassword = EntitlementCacheUpdateServletDataHolder.getInstance().getRemoteServicePassword(); if (authentication.equals(EntitlementConstants.WSO2_IS)) { AuthenticationAdminStub authStub; - String authenticationAdminServiceURL = remoteServiceUrl + "AuthenticationAdmin"; + String authenticationAdminServiceURL = remoteServiceUrl + ADMIN; try { authStub = new AuthenticationAdminStub(configCtx, authenticationAdminServiceURL); ServiceClient client = authStub._getServiceClient(); @@ -120,10 +138,14 @@ private boolean authenticate(String userName, String password, String remoteIp) options.setManageSession(true); options.setProperty(org.apache.axis2.transport.http.HTTPConstants.COOKIE_STRING, authCookie); isAuthenticated = authStub.login(userName, password, remoteIp); - authCookie = (String) authStub._getServiceClient().getServiceContext() - .getProperty(HTTPConstants.COOKIE_STRING); + EntitlementCacheUpdateServletDataHolder.getInstance().setAuthCookie((String) authStub._getServiceClient() + .getServiceContext() + .getProperty(HTTPConstants.COOKIE_STRING)); } catch (LoginAuthenticationExceptionException e) { log.info(userName + " not authenticated to perform entitlement query to perform cache update"); + if (log.isDebugEnabled()) { + log.debug("Login Authentication Exception Occurred ", e); + } } catch (Exception e) { throw new EntitlementCacheUpdateServletException("Error while trying to authenticate" + " with AuthenticationAdmin", e); @@ -149,6 +171,9 @@ private String convertStreamToString(InputStream is) { try { return new Scanner(is).useDelimiter("\\A").next(); } catch (NoSuchElementException e) { + if (log.isDebugEnabled()) { + log.debug("No such element: ", e); + } return ""; } } @@ -157,7 +182,8 @@ private void redirectToHTTPS(HttpServletRequest req, HttpServletResponse resp) t String serverName = req.getServerName(); String contextPath = req.getContextPath(); String servletPath = req.getServletPath(); - String redirectURL = "https://" + serverName + ":" + httpsPort + contextPath + String redirectURL = "https://" + serverName + ":" + EntitlementCacheUpdateServletDataHolder.getInstance().getHttpsPort() + + contextPath + servletPath; try { resp.sendRedirect(redirectURL); @@ -168,19 +194,21 @@ private void redirectToHTTPS(HttpServletRequest req, HttpServletResponse resp) t } private void doAuthentication(HttpServletRequest req, HttpServletResponse resp) throws EntitlementCacheUpdateServletException { - String username = req.getParameter("username"); - String password = req.getParameter("password"); + String username = req.getParameter(USERNAME_STRING); + String password = req.getParameter(PSWD_STRING); String remoteIp = req.getServerName(); if (authenticate(username, password, remoteIp)) { - RequestDispatcher requestDispatcher = req.getRequestDispatcher("/updateCacheAuth.do"); - String subjectScope = servletConfig.getServletContext().getInitParameter("subjectScope"); - String subjectAttributeName = servletConfig.getServletContext().getInitParameter("subjectAttributeName"); + RequestDispatcher requestDispatcher = req.getRequestDispatcher(UPDATE_CACHE); + String subjectScope = EntitlementCacheUpdateServletDataHolder.getInstance().getServletConfig().getServletContext() + .getInitParameter(SUBJECT_SCOPE); + String subjectAttributeName = EntitlementCacheUpdateServletDataHolder.getInstance().getServletConfig().getServletContext() + .getInitParameter("subjectAttributeName"); if (subjectScope.equals(EntitlementConstants.REQUEST_PARAM)) { - requestDispatcher = req.getRequestDispatcher("/updateCacheAuth.do?" + subjectAttributeName + "=" + username); + requestDispatcher = req.getRequestDispatcher(UPDATE_CACHE + "?" + subjectAttributeName + "=" + username); } else if (subjectScope.equals(EntitlementConstants.REQUEST_ATTIBUTE)) { @@ -192,7 +220,7 @@ private void doAuthentication(HttpServletRequest req, HttpServletResponse resp) } else { - resp.setHeader("Authorization", Base64Utils.encode((username + ":" + password).getBytes())); + resp.setHeader("Authorization", Base64Utils.encode((username + ":" + password).getBytes(Charset.forName("UTF-8")))); } try { @@ -208,9 +236,9 @@ private void doAuthentication(HttpServletRequest req, HttpServletResponse resp) } private void showAuthPage(HttpServletRequest req, HttpServletResponse resp) throws EntitlementCacheUpdateServletException { - if (authenticationPage.equals("default")) { + if ("default".equals(EntitlementCacheUpdateServletDataHolder.getInstance().getAuthenticationPage())) { - InputStream is = getClass().getResourceAsStream("/updateCache.html"); + InputStream is = getClass().getResourceAsStream(UPDATE_CACHE_HTML); String updateCache = convertStreamToString(is); try { resp.getWriter().print(updateCache); @@ -219,19 +247,23 @@ private void showAuthPage(HttpServletRequest req, HttpServletResponse resp) thro throw new EntitlementCacheUpdateServletException("Error occurred while writing" + " /updateCache.html page to OutputStream" + e); } - } else if (authenticationPage.equals("custom")) { + } else if ("custom".equals(EntitlementCacheUpdateServletDataHolder.getInstance().getAuthenticationPage())) { try { - req.getRequestDispatcher(authenticationPageURL).forward(req, resp); + req.getRequestDispatcher(EntitlementCacheUpdateServletDataHolder.getInstance().getAuthenticationPageURL()).forward(req, resp); } catch (Exception e) { - log.error("Error occurred while dispatching request to " + authenticationPageURL, e); + log.error("Error occurred while dispatching request to " + EntitlementCacheUpdateServletDataHolder + .getInstance().getAuthenticationPageURL(), + e); throw new EntitlementCacheUpdateServletException("Error occurred while dispatching" - + " request to " + authenticationPageURL, e); + + " request to " + EntitlementCacheUpdateServletDataHolder.getInstance().getAuthenticationPageURL(), e); } } else { - throw new EntitlementCacheUpdateServletException(authenticationPage + " is an invalid" + throw new EntitlementCacheUpdateServletException(EntitlementCacheUpdateServletDataHolder.getInstance().getAuthenticationPage() + + " is an " + + "invalid" + " configuration for authenticationPage parameter in web.xml. Valid" + " configurations are 'default' and 'custom'"); diff --git a/components/agents/org.wso2.carbon.identity.entitlement.filter/src/main/java/org/wso2/carbon/identity/entitlement/filter/EntitlementConstants.java b/components/agents/org.wso2.carbon.identity.entitlement.filter/src/main/java/org/wso2/carbon/identity/entitlement/filter/EntitlementConstants.java index 30ed4f2ec2..1738a298e3 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.filter/src/main/java/org/wso2/carbon/identity/entitlement/filter/EntitlementConstants.java +++ b/components/agents/org.wso2.carbon.identity.entitlement.filter/src/main/java/org/wso2/carbon/identity/entitlement/filter/EntitlementConstants.java @@ -1,12 +1,12 @@ /* - * Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an @@ -14,11 +14,14 @@ * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. + * */ + package org.wso2.carbon.identity.entitlement.filter; public class EntitlementConstants { + public static final String CLIENT = "client"; public static final String SERVER_URL = "serverUrl"; @@ -93,4 +96,9 @@ public class EntitlementConstants { public static final String defaultThriftPort = "10500"; + + private EntitlementConstants(){ + + } + } diff --git a/components/agents/org.wso2.carbon.identity.entitlement.filter/src/main/java/org/wso2/carbon/identity/entitlement/filter/EntitlementFilter.java b/components/agents/org.wso2.carbon.identity.entitlement.filter/src/main/java/org/wso2/carbon/identity/entitlement/filter/EntitlementFilter.java index 1a74be1562..9228b0c83e 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.filter/src/main/java/org/wso2/carbon/identity/entitlement/filter/EntitlementFilter.java +++ b/components/agents/org.wso2.carbon.identity.entitlement.filter/src/main/java/org/wso2/carbon/identity/entitlement/filter/EntitlementFilter.java @@ -1,12 +1,12 @@ /* - * Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an @@ -14,7 +14,9 @@ * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. + * */ + package org.wso2.carbon.identity.entitlement.filter; @@ -29,7 +31,11 @@ import org.wso2.carbon.identity.entitlement.proxy.PEPProxyConfig; import org.wso2.carbon.identity.entitlement.proxy.exception.EntitlementProxyException; -import javax.servlet.*; +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.xml.namespace.QName; import java.util.HashMap; @@ -40,7 +46,6 @@ public class EntitlementFilter implements Filter { private static final Log log = LogFactory.getLog(EntitlementFilter.class); - private FilterConfig filterConfig = null; private PEPProxy pepProxy; private String client; private String remoteServiceUrl; @@ -63,7 +68,6 @@ public class EntitlementFilter implements Filter { @Override public void init(FilterConfig filterConfig) throws EntitlementFilterException { - this.filterConfig = filterConfig; //This Attributes are mandatory So have to be specified in the web.xml authRedirectURL = filterConfig.getInitParameter(EntitlementConstants.AUTH_REDIRECT_URL); @@ -111,40 +115,40 @@ public void init(FilterConfig filterConfig) throws EntitlementFilterException { thriftPort = EntitlementConstants.defaultThriftPort; } - //Initializing the PDP Proxy - //If you are not using a WSO2 product please uncomment these lines to use provided keystore - //System.setProperty("javax.net.ssl.trustStore","wso2carbon.jks"); - //System.setProperty("javax.net.ssl.trustStorePassword", "wso2carbon"); + Map> appToPDPClientConfigMap = new HashMap>(); Map clientConfigMap = new HashMap(); - if (client != null && client.equals(EntitlementConstants.SOAP)) { - clientConfigMap.put(EntitlementConstants.CLIENT, client); - clientConfigMap.put(EntitlementConstants.SERVER_URL, remoteServiceUrl); - clientConfigMap.put(EntitlementConstants.USERNAME, remoteServiceUserName); - clientConfigMap.put(EntitlementConstants.PASSWORD, remoteServicePassword); - clientConfigMap.put(EntitlementConstants.REUSE_SESSION, reuseSession); - } else if (client != null && client.equals(EntitlementConstants.BASIC_AUTH)) { - clientConfigMap.put(EntitlementConstants.CLIENT, client); - clientConfigMap.put(EntitlementConstants.SERVER_URL, remoteServiceUrl); - clientConfigMap.put(EntitlementConstants.USERNAME, remoteServiceUserName); - clientConfigMap.put(EntitlementConstants.PASSWORD, remoteServicePassword); - } else if (client != null && client.equals(EntitlementConstants.THRIFT)) { - clientConfigMap.put(EntitlementConstants.CLIENT, client); - clientConfigMap.put(EntitlementConstants.SERVER_URL, remoteServiceUrl); - clientConfigMap.put(EntitlementConstants.USERNAME, remoteServiceUserName); - clientConfigMap.put(EntitlementConstants.PASSWORD, remoteServicePassword); - clientConfigMap.put(EntitlementConstants.REUSE_SESSION, reuseSession); - clientConfigMap.put(EntitlementConstants.THRIFT_HOST, thriftHost); - clientConfigMap.put(EntitlementConstants.THRIFT_PORT, thriftPort); - } else if (client == null) { + + if(client!=null){ + if(client.equals(EntitlementConstants.SOAP)){ + clientConfigMap.put(EntitlementConstants.CLIENT, client); + clientConfigMap.put(EntitlementConstants.SERVER_URL, remoteServiceUrl); + clientConfigMap.put(EntitlementConstants.USERNAME, remoteServiceUserName); + clientConfigMap.put(EntitlementConstants.PASSWORD, remoteServicePassword); + clientConfigMap.put(EntitlementConstants.REUSE_SESSION, reuseSession); + } else if (client.equals(EntitlementConstants.BASIC_AUTH)) { + clientConfigMap.put(EntitlementConstants.CLIENT, client); + clientConfigMap.put(EntitlementConstants.SERVER_URL, remoteServiceUrl); + clientConfigMap.put(EntitlementConstants.USERNAME, remoteServiceUserName); + clientConfigMap.put(EntitlementConstants.PASSWORD, remoteServicePassword); + }else if (client.equals(EntitlementConstants.THRIFT)) { + clientConfigMap.put(EntitlementConstants.CLIENT, client); + clientConfigMap.put(EntitlementConstants.SERVER_URL, remoteServiceUrl); + clientConfigMap.put(EntitlementConstants.USERNAME, remoteServiceUserName); + clientConfigMap.put(EntitlementConstants.PASSWORD, remoteServicePassword); + clientConfigMap.put(EntitlementConstants.REUSE_SESSION, reuseSession); + clientConfigMap.put(EntitlementConstants.THRIFT_HOST, thriftHost); + clientConfigMap.put(EntitlementConstants.THRIFT_PORT, thriftPort); + }else { + throw new EntitlementFilterException("EntitlementMediator initialization error: Unsupported client"); + } + + }else { clientConfigMap.put(EntitlementConstants.SERVER_URL, remoteServiceUrl); clientConfigMap.put(EntitlementConstants.USERNAME, remoteServiceUserName); clientConfigMap.put(EntitlementConstants.PASSWORD, remoteServicePassword); - } else { - log.error("EntitlementMediator initialization error: Unsupported client"); - throw new EntitlementFilterException("EntitlementMediator initialization error: Unsupported client"); } appToPDPClientConfigMap.put("EntitlementMediator", clientConfigMap); @@ -153,8 +157,7 @@ public void init(FilterConfig filterConfig) throws EntitlementFilterException { try { pepProxy = new PEPProxy(config); } catch (EntitlementProxyException e) { - log.error("Error while initializing the PEP Proxy" + e); - throw new EntitlementFilterException("Error while initializing the Entitlement PEP Proxy"); + throw new EntitlementFilterException("Error while initializing the Entitlement PEP Proxy",e); } } @@ -190,17 +193,16 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo simpleDecision = decisionElement.getFirstChildWithName(new QName(namespace, "Result")). getFirstChildWithName(new QName(namespace, "Decision")).getText(); } catch (Exception e) { - e.printStackTrace(); - throw new EntitlementFilterException("Exception while making the decision : " + e); + + throw new EntitlementFilterException("Exception while making the decision " , e); } } - completeAuthorization(simpleDecision, servletRequest, servletResponse, filterConfig, filterChain); + completeAuthorization(simpleDecision, servletRequest, servletResponse, filterChain); } @Override public void destroy() { - filterConfig = null; pepProxy = null; client = null; remoteServiceUrl = null; @@ -240,7 +242,7 @@ private String findUserName(HttpServletRequest request, String subjectScope, + " \'" + EntitlementConstants.REQUEST_PARAM + "\', " + EntitlementConstants.REQUEST_ATTIBUTE + "\' and \'" + EntitlementConstants.SESSION + "\'"); } - if (subject == null || subject.equals("null")) { + if (subject == null || "null".equals(subject)) { log.error("Username not provided in " + subjectScope); throw new EntitlementFilterException("Username not provided in " + subjectScope); } @@ -256,7 +258,7 @@ private String findAction(HttpServletRequest request) { } private void completeAuthorization(String decision, ServletRequest servletRequest, - ServletResponse servletResponse, FilterConfig filterConfig, + ServletResponse servletResponse, FilterChain filterChain) throws EntitlementFilterException { try { diff --git a/components/agents/org.wso2.carbon.identity.entitlement.filter/src/main/java/org/wso2/carbon/identity/entitlement/filter/callback/BasicAuthCallBackHandler.java b/components/agents/org.wso2.carbon.identity.entitlement.filter/src/main/java/org/wso2/carbon/identity/entitlement/filter/callback/BasicAuthCallBackHandler.java index 93d63197ea..cfbfffd9f2 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.filter/src/main/java/org/wso2/carbon/identity/entitlement/filter/callback/BasicAuthCallBackHandler.java +++ b/components/agents/org.wso2.carbon.identity.entitlement.filter/src/main/java/org/wso2/carbon/identity/entitlement/filter/callback/BasicAuthCallBackHandler.java @@ -1,12 +1,12 @@ /* - * Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an @@ -15,26 +15,34 @@ * specific language governing permissions and limitations * under the License. */ + package org.wso2.carbon.identity.entitlement.filter.callback; import org.apache.commons.codec.binary.Base64; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; import org.wso2.carbon.identity.entitlement.filter.exception.EntitlementFilterException; import javax.servlet.http.HttpServletRequest; +import java.io.UnsupportedEncodingException; +import java.nio.charset.Charset; public class BasicAuthCallBackHandler extends EntitlementFilterCallBackHandler { - private static final Log log = LogFactory.getLog(BasicAuthCallBackHandler.class); + private static final String AUTHORIZATION = "Authorization"; + private static final String NULL_STRING = "null"; public BasicAuthCallBackHandler(HttpServletRequest request) throws EntitlementFilterException { String authHeaderEn = null; - if (!(request.getHeader("Authorization") == null || request.getHeader("Authorization").equals("null"))) { - authHeaderEn = request.getHeader("Authorization"); - String tempArr[] = authHeaderEn.split(" "); + if (!(request.getHeader(AUTHORIZATION) == null || NULL_STRING.equals(request.getHeader(AUTHORIZATION)))) { + authHeaderEn = request.getHeader(AUTHORIZATION); + String[] tempArr = authHeaderEn.split(" "); if (tempArr.length == 2) { - String authHeaderDc = new String(Base64.decodeBase64(tempArr[1].getBytes())); + String authHeaderDc = null; + try { + authHeaderDc = new String(Base64.decodeBase64(tempArr[1].getBytes(Charset.forName("UTF-8"))), + "UTF-8"); + } catch (UnsupportedEncodingException e) { + throw new EntitlementFilterException("authentication codec error", e); + } tempArr = authHeaderDc.split(":"); if (tempArr.length == 2) { setUserName(tempArr[0]); diff --git a/components/agents/org.wso2.carbon.identity.entitlement.filter/src/main/java/org/wso2/carbon/identity/entitlement/filter/callback/EntitlementFilterCallBackHandler.java b/components/agents/org.wso2.carbon.identity.entitlement.filter/src/main/java/org/wso2/carbon/identity/entitlement/filter/callback/EntitlementFilterCallBackHandler.java index 050c97cb2b..d652475fec 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.filter/src/main/java/org/wso2/carbon/identity/entitlement/filter/callback/EntitlementFilterCallBackHandler.java +++ b/components/agents/org.wso2.carbon.identity.entitlement.filter/src/main/java/org/wso2/carbon/identity/entitlement/filter/callback/EntitlementFilterCallBackHandler.java @@ -1,12 +1,12 @@ /* - * Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an @@ -14,7 +14,9 @@ * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. + * */ + package org.wso2.carbon.identity.entitlement.filter.callback; public class EntitlementFilterCallBackHandler { diff --git a/components/agents/org.wso2.carbon.identity.entitlement.filter/src/main/java/org/wso2/carbon/identity/entitlement/filter/exception/EntitlementCacheUpdateServletDataHolder.java b/components/agents/org.wso2.carbon.identity.entitlement.filter/src/main/java/org/wso2/carbon/identity/entitlement/filter/exception/EntitlementCacheUpdateServletDataHolder.java new file mode 100644 index 0000000000..889fd8e52e --- /dev/null +++ b/components/agents/org.wso2.carbon.identity.entitlement.filter/src/main/java/org/wso2/carbon/identity/entitlement/filter/exception/EntitlementCacheUpdateServletDataHolder.java @@ -0,0 +1,132 @@ +/* + * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ + +package org.wso2.carbon.identity.entitlement.filter.exception; + +import org.apache.axis2.context.ConfigurationContext; + +import javax.servlet.ServletConfig; + +public class EntitlementCacheUpdateServletDataHolder { + + + private static EntitlementCacheUpdateServletDataHolder instance = new EntitlementCacheUpdateServletDataHolder(); + + private String httpsPort; + private ConfigurationContext configCtx; + private String remoteServiceUserName; + private String remoteServicePassword; + private String remoteServiceUrl; + private String authCookie; + private ServletConfig servletConfig; + private String authentication; + private String authenticationPage; + private String authenticationPageURL; + + + public static EntitlementCacheUpdateServletDataHolder getInstance() { + return instance; + } + + public String getAuthenticationPageURL() { + return authenticationPageURL; + } + + public void setAuthenticationPageURL(String authPageURL) { + authenticationPageURL = authPageURL; + } + + + public String getAuthentication() { + return authentication; + } + + public void setAuthentication(String auth) { + authentication = auth; + } + + public ServletConfig getServletConfig() { + return servletConfig; + } + + public void setServletConfig(ServletConfig servletConfiguration) { + servletConfig = servletConfiguration; + } + + public String getAuthCookie() { + return authCookie; + } + + public void setAuthCookie(String authenticationCookie) { + authCookie = authenticationCookie; + } + + + public String getRemoteServiceUrl() { + return remoteServiceUrl; + } + + public void setRemoteServiceUrl(String remoteServiceURL) { + remoteServiceUrl = remoteServiceURL; + } + + + public String getRemoteServicePassword() { + return remoteServicePassword; + } + + public void setRemoteServicePassword(String remoteServicePswd) { + remoteServicePassword = remoteServicePswd; + } + + public String getRemoteServiceUserName() { + return remoteServiceUserName; + } + + public void setRemoteServiceUserName(String rmtServiceUserName) { + remoteServiceUserName = rmtServiceUserName; + } + + public String getAuthenticationPage() { + return authenticationPage; + } + + public void setAuthenticationPage(String authPage) { + authenticationPage = authPage; + } + + + public String getHttpsPort() { + return httpsPort; + } + + public void setHttpsPort(String httpsPortStr) { + httpsPort = httpsPortStr; + } + + + public ConfigurationContext getConfigCtx() { + return configCtx; + } + + public void setConfigCtx(ConfigurationContext configContext) { + configCtx = configContext; + } + +} diff --git a/components/agents/org.wso2.carbon.identity.entitlement.filter/src/main/java/org/wso2/carbon/identity/entitlement/filter/exception/EntitlementCacheUpdateServletException.java b/components/agents/org.wso2.carbon.identity.entitlement.filter/src/main/java/org/wso2/carbon/identity/entitlement/filter/exception/EntitlementCacheUpdateServletException.java index c402a44b78..92caee7c58 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.filter/src/main/java/org/wso2/carbon/identity/entitlement/filter/exception/EntitlementCacheUpdateServletException.java +++ b/components/agents/org.wso2.carbon.identity.entitlement.filter/src/main/java/org/wso2/carbon/identity/entitlement/filter/exception/EntitlementCacheUpdateServletException.java @@ -1,12 +1,12 @@ /* - * Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an @@ -14,7 +14,9 @@ * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. + * */ + package org.wso2.carbon.identity.entitlement.filter.exception; import javax.servlet.ServletException; diff --git a/components/agents/org.wso2.carbon.identity.entitlement.filter/src/main/java/org/wso2/carbon/identity/entitlement/filter/exception/EntitlementFilterException.java b/components/agents/org.wso2.carbon.identity.entitlement.filter/src/main/java/org/wso2/carbon/identity/entitlement/filter/exception/EntitlementFilterException.java index f733b491c9..aa04275c1b 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.filter/src/main/java/org/wso2/carbon/identity/entitlement/filter/exception/EntitlementFilterException.java +++ b/components/agents/org.wso2.carbon.identity.entitlement.filter/src/main/java/org/wso2/carbon/identity/entitlement/filter/exception/EntitlementFilterException.java @@ -1,12 +1,12 @@ /* - * Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an @@ -14,7 +14,9 @@ * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. + * */ + package org.wso2.carbon.identity.entitlement.filter.exception; import javax.servlet.ServletException; diff --git a/components/agents/org.wso2.carbon.identity.entitlement.proxy/pom.xml b/components/agents/org.wso2.carbon.identity.entitlement.proxy/pom.xml index 67fe42e5d6..ac3184ca02 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.proxy/pom.xml +++ b/components/agents/org.wso2.carbon.identity.entitlement.proxy/pom.xml @@ -1,25 +1,29 @@ + Copyright (c) 2011, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + + WSO2 Inc. licenses this file to you under the Apache License, + Version 2.0 (the "License"); you may not use this file except + in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + + + --> org.wso2.carbon.identity agents - 4.4.2-SNAPSHOT + 4.5.6-SNAPSHOT ../pom.xml @@ -112,8 +116,8 @@ libthrift - slf4j.wso2 - slf4j + org.slf4j + slf4j-api org.wso2.carbon @@ -158,7 +162,7 @@ ${project.artifactId} !javax.xml.namespace, - javax.xml.parsers, + javax.xml.parsers; resolution:=optional, javax.cache, javax.crypto, org.apache.axiom.om.*; version="${axiom.osgi.version.range}", @@ -167,11 +171,11 @@ org.apache.commons.logging.*; version="${commons-logging.osgi.version.range}", org.apache.commons.pool.*; version="${commons-pool.wso2.osgi.version.range}", org.apache.thrift.*; version="${libthrift.wso2.osgi.version.range}", - org.apache.xerces.util, + org.apache.xerces.util; resolution:=optional, org.apache.xml.security.*; version="${wss4j.xml.security.imp.pkg.version.range}", org.joda.time; version="${opensaml2.wso2.osgi.version.range}", org.opensaml.*; version="${opensaml2.wso2.osgi.version.range}", - org.slf4j; version="${slf4j.wso2.version.range}", + org.slf4j; version="${org.slf4j.imp.pkg.version.range}", org.w3c.dom.*, org.xml.sax, org.wso2.carbon.authenticator.stub.*; diff --git a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/AbstractEntitlementServiceClient.java b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/AbstractEntitlementServiceClient.java index d1c3e252ee..d96afefa8a 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/AbstractEntitlementServiceClient.java +++ b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/AbstractEntitlementServiceClient.java @@ -1,21 +1,23 @@ /* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. * - * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. */ + package org.wso2.carbon.identity.entitlement.proxy; import org.apache.axiom.om.OMElement; diff --git a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/Attribute.java b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/Attribute.java index b9c1fa19ab..552751a8b6 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/Attribute.java +++ b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/Attribute.java @@ -1,21 +1,23 @@ /* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. * - * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. */ + package org.wso2.carbon.identity.entitlement.proxy; public class Attribute { @@ -76,5 +78,17 @@ public int hashCode() { return result; } + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + + Attribute attribute = (Attribute) o; + if (!type.equals(attribute.type)) return false; + if (!id.equals(attribute.id)) return false; + if (!value.equals(attribute.value)) return false; + return category.equals(attribute.category); + + } } diff --git a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/IdentityCacheEntry.java b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/IdentityCacheEntry.java index e1adccdabf..536e29f896 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/IdentityCacheEntry.java +++ b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/IdentityCacheEntry.java @@ -1,20 +1,21 @@ /* -* Copyright (c) 2005-2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ package org.wso2.carbon.identity.entitlement.proxy; @@ -22,7 +23,6 @@ import java.security.Key; import java.util.Arrays; import java.util.Date; -//import java.util.Set; /** * Identity Cache entry which wraps the identity related cache entry values @@ -31,7 +31,6 @@ public class IdentityCacheEntry implements Serializable { private static final long serialVersionUID = 3746964700806693258L; private String cacheEntry; - // private Set cacheEntrySet; private String[] cacheEntryArray; private int hashEntry; private long cacheInterval; @@ -60,14 +59,14 @@ public IdentityCacheEntry(String[] cacheEntryArray) { this.cacheEntryArray = Arrays.copyOf(cacheEntryArray, cacheEntryArray.length); } -// public IdentityCacheEntry(Set cacheEntrySet) { -// this.cacheEntrySet = cacheEntrySet; -// } public IdentityCacheEntry(String cacheEntry, Key secretKey, Date date) { this.cacheEntry = cacheEntry; this.secretKey = secretKey; - this.date = date; + + if (date != null) { + this.date = new Date(date.getTime()); + } } public String getCacheEntry() { @@ -82,16 +81,17 @@ public long getCacheInterval() { return cacheInterval; } -// public Set getCacheEntrySet() { -// return cacheEntrySet; -// } public boolean isCacheClearing() { return cacheClearing; } public String[] getCacheEntryArray() { - return cacheEntryArray; + + if (cacheEntryArray != null) { + return cacheEntryArray.clone(); + } + return new String[0]; } public Key getSecretKey() { @@ -99,6 +99,9 @@ public Key getSecretKey() { } public Date getDate() { - return date; + if (date != null) { + return new Date(date.getTime()); + } + return null; } } diff --git a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/IdentityCacheKey.java b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/IdentityCacheKey.java index 867877ef87..ded48e7467 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/IdentityCacheKey.java +++ b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/IdentityCacheKey.java @@ -1,20 +1,22 @@ /* -* Copyright (c) 2005-2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + * + */ package org.wso2.carbon.identity.entitlement.proxy; @@ -26,11 +28,9 @@ public class IdentityCacheKey implements Serializable { private static final long serialVersionUID = -7700438046096986522L; - //private int tenantId; private String key; public IdentityCacheKey(String key) { - //this.tenantId = tenantId; this.key = key; } @@ -46,15 +46,13 @@ public boolean equals(Object obj) { } IdentityCacheKey cacheKey = (IdentityCacheKey) obj; - return cacheKey.getKey() != null && cacheKey.getKey().equals(key);// && cacheKey.getTenantId() == tenantId; + return cacheKey.getKey() != null && cacheKey.getKey().equals(key); } @Override public int hashCode() { - //int hash = Integer.valueOf( (tenantId == MultitenantConstants.SUPER_TENANT_ID) - // ? 0 : tenantId).hashCode(); - int hash = key.hashCode(); - return hash; + + return key.hashCode(); } } diff --git a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/PEPProxy.java b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/PEPProxy.java index 1eb93ba6db..db09f15938 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/PEPProxy.java +++ b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/PEPProxy.java @@ -1,21 +1,22 @@ /* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - * http://www.apache.org/licenses/LICENSE-2.0 + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. */ + package org.wso2.carbon.identity.entitlement.proxy; import org.wso2.carbon.identity.entitlement.proxy.exception.EntitlementProxyException; @@ -26,6 +27,16 @@ public class PEPProxy { + public static final String SIMPLE = "simple"; + public static final String CARBON = "carbon"; + public static final String URN_OASIS_NAMES_TC_XACML_1_0_SUBJECT_CATEGORY_ACCESS_SUBJECT = "urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"; + public static final String URN_OASIS_NAMES_TC_XACML_1_0_SUBJECT_SUBJECT_ID = "urn:oasis:names:tc:xacml:1.0:subject:subject-id"; + public static final String URN_OASIS_NAMES_TC_XACML_3_0_ATTRIBUTE_CATEGORY_ACTION = "urn:oasis:names:tc:xacml:3.0:attribute-category:action"; + public static final String URN_OASIS_NAMES_TC_XACML_1_0_ACTION_ACTION_ID = "urn:oasis:names:tc:xacml:1.0:action:action-id"; + public static final String URN_OASIS_NAMES_TC_XACML_3_0_ATTRIBUTE_CATEGORY_RESOURCE = "urn:oasis:names:tc:xacml:3.0:attribute-category:resource"; + public static final String URN_OASIS_NAMES_TC_XACML_1_0_RESOURCE_RESOURCE_ID = "urn:oasis:names:tc:xacml:1.0:resource:resource-id"; + public static final String URN_OASIS_NAMES_TC_XACML_3_0_ATTRIBUTE_CATEGORY_ENVIRONMENT = "urn:oasis:names:tc:xacml:3.0:attribute-category:environment"; + public static final String URN_OASIS_NAMES_TC_XACML_1_0_ENVIRONMENT_ENVIRONMENT_ID = "urn:oasis:names:tc:xacml:1.0:environment:environment-id"; private String defaultAppId; private Map appToPDPClientMap; private PEPProxyCache cache; @@ -37,7 +48,8 @@ public class PEPProxy { */ public PEPProxy(PEPProxyConfig config) throws EntitlementProxyException { defaultAppId = config.getDefaultAppId(); - if (config.getCacheType() != null && (config.getCacheType().equals("simple") || config.getCacheType().equals("carbon"))) { + + if (config.getCacheType() != null && (SIMPLE.equals(config.getCacheType()) || CARBON.equals(config.getCacheType()))) { cache = new PEPProxyCache(config.getCacheType(), config.getInvalidationInterval(), config.getMaxCacheEntries()); } appToPDPClientMap = PEPProxyFactory.getAppToPDPClientMap(config.getAppToPDPClientConfigMap()); @@ -114,10 +126,10 @@ public String getDecision(String subject, String resource, String action, String if (!appToPDPClientMap.containsKey(appId)) { throw new EntitlementProxyException("Invalid App Id"); } - Attribute subjectAttribute = new Attribute("urn:oasis:names:tc:xacml:1.0:subject-category:access-subject", "urn:oasis:names:tc:xacml:1.0:subject:subject-id", ProxyConstants.DEFAULT_DATA_TYPE, subject); - Attribute actionAttribute = new Attribute("urn:oasis:names:tc:xacml:3.0:attribute-category:action", "urn:oasis:names:tc:xacml:1.0:action:action-id", ProxyConstants.DEFAULT_DATA_TYPE, action); - Attribute resourceAttribute = new Attribute("urn:oasis:names:tc:xacml:3.0:attribute-category:resource", "urn:oasis:names:tc:xacml:1.0:resource:resource-id", ProxyConstants.DEFAULT_DATA_TYPE, resource); - Attribute environmentAttribute = new Attribute("urn:oasis:names:tc:xacml:3.0:attribute-category:environment", "urn:oasis:names:tc:xacml:1.0:environment:environment-id", ProxyConstants.DEFAULT_DATA_TYPE, environment); + Attribute subjectAttribute = new Attribute(URN_OASIS_NAMES_TC_XACML_1_0_SUBJECT_CATEGORY_ACCESS_SUBJECT, URN_OASIS_NAMES_TC_XACML_1_0_SUBJECT_SUBJECT_ID, ProxyConstants.DEFAULT_DATA_TYPE, subject); + Attribute actionAttribute = new Attribute(URN_OASIS_NAMES_TC_XACML_3_0_ATTRIBUTE_CATEGORY_ACTION, URN_OASIS_NAMES_TC_XACML_1_0_ACTION_ACTION_ID, ProxyConstants.DEFAULT_DATA_TYPE, action); + Attribute resourceAttribute = new Attribute(URN_OASIS_NAMES_TC_XACML_3_0_ATTRIBUTE_CATEGORY_RESOURCE, URN_OASIS_NAMES_TC_XACML_1_0_RESOURCE_RESOURCE_ID, ProxyConstants.DEFAULT_DATA_TYPE, resource); + Attribute environmentAttribute = new Attribute(URN_OASIS_NAMES_TC_XACML_3_0_ATTRIBUTE_CATEGORY_ENVIRONMENT, URN_OASIS_NAMES_TC_XACML_1_0_ENVIRONMENT_ENVIRONMENT_ID, ProxyConstants.DEFAULT_DATA_TYPE, environment); Attribute[] tempArr = {subjectAttribute, actionAttribute, resourceAttribute, environmentAttribute}; return getDecision(tempArr, appId); } @@ -219,7 +231,7 @@ private String generateKey(Attribute[] attributes) { int key = 1; key = 11 * key + ((attributes == null) ? 0 : Arrays.hashCode(attributes)); key = 31 * key + ((defaultAppId == null) ? 0 : defaultAppId.hashCode()); - return (new Integer(key)).toString(); + return Integer.toString(key); } public void clear() { diff --git a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/PEPProxyCache.java b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/PEPProxyCache.java index bc7c3f2fa1..7e83dd65eb 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/PEPProxyCache.java +++ b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/PEPProxyCache.java @@ -1,25 +1,25 @@ /* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. * - * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. */ + package org.wso2.carbon.identity.entitlement.proxy; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; import javax.cache.Cache; import javax.cache.CacheManager; @@ -30,19 +30,17 @@ class PEPProxyCache { - private static Log log = LogFactory.getLog(PEPProxyCache.class); private SimpleCache simpleCache; private boolean isCarbonCache = false; private int invalidationInterval = 0; PEPProxyCache(String enableCaching, int invalidationInterval, int maxEntries) { - if (enableCaching.equalsIgnoreCase("simple")) { + if ("simple".equalsIgnoreCase(enableCaching)) { simpleCache = new SimpleCache(maxEntries); this.invalidationInterval = invalidationInterval; - } else if (enableCaching.equalsIgnoreCase("carbon")) { + } else if ("carbon".equalsIgnoreCase(enableCaching)) { isCarbonCache = true; -// carbonCache = getCommonCache(ProxyConstants.DECISION_CACHE); } } @@ -57,18 +55,9 @@ private Cache getCommonCache() { // We create a single cache for all tenants. It is not a good choice to create per-tenant // caches in this case. We qualify tenants by adding the tenant identifier in the cache key. -// PrivilegedCarbonContext currentContext = PrivilegedCarbonContext.getCurrentContext(); -// PrivilegedCarbonContext.startTenantFlow(); -// try { -// currentContext.setTenantId(MultitenantConstants.SUPER_TENANT_ID); -// return CacheManager.getInstance().getCache(name); -// } finally { -// PrivilegedCarbonContext.endTenantFlow(); -// } CacheManager manager = Caching.getCacheManagerFactory().getCacheManager(ProxyConstants.DECISION_CACHE); - Cache cache = manager.getCache(ProxyConstants.DECISION_CACHE); - return cache; + return manager.getCache(ProxyConstants.DECISION_CACHE); } void put(String key, String entry) { @@ -78,7 +67,6 @@ void put(String key, String entry) { } else if (isCarbonCache) { Cache carbonCache = getCommonCache(); if (carbonCache != null) { - //int tenantId = CarbonContext.getCurrentContext().getTenantId(); IdentityCacheKey identityKey = new IdentityCacheKey(key); IdentityCacheEntry identityEntry = new IdentityCacheEntry(entry); carbonCache.put(identityKey, identityEntry); @@ -97,7 +85,6 @@ String get(String key) { } else if (isCarbonCache) { Cache carbonCache = getCommonCache(); if (carbonCache != null) { - //int tenantId = CarbonContext.getCurrentContext().getTenantId(); IdentityCacheKey identityKey = new IdentityCacheKey(key); IdentityCacheEntry identityCacheEntry = (IdentityCacheEntry) carbonCache.get(identityKey); if (identityCacheEntry != null) { @@ -110,7 +97,7 @@ String get(String key) { void clear() { if (simpleCache != null) { - simpleCache = new SimpleCache(simpleCache.maxEntries); + simpleCache = new SimpleCache<>(simpleCache.maxEntries); } else if (isCarbonCache) { Cache carbonCache = getCommonCache(); if (carbonCache != null) { diff --git a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/PEPProxyConfig.java b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/PEPProxyConfig.java index ef0a9b0cda..916565a61b 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/PEPProxyConfig.java +++ b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/PEPProxyConfig.java @@ -1,21 +1,23 @@ /* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. * - * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. */ + package org.wso2.carbon.identity.entitlement.proxy; import java.util.Map; diff --git a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/PEPProxyFactory.java b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/PEPProxyFactory.java index 8bce66efc0..47b5eb55de 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/PEPProxyFactory.java +++ b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/PEPProxyFactory.java @@ -1,21 +1,23 @@ /* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. * - * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. */ + package org.wso2.carbon.identity.entitlement.proxy; import org.apache.commons.logging.Log; @@ -34,12 +36,21 @@ public class PEPProxyFactory { private static final Log log = LogFactory.getLog(PEPProxyFactory.class); + public static final String USER_NAME = "userName"; + public static final String PASSWORD = "password"; + public static final String REUSE_SESSION = "reuseSession"; + public static final String SERVER_URL = "serverUrl"; + public static final String THRIFT_HOST = "thriftHost"; + public static final String THRIFT_PORT = "thriftPort"; + private PEPProxyFactory(){ + + } public static Map getAppToPDPClientMap (Map> appToPDPClientConfigMap) throws EntitlementProxyException { Map appToPDPClientMap = - new HashMap(); + new HashMap<>(); Set appList = appToPDPClientConfigMap.keySet(); Iterator appListItr = appList.iterator(); @@ -59,84 +70,82 @@ public class PEPProxyFactory { } if (ProxyConstants.SOAP.equals(client)) { - if (appConfig.get("serverUrl") == null || appConfig.get("serverUrl").length() == 0) { + if (appConfig.get(SERVER_URL) == null || appConfig.get(SERVER_URL).length() == 0) { throw new EntitlementProxyException("serverUrl cannot be null or empty"); } - String serverUrl = appConfig.get("serverUrl").trim(); + String serverUrl = appConfig.get(SERVER_URL).trim(); if (!serverUrl.endsWith("/")) { serverUrl += "/"; } - if (appConfig.get("userName") == null || appConfig.get("userName").length() == 0) { + if (appConfig.get(USER_NAME) == null || appConfig.get(USER_NAME).length() == 0) { throw new EntitlementProxyException("userName cannot be null or empty"); } - if (appConfig.get("password") == null || appConfig.get("password").length() == 0) { + if (appConfig.get(PASSWORD) == null || appConfig.get(PASSWORD).length() == 0) { throw new EntitlementProxyException("password cannot be null or empty"); } boolean reuseSession = true; - if (appConfig.get("reuseSession") != null) { - reuseSession = Boolean.parseBoolean(appConfig.get("reuseSession")); + if (appConfig.get(REUSE_SESSION) != null) { + reuseSession = Boolean.parseBoolean(appConfig.get(REUSE_SESSION)); } - appToPDPClientMap.put(appId, new SOAPEntitlementServiceClient(serverUrl, appConfig.get("userName"), appConfig.get("password"), reuseSession)); + appToPDPClientMap.put(appId, new SOAPEntitlementServiceClient(serverUrl, appConfig.get(USER_NAME), appConfig.get(PASSWORD), reuseSession)); } else if (ProxyConstants.BASIC_AUTH.equals(client)) { - if (appConfig.get("serverUrl") == null || appConfig.get("serverUrl").length() == 0) { + if (appConfig.get(SERVER_URL) == null || appConfig.get(SERVER_URL).length() == 0) { throw new EntitlementProxyException("serverUrl cannot be null or empty"); } - String serverUrl = appConfig.get("serverUrl").trim(); + String serverUrl = appConfig.get(SERVER_URL).trim(); if (!serverUrl.endsWith("/")) { serverUrl += "/"; } - if (appConfig.get("userName") == null || appConfig.get("userName").length() == 0) { + if (appConfig.get(USER_NAME) == null || appConfig.get(USER_NAME).length() == 0) { throw new EntitlementProxyException("userName cannot be null or empty"); } - if (appConfig.get("password") == null || appConfig.get("password").length() == 0) { + if (appConfig.get(PASSWORD) == null || appConfig.get(PASSWORD).length() == 0) { throw new EntitlementProxyException("password cannot be null or empty"); } - appToPDPClientMap.put(appId, new BasicAuthEntitlementServiceClient(serverUrl, appConfig.get("userName"), appConfig.get("password"))); + appToPDPClientMap.put(appId, new BasicAuthEntitlementServiceClient(serverUrl, appConfig.get(USER_NAME), appConfig.get(PASSWORD))); } else if (ProxyConstants.THRIFT.equals(client)) { - if (appConfig.get("serverUrl") == null || appConfig.get("serverUrl").length() == 0) { + if (appConfig.get(SERVER_URL) == null || appConfig.get(SERVER_URL).length() == 0) { throw new EntitlementProxyException("serverUrl cannot be null or empty"); } - String serverUrl = appConfig.get("serverUrl").trim(); + String serverUrl = appConfig.get(SERVER_URL).trim(); if (!serverUrl.endsWith("/")) { serverUrl += "/"; } - if (appConfig.get("userName") == null || appConfig.get("userName").length() == 0) { + if (appConfig.get(USER_NAME) == null || appConfig.get(USER_NAME).length() == 0) { throw new EntitlementProxyException("userName cannot be null or empty"); } - if (appConfig.get("password") == null || appConfig.get("password").length() == 0) { + if (appConfig.get(PASSWORD) == null || appConfig.get(PASSWORD).length() == 0) { throw new EntitlementProxyException("password cannot be null or empty"); } - if (appConfig.get("thriftHost") == null || appConfig.get("thriftHost").length() == 0) { + if (appConfig.get(THRIFT_HOST) == null || appConfig.get(THRIFT_HOST).length() == 0) { throw new EntitlementProxyException("thriftHost cannot be null or empty"); } int thriftPort; - if (appConfig.get("thriftPort") == null || appConfig.get("thriftPort").length() == 0) { + if (appConfig.get(THRIFT_PORT) == null || appConfig.get(THRIFT_PORT).length() == 0) { thriftPort = ProxyConstants.DEFAULT_THRIFT_PORT; } else { - thriftPort = Integer.parseInt(appConfig.get("thriftPort")); + thriftPort = Integer.parseInt(appConfig.get(THRIFT_PORT)); } boolean reuseSession = true; - if (appConfig.get("reuseSession") != null) { - reuseSession = Boolean.parseBoolean(appConfig.get("reuseSession")); + if (appConfig.get(REUSE_SESSION) != null) { + reuseSession = Boolean.parseBoolean(appConfig.get(REUSE_SESSION)); } - appToPDPClientMap.put(appId, new ThriftEntitlementServiceClient(serverUrl, appConfig.get("userName"), appConfig.get("password"), appConfig.get("thriftHost"), thriftPort, reuseSession)); + appToPDPClientMap.put(appId, new ThriftEntitlementServiceClient(serverUrl, appConfig.get(USER_NAME), appConfig.get(PASSWORD), appConfig.get(THRIFT_HOST), thriftPort, reuseSession)); } else if (ProxyConstants.WS_XACML.equals(client)) { - if (appConfig.get("serverUrl") == null || appConfig.get("serverUrl").length() == 0) { + if (appConfig.get(SERVER_URL) == null || appConfig.get(SERVER_URL).length() == 0) { throw new EntitlementProxyException("serverUrl cannot be null or empty"); } - String serverUrl = appConfig.get("serverUrl").trim(); + String serverUrl = appConfig.get(SERVER_URL).trim(); if (!serverUrl.endsWith("/")) { serverUrl += "/"; } - if (appConfig.get("userName") == null || appConfig.get("userName").length() == 0) { + if (appConfig.get(USER_NAME) == null || appConfig.get(USER_NAME).length() == 0) { throw new EntitlementProxyException("userName cannot be null or empty"); } - if (appConfig.get("password") == null || appConfig.get("password").length() == 0) { + if (appConfig.get(PASSWORD) == null || appConfig.get(PASSWORD).length() == 0) { throw new EntitlementProxyException("password cannot be null or empty"); } - appToPDPClientMap.put(appId, new WSXACMLEntitlementServiceClient(serverUrl, appConfig.get("userName"), appConfig.get("password"))); - } else if (ProxyConstants.JSON.equals(client)) { - + appToPDPClientMap.put(appId, new WSXACMLEntitlementServiceClient(serverUrl, appConfig.get(USER_NAME), appConfig.get(PASSWORD))); } } return appToPDPClientMap; diff --git a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/ProxyConstants.java b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/ProxyConstants.java index bf4788220e..29ff821ae1 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/ProxyConstants.java +++ b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/ProxyConstants.java @@ -1,21 +1,23 @@ /* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. * - * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. */ + package org.wso2.carbon.identity.entitlement.proxy; public final class ProxyConstants { @@ -30,15 +32,19 @@ public final class ProxyConstants { public static final String DECISION_CACHE = "DECISION_CACHE"; public static final int MAX_CACHE_SIZE = 10000; - public final static String SESSION_TIME_OUT = "50977"; + public static final String SESSION_TIME_OUT = "50977"; public static final String SUBJECT_ID = "urn:oasis:names:tc:xacml:1.0:subject:subject-id"; - public final static String TRUST_STORE = "javax.net.ssl.trustStore"; - public final static String TRUST_STORE_PASSWORD = "javax.net.ssl.trustStorePassword"; + public static final String TRUST_STORE = "javax.net.ssl.trustStore"; + public static final String TRUST_STORE_PASSWORD = "javax.net.ssl.trustStorePassword"; public static final int THRIFT_TIME_OUT = 30000; public static final int DEFAULT_THRIFT_PORT = 10500; public static final String DEFAULT_DATA_TYPE = "string"; + private ProxyConstants(){ + + } + } diff --git a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/XACMLRequetBuilder.java b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/XACMLRequetBuilder.java index d7b9f26604..237bea59c8 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/XACMLRequetBuilder.java +++ b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/XACMLRequetBuilder.java @@ -1,63 +1,70 @@ /* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. * - * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. */ + package org.wso2.carbon.identity.entitlement.proxy; import org.apache.axiom.om.OMAbstractFactory; import org.apache.axiom.om.OMElement; import org.apache.axiom.om.OMFactory; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; import javax.xml.namespace.QName; import java.util.HashSet; import java.util.Iterator; +import java.util.Set; public class XACMLRequetBuilder { - private static Log log = LogFactory.getLog(XACMLRequetBuilder.class); + public static final String CORE_SCHEMA = "urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"; + public static final String ATTRIBUTE_ID = "AttributeId"; + public static final String XMLSCHEMA = "http://www.w3.org/2001/XMLSchema#"; + + private XACMLRequetBuilder(){ + + } public static String buildXACML3Request(Attribute[] attributes) { OMFactory factory = OMAbstractFactory.getOMFactory(); OMElement requestXML = factory.createOMElement("Request", null); - requestXML.addAttribute("xmlns", "urn:oasis:names:tc:xacml:3.0:core:schema:wd-17", null); + requestXML.addAttribute("xmlns", CORE_SCHEMA, null); requestXML.addAttribute("CombinedDecision", "false", null); requestXML.addAttribute("ReturnPolicyIdList", "false", null); - HashSet catagorySet = new HashSet(); + Set catagorySet = new HashSet<>(); for (Attribute attribute : attributes) { if (!catagorySet.contains(attribute.getCategory())) { catagorySet.add(attribute.getCategory()); OMElement attributesXML = factory.createOMElement("Attributes", null); attributesXML.addAttribute("Category", attribute.getCategory(), null); - HashSet attributeSet = new HashSet(); + Set attributeSet = new HashSet<>(); if (!attributeSet.contains(attribute.getId())) { attributeSet.add(attribute.getId()); OMElement attributeXML = factory.createOMElement("Attribute", null); - attributeXML.addAttribute("AttributeId", attribute.getId(), null); + attributeXML.addAttribute(ATTRIBUTE_ID, attribute.getId(), null); attributeXML.addAttribute("IncludeInResult", "false", null); OMElement attributeValueXML = factory.createOMElement("AttributeValue", null); - attributeValueXML.addAttribute("DataType", "http://www.w3.org/2001/XMLSchema#" + attribute.getType(), null); + attributeValueXML.addAttribute("DataType", XMLSCHEMA + attribute.getType(), null); attributeValueXML.setText(attribute.getValue()); attributeXML.addChild(attributeValueXML); attributesXML.addChild(attributeXML); @@ -65,9 +72,9 @@ public static String buildXACML3Request(Attribute[] attributes) { Iterator itr = attributesXML.getChildElements(); while (itr.hasNext()) { OMElement attributeXML = (OMElement) itr.next(); - if (attribute.getId().equals(attributeXML.getAttributeValue(new QName("AttributeId")))) { + if (attribute.getId().equals(attributeXML.getAttributeValue(new QName(ATTRIBUTE_ID)))) { OMElement attributeValueXML = factory.createOMElement("AttributeValue", null); - attributeValueXML.addAttribute("DataType", "http://www.w3.org/2001/XMLSchema#" + attribute.getType(), null); + attributeValueXML.addAttribute("DataType", XMLSCHEMA + attribute.getType(), null); attributeValueXML.setText(attribute.getValue()); attributeXML.addChild(attributeValueXML); break; @@ -80,20 +87,20 @@ public static String buildXACML3Request(Attribute[] attributes) { while (itr.hasNext()) { OMElement attributesXML = (OMElement) itr.next(); if (attribute.getCategory().equals(attributesXML.getAttributeValue(new QName("Category")))) { - HashSet attributeSet = new HashSet(); + Set attributeSet = new HashSet(); Iterator itr1 = attributesXML.getChildElements(); while (itr1.hasNext()) { - attributeSet.add(((OMElement) itr1.next()).getAttributeValue(new QName("AttributeId"))); + attributeSet.add(((OMElement) itr1.next()).getAttributeValue(new QName(ATTRIBUTE_ID))); } if (!attributeSet.contains(attribute.getId())) { attributeSet.add(attribute.getId()); OMElement attributeXML = factory.createOMElement("Attribute", null); - attributeXML.addAttribute("AttributeId", attribute.getId(), null); + attributeXML.addAttribute(ATTRIBUTE_ID, attribute.getId(), null); attributeXML.addAttribute("IncludeInResult", "false", null); OMElement attributeValueXML = factory.createOMElement("AttributeValue", null); - attributeValueXML.addAttribute("DataType", "http://www.w3.org/2001/XMLSchema#" + attribute.getType(), null); + attributeValueXML.addAttribute("DataType", XMLSCHEMA + attribute.getType(), null); attributeValueXML.setText(attribute.getValue()); attributeXML.addChild(attributeValueXML); attributesXML.addChild(attributeXML); @@ -101,9 +108,9 @@ public static String buildXACML3Request(Attribute[] attributes) { Iterator itr2 = attributesXML.getChildElements(); while (itr2.hasNext()) { OMElement attributeXML = (OMElement) itr2.next(); - if (attribute.getId().equals(attributeXML.getAttributeValue(new QName("AttributeId")))) { + if (attribute.getId().equals(attributeXML.getAttributeValue(new QName(ATTRIBUTE_ID)))) { OMElement attributeValueXML = factory.createOMElement("AttributeValue", null); - attributeValueXML.addAttribute("DataType", "http://www.w3.org/2001/XMLSchema#" + attribute.getType(), null); + attributeValueXML.addAttribute("DataType", XMLSCHEMA + attribute.getType(), null); attributeValueXML.setText(attribute.getValue()); attributeXML.addChild(attributeValueXML); break; diff --git a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/exception/EntitlementProxyException.java b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/exception/EntitlementProxyException.java index ea02f69320..5f6bec7195 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/exception/EntitlementProxyException.java +++ b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/exception/EntitlementProxyException.java @@ -1,21 +1,23 @@ /* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. * - * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. */ + package org.wso2.carbon.identity.entitlement.proxy.exception; public class EntitlementProxyException extends Exception { diff --git a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/generatedCode/AuthenticationException.java b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/generatedCode/AuthenticationException.java index 91b196e401..07ab5b4f66 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/generatedCode/AuthenticationException.java +++ b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/generatedCode/AuthenticationException.java @@ -5,7 +5,11 @@ */ package org.wso2.carbon.identity.entitlement.proxy.generatedCode; -import java.util.*; +import java.util.Collections; +import java.util.EnumMap; +import java.util.EnumSet; +import java.util.HashMap; +import java.util.Map; public class AuthenticationException extends Exception implements org.apache.thrift.TBase, java.io.Serializable, Cloneable { diff --git a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/generatedCode/AuthenticatorService.java b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/generatedCode/AuthenticatorService.java index fc22ca159c..220c09710c 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/generatedCode/AuthenticatorService.java +++ b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/generatedCode/AuthenticatorService.java @@ -8,7 +8,11 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import java.util.*; +import java.util.Collections; +import java.util.EnumMap; +import java.util.EnumSet; +import java.util.HashMap; +import java.util.Map; public class AuthenticatorService { diff --git a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/generatedCode/EntitlementException.java b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/generatedCode/EntitlementException.java index 2f20591eb0..d75fe0aa51 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/generatedCode/EntitlementException.java +++ b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/generatedCode/EntitlementException.java @@ -5,7 +5,11 @@ */ package org.wso2.carbon.identity.entitlement.proxy.generatedCode; -import java.util.*; +import java.util.Collections; +import java.util.EnumMap; +import java.util.EnumSet; +import java.util.HashMap; +import java.util.Map; public class EntitlementException extends Exception implements org.apache.thrift.TBase, java.io.Serializable, Cloneable { public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap; diff --git a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/generatedCode/EntitlementThriftClient.java b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/generatedCode/EntitlementThriftClient.java index c41f1439c4..d02f69f17f 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/generatedCode/EntitlementThriftClient.java +++ b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/generatedCode/EntitlementThriftClient.java @@ -8,7 +8,11 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import java.util.*; +import java.util.Collections; +import java.util.EnumMap; +import java.util.EnumSet; +import java.util.HashMap; +import java.util.Map; public class EntitlementThriftClient { diff --git a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/json/JSONEntitlementServiceClient.java b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/json/JSONEntitlementServiceClient.java index ad44242b48..e234aa70fa 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/json/JSONEntitlementServiceClient.java +++ b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/json/JSONEntitlementServiceClient.java @@ -1,27 +1,30 @@ /* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. * - * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. */ + package org.wso2.carbon.identity.entitlement.proxy.json; import org.wso2.carbon.identity.entitlement.proxy.AbstractEntitlementServiceClient; import org.wso2.carbon.identity.entitlement.proxy.Attribute; +import java.util.ArrayList; import java.util.List; public class JSONEntitlementServiceClient extends AbstractEntitlementServiceClient { @@ -34,7 +37,6 @@ public String getDecision(Attribute[] attributes, String appId) throws Exception @Override public boolean subjectCanActOnResource(String subjectType, String alias, String actionId, String resourceId, String domainId, String appId) throws Exception { - // TODO Auto-generated method stub return false; } @@ -42,34 +44,29 @@ public boolean subjectCanActOnResource(String subjectType, String alias, String public boolean subjectCanActOnResource(String subjectType, String alias, String actionId, String resourceId, Attribute[] attributes, String domainId, String appId) throws Exception { - // TODO Auto-generated method stub return false; } @Override public List getResourcesForAlias(String alias, String appId) throws Exception { - // TODO Auto-generated method stub - return null; + return new ArrayList<>(); } @Override public List getActionableResourcesForAlias(String alias, String appId) throws Exception { - // TODO Auto-generated method stub return null; } @Override public List getActionsForResource(String alias, String resources, String appId) throws Exception { - // TODO Auto-generated method stub - return null; + return new ArrayList<>(); } @Override public List getActionableChildResourcesForAlias(String alias, String parentResource, String action, String appId) throws Exception { - // TODO Auto-generated method stub - return null; + return new ArrayList<>(); } } diff --git a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/soap/authenticationAdmin/Authenticator.java b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/soap/authenticationAdmin/Authenticator.java index 65ecc489e1..441188491b 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/soap/authenticationAdmin/Authenticator.java +++ b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/soap/authenticationAdmin/Authenticator.java @@ -1,21 +1,23 @@ /* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. * - * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. */ + package org.wso2.carbon.identity.entitlement.proxy.soap.authenticationAdmin; import org.apache.axis2.context.ConfigurationContext; @@ -23,8 +25,9 @@ import org.apache.axis2.description.TransportOutDescription; import org.apache.axis2.transport.http.HTTPConstants; import org.wso2.carbon.authenticator.stub.AuthenticationAdminStub; +import org.wso2.carbon.identity.entitlement.proxy.exception.EntitlementProxyException; -import java.util.HashMap; +import java.util.Map; public class Authenticator { @@ -39,14 +42,14 @@ public Authenticator(String userName, String password, String serverUrl) throws this.serverUrl = serverUrl; if (!authenticate()) { - throw new Exception("Authentication Failed"); + throw new EntitlementProxyException("Authentication Failed"); } } private boolean authenticate() throws Exception { ConfigurationContext configurationContext; configurationContext = ConfigurationContextFactory.createDefaultConfigurationContext(); - HashMap transportsOut = configurationContext + Map transportsOut =configurationContext .getAxisConfiguration().getTransportsOut(); for (TransportOutDescription transportOutDescription : transportsOut.values()) { transportOutDescription.getSender().init(configurationContext, transportOutDescription); diff --git a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/soap/authenticationAdmin/SOAPEntitlementServiceClient.java b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/soap/authenticationAdmin/SOAPEntitlementServiceClient.java index 27c458937a..ef36685b9e 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/soap/authenticationAdmin/SOAPEntitlementServiceClient.java +++ b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/soap/authenticationAdmin/SOAPEntitlementServiceClient.java @@ -1,21 +1,23 @@ /* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at + * Copyright (c) 2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. * - * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. */ + package org.wso2.carbon.identity.entitlement.proxy.soap.authenticationAdmin; import org.apache.axis2.AxisFault; @@ -35,13 +37,19 @@ import org.wso2.carbon.identity.entitlement.stub.dto.EntitledResultSetDTO; import java.util.ArrayList; -import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.concurrent.ConcurrentHashMap; public class SOAPEntitlementServiceClient extends AbstractEntitlementServiceClient { + public static final String ACCESS_SUBJECT = "urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"; + public static final String ACTION = "urn:oasis:names:tc:xacml:3.0:attribute-category:action"; + public static final String ACTION_ID = "urn:oasis:names:tc:xacml:1.0:action:action-id"; + public static final String RESOURCE = "urn:oasis:names:tc:xacml:3.0:attribute-category:resource"; + public static final String RESOURCE_ID = "urn:oasis:names:tc:xacml:1.0:resource:resource-id"; + public static final String CATEGORY_ENVIRONMENT = "urn:oasis:names:tc:xacml:3.0:attribute-category:environment"; + public static final String ENVIRONMENT_ID = "urn:oasis:names:tc:xacml:1.0:environment:environment-id"; private Map entitlementStub = new ConcurrentHashMap(); private Map policyAdminStub = new ConcurrentHashMap(); private Map authenticators = new ConcurrentHashMap(); @@ -71,17 +79,18 @@ public String getDecision(Attribute[] attributes, String appId) throws Exception public boolean subjectCanActOnResource(String subjectType, String alias, String actionId, String resourceId, String domainId, String appId) throws Exception { - Attribute subjectAttribute = new Attribute("urn:oasis:names:tc:xacml:1.0:subject-category:access-subject", subjectType, ProxyConstants.DEFAULT_DATA_TYPE, alias); - Attribute actionAttribute = new Attribute("urn:oasis:names:tc:xacml:3.0:attribute-category:action", "urn:oasis:names:tc:xacml:1.0:action:action-id", ProxyConstants.DEFAULT_DATA_TYPE, actionId); - Attribute resourceAttribute = new Attribute("urn:oasis:names:tc:xacml:3.0:attribute-category:resource", "urn:oasis:names:tc:xacml:1.0:resource:resource-id", ProxyConstants.DEFAULT_DATA_TYPE, resourceId); - Attribute environmentAttribute = new Attribute("urn:oasis:names:tc:xacml:3.0:attribute-category:environment", "urn:oasis:names:tc:xacml:1.0:environment:environment-id", ProxyConstants.DEFAULT_DATA_TYPE, domainId); + Attribute subjectAttribute = new Attribute(ACCESS_SUBJECT, subjectType, ProxyConstants.DEFAULT_DATA_TYPE, alias); + Attribute actionAttribute = new Attribute(ACTION, ACTION_ID, ProxyConstants.DEFAULT_DATA_TYPE, actionId); + Attribute resourceAttribute = new Attribute(RESOURCE, RESOURCE_ID, ProxyConstants.DEFAULT_DATA_TYPE, resourceId); + Attribute environmentAttribute = new Attribute(CATEGORY_ENVIRONMENT, ENVIRONMENT_ID, ProxyConstants + .DEFAULT_DATA_TYPE, domainId); Attribute[] tempArr = {subjectAttribute, actionAttribute, resourceAttribute, environmentAttribute}; String xacmlRequest = XACMLRequetBuilder.buildXACML3Request(tempArr); EntitlementServiceStub stub = getEntitlementStub(serverUrl); Authenticator authenticator = getAuthenticator(serverUrl, userName, password); String result = getDecision(xacmlRequest, stub, authenticator); stub._getServiceClient().cleanupTransport(); - return (result.contains("Permit")); + return result.contains("Permit"); } @Override @@ -90,20 +99,22 @@ public boolean subjectCanActOnResource(String subjectType, String alias, String throws Exception { Attribute[] attrs = new Attribute[attributes.length + 4]; - attrs[0] = new Attribute("urn:oasis:names:tc:xacml:1.0:subject-category:access-subject", subjectType, ProxyConstants.DEFAULT_DATA_TYPE, alias); + attrs[0] = new Attribute(ACCESS_SUBJECT, subjectType, ProxyConstants.DEFAULT_DATA_TYPE, alias); for (int i = 0; i < attributes.length; i++) { - attrs[i + 1] = new Attribute("urn:oasis:names:tc:xacml:1.0:subject-category:access-subject", attributes[i].getType(), + attrs[i + 1] = new Attribute(ACCESS_SUBJECT, attributes[i].getType(), attributes[i].getId(), attributes[i].getValue()); } - attrs[attrs.length - 3] = new Attribute("urn:oasis:names:tc:xacml:3.0:attribute-category:action", "urn:oasis:names:tc:xacml:1.0:action:action-id", ProxyConstants.DEFAULT_DATA_TYPE, actionId); - attrs[attrs.length - 2] = new Attribute("urn:oasis:names:tc:xacml:3.0:attribute-category:resource", "urn:oasis:names:tc:xacml:1.0:resource:resource-id", ProxyConstants.DEFAULT_DATA_TYPE, resourceId); - attrs[attrs.length - 1] = new Attribute("urn:oasis:names:tc:xacml:3.0:attribute-category:environment", "urn:oasis:names:tc:xacml:1.0:environment:environment-id", ProxyConstants.DEFAULT_DATA_TYPE, domainId); + attrs[attrs.length - 3] = new Attribute(ACTION, ACTION_ID, ProxyConstants + .DEFAULT_DATA_TYPE, actionId); + attrs[attrs.length - 2] = new Attribute(RESOURCE, RESOURCE_ID, + ProxyConstants.DEFAULT_DATA_TYPE, resourceId); + attrs[attrs.length - 1] = new Attribute(CATEGORY_ENVIRONMENT, ENVIRONMENT_ID, ProxyConstants.DEFAULT_DATA_TYPE, domainId); String xacmlRequest = XACMLRequetBuilder.buildXACML3Request(attrs); EntitlementServiceStub stub = getEntitlementStub(serverUrl); Authenticator authenticator = getAuthenticator(serverUrl, userName, password); String result = getDecision(xacmlRequest, stub, authenticator); stub._getServiceClient().cleanupTransport(); - return (result.contains("Permit")); + return result.contains("Permit"); } @Override @@ -156,10 +167,9 @@ public List getActionableChildResourcesForAlias(String alias, String par private Authenticator getAuthenticator(String serverUrl, String userName, String password) throws Exception { - if (reuseSession) { - if (authenticators.containsKey(serverUrl)) { - return authenticators.get(serverUrl); - } + if (reuseSession && authenticators.containsKey(serverUrl)) { + return authenticators.get(serverUrl); + } Authenticator authenticator = new Authenticator(userName, password, serverUrl + "AuthenticationAdmin"); setAuthCookie(false, getEntitlementStub(serverUrl), authenticator); @@ -175,7 +185,7 @@ private EntitlementServiceStub getEntitlementStub(String serverUrl) throws Excep } EntitlementServiceStub stub; ConfigurationContext configurationContext = ConfigurationContextFactory.createDefaultConfigurationContext(); - HashMap transportsOut = configurationContext + Map transportsOut = configurationContext .getAxisConfiguration().getTransportsOut(); for (TransportOutDescription transportOutDescription : transportsOut.values()) { transportOutDescription.getSender().init(configurationContext, transportOutDescription); @@ -193,7 +203,7 @@ private EntitlementPolicyAdminServiceStub getEntitlementAdminStub(String serverU } EntitlementPolicyAdminServiceStub stub; ConfigurationContext configurationContext = ConfigurationContextFactory.createDefaultConfigurationContext(); - HashMap transportsOut = configurationContext + Map transportsOut = configurationContext .getAxisConfiguration().getTransportsOut(); for (TransportOutDescription transportOutDescription : transportsOut.values()) { transportOutDescription.getSender().init(configurationContext, transportOutDescription); diff --git a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/soap/basicAuth/BasicAuthEntitlementServiceClient.java b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/soap/basicAuth/BasicAuthEntitlementServiceClient.java index 8979740842..fa3ee1c423 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/soap/basicAuth/BasicAuthEntitlementServiceClient.java +++ b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/soap/basicAuth/BasicAuthEntitlementServiceClient.java @@ -1,27 +1,27 @@ /* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at + * Copyright (c) 2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. * - * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. */ + package org.wso2.carbon.identity.entitlement.proxy.soap.basicAuth; import org.apache.axis2.AxisFault; import org.apache.axis2.Constants; -import org.apache.axis2.client.Options; -import org.apache.axis2.client.ServiceClient; import org.apache.axis2.context.ConfigurationContext; import org.apache.axis2.context.ConfigurationContextFactory; import org.apache.axis2.description.TransportOutDescription; @@ -38,17 +38,14 @@ import org.wso2.carbon.identity.entitlement.proxy.ProxyConstants; import org.wso2.carbon.identity.entitlement.proxy.XACMLRequetBuilder; import org.wso2.carbon.identity.entitlement.proxy.soap.util.EntitlementServiceStubFactory; -import org.wso2.carbon.identity.entitlement.stub.EntitlementPolicyAdminServiceStub; import org.wso2.carbon.identity.entitlement.stub.EntitlementServiceStub; import org.wso2.carbon.identity.entitlement.stub.dto.EntitledAttributesDTO; import org.wso2.carbon.identity.entitlement.stub.dto.EntitledResultSetDTO; import java.io.File; import java.util.ArrayList; -import java.util.HashMap; import java.util.List; import java.util.Map; -import java.util.concurrent.ConcurrentHashMap; public class BasicAuthEntitlementServiceClient extends AbstractEntitlementServiceClient { @@ -60,8 +57,14 @@ public class BasicAuthEntitlementServiceClient extends AbstractEntitlementServic "axis2" + File.separator + "axis2_blocking_client.xml"; private static final int MAX_CONNECTIONS_PER_HOST = 200; private static final String XACML_DECISION_PERMIT = "Permit"; + public static final String URN_OASIS_NAMES_TC_XACML_1_0_SUBJECT_CATEGORY_ACCESS_SUBJECT = "urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"; + public static final String URN_OASIS_NAMES_TC_XACML_3_0_ATTRIBUTE_CATEGORY_ACTION = "urn:oasis:names:tc:xacml:3.0:attribute-category:action"; + public static final String URN_OASIS_NAMES_TC_XACML_1_0_ACTION_ACTION_ID = "urn:oasis:names:tc:xacml:1.0:action:action-id"; + public static final String URN_OASIS_NAMES_TC_XACML_3_0_ATTRIBUTE_CATEGORY_RESOURCE = "urn:oasis:names:tc:xacml:3.0:attribute-category:resource"; + public static final String URN_OASIS_NAMES_TC_XACML_1_0_RESOURCE_RESOURCE_ID = "urn:oasis:names:tc:xacml:1.0:resource:resource-id"; + public static final String URN_OASIS_NAMES_TC_XACML_3_0_ATTRIBUTE_CATEGORY_ENVIRONMENT = "urn:oasis:names:tc:xacml:3.0:attribute-category:environment"; + public static final String URN_OASIS_NAMES_TC_XACML_1_0_ENVIRONMENT_ENVIRONMENT_ID = "urn:oasis:names:tc:xacml:1.0:environment:environment-id"; - private Map policyAdminStub = new ConcurrentHashMap(); private String serverUrl; private GenericObjectPool serviceStubPool; private HttpTransportProperties.Authenticator authenticator; @@ -99,7 +102,7 @@ private void initConfigurationContext() throws Exception { configurationContext.setProperty(HTTPConstants.CACHED_HTTP_CLIENT, httpClient); configurationContext.setProperty(HTTPConstants.REUSE_HTTP_CLIENT, Constants.VALUE_TRUE); - HashMap transportsOut = + Map transportsOut = configurationContext.getAxisConfiguration().getTransportsOut(); for (TransportOutDescription transportOutDescription : transportsOut.values()) { @@ -129,17 +132,17 @@ public String getDecision(Attribute[] attributes, String appId) throws Exception public boolean subjectCanActOnResource(String subjectType, String alias, String actionId, String resourceId, String domainId, String appId) throws Exception { - Attribute subjectAttribute = new Attribute("urn:oasis:names:tc:xacml:1.0:subject-category:access-subject", subjectType, ProxyConstants.DEFAULT_DATA_TYPE, alias); - Attribute actionAttribute = new Attribute("urn:oasis:names:tc:xacml:3.0:attribute-category:action", "urn:oasis:names:tc:xacml:1.0:action:action-id", ProxyConstants.DEFAULT_DATA_TYPE, actionId); - Attribute resourceAttribute = new Attribute("urn:oasis:names:tc:xacml:3.0:attribute-category:resource", "urn:oasis:names:tc:xacml:1.0:resource:resource-id", ProxyConstants.DEFAULT_DATA_TYPE, resourceId); - Attribute environmentAttribute = new Attribute("urn:oasis:names:tc:xacml:3.0:attribute-category:environment", "urn:oasis:names:tc:xacml:1.0:environment:environment-id", ProxyConstants.DEFAULT_DATA_TYPE, domainId); + Attribute subjectAttribute = new Attribute(URN_OASIS_NAMES_TC_XACML_1_0_SUBJECT_CATEGORY_ACCESS_SUBJECT, subjectType, ProxyConstants.DEFAULT_DATA_TYPE, alias); + Attribute actionAttribute = new Attribute(URN_OASIS_NAMES_TC_XACML_3_0_ATTRIBUTE_CATEGORY_ACTION, URN_OASIS_NAMES_TC_XACML_1_0_ACTION_ACTION_ID, ProxyConstants.DEFAULT_DATA_TYPE, actionId); + Attribute resourceAttribute = new Attribute(URN_OASIS_NAMES_TC_XACML_3_0_ATTRIBUTE_CATEGORY_RESOURCE, URN_OASIS_NAMES_TC_XACML_1_0_RESOURCE_RESOURCE_ID, ProxyConstants.DEFAULT_DATA_TYPE, resourceId); + Attribute environmentAttribute = new Attribute(URN_OASIS_NAMES_TC_XACML_3_0_ATTRIBUTE_CATEGORY_ENVIRONMENT, URN_OASIS_NAMES_TC_XACML_1_0_ENVIRONMENT_ENVIRONMENT_ID, ProxyConstants.DEFAULT_DATA_TYPE, domainId); Attribute[] tempArr = {subjectAttribute, actionAttribute, resourceAttribute, environmentAttribute}; String xacmlRequest = XACMLRequetBuilder.buildXACML3Request(tempArr); EntitlementServiceStub stub = null; try { stub = getEntitlementStub(serverUrl); String result = getDecision(xacmlRequest, stub); - return (result.contains(XACML_DECISION_PERMIT)); + return result.contains(XACML_DECISION_PERMIT); } finally { if (stub != null) { stub._getServiceClient().cleanupTransport(); @@ -154,20 +157,20 @@ public boolean subjectCanActOnResource(String subjectType, String alias, String throws Exception { Attribute[] attrs = new Attribute[attributes.length + 4]; - attrs[0] = new Attribute("urn:oasis:names:tc:xacml:1.0:subject-category:access-subject", subjectType, ProxyConstants.DEFAULT_DATA_TYPE, alias); + attrs[0] = new Attribute(URN_OASIS_NAMES_TC_XACML_1_0_SUBJECT_CATEGORY_ACCESS_SUBJECT, subjectType, ProxyConstants.DEFAULT_DATA_TYPE, alias); for (int i = 0; i < attributes.length; i++) { - attrs[i + 1] = new Attribute("urn:oasis:names:tc:xacml:1.0:subject-category:access-subject", attributes[i].getType(), + attrs[i + 1] = new Attribute(URN_OASIS_NAMES_TC_XACML_1_0_SUBJECT_CATEGORY_ACCESS_SUBJECT, attributes[i].getType(), attributes[i].getId(), attributes[i].getValue()); } - attrs[attrs.length - 3] = new Attribute("urn:oasis:names:tc:xacml:3.0:attribute-category:action", "urn:oasis:names:tc:xacml:1.0:action:action-id", ProxyConstants.DEFAULT_DATA_TYPE, actionId); - attrs[attrs.length - 2] = new Attribute("urn:oasis:names:tc:xacml:3.0:attribute-category:resource", "urn:oasis:names:tc:xacml:1.0:resource:resource-id", ProxyConstants.DEFAULT_DATA_TYPE, resourceId); - attrs[attrs.length - 1] = new Attribute("urn:oasis:names:tc:xacml:3.0:attribute-category:environment", "urn:oasis:names:tc:xacml:1.0:environment:environment-id", ProxyConstants.DEFAULT_DATA_TYPE, domainId); + attrs[attrs.length - 3] = new Attribute(URN_OASIS_NAMES_TC_XACML_3_0_ATTRIBUTE_CATEGORY_ACTION, URN_OASIS_NAMES_TC_XACML_1_0_ACTION_ACTION_ID, ProxyConstants.DEFAULT_DATA_TYPE, actionId); + attrs[attrs.length - 2] = new Attribute(URN_OASIS_NAMES_TC_XACML_3_0_ATTRIBUTE_CATEGORY_RESOURCE, URN_OASIS_NAMES_TC_XACML_1_0_RESOURCE_RESOURCE_ID, ProxyConstants.DEFAULT_DATA_TYPE, resourceId); + attrs[attrs.length - 1] = new Attribute(URN_OASIS_NAMES_TC_XACML_3_0_ATTRIBUTE_CATEGORY_ENVIRONMENT, URN_OASIS_NAMES_TC_XACML_1_0_ENVIRONMENT_ENVIRONMENT_ID, ProxyConstants.DEFAULT_DATA_TYPE, domainId); String xacmlRequest = XACMLRequetBuilder.buildXACML3Request(attrs); EntitlementServiceStub stub = null; try { stub = getEntitlementStub(serverUrl); String result = getDecision(xacmlRequest, stub); - return (result.contains(XACML_DECISION_PERMIT)); + return result.contains(XACML_DECISION_PERMIT); } finally { if (stub != null) { stub._getServiceClient().cleanupTransport(); @@ -250,28 +253,7 @@ private EntitlementServiceStub getEntitlementStub(String serverUrl) throws Excep return (EntitlementServiceStub) serviceStubPool.borrowObject(); } - private EntitlementPolicyAdminServiceStub getEntitlementAdminStub(String serverUrl) - throws Exception { - if (policyAdminStub.containsKey(serverUrl)) { - return policyAdminStub.get(serverUrl); - } - EntitlementPolicyAdminServiceStub stub; - ConfigurationContext configurationContext = ConfigurationContextFactory.createDefaultConfigurationContext(); - HashMap transportsOut = configurationContext - .getAxisConfiguration().getTransportsOut(); - for (TransportOutDescription transportOutDescription : transportsOut.values()) { - transportOutDescription.getSender().init(configurationContext, transportOutDescription); - } - stub = new EntitlementPolicyAdminServiceStub(configurationContext, serverUrl - + "EntitlementPolicyAdminService"); - ServiceClient client = stub._getServiceClient(); - Options option = client.getOptions(); - option.setManageSession(true); - option.setProperty(org.apache.axis2.transport.http.HTTPConstants.AUTHENTICATE, authenticator); - policyAdminStub.put(serverUrl, stub); - return stub; - } private String getDecision(String request, EntitlementServiceStub stub) throws Exception { return stub.getDecision(request); @@ -287,7 +269,7 @@ private EntitledAttributesDTO[] getEntitledAttributes(String subjectName, String } private List getResources(EntitledAttributesDTO[] entitledAttrs) { - List list = new ArrayList(); + List list = new ArrayList<>(); if (entitledAttrs != null) { for (EntitledAttributesDTO dto : entitledAttrs) { list.add(dto.getResourceName()); @@ -298,7 +280,7 @@ private List getResources(EntitledAttributesDTO[] entitledAttrs) { } private List getActions(EntitledAttributesDTO[] entitledAttrs) { - List list = new ArrayList(); + List list = new ArrayList<>(); if (entitledAttrs != null) { for (EntitledAttributesDTO dto : entitledAttrs) { diff --git a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/soap/util/EntitlementServiceStubFactory.java b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/soap/util/EntitlementServiceStubFactory.java index 6b99b41aa2..433295c133 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/soap/util/EntitlementServiceStubFactory.java +++ b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/soap/util/EntitlementServiceStubFactory.java @@ -1,19 +1,21 @@ /* - * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. * - * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. */ package org.wso2.carbon.identity.entitlement.proxy.soap.util; diff --git a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/thrift/Authenticator.java b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/thrift/Authenticator.java index 237b000b0c..290e4567b3 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/thrift/Authenticator.java +++ b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/thrift/Authenticator.java @@ -1,24 +1,25 @@ /* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at + * Copyright (c) 2012, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. * - * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. */ + package org.wso2.carbon.identity.entitlement.proxy.thrift; -import org.apache.thrift.TException; import org.apache.thrift.protocol.TCompactProtocol; import org.apache.thrift.protocol.TProtocol; import org.apache.thrift.transport.THttpClient; @@ -32,17 +33,17 @@ public class Authenticator { private String serverUrl; private String sessionId; - public Authenticator(String userName, String password, String serverUrl) throws Exception { + public Authenticator(String userName, String password, String serverUrl) throws EntitlementProxyException { this.userName = userName; this.password = password; this.serverUrl = serverUrl; if (!authenticate()) { - throw new Exception("Authentication Failed"); + throw new EntitlementProxyException("Authentication Failed"); } } - private boolean authenticate() throws Exception { + private boolean authenticate() throws EntitlementProxyException { boolean isAuthenticated; try { THttpClient client = new THttpClient(serverUrl); @@ -52,14 +53,14 @@ private boolean authenticate() throws Exception { sessionId = authClient.authenticate(userName, password); client.close(); isAuthenticated = true; - } catch (TException e) { + } catch (Exception e) { throw new EntitlementProxyException("Error while authenticating with ThriftAuthenticator", e); } return isAuthenticated; } - public String getSessionId(boolean isExpired) throws Exception { + public String getSessionId(boolean isExpired) throws EntitlementProxyException { if (isExpired) { authenticate(); } diff --git a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/thrift/ThriftEntitlementServiceClient.java b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/thrift/ThriftEntitlementServiceClient.java index dc8e3b54f8..7967053c4f 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/thrift/ThriftEntitlementServiceClient.java +++ b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/thrift/ThriftEntitlementServiceClient.java @@ -1,23 +1,27 @@ /* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. * - * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. */ + package org.wso2.carbon.identity.entitlement.proxy.thrift; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.apache.thrift.TException; import org.apache.thrift.protocol.TBinaryProtocol; import org.apache.thrift.protocol.TProtocol; @@ -31,6 +35,7 @@ import org.wso2.carbon.identity.entitlement.proxy.generatedCode.EntitlementException; import org.wso2.carbon.identity.entitlement.proxy.generatedCode.EntitlementThriftClient; +import java.util.ArrayList; import java.util.List; import java.util.Map; import java.util.concurrent.ConcurrentHashMap; @@ -38,6 +43,15 @@ public class ThriftEntitlementServiceClient extends AbstractEntitlementServiceClient { + private static final Log log = LogFactory.getLog(ThriftEntitlementServiceClient.class); + public static final String URN_OASIS_NAMES_TC_XACML_1_0_SUBJECT_CATEGORY_ACCESS_SUBJECT = "urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"; + public static final String URN_OASIS_NAMES_TC_XACML_3_0_ATTRIBUTE_CATEGORY_ACTION = "urn:oasis:names:tc:xacml:3.0:attribute-category:action"; + public static final String URN_OASIS_NAMES_TC_XACML_1_0_ACTION_ACTION_ID = "urn:oasis:names:tc:xacml:1.0:action:action-id"; + public static final String URN_OASIS_NAMES_TC_XACML_3_0_ATTRIBUTE_CATEGORY_RESOURCE = "urn:oasis:names:tc:xacml:3.0:attribute-category:resource"; + public static final String URN_OASIS_NAMES_TC_XACML_1_0_RESOURCE_RESOURCE_ID = "urn:oasis:names:tc:xacml:1.0:resource:resource-id"; + public static final String URN_OASIS_NAMES_TC_XACML_3_0_ATTRIBUTE_CATEGORY_ENVIRONMENT = "urn:oasis:names:tc:xacml:3.0:attribute-category:environment"; + public static final String URN_OASIS_NAMES_TC_XACML_1_0_ENVIRONMENT_ENVIRONMENT_ID = "urn:oasis:names:tc:xacml:1.0:environment:environment-id"; + private String trustStore = System.getProperty(ProxyConstants.TRUST_STORE); private String trustStorePass = System.getProperty(ProxyConstants.TRUST_STORE_PASSWORD); private String serverUrl; @@ -47,7 +61,7 @@ public class ThriftEntitlementServiceClient extends AbstractEntitlementServiceCl private int thriftPort; private boolean reuseSession = true; - private Map authenticators = new ConcurrentHashMap(); + private Map authenticators = new ConcurrentHashMap<>(); public ThriftEntitlementServiceClient(String serverUrl, String username, String password, String thriftHost, int thriftPort, boolean reuseSession) { this.serverUrl = serverUrl; @@ -61,7 +75,7 @@ public ThriftEntitlementServiceClient(String serverUrl, String username, String @Override public String getDecision(Attribute[] attributes, String appId) throws Exception { String xacmlRequest = XACMLRequetBuilder.buildXACML3Request(attributes); - EntitlementThriftClient.Client client = getThriftClient(appId); + EntitlementThriftClient.Client client = getThriftClient(); Authenticator authenticator = getAuthenticator(serverUrl, userName, password); return getDecision(xacmlRequest, client, authenticator); @@ -70,13 +84,14 @@ public String getDecision(Attribute[] attributes, String appId) throws Exception @Override public boolean subjectCanActOnResource(String subjectType, String alias, String actionId, String resourceId, String domainId, String appId) throws Exception { - Attribute subjectAttribute = new Attribute("urn:oasis:names:tc:xacml:1.0:subject-category:access-subject", subjectType, ProxyConstants.DEFAULT_DATA_TYPE, alias); - Attribute actionAttribute = new Attribute("urn:oasis:names:tc:xacml:3.0:attribute-category:action", "urn:oasis:names:tc:xacml:1.0:action:action-id", ProxyConstants.DEFAULT_DATA_TYPE, actionId); - Attribute resourceAttribute = new Attribute("urn:oasis:names:tc:xacml:3.0:attribute-category:resource", "urn:oasis:names:tc:xacml:1.0:resource:resource-id", ProxyConstants.DEFAULT_DATA_TYPE, resourceId); - Attribute environmentAttribute = new Attribute("urn:oasis:names:tc:xacml:3.0:attribute-category:environment", "urn:oasis:names:tc:xacml:1.0:environment:environment-id", ProxyConstants.DEFAULT_DATA_TYPE, domainId); + Attribute subjectAttribute = new Attribute(URN_OASIS_NAMES_TC_XACML_1_0_SUBJECT_CATEGORY_ACCESS_SUBJECT, subjectType, ProxyConstants.DEFAULT_DATA_TYPE, alias); + Attribute actionAttribute = new Attribute(URN_OASIS_NAMES_TC_XACML_3_0_ATTRIBUTE_CATEGORY_ACTION, URN_OASIS_NAMES_TC_XACML_1_0_ACTION_ACTION_ID, ProxyConstants.DEFAULT_DATA_TYPE, actionId); + Attribute resourceAttribute = new Attribute(URN_OASIS_NAMES_TC_XACML_3_0_ATTRIBUTE_CATEGORY_RESOURCE, + URN_OASIS_NAMES_TC_XACML_1_0_RESOURCE_RESOURCE_ID, ProxyConstants.DEFAULT_DATA_TYPE, resourceId); + Attribute environmentAttribute = new Attribute(URN_OASIS_NAMES_TC_XACML_3_0_ATTRIBUTE_CATEGORY_ENVIRONMENT, URN_OASIS_NAMES_TC_XACML_1_0_ENVIRONMENT_ENVIRONMENT_ID, ProxyConstants.DEFAULT_DATA_TYPE, domainId); Attribute[] tempArr = {subjectAttribute, actionAttribute, resourceAttribute, environmentAttribute}; String xacmlRequest = XACMLRequetBuilder.buildXACML3Request(tempArr); - EntitlementThriftClient.Client client = getThriftClient(appId); + EntitlementThriftClient.Client client = getThriftClient(); Authenticator authenticator = getAuthenticator(serverUrl, userName, password); return (getDecision(xacmlRequest, client, authenticator)).contains("Permit"); } @@ -85,55 +100,60 @@ public boolean subjectCanActOnResource(String subjectType, String alias, String public boolean subjectCanActOnResource(String subjectType, String alias, String actionId, String resourceId, Attribute[] attributes, String domainId, String appId) throws Exception { Attribute[] attrs = new Attribute[attributes.length + 4]; - attrs[0] = new Attribute("urn:oasis:names:tc:xacml:1.0:subject-category:access-subject", subjectType, ProxyConstants.DEFAULT_DATA_TYPE, alias); + attrs[0] = new Attribute(URN_OASIS_NAMES_TC_XACML_1_0_SUBJECT_CATEGORY_ACCESS_SUBJECT, subjectType, ProxyConstants.DEFAULT_DATA_TYPE, alias); for (int i = 0; i < attributes.length; i++) { - attrs[i + 1] = new Attribute("urn:oasis:names:tc:xacml:1.0:subject-category:access-subject", attributes[i].getType(), + attrs[i + 1] = new Attribute(URN_OASIS_NAMES_TC_XACML_1_0_SUBJECT_CATEGORY_ACCESS_SUBJECT, attributes[i].getType(), attributes[i].getId(), attributes[i].getValue()); } - attrs[attrs.length - 3] = new Attribute("urn:oasis:names:tc:xacml:3.0:attribute-category:action", "urn:oasis:names:tc:xacml:1.0:action:action-id", ProxyConstants.DEFAULT_DATA_TYPE, actionId); - attrs[attrs.length - 2] = new Attribute("urn:oasis:names:tc:xacml:3.0:attribute-category:resource", "urn:oasis:names:tc:xacml:1.0:resource:resource-id", ProxyConstants.DEFAULT_DATA_TYPE, resourceId); - attrs[attrs.length - 1] = new Attribute("urn:oasis:names:tc:xacml:3.0:attribute-category:environment", "urn:oasis:names:tc:xacml:1.0:environment:environment-id", ProxyConstants.DEFAULT_DATA_TYPE, domainId); + attrs[attrs.length - 3] = new Attribute(URN_OASIS_NAMES_TC_XACML_3_0_ATTRIBUTE_CATEGORY_ACTION, URN_OASIS_NAMES_TC_XACML_1_0_ACTION_ACTION_ID, ProxyConstants.DEFAULT_DATA_TYPE, actionId); + attrs[attrs.length - 2] = new Attribute(URN_OASIS_NAMES_TC_XACML_3_0_ATTRIBUTE_CATEGORY_RESOURCE, URN_OASIS_NAMES_TC_XACML_1_0_RESOURCE_RESOURCE_ID, ProxyConstants.DEFAULT_DATA_TYPE, resourceId); + attrs[attrs.length - 1] = new Attribute(URN_OASIS_NAMES_TC_XACML_3_0_ATTRIBUTE_CATEGORY_ENVIRONMENT, URN_OASIS_NAMES_TC_XACML_1_0_ENVIRONMENT_ENVIRONMENT_ID, ProxyConstants.DEFAULT_DATA_TYPE, domainId); String xacmlRequest = XACMLRequetBuilder.buildXACML3Request(attrs); - EntitlementThriftClient.Client client = getThriftClient(appId); + EntitlementThriftClient.Client client = getThriftClient(); Authenticator authenticator = getAuthenticator(serverUrl, userName, password); return (getDecision(xacmlRequest, client, authenticator)).contains("Permit"); } @Override public List getResourcesForAlias(String alias, String appId) { - // TODO Auto-generated method stub - return null; + return new ArrayList<>(); } @Override public List getActionableResourcesForAlias(String alias, String appId) { - // TODO Auto-generated method stub - return null; + return new ArrayList<>(); } @Override public List getActionsForResource(String alias, String resources, String appId) { - // TODO Auto-generated method stub - return null; + return new ArrayList<>(); } @Override public List getActionableChildResourcesForAlias(String alias, String parentResource, String action, String appId) throws Exception { - // TODO Auto-generated method stub - return null; + return new ArrayList<>(); } private String getDecision(String xacmlRequest, EntitlementThriftClient.Client client, Authenticator authenticator) - throws Exception { + throws Exception { try { return client.getDecision(xacmlRequest, authenticator.getSessionId(false)); } catch (TException e) { + if (log.isDebugEnabled()) { + log.debug("Thrift entitlement exception : ", e); + } throw new EntitlementProxyException("Error while getting decision from PDP using ThriftEntitlementServiceClient", e); } catch (EntitlementException e) { + if (log.isDebugEnabled()) { + log.debug("Exception occurred : ", e); + } try { return client.getDecision(xacmlRequest, authenticator.getSessionId(true)); } catch (Exception e1) { + if (log.isDebugEnabled()) { + log.debug("Exception occurred : ", e1); + } throw new EntitlementProxyException("Error while attempting to re-authenticate the Thrift client in ", e1); } } @@ -141,24 +161,22 @@ private String getDecision(String xacmlRequest, EntitlementThriftClient.Client c private Authenticator getAuthenticator(String serverUrl, String userName, String password) throws Exception { - if (reuseSession) { - if (authenticators.containsKey(serverUrl)) { - return authenticators.get(serverUrl); - } + if (reuseSession && authenticators.containsKey(serverUrl)) { + return authenticators.get(serverUrl); } + Authenticator authenticator = new Authenticator(userName, password, serverUrl + "thriftAuthenticator"); authenticators.put(serverUrl, authenticator); return authenticator; } - private EntitlementThriftClient.Client getThriftClient(String appId) throws Exception { + private EntitlementThriftClient.Client getThriftClient() throws Exception { TSSLTransportFactory.TSSLTransportParameters param = new TSSLTransportFactory.TSSLTransportParameters(); param.setTrustStore(trustStore, trustStorePass); TTransport transport; transport = TSSLTransportFactory.getClientSocket(thriftHost, thriftPort, ProxyConstants.THRIFT_TIME_OUT, param); TProtocol protocol = new TBinaryProtocol(transport); - EntitlementThriftClient.Client client = new EntitlementThriftClient.Client(protocol); - return client; + return new EntitlementThriftClient.Client(protocol); } } diff --git a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/util/CarbonEntityResolver.java b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/util/CarbonEntityResolver.java index c0c43513fa..b7b075bd2a 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/util/CarbonEntityResolver.java +++ b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/util/CarbonEntityResolver.java @@ -1,7 +1,5 @@ -package org.wso2.carbon.identity.entitlement.proxy.util; - /* - * Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * * WSO2 Inc. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except @@ -13,11 +11,15 @@ * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the + * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. + * + * */ +package org.wso2.carbon.identity.entitlement.proxy.util; + import org.xml.sax.EntityResolver; import org.xml.sax.InputSource; import org.xml.sax.SAXException; diff --git a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/wsxacml/WSXACMLEntitlementServiceClient.java b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/wsxacml/WSXACMLEntitlementServiceClient.java index b84e8aeb77..7d749257e3 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/wsxacml/WSXACMLEntitlementServiceClient.java +++ b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/wsxacml/WSXACMLEntitlementServiceClient.java @@ -1,12 +1,12 @@ /* - * Copyright (c) 2012 WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * * WSO2 Inc. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an @@ -14,6 +14,8 @@ * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. + * + * */ package org.wso2.carbon.identity.entitlement.proxy.wsxacml; @@ -54,9 +56,12 @@ import org.opensaml.xml.io.UnmarshallerFactory; import org.opensaml.xml.security.x509.BasicX509Credential; import org.opensaml.xml.security.x509.X509Credential; -import org.opensaml.xml.signature.*; +import org.opensaml.xml.signature.KeyInfo; import org.opensaml.xml.signature.Signature; +import org.opensaml.xml.signature.SignatureValidator; import org.opensaml.xml.signature.Signer; +import org.opensaml.xml.signature.X509Certificate; +import org.opensaml.xml.signature.X509Data; import org.opensaml.xml.validation.ValidationException; import org.w3c.dom.Document; import org.w3c.dom.Element; @@ -75,8 +80,18 @@ import javax.xml.namespace.QName; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; -import java.io.*; -import java.security.*; +import java.io.BufferedInputStream; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.nio.charset.Charset; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.UnrecoverableKeyException; import java.security.cert.Certificate; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; @@ -90,9 +105,14 @@ public class WSXACMLEntitlementServiceClient extends AbstractEntitlementServiceC private static final String SECURITY_MANAGER_PROPERTY = Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY; private static final int ENTITY_EXPANSION_LIMIT = 0; + public static final String ISSUER_URL = "https://identity.carbon.wso2.org"; + public static final String DOCUMENT_BUILDER_FACTORY = "javax.xml.parsers.DocumentBuilderFactory"; + public static final String DOCUMENT_BUILDER_FACTORY_IMPL = "org.apache.xerces.jaxp.DocumentBuilderFactoryImpl"; private static boolean isBootStrapped = false; + public static final String URN_OASIS_NAMES_TC_XACML_2_0_CONTEXT_SCHEMA_OS = "urn:oasis:names:tc:xacml:2.0:context:schema:os"; + private static OMNamespace xacmlContextNS = OMAbstractFactory.getOMFactory().createOMNamespace - ("urn:oasis:names:tc:xacml:2.0:context:schema:os", "xacml-context"); + (URN_OASIS_NAMES_TC_XACML_2_0_CONTEXT_SCHEMA_OS, "xacml-context"); HttpTransportProperties.Authenticator authenticator; private String serverUrl; @@ -145,7 +165,7 @@ private static Issuer createIssuer() { IssuerBuilder issuer = (IssuerBuilder) org.opensaml.xml.Configuration.getBuilderFactory(). getBuilder(Issuer.DEFAULT_ELEMENT_NAME); Issuer issuerObject = issuer.buildObject(); - issuerObject.setValue("https://identity.carbon.wso2.org"); + issuerObject.setValue(ISSUER_URL); issuerObject.setSPProvidedID("SPPProvierId"); return issuerObject; @@ -203,13 +223,13 @@ public boolean subjectCanActOnResource(String subjectType, String alias, String @Override public List getResourcesForAlias(String alias, String appId) throws Exception { - return null; + return new ArrayList<>(); } @Override public List getActionableResourcesForAlias(String alias, String appId) throws Exception { - return null; + return new ArrayList<>(); } @Override @@ -217,14 +237,14 @@ public List getActionableChildResourcesForAlias(String alias, String par String action, String appId) throws Exception { - return null; + return new ArrayList<>(); } @Override public List getActionsForResource(String alias, String resources, String appId) throws Exception { - return null; + return new ArrayList<>(); } /** @@ -237,7 +257,6 @@ private String extractXACMLResponse(String samlResponse) throws EntitlementProxy Response samlResponseObject = null; ResponseType xacmlResponse = null; - String decision = null; doBootstrap(); Init.init(); @@ -260,7 +279,6 @@ private String extractXACMLResponse(String samlResponse) throws EntitlementProxy xacmlResponse = ((XACMLAuthzDecisionStatementType) assertion1. getStatements(XACMLAuthzDecisionStatementType.TYPE_NAME_XACML20).get(0)).getResponse(); - //decision = xacmlResponse.getResult().getDecision().getDecision().toString(); try { xacmlResponseString = org.apache.axis2.util.XMLUtils.toOM(xacmlResponse.getDOM()). toString().replaceAll("xacml-context:", ""); @@ -291,8 +309,8 @@ private String extractXACMLResponse(String samlResponse) throws EntitlementProxy private boolean validateIssuer(Issuer issuer) { boolean isValidated = false; - if (issuer.getValue().equals("https://identity.carbon.wso2.org") - && issuer.getSPProvidedID().equals("SPPProvierId")) { + if (ISSUER_URL.equals(issuer.getValue()) + && "SPPProvider".equals(issuer.getSPProvidedID())) { isValidated = true; } return isValidated; @@ -440,7 +458,8 @@ private XMLObject unmarshall(String xmlString) throws EntitlementProxyException DocumentBuilder docBuilder = documentBuilderFactory.newDocumentBuilder(); docBuilder.setEntityResolver(new CarbonEntityResolver()); - Document document = docBuilder.parse(new ByteArrayInputStream(xmlString.trim().getBytes())); + Document document = docBuilder.parse(new ByteArrayInputStream(xmlString.trim().getBytes(Charset.forName + ("UTF-8")))); Element element = document.getDocumentElement(); UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory(); Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element); @@ -462,8 +481,9 @@ private String marshall(XMLObject xmlObject) throws EntitlementProxyException { try { doBootstrap(); - System.setProperty("javax.xml.parsers.DocumentBuilderFactory", - "org.apache.xerces.jaxp.DocumentBuilderFactoryImpl"); + System.setProperty( + DOCUMENT_BUILDER_FACTORY, + DOCUMENT_BUILDER_FACTORY_IMPL); MarshallerFactory marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory(); Marshaller marshaller = marshallerFactory.getMarshaller(xmlObject); @@ -477,7 +497,7 @@ private String marshall(XMLObject xmlObject) throws EntitlementProxyException { LSOutput output = impl.createLSOutput(); output.setByteStream(byteArrayOutputStrm); writer.write(element, output); - return byteArrayOutputStrm.toString(); + return new String(byteArrayOutputStrm.toByteArray(), Charset.forName("UTF-8")); } catch (Exception e) { log.error("Error Serializing the SAML Response"); throw new EntitlementProxyException("Error Serializing the SAML Response", e); @@ -514,6 +534,11 @@ private XACMLAuthzDecisionQueryType setSignature( keyInfo.getX509Datas().add(data); signature.setKeyInfo(keyInfo); } catch (CertificateEncodingException e) { + + if (log.isDebugEnabled()) { + log.debug("Certificate Encoding Exception occurred : ", e); + } + throw new EntitlementProxyException("Error getting the certificate."); } diff --git a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/wsxacml/X509CredentialImpl.java b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/wsxacml/X509CredentialImpl.java index e115150410..ceb5fc43c6 100644 --- a/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/wsxacml/X509CredentialImpl.java +++ b/components/agents/org.wso2.carbon.identity.entitlement.proxy/src/main/org/wso2/carbon/identity/entitlement/proxy/wsxacml/X509CredentialImpl.java @@ -1,3 +1,23 @@ +/* + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + * + */ + package org.wso2.carbon.identity.entitlement.proxy.wsxacml; import org.opensaml.xml.security.credential.Credential; @@ -15,6 +35,7 @@ import java.security.cert.X509Certificate; import java.security.spec.InvalidKeySpecException; import java.security.spec.RSAPublicKeySpec; +import java.util.ArrayList; import java.util.Collection; /** @@ -49,6 +70,7 @@ public X509CredentialImpl(X509Certificate cert) { /** * Retrieves the publicKey */ + @Override public PublicKey getPublicKey() { return publicKey; } @@ -59,53 +81,53 @@ public X509Certificate getSigningCert() { // ********** Not implemented ************************************************************** + @Override public X509Certificate getEntityCertificate() { - // TODO Auto-generated method stub return null; } + @Override public Collection getCRLs() { - // TODO Auto-generated method stub - return null; + return new ArrayList<>(); } + @Override public Collection getEntityCertificateChain() { - // TODO Auto-generated method stub - return null; + return new ArrayList<>(); } + @Override public CredentialContextSet getCredentalContextSet() { - // TODO Auto-generated method stub return null; } + @Override public Class getCredentialType() { - // TODO Auto-generated method stub return null; } + @Override public String getEntityId() { - // TODO Auto-generated method stub return null; } + @Override public Collection getKeyNames() { - // TODO Auto-generated method stub - return null; + return new ArrayList<>(); } + @Override public PrivateKey getPrivateKey() { - // TODO Auto-generated method stub return null; } + @Override public SecretKey getSecretKey() { - // TODO Auto-generated method stub return null; } + @Override public UsageType getUsageType() { - // TODO Auto-generated method stub return null; } } diff --git a/components/agents/org.wso2.carbon.identity.sso.agent/pom.xml b/components/agents/org.wso2.carbon.identity.sso.agent/pom.xml index a4e5301393..e06b70dfd7 100644 --- a/components/agents/org.wso2.carbon.identity.sso.agent/pom.xml +++ b/components/agents/org.wso2.carbon.identity.sso.agent/pom.xml @@ -1,27 +1,29 @@ org.wso2.carbon.identity agents - 4.4.2-SNAPSHOT + 4.5.6-SNAPSHOT ../pom.xml diff --git a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/CarbonSSOAgentFilter.java b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/CarbonSSOAgentFilter.java index cd2feb299b..287cd0417a 100644 --- a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/CarbonSSOAgentFilter.java +++ b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/CarbonSSOAgentFilter.java @@ -1,20 +1,22 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + * + */ package org.wso2.carbon.identity.sso.agent; @@ -36,7 +38,7 @@ public class CarbonSSOAgentFilter extends SSOAgentFilter { - private static Logger LOGGER = Logger.getLogger(SSOAgentConstants.LOGGER_NAME); + private static final Logger LOGGER = Logger.getLogger(SSOAgentConstants.LOGGER_NAME); @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, @@ -60,7 +62,7 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo config.getSAML2().setSSOAgentX509Credential( new SSOAgentCarbonX509Credential(tenantId, tenantDomain)); - String htmlPayload = null; + String htmlPayload = ""; String htmlFilePath = (String) request.getAttribute( SSOAgentConstants.SSOAgentConfig.SAML2.POST_BINDING_REQUEST_HTML_FILE_PATH); if (htmlFilePath != null && !htmlFilePath.isEmpty()) { @@ -70,16 +72,14 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo try { htmlPayload = new Scanner(htmlPayload).useDelimiter("\\Z").next(); } finally { - if (scanner != null) { + if (scanner != null && scanner.ioException() != null) { IOException ioException = scanner.ioException(); - if (ioException != null) { - LOGGER.log(Level.SEVERE, - "Error occurred while reading file " + htmlFilePath + - ". Will be using the default", ioException); - htmlPayload = null; - } + LOGGER.log(Level.SEVERE, + "Error occurred while reading file " + htmlFilePath + + ". Will be using the default", ioException); + htmlPayload = null; + scanner.close(); } - scanner.close(); } } else { LOGGER.log(Level.WARNING, "Cannot find file " + htmlFilePath + diff --git a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/SSOAgentConstants.java b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/SSOAgentConstants.java index 039b8e9b0c..e947bfab33 100644 --- a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/SSOAgentConstants.java +++ b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/SSOAgentConstants.java @@ -1,20 +1,22 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + * + */ package org.wso2.carbon.identity.sso.agent; @@ -22,23 +24,40 @@ public class SSOAgentConstants { public static final String LOGGER_NAME = "org.wso2.carbon.identity.sso.agent"; + + public static final String SESSION_BEAN_NAME = + "org.wso2.carbon.identity.sso.agent.LoggedInSessionBean"; public static final String CONFIG_BEAN_NAME = "org.wso2.carbon.identity.sso.agent.SSOAgentConfig"; public static class SAML2SSO { + + private SAML2SSO() { + } + public static final String HTTP_POST_PARAM_SAML2_AUTH_REQ = "SAMLRequest"; public static final String HTTP_POST_PARAM_SAML2_RESP = "SAMLResponse"; } public static class OpenID { + public static final String OPENID_MODE = "openid.mode"; + private OpenID() { + } + } public static class OAuth2 { public static final String SAML2_BEARER_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:saml2-bearer"; + + private OAuth2() { + } + } + + private SSOAgentConstants() { } public static class SSOAgentConfig { @@ -52,6 +71,9 @@ public static class SSOAgentConfig { public static final String SKIP_URIS = "SkipURIs"; public static final String QUERY_PARAMS = "QueryParams"; + private SSOAgentConfig() { + } + public static class SAML2 { public static final String HTTP_BINDING = "SAML2.HTTPBinding"; @@ -79,6 +101,8 @@ public static class SAML2 { "SAML2.PostBindingRequestHTMLFilePath"; public static final String SIGNATURE_VALIDATOR = "SAML2.SignatureValidatorImplClass"; + private SAML2() { + } } public static class OpenID { @@ -88,6 +112,9 @@ public static class OpenID { public static final String CLAIMED_ID = "OpenId.ClaimedId"; public static final String ENABLE_ATTRIBUTE_EXCHANGE = "OpenId.EnableAttributeExchange"; public static final String ENABLE_DUMB_MODE = "OpenId.EnableDumbMode"; + + private OpenID() { + } } public static class OAuth2 { @@ -95,6 +122,9 @@ public static class OAuth2 { public static final String CLIENT_ID = "OAuth2.ClientId"; public static final String CLIENT_SECRET = "OAuth2.ClientSecret"; public static final String TOKEN_URL = "OAuth2.TokenURL"; + + private OAuth2() { + } } } diff --git a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/SSOAgentDataHolder.java b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/SSOAgentDataHolder.java new file mode 100644 index 0000000000..b52f84d404 --- /dev/null +++ b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/SSOAgentDataHolder.java @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + * + */ + +package org.wso2.carbon.identity.sso.agent; + +import org.openid4java.consumer.ConsumerManager; + +public class SSOAgentDataHolder { + + private Object signatureValidator = null; + + private ConsumerManager consumerManager; + private static SSOAgentDataHolder instance = new SSOAgentDataHolder(); + + private SSOAgentDataHolder() { + } + + public Object getSignatureValidator() { + return signatureValidator; + } + + public void setSignatureValidator(Object signatureValidator) { + this.signatureValidator = signatureValidator; + } + + + public ConsumerManager getConsumerManager() { + return consumerManager; + } + + public static SSOAgentDataHolder getInstance(){ + return instance; + } + + + public void setConsumerManager(ConsumerManager consumerManager) { + this.consumerManager = consumerManager; + } + + +} diff --git a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/SSOAgentException.java b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/SSOAgentException.java index 4185ab6088..45120f3df2 100644 --- a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/SSOAgentException.java +++ b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/SSOAgentException.java @@ -1,20 +1,22 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + * + */ package org.wso2.carbon.identity.sso.agent; diff --git a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/SSOAgentFilter.java b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/SSOAgentFilter.java index b8569a7e8b..b4021d175e 100644 --- a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/SSOAgentFilter.java +++ b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/SSOAgentFilter.java @@ -1,20 +1,22 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + * + */ package org.wso2.carbon.identity.sso.agent; @@ -24,7 +26,12 @@ import org.wso2.carbon.identity.sso.agent.saml.SAML2SSOManager; import org.wso2.carbon.identity.sso.agent.util.SSOAgentUtils; -import javax.servlet.*; +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; @@ -36,18 +43,20 @@ */ public class SSOAgentFilter implements Filter { - private static Logger LOGGER = Logger.getLogger(SSOAgentConstants.LOGGER_NAME); + private static final Logger LOGGER = Logger.getLogger(SSOAgentConstants.LOGGER_NAME); /** * @see Filter#init(FilterConfig) */ + @Override public void init(FilterConfig fConfig) throws ServletException { - + return; } /** * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain) */ + @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException { @@ -161,8 +170,9 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo /** * @see Filter#destroy() */ + @Override public void destroy() { - + return; } protected void handleException(HttpServletRequest request, SSOAgentException e) diff --git a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/SSOAgentRequestResolver.java b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/SSOAgentRequestResolver.java index f6c5d79d4e..25b5fb5d9f 100644 --- a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/SSOAgentRequestResolver.java +++ b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/SSOAgentRequestResolver.java @@ -1,20 +1,22 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + * + */ package org.wso2.carbon.identity.sso.agent; @@ -30,13 +32,11 @@ public class SSOAgentRequestResolver { SSOAgentConfig ssoAgentConfig = null; HttpServletRequest request = null; - HttpServletResponse response = null; public SSOAgentRequestResolver(HttpServletRequest request, HttpServletResponse response, SSOAgentConfig ssoAgentConfig) { this.request = request; - this.response = response; this.ssoAgentConfig = ssoAgentConfig; } diff --git a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/bean/LoggedInSessionBean.java b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/bean/LoggedInSessionBean.java index 2dfa5c16d2..e3e31d1716 100644 --- a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/bean/LoggedInSessionBean.java +++ b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/bean/LoggedInSessionBean.java @@ -1,20 +1,22 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + * + */ package org.wso2.carbon.identity.sso.agent.bean; @@ -22,11 +24,15 @@ import org.openid4java.discovery.DiscoveryInformation; import org.opensaml.saml2.core.Assertion; import org.opensaml.saml2.core.Response; +import org.wso2.carbon.identity.sso.agent.SSOAgentException; +import org.wso2.carbon.identity.sso.agent.util.SSOAgentUtils; +import java.io.IOException; +import java.io.Serializable; import java.util.List; import java.util.Map; -public class LoggedInSessionBean { +public class LoggedInSessionBean implements Serializable{ private OpenID openId; @@ -48,7 +54,7 @@ public void setOpenId(OpenID openId) { this.openId = openId; } - public static class AccessTokenResponseBean { + public static class AccessTokenResponseBean implements Serializable{ private String accessToken; @@ -90,13 +96,19 @@ public void setExpiresIn(String expiresIn) { this.expiresIn = expiresIn; } + @Override public String toString() { Gson gson = new Gson(); return gson.toJson(this); } + + public AccessTokenResponseBean deSerialize(String accessTokenResponseBeanString) { + Gson gson = new Gson(); + return gson.fromJson(accessTokenResponseBeanString, AccessTokenResponseBean.class); + } } - public class OpenID { + public class OpenID implements Serializable { private DiscoveryInformation discoveryInformation; @@ -129,8 +141,9 @@ public void setSubjectAttributes(Map> subjectAttributes) { } } - public class SAML2SSO { + public class SAML2SSO implements Serializable{ + public static final String EMPTY_STRING = ""; private String subjectId; private Response response; @@ -147,6 +160,49 @@ public class SAML2SSO { private Map subjectAttributes; + private void writeObject(java.io.ObjectOutputStream stream) + throws IOException { + + stream.writeObject(subjectId); + + stream.writeObject(responseString); + + stream.writeObject(assertionString); + + stream.writeObject(sessionIndex); + if (accessTokenResponseBean != null) { + stream.writeObject(accessTokenResponseBean.toString()); + } else { + stream.writeObject(EMPTY_STRING); + } + stream.writeObject(subjectAttributes); + } + + private void readObject(java.io.ObjectInputStream stream) + throws IOException, ClassNotFoundException, SSOAgentException { + + subjectId = (String) stream.readObject(); + + responseString = (String) stream.readObject(); + if (responseString != null && !EMPTY_STRING.equals(responseString)) { + response = (Response) SSOAgentUtils.unmarshall(responseString); + } + + assertionString = (String) stream.readObject(); + if (responseString != null && !EMPTY_STRING.equals(assertionString)) { + assertion = (Assertion) SSOAgentUtils.unmarshall(assertionString); + } + + sessionIndex = (String) stream.readObject(); + String accessTokenResponseBeanString = (String) stream.readObject(); + if (!EMPTY_STRING.equals(accessTokenResponseBeanString)) { + accessTokenResponseBean = accessTokenResponseBean.deSerialize(accessTokenResponseBeanString); + } else { + accessTokenResponseBean = null; + } + subjectAttributes = (Map) stream.readObject(); + } + public String getSubjectId() { return subjectId; } diff --git a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/bean/SSOAgentConfig.java b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/bean/SSOAgentConfig.java index 5e0345741c..2961d7beff 100644 --- a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/bean/SSOAgentConfig.java +++ b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/bean/SSOAgentConfig.java @@ -1,23 +1,26 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + * + */ package org.wso2.carbon.identity.sso.agent.bean; +import org.apache.commons.lang.StringUtils; import org.opensaml.common.xml.SAMLConstants; import org.wso2.carbon.identity.sso.agent.SSOAgentConstants; import org.wso2.carbon.identity.sso.agent.SSOAgentException; @@ -25,13 +28,19 @@ import org.wso2.carbon.identity.sso.agent.saml.SSOAgentCarbonX509Credential; import org.wso2.carbon.identity.sso.agent.saml.SSOAgentX509Credential; -import java.util.*; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Properties; +import java.util.Set; import java.util.logging.Level; import java.util.logging.Logger; public class SSOAgentConfig { - private static Logger LOGGER = Logger.getLogger(SSOAgentConstants.LOGGER_NAME); + private static final Logger LOGGER = Logger.getLogger(SSOAgentConstants.LOGGER_NAME); private Boolean isSAML2SSOLoginEnabled = false; private Boolean isOpenIdLoginEnabled = false; @@ -162,7 +171,7 @@ public void initConfig(Properties properties) throws SSOAgentException { SSOAgentConstants.SSOAgentConfig.OAUTH2_SAML2_GRANT_URL); String skipURIsString = properties.getProperty(SSOAgentConstants.SSOAgentConfig.SKIP_URIS); - if (skipURIsString != null && !skipURIsString.isEmpty()) { + if (!StringUtils.isBlank(skipURIsString)) { String[] skipURIArray = skipURIsString.split(","); for (String skipURI : skipURIArray) { skipURIs.add(skipURI); @@ -170,7 +179,7 @@ public void initConfig(Properties properties) throws SSOAgentException { } String queryParamsString = properties.getProperty(SSOAgentConstants.SSOAgentConfig.QUERY_PARAMS); - if (queryParamsString != null && !queryParamsString.isEmpty()) { + if (!StringUtils.isBlank(queryParamsString)) { String[] queryParamsArray = queryParamsString.split("&"); Map> queryParamMap = new HashMap>(); if (queryParamsArray.length > 0) { diff --git a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/bean/SSOAgentSessionBean.java b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/bean/SSOAgentSessionBean.java index 61310ce69b..4e54f1fde3 100644 --- a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/bean/SSOAgentSessionBean.java +++ b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/bean/SSOAgentSessionBean.java @@ -1,20 +1,22 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + * + */ package org.wso2.carbon.identity.sso.agent.bean; @@ -90,7 +92,8 @@ public void setExpires_in(String expires_in) { this.expires_in = expires_in; } - public String toString() { + @Override + public String toString() { Gson gson = new Gson(); return gson.toJson(this); } diff --git a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/exception/SSOAgentException.java b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/exception/SSOAgentException.java index 74628acea1..73525a2af0 100644 --- a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/exception/SSOAgentException.java +++ b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/exception/SSOAgentException.java @@ -1,20 +1,22 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + * + */ package org.wso2.carbon.identity.sso.agent.exception; diff --git a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/oauth2/SAML2GrantAccessTokenRequestor.java b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/oauth2/SAML2GrantAccessTokenRequestor.java index 962b617233..af7b26dd88 100644 --- a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/oauth2/SAML2GrantAccessTokenRequestor.java +++ b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/oauth2/SAML2GrantAccessTokenRequestor.java @@ -1,24 +1,28 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + * + */ package org.wso2.carbon.identity.sso.agent.oauth2; import com.google.gson.Gson; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.opensaml.xml.util.Base64; import org.wso2.carbon.identity.sso.agent.bean.SSOAgentSessionBean; import org.wso2.carbon.identity.sso.agent.exception.SSOAgentException; @@ -32,9 +36,16 @@ import java.net.HttpURLConnection; import java.net.URL; import java.net.URLEncoder; +import java.nio.charset.Charset; public class SAML2GrantAccessTokenRequestor { + private static final Log log = LogFactory.getLog(SAML2GrantAccessTokenRequestor.class); + public static final String SAML2_BEARER_ASSERTION = "grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer&assertion="; + + private SAML2GrantAccessTokenRequestor() { + } + public static void getAccessToken(HttpServletRequest request) throws SSOAgentException { @@ -46,10 +57,15 @@ public static void getAccessToken(HttpServletRequest request) throws SSOAgentExc String consumerKey = SSOAgentConfigs.getOAuth2ClientId(); String consumerSecret = SSOAgentConfigs.getOAuth2ClientSecret(); String tokenEndpoint = SSOAgentConfigs.getTokenEndpoint(); + String keySecret = consumerKey+":"+consumerSecret; String accessTokenResponse = executePost(tokenEndpoint, - "grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer&assertion=" + URLEncoder.encode(Base64.encodeBytes(samlAssertionString.getBytes()).replaceAll("\n", "")), - Base64.encodeBytes(new String(consumerKey + ":" + consumerSecret).getBytes()).replace("\n", "")); + SAML2_BEARER_ASSERTION + URLEncoder.encode(Base64 + .encodeBytes(samlAssertionString.getBytes(Charset.forName("UTF-8"))).replaceAll("\n", "")), + Base64.encodeBytes(keySecret.getBytes(Charset.forName + ("UTF-8"))) + .replace("\n", + "")); Gson gson = new Gson(); SSOAgentSessionBean.AccessTokenResponseBean accessTokenResp = @@ -64,7 +80,7 @@ public static void getAccessToken(HttpServletRequest request) throws SSOAgentExc } } - public static String executePost(String targetURL, String urlParameters, String clientCredentials) throws Exception { + public static String executePost(String targetURL, String urlParameters, String clientCredentials) throws SSOAgentException { URL url; HttpURLConnection connection = null; @@ -78,7 +94,7 @@ public static String executePost(String targetURL, String urlParameters, String connection.setRequestProperty("Authorization", "Basic " + clientCredentials); connection.setRequestProperty("Content-Length", "" + - Integer.toString(urlParameters.getBytes().length)); + Integer.toString(urlParameters.getBytes(Charset.forName("UTF-8")).length)); connection.setUseCaches(false); connection.setDoInput(true); @@ -95,7 +111,7 @@ public static String executePost(String targetURL, String urlParameters, String InputStream is = connection.getInputStream(); BufferedReader rd = new BufferedReader(new InputStreamReader(is)); String line; - StringBuffer response = new StringBuffer(); + StringBuilder response = new StringBuilder(); while ((line = rd.readLine()) != null) { response.append(line); response.append('\r'); @@ -103,6 +119,9 @@ public static String executePost(String targetURL, String urlParameters, String rd.close(); return response.toString(); + } catch (Exception e) { + + throw new SSOAgentException("Exception while executiong post", e); } finally { if (connection != null) { diff --git a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/oauth2/SAML2GrantManager.java b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/oauth2/SAML2GrantManager.java index 9c65875a4f..fe50f5b2fe 100644 --- a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/oauth2/SAML2GrantManager.java +++ b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/oauth2/SAML2GrantManager.java @@ -1,20 +1,22 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + * + */ package org.wso2.carbon.identity.sso.agent.oauth2; @@ -27,10 +29,15 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import java.io.*; +import java.io.BufferedReader; +import java.io.DataOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; import java.net.HttpURLConnection; import java.net.URL; import java.net.URLEncoder; +import java.nio.charset.Charset; public class SAML2GrantManager { @@ -48,12 +55,14 @@ public void getAccessToken(HttpServletRequest request, HttpServletResponse respo getAttribute(SSOAgentConstants.SESSION_BEAN_NAME)).getSAML2SSO(). getAssertionString(); + String clientLogin = ssoAgentConfig.getOAuth2().getClientId() + ":" + + ssoAgentConfig.getOAuth2().getClientSecret(); + String accessTokenResponse = executePost( "grant_type=" + SSOAgentConstants.OAuth2.SAML2_BEARER_GRANT_TYPE + "&assertion=" + URLEncoder.encode(Base64.encodeBytes( - samlAssertionString.getBytes()).replaceAll("\n", "")), - Base64.encodeBytes(new String(ssoAgentConfig.getOAuth2().getClientId() + ":" + - ssoAgentConfig.getOAuth2().getClientSecret()).getBytes()).replace("\n", "")); + samlAssertionString.getBytes(Charset.forName("UTF-8"))).replaceAll("\n", "")), + Base64.encodeBytes(clientLogin.getBytes(Charset.forName("UTF-8"))).replace("\n", "")); Gson gson = new Gson(); LoggedInSessionBean.AccessTokenResponseBean accessTokenResp = @@ -79,7 +88,7 @@ protected String executePost(String urlParameters, String basicAuthHeader) connection.setRequestProperty("Authorization", "Basic " + basicAuthHeader); connection.setRequestProperty("Content-Length", "" + - Integer.toString(urlParameters.getBytes().length)); + Integer.toString(urlParameters.getBytes(Charset.forName("UTF-8")).length)); connection.setUseCaches(false); connection.setDoInput(true); @@ -96,7 +105,7 @@ protected String executePost(String urlParameters, String basicAuthHeader) InputStream is = connection.getInputStream(); BufferedReader rd = new BufferedReader(new InputStreamReader(is)); String line; - StringBuffer response = new StringBuffer(); + StringBuilder response = new StringBuilder(); while ((line = rd.readLine()) != null) { response.append(line); response.append('\r'); diff --git a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/openid/AttributesRequestor.java b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/openid/AttributesRequestor.java index 8eb29709fb..f1f973576d 100644 --- a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/openid/AttributesRequestor.java +++ b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/openid/AttributesRequestor.java @@ -1,20 +1,22 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + * + */ package org.wso2.carbon.identity.sso.agent.openid; @@ -22,12 +24,12 @@ public interface AttributesRequestor { void init(); - String[] getRequestedAttributes(String claimed_id); + String[] getRequestedAttributes(String claimedId); - boolean isRequired(String claimed_id, String alias); + boolean isRequired(String claimedId, String alias); - String getTypeURI(String claimed_id, String alias); + String getTypeURI(String claimedId, String alias); - int getCount(String claimed_id, String alias); + int getCount(String claimedId, String alias); } diff --git a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/openid/OpenIDManager.java b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/openid/OpenIDManager.java index 85677c7788..c138f88b03 100644 --- a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/openid/OpenIDManager.java +++ b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/openid/OpenIDManager.java @@ -1,3 +1,23 @@ +/* + * Copyright (c) 2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + * + */ + package org.wso2.carbon.identity.sso.agent.openid; import org.openid4java.association.AssociationException; @@ -20,6 +40,7 @@ import org.openid4java.server.RealmVerifierFactory; import org.openid4java.util.HttpFetcherFactory; import org.wso2.carbon.identity.sso.agent.SSOAgentConstants; +import org.wso2.carbon.identity.sso.agent.SSOAgentDataHolder; import org.wso2.carbon.identity.sso.agent.SSOAgentException; import org.wso2.carbon.identity.sso.agent.bean.LoggedInSessionBean; import org.wso2.carbon.identity.sso.agent.bean.SSOAgentConfig; @@ -35,12 +56,11 @@ public class OpenIDManager { // Smart OpenID Consumer Manager - private static ConsumerManager consumerManager = null; AttributesRequestor attributesRequestor = null; private SSOAgentConfig ssoAgentConfig = null; public OpenIDManager(SSOAgentConfig ssoAgentConfig) throws SSOAgentException { - consumerManager = getConsumerManagerInstance(); + SSOAgentDataHolder.getInstance().setConsumerManager(getConsumerManagerInstance()); this.ssoAgentConfig = ssoAgentConfig; } @@ -59,20 +79,21 @@ private ConsumerManager getConsumerManagerInstance() throws SSOAgentException { public String doOpenIDLogin(HttpServletRequest request, HttpServletResponse response) throws SSOAgentException { - String claimed_id = ssoAgentConfig.getOpenId().getClaimedId(); + String claimedId = ssoAgentConfig.getOpenId().getClaimedId(); try { + ConsumerManager manager = SSOAgentDataHolder.getInstance().getConsumerManager(); if (ssoAgentConfig.getOpenId().isDumbModeEnabled()) { // Switch the consumer manager to dumb mode - consumerManager.setMaxAssocAttempts(0); + manager.setMaxAssocAttempts(0); } // Discovery on the user supplied ID - List discoveries = consumerManager.discover(claimed_id); + List discoveries = manager.discover(claimedId); // Associate with the OP and share a secret - DiscoveryInformation discovered = consumerManager.associate(discoveries); + DiscoveryInformation discovered = manager.associate(discoveries); // Keeping necessary parameters to verify the AuthResponse LoggedInSessionBean sessionBean = new LoggedInSessionBean(); @@ -80,8 +101,8 @@ public String doOpenIDLogin(HttpServletRequest request, HttpServletResponse resp sessionBean.getOpenId().setDiscoveryInformation(discovered); // set the discovery information request.getSession().setAttribute(SSOAgentConstants.SESSION_BEAN_NAME, sessionBean); - consumerManager.setImmediateAuth(true); - AuthRequest authReq = consumerManager.authenticate(discovered, + manager.setImmediateAuth(true); + AuthRequest authReq = manager.authenticate(discovered, ssoAgentConfig.getOpenId().getReturnToURL()); @@ -92,16 +113,16 @@ public String doOpenIDLogin(HttpServletRequest request, HttpServletResponse resp attributesRequestor = ssoAgentConfig.getOpenId().getAttributesRequestor(); attributesRequestor.init(); - String[] requestedAttributes = attributesRequestor.getRequestedAttributes(claimed_id); + String[] requestedAttributes = attributesRequestor.getRequestedAttributes(claimedId); // Getting required attributes using FetchRequest FetchRequest fetchRequest = FetchRequest.createFetchRequest(); for (String requestedAttribute : requestedAttributes) { fetchRequest.addAttribute(requestedAttribute, - attributesRequestor.getTypeURI(claimed_id, requestedAttribute), - attributesRequestor.isRequired(claimed_id, requestedAttribute), - attributesRequestor.getCount(claimed_id, requestedAttribute)); + attributesRequestor.getTypeURI(claimedId, requestedAttribute), + attributesRequestor.isRequired(claimedId, requestedAttribute), + attributesRequestor.getCount(claimedId, requestedAttribute)); } // Adding the AX extension to the AuthRequest message @@ -109,6 +130,8 @@ public String doOpenIDLogin(HttpServletRequest request, HttpServletResponse resp } // Returning OP Url + SSOAgentDataHolder.getInstance().setConsumerManager(manager); + return authReq.getDestinationUrl(true); } catch (YadisException e) { @@ -144,7 +167,7 @@ public void processOpenIDLoginResponse(HttpServletRequest request, HttpServletRe // Verify return-to, discoveries, nonce & signature // Signature will be verified using the shared secret - VerificationResult verificationResult = consumerManager.verify( + VerificationResult verificationResult = SSOAgentDataHolder.getInstance().getConsumerManager().verify( ssoAgentConfig.getOpenId().getReturnToURL(), authResponseParams, discovered); Identifier verified = verificationResult.getVerifiedId(); @@ -193,28 +216,6 @@ public void processOpenIDLoginResponse(HttpServletRequest request, HttpServletRe } -// protected SSLContext loadSSLContext() throws SSOAgentException { -// -// KeyStore trustStore = null; -// try { -// -// trustStore = SSOAgentConfig.getKeyStore(); -// -// TrustManagerFactory tmf = TrustManagerFactory -// .getInstance(TrustManagerFactory.getDefaultAlgorithm()); -// -// tmf.init(trustStore); -// -// SSLContext sslContext = SSLContext.getInstance("TLS"); -// sslContext.init(null, tmf.getTrustManagers(), null); -// return sslContext; -// } catch (NoSuchAlgorithmException e) { -// throw new SSOAgentException("Error when reading keystore", e); -// } catch (KeyManagementException e) { -// throw new SSOAgentException("Error when reading keystore", e); -// } catch (KeyStoreException e) { -// throw new SSOAgentException("Error when reading keystore", e); -// } -// } + } diff --git a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SAML2SSOManager.java b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SAML2SSOManager.java index d10120a4bc..d6a322e98a 100644 --- a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SAML2SSOManager.java +++ b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SAML2SSOManager.java @@ -6,7 +6,7 @@ * in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an @@ -14,27 +14,55 @@ * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. + * + * */ package org.wso2.carbon.identity.sso.agent.saml; -import org.apache.xerces.impl.Constants; -import org.apache.xerces.util.SecurityManager; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.apache.xml.security.signature.XMLSignature; import org.joda.time.DateTime; import org.opensaml.Configuration; -import org.opensaml.DefaultBootstrap; import org.opensaml.common.SAMLVersion; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.common.Extensions; -import org.opensaml.saml2.core.*; -import org.opensaml.saml2.core.impl.*; +import org.opensaml.saml2.core.Assertion; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.AttributeStatement; +import org.opensaml.saml2.core.Audience; +import org.opensaml.saml2.core.AudienceRestriction; +import org.opensaml.saml2.core.AuthnContextClassRef; +import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; +import org.opensaml.saml2.core.AuthnRequest; +import org.opensaml.saml2.core.Conditions; +import org.opensaml.saml2.core.EncryptedAssertion; +import org.opensaml.saml2.core.Issuer; +import org.opensaml.saml2.core.LogoutRequest; +import org.opensaml.saml2.core.LogoutResponse; +import org.opensaml.saml2.core.NameID; +import org.opensaml.saml2.core.NameIDPolicy; +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.RequestedAuthnContext; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.SessionIndex; +import org.opensaml.saml2.core.StatusCode; +import org.opensaml.saml2.core.impl.AuthnContextClassRefBuilder; +import org.opensaml.saml2.core.impl.AuthnRequestBuilder; +import org.opensaml.saml2.core.impl.IssuerBuilder; +import org.opensaml.saml2.core.impl.LogoutRequestBuilder; +import org.opensaml.saml2.core.impl.NameIDBuilder; +import org.opensaml.saml2.core.impl.NameIDPolicyBuilder; +import org.opensaml.saml2.core.impl.RequestedAuthnContextBuilder; +import org.opensaml.saml2.core.impl.SessionIndexBuilder; import org.opensaml.saml2.ecp.RelayState; import org.opensaml.saml2.encryption.Decrypter; -import org.opensaml.xml.ConfigurationException; import org.opensaml.xml.XMLObject; import org.opensaml.xml.encryption.EncryptedKey; -import org.opensaml.xml.io.*; +import org.opensaml.xml.io.Marshaller; +import org.opensaml.xml.io.MarshallerFactory; +import org.opensaml.xml.io.MarshallingException; import org.opensaml.xml.security.SecurityHelper; import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver; @@ -43,31 +71,29 @@ import org.opensaml.xml.util.Base64; import org.opensaml.xml.util.XMLHelper; import org.opensaml.xml.validation.ValidationException; -import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.bootstrap.DOMImplementationRegistry; import org.w3c.dom.ls.DOMImplementationLS; import org.w3c.dom.ls.LSOutput; import org.w3c.dom.ls.LSSerializer; import org.wso2.carbon.identity.sso.agent.SSOAgentConstants; +import org.wso2.carbon.identity.sso.agent.SSOAgentDataHolder; import org.wso2.carbon.identity.sso.agent.SSOAgentException; import org.wso2.carbon.identity.sso.agent.bean.LoggedInSessionBean; import org.wso2.carbon.identity.sso.agent.bean.SSOAgentConfig; -import org.wso2.carbon.identity.sso.agent.util.CarbonEntityResolver; import org.wso2.carbon.identity.sso.agent.util.SAMLSignatureValidator; import org.wso2.carbon.identity.sso.agent.util.SSOAgentUtils; -import org.xml.sax.SAXException; import javax.crypto.SecretKey; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; -import javax.xml.XMLConstants; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; -import java.io.*; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.StringWriter; +import java.io.UnsupportedEncodingException; import java.net.URLEncoder; +import java.nio.charset.Charset; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -83,13 +109,11 @@ */ public class SAML2SSOManager { - private static final String SECURITY_MANAGER_PROPERTY = Constants.XERCES_PROPERTY_PREFIX + - Constants.SECURITY_MANAGER_PROPERTY; - private static final int ENTITY_EXPANSION_LIMIT = 0; - private static Logger LOGGER = Logger.getLogger(SSOAgentConstants.LOGGER_NAME); - private static volatile boolean bootStrapped = false; + private static final Log log = LogFactory.getLog(SAML2SSOManager.class); + + + private static final Logger LOGGER = Logger.getLogger(SSOAgentConstants.LOGGER_NAME); private SSOAgentConfig ssoAgentConfig = null; - private static Object signatureValidator = null; public SAML2SSOManager(SSOAgentConfig ssoAgentConfig) throws SSOAgentException { @@ -99,7 +123,7 @@ public SAML2SSOManager(SSOAgentConfig ssoAgentConfig) throws SSOAgentException { String signerClassName = ssoAgentConfig.getSAML2().getSignatureValidatorImplClass(); try { if (signerClassName != null) { - signatureValidator = Class.forName(signerClassName).newInstance(); + SSOAgentDataHolder.getInstance().setSignatureValidator(Class.forName(signerClassName).newInstance()); } } catch (ClassNotFoundException e) { throw new SSOAgentException("Error loading custom signature validator class", e); @@ -108,18 +132,7 @@ public SAML2SSOManager(SSOAgentConfig ssoAgentConfig) throws SSOAgentException { } catch (InstantiationException e) { throw new SSOAgentException("Error loading custom signature validator class", e); } - try { - if (!bootStrapped) { - synchronized (this) { - if (!bootStrapped) { - DefaultBootstrap.bootstrap(); - bootStrapped = true; - } - } - } - } catch (ConfigurationException e) { - throw new SSOAgentException("Error while bootstrapping OpenSAML library", e); - } + SSOAgentUtils.doBootstrap(); } /** @@ -279,8 +292,8 @@ public void processResponse(HttpServletRequest request, HttpServletResponse resp String saml2SSOResponse = request.getParameter(SSOAgentConstants.SAML2SSO.HTTP_POST_PARAM_SAML2_RESP); if (saml2SSOResponse != null) { - String decodedResponse = new String(Base64.decode(saml2SSOResponse)); - XMLObject samlObject = unmarshall(decodedResponse); + String decodedResponse = new String(Base64.decode(saml2SSOResponse), Charset.forName("UTF-8")); + XMLObject samlObject = SSOAgentUtils.unmarshall(decodedResponse); if (samlObject instanceof LogoutResponse) { //This is a SAML response for a single logout request from the SP doSLO(request); @@ -288,11 +301,12 @@ public void processResponse(HttpServletRequest request, HttpServletResponse resp processSSOResponse(request); } String relayState = request.getParameter(RelayState.DEFAULT_ELEMENT_LOCAL_NAME); - if (relayState != null) { - if (!relayState.isEmpty() && !"null".equalsIgnoreCase(relayState)) { //additional checks for incompetent IdPs - ssoAgentConfig.getSAML2().setRelayState(relayState); - } + + if (relayState != null && !relayState.isEmpty() && !"null".equalsIgnoreCase(relayState)) { //additional + // checks for incompetent IdPs + ssoAgentConfig.getSAML2().setRelayState(relayState); } + } else { throw new SSOAgentException("Invalid SAML2 Response. SAML2 Response can not be null."); } @@ -310,12 +324,12 @@ public void doSLO(HttpServletRequest request) throws SSOAgentException { XMLObject saml2Object = null; if (request.getParameter(SSOAgentConstants.SAML2SSO.HTTP_POST_PARAM_SAML2_AUTH_REQ) != null) { - saml2Object = unmarshall(new String(Base64.decode(request.getParameter( - SSOAgentConstants.SAML2SSO.HTTP_POST_PARAM_SAML2_AUTH_REQ)))); + saml2Object = SSOAgentUtils.unmarshall(new String(Base64.decode(request.getParameter( + SSOAgentConstants.SAML2SSO.HTTP_POST_PARAM_SAML2_AUTH_REQ)), Charset.forName("UTF-8"))); } if (saml2Object == null) { - saml2Object = unmarshall(new String(Base64.decode(request.getParameter( - SSOAgentConstants.SAML2SSO.HTTP_POST_PARAM_SAML2_RESP)))); + saml2Object = SSOAgentUtils.unmarshall(new String(Base64.decode(request.getParameter( + SSOAgentConstants.SAML2SSO.HTTP_POST_PARAM_SAML2_RESP)), Charset.forName("UTF-8"))); } if (saml2Object instanceof LogoutRequest) { LogoutRequest logoutRequest = (LogoutRequest) saml2Object; @@ -334,7 +348,16 @@ public void doSLO(HttpServletRequest request) throws SSOAgentException { Set sessions = SSOAgentSessionManager.invalidateAllSessions(request.getSession(false)); for (HttpSession session : sessions) { - session.invalidate(); + try { + session.invalidate(); + } catch (IllegalStateException ignore) { + + if (log.isDebugEnabled()) { + log.debug("Ignoring exception : ", ignore); + } + //ignore + //session is already invalidated + } } } } else { @@ -349,8 +372,8 @@ protected void processSSOResponse(HttpServletRequest request) throws SSOAgentExc String saml2ResponseString = new String(Base64.decode(request.getParameter( - SSOAgentConstants.SAML2SSO.HTTP_POST_PARAM_SAML2_RESP))); - Response saml2Response = (Response) unmarshall(saml2ResponseString); + SSOAgentConstants.SAML2SSO.HTTP_POST_PARAM_SAML2_RESP)), Charset.forName("UTF-8")); + Response saml2Response = (Response) SSOAgentUtils.unmarshall(saml2ResponseString); sessionBean.getSAML2SSO().setResponseString(saml2ResponseString); sessionBean.getSAML2SSO().setSAMLResponse(saml2Response); @@ -358,17 +381,20 @@ protected void processSSOResponse(HttpServletRequest request) throws SSOAgentExc if (ssoAgentConfig.getSAML2().isAssertionEncrypted()) { List encryptedAssertions = saml2Response.getEncryptedAssertions(); EncryptedAssertion encryptedAssertion = null; - if (encryptedAssertions != null && encryptedAssertions.size() > 0) { + if (!org.apache.commons.collections.CollectionUtils.isEmpty(encryptedAssertions)) { encryptedAssertion = encryptedAssertions.get(0); try { assertion = getDecryptedAssertion(encryptedAssertion); } catch (Exception e) { + if (log.isDebugEnabled()) { + log.debug("Assertion decryption failure : ", e); + } throw new SSOAgentException("Unable to decrypt the SAML2 Assertion"); } } } else { List assertions = saml2Response.getAssertions(); - if (assertions != null && assertions.size() > 0) { + if (assertions != null && !assertions.isEmpty()) { assertion = assertions.get(0); } } @@ -539,7 +565,7 @@ protected String encodeRequestMessage(RequestAbstractType requestMessage, String ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); DeflaterOutputStream deflaterOutputStream = new DeflaterOutputStream (byteArrayOutputStream, deflater); - deflaterOutputStream.write(rspWrt.toString().getBytes()); + deflaterOutputStream.write(rspWrt.toString().getBytes(Charset.forName("UTF-8"))); deflaterOutputStream.close(); String encodedRequestMessage = Base64.encodeBytes(byteArrayOutputStream .toByteArray(), Base64.DONT_BREAK_LINES); @@ -562,45 +588,6 @@ protected String encodeRequestMessage(RequestAbstractType requestMessage, String } } - protected XMLObject unmarshall(String saml2SSOString) throws SSOAgentException { - - try { - String decodedString = decodeHTMLCharacters(saml2SSOString); - DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); - documentBuilderFactory.setNamespaceAware(true); - - documentBuilderFactory.setExpandEntityReferences(false); - documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); - SecurityManager securityManager = new SecurityManager(); - securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT); - documentBuilderFactory.setAttribute(SECURITY_MANAGER_PROPERTY, securityManager); - - DocumentBuilder docBuilder = documentBuilderFactory.newDocumentBuilder(); - docBuilder.setEntityResolver(new CarbonEntityResolver()); - ByteArrayInputStream is = new ByteArrayInputStream(decodedString.getBytes()); - Document document = docBuilder.parse(is); - Element element = document.getDocumentElement(); - UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory(); - Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element); - return unmarshaller.unmarshall(element); - } catch (ParserConfigurationException e) { - throw new SSOAgentException("Error in unmarshalling SAML2SSO Request from the encoded String", e); - } catch (UnmarshallingException e) { - throw new SSOAgentException("Error in unmarshalling SAML2SSO Request from the encoded String", e); - } catch (SAXException e) { - throw new SSOAgentException("Error in unmarshalling SAML2SSO Request from the encoded String", e); - } catch (IOException e) { - throw new SSOAgentException("Error in unmarshalling SAML2SSO Request from the encoded String", e); - } - - } - - private String decodeHTMLCharacters(String encodedStr) { - - return encodedStr.replaceAll("&", "&").replaceAll("<", "<").replaceAll(">", ">") - .replaceAll(""", "\"").replaceAll("'", "'"); - - } /* * Process the response and returns the results @@ -609,20 +596,20 @@ private Map getAssertionStatements(Assertion assertion) { Map results = new HashMap(); - if (assertion != null) { + if (assertion != null && assertion.getAttributeStatements() != null) { List attributeStatementList = assertion.getAttributeStatements(); - if (attributeStatementList != null) { - for (AttributeStatement statement : attributeStatementList) { - List attributesList = statement.getAttributes(); - for (Attribute attribute : attributesList) { - Element value = attribute.getAttributeValues().get(0).getDOM(); - String attributeValue = value.getTextContent(); - results.put(attribute.getName(), attributeValue); - } + + for (AttributeStatement statement : attributeStatementList) { + List attributesList = statement.getAttributes(); + for (Attribute attribute : attributesList) { + Element value = attribute.getAttributeValues().get(0).getDOM(); + String attributeValue = value.getTextContent(); + results.put(attribute.getName(), attributeValue); } } + } return results; } @@ -642,7 +629,8 @@ protected void validateAudienceRestriction(Assertion assertion) throws SSOAgentE if (audienceRestrictions != null && !audienceRestrictions.isEmpty()) { boolean audienceFound = false; for (AudienceRestriction audienceRestriction : audienceRestrictions) { - if (audienceRestriction.getAudiences() != null && audienceRestriction.getAudiences().size() > 0) { + if (audienceRestriction.getAudiences() != null && !audienceRestriction.getAudiences().isEmpty() + ) { for (Audience audience : audienceRestriction.getAudiences()) { if (ssoAgentConfig.getSAML2().getSPEntityId().equals(audience.getAudienceURI())) { audienceFound = true; @@ -675,9 +663,10 @@ protected void validateAudienceRestriction(Assertion assertion) throws SSOAgentE */ protected void validateSignature(Response response, Assertion assertion) throws SSOAgentException { - if (signatureValidator != null) { + if (SSOAgentDataHolder.getInstance().getSignatureValidator() != null) { //Custom implemetation of signature validation - SAMLSignatureValidator signatureValidatorUtility = (SAMLSignatureValidator) signatureValidator; + SAMLSignatureValidator signatureValidatorUtility = (SAMLSignatureValidator) SSOAgentDataHolder + .getInstance().getSignatureValidator(); signatureValidatorUtility.validateSignature(response, assertion, ssoAgentConfig); } else { //If custom implementation not found, Execute the default implementation @@ -690,6 +679,9 @@ protected void validateSignature(Response response, Assertion assertion) throws new X509CredentialImpl(ssoAgentConfig.getSAML2().getSSOAgentX509Credential())); validator.validate(response.getSignature()); } catch (ValidationException e) { + if (log.isDebugEnabled()) { + log.debug("Validation exception : ", e); + } throw new SSOAgentException("Signature validation failed for SAML2 Response"); } } @@ -703,6 +695,9 @@ protected void validateSignature(Response response, Assertion assertion) throws new X509CredentialImpl(ssoAgentConfig.getSAML2().getSSOAgentX509Credential())); validator.validate(assertion.getSignature()); } catch (ValidationException e) { + if (log.isDebugEnabled()) { + log.debug("Validation exception : ", e); + } throw new SSOAgentException("Signature validation failed for SAML2 Assertion"); } } @@ -732,7 +727,7 @@ protected String marshall(XMLObject xmlObject) throws SSOAgentException { LSOutput output = impl.createLSOutput(); output.setByteStream(byteArrayOutputStrm); writer.write(element, output); - return byteArrayOutputStrm.toString(); + return new String(byteArrayOutputStrm.toByteArray(), Charset.forName("UTF-8")); } catch (ClassNotFoundException e) { throw new SSOAgentException("Error in marshalling SAML2 Assertion", e); } catch (InstantiationException e) { @@ -751,19 +746,25 @@ protected String marshall(XMLObject xmlObject) throws SSOAgentException { * @return * @throws Exception */ - protected Assertion getDecryptedAssertion(EncryptedAssertion encryptedAssertion) throws Exception { - - KeyInfoCredentialResolver keyResolver = new StaticKeyInfoCredentialResolver( - new X509CredentialImpl(ssoAgentConfig.getSAML2().getSSOAgentX509Credential())); - EncryptedKey key = encryptedAssertion.getEncryptedData(). - getKeyInfo().getEncryptedKeys().get(0); - Decrypter decrypter = new Decrypter(null, keyResolver, null); - SecretKey dkey = (SecretKey) decrypter.decryptKey(key, encryptedAssertion.getEncryptedData(). - getEncryptionMethod().getAlgorithm()); - Credential shared = SecurityHelper.getSimpleCredential(dkey); - decrypter = new Decrypter(new StaticKeyInfoCredentialResolver(shared), null, null); - decrypter.setRootInNewDocument(true); - return decrypter.decrypt(encryptedAssertion); + protected Assertion getDecryptedAssertion(EncryptedAssertion encryptedAssertion) throws SSOAgentException { + + try { + KeyInfoCredentialResolver keyResolver = new StaticKeyInfoCredentialResolver( + new X509CredentialImpl(ssoAgentConfig.getSAML2().getSSOAgentX509Credential())); + + EncryptedKey key = encryptedAssertion.getEncryptedData(). + getKeyInfo().getEncryptedKeys().get(0); + Decrypter decrypter = new Decrypter(null, keyResolver, null); + SecretKey dkey = (SecretKey) decrypter.decryptKey(key, encryptedAssertion.getEncryptedData(). + getEncryptionMethod().getAlgorithm()); + Credential shared = SecurityHelper.getSimpleCredential(dkey); + decrypter = new Decrypter(new StaticKeyInfoCredentialResolver(shared), null, null); + decrypter.setRootInNewDocument(true); + return decrypter.decrypt(encryptedAssertion); + } catch (Exception e) { + throw new SSOAgentException("Decrypted assertion error", e); + + } } protected boolean isNoPassive(Response response) { diff --git a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SSOAgentCarbonX509Credential.java b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SSOAgentCarbonX509Credential.java index d92f814607..5d81702fae 100644 --- a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SSOAgentCarbonX509Credential.java +++ b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SSOAgentCarbonX509Credential.java @@ -1,20 +1,22 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2012, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + * + */ package org.wso2.carbon.identity.sso.agent.saml; diff --git a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SSOAgentCredential.java b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SSOAgentCredential.java index 8c767cc580..084e875f05 100644 --- a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SSOAgentCredential.java +++ b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SSOAgentCredential.java @@ -1,20 +1,22 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2012, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + * + */ package org.wso2.carbon.identity.sso.agent.saml; diff --git a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SSOAgentHttpSessionListener.java b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SSOAgentHttpSessionListener.java index d65a4981b3..9e4dd9577d 100644 --- a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SSOAgentHttpSessionListener.java +++ b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SSOAgentHttpSessionListener.java @@ -1,20 +1,22 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2012, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + * + */ package org.wso2.carbon.identity.sso.agent.saml; @@ -27,7 +29,7 @@ public class SSOAgentHttpSessionListener implements HttpSessionListener { - private static Logger LOGGER = Logger.getLogger(SSOAgentConstants.LOGGER_NAME); + private static final Logger LOGGER = Logger.getLogger(SSOAgentConstants.LOGGER_NAME); @Override public void sessionCreated(HttpSessionEvent httpSessionEvent) { diff --git a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SSOAgentKeyStoreCredential.java b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SSOAgentKeyStoreCredential.java index 1c0fb03b65..c4b4ced3b7 100644 --- a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SSOAgentKeyStoreCredential.java +++ b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SSOAgentKeyStoreCredential.java @@ -1,27 +1,34 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2012, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + * + */ package org.wso2.carbon.identity.sso.agent.saml; import org.wso2.carbon.identity.sso.agent.exception.SSOAgentException; import org.wso2.carbon.identity.sso.agent.util.SSOAgentConfigs; -import java.security.*; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.UnrecoverableKeyException; import java.security.cert.X509Certificate; public class SSOAgentKeyStoreCredential implements SSOAgentCredential { @@ -41,17 +48,17 @@ private static void readX509Credentials() throws SSOAgentException { PrivateKey privateKey = null; try { - if (privateKeyAlias != null) { - if (SSOAgentConfigs.isRequestSigned()) { - privateKey = (PrivateKey) keyStore.getKey(privateKeyAlias, privateKeyPassword.toCharArray()); - - if (privateKey == null) { - throw new SSOAgentException("RequestSigning is enabled, but cannot find private key with the alias " + - privateKeyAlias + " in the key store"); - } + + if (privateKeyAlias != null && SSOAgentConfigs.isRequestSigned()) { + privateKey = (PrivateKey) keyStore.getKey(privateKeyAlias, privateKeyPassword.toCharArray()); + + if (privateKey == null) { + throw new SSOAgentException("RequestSigning is enabled, but cannot find private key with the alias " + + privateKeyAlias + " in the key store"); } } + cert = (X509Certificate) keyStore.getCertificate(idpCertAlias); if (cert == null) { throw new SSOAgentException("Cannot find IDP certificate with the alias " + idpCertAlias + " in the trust store"); diff --git a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SSOAgentSessionManager.java b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SSOAgentSessionManager.java index 0ba1358e96..88339f8bcc 100644 --- a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SSOAgentSessionManager.java +++ b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SSOAgentSessionManager.java @@ -1,20 +1,22 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2012, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + * + */ package org.wso2.carbon.identity.sso.agent.saml; @@ -22,11 +24,12 @@ import org.wso2.carbon.identity.sso.agent.bean.LoggedInSessionBean; import javax.servlet.http.HttpSession; +import java.util.HashMap; import java.util.HashSet; -import java.util.Hashtable; import java.util.Map; import java.util.Set; + public class SSOAgentSessionManager { /* @@ -34,11 +37,14 @@ public class SSOAgentSessionManager { * can be handled by invalidating the SP session mapped to IdP Session Index. */ private static Map> ssoSessionsMap = - new Hashtable>(); + new HashMap>(); + + private SSOAgentSessionManager() { + } public static void invalidateSession(HttpSession session) { - LoggedInSessionBean sessionBean = ((LoggedInSessionBean) session.getAttribute( - SSOAgentConstants.SESSION_BEAN_NAME)); + LoggedInSessionBean sessionBean = (LoggedInSessionBean) session.getAttribute( + SSOAgentConstants.SESSION_BEAN_NAME); if (sessionBean != null && sessionBean.getSAML2SSO() != null) { String sessionIndex = sessionBean.getSAML2SSO().getSessionIndex(); if (sessionIndex != null) { @@ -49,8 +55,8 @@ public static void invalidateSession(HttpSession session) { } public static Set invalidateAllSessions(HttpSession session) { - LoggedInSessionBean sessionBean = ((LoggedInSessionBean) session.getAttribute( - SSOAgentConstants.SESSION_BEAN_NAME)); + LoggedInSessionBean sessionBean = (LoggedInSessionBean) session.getAttribute( + SSOAgentConstants.SESSION_BEAN_NAME); Set sessions = new HashSet(); if (sessionBean != null && sessionBean.getSAML2SSO() != null) { String sessionIndex = sessionBean.getSAML2SSO().getSessionIndex(); diff --git a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SSOAgentX509Credential.java b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SSOAgentX509Credential.java index f2fe65c6ab..b038d14985 100644 --- a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SSOAgentX509Credential.java +++ b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SSOAgentX509Credential.java @@ -1,20 +1,22 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2012, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + * + */ package org.wso2.carbon.identity.sso.agent.saml; diff --git a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SSOAgentX509KeyStoreCredential.java b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SSOAgentX509KeyStoreCredential.java index 3888b8f1c4..283c75c57f 100644 --- a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SSOAgentX509KeyStoreCredential.java +++ b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SSOAgentX509KeyStoreCredential.java @@ -1,32 +1,42 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2012, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + * + */ package org.wso2.carbon.identity.sso.agent.saml; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.wso2.carbon.identity.sso.agent.SSOAgentException; import java.io.IOException; import java.io.InputStream; -import java.security.*; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.UnrecoverableKeyException; import java.security.cert.X509Certificate; public class SSOAgentX509KeyStoreCredential implements SSOAgentX509Credential { + private static final Log log = LogFactory.getLog(SSOAgentX509KeyStoreCredential.class); private PublicKey publicKey = null; private PrivateKey privateKey = null; private X509Certificate entityCertificate = null; @@ -107,6 +117,9 @@ protected void readX509Credentials(InputStream keyStoreInputStream, char[] keySt try { keyStoreInputStream.close(); } catch (IOException ignored) { + if (log.isDebugEnabled()){ + log.debug("Ignoring IO Exception : ", ignored); + } throw new SSOAgentException("Error while closing input stream of key store"); } } diff --git a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/X509CredentialImpl.java b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/X509CredentialImpl.java index 0524899514..ccde484e29 100644 --- a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/X509CredentialImpl.java +++ b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/saml/X509CredentialImpl.java @@ -1,20 +1,22 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2012, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + * + */ package org.wso2.carbon.identity.sso.agent.saml; @@ -29,6 +31,7 @@ import java.security.PublicKey; import java.security.cert.X509CRL; import java.security.cert.X509Certificate; +import java.util.ArrayList; import java.util.Collection; /** @@ -49,57 +52,60 @@ public X509CredentialImpl(SSOAgentX509Credential credential) throws SSOAgentExce /** * Retrieves the publicKey */ + @Override public PublicKey getPublicKey() { return publicKey; } + @Override public PrivateKey getPrivateKey() { return privateKey; } + @Override public X509Certificate getEntityCertificate() { return entityCertificate; } // ********** Not implemented ************************************************************** + @Override public Collection getCRLs() { - // TODO Auto-generated method stub - return null; + return new ArrayList(); } + @Override public Collection getEntityCertificateChain() { - // TODO Auto-generated method stub - return null; + return new ArrayList(); } + @Override public CredentialContextSet getCredentalContextSet() { - // TODO Auto-generated method stub return null; } + @Override public Class getCredentialType() { - // TODO Auto-generated method stub return null; } + @Override public String getEntityId() { - // TODO Auto-generated method stub return null; } + @Override public Collection getKeyNames() { - // TODO Auto-generated method stub - return null; + return new ArrayList(); } + @Override public SecretKey getSecretKey() { - // TODO Auto-generated method stub return null; } + @Override public UsageType getUsageType() { - // TODO Auto-generated method stub return null; } } diff --git a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/util/CarbonEntityResolver.java b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/util/CarbonEntityResolver.java index 8778c68cc0..941a50343d 100644 --- a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/util/CarbonEntityResolver.java +++ b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/util/CarbonEntityResolver.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * * WSO2 Inc. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except @@ -11,9 +11,11 @@ * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the + * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. + * + * */ package org.wso2.carbon.identity.sso.agent.util; diff --git a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/util/SAMLSignatureValidator.java b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/util/SAMLSignatureValidator.java index 751076c2c8..97f12536fe 100644 --- a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/util/SAMLSignatureValidator.java +++ b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/util/SAMLSignatureValidator.java @@ -1,20 +1,22 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + * + */ package org.wso2.carbon.identity.sso.agent.util; import org.opensaml.saml2.core.Assertion; diff --git a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/util/SSOAgentConfigs.java b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/util/SSOAgentConfigs.java index 88526a78ba..a0f8042388 100644 --- a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/util/SSOAgentConfigs.java +++ b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/util/SSOAgentConfigs.java @@ -1,23 +1,28 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + * + */ package org.wso2.carbon.identity.sso.agent.util; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.identity.sso.agent.bean.SSOAgentConfig; import org.wso2.carbon.identity.sso.agent.exception.SSOAgentException; import javax.servlet.FilterConfig; @@ -31,7 +36,9 @@ public class SSOAgentConfigs { - private static Logger LOGGER = Logger.getLogger("InfoLogging"); + private static final Logger LOGGER = Logger.getLogger("InfoLogging"); + private static final Log log = LogFactory.getLog(SSOAgentConfig.class); + private static Boolean samlSSOLoginEnabled; private static Boolean openidLoginEnabled; @@ -74,21 +81,29 @@ public class SSOAgentConfigs { private static String addExtension; + private SSOAgentConfigs() { + } + public static void initConfig(FilterConfig fConfigs) throws SSOAgentException { Properties properties = new Properties(); try { if (fConfigs.getInitParameter("SSOAgentPropertiesFilePath") != null && - !fConfigs.getInitParameter("SSOAgentPropertiesFilePath").equals("")) { + !"".equals(fConfigs.getInitParameter("SSOAgentPropertiesFilePath"))) { properties.load(new FileInputStream(fConfigs.getInitParameter("SSOAgentPropertiesFilePath"))); initConfig(properties); } else { LOGGER.warning("\'SSOAgentPropertiesFilePath\' not configured"); } } catch (FileNotFoundException e) { + if (log.isDebugEnabled()) { + log.debug("File not found ", e); + } throw new SSOAgentException("Agent properties file not found"); + } catch (IOException e) { - throw new SSOAgentException("Error occurred while reading Agent properties file"); + + throw new SSOAgentException("Error occurred while reading Agent properties file", e); } } @@ -99,9 +114,11 @@ public static void initConfig(String propertiesFilePath) throws SSOAgentExceptio properties.load(new FileInputStream(propertiesFilePath)); initConfig(properties); } catch (FileNotFoundException e) { - throw new SSOAgentException("Agent properties file not found at " + propertiesFilePath); + + throw new SSOAgentException("Agent properties file not found at " + propertiesFilePath, e); } catch (IOException e) { - throw new SSOAgentException("Error reading Agent properties file at " + propertiesFilePath); + + throw new SSOAgentException("Error reading Agent properties file at " + propertiesFilePath, e); } } @@ -194,7 +211,8 @@ public static void initConfig(Properties properties) throws SSOAgentException { try { keyStoreStream = new FileInputStream(properties.getProperty("KeyStore")); } catch (FileNotFoundException e) { - throw new SSOAgentException("Cannot find file " + properties.getProperty("KeyStore")); + + throw new SSOAgentException("Cannot find file " + properties.getProperty("KeyStore"), e); } } keyStorePassword = properties.getProperty("KeyStorePassword"); @@ -221,6 +239,7 @@ public static void initCheck() throws SSOAgentException { if ((SSOAgentConfigs.isSAMLSSOLoginEnabled() || SSOAgentConfigs.isOpenIDLoginEnabled()) && SSOAgentConfigs.getLoginUrl() == null) { + throw new SSOAgentException("\'LoginUrl\' not configured"); } @@ -614,6 +633,10 @@ public static void setKeyStoreStream(String keyStore) throws SSOAgentException { try { SSOAgentConfigs.keyStoreStream = new FileInputStream(keyStore); } catch (FileNotFoundException e) { + if (log.isDebugEnabled()) { + log.debug("File not found : ", e); + } + throw new SSOAgentException("Cannot find file " + keyStore); } } @@ -649,13 +672,15 @@ private static KeyStore readKeyStore(InputStream is, String storePassword) throw keyStore.load(is, storePassword.toCharArray()); return keyStore; } catch (Exception e) { + throw new SSOAgentException("Error while loading key store file", e); } finally { if (is != null) { try { is.close(); } catch (IOException ignored) { - throw new SSOAgentException("Error while closing input stream of key store"); + + throw new SSOAgentException("Error while closing input stream of key store", ignored); } } } diff --git a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/util/SSOAgentConstants.java b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/util/SSOAgentConstants.java index fb6df6b008..fd79464cbe 100644 --- a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/util/SSOAgentConstants.java +++ b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/util/SSOAgentConstants.java @@ -1,20 +1,22 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + * + */ package org.wso2.carbon.identity.sso.agent.util; @@ -26,6 +28,9 @@ public class SSOAgentConstants { public static final String OPENID_MODE = "openid.mode"; + private SSOAgentConstants() { + } + public class StatusCodes { public static final String IDENTITY_PROVIDER_ERROR = "urn:oasis:names:tc:SAML:2.0:status:Responder"; public static final String NO_PASSIVE = "urn:oasis:names:tc:SAML:2.0:status:NoPassive"; diff --git a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/util/SSOAgentUtils.java b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/util/SSOAgentUtils.java index 2d454239fa..33703168fc 100644 --- a/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/util/SSOAgentUtils.java +++ b/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/util/SSOAgentUtils.java @@ -1,46 +1,62 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + * + */ package org.wso2.carbon.identity.sso.agent.util; import org.apache.xml.security.c14n.Canonicalizer; import org.apache.xml.security.signature.XMLSignature; +import org.opensaml.Configuration; +import org.opensaml.DefaultBootstrap; import org.opensaml.saml2.core.AuthnRequest; import org.opensaml.saml2.core.LogoutRequest; +import org.opensaml.xml.ConfigurationException; import org.opensaml.xml.XMLObject; import org.opensaml.xml.XMLObjectBuilder; import org.opensaml.xml.io.Marshaller; import org.opensaml.xml.io.MarshallerFactory; +import org.opensaml.xml.io.Unmarshaller; +import org.opensaml.xml.io.UnmarshallerFactory; +import org.opensaml.xml.io.UnmarshallingException; import org.opensaml.xml.security.x509.X509Credential; import org.opensaml.xml.signature.KeyInfo; import org.opensaml.xml.signature.Signature; import org.opensaml.xml.signature.Signer; import org.opensaml.xml.signature.X509Data; import org.opensaml.xml.util.Base64; +import org.w3c.dom.Document; +import org.w3c.dom.Element; import org.wso2.carbon.identity.sso.agent.SSOAgentConstants; import org.wso2.carbon.identity.sso.agent.SSOAgentException; +import org.xml.sax.SAXException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.xml.namespace.QName; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.Writer; import java.net.URLEncoder; +import java.nio.charset.Charset; import java.security.cert.CertificateEncodingException; import java.util.ArrayList; import java.util.List; @@ -51,6 +67,12 @@ public class SSOAgentUtils { private static Logger LOGGER = Logger.getLogger(SSOAgentConstants.LOGGER_NAME); + private static boolean isBootStrapped = false; + + private static Random random = new Random(); + + private SSOAgentUtils() { + } /** * Generates a unique Id for Authentication Requests @@ -62,7 +84,7 @@ public static String createID() { byte[] bytes = new byte[20]; // 160 bit - new Random().nextBytes(bytes); + random.nextBytes(bytes); char[] charMapping = {'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p'}; @@ -78,6 +100,17 @@ public static String createID() { return String.valueOf(chars); } + public static void doBootstrap() throws SSOAgentException { + if (!isBootStrapped) { + try { + DefaultBootstrap.bootstrap(); + isBootStrapped = true; + } catch (ConfigurationException e) { + throw new SSOAgentException("Error in bootstrapping the OpenSAML2 library", e); + } + } + } + /** * Sign the SAML AuthnRequest message * @@ -88,27 +121,11 @@ public static String createID() { * @throws org.wso2.carbon.identity.sso.agent.SSOAgentException */ public static AuthnRequest setSignature(AuthnRequest authnRequest, String signatureAlgorithm, - X509Credential cred) throws SSOAgentException { + X509Credential cred) throws SSOAgentException { + doBootstrap(); try { - Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME); - signature.setSigningCredential(cred); - signature.setSignatureAlgorithm(signatureAlgorithm); - signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + Signature signature = setSignatureRaw(signatureAlgorithm,cred); - try { - KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME); - X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME); - org.opensaml.xml.signature.X509Certificate cert = - (org.opensaml.xml.signature.X509Certificate) buildXMLObject(org.opensaml.xml.signature.X509Certificate.DEFAULT_ELEMENT_NAME); - String value = - org.apache.xml.security.utils.Base64.encode(cred.getEntityCertificate().getEncoded()); - cert.setValue(value); - data.getX509Certificates().add(cert); - keyInfo.getX509Datas().add(data); - signature.setKeyInfo(keyInfo); - } catch (CertificateEncodingException e) { - throw new SSOAgentException("Error getting certificate", e); - } authnRequest.setSignature(signature); @@ -131,6 +148,30 @@ public static AuthnRequest setSignature(AuthnRequest authnRequest, String signat } } + private static Signature setSignatureRaw(String signatureAlgorithm, X509Credential cred) throws SSOAgentException { + Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME); + signature.setSigningCredential(cred); + signature.setSignatureAlgorithm(signatureAlgorithm); + signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + + try { + KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME); + X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME); + org.opensaml.xml.signature.X509Certificate cert = + (org.opensaml.xml.signature.X509Certificate) buildXMLObject(org.opensaml.xml.signature.X509Certificate.DEFAULT_ELEMENT_NAME); + String value = + org.apache.xml.security.utils.Base64.encode(cred.getEntityCertificate().getEncoded()); + cert.setValue(value); + data.getX509Certificates().add(cert); + keyInfo.getX509Datas().add(data); + signature.setKeyInfo(keyInfo); + return signature; + + } catch (CertificateEncodingException e) { + throw new SSOAgentException("Error getting certificate", e); + } + } + /** * Sign the SAML AuthnRequest message * @@ -143,25 +184,7 @@ public static AuthnRequest setSignature(AuthnRequest authnRequest, String signat public static LogoutRequest setSignature(LogoutRequest logoutRequest, String signatureAlgorithm, X509Credential cred) throws SSOAgentException { try { - Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME); - signature.setSigningCredential(cred); - signature.setSignatureAlgorithm(signatureAlgorithm); - signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); - - try { - KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME); - X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME); - org.opensaml.xml.signature.X509Certificate cert = - (org.opensaml.xml.signature.X509Certificate) buildXMLObject(org.opensaml.xml.signature.X509Certificate.DEFAULT_ELEMENT_NAME); - String value = - org.apache.xml.security.utils.Base64.encode(cred.getEntityCertificate().getEncoded()); - cert.setValue(value); - data.getX509Certificates().add(cert); - keyInfo.getX509Datas().add(data); - signature.setKeyInfo(keyInfo); - } catch (CertificateEncodingException e) { - throw new SSOAgentException("Error getting certificate", e); - } + Signature signature = setSignatureRaw(signatureAlgorithm,cred); logoutRequest.setSignature(signature); @@ -186,13 +209,14 @@ public static LogoutRequest setSignature(LogoutRequest logoutRequest, String sig public static void addDeflateSignatureToHTTPQueryString(StringBuilder httpQueryString, X509Credential cred) throws SSOAgentException { + doBootstrap(); try { httpQueryString.append("&SigAlg=" + URLEncoder.encode(XMLSignature.ALGO_ID_SIGNATURE_RSA, "UTF-8").trim()); java.security.Signature signature = java.security.Signature.getInstance("SHA1withRSA"); signature.initSign(cred.getPrivateKey()); - signature.update(httpQueryString.toString().getBytes()); + signature.update(httpQueryString.toString().getBytes(Charset.forName("UTF-8"))); byte[] signatureByteArray = signature.sign(); String signatureBase64encodedString = Base64.encodeBytes(signatureByteArray, @@ -212,6 +236,7 @@ public static void addDeflateSignatureToHTTPQueryString(StringBuilder httpQueryS * @throws SSOAgentException */ private static XMLObject buildXMLObject(QName objectQName) throws SSOAgentException { + doBootstrap(); XMLObjectBuilder builder = org.opensaml.xml.Configuration.getBuilderFactory() .getBuilder(objectQName); @@ -244,4 +269,31 @@ public static void sendPostResponse(HttpServletRequest request, HttpServletRespo } } } + + public static XMLObject unmarshall(String saml2SSOString) throws SSOAgentException { + + doBootstrap(); + DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); + documentBuilderFactory.setExpandEntityReferences(false); + documentBuilderFactory.setNamespaceAware(true); + try { + DocumentBuilder docBuilder = documentBuilderFactory.newDocumentBuilder(); + docBuilder.setEntityResolver(new CarbonEntityResolver()); + ByteArrayInputStream is = new ByteArrayInputStream(saml2SSOString.getBytes(Charset.forName("UTF-8"))); + Document document = docBuilder.parse(is); + Element element = document.getDocumentElement(); + UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory(); + Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element); + return unmarshaller.unmarshall(element); + } catch (ParserConfigurationException e) { + throw new SSOAgentException("Error in unmarshalling SAML2SSO Request from the encoded String", e); + } catch (UnmarshallingException e) { + throw new SSOAgentException("Error in unmarshalling SAML2SSO Request from the encoded String", e); + } catch (SAXException e) { + throw new SSOAgentException("Error in unmarshalling SAML2SSO Request from the encoded String", e); + } catch (IOException e) { + throw new SSOAgentException("Error in unmarshalling SAML2SSO Request from the encoded String", e); + } + + } } diff --git a/components/agents/pom.xml b/components/agents/pom.xml index f4ac243850..fc43270e8d 100644 --- a/components/agents/pom.xml +++ b/components/agents/pom.xml @@ -1,27 +1,29 @@ org.wso2.carbon.identity carbon-identity - 4.4.2-SNAPSHOT + 4.5.6-SNAPSHOT ../../pom.xml diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.basicauth/pom.xml b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.basicauth/pom.xml index 3565cf0cde..193e090d1a 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.basicauth/pom.xml +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.basicauth/pom.xml @@ -19,7 +19,7 @@ org.wso2.carbon.identity application-authenticators - 4.4.2-SNAPSHOT + 4.5.6-SNAPSHOT ../pom.xml 4.0.0 diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.basicauth/src/main/java/org/wso2/carbon/identity/application/authenticator/basicauth/BasicAuthenticator.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.basicauth/src/main/java/org/wso2/carbon/identity/application/authenticator/basicauth/BasicAuthenticator.java index e540d4685e..e83ab06428 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.basicauth/src/main/java/org/wso2/carbon/identity/application/authenticator/basicauth/BasicAuthenticator.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.basicauth/src/main/java/org/wso2/carbon/identity/application/authenticator/basicauth/BasicAuthenticator.java @@ -1,3 +1,20 @@ +/* + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package org.wso2.carbon.identity.application.authenticator.basicauth; import org.apache.commons.logging.Log; @@ -37,19 +54,15 @@ public class BasicAuthenticator extends AbstractApplicationAuthenticator implements LocalApplicationAuthenticator { private static final long serialVersionUID = 4438354156955223654L; - - private static Log log = LogFactory.getLog(BasicAuthenticator.class); + private static final Log log = LogFactory.getLog(BasicAuthenticator.class); @Override public boolean canHandle(HttpServletRequest request) { - - String userName = request.getParameter("username"); - String password = request.getParameter("password"); - + String userName = request.getParameter(BasicAuthenticatorConstants.USER_NAME); + String password = request.getParameter(BasicAuthenticatorConstants.PASSWORD); if (userName != null && password != null) { return true; } - return false; } @@ -92,7 +105,7 @@ protected void initiateAuthenticationRequest(HttpServletRequest request, IdentityErrorMsgContext errorContext = IdentityUtil.getIdentityErrorMsg(); IdentityUtil.clearIdentityErrorMsg(); - if (showAuthFailureReason != null && showAuthFailureReason.equals("true")) { + if (showAuthFailureReason != null && "true".equals(showAuthFailureReason)) { if (errorContext != null) { if (log.isDebugEnabled()) { log.debug("Identity error message context is not null"); @@ -103,50 +116,50 @@ protected void initiateAuthenticationRequest(HttpServletRequest request, if (log.isDebugEnabled()) { log.debug("errorCode : " + errorCode); - log.debug("username : " + request.getParameter("username")); + log.debug("username : " + request.getParameter(BasicAuthenticatorConstants.USER_NAME)); log.debug("remainingAttempts : " + remainingAttempts); } if (errorCode.equals(UserCoreConstants.ErrorCode.INVALID_CREDENTIAL)) { - retryParam = retryParam + "&errorCode=" + errorCode - + "&failedUsername=" + URLEncoder.encode(request.getParameter("username"), "UTF-8") + retryParam = retryParam + BasicAuthenticatorConstants.ERROR_CODE + errorCode + + BasicAuthenticatorConstants.FAILED_USERNAME + URLEncoder.encode(request.getParameter(BasicAuthenticatorConstants.USER_NAME), BasicAuthenticatorConstants.UTF_8) + "&remainingAttempts=" + remainingAttempts; response.sendRedirect(response.encodeRedirectURL(loginPage + ("?" + queryParams)) - + "&authenticators=" + getName() + ":" + "LOCAL" + retryParam); + + BasicAuthenticatorConstants.AUTHENTICATORS + getName() + ":" + BasicAuthenticatorConstants.LOCAL + retryParam); } else if (errorCode.equals(UserCoreConstants.ErrorCode.USER_IS_LOCKED)) { String redirectURL = loginPage.replace("login.do", "retry.do"); if (remainingAttempts == 0) { redirectURL = response.encodeRedirectURL(redirectURL + ("?" + queryParams)) + - "&errorCode=" + errorCode + "&failedUsername=" + - URLEncoder.encode(request.getParameter("username"), "UTF-8") + + BasicAuthenticatorConstants.ERROR_CODE + errorCode + BasicAuthenticatorConstants.FAILED_USERNAME + + URLEncoder.encode(request.getParameter(BasicAuthenticatorConstants.USER_NAME), BasicAuthenticatorConstants.UTF_8) + "&remainingAttempts=0"; } else { - redirectURL = response.encodeRedirectURL( redirectURL + ("?" + queryParams)) + - "&errorCode=" + errorCode + "&failedUsername=" + - URLEncoder.encode(request.getParameter("username"), "UTF-8"); + redirectURL = response.encodeRedirectURL(redirectURL + ("?" + queryParams)) + + BasicAuthenticatorConstants.ERROR_CODE + errorCode + BasicAuthenticatorConstants.FAILED_USERNAME + + URLEncoder.encode(request.getParameter(BasicAuthenticatorConstants.USER_NAME), BasicAuthenticatorConstants.UTF_8); } response.sendRedirect(redirectURL); } else if (errorCode.equals(UserCoreConstants.ErrorCode.USER_DOES_NOT_EXIST)) { - retryParam = retryParam + "&errorCode=" + errorCode - + "&failedUsername=" + URLEncoder.encode(request.getParameter("username"), "UTF-8"); + retryParam = retryParam + BasicAuthenticatorConstants.ERROR_CODE + errorCode + + BasicAuthenticatorConstants.FAILED_USERNAME + URLEncoder.encode(request.getParameter(BasicAuthenticatorConstants.USER_NAME), BasicAuthenticatorConstants.UTF_8); response.sendRedirect(response.encodeRedirectURL(loginPage + ("?" + queryParams)) - + "&authenticators=" + getName() + ":" + "LOCAL" + retryParam); + + BasicAuthenticatorConstants.AUTHENTICATORS + getName() + ":" + BasicAuthenticatorConstants.LOCAL + retryParam); } } else { response.sendRedirect(response.encodeRedirectURL(loginPage + ("?" + queryParams)) - + "&authenticators=" + getName() + ":" + "LOCAL" + retryParam); + + BasicAuthenticatorConstants.AUTHENTICATORS + getName() + ":" + BasicAuthenticatorConstants.LOCAL + retryParam); } } else { String errorCode = errorContext != null ? errorContext.getErrorCode() : null; if (errorCode != null && errorCode.equals(UserCoreConstants.ErrorCode.USER_IS_LOCKED)) { String redirectURL = loginPage.replace("login.do", "retry.do"); - redirectURL = response.encodeRedirectURL(redirectURL + ("?" + queryParams)) + "&failedUsername=" + URLEncoder.encode(request.getParameter("username"), "UTF-8"); + redirectURL = response.encodeRedirectURL(redirectURL + ("?" + queryParams)) + BasicAuthenticatorConstants.FAILED_USERNAME + URLEncoder.encode(request.getParameter(BasicAuthenticatorConstants.USER_NAME), BasicAuthenticatorConstants.UTF_8); response.sendRedirect(redirectURL); } else { response.sendRedirect(response.encodeRedirectURL(loginPage + ("?" + queryParams)) - + "&authenticators=" + getName() + ":" + "LOCAL" + retryParam); + + BasicAuthenticatorConstants.AUTHENTICATORS + getName() + ":" + BasicAuthenticatorConstants.LOCAL + retryParam); } } @@ -156,15 +169,16 @@ protected void initiateAuthenticationRequest(HttpServletRequest request, } } + @Override protected void processAuthenticationResponse(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context) throws AuthenticationFailedException { - String username = request.getParameter("username"); - String password = request.getParameter("password"); + String username = request.getParameter(BasicAuthenticatorConstants.USER_NAME); + String password = request.getParameter(BasicAuthenticatorConstants.PASSWORD); - boolean isAuthenticated = false; + boolean isAuthenticated; UserStoreManager userStoreManager; // Check the authentication try { diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.basicauth/src/main/java/org/wso2/carbon/identity/application/authenticator/basicauth/BasicAuthenticatorConstants.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.basicauth/src/main/java/org/wso2/carbon/identity/application/authenticator/basicauth/BasicAuthenticatorConstants.java index 4a0dc16901..e2144c6324 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.basicauth/src/main/java/org/wso2/carbon/identity/application/authenticator/basicauth/BasicAuthenticatorConstants.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.basicauth/src/main/java/org/wso2/carbon/identity/application/authenticator/basicauth/BasicAuthenticatorConstants.java @@ -1,3 +1,20 @@ +/* + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package org.wso2.carbon.identity.application.authenticator.basicauth; /** @@ -7,5 +24,14 @@ public abstract class BasicAuthenticatorConstants { public static final String AUTHENTICATOR_NAME = "BasicAuthenticator"; public static final String AUTHENTICATOR_FRIENDLY_NAME = "basic"; - public static final String AUTHENTICATOR_STATUS = "BasicAuthenticatorStatus"; + public static final String USER_NAME = "username"; + public static final String PASSWORD = "password"; + public static final String FAILED_USERNAME = "&failedUsername="; + public static final String ERROR_CODE = "&errorCode="; + public static final String AUTHENTICATORS = "&authenticators="; + public static final String LOCAL = "LOCAL"; + public static final String UTF_8 = "UTF-8"; + + private BasicAuthenticatorConstants() { + } } diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.basicauth/src/main/java/org/wso2/carbon/identity/application/authenticator/basicauth/internal/BasicAuthenticatorServiceComponent.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.basicauth/src/main/java/org/wso2/carbon/identity/application/authenticator/basicauth/internal/BasicAuthenticatorServiceComponent.java index 20f01aa6d0..ac2f95a2ea 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.basicauth/src/main/java/org/wso2/carbon/identity/application/authenticator/basicauth/internal/BasicAuthenticatorServiceComponent.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.basicauth/src/main/java/org/wso2/carbon/identity/application/authenticator/basicauth/internal/BasicAuthenticatorServiceComponent.java @@ -1,3 +1,20 @@ +/* + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package org.wso2.carbon.identity.application.authenticator.basicauth.internal; import org.apache.commons.logging.Log; @@ -7,7 +24,6 @@ import org.wso2.carbon.identity.application.authenticator.basicauth.BasicAuthenticator; import org.wso2.carbon.user.core.service.RealmService; -import java.util.Hashtable; /** * @scr.component name="identity.application.authenticator.basicauth.component" immediate="true" @@ -31,14 +47,14 @@ protected void setRealmService(RealmService realmService) { } protected void activate(ComponentContext ctxt) { - - BasicAuthenticator basicAuth = new BasicAuthenticator(); - Hashtable props = new Hashtable(); - - ctxt.getBundleContext().registerService(ApplicationAuthenticator.class.getName(), basicAuth, props); - - if (log.isDebugEnabled()) { - log.info("BasicAuthenticator bundle is activated"); + try { + BasicAuthenticator basicAuth = new BasicAuthenticator(); + ctxt.getBundleContext().registerService(ApplicationAuthenticator.class.getName(), basicAuth, null); + if (log.isDebugEnabled()) { + log.info("BasicAuthenticator bundle is activated"); + } + } catch (Throwable e) { + log.error("SAMLSSO Authenticator bundle activation Failed", e); } } diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.facebook/pom.xml b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.facebook/pom.xml index 99eaa0f6e0..95226c66ac 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.facebook/pom.xml +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.facebook/pom.xml @@ -19,7 +19,7 @@ org.wso2.carbon.identity application-authenticators - 4.4.2-SNAPSHOT + 4.5.6-SNAPSHOT ../pom.xml diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.facebook/src/main/java/org/wso2/carbon/identity/application/authenticator/facebook/FacebookAuthenticator.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.facebook/src/main/java/org/wso2/carbon/identity/application/authenticator/facebook/FacebookAuthenticator.java index 9f5da75313..3e1f1c0c97 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.facebook/src/main/java/org/wso2/carbon/identity/application/authenticator/facebook/FacebookAuthenticator.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.facebook/src/main/java/org/wso2/carbon/identity/application/authenticator/facebook/FacebookAuthenticator.java @@ -1,17 +1,17 @@ /* - * Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. - * + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * * WSO2 Inc. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * + * + * http://www.apache.org/licenses/LICENSE-2.0 + * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the + * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ @@ -45,6 +45,7 @@ import java.net.MalformedURLException; import java.net.URL; import java.net.URLConnection; +import java.nio.charset.Charset; import java.util.Arrays; import java.util.HashMap; import java.util.Map; @@ -107,10 +108,6 @@ protected void initiateAuthenticationRequest(HttpServletRequest request, return; } - private String getClientID(Map authenticatorProperties, String clientId) { - return authenticatorProperties.get(clientId); - } - @Override protected void processAuthenticationResponse(HttpServletRequest request, HttpServletResponse response, @@ -145,7 +142,7 @@ protected void processAuthenticationResponse(HttpServletRequest request, } } else { if (!Arrays.asList(userInfoFields.split(",")).contains(FacebookAuthenticatorConstants - .DEFAULT_USER_IDENTIFIER)) { + .DEFAULT_USER_IDENTIFIER)) { userInfoFields += ("," + FacebookAuthenticatorConstants.DEFAULT_USER_IDENTIFIER); } } @@ -172,19 +169,15 @@ private String getAuthorizationCode(HttpServletRequest request) throws Applicati private String getToken(String tokenEndPoint, String clientId, String clientSecret, String callbackurl, String code) throws ApplicationAuthenticatorException { OAuthClientRequest tokenRequest = null; - String token = null; - try { tokenRequest = buidTokenRequest(tokenEndPoint, clientId, clientSecret, callbackurl, code); - token = sendRequest(tokenRequest.getLocationUri()); if (token.startsWith("{")) { if (log.isDebugEnabled()) { log.debug("Received token: " + token + " for code: " + code); - } throw new ApplicationAuthenticatorException("Received access token is invalid."); } @@ -195,7 +188,6 @@ private String getToken(String tokenEndPoint, String clientId, String clientSecr throw new ApplicationAuthenticatorException( "MalformedURLException while sending access token request.", e); - } catch (IOException e) { throw new ApplicationAuthenticatorException("IOException while sending access token request.", e); } @@ -205,7 +197,6 @@ private String getToken(String tokenEndPoint, String clientId, String clientSecr private OAuthClientRequest buidTokenRequest( String tokenEndPoint, String clientId, String clientSecret, String callbackurl, String code) throws ApplicationAuthenticatorException { - OAuthClientRequest tokenRequest = null; try { tokenRequest = @@ -221,7 +212,6 @@ private OAuthClientRequest buidTokenRequest( private String getUserInfoString(String fbAuthUserInfoUrl, String userInfoFields, String token) throws ApplicationAuthenticatorException { - String userInfoString; try { if (StringUtils.isBlank(userInfoFields)) { @@ -321,7 +311,7 @@ private String sendRequest(String url) throws IOException { URLConnection urlConnection = new URL(url).openConnection(); BufferedReader in = new BufferedReader( - new InputStreamReader(urlConnection.getInputStream())); + new InputStreamReader(urlConnection.getInputStream(), Charset.forName("utf-8"))); StringBuilder b = new StringBuilder(); String inputLine = in.readLine(); while (inputLine != null) { diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.facebook/src/main/java/org/wso2/carbon/identity/application/authenticator/facebook/FacebookAuthenticatorConstants.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.facebook/src/main/java/org/wso2/carbon/identity/application/authenticator/facebook/FacebookAuthenticatorConstants.java index 0de8669296..37db6ade4a 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.facebook/src/main/java/org/wso2/carbon/identity/application/authenticator/facebook/FacebookAuthenticatorConstants.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.facebook/src/main/java/org/wso2/carbon/identity/application/authenticator/facebook/FacebookAuthenticatorConstants.java @@ -1,17 +1,17 @@ /* - * Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. - * + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * * WSO2 Inc. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * + * + * http://www.apache.org/licenses/LICENSE-2.0 + * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the + * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.facebook/src/main/java/org/wso2/carbon/identity/application/authenticator/facebook/internal/FacebookAuthenticatorServiceComponent.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.facebook/src/main/java/org/wso2/carbon/identity/application/authenticator/facebook/internal/FacebookAuthenticatorServiceComponent.java index 8f21ec67d2..c848b05493 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.facebook/src/main/java/org/wso2/carbon/identity/application/authenticator/facebook/internal/FacebookAuthenticatorServiceComponent.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.facebook/src/main/java/org/wso2/carbon/identity/application/authenticator/facebook/internal/FacebookAuthenticatorServiceComponent.java @@ -1,17 +1,17 @@ /* - * Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. - * + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * * WSO2 Inc. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * + * + * http://www.apache.org/licenses/LICENSE-2.0 + * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the + * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ @@ -24,34 +24,30 @@ import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator; import org.wso2.carbon.identity.application.authenticator.facebook.FacebookAuthenticator; -import java.util.Hashtable; - /** * @scr.component name="identity.application.authenticator.facebook.component" * immediate="true" */ public class FacebookAuthenticatorServiceComponent { - private static final Log LOGGER = LogFactory.getLog(FacebookAuthenticatorServiceComponent.class); + private static final Log log = LogFactory.getLog(FacebookAuthenticatorServiceComponent.class); protected void activate(ComponentContext ctxt) { try { FacebookAuthenticator facebookAuthenticator = new FacebookAuthenticator(); - Hashtable props = new Hashtable(); - ctxt.getBundleContext().registerService(ApplicationAuthenticator.class.getName(), - facebookAuthenticator, props); - if (LOGGER.isDebugEnabled()) { - LOGGER.debug("Facebook Authenticator bundle is activated"); + facebookAuthenticator, null); + if (log.isDebugEnabled()) { + log.debug("Facebook Authenticator bundle is activated"); } } catch (Throwable e) { - LOGGER.fatal(" Error while activating Facebook authenticator ", e); + log.fatal(" Error while activating Facebook authenticator ", e); } } protected void deactivate(ComponentContext ctxt) { - if (LOGGER.isDebugEnabled()) { - LOGGER.debug("Facebook Authenticator bundle is deactivated"); + if (log.isDebugEnabled()) { + log.debug("Facebook Authenticator bundle is deactivated"); } } } diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/pom.xml b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/pom.xml index ba1073aa2b..8d42fda325 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/pom.xml +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/pom.xml @@ -4,7 +4,7 @@ org.wso2.carbon.identity application-authenticators - 4.4.2-SNAPSHOT + 4.5.6-SNAPSHOT ../pom.xml diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/src/main/java/org/wso2/carbon/identity/application/authenticator/fido/FIDOAuthenticator.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/src/main/java/org/wso2/carbon/identity/application/authenticator/fido/FIDOAuthenticator.java index 39440aca01..d5f138fe88 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/src/main/java/org/wso2/carbon/identity/application/authenticator/fido/FIDOAuthenticator.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/src/main/java/org/wso2/carbon/identity/application/authenticator/fido/FIDOAuthenticator.java @@ -6,16 +6,15 @@ * in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the + * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ - package org.wso2.carbon.identity.application.authenticator.fido; import com.yubico.u2f.data.messages.AuthenticateRequestData; @@ -70,7 +69,7 @@ protected void processAuthenticationResponse(HttpServletRequest request, U2FService u2FService = U2FService.getInstance(); //TODO enhancement: tenant domain, user store domain FIDOUser fidoUser = new FIDOUser(user.getUserName(), user.getTenantDomain(), - user.getUserStoreDomain(), AuthenticateResponse.fromJson(tokenResponse)); + user.getUserStoreDomain(), AuthenticateResponse.fromJson(tokenResponse)); fidoUser.setAppID(appID); u2FService.finishAuthentication(fidoUser); } else { @@ -116,7 +115,7 @@ protected void initiateAuthenticationRequest(HttpServletRequest request, try { //authentication page's URL. String loginPage = ConfigurationFacade.getInstance().getAuthenticationEndpointURL(); - loginPage.replace("login.do", "authentication.jsp"); + loginPage = loginPage.replace("login.do", "authentication.jsp"); //username from basic authenticator. AuthenticatedUser user = getUsername(context); //origin as appID eg.: http://example.com:8080 @@ -129,14 +128,14 @@ protected void initiateAuthenticationRequest(HttpServletRequest request, response.sendRedirect(response.encodeRedirectURL(loginPage + ("?")) - + "&authenticators=" + getName() + ":" + "LOCAL" + "&type=fido&sessionDataKey=" + - request.getParameter("sessionDataKey") + - "&data=" + data.toJson()); + + "&authenticators=" + getName() + ":" + "LOCAL" + "&type=fido&sessionDataKey=" + + request.getParameter("sessionDataKey") + + "&data=" + data.toJson()); } else { String redirectURL = loginPage.replace("login.do", "retry.do"); - redirectURL = response.encodeRedirectURL(redirectURL + ("?")) + "&failedUsername=" + URLEncoder.encode(user.getUserName(), "UTF-8") + - "&statusMsg=" + URLEncoder.encode(FIDOAuthenticatorConstants.AUTHENTICATION_ERROR_MESSAGE, "UTF-8") + - "&status=" + URLEncoder.encode(FIDOAuthenticatorConstants.AUTHENTICATION_STATUS, "UTF-8"); + redirectURL = response.encodeRedirectURL(redirectURL + ("?")) + "&failedUsername=" + URLEncoder.encode(user.getUserName(), FIDOAuthenticatorConstants.UTF_8) + + "&statusMsg=" + URLEncoder.encode(FIDOAuthenticatorConstants.AUTHENTICATION_ERROR_MESSAGE, FIDOAuthenticatorConstants.UTF_8) + + "&status=" + URLEncoder.encode(FIDOAuthenticatorConstants.AUTHENTICATION_STATUS, FIDOAuthenticatorConstants.UTF_8); response.sendRedirect(redirectURL); } @@ -158,8 +157,8 @@ private AuthenticatedUser getUsername(AuthenticationContext context) { AuthenticatedUser authenticatedUser = null; for (int i = 1; i <= context.getSequenceConfig().getStepMap().size(); i++) { if (context.getSequenceConfig().getStepMap().get(i).getAuthenticatedUser() != null && - context.getSequenceConfig().getStepMap().get(i).getAuthenticatedAutenticator() - .getApplicationAuthenticator() instanceof LocalApplicationAuthenticator) { + context.getSequenceConfig().getStepMap().get(i).getAuthenticatedAutenticator() + .getApplicationAuthenticator() instanceof LocalApplicationAuthenticator) { authenticatedUser = context.getSequenceConfig().getStepMap().get(i).getAuthenticatedUser(); if (authenticatedUser.getUserStoreDomain() == null) { authenticatedUser.setUserStoreDomain(FIDOAuthenticatorConstants.PRIMARY_USER_DOMAIN); diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/src/main/java/org/wso2/carbon/identity/application/authenticator/fido/dao/DeviceStoreDAO.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/src/main/java/org/wso2/carbon/identity/application/authenticator/fido/dao/DeviceStoreDAO.java index 27bb40806a..641a9addd4 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/src/main/java/org/wso2/carbon/identity/application/authenticator/fido/dao/DeviceStoreDAO.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/src/main/java/org/wso2/carbon/identity/application/authenticator/fido/dao/DeviceStoreDAO.java @@ -6,12 +6,12 @@ * in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the + * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ @@ -56,7 +56,7 @@ public void addDeviceRegistration(String username, DeviceRegistration registrati FIDOUtil.logTrace("Executing {addDeviceRegistration} method", log); if (log.isDebugEnabled()) { log.debug("addDeviceRegistration inputs {username: " + username + ", registration :" + - registration.toJsonWithAttestationCert() + "}"); + registration.toJsonWithAttestationCert() + "}"); } Connection connection = null; PreparedStatement preparedStatement = null; @@ -80,7 +80,7 @@ public void addDeviceRegistration(String username, DeviceRegistration registrati log.error("Error rolling back the transaction to FIDO registration", e1); } throw new IdentityException("Error when executing FIDO registration SQL : " + - FIDOAuthenticatorConstants.SQLQueries.ADD_DEVICE_REGISTRATION_QUERY, e); + FIDOAuthenticatorConstants.SQLQueries.ADD_DEVICE_REGISTRATION_QUERY, e); } finally { IdentityDatabaseUtil.closeAllConnections(connection, null, preparedStatement); } @@ -126,7 +126,7 @@ public Collection getDeviceRegistration(String username, int tenantID, String us } catch (SQLException e) { throw new IdentityException( "Error executing get device registration SQL : " + - FIDOAuthenticatorConstants.SQLQueries.GET_DEVICE_REGISTRATION_QUERY, e); + FIDOAuthenticatorConstants.SQLQueries.GET_DEVICE_REGISTRATION_QUERY, e); } finally { IdentityDatabaseUtil.closeAllConnections(connection, resultSet, preparedStatement); } diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/src/main/java/org/wso2/carbon/identity/application/authenticator/fido/dto/FIDOUser.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/src/main/java/org/wso2/carbon/identity/application/authenticator/fido/dto/FIDOUser.java index 5c69d7cd59..0093709d35 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/src/main/java/org/wso2/carbon/identity/application/authenticator/fido/dto/FIDOUser.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/src/main/java/org/wso2/carbon/identity/application/authenticator/fido/dto/FIDOUser.java @@ -6,12 +6,12 @@ * in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the + * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/src/main/java/org/wso2/carbon/identity/application/authenticator/fido/internal/FIDOAuthenticatorServiceComponent.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/src/main/java/org/wso2/carbon/identity/application/authenticator/fido/internal/FIDOAuthenticatorServiceComponent.java index 2e672705b1..846b755d81 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/src/main/java/org/wso2/carbon/identity/application/authenticator/fido/internal/FIDOAuthenticatorServiceComponent.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/src/main/java/org/wso2/carbon/identity/application/authenticator/fido/internal/FIDOAuthenticatorServiceComponent.java @@ -1,19 +1,17 @@ /* * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.wso2.carbon.identity.application.authenticator.fido.internal; @@ -27,7 +25,6 @@ import org.wso2.carbon.identity.application.authenticator.fido.u2f.U2FService; import org.wso2.carbon.user.core.service.RealmService; -import java.util.Hashtable; /** * @scr.component name="identity.application.authenticator.fido.component" immediate="true" @@ -44,13 +41,13 @@ public class FIDOAuthenticatorServiceComponent { protected void activate(ComponentContext context) { BundleContext bundleContext = context.getBundleContext(); FIDOAuthenticator fidoAuthenticator = FIDOAuthenticator.getInstance(); - Hashtable props = new Hashtable(); + try { - bundleContext.registerService(ApplicationAuthenticator.class.getName(), fidoAuthenticator, props); + bundleContext.registerService(ApplicationAuthenticator.class.getName(), fidoAuthenticator, null); if (log.isDebugEnabled()) { log.debug("FIDOAuthenticator service is registered"); } - } catch (Throwable e) { + } catch (Exception e) { log.fatal("Error registering FIDOAuthenticator service", e); } diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/src/main/java/org/wso2/carbon/identity/application/authenticator/fido/service/FIDOAdminService.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/src/main/java/org/wso2/carbon/identity/application/authenticator/fido/service/FIDOAdminService.java index bc42f75683..e0a08de158 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/src/main/java/org/wso2/carbon/identity/application/authenticator/fido/service/FIDOAdminService.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/src/main/java/org/wso2/carbon/identity/application/authenticator/fido/service/FIDOAdminService.java @@ -6,12 +6,12 @@ * in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the + * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ @@ -20,13 +20,11 @@ import com.yubico.u2f.data.messages.RegisterResponse; import org.wso2.carbon.context.CarbonContext; -import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.identity.application.authenticator.fido.dto.FIDOUser; import org.wso2.carbon.identity.application.authenticator.fido.u2f.U2FService; import org.wso2.carbon.identity.application.authenticator.fido.util.FIDOAuthenticatorConstants; import org.wso2.carbon.identity.application.authenticator.fido.util.FIDOUtil; import org.wso2.carbon.identity.base.IdentityException; -import org.wso2.carbon.identity.core.util.IdentityUtil; /** * FIDO service class for FIDO registration. @@ -38,13 +36,12 @@ public class FIDOAdminService { /** * Initiate FIDO registration. * - * @param username username. - * @param appID Application ID. + * @param appID Application ID. * @return RegisterRequestData. * @throws IdentityException when U2F can not generate challenge. */ @SuppressWarnings(FIDOAuthenticatorConstants.UNUSED) - public String startRegistration(String username, String appID) throws IdentityException { + public String startRegistration(String appID) throws IdentityException { FIDOUser user = getUser(); user.setAppID(appID); @@ -56,11 +53,10 @@ public String startRegistration(String username, String appID) throws IdentityEx * Complete FIDO registration. * * @param response response from client. - * @param username username associated with initiate request. * @throws IdentityException when U2F validation fails. */ @SuppressWarnings(FIDOAuthenticatorConstants.UNUSED) - public void finishRegistration(String response, String username) throws IdentityException { + public void finishRegistration(String response) throws IdentityException { FIDOUser user = getUser(); user.setRegisterResponse(RegisterResponse.fromJson(response)); @@ -72,8 +68,7 @@ private FIDOUser getUser() { String loggedInDomain = FIDOUtil.getDomainName(loggedInUser); String domainAwareUser = FIDOUtil.getUsernameWithoutDomain(loggedInUser); String loggedInTenant = CarbonContext.getThreadLocalCarbonContext().getTenantDomain(); - FIDOUser user = new FIDOUser(domainAwareUser, loggedInTenant, loggedInDomain); - return user; + return new FIDOUser(domainAwareUser, loggedInTenant, loggedInDomain); } diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/src/main/java/org/wso2/carbon/identity/application/authenticator/fido/u2f/U2FService.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/src/main/java/org/wso2/carbon/identity/application/authenticator/fido/u2f/U2FService.java index a0e61e8fd5..543ca02178 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/src/main/java/org/wso2/carbon/identity/application/authenticator/fido/u2f/U2FService.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/src/main/java/org/wso2/carbon/identity/application/authenticator/fido/u2f/U2FService.java @@ -6,12 +6,12 @@ * in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the + * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ @@ -32,7 +32,11 @@ import org.wso2.carbon.identity.base.IdentityException; import org.wso2.carbon.user.api.UserStoreException; -import java.util.*; +import java.util.ArrayList; +import java.util.Collection; +import java.util.HashMap; +import java.util.List; +import java.util.Map; public class U2FService { @@ -105,7 +109,7 @@ public AuthenticateRequestData startAuthentication(final FIDOUser user) */ public void finishAuthentication(final FIDOUser user) throws AuthenticationFailedException { FIDOUtil.logTrace("Executing {finishAuthentication} method", log); - //AuthenticateResponse authenticateResponse = AuthenticateResponse.fromJson(response); + AuthenticateRequestData authenticateRequest; try { @@ -113,7 +117,7 @@ public void finishAuthentication(final FIDOUser user) throws AuthenticationFaile .fromJson(requestStorage.remove(user.getAuthenticateResponse().getRequestId())); u2f.finishAuthentication(authenticateRequest, user.getAuthenticateResponse(), - getRegistrations(user)); + getRegistrations(user)); } catch (Exception e) { throw new AuthenticationFailedException("Could not complete FIDO authentication", e); @@ -192,7 +196,7 @@ public static U2FService getInstance() { } } - private U2FService() { + public U2FService() { } } \ No newline at end of file diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/src/main/java/org/wso2/carbon/identity/application/authenticator/fido/util/FIDOAuthenticatorConstants.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/src/main/java/org/wso2/carbon/identity/application/authenticator/fido/util/FIDOAuthenticatorConstants.java index 799eca0b1f..2557c60bc5 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/src/main/java/org/wso2/carbon/identity/application/authenticator/fido/util/FIDOAuthenticatorConstants.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/src/main/java/org/wso2/carbon/identity/application/authenticator/fido/util/FIDOAuthenticatorConstants.java @@ -6,12 +6,12 @@ * in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the + * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ @@ -22,18 +22,24 @@ * Utils class for FIDO Authenticator Constants. */ public class FIDOAuthenticatorConstants { + private FIDOAuthenticatorConstants() { + } - public static final String AUTHENTICATOR_NAME = "FIDOAuthenticator"; - public static final String AUTHENTICATOR_FRIENDLY_NAME = "fido"; - public static final String UNUSED = "unused"; + public static final String AUTHENTICATOR_NAME = "FIDOAuthenticator"; + public static final String AUTHENTICATOR_FRIENDLY_NAME = "fido"; + public static final String UNUSED = "unused"; public static final String AUTHENTICATION_STATUS = "Authentication Failed !"; public static final String AUTHENTICATION_ERROR_MESSAGE = "No registered device found, Please register your device before sign in."; public static final String PRIMARY_USER_DOMAIN = "PRIMARY"; public static final String U2F_KEY_HANDLE = "KEY_HANDLE"; public static final String U2F_DEVICE_DATA = "DEVICE_DATA"; + public static final String UTF_8 = "UTF-8"; public static class SQLQueries { + private SQLQueries() { + } + public static final String ADD_DEVICE_REGISTRATION_QUERY = "INSERT INTO FIDO_DEVICE_STORE (TENANT_ID, DOMAIN_ID," + " USER_NAME, KEY_HANDLE, DEVICE_DATA ) SELECT ?, UM_DOMAIN_ID, ?,?,? FROM UM_DOMAIN WHERE UM_DOMAIN_NAME = ? " + "AND UM_TENANT_ID = ?"; diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/src/main/java/org/wso2/carbon/identity/application/authenticator/fido/util/FIDOUtil.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/src/main/java/org/wso2/carbon/identity/application/authenticator/fido/util/FIDOUtil.java index 0da50091e3..078b4e480e 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/src/main/java/org/wso2/carbon/identity/application/authenticator/fido/util/FIDOUtil.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.fido/src/main/java/org/wso2/carbon/identity/application/authenticator/fido/util/FIDOUtil.java @@ -6,12 +6,12 @@ * in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the + * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ @@ -22,7 +22,6 @@ import org.wso2.carbon.identity.application.authenticator.fido.internal.FIDOAuthenticatorServiceComponent; import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.core.service.RealmService; -import org.wso2.carbon.utils.multitenancy.MultitenantUtils; import javax.servlet.http.HttpServletRequest; @@ -30,43 +29,48 @@ * FIDOUtil class for FIDO authentication component. */ public class FIDOUtil { - public static void logTrace(String msg, Log log) { - if (log.isTraceEnabled()) { - log.trace(msg); - } - } + private FIDOUtil() { + } + + public static void logTrace(String msg, Log log) { + if (log.isTraceEnabled()) { + log.trace(msg); + } + } - public static String getOrigin(HttpServletRequest request) { + public static String getOrigin(HttpServletRequest request) { - return request.getScheme() + "://" + request.getServerName() + ":" + - request.getServerPort(); - } + return request.getScheme() + "://" + request.getServerName() + ":" + + request.getServerPort(); + } public static int getTenantID(String tenantDomain) throws UserStoreException { RealmService realmService = null; int tenantId; realmService = FIDOAuthenticatorServiceComponent.getRealmService(); - tenantId = realmService.getTenantManager().getTenantId(tenantDomain); + tenantId = realmService.getTenantManager().getTenantId(tenantDomain); return tenantId; } - public static String getSafeText(String text) { - if (text == null) { - return text; - } - text = text.trim(); - if (text.indexOf('<') > -1) { - text = text.replace("<", "<"); - } - if (text.indexOf('>') > -1) { - text = text.replace(">", ">"); - } - return text; - } - public static String getUniqueUsername(HttpServletRequest request, String username){ - return request.getServerName() + "/" + username; - } + public static String getSafeText(String text) { + String trimmedText = null; + if (text == null) { + return text; + } + trimmedText = text.trim(); + if (trimmedText.indexOf('<') > -1) { + trimmedText = trimmedText.replace("<", "<"); + } + if (trimmedText.indexOf('>') > -1) { + trimmedText = trimmedText.replace(">", ">"); + } + return trimmedText; + } + + public static String getUniqueUsername(HttpServletRequest request, String username) { + return request.getServerName() + "/" + username; + } public static String getDomainName(String username) { int index = username.indexOf(CarbonConstants.DOMAIN_SEPARATOR); diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.iwa/pom.xml b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.iwa/pom.xml index db72546d96..44787c9b95 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.iwa/pom.xml +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.iwa/pom.xml @@ -19,7 +19,7 @@ org.wso2.carbon.identity application-authenticators - 4.4.2-SNAPSHOT + 4.5.6-SNAPSHOT ../pom.xml 4.0.0 diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.iwa/src/main/java/org/wso2/carbon/identity/application/authenticator/iwa/IWAAuthenticator.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.iwa/src/main/java/org/wso2/carbon/identity/application/authenticator/iwa/IWAAuthenticator.java index de200348bb..ee1c3c890e 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.iwa/src/main/java/org/wso2/carbon/identity/application/authenticator/iwa/IWAAuthenticator.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.iwa/src/main/java/org/wso2/carbon/identity/application/authenticator/iwa/IWAAuthenticator.java @@ -1,12 +1,12 @@ /* - * Copyright (c) 2014 WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * * WSO2 Inc. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.iwa/src/main/java/org/wso2/carbon/identity/application/authenticator/iwa/IWAConstants.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.iwa/src/main/java/org/wso2/carbon/identity/application/authenticator/iwa/IWAConstants.java index f2d41d3800..447940a4cb 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.iwa/src/main/java/org/wso2/carbon/identity/application/authenticator/iwa/IWAConstants.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.iwa/src/main/java/org/wso2/carbon/identity/application/authenticator/iwa/IWAConstants.java @@ -1,12 +1,12 @@ /* - * Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * * WSO2 Inc. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.iwa/src/main/java/org/wso2/carbon/identity/application/authenticator/iwa/IWAServiceDataHolder.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.iwa/src/main/java/org/wso2/carbon/identity/application/authenticator/iwa/IWAServiceDataHolder.java new file mode 100644 index 0000000000..a12eeeed17 --- /dev/null +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.iwa/src/main/java/org/wso2/carbon/identity/application/authenticator/iwa/IWAServiceDataHolder.java @@ -0,0 +1,90 @@ +/* + * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.wso2.carbon.identity.application.authenticator.iwa; + +import waffle.servlet.spi.SecurityFilterProviderCollection; +import waffle.windows.auth.IWindowsAuthProvider; +import waffle.windows.auth.PrincipalFormat; + +public class IWAServiceDataHolder { + private IWAServiceDataHolder() { + setPrincipalFormat(PrincipalFormat.both.fqn); + setRoleFormat(PrincipalFormat.fqn); + } + private static IWAServiceDataHolder instance = new IWAServiceDataHolder(); + private SecurityFilterProviderCollection providers; + private IWindowsAuthProvider auth; + private boolean allowGuestLogin; + private boolean impersonate; + private PrincipalFormat principalFormat; + private PrincipalFormat roleFormat; + + + public static IWAServiceDataHolder getInstance() { + return instance; + } + + public PrincipalFormat getPrincipalFormat() { + return principalFormat; + } + + public void setPrincipalFormat(PrincipalFormat principalFormat) { + this.principalFormat = principalFormat; + } + + public PrincipalFormat getRoleFormat() { + return roleFormat; + } + + public void setRoleFormat(PrincipalFormat roleFormat) { + this.roleFormat = roleFormat; + } + + public IWindowsAuthProvider getAuth() { + return auth; + } + + public void setAuth(IWindowsAuthProvider auth) { + this.auth = auth; + } + + public boolean isAllowGuestLogin() { + return allowGuestLogin; + } + + public void setAllowGuestLogin(boolean allowGuestLogin) { + this.allowGuestLogin = allowGuestLogin; + } + + public boolean isImpersonate() { + return impersonate; + } + + public void setImpersonate(boolean impersonate) { + this.impersonate = impersonate; + } + + public SecurityFilterProviderCollection getProviders() { + return providers; + } + + public void setProviders(SecurityFilterProviderCollection providers) { + this.providers = providers; + } + +} diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.iwa/src/main/java/org/wso2/carbon/identity/application/authenticator/iwa/internal/IWAAuthenticatorServiceComponent.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.iwa/src/main/java/org/wso2/carbon/identity/application/authenticator/iwa/internal/IWAAuthenticatorServiceComponent.java index 98457e79c3..1397817cd4 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.iwa/src/main/java/org/wso2/carbon/identity/application/authenticator/iwa/internal/IWAAuthenticatorServiceComponent.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.iwa/src/main/java/org/wso2/carbon/identity/application/authenticator/iwa/internal/IWAAuthenticatorServiceComponent.java @@ -1,12 +1,12 @@ /* - * Copyright (c) 2014 WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * * WSO2 Inc. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an @@ -15,7 +15,6 @@ * specific language governing permissions and limitations * under the License. */ - package org.wso2.carbon.identity.application.authenticator.iwa.internal; import org.apache.commons.logging.Log; @@ -31,7 +30,7 @@ import javax.servlet.Servlet; import javax.servlet.ServletException; -import java.util.Hashtable; + /** * @scr.component name="identity.application.authenticator.basicauth.component" immediate="true" @@ -45,22 +44,19 @@ public class IWAAuthenticatorServiceComponent { private static HttpService httpService; protected void activate(ComponentContext ctxt) { - - IWAAuthenticator iwaAuth = new IWAAuthenticator(); - Hashtable props = new Hashtable(); - - // Register iwa servlet - Servlet iwaServlet = new ContextPathServletAdaptor(new IWAServelet(), IWAConstants.IWA_URL); try { + IWAAuthenticator iwaAuth = new IWAAuthenticator(); + // Register iwa servlet + Servlet iwaServlet = new ContextPathServletAdaptor(new IWAServelet(), IWAConstants.IWA_URL); httpService.registerServlet(IWAConstants.IWA_URL, iwaServlet, null, null); - } catch (NamespaceException e) { - log.error("Error when registering the IWA servlet, '" + IWAConstants.IWA_URL + "' may be already in use."); - } catch (ServletException e) { - log.error("Error when registering the IWA servlet.", e); - } - ctxt.getBundleContext().registerService(ApplicationAuthenticator.class.getName(), iwaAuth, props); - if (log.isDebugEnabled()) { - log.debug("IWAAuthenticator bundle is activated"); + ctxt.getBundleContext().registerService(ApplicationAuthenticator.class.getName(), iwaAuth, null); + if (log.isDebugEnabled()) { + log.debug("IWAAuthenticator bundle is activated"); + } + } catch (NamespaceException | ServletException e) { + log.error("Error when registering the IWA servlet, '" + IWAConstants.IWA_URL + "' may be already in use." + e); + } catch (Throwable e) { + log.error("IWAAuthenticator bundle activation failed"); } } diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.iwa/src/main/java/org/wso2/carbon/identity/application/authenticator/iwa/servlet/IWAServelet.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.iwa/src/main/java/org/wso2/carbon/identity/application/authenticator/iwa/servlet/IWAServelet.java index c9095138bd..44dc32104f 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.iwa/src/main/java/org/wso2/carbon/identity/application/authenticator/iwa/servlet/IWAServelet.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.iwa/src/main/java/org/wso2/carbon/identity/application/authenticator/iwa/servlet/IWAServelet.java @@ -1,12 +1,12 @@ /* - * Copyright (c) 2014 WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * * WSO2 Inc. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an @@ -22,9 +22,9 @@ import org.apache.commons.logging.LogFactory; import org.wso2.carbon.identity.application.authenticator.iwa.IWAAuthenticator; import org.wso2.carbon.identity.application.authenticator.iwa.IWAConstants; +import org.wso2.carbon.identity.application.authenticator.iwa.IWAServiceDataHolder; import org.wso2.carbon.ui.CarbonUIUtil; import waffle.servlet.AutoDisposableWindowsPrincipal; -import waffle.servlet.NegotiateRequestWrapper; import waffle.servlet.NegotiateSecurityFilter; import waffle.servlet.WindowsPrincipal; import waffle.servlet.spi.SecurityFilterProvider; @@ -58,12 +58,6 @@ public class IWAServelet extends HttpServlet { public static final String PRINCIPAL_SESSION_KEY = NegotiateSecurityFilter.class .getName() + ".PRINCIPAL"; private static Log log = LogFactory.getLog(IWAServelet.class); - private PrincipalFormat principalFormat = PrincipalFormat.fqn; - private PrincipalFormat roleFormat = PrincipalFormat.fqn; - private SecurityFilterProviderCollection providers = null; - private IWindowsAuthProvider auth; - private boolean allowGuestLogin = true; - private boolean impersonate = false; @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { @@ -80,7 +74,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) throw new IllegalArgumentException(IWAConstants.IWA_PARAM_STATE + " parameter is null."); } commonAuthURL += "?" + IWAConstants.IWA_PARAM_STATE + "=" + URLEncoder.encode(param, IWAConstants.UTF_8) + - "&" + IWAAuthenticator.IWA_PROCESSED + "=1"; + "&" + IWAAuthenticator.IWA_PROCESSED + "=1"; if (doFilterPrincipal(request)) { // previously authenticated user @@ -93,7 +87,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) // log the user in using the token IWindowsIdentity windowsIdentity; try { - windowsIdentity = providers.doFilter(request, response); + windowsIdentity = IWAServiceDataHolder.getInstance().getProviders().doFilter(request, response); if (windowsIdentity == null) { return; } @@ -104,14 +98,14 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) } IWindowsImpersonationContext ctx = null; try { - if (!allowGuestLogin && windowsIdentity.isGuest()) { + if (!IWAServiceDataHolder.getInstance().isAllowGuestLogin() && windowsIdentity.isGuest()) { log.warn("guest login disabled: " + windowsIdentity.getFqn()); sendUnauthorized(response, true); return; } if (log.isDebugEnabled()) { log.debug("logged in user: " + windowsIdentity.getFqn() + " (" + windowsIdentity.getSidString() + - ")"); + ")"); } HttpSession session = request.getSession(true); if (session == null) { @@ -124,10 +118,10 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) } WindowsPrincipal windowsPrincipal; - if (impersonate) { - windowsPrincipal = new AutoDisposableWindowsPrincipal(windowsIdentity, principalFormat, roleFormat); + if (IWAServiceDataHolder.getInstance().isImpersonate()) { + windowsPrincipal = new AutoDisposableWindowsPrincipal(windowsIdentity, IWAServiceDataHolder.getInstance().getPrincipalFormat(), IWAServiceDataHolder.getInstance().getRoleFormat()); } else { - windowsPrincipal = new WindowsPrincipal(windowsIdentity, principalFormat, roleFormat); + windowsPrincipal = new WindowsPrincipal(windowsIdentity, IWAServiceDataHolder.getInstance().getPrincipalFormat(), IWAServiceDataHolder.getInstance().getRoleFormat()); } if (log.isDebugEnabled()) { log.debug("roles: " + windowsPrincipal.getRolesString()); @@ -138,14 +132,14 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) log.info("Successfully logged in user: " + windowsIdentity.getFqn()); request.getSession().setAttribute(PRINCIPAL_SESSION_KEY, windowsPrincipal); - if (impersonate) { + if (IWAServiceDataHolder.getInstance().isImpersonate()) { if (log.isDebugEnabled()) { log.debug("impersonating user"); } ctx = windowsIdentity.impersonate(); } } finally { - if (impersonate && ctx != null) { + if (IWAServiceDataHolder.getInstance().isImpersonate() && ctx != null) { if (log.isDebugEnabled()) { log.debug("terminating impersonation"); } @@ -185,7 +179,7 @@ private boolean doFilterPrincipal(HttpServletRequest request) throws IOException return false; } - if (providers.isPrincipalException(request)) { + if (IWAServiceDataHolder.getInstance().getProviders().isPrincipalException(request)) { // the providers signal to authenticate despite an existing principal, eg. NTLM post return false; } @@ -198,23 +192,22 @@ private boolean doFilterPrincipal(HttpServletRequest request) throws IOException } WindowsPrincipal windowsPrincipal = (WindowsPrincipal) principal; - if (impersonate && windowsPrincipal.getIdentity() == null) { + if (IWAServiceDataHolder.getInstance().isImpersonate() && windowsPrincipal.getIdentity() == null) { // This can happen when the session has been serialized then de-serialized // and because the IWindowsIdentity field is transient. In this case re-ask an // authentication to get a new identity. return false; } - NegotiateRequestWrapper requestWrapper = new NegotiateRequestWrapper(request, windowsPrincipal); IWindowsImpersonationContext ctx = null; - if (impersonate) { + if (IWAServiceDataHolder.getInstance().isImpersonate()) { if (log.isDebugEnabled()) { log.debug("re-impersonating user"); } ctx = windowsPrincipal.getIdentity().impersonate(); } - if (impersonate && ctx != null) { + if (IWAServiceDataHolder.getInstance().isImpersonate() && ctx != null) { if (log.isDebugEnabled()) { log.debug("terminating impersonation"); } @@ -236,7 +229,7 @@ private boolean doFilterPrincipal(HttpServletRequest request) throws IOException */ private void sendUnauthorized(HttpServletResponse response, boolean close) { try { - providers.sendUnauthorized(response); + IWAServiceDataHolder.getInstance().getProviders().sendUnauthorized(response); if (close) { response.setHeader(IWAConstants.HTTP_CONNECTION_HEADER, IWAConstants.CONNECTION_CLOSE); } else { @@ -245,7 +238,7 @@ private void sendUnauthorized(HttpServletResponse response, boolean close) { response.sendError(HttpServletResponse.SC_UNAUTHORIZED); response.flushBuffer(); } catch (IOException e) { - log.error("Error when sending unauthorized response."); + log.error("Error when sending unauthorized response." + e); } } @@ -261,15 +254,14 @@ public void init(ServletConfig config) throws ServletException { String parameterValue = config .getInitParameter(parameterName); -// _log.debug(parameterName + "=" + parameterValue); if (parameterName.equals(IWAConstants.PRINCIPAL_FORMAT)) { - principalFormat = PrincipalFormat.valueOf(parameterValue); + IWAServiceDataHolder.getInstance().setPrincipalFormat(PrincipalFormat.valueOf(parameterValue)); } else if (parameterName.equals(IWAConstants.ROLE_FORMAT)) { - roleFormat = PrincipalFormat.valueOf(parameterValue); + IWAServiceDataHolder.getInstance().setRoleFormat(PrincipalFormat.valueOf(parameterValue)); } else if (parameterName.equals(IWAConstants.ALLOW_GUEST_LOGIN)) { - allowGuestLogin = Boolean.parseBoolean(parameterValue); + IWAServiceDataHolder.getInstance().setAllowGuestLogin(Boolean.parseBoolean(parameterValue)); } else if (parameterName.equals(IWAConstants.IMPERSONATE)) { - impersonate = Boolean.parseBoolean(parameterValue); + IWAServiceDataHolder.getInstance().setImpersonate(Boolean.parseBoolean(parameterValue)); } else if (parameterName.equals(IWAConstants.SECURITY_FILTER_PROVIDERS)) { providerNames = parameterValue.split("\\s+"); } else if (parameterName.equals(IWAConstants.AUTH_PROVIDER)) { @@ -282,27 +274,29 @@ public void init(ServletConfig config) throws ServletException { if (authProvider != null) { try { - auth = (IWindowsAuthProvider) Class.forName(authProvider).getConstructor().newInstance(); + IWAServiceDataHolder.getInstance().setAuth( + (IWindowsAuthProvider) Class.forName(authProvider).getConstructor().newInstance()); } catch (Exception e) { throw new ServletException("Error loading '" + authProvider, e); } } - if (auth == null) { - auth = new WindowsAuthProviderImpl(); + if (IWAServiceDataHolder.getInstance().getAuth() == null) { + IWAServiceDataHolder.getInstance().setAuth(new WindowsAuthProviderImpl()); } if (providerNames != null) { - providers = new SecurityFilterProviderCollection(providerNames, - auth); + IWAServiceDataHolder.getInstance().setProviders(new SecurityFilterProviderCollection( + providerNames, IWAServiceDataHolder.getInstance().getAuth())); } // create default providers if none specified - if (providers == null) { + if (IWAServiceDataHolder.getInstance().getProviders() == null) { if (log.isDebugEnabled()) { log.debug("initializing default security filter providers"); } - providers = new SecurityFilterProviderCollection(auth); + IWAServiceDataHolder.getInstance().setProviders(new SecurityFilterProviderCollection( + IWAServiceDataHolder.getInstance().getAuth())); } // apply provider implementation parameters @@ -312,9 +306,10 @@ public void init(ServletConfig config) throws ServletException { try { if (log.isDebugEnabled()) { log.debug("Setting " + classAndParameter[0] + ", " + classAndParameter[1] + "=" + - implParameter.getValue()); + implParameter.getValue()); } - SecurityFilterProvider provider = providers.getByClassName(classAndParameter[0]); + SecurityFilterProvider provider = IWAServiceDataHolder.getInstance().getProviders().getByClassName( + classAndParameter[0]); provider.initParameter(classAndParameter[1], implParameter.getValue()); } catch (ClassNotFoundException e) { throw new ServletException("Invalid class: " + classAndParameter[0] + " in " + implParameter diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc.ext/pom.xml b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc.ext/pom.xml index 079996f333..dc159baa7e 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc.ext/pom.xml +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc.ext/pom.xml @@ -19,7 +19,7 @@ org.wso2.carbon.identity application-authenticators - 4.4.2-SNAPSHOT + 4.5.6-SNAPSHOT ../pom.xml diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc.ext/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/ext/WindowsLiveOAuth2Authenticator.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc.ext/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/ext/WindowsLiveOAuth2Authenticator.java index 2cc885ef36..0dbddd2f87 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc.ext/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/ext/WindowsLiveOAuth2Authenticator.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc.ext/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/ext/WindowsLiveOAuth2Authenticator.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2013, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2013, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.authenticator.oidc.ext; @@ -31,6 +31,7 @@ import java.io.InputStreamReader; import java.net.URL; import java.net.URLConnection; +import java.nio.charset.Charset; import java.util.ArrayList; import java.util.HashMap; import java.util.List; @@ -57,6 +58,7 @@ public class WindowsLiveOAuth2Authenticator extends OpenIDConnectAuthenticator { /** * @return */ + @Override protected String getAuthorizationServerEndpoint(Map authenticatorProperties) { return "https://login.live.com/oauth20_authorize.srf"; } @@ -64,6 +66,7 @@ protected String getAuthorizationServerEndpoint(Map authenticato /** * @return */ + @Override protected String getCallbackUrl(Map authenticatorProperties) { return authenticatorProperties.get("windows-live-callback-url"); } @@ -71,6 +74,7 @@ protected String getCallbackUrl(Map authenticatorProperties) { /** * @return */ + @Override protected String getTokenEndpoint(Map authenticatorProperties) { return "https://login.live.com/oauth20_token.srf"; } @@ -79,6 +83,7 @@ protected String getTokenEndpoint(Map authenticatorProperties) { * @param state * @return */ + @Override protected String getState(String state, Map authenticatorProperties) { return state; } @@ -86,6 +91,7 @@ protected String getState(String state, Map authenticatorPropert /** * @return */ + @Override protected String getScope(String scope, Map authenticatorProperties) { return "wl.contacts_emails"; // bingads.manage } @@ -93,6 +99,7 @@ protected String getScope(String scope, Map authenticatorPropert /** * @return */ + @Override protected boolean requiredIDToken(Map authenticatorProperties) { return false; } @@ -101,6 +108,7 @@ protected boolean requiredIDToken(Map authenticatorProperties) { * @param token * @return */ + @Override protected String getAuthenticateUser(OAuthClientResponse token) { return token.getParam("user_id"); } @@ -109,6 +117,7 @@ protected String getAuthenticateUser(OAuthClientResponse token) { * @param token * @return */ + @Override protected Map getSubjectAttributes(OAuthClientResponse token) { Map claims = new HashMap(); @@ -199,7 +208,7 @@ protected String getClaimUri(String fbKey) { private String sendRequest(String url) throws IOException { URLConnection urlConnection = new URL(url).openConnection(); BufferedReader in = new BufferedReader( - new InputStreamReader(urlConnection.getInputStream())); + new InputStreamReader(urlConnection.getInputStream(), Charset.forName("utf-8"))); StringBuilder b = new StringBuilder(); String inputLine = in.readLine(); while (inputLine != null) { diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc.ext/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/ext/internal/WindowsLiceAuthenticatorServiceComponent.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc.ext/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/ext/internal/WindowsLiceAuthenticatorServiceComponent.java index 806f13308c..90e6bb633c 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc.ext/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/ext/internal/WindowsLiceAuthenticatorServiceComponent.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc.ext/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/ext/internal/WindowsLiceAuthenticatorServiceComponent.java @@ -1,3 +1,20 @@ +/* + * Copyright (c) 2013, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package org.wso2.carbon.identity.application.authenticator.oidc.ext.internal; import org.apache.commons.logging.Log; @@ -6,8 +23,6 @@ import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator; import org.wso2.carbon.identity.application.authenticator.oidc.ext.WindowsLiveOAuth2Authenticator; -import java.util.Hashtable; - /** * @scr.component name="identity.application.authenticator.windows.live.component" immediate="true" */ @@ -18,10 +33,8 @@ public class WindowsLiceAuthenticatorServiceComponent { protected void activate(ComponentContext ctxt) { try { WindowsLiveOAuth2Authenticator windowsLoveAuthenticator = new WindowsLiveOAuth2Authenticator(); - Hashtable props = new Hashtable(); - ctxt.getBundleContext().registerService(ApplicationAuthenticator.class.getName(), - windowsLoveAuthenticator, props); + windowsLoveAuthenticator, null); if (log.isDebugEnabled()) { log.debug("Windows Live Authenticator bundle is activated"); } diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc.googleext/pom.xml b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc.googleext/pom.xml index 2f32cdaa8b..b2936736a0 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc.googleext/pom.xml +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc.googleext/pom.xml @@ -19,7 +19,7 @@ org.wso2.carbon.identity application-authenticators - 4.4.2-SNAPSHOT + 4.5.6-SNAPSHOT ../pom.xml diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc.googleext/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/googleext/GoogleOAuth2AuthenticationConstant.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc.googleext/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/googleext/GoogleOAuth2AuthenticationConstant.java index 0f349b7fd6..1fa38172e2 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc.googleext/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/googleext/GoogleOAuth2AuthenticationConstant.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc.googleext/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/googleext/GoogleOAuth2AuthenticationConstant.java @@ -1,23 +1,25 @@ /* - *Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.authenticator.oidc.googleext; public class GoogleOAuth2AuthenticationConstant { + private GoogleOAuth2AuthenticationConstant() { + } public static final String GOOGLE_OAUTH_ENDPOINT = "https://accounts.google.com/o/oauth2/auth"; public static final String GOOGLE_TOKEN_ENDPOINT = "https://accounts.google.com/o/oauth2/token"; diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc.googleext/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/googleext/GoogleOAuth2Authenticator.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc.googleext/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/googleext/GoogleOAuth2Authenticator.java index f46a630ee0..c58c233dc5 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc.googleext/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/googleext/GoogleOAuth2Authenticator.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc.googleext/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/googleext/GoogleOAuth2Authenticator.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.authenticator.oidc.googleext; @@ -46,6 +46,7 @@ import java.io.InputStreamReader; import java.net.HttpURLConnection; import java.net.URL; +import java.nio.charset.Charset; import java.util.ArrayList; import java.util.HashMap; import java.util.List; @@ -102,9 +103,10 @@ protected void initiateAuthenticationRequest(HttpServletRequest request, .getAuthenticatorProperties(); if (authenticatorProperties != null) { String clientId = authenticatorProperties.get(OIDCAuthenticatorConstants.CLIENT_ID); - String authorizationEP = getAuthorizationServerEndpoint(authenticatorProperties); - - if (authorizationEP == null) { + String authorizationEP; + if (getAuthorizationServerEndpoint(authenticatorProperties) != null) { + authorizationEP = getAuthorizationServerEndpoint(authenticatorProperties); + } else { authorizationEP = authenticatorProperties.get(OIDCAuthenticatorConstants.OAUTH2_AUTHZ_URL); } @@ -174,6 +176,7 @@ protected void initiateAuthenticationRequest(HttpServletRequest request, * @param authenticatorProperties * @return */ + @Override protected String getScope(String scope, Map authenticatorProperties) { return OIDCAuthenticatorConstants.OAUTH_OIDC_SCOPE; @@ -204,18 +207,18 @@ protected Map getSubjectAttributes( try { String json = sendRequest(GoogleOAuth2AuthenticationConstant.GOOGLE_USERINFO_ENDPOINT, - token.getParam(OIDCAuthenticatorConstants.ACCESS_TOKEN)); + token.getParam(OIDCAuthenticatorConstants.ACCESS_TOKEN)); Map jsonObject = JSONUtils.parseJSON(json); if (jsonObject != null) { for (Map.Entry entry : jsonObject.entrySet()) { claims.put(ClaimMapping.build(entry.getKey(), - entry.getKey(), null, false), entry.getValue() - .toString()); + entry.getKey(), null, false), entry.getValue() + .toString()); if (log.isDebugEnabled()) { log.debug("Adding claim from end-point data mapping : " + entry.getKey() + " - " + - entry.getValue()); + entry.getValue()); } } @@ -281,9 +284,10 @@ protected void processAuthenticationResponse(HttpServletRequest request, Map authenticatorProperties = context.getAuthenticatorProperties(); String clientId = authenticatorProperties.get(OIDCAuthenticatorConstants.CLIENT_ID); String clientSecret = authenticatorProperties.get(OIDCAuthenticatorConstants.CLIENT_SECRET); - String tokenEndPoint = getTokenEndpoint(authenticatorProperties); - - if (tokenEndPoint == null) { + String tokenEndPoint; + if (getTokenEndpoint(authenticatorProperties) != null) { + tokenEndPoint = getTokenEndpoint(authenticatorProperties); + } else { tokenEndPoint = authenticatorProperties.get(OIDCAuthenticatorConstants.OAUTH2_TOKEN_URL); } @@ -300,38 +304,27 @@ protected void processAuthenticationResponse(HttpServletRequest request, Map paramValueMap = (Map) context.getProperty("oidc:param.map"); if (paramValueMap != null - && paramValueMap.containsKey("redirect_uri")) { + && paramValueMap.containsKey("redirect_uri")) { callBackUrl = paramValueMap.get("redirect_uri"); } OAuthAuthzResponse authzResponse = OAuthAuthzResponse.oauthCodeAuthzResponse(request); String code = authzResponse.getCode(); - OAuthClientRequest accessRequest; - try { - accessRequest = OAuthClientRequest.tokenLocation(tokenEndPoint) - .setGrantType(GrantType.AUTHORIZATION_CODE).setClientId(clientId).setClientSecret(clientSecret) - .setRedirectURI(callBackUrl).setCode(code).buildBodyMessage(); - - } catch (OAuthSystemException e) { - throw new AuthenticationFailedException("Exception while building request for request access token", e); - } + OAuthClientRequest accessRequest = null; + accessRequest = getAccessRequest(tokenEndPoint, clientId, clientSecret, callBackUrl, code); // create OAuth client that uses custom http client under the hood OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient()); - OAuthClientResponse oAuthResponse; - try { - oAuthResponse = oAuthClient.accessToken(accessRequest); - } catch (OAuthSystemException e) { - if (log.isDebugEnabled()) { - log.debug("Exception while requesting access token", e); - } - throw new AuthenticationFailedException("Exception while requesting access token", e); - } - + OAuthClientResponse oAuthResponse = null; + oAuthResponse = getOAuthResponse(oAuthClient, oAuthResponse); // TODO : return access token and id token to framework - String accessToken = oAuthResponse.getParam(OIDCAuthenticatorConstants.ACCESS_TOKEN); - String idToken = oAuthResponse.getParam(OIDCAuthenticatorConstants.ID_TOKEN); + String accessToken = ""; + String idToken = ""; + if (oAuthResponse != null) { + accessToken = oAuthResponse.getParam(OIDCAuthenticatorConstants.ACCESS_TOKEN); + idToken = oAuthResponse.getParam(OIDCAuthenticatorConstants.ID_TOKEN); + } if (accessToken != null && (idToken != null || !requiredIDToken(authenticatorProperties))) { @@ -342,7 +335,7 @@ protected void processAuthenticationResponse(HttpServletRequest request, String base64Body = idToken.split("\\.")[1]; byte[] decoded = Base64.decodeBase64(base64Body.getBytes()); - String json = new String(decoded); + String json = new String(decoded, Charset.forName("utf-8")); if (log.isDebugEnabled()) { log.debug("Id token json string : " + json); @@ -381,6 +374,38 @@ protected void processAuthenticationResponse(HttpServletRequest request, } } + private OAuthClientResponse getOAuthResponse(OAuthClient oAuthClient, OAuthClientResponse oAuthResponse) throws AuthenticationFailedException { + OAuthClientResponse oAuthClientResponse = oAuthResponse; + OAuthClientRequest accessRequest = null; + try { + oAuthClientResponse = oAuthClient.accessToken(accessRequest); + } catch (OAuthSystemException e) { + if (log.isDebugEnabled()) { + log.debug("Exception while requesting access token", e); + } + throw new AuthenticationFailedException("Exception while requesting access token", e); + } catch (OAuthProblemException e) { + if (log.isDebugEnabled()) { + log.debug("Exception while requesting access token", e); + } + } + return oAuthClientResponse; + } + + private OAuthClientRequest getAccessRequest(String tokenEndPoint, String clientId, String clientSecret + , String callBackUrl, String code) + throws AuthenticationFailedException { + OAuthClientRequest oAuthClientRequest = null; + try { + oAuthClientRequest = OAuthClientRequest.tokenLocation(tokenEndPoint) + .setGrantType(GrantType.AUTHORIZATION_CODE).setClientId(clientId).setClientSecret(clientSecret) + .setRedirectURI(callBackUrl).setCode(code).buildBodyMessage(); + } catch (OAuthSystemException e) { + throw new AuthenticationFailedException("Exception while building request for request access token", e); + } + return oAuthClientRequest; + } + /** * Get Friendly Name * diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc.googleext/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/googleext/internal/GoogleAuthenticatorServiceComponent.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc.googleext/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/googleext/internal/GoogleAuthenticatorServiceComponent.java index 22d4befe63..0ba3128bb5 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc.googleext/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/googleext/internal/GoogleAuthenticatorServiceComponent.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc.googleext/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/googleext/internal/GoogleAuthenticatorServiceComponent.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.authenticator.oidc.googleext.internal; @@ -23,7 +23,6 @@ import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator; import org.wso2.carbon.identity.application.authenticator.oidc.googleext.GoogleOAuth2Authenticator; -import java.util.Hashtable; /** * @scr.component name="identity.application.authenticator.oidc.googleext.component" immediate="true" @@ -35,19 +34,19 @@ public class GoogleAuthenticatorServiceComponent { protected void activate(ComponentContext context) { try { GoogleOAuth2Authenticator googleAuthenticator = new GoogleOAuth2Authenticator(); - Hashtable props = new Hashtable(); + context.getBundleContext().registerService(ApplicationAuthenticator.class.getName(), googleAuthenticator, - props); + null); if (log.isDebugEnabled()) { log.debug("Google OAuth2/openID is activated"); } - } catch (Throwable e) { + } catch (Exception e) { log.fatal("Google OAuth2/openID authenticator ", e); } } - protected void deactivate(ComponentContext context) { + protected void deactivate() { if (log.isDebugEnabled()) { log.debug("Google OAuth2/openID is deactivated"); } diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc/pom.xml b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc/pom.xml index 19664c765c..7d5c5b6158 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc/pom.xml +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc/pom.xml @@ -19,7 +19,7 @@ org.wso2.carbon.identity application-authenticators - 4.4.2-SNAPSHOT + 4.5.6-SNAPSHOT ../pom.xml diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/OIDCAuthenticatorConstants.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/OIDCAuthenticatorConstants.java index 7abb881a8a..6531e40c3a 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/OIDCAuthenticatorConstants.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/OIDCAuthenticatorConstants.java @@ -1,24 +1,26 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package org.wso2.carbon.identity.application.authenticator.oidc; public class OIDCAuthenticatorConstants { + private OIDCAuthenticatorConstants() { + } public static final String AUTHENTICATOR_NAME = "OpenIDConnectAuthenticator"; public static final String LOGIN_TYPE = "OIDC"; @@ -37,10 +39,16 @@ public class OIDCAuthenticatorConstants { public static final String OAUTH2_TOKEN_URL = "OAUTH2TokenUrl"; public class AuthenticatorConfParams { + private AuthenticatorConfParams() { + } + public static final String DEFAULT_IDP_CONFIG = "DefaultIdPConfig"; } public class IdPConfParams { + private IdPConfParams() { + } + public static final String CLIENT_ID = "ClientId"; public static final String CLIENT_SECRET = "ClientSecret"; public static final String AUTHORIZATION_EP = "AuthorizationEndPoint"; @@ -49,6 +57,9 @@ public class IdPConfParams { } public class Claim { + private Claim() { + } + public static final String SUB = "sub"; public static final String NAME = "name"; public static final String GIVEN_NAME = "given_name"; diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/OpenIDConnectAuthenticator.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/OpenIDConnectAuthenticator.java index 3fdca096f3..093be10585 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/OpenIDConnectAuthenticator.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/OpenIDConnectAuthenticator.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2013, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2013, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.authenticator.oidc; @@ -67,7 +67,7 @@ public boolean canHandle(HttpServletRequest request) { && OIDCAuthenticatorConstants.LOGIN_TYPE.equals(getLoginType(request))) { return true; } else if (request.getParameter(OIDCAuthenticatorConstants.OAUTH2_PARAM_STATE) != null && - request.getParameter(OIDCAuthenticatorConstants.OAUTH2_ERROR) != null) { + request.getParameter(OIDCAuthenticatorConstants.OAUTH2_ERROR) != null) { //if sends error like access_denied return true; } @@ -280,31 +280,13 @@ protected void processAuthenticationResponse(HttpServletRequest request, OAuthAuthzResponse authzResponse = OAuthAuthzResponse.oauthCodeAuthzResponse(request); String code = authzResponse.getCode(); - OAuthClientRequest accessRequest; - try { - accessRequest = OAuthClientRequest.tokenLocation(tokenEndPoint) - .setGrantType(GrantType.AUTHORIZATION_CODE).setClientId(clientId) - .setClientSecret(clientSecret).setRedirectURI(callbackurl).setCode(code) - .buildBodyMessage(); - - } catch (OAuthSystemException e) { - if (log.isDebugEnabled()) { - log.debug("Exception while building request for request access token", e); - } - throw new AuthenticationFailedException(e.getMessage(), e); - } + OAuthClientRequest accessRequest = null; + accessRequest = getaccessRequest(tokenEndPoint, clientId, code, clientSecret, callbackurl); // create OAuth client that uses custom http client under the hood OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient()); - OAuthClientResponse oAuthResponse; - try { - oAuthResponse = oAuthClient.accessToken(accessRequest); - } catch (OAuthSystemException e) { - if (log.isDebugEnabled()) { - log.debug("Exception while requesting access token", e); - } - throw new AuthenticationFailedException(e.getMessage(), e); - } + OAuthClientResponse oAuthResponse = null; + oAuthResponse = getOauthResponse(oAuthClient, accessRequest); // TODO : return access token and id token to framework String accessToken = oAuthResponse.getParam(OIDCAuthenticatorConstants.ACCESS_TOKEN); @@ -345,8 +327,10 @@ protected void processAuthenticationResponse(HttpServletRequest request, if ("true".equalsIgnoreCase(isSubjectInClaimsProp)) { authenticatedUser = getSubjectFromUserIDClaimURI(context); if (authenticatedUser == null) { - log.warn("Subject claim could not be found amongst subject attributes. " + - "Defaulting to sub attribute in IDToken."); + if (log.isDebugEnabled()) { + log.debug("Subject claim could not be found amongst subject attributes. " + + "Defaulting to sub attribute in IDToken."); + } } } if (authenticatedUser == null) { @@ -386,6 +370,40 @@ protected void processAuthenticationResponse(HttpServletRequest request, } } + private OAuthClientRequest getaccessRequest(String tokenEndPoint, String clientId, String code, String clientSecret, String callbackurl) throws AuthenticationFailedException { + OAuthClientRequest accessRequest = null; + try { + accessRequest = OAuthClientRequest.tokenLocation(tokenEndPoint) + .setGrantType(GrantType.AUTHORIZATION_CODE).setClientId(clientId) + .setClientSecret(clientSecret).setRedirectURI(callbackurl).setCode(code) + .buildBodyMessage(); + + } catch (OAuthSystemException e) { + if (log.isDebugEnabled()) { + log.debug("Exception while building request for request access token", e); + } + throw new AuthenticationFailedException(e.getMessage(), e); + } + return accessRequest; + } + + private OAuthClientResponse getOauthResponse(OAuthClient oAuthClient, OAuthClientRequest accessRequest) throws AuthenticationFailedException { + OAuthClientResponse oAuthResponse = null; + try { + oAuthResponse = oAuthClient.accessToken(accessRequest); + } catch (OAuthSystemException e) { + if (log.isDebugEnabled()) { + log.debug("Exception while requesting access token", e); + } + throw new AuthenticationFailedException(e.getMessage(), e); + } catch (OAuthProblemException e) { + if (log.isDebugEnabled()) { + log.debug("Exception while requesting access token", e); + } + } + return oAuthResponse; + } + @Override public String getContextIdentifier(HttpServletRequest request) { @@ -433,7 +451,9 @@ protected String getSubjectFromUserIDClaimURI(AuthenticationContext context) { try { subject = FrameworkUtils.getFederatedSubjectFromClaims(context, getClaimDialectURI()); } catch (Exception e) { - log.warn("Couldn't find the subject claim from claim mappings "); + if(log.isDebugEnabled()) { + log.debug("Couldn't find the subject claim from claim mappings ", e); + } } return subject; } diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/internal/OpenIDConnectAuthenticatorServiceComponent.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/internal/OpenIDConnectAuthenticatorServiceComponent.java index b357d14fff..d4283cf96a 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/internal/OpenIDConnectAuthenticatorServiceComponent.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.oidc/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/internal/OpenIDConnectAuthenticatorServiceComponent.java @@ -1,3 +1,20 @@ +/* + * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package org.wso2.carbon.identity.application.authenticator.oidc.internal; import org.apache.commons.logging.Log; @@ -6,7 +23,6 @@ import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator; import org.wso2.carbon.identity.application.authenticator.oidc.OpenIDConnectAuthenticator; -import java.util.Hashtable; /** * @scr.component name="identity.application.authenticator.oidc.component" immediate="true" @@ -18,9 +34,8 @@ public class OpenIDConnectAuthenticatorServiceComponent { protected void activate(ComponentContext ctxt) { try { OpenIDConnectAuthenticator openIDConnectAuthenticator = new OpenIDConnectAuthenticator(); - Hashtable props = new Hashtable(); - ctxt.getBundleContext().registerService(ApplicationAuthenticator.class.getName(), openIDConnectAuthenticator, props); + ctxt.getBundleContext().registerService(ApplicationAuthenticator.class.getName(), openIDConnectAuthenticator, null); if (log.isDebugEnabled()) { log.debug("OpenID Connect Authenticator bundle is activated"); } diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid.ext/pom.xml b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid.ext/pom.xml index e10c1df09c..6b465537c4 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid.ext/pom.xml +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid.ext/pom.xml @@ -20,7 +20,7 @@ org.wso2.carbon.identity application-authenticators - 4.4.2-SNAPSHOT + 4.5.6-SNAPSHOT ../pom.xml 4.0.0 diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid.ext/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/ext/GoogleOpenIDAuthenticator.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid.ext/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/ext/GoogleOpenIDAuthenticator.java index a0efc16b09..6f9a3e11e9 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid.ext/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/ext/GoogleOpenIDAuthenticator.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid.ext/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/ext/GoogleOpenIDAuthenticator.java @@ -1,3 +1,20 @@ +/* + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package org.wso2.carbon.identity.application.authenticator.openid.ext; import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext; @@ -23,7 +40,7 @@ public String getFriendlyName() { public String getName() { return "GoogleOpenIDAuthenticator"; } - + @Override protected String getOpenIDServerUrl() { return "https://www.google.com/accounts/o8/id"; } diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid.ext/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/ext/SampleAuthenticator.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid.ext/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/ext/SampleAuthenticator.java index 629e7fde11..9b229dc976 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid.ext/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/ext/SampleAuthenticator.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid.ext/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/ext/SampleAuthenticator.java @@ -1,3 +1,20 @@ +/* + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package org.wso2.carbon.identity.application.authenticator.openid.ext; import org.apache.commons.logging.Log; @@ -46,6 +63,7 @@ protected void initiateAuthenticationRequest(HttpServletRequest request, protected void processAuthenticationResponse(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context) throws AuthenticationFailedException { + log.info("Method is not implemented"); } @@ -53,13 +71,14 @@ protected void processAuthenticationResponse(HttpServletRequest request, protected void initiateLogoutRequest(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context) throws LogoutFailedException { - + log.info("Method is not implemented"); } @Override protected void processLogoutResponse(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context) throws LogoutFailedException { + log.info("Method is not implemented"); } @Override diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid.ext/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/ext/YahooOpenIDAuthenticator.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid.ext/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/ext/YahooOpenIDAuthenticator.java index e64eb3a912..d154363e40 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid.ext/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/ext/YahooOpenIDAuthenticator.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid.ext/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/ext/YahooOpenIDAuthenticator.java @@ -1,3 +1,20 @@ +/* + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package org.wso2.carbon.identity.application.authenticator.openid.ext; import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext; @@ -24,6 +41,7 @@ public String getName() { return "YahooOpenIDAuthenticator"; } + @Override protected String getOpenIDServerUrl() { return "https://me.yahoo.com/"; } diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid.ext/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/ext/internal/SampleAuthenticatorServiceComponent.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid.ext/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/ext/internal/SampleAuthenticatorServiceComponent.java index ea397c1889..44d439f952 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid.ext/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/ext/internal/SampleAuthenticatorServiceComponent.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid.ext/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/ext/internal/SampleAuthenticatorServiceComponent.java @@ -1,3 +1,20 @@ +/* + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package org.wso2.carbon.identity.application.authenticator.openid.ext.internal; import org.apache.commons.logging.Log; @@ -7,7 +24,6 @@ import org.wso2.carbon.identity.application.authenticator.openid.ext.GoogleOpenIDAuthenticator; import org.wso2.carbon.identity.application.authenticator.openid.ext.YahooOpenIDAuthenticator; -import java.util.Hashtable; /** * @scr.component name="identity.application.authenticator.openid.ext.component" immediate="true" @@ -17,21 +33,20 @@ public class SampleAuthenticatorServiceComponent { private static Log log = LogFactory.getLog(SampleAuthenticatorServiceComponent.class); protected void activate(ComponentContext ctxt) { - - Hashtable props = new Hashtable(); - - GoogleOpenIDAuthenticator googleOpenIDAuthenticator = new GoogleOpenIDAuthenticator(); - - ctxt.getBundleContext().registerService(ApplicationAuthenticator.class.getName(), - googleOpenIDAuthenticator, props); - - YahooOpenIDAuthenticator yahooOpenIDAuthenticator = new YahooOpenIDAuthenticator(); - - ctxt.getBundleContext().registerService(ApplicationAuthenticator.class.getName(), - yahooOpenIDAuthenticator, props); - - if (log.isDebugEnabled()) { - log.info("Sample Authenticator bundle is activated"); + try { + GoogleOpenIDAuthenticator googleOpenIDAuthenticator = new GoogleOpenIDAuthenticator(); + ctxt.getBundleContext().registerService(ApplicationAuthenticator.class.getName(), + googleOpenIDAuthenticator, null); + YahooOpenIDAuthenticator yahooOpenIDAuthenticator = new YahooOpenIDAuthenticator(); + ctxt.getBundleContext().registerService(ApplicationAuthenticator.class.getName(), + yahooOpenIDAuthenticator, null); + if (log.isDebugEnabled()) { + log.info("Sample Authenticator bundle is activated"); + } + } catch (Throwable e) { + if (log.isDebugEnabled()) { + log.info("Sample Authenticator bundle is activation Failed"); + } } } diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid/pom.xml b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid/pom.xml index 2363c31dfd..7a094a5ed8 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid/pom.xml +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid/pom.xml @@ -19,7 +19,7 @@ org.wso2.carbon.identity application-authenticators - 4.4.2-SNAPSHOT + 4.5.6-SNAPSHOT ../pom.xml 4.0.0 diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/OpenIDAuthenticator.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/OpenIDAuthenticator.java index ff6b9a4c94..530ae4ab6e 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/OpenIDAuthenticator.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/OpenIDAuthenticator.java @@ -1,3 +1,20 @@ +/* + * Copyright (c) 2013, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package org.wso2.carbon.identity.application.authenticator.openid; import org.apache.commons.logging.Log; @@ -211,8 +228,10 @@ protected String getSubjectFromUserIDClaimURI(AuthenticationContext context) { try { subject = FrameworkUtils.getFederatedSubjectFromClaims(context, getClaimDialectURI()); } catch (Exception e) { - log.warn("Couldn't find the subject claim from claim mappings "); - } + if(log.isDebugEnabled()) { + log.debug("Couldn't find the subject claim from claim mappings " + e); + } + } return subject; } diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/exception/OpenIDException.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/exception/OpenIDException.java index 00e7b035ca..75705b58a3 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/exception/OpenIDException.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/exception/OpenIDException.java @@ -1,20 +1,20 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package org.wso2.carbon.identity.application.authenticator.openid.exception; diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/internal/OpenIDAuthenticatorServiceComponent.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/internal/OpenIDAuthenticatorServiceComponent.java index 4b6e3bf5ed..394c24c880 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/internal/OpenIDAuthenticatorServiceComponent.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/internal/OpenIDAuthenticatorServiceComponent.java @@ -1,3 +1,20 @@ +/* + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package org.wso2.carbon.identity.application.authenticator.openid.internal; import org.apache.commons.logging.Log; @@ -6,7 +23,6 @@ import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator; import org.wso2.carbon.identity.application.authenticator.openid.OpenIDAuthenticator; -import java.util.Hashtable; /** * @scr.component name="identity.application.authenticator.openid.component" immediate="true" @@ -16,14 +32,20 @@ public class OpenIDAuthenticatorServiceComponent { private static Log log = LogFactory.getLog(OpenIDAuthenticatorServiceComponent.class); protected void activate(ComponentContext ctxt) { - OpenIDAuthenticator openIdAuthenticator = new OpenIDAuthenticator(); - Hashtable props = new Hashtable(); - - ctxt.getBundleContext().registerService(ApplicationAuthenticator.class.getName(), openIdAuthenticator, props); - - if (log.isDebugEnabled()) { - log.info("OpenID Authenticator bundle is activated"); + try { + OpenIDAuthenticator openIdAuthenticator = new OpenIDAuthenticator(); + + ctxt.getBundleContext().registerService(ApplicationAuthenticator.class.getName(), openIdAuthenticator, null); + + if (log.isDebugEnabled()) { + log.info("OpenID Authenticator bundle is activated"); + } + } catch (Throwable e) { + if (log.isDebugEnabled()) { + log.info("OpenID Authenticator bundle activation failed"); + } } + } protected void deactivate(ComponentContext ctxt) { diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/manager/AttributesRequestor.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/manager/AttributesRequestor.java index 765d9cea6d..3a2f27c526 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/manager/AttributesRequestor.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/manager/AttributesRequestor.java @@ -1,21 +1,20 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ - + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package org.wso2.carbon.identity.application.authenticator.openid.manager; public interface AttributesRequestor { diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/manager/DefaultOpenIDManager.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/manager/DefaultOpenIDManager.java index 5061b8ead3..987d4cedc9 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/manager/DefaultOpenIDManager.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/manager/DefaultOpenIDManager.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2013, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2013, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.authenticator.openid.manager; @@ -56,6 +56,7 @@ public class DefaultOpenIDManager implements OpenIDManager { private static Log log = LogFactory.getLog(DefaultOpenIDManager.class); + @Override public String doOpenIDLogin(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context) throws OpenIDException { String claimed_id = request.getParameter("claimed_id"); @@ -76,7 +77,6 @@ public String doOpenIDLogin(HttpServletRequest request, HttpServletResponse resp // Keeping necessary parameters to verify the AuthResponse request.getSession().setAttribute("openid-disc", discovered); - //consumerManager.setImmediateAuth(true); String returnToURL = CarbonUIUtil.getAdminConsoleURL(request); String realm = returnToURL.replace("commonauth/carbon/", "commonauth"); @@ -121,6 +121,7 @@ public String doOpenIDLogin(HttpServletRequest request, HttpServletResponse resp } } + @Override public void processOpenIDLoginResponse(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context) throws OpenIDException { String contextIdentifier = context.getContextIdentifier(); @@ -228,17 +229,18 @@ private AttributesRequestor getAttributeRequestor() { } else { attribRequestor = new SampleAttributesRequestor(); } - - attribRequestor.init(); + if (attribRequestor != null) { + attribRequestor.init(); + } return attribRequestor; } private String getCommaSeperatedValue(List values) { - StringBuffer returnValue = null; + StringBuilder returnValue = null; for (String value : values) { if (returnValue == null) { - returnValue = new StringBuffer(value); + returnValue = new StringBuilder(value); } else { returnValue.append("," + value); } diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/manager/OpenIDManager.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/manager/OpenIDManager.java index f9562b3181..11f1bbc59b 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/manager/OpenIDManager.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/manager/OpenIDManager.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2013, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2013, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.authenticator.openid.manager; diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/manager/SampleAttributesRequestor.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/manager/SampleAttributesRequestor.java index 0c2c539313..2b6169457b 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/manager/SampleAttributesRequestor.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.openid/src/main/java/org/wso2/carbon/identity/application/authenticator/openid/manager/SampleAttributesRequestor.java @@ -1,3 +1,20 @@ +/* + * Copyright (c) 2013, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package org.wso2.carbon.identity.application.authenticator.openid.manager; import java.util.ArrayList; @@ -12,6 +29,7 @@ public class SampleAttributesRequestor implements AttributesRequestor { Map typeURIMap = new HashMap(); Map countMap = new HashMap(); + @Override public void init() { requestedAttributes.add("nickname"); requiredMap.put("nickname", true); @@ -35,19 +53,21 @@ public void init() { countMap.put("dob", 1); } + @Override public String[] getRequestedAttributes(String s) { String[] attrArray = new String[requestedAttributes.size()]; return requestedAttributes.toArray(attrArray); } + @Override public boolean isRequired(String s, String s2) { return requiredMap.get(s2); } - + @Override public String getTypeURI(String s, String s2) { return typeURIMap.get(s2); } - + @Override public int getCount(String s, String s2) { return countMap.get(s2); } diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/pom.xml b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/pom.xml index 68b61f818b..6a8a08bc13 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/pom.xml +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/pom.xml @@ -19,7 +19,7 @@ org.wso2.carbon.identity application-authenticators - 4.4.2-SNAPSHOT + 4.5.6-SNAPSHOT ../pom.xml 4.0.0 @@ -27,6 +27,10 @@ bundle Passive STS Application Authenticator + + commons-collections.wso2 + commons-collections + org.wso2.carbon org.wso2.carbon.utils diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/PassiveSTSAuthenticator.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/PassiveSTSAuthenticator.java index 0f35880647..731b284916 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/PassiveSTSAuthenticator.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/PassiveSTSAuthenticator.java @@ -1,20 +1,20 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2005, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package org.wso2.carbon.identity.application.authenticator.passive.sts; @@ -64,10 +64,10 @@ protected void initiateAuthenticationRequest(HttpServletRequest request, ExternalIdPConfig externalIdPConfig = context.getExternalIdP(); String idpURL = context.getAuthenticatorProperties().get(PassiveSTSConstants.PASSIVE_STS_URL); - String loginPage = ""; + String loginPage; try { - loginPage = new PassiveSTSManager(externalIdPConfig).buildRequest(request, idpURL, externalIdPConfig, context.getContextIdentifier(), context.getAuthenticatorProperties()); + loginPage = new PassiveSTSManager(externalIdPConfig).buildRequest(request, idpURL, context.getContextIdentifier(), context.getAuthenticatorProperties()); } catch (PassiveSTSException e) { log.error("Exception while building the WS-Federation request", e); throw new AuthenticationFailedException(e.getMessage(), e); diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/exception/PassiveSTSException.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/exception/PassiveSTSException.java index eab610566d..c83994a054 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/exception/PassiveSTSException.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/exception/PassiveSTSException.java @@ -1,20 +1,20 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2005, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package org.wso2.carbon.identity.application.authenticator.passive.sts.exception; diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/internal/STSAuthenticatorServiceComponent.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/internal/STSAuthenticatorServiceComponent.java index 56c76026d7..a91f38c808 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/internal/STSAuthenticatorServiceComponent.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/internal/STSAuthenticatorServiceComponent.java @@ -1,21 +1,20 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ - + * Copyright (c) 2005, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package org.wso2.carbon.identity.application.authenticator.passive.sts.internal; import org.apache.commons.logging.Log; @@ -24,7 +23,6 @@ import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator; import org.wso2.carbon.identity.application.authenticator.passive.sts.PassiveSTSAuthenticator; -import java.util.Hashtable; /** * @scr.component name="identity.application.authenticator.passive.sts.component" immediate="true" @@ -34,17 +32,19 @@ public class STSAuthenticatorServiceComponent { private static Log log = LogFactory.getLog(STSAuthenticatorServiceComponent.class); protected void activate(ComponentContext ctxt) { - PassiveSTSAuthenticator stsAuthenticator = new PassiveSTSAuthenticator(); - Hashtable props = new Hashtable(); - - ctxt.getBundleContext().registerService(ApplicationAuthenticator.class.getName(), stsAuthenticator, props); - - if (log.isDebugEnabled()) { - log.info("SAMLSSO Authenticator bundle is activated"); + try { + PassiveSTSAuthenticator stsAuthenticator = new PassiveSTSAuthenticator(); + ctxt.getBundleContext().registerService(ApplicationAuthenticator.class.getName(), stsAuthenticator, null); + + if (log.isDebugEnabled()) { + log.info("SAMLSSO Authenticator bundle is activated"); + } + } catch (Throwable e) { + log.error("SAMLSSO Authenticator bundle activation Failed", e); } } - protected void deactivate(ComponentContext ctxt) { + protected void deactivate() { if (log.isDebugEnabled()) { log.info("SAMLSSO Authenticator bundle is deactivated"); } diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/manager/PassiveSTSManager.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/manager/PassiveSTSManager.java index fd12f7e6c6..8ae2bef4f4 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/manager/PassiveSTSManager.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/manager/PassiveSTSManager.java @@ -1,12 +1,12 @@ /* - * Copyright (c) 2005 WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2005, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * * WSO2 Inc. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an @@ -18,6 +18,7 @@ package org.wso2.carbon.identity.application.authenticator.passive.sts.manager; +import org.apache.commons.collections.CollectionUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.xerces.impl.Constants; @@ -34,9 +35,6 @@ import org.opensaml.xml.io.UnmarshallerFactory; import org.opensaml.xml.io.UnmarshallingException; import org.opensaml.xml.security.x509.X509Credential; -import org.opensaml.xml.signature.SignableXMLObject; -import org.opensaml.xml.signature.SignatureValidator; -import org.opensaml.xml.validation.ValidationException; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.NodeList; @@ -83,17 +81,13 @@ public PassiveSTSManager(ExternalIdPConfig externalIdPConfig) throws PassiveSTSE synchronized (this) { if (credential == null) { synchronized (this) { - STSAgentCredential credential = (STSAgentCredential) Class.forName(credentialImplClass).newInstance(); - credential.init(externalIdPConfig); - this.credential = new X509CredentialImpl(credential); + STSAgentCredential stsAgentCredential = (STSAgentCredential) Class.forName(credentialImplClass).newInstance(); + stsAgentCredential.init(externalIdPConfig); + this.credential = new X509CredentialImpl(stsAgentCredential); } } } - } catch (ClassNotFoundException e) { - throw new PassiveSTSException("Error while instantiating SSOAgentCredentialImplClass: " + credentialImplClass, e); - } catch (InstantiationException e) { - throw new PassiveSTSException("Error while instantiating SSOAgentCredentialImplClass: " + credentialImplClass, e); - } catch (IllegalAccessException e) { + } catch (ClassNotFoundException|InstantiationException|IllegalAccessException e) { throw new PassiveSTSException("Error while instantiating SSOAgentCredentialImplClass: " + credentialImplClass, e); } } @@ -117,12 +111,11 @@ public static void doBootstrap() { * * @param request * @param loginPage - * @param externalIdPConfig * @param contextIdentifier * @return redirectionUrl * @throws PassiveSTSException */ - public String buildRequest(HttpServletRequest request, String loginPage, ExternalIdPConfig externalIdPConfig, + public String buildRequest(HttpServletRequest request, String loginPage, String contextIdentifier, Map authenticationProperties) throws PassiveSTSException { @@ -161,15 +154,8 @@ public void processResponse(HttpServletRequest request, AuthenticationContext co Map attributeMap = new HashMap(); if (xmlObject instanceof org.opensaml.saml1.core.Assertion) { - org.opensaml.saml1.core.Assertion assertion = (org.opensaml.saml1.core.Assertion) xmlObject; - /*List subjectStatements = assertion.getSubjectStatements(); - - if(subjectStatements != null && subjectStatements.size() > 0 && subjectStatements.get(0).getSubject() != null){ - subject = subjectStatements.get(0).getSubject().getNameIdentifier().getNameIdentifier(); - }*/ - - if (assertion.getAuthenticationStatements() != null && assertion.getAuthenticationStatements().size() > 0) { + if (CollectionUtils.isNotEmpty(assertion.getAuthenticationStatements())) { Subject subjectElem = assertion.getAuthenticationStatements().get(0).getSubject(); if (subjectElem != null) { @@ -181,7 +167,7 @@ public void processResponse(HttpServletRequest request, AuthenticationContext co } } - if (assertion.getAttributeStatements() != null && assertion.getAttributeStatements().size() > 0) { + if (CollectionUtils.isNotEmpty(assertion.getAttributeStatements())) { if (subject == null) { subject = assertion.getAttributeStatements().get(0).getSubject().getNameIdentifier().getNameIdentifier(); } @@ -190,7 +176,6 @@ public void processResponse(HttpServletRequest request, AuthenticationContext co List attributes = statement.getAttributes(); for (Attribute attribute : attributes) { String attributeUri = attribute.getAttributeNamespace(); - String attributeName = attribute.getAttributeName(); List xmlObjects = attribute.getAttributeValues(); for (XMLObject object : xmlObjects) { String attributeValue = object.getDOM().getTextContent(); @@ -199,10 +184,6 @@ public void processResponse(HttpServletRequest request, AuthenticationContext co } } } - - // validate signature this SP only looking for assertion signature - //validateSignature(assertion); - } else if (xmlObject instanceof org.opensaml.saml2.core.Assertion) { org.opensaml.saml2.core.Assertion assertion = (org.opensaml.saml2.core.Assertion) xmlObject; @@ -210,14 +191,11 @@ public void processResponse(HttpServletRequest request, AuthenticationContext co if (assertion.getSubject() != null && assertion.getSubject().getNameID() != null) { subject = assertion.getSubject().getNameID().getValue(); } - // validate signature this SP only looking for assertion signature - //validateSignature(assertion); for (org.opensaml.saml2.core.AttributeStatement statement : assertion.getAttributeStatements()) { List attributes = statement.getAttributes(); for (org.opensaml.saml2.core.Attribute attribute : attributes) { String attributeUri = attribute.getName(); - String attributeName = attribute.getFriendlyName(); List xmlObjects = attribute.getAttributeValues(); for (XMLObject object : xmlObjects) { String attributeValue = object.getDOM().getTextContent(); @@ -255,7 +233,7 @@ public void processResponse(HttpServletRequest request, AuthenticationContext co */ private XMLObject unmarshall(String samlString) throws PassiveSTSException { - samlString = decodeHTMLCharacters(samlString); + String samlStr = decodeHTMLCharacters(samlString); try { DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); @@ -268,7 +246,7 @@ private XMLObject unmarshall(String samlString) throws PassiveSTSException { DocumentBuilder docBuilder = documentBuilderFactory.newDocumentBuilder(); docBuilder.setEntityResolver(new CarbonEntityResolver()); - ByteArrayInputStream is = new ByteArrayInputStream(samlString.getBytes(Charset.forName("UTF-8"))); + ByteArrayInputStream is = new ByteArrayInputStream(samlStr.getBytes(Charset.forName("UTF-8"))); Document document = docBuilder.parse(is); Element element = document.getDocumentElement(); @@ -287,13 +265,13 @@ private XMLObject unmarshall(String samlString) throws PassiveSTSException { Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(node); return unmarshaller.unmarshall(node); } catch (ParserConfigurationException e) { - throw new PassiveSTSException("Error in unmarshalling SAML Request from the encoded String", e); + throw new PassiveSTSException(PassiveSTSConstants.ERROR_IN_UNMARSHALLING_SAML_REQUEST_FROM_THE_ENCODED_STRING, e); } catch (UnmarshallingException e) { - throw new PassiveSTSException("Error in unmarshalling SAML Request from the encoded String", e); + throw new PassiveSTSException(PassiveSTSConstants.ERROR_IN_UNMARSHALLING_SAML_REQUEST_FROM_THE_ENCODED_STRING, e); } catch (SAXException e) { - throw new PassiveSTSException("Error in unmarshalling SAML Request from the encoded String", e); + throw new PassiveSTSException(PassiveSTSConstants.ERROR_IN_UNMARSHALLING_SAML_REQUEST_FROM_THE_ENCODED_STRING, e); } catch (IOException e) { - throw new PassiveSTSException("Error in unmarshalling SAML Request from the encoded String", e); + throw new PassiveSTSException(PassiveSTSConstants.ERROR_IN_UNMARSHALLING_SAML_REQUEST_FROM_THE_ENCODED_STRING, e); } } @@ -309,27 +287,6 @@ private String decodeHTMLCharacters(String encodedStr) { } - /** - * Validate the signature of a SAML2 Response and Assertion - * - * @param assertion SAML2 Response - * @throws PassiveSTSException - */ - private void validateSignature(SignableXMLObject assertion) throws PassiveSTSException { - - if (assertion.getSignature() == null) { - throw new PassiveSTSException("SAMLAssertion signing is enabled, but signature element not " + - "found in SAML Assertion element."); - } else { - try { - SignatureValidator validator = new SignatureValidator(credential); - validator.validate(assertion.getSignature()); - } catch (ValidationException e) { - throw new PassiveSTSException("Signature validation failed for SAML Assertion"); - } - } - } - /* * Process the response and returns the results */ diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/manager/STSAgentCredential.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/manager/STSAgentCredential.java index 21095754d6..ca415bd3a2 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/manager/STSAgentCredential.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/manager/STSAgentCredential.java @@ -1,20 +1,20 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2005, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package org.wso2.carbon.identity.application.authenticator.passive.sts.manager; diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/manager/STSAgentKeyStoreCredential.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/manager/STSAgentKeyStoreCredential.java index 7a388a1d96..e4630c52bb 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/manager/STSAgentKeyStoreCredential.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/manager/STSAgentKeyStoreCredential.java @@ -1,21 +1,20 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ - + * Copyright (c) 2005, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package org.wso2.carbon.identity.application.authenticator.passive.sts.manager; import org.apache.commons.logging.Log; @@ -25,18 +24,14 @@ import org.wso2.carbon.identity.application.common.model.IdentityProvider; import org.wso2.carbon.identity.application.common.util.IdentityApplicationManagementUtil; -import java.io.IOException; -import java.io.InputStream; -import java.security.KeyStore; import java.security.PrivateKey; import java.security.PublicKey; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; -import java.util.logging.Logger; + public class STSAgentKeyStoreCredential implements STSAgentCredential { - private static Logger LOGGER = Logger.getLogger("InfoLogging"); private static Log log = LogFactory.getLog(STSAgentKeyStoreCredential.class); private static PublicKey publicKey = null; @@ -44,7 +39,7 @@ public class STSAgentKeyStoreCredential implements STSAgentCredential { private static X509Certificate entityCertificate = null; private static void readX509Credentials(ExternalIdPConfig externalIdPConfig) throws PassiveSTSException { - String alias = externalIdPConfig.getIdPName(); + externalIdPConfig.getIdPName(); IdentityProvider identityProvider = externalIdPConfig.getIdentityProvider(); X509Certificate x509Certificate = null; try { @@ -60,42 +55,6 @@ private static void readX509Credentials(ExternalIdPConfig externalIdPConfig) thr } - /** - * get the key store instance - * - * @param is KeyStore InputStream - * @param storePassword password of key store - * @param storeType key store type - * @return KeyStore instant - * @throws PassiveSTSException if fails to load key store - */ - private static KeyStore readKeyStore(InputStream is, String storePassword, - String storeType) throws PassiveSTSException { - - if (storePassword == null) { - throw new PassiveSTSException("KeyStore password can not be null"); - } - if (storeType == null) { - throw new PassiveSTSException("KeyStore Type can not be null"); - } - - try { - KeyStore keyStore = KeyStore.getInstance(storeType); - keyStore.load(is, storePassword.toCharArray()); - return keyStore; - } catch (Exception e) { - throw new PassiveSTSException("Error while loading key store file", e); - } finally { - if (is != null) { - try { - is.close(); - } catch (IOException ignored) { - throw new PassiveSTSException("Error while closing input stream of key store"); - } - } - } - } - @Override public void init(ExternalIdPConfig externalIdPConfig) throws PassiveSTSException { readX509Credentials(externalIdPConfig); diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/manager/X509CredentialImpl.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/manager/X509CredentialImpl.java index 7d43a9a245..59264c7823 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/manager/X509CredentialImpl.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/manager/X509CredentialImpl.java @@ -1,23 +1,24 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2005, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package org.wso2.carbon.identity.application.authenticator.passive.sts.manager; +import org.apache.commons.collections.CollectionUtils; import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.credential.CredentialContextSet; import org.opensaml.xml.security.credential.UsageType; @@ -49,55 +50,67 @@ public X509CredentialImpl(STSAgentCredential credential) throws PassiveSTSExcept /** * Retrieves the publicKey */ + + @Override public PublicKey getPublicKey() { return publicKey; } + @Override public PrivateKey getPrivateKey() { return privateKey; } + @Override public X509Certificate getEntityCertificate() { return entityCertificate; } // ********** Not implemented ************************************************************** + @Override public Collection getCRLs() { // TODO Auto-generated method stub return null; } + @Override public Collection getEntityCertificateChain() { // TODO Auto-generated method stub - return null; + return CollectionUtils.EMPTY_COLLECTION; } + @Override public CredentialContextSet getCredentalContextSet() { // TODO Auto-generated method stub return null; } + @Override public Class getCredentialType() { // TODO Auto-generated method stub return null; } + @Override public String getEntityId() { // TODO Auto-generated method stub return null; } + @Override public Collection getKeyNames() { // TODO Auto-generated method stub - return null; + return CollectionUtils.EMPTY_COLLECTION; } + @Override public SecretKey getSecretKey() { // TODO Auto-generated method stub return null; } + @Override public UsageType getUsageType() { // TODO Auto-generated method stub return null; diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/util/CarbonEntityResolver.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/util/CarbonEntityResolver.java index 7feae6f997..95ad6b2bfc 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/util/CarbonEntityResolver.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/util/CarbonEntityResolver.java @@ -1,19 +1,19 @@ package org.wso2.carbon.identity.application.authenticator.passive.sts.util; /* - * Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * * WSO2 Inc. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the + * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/util/PassiveSTSConstants.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/util/PassiveSTSConstants.java index 434f9d85e7..6bf820ca12 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/util/PassiveSTSConstants.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.passive.sts/src/main/java/org/wso2/carbon/identity/application/authenticator/passive/sts/util/PassiveSTSConstants.java @@ -1,20 +1,20 @@ /* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package org.wso2.carbon.identity.application.authenticator.passive.sts.util; @@ -24,5 +24,9 @@ public class PassiveSTSConstants { public static final String HTTP_PARAM_PASSIVE_STS_RESULT = "wresult"; public static final String PASSIVE_STS_URL = "PassiveSTSUrl"; public static final String REALM_ID = "RealmId"; + public static final String ERROR_WHILE_INSTANTIATING_SSOAGENT_CREDENTIAL_IMPL_CLASS = "Error while instantiating SSOAgentCredentialImplClass: "; + public static final String ERROR_IN_UNMARSHALLING_SAML_REQUEST_FROM_THE_ENCODED_STRING = "Error in unmarshalling SAML Request from the encoded String"; + private PassiveSTSConstants() { + } } \ No newline at end of file diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.requestpath.basicauth/pom.xml b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.requestpath.basicauth/pom.xml index 50ccb33a11..9d0829c47b 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.requestpath.basicauth/pom.xml +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.requestpath.basicauth/pom.xml @@ -19,7 +19,7 @@ org.wso2.carbon.identity application-authenticators - 4.4.2-SNAPSHOT + 4.5.6-SNAPSHOT ../pom.xml 4.0.0 diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.requestpath.basicauth/src/main/java/org/wso2/carbon/identity/application/authenticator/requestpath/basicauth/BasicAuthRequestPathAuthenticator.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.requestpath.basicauth/src/main/java/org/wso2/carbon/identity/application/authenticator/requestpath/basicauth/BasicAuthRequestPathAuthenticator.java index 491b7a2019..340c3bcd7b 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.requestpath.basicauth/src/main/java/org/wso2/carbon/identity/application/authenticator/requestpath/basicauth/BasicAuthRequestPathAuthenticator.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.requestpath.basicauth/src/main/java/org/wso2/carbon/identity/application/authenticator/requestpath/basicauth/BasicAuthRequestPathAuthenticator.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2013, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2013, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.authenticator.requestpath.basicauth; @@ -33,6 +33,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import java.nio.charset.Charset; import java.util.HashMap; import java.util.Map; @@ -84,7 +85,7 @@ protected void processAuthenticationResponse(HttpServletRequest request, } try { - String[] cred = new String(Base64.decode(credential)).split(":"); + String[] cred = new String(Base64.decode(credential), Charset.forName("utf-8")).split(":"); int tenantId = IdentityUtil.getTenantIdOFUser(cred[0]); UserStoreManager userStoreManager = (UserStoreManager) BasicAuthRequestPathAuthenticatorServiceComponent.getRealmService().getTenantUserRealm(tenantId).getUserStoreManager(); boolean isAuthenticated = userStoreManager.authenticate(MultitenantUtils.getTenantAwareUsername(cred[0]), cred[1]); diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.requestpath.basicauth/src/main/java/org/wso2/carbon/identity/application/authenticator/requestpath/basicauth/internal/BasicAuthRequestPathAuthenticatorServiceComponent.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.requestpath.basicauth/src/main/java/org/wso2/carbon/identity/application/authenticator/requestpath/basicauth/internal/BasicAuthRequestPathAuthenticatorServiceComponent.java index 4a60ebbc4b..3a6bca8afc 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.requestpath.basicauth/src/main/java/org/wso2/carbon/identity/application/authenticator/requestpath/basicauth/internal/BasicAuthRequestPathAuthenticatorServiceComponent.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.requestpath.basicauth/src/main/java/org/wso2/carbon/identity/application/authenticator/requestpath/basicauth/internal/BasicAuthRequestPathAuthenticatorServiceComponent.java @@ -1,3 +1,20 @@ +/* + * Copyright (c) 2013, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package org.wso2.carbon.identity.application.authenticator.requestpath.basicauth.internal; import org.apache.commons.logging.Log; @@ -7,8 +24,6 @@ import org.wso2.carbon.identity.application.authenticator.requestpath.basicauth.BasicAuthRequestPathAuthenticator; import org.wso2.carbon.user.core.service.RealmService; -import java.util.Hashtable; - /** * @scr.component name="identity.application.authenticator.requestpath.basicauth.component" immediate="true" * @scr.reference name="realm.service" @@ -31,18 +46,20 @@ protected void setRealmService(RealmService realmService) { } protected void activate(ComponentContext ctxt) { - - BasicAuthRequestPathAuthenticator auth = new BasicAuthRequestPathAuthenticator(); - Hashtable props = new Hashtable(); - - ctxt.getBundleContext().registerService(ApplicationAuthenticator.class.getName(), auth, props); - - if (log.isDebugEnabled()) { - log.info("BasicAuthRequestPathAuthenticator bundle is activated"); + try { + BasicAuthRequestPathAuthenticator auth = new BasicAuthRequestPathAuthenticator(); + ctxt.getBundleContext().registerService(ApplicationAuthenticator.class.getName(), auth, null); + if (log.isDebugEnabled()) { + log.info("BasicAuthRequestPathAuthenticator bundle is activated"); + } + } catch (Throwable e) { + if (log.isDebugEnabled()) { + log.info("BasicAuthRequestPathAuthenticator bundle activation Failed"); + } } } - protected void deactivate(ComponentContext ctxt) { + protected void deactivate(ComponentContext context) { if (log.isDebugEnabled()) { log.info("BasicAuthRequestPathAuthenticator bundle is deactivated"); } diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.requestpath.oauth/pom.xml b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.requestpath.oauth/pom.xml index 383236f524..9123cf24e6 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.requestpath.oauth/pom.xml +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.requestpath.oauth/pom.xml @@ -19,7 +19,7 @@ org.wso2.carbon.identity application-authenticators - 4.4.2-SNAPSHOT + 4.5.6-SNAPSHOT ../pom.xml 4.0.0 diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.requestpath.oauth/src/main/java/org/wso2/carbon/identity/application/authenticator/requestpath/oauth/OAuthRequestPathAuthenticator.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.requestpath.oauth/src/main/java/org/wso2/carbon/identity/application/authenticator/requestpath/oauth/OAuthRequestPathAuthenticator.java index 1bd9c5b9dd..5bd40f9d0c 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.requestpath.oauth/src/main/java/org/wso2/carbon/identity/application/authenticator/requestpath/oauth/OAuthRequestPathAuthenticator.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.requestpath.oauth/src/main/java/org/wso2/carbon/identity/application/authenticator/requestpath/oauth/OAuthRequestPathAuthenticator.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2013, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2013, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.authenticator.requestpath.oauth; diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.requestpath.oauth/src/main/java/org/wso2/carbon/identity/application/authenticator/requestpath/oauth/internal/OAuthRequestPathAuthenticatorServiceComponent.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.requestpath.oauth/src/main/java/org/wso2/carbon/identity/application/authenticator/requestpath/oauth/internal/OAuthRequestPathAuthenticatorServiceComponent.java index 710be042b1..d6c3f02a26 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.requestpath.oauth/src/main/java/org/wso2/carbon/identity/application/authenticator/requestpath/oauth/internal/OAuthRequestPathAuthenticatorServiceComponent.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.requestpath.oauth/src/main/java/org/wso2/carbon/identity/application/authenticator/requestpath/oauth/internal/OAuthRequestPathAuthenticatorServiceComponent.java @@ -1,3 +1,20 @@ +/* + * Copyright (c) 2013, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package org.wso2.carbon.identity.application.authenticator.requestpath.oauth.internal; import org.apache.commons.logging.Log; @@ -7,7 +24,6 @@ import org.wso2.carbon.identity.application.authenticator.requestpath.oauth.OAuthRequestPathAuthenticator; import org.wso2.carbon.user.core.service.RealmService; -import java.util.Hashtable; /** * @scr.component name="identity.application.authenticator.requestpath.oauth.component" immediate="true" @@ -31,18 +47,20 @@ protected void setRealmService(RealmService realmService) { } protected void activate(ComponentContext ctxt) { - - OAuthRequestPathAuthenticator auth = new OAuthRequestPathAuthenticator(); - Hashtable props = new Hashtable(); - - ctxt.getBundleContext().registerService(ApplicationAuthenticator.class.getName(), auth, props); - - if (log.isDebugEnabled()) { - log.info("OAuthRequestPathAuthenticator bundle is activated"); + try { + OAuthRequestPathAuthenticator auth = new OAuthRequestPathAuthenticator(); + ctxt.getBundleContext().registerService(ApplicationAuthenticator.class.getName(), auth, null); + if (log.isDebugEnabled()) { + log.info("OAuthRequestPathAuthenticator bundle is activated"); + } + } catch (Throwable e) { + if (log.isDebugEnabled()) { + log.error("OAuthRequestPathAuthenticator bundle activation failed"); + } } } - protected void deactivate(ComponentContext ctxt) { + protected void deactivate(ComponentContext context) { if (log.isDebugEnabled()) { log.info("OAuthRequestPathAuthenticator bundle is deactivated"); } diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/pom.xml b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/pom.xml index bbf0bee36e..7d984b68b9 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/pom.xml +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/pom.xml @@ -19,13 +19,17 @@ org.wso2.carbon.identity application-authenticators - 4.4.2-SNAPSHOT + 4.5.6-SNAPSHOT ../pom.xml 4.0.0 org.wso2.carbon.identity.application.authenticator.samlsso bundle + + commons-collections.wso2 + commons-collections + org.wso2.carbon org.wso2.carbon.utils diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/pom.xml~ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/pom.xml~ new file mode 100644 index 0000000000..c241840fef --- /dev/null +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/pom.xml~ @@ -0,0 +1,135 @@ + + + + + + org.wso2.carbon.identity + application-authenticators + 4.5.1-SNAPSHOT + ../pom.xml + + 4.0.0 + org.wso2.carbon.identity.application.authenticator.samlsso + bundle + + + commons-collections + commons-collections + 3.2.1 + + + + org.wso2.carbon + org.wso2.carbon.utils + + + org.wso2.carbon + org.wso2.carbon.ui + + + org.wso2.carbon.identity + org.wso2.carbon.identity.base + + + org.wso2.carbon.identity + org.wso2.carbon.identity.core + + + org.wso2.carbon + org.wso2.carbon.core + + + org.wso2.carbon + org.wso2.carbon.logging + + + org.wso2.carbon.identity + org.wso2.carbon.identity.application.authentication.framework + + + opensaml.wso2 + opensaml2 + + + org.wso2.carbon.identity + org.wso2.carbon.identity.application.common + + + + + + org.apache.felix + maven-scr-plugin + + + org.apache.felix + maven-bundle-plugin + true + + + ${project.artifactId} + ${project.artifactId} + + org.wso2.carbon.identity.application.authenticator.samlsso.internal, + + + javax.crypto, + javax.servlet; version="${imp.pkg.version.javax.servlet}", + javax.servlet.http; version="${imp.pkg.version.javax.servlet}", + javax.xml.namespace, + javax.xml.parsers, + + org.apache.commons.codec.binary; version="${commons-codec.wso2.osgi.version.range}", + org.apache.commons.logging; version="${commons-logging.osgi.version.range}", + org.apache.xerces.util; resolution:=optional, + org.apache.xml.security; version="${wss4j.xml.security.imp.pkg.version.range}", + org.apache.xml.security.utils; version="${wss4j.xml.security.imp.pkg.version.range}", + + org.joda.time; version="${opensaml2.wso2.osgi.version.range}", + + org.opensaml.*; version="${opensaml2.wso2.osgi.version.range}", + + org.osgi.framework; version="${osgi.framework.imp.pkg.version.range}", + org.osgi.service.component; version="${osgi.service.component.imp.pkg.version.range}", + + org.w3c.dom.*, + + org.wso2.carbon.identity.application.authentication.framework.*; version="${carbon.identity.package.import.version.range}", + org.wso2.carbon.identity.application.common.model; version="${carbon.identity.package.import.version.range}", + org.wso2.carbon.identity.application.common.util; version="${carbon.identity.package.import.version.range}", + + org.wso2.carbon.core.util; version="${carbon.kernel.package.import.version.range}", + org.wso2.carbon.ui; version="${carbon.kernel.package.import.version.range}", + org.wso2.carbon.user.api; version="${carbon.user.api.imp.pkg.version.range}", + org.wso2.carbon.user.core.service; version="${carbon.kernel.package.import.version.range}", + org.wso2.carbon.user.core.tenant; version="${carbon.kernel.package.import.version.range}", + org.wso2.carbon.utils; version="${carbon.kernel.package.import.version.range}", + + org.xml.sax + + + !org.wso2.carbon.identity.application.authenticator.samlsso.internal, + org.wso2.carbon.identity.application.authenticator.samlsso.*; + version="${carbon.identity.package.export.version}" + + * + + + + + + diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/SAMLSSOAuthenticator.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/SAMLSSOAuthenticator.java index 1dd7063e8e..cbe5a0a0fd 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/SAMLSSOAuthenticator.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/SAMLSSOAuthenticator.java @@ -1,12 +1,12 @@ /* - * Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an @@ -51,6 +51,7 @@ public class SAMLSSOAuthenticator extends AbstractApplicationAuthenticator implements FederatedApplicationAuthenticator { private static final long serialVersionUID = -8097512332218044859L; + public static final String AS_REQUEST = "AS_REQUEST"; private static Log log = LogFactory.getLog(SAMLSSOAuthenticator.class); @@ -85,11 +86,11 @@ protected void initiateAuthenticationRequest(HttpServletRequest request, HttpSer .get(IdentityApplicationConstants.Authenticator.SAML2SSO.REQUEST_METHOD); if (requestMethod != null && requestMethod.trim().length() != 0) { - if (requestMethod.equalsIgnoreCase("POST")) { + if (SSOConstants.POST.equalsIgnoreCase(requestMethod)) { isPost = true; - } else if (requestMethod.equalsIgnoreCase("REDIRECT")) { + } else if (SSOConstants.REDIRECT.equalsIgnoreCase(requestMethod)) { isPost = false; - } else if (requestMethod.equalsIgnoreCase("AS_REQUEST")) { + } else if (AS_REQUEST.equalsIgnoreCase(requestMethod)) { isPost = context.getAuthenticationRequest().isPost(); } } else { @@ -105,30 +106,8 @@ protected void initiateAuthenticationRequest(HttpServletRequest request, HttpSer saml2SSOManager.init(context.getTenantDomain(), context.getAuthenticatorProperties(), context.getExternalIdP().getIdentityProvider()); ssoUrl = saml2SSOManager.buildRequest(request, false, false, idpURL, context); + generateAuthenticationRequest(request, response, ssoUrl, authenticatorProperties); - try { - String domain = request.getParameter("domain"); - - if (domain != null) { - ssoUrl = ssoUrl + "&fidp=" + domain; - } - - if (authenticatorProperties != null) { - String queryString = authenticatorProperties - .get(FrameworkConstants.QUERY_PARAMS); - if (queryString != null) { - if (!queryString.startsWith("&")) { - ssoUrl = ssoUrl + "&" + queryString; - } else { - ssoUrl = ssoUrl + queryString; - } - } - } - response.sendRedirect(ssoUrl); - } catch (IOException e) { - throw new AuthenticationFailedException( - "Error while sending the redirect to federated SAML IdP", e); - } } } catch (SAMLSSOException e) { throw new AuthenticationFailedException(e.getMessage(), e); @@ -137,6 +116,34 @@ protected void initiateAuthenticationRequest(HttpServletRequest request, HttpSer return; } + private void generateAuthenticationRequest(HttpServletRequest request, HttpServletResponse response, + String ssoUrl, Map authenticatorProperties) + throws AuthenticationFailedException { + try { + String domain = request.getParameter("domain"); + + if (domain != null) { + ssoUrl = ssoUrl + "&fidp=" + domain; + } + + if (authenticatorProperties != null) { + String queryString = authenticatorProperties + .get(FrameworkConstants.QUERY_PARAMS); + if (queryString != null) { + if (!queryString.startsWith("&")) { + ssoUrl = ssoUrl + "&" + queryString; + } else { + ssoUrl = ssoUrl + queryString; + } + } + } + response.sendRedirect(ssoUrl); + } catch (IOException e) { + throw new AuthenticationFailedException( + "Error while sending the redirect to federated SAML IdP", e); + } + } + @Override protected void processAuthenticationResponse(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context) @@ -274,11 +281,11 @@ protected void initiateLogoutRequest(HttpServletRequest request, .get(IdentityApplicationConstants.Authenticator.SAML2SSO.REQUEST_METHOD); if (requestMethod != null && requestMethod.trim().length() != 0) { - if (requestMethod.equalsIgnoreCase("POST")) { + if ("POST".equalsIgnoreCase(requestMethod)) { isPost = true; - } else if (requestMethod.equalsIgnoreCase("REDIRECT")) { + } else if ("REDIRECT".equalsIgnoreCase(requestMethod)) { isPost = false; - } else if (requestMethod.equalsIgnoreCase("AS_REQUEST")) { + } else if ("AS_REQUEST".equalsIgnoreCase(requestMethod)) { isPost = context.getAuthenticationRequest().isPost(); } } else { @@ -306,6 +313,7 @@ protected void initiateLogoutRequest(HttpServletRequest request, protected void processLogoutResponse(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context) throws LogoutFailedException { + throw new UnsupportedOperationException(); } private void sendPostRequest(HttpServletRequest request, HttpServletResponse response, diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/exception/SAMLSSOException.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/exception/SAMLSSOException.java index 1fc38be2b1..e1126d8e01 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/exception/SAMLSSOException.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/exception/SAMLSSOException.java @@ -1,12 +1,12 @@ /* - * Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/internal/SAMLSSOAuthenticatorServiceComponent.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/internal/SAMLSSOAuthenticatorServiceComponent.java index baf347aef2..d7e5f1abbb 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/internal/SAMLSSOAuthenticatorServiceComponent.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/internal/SAMLSSOAuthenticatorServiceComponent.java @@ -1,12 +1,12 @@ /* - * Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an @@ -29,7 +29,6 @@ import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; -import java.util.Hashtable; import java.util.Scanner; /** @@ -62,30 +61,31 @@ public static String getPostPage() { } protected void activate(ComponentContext ctxt) { - - SAMLSSOAuthenticator samlSSOAuthenticator = new SAMLSSOAuthenticator(); - Hashtable props = new Hashtable(); - - ctxt.getBundleContext().registerService(ApplicationAuthenticator.class.getName(), samlSSOAuthenticator, props); - try { + SAMLSSOAuthenticator samlSSOAuthenticator = new SAMLSSOAuthenticator(); + ctxt.getBundleContext().registerService(ApplicationAuthenticator.class.getName(), samlSSOAuthenticator, null); String postPagePath = CarbonUtils.getCarbonHome() + File.separator + "repository" + File.separator + "resources" + File.separator + "security" + File.separator + "samlsso_federate.html"; FileInputStream fis = new FileInputStream(new File(postPagePath)); postPage = new Scanner(fis, "UTF-8").useDelimiter("\\A").next(); + if (log.isDebugEnabled()) { + log.info("SAML2 SSO Authenticator bundle is activated"); + } } catch (FileNotFoundException e) { if (log.isDebugEnabled()) { - log.debug("Failed to find SAMLSSO POST page for federation"); + log.debug("Failed to find SAMLSSO POST page for federation" + e); + } + } catch (Throwable e) { + if (log.isDebugEnabled()) { + log.debug("Failed SAMLSSO authentication" + e); } } - if (log.isDebugEnabled()) { - log.info("SAML2 SSO Authenticator bundle is activated"); - } + } - protected void deactivate(ComponentContext ctxt) { + protected void deactivate(ComponentContext context) { if (log.isDebugEnabled()) { log.info("SAML2 SSO Authenticator bundle is deactivated"); } diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/manager/DefaultSAML2SSOManager.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/manager/DefaultSAML2SSOManager.java index 33590049b2..307c5bf0d7 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/manager/DefaultSAML2SSOManager.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/manager/DefaultSAML2SSOManager.java @@ -1,12 +1,12 @@ /* - * Copyright (c) 2014 WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * * WSO2 Inc. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an @@ -18,6 +18,7 @@ package org.wso2.carbon.identity.application.authenticator.samlsso.manager; +import org.apache.commons.collections.CollectionUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.xerces.impl.Constants; @@ -30,13 +31,42 @@ import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.common.Extensions; import org.opensaml.saml2.common.impl.ExtensionsBuilder; -import org.opensaml.saml2.core.*; -import org.opensaml.saml2.core.impl.*; +import org.opensaml.saml2.core.Assertion; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.AttributeStatement; +import org.opensaml.saml2.core.Audience; +import org.opensaml.saml2.core.AudienceRestriction; +import org.opensaml.saml2.core.AuthnContextClassRef; +import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; +import org.opensaml.saml2.core.AuthnRequest; +import org.opensaml.saml2.core.Conditions; +import org.opensaml.saml2.core.EncryptedAssertion; +import org.opensaml.saml2.core.Issuer; +import org.opensaml.saml2.core.LogoutRequest; +import org.opensaml.saml2.core.LogoutResponse; +import org.opensaml.saml2.core.NameID; +import org.opensaml.saml2.core.NameIDPolicy; +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.RequestedAuthnContext; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.SessionIndex; +import org.opensaml.saml2.core.impl.AuthnContextClassRefBuilder; +import org.opensaml.saml2.core.impl.AuthnRequestBuilder; +import org.opensaml.saml2.core.impl.IssuerBuilder; +import org.opensaml.saml2.core.impl.LogoutRequestBuilder; +import org.opensaml.saml2.core.impl.NameIDBuilder; +import org.opensaml.saml2.core.impl.NameIDPolicyBuilder; +import org.opensaml.saml2.core.impl.RequestedAuthnContextBuilder; +import org.opensaml.saml2.core.impl.SessionIndexBuilder; import org.opensaml.saml2.encryption.Decrypter; import org.opensaml.xml.ConfigurationException; import org.opensaml.xml.XMLObject; import org.opensaml.xml.encryption.EncryptedKey; -import org.opensaml.xml.io.*; +import org.opensaml.xml.io.Marshaller; +import org.opensaml.xml.io.MarshallingException; +import org.opensaml.xml.io.Unmarshaller; +import org.opensaml.xml.io.UnmarshallerFactory; +import org.opensaml.xml.io.UnmarshallingException; import org.opensaml.xml.security.SecurityHelper; import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver; @@ -65,7 +95,11 @@ import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; -import java.io.*; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.StringWriter; +import java.io.UnsupportedEncodingException; import java.net.URLEncoder; import java.util.HashMap; import java.util.List; @@ -98,6 +132,7 @@ public static void doBootstrap() { } } + @Override public void init(String tenantDomain, Map properties, IdentityProvider idp) throws SAMLSSOException { @@ -113,6 +148,7 @@ public void init(String tenantDomain, Map properties, IdentityPr * @param request SAML 2 request * @return redirectionUrl */ + @Override public String buildRequest(HttpServletRequest request, boolean isLogout, boolean isPassive, String loginPage, AuthenticationContext context) throws SAMLSSOException { @@ -127,12 +163,10 @@ public String buildRequest(HttpServletRequest request, boolean isLogout, boolean String[] params = queryParam.split("&"); for (String param : params) { String[] values = param.split("="); - if (values.length == 2) { - if (SSOConstants.HTTP_POST_PARAM_SAML2_AUTH_REQ.equals(values[0])) { + if (values.length == 2 && SSOConstants.HTTP_POST_PARAM_SAML2_AUTH_REQ.equals(values[0])) { request.setAttribute(SSOConstants.HTTP_POST_PARAM_SAML2_AUTH_REQ, values[1]); break; } - } } } } @@ -205,7 +239,7 @@ public String buildPostRequest(HttpServletRequest request, boolean isLogout, return SSOUtils.encode(SSOUtils.marshall(requestMessage)); } - + @Override public void processResponse(HttpServletRequest request) throws SAMLSSOException { doBootstrap(); @@ -295,7 +329,7 @@ private void processSSOResponse(HttpServletRequest request) throws SAMLSSOExcept if (SSOUtils.isAssertionEncryptionEnabled(properties)) { List encryptedAssertions = samlResponse.getEncryptedAssertions(); EncryptedAssertion encryptedAssertion = null; - if (encryptedAssertions != null && encryptedAssertions.size() > 0) { + if (CollectionUtils.isNotEmpty(encryptedAssertions)) { encryptedAssertion = encryptedAssertions.get(0); try { assertion = getDecryptedAssertion(encryptedAssertion); @@ -305,7 +339,7 @@ private void processSSOResponse(HttpServletRequest request) throws SAMLSSOExcept } } else { List assertions = samlResponse.getAssertions(); - if (assertions != null && assertions.size() > 0) { + if (CollectionUtils.isNotEmpty(assertions)) { assertion = assertions.get(0); } } @@ -416,7 +450,6 @@ private AuthnRequest buildAuthnRequest(HttpServletRequest request, NameIDPolicyBuilder nameIdPolicyBuilder = new NameIDPolicyBuilder(); NameIDPolicy nameIdPolicy = nameIdPolicyBuilder.buildObject(); nameIdPolicy.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"); - //nameIdPolicy.setSPNameQualifier("Issuer"); nameIdPolicy.setAllowCreate(true); /* AuthnContextClass */ @@ -531,12 +564,6 @@ private XMLObject unmarshall(String samlString) throws SAMLSSOException { } - private String decodeHTMLCharacters(String encodedStr) { - return encodedStr.replaceAll("&", "&").replaceAll("<", "<").replaceAll(">", ">") - .replaceAll(""", "\"").replaceAll("'", "'"); - - } - /* * Process the response and returns the results */ @@ -578,7 +605,7 @@ private void validateAudienceRestriction(Assertion assertion) throws SAMLSSOExce List audienceRestrictions = conditions.getAudienceRestrictions(); if (audienceRestrictions != null && !audienceRestrictions.isEmpty()) { for (AudienceRestriction audienceRestriction : audienceRestrictions) { - if (audienceRestriction.getAudiences() != null && audienceRestriction.getAudiences().size() > 0) { + if (CollectionUtils.isEmpty(audienceRestriction.getAudiences())) { boolean audienceFound = false; for (Audience audience : audienceRestriction.getAudiences()) { if (properties.get(IdentityApplicationConstants.Authenticator.SAML2SSO.SP_ENTITY_ID) @@ -680,4 +707,4 @@ private Assertion getDecryptedAssertion(EncryptedAssertion encryptedAssertion) t return decrypter.decrypt(encryptedAssertion); } -} +} \ No newline at end of file diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/manager/SAML2SSOManager.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/manager/SAML2SSOManager.java index 579ce96313..0adf1735a4 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/manager/SAML2SSOManager.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/manager/SAML2SSOManager.java @@ -1,12 +1,12 @@ /* - * Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/manager/X509CredentialImpl.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/manager/X509CredentialImpl.java index fde48e042f..632b84e65f 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/manager/X509CredentialImpl.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/manager/X509CredentialImpl.java @@ -1,12 +1,12 @@ /* - * Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an @@ -18,8 +18,7 @@ package org.wso2.carbon.identity.application.authenticator.samlsso.manager; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; +import org.apache.commons.collections.CollectionUtils; import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.credential.CredentialContextSet; import org.opensaml.xml.security.credential.UsageType; @@ -38,13 +37,13 @@ import java.security.cert.X509CRL; import java.security.cert.X509Certificate; import java.util.Collection; +import java.util.Collections; /** * X509Credential implementation for signing and verification. */ public class X509CredentialImpl implements X509Credential { - private static Log log = LogFactory.getLog(X509CredentialImpl.class); private PublicKey publicKey = null; private PrivateKey privateKey = null; @@ -90,7 +89,7 @@ public X509CredentialImpl(String tenantDomain, String idpCert) throws SAMLSSOExc } KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId); - PrivateKey privateKey; + PrivateKey key; try { /** @@ -101,12 +100,12 @@ public X509CredentialImpl(String tenantDomain, String idpCert) throws SAMLSSOExc String ksName = tenantDomain.trim().replace(".", "-"); // derive JKS name String jksName = ksName + ".jks"; - privateKey = + key = (PrivateKey) keyStoreManager.getPrivateKey(jksName, tenantDomain); cert = (X509Certificate) keyStoreManager.getKeyStore(jksName) .getCertificate(tenantDomain); } else { - privateKey = keyStoreManager.getDefaultPrivateKey(); + key = keyStoreManager.getDefaultPrivateKey(); cert = keyStoreManager.getDefaultPrimaryCertificate(); } @@ -116,12 +115,12 @@ public X509CredentialImpl(String tenantDomain, String idpCert) throws SAMLSSOExc tenantDomain, e); } - if (privateKey == null) { + if (key == null) { throw new SAMLSSOException( "Cannot find the private key for tenant " + tenantDomain); } - this.privateKey = privateKey; + this.privateKey = key; } if (cert == null) { @@ -135,55 +134,65 @@ public X509CredentialImpl(String tenantDomain, String idpCert) throws SAMLSSOExc /** * Retrieves the publicKey */ + @Override public PublicKey getPublicKey() { return publicKey; } + @Override public PrivateKey getPrivateKey() { return privateKey; } + @Override public X509Certificate getEntityCertificate() { return entityCertificate; } // ********** Not implemented ************************************************************** - + @Override public Collection getCRLs() { // TODO Auto-generated method stub - return null; + return CollectionUtils.EMPTY_COLLECTION; } + @Override public Collection getEntityCertificateChain() { // TODO Auto-generated method stub - return null; + return Collections.emptySet(); } + @Override public CredentialContextSet getCredentalContextSet() { // TODO Auto-generated method stub return null; } + @Override public Class getCredentialType() { // TODO Auto-generated method stub return null; } + @Override public String getEntityId() { // TODO Auto-generated method stub return null; } + @Override public Collection getKeyNames() { // TODO Auto-generated method stub - return null; + return Collections.emptySet(); } + @Override public SecretKey getSecretKey() { // TODO Auto-generated method stub return null; } + @Override public UsageType getUsageType() { // TODO Auto-generated method stub return null; diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/model/StateInfo.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/model/StateInfo.java index 1406d8abaa..9b39938259 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/model/StateInfo.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/model/StateInfo.java @@ -1,12 +1,12 @@ /* - * Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/util/CarbonEntityResolver.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/util/CarbonEntityResolver.java index f55eb4214f..f948178f40 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/util/CarbonEntityResolver.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/util/CarbonEntityResolver.java @@ -1,23 +1,21 @@ -package org.wso2.carbon.identity.application.authenticator.samlsso.util; - /* - * Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * * WSO2 Inc. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the + * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ - +package org.wso2.carbon.identity.application.authenticator.samlsso.util; import org.xml.sax.EntityResolver; import org.xml.sax.InputSource; import org.xml.sax.SAXException; diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/util/SSOConstants.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/util/SSOConstants.java index 4be420ca24..e8f7ac83b4 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/util/SSOConstants.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/util/SSOConstants.java @@ -1,12 +1,12 @@ /* - * Copyright (c) 2014 WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * * WSO2 Inc. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an @@ -28,13 +28,23 @@ public class SSOConstants { public static final String IDP_SESSION = "IdPSession"; public static final String HTTP_POST = "POST"; + public static final String POST = "POST"; + public static final String REDIRECT = "REDIRECT"; public class StatusCodes { + private StatusCodes() { + + } + public static final String IDENTITY_PROVIDER_ERROR = "urn:oasis:names:tc:SAML:2.0:status:Responder"; public static final String NO_PASSIVE = "urn:oasis:names:tc:SAML:2.0:status:NoPassive"; } public class ServerConfig { + private ServerConfig() { + + } + public static final String KEY_ALIAS = "Security.KeyStore.KeyAlias"; public static final String KEY_PASSWORD = "Security.KeyStore.KeyPassword"; public static final String SAML2_SSO_MANAGER = "SAML2SSOManager"; diff --git a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/util/SSOUtils.java b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/util/SSOUtils.java index a187287d20..1a8281daac 100644 --- a/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/util/SSOUtils.java +++ b/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/util/SSOUtils.java @@ -1,12 +1,12 @@ /* - * Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an @@ -15,7 +15,6 @@ * specific language governing permissions and limitations * under the License. */ - package org.wso2.carbon.identity.application.authenticator.samlsso.util; import org.apache.commons.logging.Log; @@ -48,13 +47,21 @@ import java.io.ByteArrayOutputStream; import java.io.IOException; import java.net.URLEncoder; +import java.nio.charset.Charset; import java.security.cert.CertificateEncodingException; -import java.util.*; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Random; import java.util.zip.DataFormatException; import java.util.zip.Inflater; import java.util.zip.InflaterInputStream; public class SSOUtils { + private SSOUtils() { + + } private static Log log = LogFactory.getLog(SSOUtils.class); @@ -281,7 +288,7 @@ public static String decode(String encodedStr) throws SAMLSSOException { count = iis.read(buf); } iis.close(); - String decodedStr = new String(baos.toByteArray()); + String decodedStr = new String(baos.toByteArray(), Charset.forName("UTF-8")); if (log.isDebugEnabled()) { log.debug("Request message " + decodedStr); } diff --git a/components/application-authenticators/pom.xml b/components/application-authenticators/pom.xml index 5683f75137..41b83d0240 100644 --- a/components/application-authenticators/pom.xml +++ b/components/application-authenticators/pom.xml @@ -19,7 +19,7 @@ org.wso2.carbon.identity carbon-identity - 4.4.2-SNAPSHOT + 4.5.6-SNAPSHOT ../../pom.xml diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/pom.xml b/components/application-mgt/org.wso2.carbon.identity.application.common/pom.xml index 5251c85253..3774718d36 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/pom.xml +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/pom.xml @@ -18,7 +18,7 @@ org.wso2.carbon.identity application-mgt - 4.4.2-SNAPSHOT + 4.5.6-SNAPSHOT ../pom.xml @@ -71,9 +71,12 @@ javax.sql, javax.xml.namespace, javax.xml.stream, + org.apache.axiom.*; version="${axiom.osgi.version.range}", org.apache.commons.logging; version="${commons-logging.osgi.version.range}", org.apache.commons.lang; version="${commons-lang.wso2.osgi.version.range}", + org.apache.commons.collections; version="${commons-collections.wso2.osgi.version.range}", + org.wso2.carbon.utils.*; version="${carbon.kernel.package.import.version.range}", org.wso2.carbon.user.core.util; version="${carbon.kernel.package.import.version.range}", org.wso2.carbon.context; version="${carbon.kernel.package.import.version.range}", diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/ApplicationAuthenticatorService.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/ApplicationAuthenticatorService.java index 9a2f4bfe92..f68fc0714f 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/ApplicationAuthenticatorService.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/ApplicationAuthenticatorService.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common; diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/IdentityApplicationManagementException.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/IdentityApplicationManagementException.java index 39c66293bc..ed8f79d90a 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/IdentityApplicationManagementException.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/IdentityApplicationManagementException.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common; diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/ProvisioningConnectorService.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/ProvisioningConnectorService.java index 8a8aa36760..89a77c5090 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/ProvisioningConnectorService.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/ProvisioningConnectorService.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common; diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/cache/BaseCache.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/cache/BaseCache.java index 1ea1e9a17b..06ded8a062 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/cache/BaseCache.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/cache/BaseCache.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.cache; @@ -22,7 +22,11 @@ import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.utils.multitenancy.MultitenantConstants; -import javax.cache.*; +import javax.cache.Cache; +import javax.cache.CacheBuilder; +import javax.cache.CacheConfiguration; +import javax.cache.CacheManager; +import javax.cache.Caching; import java.io.Serializable; import java.util.concurrent.TimeUnit; @@ -80,26 +84,25 @@ private Cache getBaseCacheWithStringKey() { CacheManager cacheManager = Caching.getCacheManagerFactory() .getCacheManager(APP_AUTH_FRAMEWORK_CACHE_MANAGER); - if (cacheTimeout > 0) { - if (stringCacheBuilder == null) { - synchronized (cacheName.intern()) { - if (stringCacheBuilder == null) { - cacheManager.removeCache(cacheName); - stringCacheBuilder = cacheManager.createCacheBuilder(cacheName). - setExpiry(CacheConfiguration.ExpiryType.ACCESSED, - new CacheConfiguration - .Duration(TimeUnit.SECONDS, cacheTimeout)). - setStoreByValue(false); - cache = stringCacheBuilder.build(); - if (capacity != 0) { - ((CacheImpl) cache).setCapacity(capacity); - } - } else { - cache = cacheManager.getCache(cacheName); + if (cacheTimeout > 0 && stringCacheBuilder == null) { + synchronized (cacheName.intern()) { + if (stringCacheBuilder == null) { + cacheManager.removeCache(cacheName); + stringCacheBuilder = cacheManager.createCacheBuilder(cacheName). + setExpiry(CacheConfiguration.ExpiryType.ACCESSED, + new CacheConfiguration + .Duration(TimeUnit.SECONDS, cacheTimeout)). + setExpiry(CacheConfiguration.ExpiryType.MODIFIED, + new CacheConfiguration + .Duration(TimeUnit.SECONDS, cacheTimeout)). + setStoreByValue(false); + cache = stringCacheBuilder.build(); + if (capacity != 0) { + ((CacheImpl) cache).setCapacity(capacity); } + } else { + cache = cacheManager.getCache(cacheName); } - } else { - cache = cacheManager.getCache(cacheName); } } else { cache = cacheManager.getCache(cacheName); @@ -126,27 +129,27 @@ private Cache getBaseCache() { CacheManager cacheManager = Caching.getCacheManagerFactory() .getCacheManager(APP_AUTH_FRAMEWORK_CACHE_MANAGER); - if (cacheTimeout > 0) { - if (cacheBuilder == null) { - synchronized (cacheName.intern()) { - if (cacheBuilder == null) { - cacheManager.removeCache(cacheName); - cacheBuilder = cacheManager.createCacheBuilder(cacheName). - setExpiry(CacheConfiguration.ExpiryType.ACCESSED, - new CacheConfiguration - .Duration(TimeUnit.SECONDS, cacheTimeout)). - setStoreByValue(false); - cache = cacheBuilder.build(); - if (capacity != 0) { - ((CacheImpl) cache).setCapacity(capacity); - } - } else { - cache = cacheManager.getCache(cacheName); + if (cacheTimeout > 0 && cacheBuilder == null) { + synchronized (cacheName.intern()) { + if (cacheBuilder == null) { + cacheManager.removeCache(cacheName); + cacheBuilder = cacheManager.createCacheBuilder(cacheName). + setExpiry(CacheConfiguration.ExpiryType.ACCESSED, + new CacheConfiguration + .Duration(TimeUnit.SECONDS, cacheTimeout)). + setExpiry(CacheConfiguration.ExpiryType.MODIFIED, + new CacheConfiguration + .Duration(TimeUnit.SECONDS, cacheTimeout)). + setStoreByValue(false); + cache = cacheBuilder.build(); + if (capacity != 0) { + ((CacheImpl) cache).setCapacity(capacity); } + } else { + cache = cacheManager.getCache(cacheName); } - } else { - cache = cacheManager.getCache(cacheName); } + } else { cache = cacheManager.getCache(cacheName); @@ -172,7 +175,6 @@ public void addToCache(K key, V entry) { carbonContext.setTenantId(MultitenantConstants.SUPER_TENANT_ID); carbonContext.setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); // Element already in the cache. Remove it first - //clearCacheEntry(key); Cache cache = getBaseCache(); if (cache != null) { cache.put(key, entry); @@ -190,7 +192,6 @@ public void addToCache(String key, V entry) { carbonContext.setTenantId(MultitenantConstants.SUPER_TENANT_ID); carbonContext.setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); // Element already in the cache. Remove it first - //clearCacheEntry(key); Cache cache = getBaseCacheWithStringKey(); if (cache != null) { cache.put(key, entry); diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/cache/CacheEntry.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/cache/CacheEntry.java index 300c10a54f..536253a4a6 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/cache/CacheEntry.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/cache/CacheEntry.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.cache; @@ -26,5 +26,8 @@ */ public abstract class CacheEntry implements Serializable { + protected CacheEntry() { + } + private static final long serialVersionUID = 1565107988768069823L; } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/cache/CacheKey.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/cache/CacheKey.java index 66d05422e1..95c9fcdfca 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/cache/CacheKey.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/cache/CacheKey.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.cache; @@ -34,16 +34,16 @@ public abstract class CacheKey implements Serializable { @Override public boolean equals(Object o) { - if (this == o) + if (this == o) { return true; - if (o == null || getClass() != o.getClass()) + } + if (o == null || getClass() != o.getClass()) { return false; - + } CacheKey key = (CacheKey) o; - if (tenantDomain != null) { - if (!tenantDomain.equals(key.tenantDomain)) - return false; + if (tenantDomain != null && !tenantDomain.equals(key.tenantDomain)) { + return false; } return true; diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/config/IdentityApplicationConfig.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/config/IdentityApplicationConfig.java index 41789525f2..93ba2647f9 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/config/IdentityApplicationConfig.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/config/IdentityApplicationConfig.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.config; @@ -29,12 +29,21 @@ import org.wso2.carbon.utils.ServerConstants; import javax.xml.stream.XMLStreamException; -import java.io.*; -import java.util.*; +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.io.InputStream; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Stack; public class IdentityApplicationConfig { - private static Log log = LogFactory.getLog(IdentityApplicationConfig.class); + private static final Log log = LogFactory.getLog(IdentityApplicationConfig.class); private static String configFilePath; private static OMElement rootElement; @@ -134,13 +143,13 @@ private void readChildElements(OMElement serverConfig, Stack nameStack) if (currentObject == null) { configuration.put(key, value); } else if (currentObject instanceof ArrayList) { - ArrayList list = (ArrayList) currentObject; + List list = (ArrayList)currentObject; if (!list.contains(value)) { list.add(value); } } else { if (!value.equals(currentObject)) { - ArrayList arrayList = new ArrayList(2); + List arrayList = new ArrayList(2); arrayList.add(currentObject); arrayList.add(value); configuration.put(key, arrayList); @@ -154,7 +163,7 @@ private void readChildElements(OMElement serverConfig, Stack nameStack) private String getKey(Stack nameStack) { - StringBuffer key = new StringBuffer(); + StringBuilder key = new StringBuilder(); for (int i = 0; i < nameStack.size(); i++) { String name = nameStack.elementAt(i); key.append(name).append("."); @@ -173,6 +182,7 @@ private String replaceSystemProperty(String text) { int indexOfStartingChars = -1; int indexOfClosingBrace; + String tmpText = null; // The following condition deals with properties. // Properties are specified as ${system.property}, // and are assumed to be System properties @@ -182,15 +192,16 @@ private String replaceSystemProperty(String text) { String sysProp = text.substring(indexOfStartingChars + 2, indexOfClosingBrace); String propValue = System.getProperty(sysProp); if (propValue != null) { - text = text.substring(0, indexOfStartingChars) + propValue + tmpText = text.substring(0, indexOfStartingChars) + propValue + text.substring(indexOfClosingBrace + 1); } - if (sysProp.equals(ServerConstants.CARBON_HOME)) { - if (System.getProperty(ServerConstants.CARBON_HOME).equals(".")) { - text = new File(".").getAbsolutePath() + File.separator + text; - } + + if ((ServerConstants.CARBON_HOME).equals(sysProp) && + (".").equals(System.getProperty(ServerConstants.CARBON_HOME))) { + tmpText = new File(".").getAbsolutePath() + File.separator + text; + } } - return text; + return tmpText; } } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/ApplicationBasicInfo.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/ApplicationBasicInfo.java index 482d772008..f12d3ba4ca 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/ApplicationBasicInfo.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/ApplicationBasicInfo.java @@ -1,21 +1,20 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ - package org.wso2.carbon.identity.application.common.model; import java.io.Serializable; diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/ApplicationPermission.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/ApplicationPermission.java index 391ed5e2ba..26d1ced587 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/ApplicationPermission.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/ApplicationPermission.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.model; @@ -44,7 +44,7 @@ public static ApplicationPermission build(OMElement applicationPermissionOM) { OMElement element = (OMElement) (iter.next()); String elementName = element.getLocalName(); - if (elementName.equals("value")) { + if ("value".equals(elementName)) { applicationPermission.setValue(element.getText()); } } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/AuthenticationStep.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/AuthenticationStep.java index 83bff23169..2d674d9715 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/AuthenticationStep.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/AuthenticationStep.java @@ -1,27 +1,33 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.model; import org.apache.axiom.om.OMElement; +import org.apache.commons.collections.CollectionUtils; import java.io.Serializable; -import java.util.*; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.Set; public class AuthenticationStep implements Serializable { @@ -46,22 +52,24 @@ public static AuthenticationStep build(OMElement authenticationStepOM) { AuthenticationStep authenticationStep = new AuthenticationStep(); Iterator iter = authenticationStepOM.getChildElements(); + + while (iter.hasNext()) { OMElement member = (OMElement) iter.next(); - if (member.getLocalName().equals("StepOrder")) { + if ("StepOrder".equals(member.getLocalName())) { authenticationStep.setStepOrder(Integer.parseInt(member.getText())); - } else if (member.getLocalName().equals("SubjectStep")) { + } else if ("SubjectStep".equals(member.getLocalName())) { if (member.getText() != null && member.getText().trim().length() > 0) { authenticationStep.setSubjectStep(Boolean.parseBoolean(member.getText())); } - } else if (member.getLocalName().equals("AttributeStep")) { + } else if ("AttributeStep".equals(member.getLocalName())) { if (member.getText() != null && member.getText().trim().length() > 0) { authenticationStep.setAttributeStep(Boolean.parseBoolean(member.getText())); } - } else if (member.getLocalName().equals("FederatedIdentityProviders")) { + } else if ("FederatedIdentityProviders".equals(member.getLocalName())) { Iterator federatedIdentityProvidersIter = member.getChildElements(); - ArrayList federatedIdentityProvidersArrList = new ArrayList(); + List federatedIdentityProvidersArrList = new ArrayList(); if (federatedIdentityProvidersIter != null) { while (federatedIdentityProvidersIter.hasNext()) { @@ -75,17 +83,16 @@ public static AuthenticationStep build(OMElement authenticationStepOM) { } } - if (federatedIdentityProvidersArrList.size() > 0) { + if (CollectionUtils.isNotEmpty(federatedIdentityProvidersArrList)) { IdentityProvider[] federatedAuthenticatorConfigsArr = federatedIdentityProvidersArrList .toArray(new IdentityProvider[0]); authenticationStep .setFederatedIdentityProviders(federatedAuthenticatorConfigsArr); } - - } else if (member.getLocalName().equals("LocalAuthenticatorConfigs")) { + } else if ("LocalAuthenticatorConfigs".equals(member.getLocalName())) { Iterator localAuthenticatorConfigsIter = member.getChildElements(); - ArrayList localAuthenticatorConfigsArrList = new ArrayList(); + List localAuthenticatorConfigsArrList = new ArrayList(); if (localAuthenticatorConfigsIter != null) { while (localAuthenticatorConfigsIter.hasNext()) { @@ -99,7 +106,7 @@ public static AuthenticationStep build(OMElement authenticationStepOM) { } } - if (localAuthenticatorConfigsArrList.size() > 0) { + if (CollectionUtils.isNotEmpty(localAuthenticatorConfigsArrList)) { LocalAuthenticatorConfig[] localAuthenticatorConfigsArr = localAuthenticatorConfigsArrList .toArray(new LocalAuthenticatorConfig[0]); authenticationStep.setLocalAuthenticatorConfigs(localAuthenticatorConfigsArr); @@ -156,7 +163,7 @@ public void setFederatedIdentityProviders(IdentityProvider[] federatedIdentityPr if (federatedIdentityProviders == null) { return; } - Set propertySet = new HashSet(Arrays.asList(federatedIdentityProviders)); + Set propertySet = new HashSet<>(Arrays.asList(federatedIdentityProviders)); this.federatedIdentityProviders = propertySet.toArray(new IdentityProvider[propertySet.size()]); } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/CertData.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/CertData.java index e13c3ccbe2..98a058ca34 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/CertData.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/CertData.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.model; diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/Claim.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/Claim.java index 4260b24b8f..f93d4a629d 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/Claim.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/Claim.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.model; @@ -50,7 +50,7 @@ public static Claim build(OMElement claimOM) { OMElement element = (OMElement) (iter.next()); String elementName = element.getLocalName(); - if (elementName.equals("ClaimUri")) { + if ("ClaimUri".equals(elementName)) { claim.setClaimUri(element.getText()); } @@ -89,14 +89,21 @@ public void setClaimId(int claimId) { @Override public boolean equals(Object o) { - if (this == o) return true; - if (o == null || getClass() != o.getClass()) return false; + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } Claim claim = (Claim) o; - if (claimId != claim.claimId) return false; - if (claimUri != null ? !claimUri.equals(claim.claimUri) : claim.claimUri != null) return false; - + if (claimId != claim.claimId) { + return false; + } + if (claimUri != null ? !claimUri.equals(claim.claimUri) : claim.claimUri != null) { + return false; + } return true; } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/ClaimConfig.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/ClaimConfig.java index b34c2b2162..2b6c189de0 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/ClaimConfig.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/ClaimConfig.java @@ -1,28 +1,29 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ - package org.wso2.carbon.identity.application.common.model; import org.apache.axiom.om.OMElement; +import org.apache.commons.collections.CollectionUtils; import java.io.Serializable; import java.util.ArrayList; import java.util.Iterator; +import java.util.List; public class ClaimConfig implements Serializable { @@ -53,40 +54,39 @@ public static ClaimConfig build(OMElement claimConfigOM) { OMElement element = (OMElement) (iter.next()); String elementName = element.getLocalName(); - if (elementName.equals("RoleClaimURI")) { + if ("RoleClaimURI".equals(elementName)) { claimConfig.setRoleClaimURI(element.getText()); - } else if (elementName.equals("LocalClaimDialect")) { + } else if ("LocalClaimDialect".equals(elementName)) { if (element.getText() != null) { claimConfig.setLocalClaimDialect(Boolean.parseBoolean(element.getText())); } - } else if (elementName.equals("UserClaimURI")) { + } else if ("UserClaimURI".equals(elementName)) { claimConfig.setUserClaimURI(element.getText()); - } else if (elementName.equals("AlwaysSendMappedLocalSubjectId")) { - if (element.getText() != null && "true".equals(element.getText())) { + } else if ("AlwaysSendMappedLocalSubjectId".equals(elementName)) { + if ("true".equals(element.getText())) { claimConfig.setAlwaysSendMappedLocalSubjectId(true); } - } else if (elementName.equals("IdpClaims")) { + } else if ("IdpClaims".equals(elementName)) { Iterator idpClaimsIter = element.getChildElements(); - ArrayList idpClaimsArrList = new ArrayList(); + List idpClaimsArrList = new ArrayList(); if (idpClaimsIter != null) { while (idpClaimsIter.hasNext()) { OMElement idpClaimsElement = (OMElement) (idpClaimsIter.next()); Claim claim = Claim.build(idpClaimsElement); if (claim != null) { - idpClaimsArrList.add(claim); } } } - if (idpClaimsArrList.size() > 0) { + if (CollectionUtils.isNotEmpty(idpClaimsArrList)) { Claim[] idpClaimsArr = idpClaimsArrList.toArray(new Claim[0]); claimConfig.setIdpClaims(idpClaimsArr); } - } else if (elementName.equals("ClaimMappings")) { + } else if ("ClaimMappings".equals(elementName)) { Iterator claimMappingsIter = element.getChildElements(); - ArrayList claimMappingsArrList = new ArrayList(); + List claimMappingsArrList = new ArrayList(); if (claimMappingsIter != null) { while (claimMappingsIter.hasNext()) { @@ -98,7 +98,7 @@ public static ClaimConfig build(OMElement claimConfigOM) { } } - if (claimMappingsArrList.size() > 0) { + if (CollectionUtils.isNotEmpty(claimMappingsArrList)) { ClaimMapping[] claimMappingsArr = claimMappingsArrList .toArray(new ClaimMapping[0]); claimConfig.setClaimMappings(claimMappingsArr); diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/ClaimMapping.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/ClaimMapping.java index 6348089a65..6cc7b2a1ef 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/ClaimMapping.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/ClaimMapping.java @@ -1,19 +1,20 @@ + /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.model; @@ -72,25 +73,25 @@ public static ClaimMapping build(OMElement claimMappingOM) { OMElement element = (OMElement) (iter.next()); String elementName = element.getLocalName(); - if (elementName.equals("LocalClaim")) { + if ("LocalClaim".equals(elementName)) { Claim claim = Claim.build(element); if (claim != null) { claimMapping.setLocalClaim(claim); } } - if (elementName.equals("RemoteClaim")) { + if ("RemoteClaim".equals(elementName)) { Claim claim = Claim.build(element); if (claim != null) { claimMapping.setRemoteClaim(Claim.build(element)); } } - if (elementName.equals("DefaultValue")) { + if ("DefaultValue".equals(elementName)) { claimMapping.setDefaultValue(element.getText()); } - if (elementName.equals("RequestClaim")) { + if ("RequestClaim".equals(elementName)) { claimMapping.setRequested(Boolean.parseBoolean(element.getText())); } @@ -129,10 +130,12 @@ public void setRemoteClaim(Claim remoteClaim) { @Override public boolean equals(Object o) { - if (this == o) + if (this == o){ return true; - if (o == null || getClass() != o.getClass()) + } + if (o == null || getClass() != o.getClass()) { return false; + } ClaimMapping that = (ClaimMapping) o; diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/FacebookFederatedAuthenticatorConfig.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/FacebookFederatedAuthenticatorConfig.java index 019ff7d11f..bd0a98e0c5 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/FacebookFederatedAuthenticatorConfig.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/FacebookFederatedAuthenticatorConfig.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.model; diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/FederatedAuthenticatorConfig.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/FederatedAuthenticatorConfig.java index 439f6c8fa6..0bd293850c 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/FederatedAuthenticatorConfig.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/FederatedAuthenticatorConfig.java @@ -1,27 +1,33 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.model; import org.apache.axiom.om.OMElement; +import org.apache.commons.collections.CollectionUtils; import java.io.Serializable; -import java.util.*; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.Set; public class FederatedAuthenticatorConfig implements Serializable { @@ -49,15 +55,15 @@ public static FederatedAuthenticatorConfig build(OMElement federatedAuthenticato OMElement element = (OMElement) (iter.next()); String elementName = element.getLocalName(); - if (elementName.equals("Name")) { + if ("Name".equals(elementName)) { federatedAuthenticatorConfig.setName(element.getText()); - } else if (elementName.equals("DisplayName")) { + } else if ("DisplayName".equals(elementName)) { federatedAuthenticatorConfig.setDisplayName(element.getText()); - } else if (elementName.equals("IsEnabled")) { + } else if ("IsEnabled".equals(elementName)) { federatedAuthenticatorConfig.setEnabled(Boolean.parseBoolean(element.getText())); - } else if (elementName.equals("Properties")) { + } else if ("Properties".equals(elementName)) { Iterator propertiesIter = element.getChildElements(); - ArrayList propertiesArrList = new ArrayList(); + List propertiesArrList = new ArrayList(); if (propertiesIter != null) { while (propertiesIter.hasNext()) { @@ -66,7 +72,7 @@ public static FederatedAuthenticatorConfig build(OMElement federatedAuthenticato } } - if (propertiesArrList.size() > 0) { + if (CollectionUtils.isNotEmpty(propertiesArrList)) { Property[] propertiesArr = propertiesArrList.toArray(new Property[0]); federatedAuthenticatorConfig.setProperties(propertiesArr); } @@ -150,12 +156,18 @@ public void setDisplayName(String displayName) { @Override public boolean equals(Object o) { - if (this == o) return true; - if (!(o instanceof FederatedAuthenticatorConfig)) return false; + if (this == o) { + return true; + } + if (!(o instanceof FederatedAuthenticatorConfig)) { + return false; + } FederatedAuthenticatorConfig that = (FederatedAuthenticatorConfig) o; - if (name != null ? !name.equals(that.name) : that.name != null) return false; + if (name != null ? !name.equals(that.name) : that.name != null) { + return false; + } return true; } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/GoogleAppsProvisioningConnectorConfig.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/GoogleAppsProvisioningConnectorConfig.java index 1f276205be..64737dd74b 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/GoogleAppsProvisioningConnectorConfig.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/GoogleAppsProvisioningConnectorConfig.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.model; diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/IdentityProvider.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/IdentityProvider.java index 432325cd78..997e9052bf 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/IdentityProvider.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/IdentityProvider.java @@ -1,29 +1,35 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.model; import org.apache.axiom.om.OMElement; +import org.apache.commons.collections.CollectionUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import java.io.Serializable; -import java.util.*; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.Set; public class IdentityProvider implements Serializable { @@ -32,7 +38,7 @@ public class IdentityProvider implements Serializable { */ private static final long serialVersionUID = 3348487050533568857L; - private static Log log = LogFactory.getLog(IdentityProvider.class); + private static final Log log = LogFactory.getLog(IdentityProvider.class); private String identityProviderName; private String identityProviderDescription; @@ -65,30 +71,31 @@ public static IdentityProvider build(OMElement identityProviderOM) { if (element.getText() != null) { identityProvider.setIdentityProviderName(element.getText()); } else { - log.error("Identity provider not loaded from the file system. Identity provider name must be not null."); + log.error("Identity provider not loaded from the file system. Identity provider name must be " + + "not null."); return null; } - } else if (elementName.equals("IdentityProviderDescription")) { + } else if ("IdentityProviderDescription".equals(elementName)) { identityProvider.setIdentityProviderDescription(element.getText()); - } else if (elementName.equals("Alias")) { + } else if ("Alias".equals(elementName)) { identityProvider.setAlias(element.getText()); - } else if (elementName.equals("IsPrimary")) { + } else if ("IsPrimary".equals(elementName)) { if (element.getText() != null && element.getText().trim().length() > 0) { identityProvider.setPrimary(Boolean.parseBoolean(element.getText())); } - } else if (elementName.equals("IsEnabled")) { + } else if ("IsEnabled".equals(elementName)) { if (element.getText() != null && element.getText().trim().length() > 0) { identityProvider.setEnable((Boolean.parseBoolean(element.getText()))); } - } else if (elementName.equals("IsFederationHub")) { + } else if ("IsFederationHub".equals(elementName)) { if (element.getText() != null && element.getText().trim().length() > 0) { identityProvider.setFederationHub(Boolean.parseBoolean(element.getText())); } - } else if (elementName.equals("HomeRealmId")) { + } else if ("HomeRealmId".equals(elementName)) { identityProvider.setHomeRealmId(element.getText()); - } else if (elementName.equals("ProvisioningRole")) { + } else if ("ProvisioningRole".equals(elementName)) { identityProvider.setProvisioningRole(element.getText()); - } else if (elementName.equals("FederatedAuthenticatorConfigs")) { + } else if ("FederatedAuthenticatorConfigs".equals(elementName)) { Iterator federatedAuthenticatorConfigsIter = element.getChildElements(); @@ -96,7 +103,7 @@ public static IdentityProvider build(OMElement identityProviderOM) { continue; } - ArrayList federatedAuthenticatorConfigsArrList; + List federatedAuthenticatorConfigsArrList; federatedAuthenticatorConfigsArrList = new ArrayList(); while (federatedAuthenticatorConfigsIter.hasNext()) { @@ -117,10 +124,10 @@ public static IdentityProvider build(OMElement identityProviderOM) { identityProvider .setFederatedAuthenticatorConfigs(federatedAuthenticatorConfigsArr); } - } else if (elementName.equals("DefaultAuthenticatorConfig")) { + } else if ("DefaultAuthenticatorConfig".equals(elementName)) { identityProvider.setDefaultAuthenticatorConfig(FederatedAuthenticatorConfig .build(element.getFirstElement())); - } else if (elementName.equals("ProvisioningConnectorConfigs")) { + } else if ("ProvisioningConnectorConfigs".equals(elementName)) { Iterator provisioningConnectorConfigsIter = element.getChildElements(); @@ -128,7 +135,7 @@ public static IdentityProvider build(OMElement identityProviderOM) { continue; } - ArrayList provisioningConnectorConfigsArrList; + List provisioningConnectorConfigsArrList; provisioningConnectorConfigsArrList = new ArrayList(); while (provisioningConnectorConfigsIter.hasNext()) { @@ -141,24 +148,24 @@ public static IdentityProvider build(OMElement identityProviderOM) { } } - if (provisioningConnectorConfigsArrList.size() > 0) { + if (CollectionUtils.isNotEmpty(provisioningConnectorConfigsArrList)) { ProvisioningConnectorConfig[] provisioningConnectorConfigsArr; provisioningConnectorConfigsArr = provisioningConnectorConfigsArrList .toArray(new ProvisioningConnectorConfig[0]); identityProvider .setProvisioningConnectorConfigs(provisioningConnectorConfigsArr); } - } else if (elementName.equals("DefaultProvisioningConnectorConfig")) { + } else if ("DefaultProvisioningConnectorConfig".equals(elementName)) { identityProvider.setDefaultProvisioningConnectorConfig(ProvisioningConnectorConfig .build(element)); - } else if (elementName.equals("ClaimConfig")) { + } else if ("ClaimConfig".equals(elementName)) { identityProvider.setClaimConfig(ClaimConfig.build(element)); - } else if (elementName.equals("Certificate")) { + } else if ("Certificate".equals(elementName)) { identityProvider.setCertificate(element.getText()); - } else if (elementName.equals("PermissionAndRoleConfig")) { + } else if ("PermissionAndRoleConfig".equals(elementName)) { identityProvider .setPermissionAndRoleConfig(PermissionsAndRoleConfig.build(element)); - } else if (elementName.equals("JustInTimeProvisioningConfig")) { + } else if ("JustInTimeProvisioningConfig".equals(elementName)) { identityProvider.setJustInTimeProvisioningConfig(JustInTimeProvisioningConfig .build(element)); } @@ -451,7 +458,8 @@ public boolean equals(Object o) { IdentityProvider that = (IdentityProvider) o; - if (identityProviderName != null ? !identityProviderName.equals(that.identityProviderName) : that.identityProviderName != null) + if (identityProviderName != null ? !identityProviderName.equals(that.identityProviderName) : + that.identityProviderName != null) return false; return true; diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/InboundAuthenticationConfig.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/InboundAuthenticationConfig.java index b42ca3d020..792e2390e0 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/InboundAuthenticationConfig.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/InboundAuthenticationConfig.java @@ -1,28 +1,30 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.model; import org.apache.axiom.om.OMElement; +import org.apache.commons.collections.CollectionUtils; import java.io.Serializable; import java.util.ArrayList; import java.util.Iterator; +import java.util.List; public class InboundAuthenticationConfig implements Serializable { @@ -31,7 +33,8 @@ public class InboundAuthenticationConfig implements Serializable { */ private static final long serialVersionUID = 8966626233502458748L; - private InboundAuthenticationRequestConfig[] inboundAuthenticationRequestConfigs = new InboundAuthenticationRequestConfig[0]; + private transient InboundAuthenticationRequestConfig[] inboundAuthenticationRequestConfigs = new + InboundAuthenticationRequestConfig[0]; /* * @@ -53,11 +56,11 @@ public static InboundAuthenticationConfig build(OMElement inboundAuthenticationC OMElement element = (OMElement) (iter.next()); String elementName = element.getLocalName(); - if (elementName.equals("InboundAuthenticationRequestConfigs")) { + if ("InboundAuthenticationRequestConfigs".equals(elementName)) { Iterator inboundAuthenticationRequestConfigsIter = element.getChildElements(); - ArrayList inboundAuthenticationRequestConfigsArrList; + List inboundAuthenticationRequestConfigsArrList; inboundAuthenticationRequestConfigsArrList = new ArrayList(); if (inboundAuthenticationRequestConfigsIter != null) { @@ -75,8 +78,9 @@ public static InboundAuthenticationConfig build(OMElement inboundAuthenticationC } } - if (inboundAuthenticationRequestConfigsArrList.size() > 0) { - InboundAuthenticationRequestConfig[] inboundAuthenticationRequestConfigsArr = inboundAuthenticationRequestConfigsArrList + if (CollectionUtils.isNotEmpty(inboundAuthenticationRequestConfigsArrList)) { + InboundAuthenticationRequestConfig[] inboundAuthenticationRequestConfigsArr + = inboundAuthenticationRequestConfigsArrList .toArray(new InboundAuthenticationRequestConfig[0]); inboundAuthenticationConfig .setInboundAuthenticationRequestConfigs(inboundAuthenticationRequestConfigsArr); diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/InboundAuthenticationRequestConfig.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/InboundAuthenticationRequestConfig.java index 44b6fca94d..76a0b7eef9 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/InboundAuthenticationRequestConfig.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/InboundAuthenticationRequestConfig.java @@ -1,27 +1,33 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.model; import org.apache.axiom.om.OMElement; +import org.apache.commons.collections.CollectionUtils; import java.io.Serializable; -import java.util.*; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.Set; public class InboundAuthenticationRequestConfig implements Serializable { @@ -54,13 +60,14 @@ public static InboundAuthenticationRequestConfig build( while (members.hasNext()) { OMElement member = (OMElement) members.next(); - if (member.getLocalName().equalsIgnoreCase("InboundAuthKey")) { + + if ("InboundAuthKey".equalsIgnoreCase(member.getLocalName())) { inboundAuthenticationRequestConfig.setInboundAuthKey(member.getText()); - } else if (member.getLocalName().equalsIgnoreCase("InboundAuthType")) { + } else if ("InboundAuthType".equalsIgnoreCase(member.getLocalName())) { inboundAuthenticationRequestConfig.setInboundAuthType(member.getText()); - } else if (member.getLocalName().equalsIgnoreCase("Properties")) { + } else if ("Properties".equalsIgnoreCase(member.getLocalName())) { Iterator propertiesIter = member.getChildElements(); - ArrayList propertiesArrList = new ArrayList(); + List propertiesArrList = new ArrayList(); if (propertiesIter != null) { while (propertiesIter.hasNext()) { @@ -71,8 +78,7 @@ public static InboundAuthenticationRequestConfig build( } } } - - if (propertiesArrList.size() > 0) { + if (CollectionUtils.isNotEmpty(propertiesArrList)) { Property[] propertiesArr = propertiesArrList.toArray(new Property[0]); inboundAuthenticationRequestConfig.setProperties(propertiesArr); } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/InboundProvisioningConfig.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/InboundProvisioningConfig.java index cdb39f0976..851088a54c 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/InboundProvisioningConfig.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/InboundProvisioningConfig.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.model; @@ -50,13 +50,11 @@ public static InboundProvisioningConfig build(OMElement inboundProvisioningConfi OMElement element = (OMElement) (iter.next()); String elementName = element.getLocalName(); - if (elementName.equals("ProvisioningUserStore")) { + if ("ProvisioningUserStore".equals(elementName)) { inboundProvisioningConfig.setProvisioningUserStore(element.getText()); - } else if (elementName.equals("IsProvisioningEnabled")) { - if (element.getText() != null) { - inboundProvisioningConfig.setProvisioningEnabled(Boolean.parseBoolean(element - .getText())); - } + } else if ("IsProvisioningEnabled".equals(elementName) && element.getText() != null) { + inboundProvisioningConfig.setProvisioningEnabled(Boolean.parseBoolean(element + .getText())); } } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/JustInTimeProvisioningConfig.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/JustInTimeProvisioningConfig.java index 38f3a47704..908ac5cdf4 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/JustInTimeProvisioningConfig.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/JustInTimeProvisioningConfig.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.model; @@ -50,11 +50,11 @@ public static JustInTimeProvisioningConfig build(OMElement justInTimeProvisionin OMElement element = (OMElement) (iter.next()); String elementName = element.getLocalName(); - if (elementName.equals("UserStoreClaimUri")) { + if ("UserStoreClaimUri".equals(elementName)) { justInTimeProvisioningConfig.setUserStoreClaimUri(element.getText()); - } else if (elementName.equals("ProvisioningUserStore")) { + } else if ("ProvisioningUserStore".equals(elementName)) { justInTimeProvisioningConfig.setProvisioningUserStore(element.getText()); - } else if (elementName.equals("IsProvisioningEnabled")) { + } else if ("IsProvisioningEnabled".equals(elementName)) { if (element.getText() != null && element.getText().trim().length() > 0) { justInTimeProvisioningConfig.setProvisioningEnabled(Boolean .parseBoolean(element.getText())); diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/LocalAndOutboundAuthenticationConfig.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/LocalAndOutboundAuthenticationConfig.java index 5e28364484..3ce07b006e 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/LocalAndOutboundAuthenticationConfig.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/LocalAndOutboundAuthenticationConfig.java @@ -1,34 +1,33 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.model; import org.apache.axiom.om.OMElement; +import org.apache.commons.collections.CollectionUtils; import java.io.Serializable; import java.util.ArrayList; import java.util.Iterator; +import java.util.List; public class LocalAndOutboundAuthenticationConfig implements Serializable { - /** - * - */ private static final long serialVersionUID = -932772940989929376L; private AuthenticationStep[] authenticationSteps = new AuthenticationStep[0]; @@ -48,7 +47,8 @@ public class LocalAndOutboundAuthenticationConfig implements Serializable { public static LocalAndOutboundAuthenticationConfig build( OMElement localAndOutboundAuthenticationConfigOM) { - LocalAndOutboundAuthenticationConfig localAndOutboundAuthenticationConfig = new LocalAndOutboundAuthenticationConfig(); + LocalAndOutboundAuthenticationConfig localAndOutboundAuthenticationConfig = new + LocalAndOutboundAuthenticationConfig(); if (localAndOutboundAuthenticationConfigOM == null) { return localAndOutboundAuthenticationConfig; @@ -59,10 +59,10 @@ public static LocalAndOutboundAuthenticationConfig build( while (iter.hasNext()) { OMElement member = (OMElement) iter.next(); - if (member.getLocalName().equals("AuthenticationSteps")) { + if ("AuthenticationSteps".equals(member.getLocalName())) { Iterator authenticationStepsIter = member.getChildElements(); - ArrayList authenticationStepsArrList = new ArrayList(); + List authenticationStepsArrList = new ArrayList(); if (authenticationStepsIter != null) { while (authenticationStepsIter.hasNext()) { @@ -76,31 +76,32 @@ public static LocalAndOutboundAuthenticationConfig build( } } - if (authenticationStepsArrList.size() > 0) { + if (CollectionUtils.isNotEmpty(authenticationStepsArrList)) { AuthenticationStep[] authenticationStepsArr = authenticationStepsArrList .toArray(new AuthenticationStep[0]); localAndOutboundAuthenticationConfig .setAuthenticationSteps(authenticationStepsArr); } - } else if (member.getLocalName().equals("AuthenticationType")) { + + } else if ("AuthenticationType".equals(member.getLocalName())) { localAndOutboundAuthenticationConfig.setAuthenticationType(member.getText()); - } else if (member.getLocalName().equals("AuthenticationStepForSubject")) { + } else if ("AuthenticationStepForSubject".equals(member.getLocalName())) { AuthenticationStep authStep = AuthenticationStep.build(member); if (authStep != null) { localAndOutboundAuthenticationConfig.setAuthenticationStepForSubject(authStep); } - } else if (member.getLocalName().equals("AuthenticationStepForAttributes")) { + } else if ("AuthenticationStepForAttributes".equals(member.getLocalName())) { AuthenticationStep authStep = AuthenticationStep.build(member); if (authStep != null) { localAndOutboundAuthenticationConfig .setAuthenticationStepForAttributes(authStep); } - } else if (member.getLocalName().equals("alwaysSendBackAuthenticatedListOfIdPs")) { + } else if ("alwaysSendBackAuthenticatedListOfIdPs".equals(member.getLocalName())) { if (member.getText() != null && "true".equals(member.getText())) { localAndOutboundAuthenticationConfig.setAlwaysSendBackAuthenticatedListOfIdPs(true); } - } else if (member.getLocalName().equals("subjectClaimUri")) { + } else if ("subjectClaimUri".equals(member.getLocalName())) { localAndOutboundAuthenticationConfig.setSubjectClaimUri(member.getText()); } } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/LocalAuthenticatorConfig.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/LocalAuthenticatorConfig.java index f9ce89482c..d9aaededf5 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/LocalAuthenticatorConfig.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/LocalAuthenticatorConfig.java @@ -1,27 +1,32 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.model; import org.apache.axiom.om.OMElement; +import org.apache.commons.collections.CollectionUtils; import java.io.Serializable; -import java.util.*; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashSet; +import java.util.Iterator; +import java.util.Set; public class LocalAuthenticatorConfig implements Serializable { @@ -52,15 +57,16 @@ public static LocalAuthenticatorConfig build(OMElement localAuthenticatorConfigO OMElement member = (OMElement) members.next(); - if (member.getLocalName().equals("Name")) { + + if ("Name".equals(member.getLocalName())) { localAuthenticatorConfig.setName(member.getText()); - } else if (member.getLocalName().equals("DisplayName")) { + } else if ("DisplayName".equals(member.getLocalName())) { localAuthenticatorConfig.setDisplayName(member.getText()); - } else if (member.getLocalName().equals("IsEnabled")) { + } else if ("IsEnabled".equals(member.getLocalName())) { if (member.getText() != null && member.getText().trim().length() > 0) { localAuthenticatorConfig.setEnabled(Boolean.parseBoolean(member.getText())); } - } else if (member.getLocalName().equals("Properties")) { + } else if ("Properties".equals(member.getLocalName())) { Iterator propertiesIter = member.getChildElements(); ArrayList propertiesArrList = new ArrayList(); @@ -75,7 +81,7 @@ public static LocalAuthenticatorConfig build(OMElement localAuthenticatorConfigO } } - if (propertiesArrList.size() > 0) { + if (CollectionUtils.isNotEmpty(propertiesArrList)) { Property[] propertiesArr = propertiesArrList.toArray(new Property[0]); localAuthenticatorConfig.setProperties(propertiesArr); } @@ -153,12 +159,16 @@ public void setDisplayName(String displayName) { @Override public boolean equals(Object o) { - if (this == o) return true; - if (!(o instanceof LocalAuthenticatorConfig)) return false; - + if (this == o) { + return true; + } + if (!(o instanceof LocalAuthenticatorConfig)) { + return false; + } LocalAuthenticatorConfig that = (LocalAuthenticatorConfig) o; - if (name != null ? !name.equals(that.name) : that.name != null) return false; + if (name != null ? !name.equals(that.name) : that.name != null) + return false; return true; } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/LocalRole.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/LocalRole.java index afab1ceacc..dc5583cf52 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/LocalRole.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/LocalRole.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.model; @@ -64,9 +64,9 @@ public static LocalRole build(OMElement localRoleOM) { OMElement element = (OMElement) (iter.next()); String elementName = element.getLocalName(); - if (elementName.equals("LocalRoleName")) { + if ("LocalRoleName".equals(elementName)) { localRole.setLocalRoleName(element.getText()); - } else if (elementName.equals("UserStoreId")) { + } else if ("UserStoreId".equals(elementName)) { localRole.setUserStoreId(element.getText()); } @@ -93,11 +93,12 @@ public void setUserStoreId(String userStoreId) { @Override public boolean equals(Object o) { - if (this == o) + if (this == o) { return true; - if (o == null || getClass() != o.getClass()) + } + if (o == null || getClass() != o.getClass()) { return false; - + } LocalRole localRole1 = (LocalRole) o; if (!localRoleName.equals(localRole1.localRoleName)) diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/OpenIDConnectFederatedAuthenticatorConfig.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/OpenIDConnectFederatedAuthenticatorConfig.java index 33d87c3ecc..d0a338fdbf 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/OpenIDConnectFederatedAuthenticatorConfig.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/OpenIDConnectFederatedAuthenticatorConfig.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.model; diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/OpenIDFederatedAuthenticatorConfig.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/OpenIDFederatedAuthenticatorConfig.java index c9ebfd3f1a..9acc93dcaa 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/OpenIDFederatedAuthenticatorConfig.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/OpenIDFederatedAuthenticatorConfig.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.model; diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/OutboundProvisioningConfig.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/OutboundProvisioningConfig.java index 8bc574ca73..40be2cbcd7 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/OutboundProvisioningConfig.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/OutboundProvisioningConfig.java @@ -1,27 +1,33 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.model; import org.apache.axiom.om.OMElement; +import org.apache.commons.collections.CollectionUtils; import java.io.Serializable; -import java.util.*; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.Set; public class OutboundProvisioningConfig implements Serializable { @@ -46,10 +52,10 @@ public static OutboundProvisioningConfig build(OMElement outboundProvisioningCon OMElement element = (OMElement) (iter.next()); String elementName = element.getLocalName(); - if (elementName.equals("ProvisioningIdentityProviders")) { + if ("ProvisioningIdentityProviders".equals(elementName)) { Iterator provisioningIdentityProvidersIter = element.getChildElements(); - ArrayList provisioningIdentityProvidersArrList = new ArrayList(); + List provisioningIdentityProvidersArrList = new ArrayList(); if (provisioningIdentityProvidersIter != null) { while (provisioningIdentityProvidersIter.hasNext()) { @@ -63,16 +69,16 @@ public static OutboundProvisioningConfig build(OMElement outboundProvisioningCon } } - if (provisioningIdentityProvidersArrList != null) { + if (CollectionUtils.isNotEmpty(provisioningIdentityProvidersArrList)) { IdentityProvider[] provisioningIdentityProvidersArr = provisioningIdentityProvidersArrList .toArray(new IdentityProvider[0]); outboundProvisioningConfig .setProvisioningIdentityProviders(provisioningIdentityProvidersArr); } - } else if (elementName.equals("ProvisionByRoleList")) { + } else if ("ProvisionByRoleList".equals(elementName)) { Iterator provisionByRoleListIter = element.getChildElements(); - ArrayList provisionByRoleListArrList = new ArrayList(); + List provisionByRoleListArrList = new ArrayList(); if (provisionByRoleListIter != null) { while (provisionByRoleListIter.hasNext()) { @@ -84,7 +90,7 @@ public static OutboundProvisioningConfig build(OMElement outboundProvisioningCon } } - if (provisionByRoleListArrList.size() > 0) { + if (CollectionUtils.isNotEmpty(provisionByRoleListArrList)) { String[] provisionByRoleListArr = provisionByRoleListArrList .toArray(new String[0]); outboundProvisioningConfig.setProvisionByRoleList(provisionByRoleListArr); diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/PassiveSTSFederatedAuthenticatorConfig.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/PassiveSTSFederatedAuthenticatorConfig.java index 62fd5b73ac..d01e1d45bd 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/PassiveSTSFederatedAuthenticatorConfig.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/PassiveSTSFederatedAuthenticatorConfig.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.model; diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/PermissionsAndRoleConfig.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/PermissionsAndRoleConfig.java index 2fa8dee85c..81a461a88b 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/PermissionsAndRoleConfig.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/PermissionsAndRoleConfig.java @@ -1,28 +1,30 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.model; import org.apache.axiom.om.OMElement; +import org.apache.commons.collections.CollectionUtils; import java.io.Serializable; import java.util.ArrayList; import java.util.Iterator; +import java.util.List; public class PermissionsAndRoleConfig implements Serializable { @@ -53,9 +55,9 @@ public static PermissionsAndRoleConfig build(OMElement permissionsAndRoleConfigO OMElement element = (OMElement) (iter.next()); String elementName = element.getLocalName(); - if (elementName.equals("Permissions")) { + if ("Permissions".equals(elementName)) { Iterator permissionsIter = element.getChildElements(); - ArrayList permissionsArrList = new ArrayList(); + List permissionsArrList = new ArrayList(); if (permissionsIter != null) { while (permissionsIter.hasNext()) { @@ -68,14 +70,14 @@ public static PermissionsAndRoleConfig build(OMElement permissionsAndRoleConfigO } } - if (permissionsArrList.size() > 0) { + if (CollectionUtils.isNotEmpty(permissionsArrList)) { ApplicationPermission[] permissionsArr = permissionsArrList .toArray(new ApplicationPermission[0]); permissionsAndRoleConfig.setPermissions(permissionsArr); } } - if (elementName.equals("RoleMappings")) { + if ("RoleMappings".equals(elementName)) { Iterator roleMappingsIter = element.getChildElements(); ArrayList roleMappingsArrList = new ArrayList(); @@ -89,16 +91,16 @@ public static PermissionsAndRoleConfig build(OMElement permissionsAndRoleConfigO } } - if (roleMappingsArrList.size() > 0) { + if (CollectionUtils.isNotEmpty(roleMappingsArrList)) { RoleMapping[] roleMappingsArr = roleMappingsArrList.toArray(new RoleMapping[0]); permissionsAndRoleConfig.setRoleMappings(roleMappingsArr); } } - if (elementName.equals("IdpRoles")) { + if ("IdpRoles".equals(elementName)) { Iterator idpRolesIter = element.getChildElements(); - ArrayList roleMappingsArrList = new ArrayList(); + List roleMappingsArrList = new ArrayList(); while (idpRolesIter.hasNext()) { OMElement idpRolesElement = (OMElement) (idpRolesIter.next()); @@ -107,7 +109,7 @@ public static PermissionsAndRoleConfig build(OMElement permissionsAndRoleConfigO } } - if (roleMappingsArrList != null) { + if (CollectionUtils.isNotEmpty(roleMappingsArrList)) { String[] idpRolesArr = roleMappingsArrList.toArray(new String[0]); permissionsAndRoleConfig.setIdpRoles(idpRolesArr); } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/Property.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/Property.java index 10fcd0c957..58845896b1 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/Property.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/Property.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.model; @@ -62,23 +62,23 @@ public static Property build(OMElement propertyOM) { OMElement element = (OMElement) (iter.next()); String elementName = element.getLocalName(); - if (elementName.equals("Name")) { + if ("Name".equals(elementName)) { property.setName(element.getText()); - } else if (elementName.equals("Value")) { + } else if ("Value".equals(elementName)) { property.setValue(element.getText()); - } else if (elementName.equals("IsConfidential")) { + } else if ("IsConfidential".equals(elementName)) { if (element.getText() != null && element.getText().trim().length() > 0) { property.setConfidential(Boolean.parseBoolean(element.getText())); } - } else if (elementName.equals("defaultValue")) { + } else if ("defaultValue".equals(elementName)) { property.setDefaultValue(element.getText()); - } else if (elementName.equals("DisplayName")) { + } else if ("DisplayName".equals(elementName)) { property.setDisplayName(element.getText()); - } else if (elementName.equals("Required")) { + } else if ("Required".equals(elementName)) { if (element.getText() != null && element.getText().trim().length() > 0) { property.setRequired(Boolean.parseBoolean(element.getText())); } - } else if (elementName.equals("Description")) { + } else if ("Description".equals(elementName)) { property.setDescription(element.getText()); } @@ -201,13 +201,21 @@ public void setType(String type) { @Override public boolean equals(Object o) { - if (this == o) return true; - if (!(o instanceof Property)) return false; + if (this == o) { + return true; + } + if (!(o instanceof Property)) { + return false; + } Property property = (Property) o; - if (name != null ? !name.equals(property.name) : property.name != null) return false; - if (value != null ? !value.equals(property.value) : property.value != null) return false; + if (name != null ? !name.equals(property.name) : property.name != null) { + return false; + } + if (value != null ? !value.equals(property.value) : property.value != null) { + return false; + } return true; } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/ProvisioningConnectorConfig.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/ProvisioningConnectorConfig.java index bff9693211..e4a29c20e3 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/ProvisioningConnectorConfig.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/ProvisioningConnectorConfig.java @@ -1,24 +1,25 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.model; import org.apache.axiom.om.OMElement; +import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; import org.wso2.carbon.identity.application.common.util.IdentityApplicationManagementUtil; @@ -26,6 +27,7 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.Iterator; +import java.util.List; public class ProvisioningConnectorConfig implements Serializable { @@ -52,9 +54,9 @@ public static ProvisioningConnectorConfig build(OMElement provisioningConnectorC OMElement element = (OMElement) (iter.next()); String elementName = element.getLocalName(); - if (elementName.equals("ProvisioningProperties")) { + if ("ProvisioningProperties".equals(elementName)) { Iterator propertiesIter = element.getChildElements(); - ArrayList propertiesArrList = new ArrayList(); + List propertiesArrList = new ArrayList(); if (propertiesIter != null) { while (propertiesIter.hasNext()) { @@ -63,13 +65,13 @@ public static ProvisioningConnectorConfig build(OMElement provisioningConnectorC } } - if (propertiesArrList.size() > 0) { + if (CollectionUtils.isNotEmpty(propertiesArrList)) { Property[] propertiesArr = propertiesArrList.toArray(new Property[0]); provisioningConnectorConfig.setProvisioningProperties(propertiesArr); } } - if (elementName.equals("Name")) { + if ("Name".equals(elementName)) { provisioningConnectorConfig.setName(element.getText()); } } @@ -144,13 +146,17 @@ public void setBlocking(boolean blocking) { @Override public boolean equals(Object o) { if (this == o) return true; - if (!(o instanceof ProvisioningConnectorConfig)) return false; + if (!(o instanceof ProvisioningConnectorConfig)) + return false; ProvisioningConnectorConfig that = (ProvisioningConnectorConfig) o; - if (!StringUtils.equals(name, that.name)) return false; - if (!Arrays.equals(provisioningProperties, that.provisioningProperties)) return false; - + if (!StringUtils.equals(name, that.name)) { + return false; + } + if (!Arrays.equals(provisioningProperties, that.provisioningProperties)) { + return false; + } return true; } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/ProvisioningServiceProviderType.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/ProvisioningServiceProviderType.java index 792b22cc56..75b6be059f 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/ProvisioningServiceProviderType.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/ProvisioningServiceProviderType.java @@ -1,3 +1,21 @@ +/* + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + package org.wso2.carbon.identity.application.common.model; public enum ProvisioningServiceProviderType { diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/RequestPathAuthenticatorConfig.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/RequestPathAuthenticatorConfig.java index 5b4d3edd92..07a321927e 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/RequestPathAuthenticatorConfig.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/RequestPathAuthenticatorConfig.java @@ -1,27 +1,29 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.model; import org.apache.axiom.om.OMElement; +import org.apache.commons.collections.CollectionUtils; import java.util.ArrayList; import java.util.Iterator; +import java.util.List; public class RequestPathAuthenticatorConfig extends LocalAuthenticatorConfig { @@ -42,15 +44,15 @@ public static RequestPathAuthenticatorConfig build(OMElement requestPathAuthenti while (members.hasNext()) { OMElement member = (OMElement) members.next(); - if (member.getLocalName().equals("Name")) { + if ("Name".equals(member.getLocalName())) { requestPathAuthenticatorConfig.setName(member.getText()); - } else if (member.getLocalName().equals("DisplayName")) { + } else if ("DisplayName".equals(member.getLocalName())) { requestPathAuthenticatorConfig.setDisplayName(member.getText()); - } else if (member.getLocalName().equals("IsEnabled")) { + } else if ("IsEnabled".equals(member.getLocalName())) { requestPathAuthenticatorConfig.setEnabled(Boolean.parseBoolean(member.getText())); - } else if (member.getLocalName().equals("Properties")) { + } else if ("Properties".equals(member.getLocalName())) { Iterator propertiesIter = member.getChildElements(); - ArrayList propertiesArrList = new ArrayList(); + List propertiesArrList = new ArrayList(); if (propertiesIter != null) { while (propertiesIter.hasNext()) { @@ -60,7 +62,7 @@ public static RequestPathAuthenticatorConfig build(OMElement requestPathAuthenti } } - if (propertiesArrList.size() > 0) { + if (CollectionUtils.isNotEmpty(propertiesArrList)) { Property[] propertiesArr = propertiesArrList.toArray(new Property[0]); requestPathAuthenticatorConfig.setProperties(propertiesArr); } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/RoleMapping.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/RoleMapping.java index 60e1163558..910594dbd8 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/RoleMapping.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/RoleMapping.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.model; @@ -58,10 +58,10 @@ public static RoleMapping build(OMElement roleMappingOM) { OMElement element = (OMElement) (iter.next()); String elementName = element.getLocalName(); - if (elementName.equals("localRole")) { + if ("localRole".equals(elementName)) { roleMapping.setLocalRole(LocalRole.build(element)); } - if (elementName.equals("remoteRole")) { + if ("remoteRole".equals(elementName)) { roleMapping.setRemoteRole(element.getText()); } } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/SAML2SSOFederatedAuthenticatorConfig.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/SAML2SSOFederatedAuthenticatorConfig.java index f1578424c8..8d6cbbe3ca 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/SAML2SSOFederatedAuthenticatorConfig.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/SAML2SSOFederatedAuthenticatorConfig.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.model; @@ -73,21 +73,6 @@ public class SAML2SSOFederatedAuthenticatorConfig extends FederatedAuthenticator */ private boolean isAuthnResponseEncrypted; - /** - * If Single Logout is enabled - */ - private boolean logoutEnabled; - - /** - * If the LogoutRequest has to be signed - */ - private boolean logoutRequestSigned; - - /** - * If SAMLResponse is signed - */ - private boolean authnResponseSigned; - /** * If User ID is found among claims */ @@ -115,9 +100,6 @@ public SAML2SSOFederatedAuthenticatorConfig(FederatedAuthenticatorConfig federat } else if (IdentityApplicationConstants.Authenticator.SAML2SSO.IS_AUTHN_RESP_SIGNED.equals( property.getName())) { isAuthnResponseSigned = Boolean.parseBoolean(property.getValue()); - } else if (IdentityApplicationConstants.Authenticator.SAML2SSO.IS_AUTHN_RESP_SIGNED.equals( - property.getName())) { - isAuthnResponseEncrypted = Boolean.parseBoolean(property.getValue()); } else if (IdentityApplicationConstants.Authenticator.SAML2SSO.IS_ENABLE_ASSERTION_ENCRYPTION.equals( property.getName())) { isAuthnResponseEncrypted = Boolean.parseBoolean(property.getValue()); diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/SCIMProvisioningConnectorConfig.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/SCIMProvisioningConnectorConfig.java index 54ab221c81..ef6f55c0d2 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/SCIMProvisioningConnectorConfig.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/SCIMProvisioningConnectorConfig.java @@ -1,28 +1,25 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.model; public class SCIMProvisioningConnectorConfig extends ProvisioningConnectorConfig { - /** - * - */ private static final long serialVersionUID = 2385742204639503L; @Override diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/SPMLProvisioningConnectorConfig.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/SPMLProvisioningConnectorConfig.java index 1b4488c88b..e934010cd6 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/SPMLProvisioningConnectorConfig.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/SPMLProvisioningConnectorConfig.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.model; diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/SalesforceProvisioningConnectorConfig.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/SalesforceProvisioningConnectorConfig.java index 9d539b55bf..a3d5dbd838 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/SalesforceProvisioningConnectorConfig.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/SalesforceProvisioningConnectorConfig.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.model; diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/ServiceProvider.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/ServiceProvider.java index b428977ac9..b0abcd0c6e 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/ServiceProvider.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/ServiceProvider.java @@ -1,30 +1,31 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ - package org.wso2.carbon.identity.application.common.model; import org.apache.axiom.om.OMElement; +import org.apache.commons.collections.CollectionUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import java.io.Serializable; import java.util.ArrayList; import java.util.Iterator; +import java.util.List; public class ServiceProvider implements Serializable { @@ -72,38 +73,38 @@ public static ServiceProvider build(OMElement serviceProviderOM) { OMElement element = (OMElement) (iter.next()); String elementName = element.getLocalName(); - if (elementName.equals("ApplicationID")) { + if ("ApplicationID".equals(elementName)) { if (element.getText() != null) { serviceProvider.setApplicationID(Integer.parseInt(element.getText())); } - } else if (elementName.equals("ApplicationName")) { + } else if ("ApplicationName".equals(elementName)) { if (element.getText() != null) { serviceProvider.setApplicationName(element.getText()); } else { log.error("Service provider not loaded from the file. Application Name is null."); return null; } - } else if (elementName.equals("Description")) { + } else if ("Description".equals(elementName)) { serviceProvider.setDescription(element.getText()); - } else if (elementName.equals("IsSaaSApp")) { + } else if ("IsSaaSApp".equals(elementName)) { if (element.getText() != null && "true".equals(element.getText())) { serviceProvider.setSaasApp(true); } else { serviceProvider.setSaasApp(false); } - } else if (elementName.equals("Owner")) { + } else if ("Owner".equals(elementName)) { // build service provider owner. serviceProvider.setOwner(User.build(element)); - } else if (elementName.equals("InboundAuthenticationConfig")) { + } else if ("InboundAuthenticationConfig".equals(elementName)) { // build in-bound authentication configuration. serviceProvider.setInboundAuthenticationConfig(InboundAuthenticationConfig .build(element)); - } else if (elementName.equals("LocalAndOutBoundAuthenticationConfig")) { + } else if ("LocalAndOutBoundAuthenticationConfig".equals(elementName)) { // build local and out-bound authentication configuration. serviceProvider .setLocalAndOutBoundAuthenticationConfig(LocalAndOutboundAuthenticationConfig .build(element)); - } else if (elementName.equals("RequestPathAuthenticatorConfigs")) { + } else if ("RequestPathAuthenticatorConfigs".equals(elementName)) { // build request-path authentication configurations. Iterator requestPathAuthenticatorConfigsIter = element.getChildElements(); @@ -111,7 +112,7 @@ public static ServiceProvider build(OMElement serviceProviderOM) { continue; } - ArrayList requestPathAuthenticatorConfigsArrList; + List requestPathAuthenticatorConfigsArrList; requestPathAuthenticatorConfigsArrList = new ArrayList(); while (requestPathAuthenticatorConfigsIter.hasNext()) { @@ -126,7 +127,7 @@ public static ServiceProvider build(OMElement serviceProviderOM) { } } - if (requestPathAuthenticatorConfigsArrList.size() > 0) { + if (CollectionUtils.isNotEmpty(requestPathAuthenticatorConfigsArrList)) { // add to the service provider, only if we have any. RequestPathAuthenticatorConfig[] requestPathAuthenticatorConfigsArr; requestPathAuthenticatorConfigsArr = requestPathAuthenticatorConfigsArrList @@ -135,18 +136,18 @@ public static ServiceProvider build(OMElement serviceProviderOM) { .setRequestPathAuthenticatorConfigs(requestPathAuthenticatorConfigsArr); } - } else if (elementName.equals("InboundProvisioningConfig")) { + } else if ("InboundProvisioningConfig".equals(elementName)) { // build in-bound provisioning configuration. serviceProvider.setInboundProvisioningConfig(InboundProvisioningConfig .build(element)); - } else if (elementName.equals("OutboundProvisioningConfig")) { + } else if ("OutboundProvisioningConfig".equals(elementName)) { // build out-bound provisioning configuration. serviceProvider.setOutboundProvisioningConfig(OutboundProvisioningConfig .build(element)); - } else if (elementName.equals("ClaimConfig")) { + } else if ("ClaimConfig".equals(elementName)) { // build claim configuration. serviceProvider.setClaimConfig(ClaimConfig.build(element)); - } else if (elementName.equals("PermissionAndRoleConfig")) { + } else if ("PermissionAndRoleConfig".equals(elementName)) { // build permission and role configuration. serviceProvider.setPermissionAndRoleConfig(PermissionsAndRoleConfig.build(element)); } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/ThreadLocalProvisioningServiceProvider.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/ThreadLocalProvisioningServiceProvider.java index b4bbf6879c..528784d0b9 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/ThreadLocalProvisioningServiceProvider.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/ThreadLocalProvisioningServiceProvider.java @@ -1,3 +1,23 @@ + +/* + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + package org.wso2.carbon.identity.application.common.model; import java.io.Serializable; @@ -12,7 +32,7 @@ public class ThreadLocalProvisioningServiceProvider implements Serializable { private String serviceProviderName; private String claimDialect; private boolean justInTimeProvisioning; - private ProvisioningServiceProviderType serviceProviderType; + private transient ProvisioningServiceProviderType serviceProviderType; private String tenantDomain; //isBulkUserAdd is true indicates bulk user add private boolean isBulkUserAdd; diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/User.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/User.java index 55f3d478e8..e4554161ed 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/User.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/User.java @@ -1,19 +1,20 @@ + /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.model; @@ -37,13 +38,13 @@ public class User implements Serializable { * Returns a User instance populated from the given OMElement * The OMElement is of the form below * - * - * - * + * + * + * * * * @param userOM OMElement to populate user - * @return populated User instance + * @return populated User instance */ public static User build(OMElement userOM) { User user = new User(); @@ -55,13 +56,13 @@ public static User build(OMElement userOM) { Iterator iter = userOM.getChildElements(); while (iter.hasNext()) { OMElement member = (OMElement) iter.next(); - if (member.getLocalName().equals("TenantDomain")) { + if ("TenantDomain".equals(member.getLocalName())) { if (member.getText() != null) { user.setTenantDomain(member.getText()); } - } else if (member.getLocalName().equalsIgnoreCase("UserStoreDomain")) { + } else if ("UserStoreDomain".equalsIgnoreCase(member.getLocalName())) { user.setUserStoreDomain(member.getText()); - } else if (member.getLocalName().equalsIgnoreCase("UserName")) { + } else if ("UserName".equalsIgnoreCase(member.getLocalName())) { user.setUserName(member.getText()); } } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/util/CharacterEncoder.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/util/CharacterEncoder.java index c3bd984f42..8c4b8e44ec 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/util/CharacterEncoder.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/util/CharacterEncoder.java @@ -1,5 +1,5 @@ /* -* Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. +* Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * * WSO2 Inc. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except @@ -22,6 +22,9 @@ */ public class CharacterEncoder { + private CharacterEncoder() { + } + public static String getSafeText(String text) { if (text == null) { return text; diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/util/IdentityApplicationConstants.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/util/IdentityApplicationConstants.java index e5cda6c6c7..ab6d84b5bd 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/util/IdentityApplicationConstants.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/util/IdentityApplicationConstants.java @@ -1,25 +1,29 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.common.util; public class IdentityApplicationConstants { + + private IdentityApplicationConstants(){ + } + public static final String APPLICATION_AUTHENTICATION_CONGIG = "application-authentication.xml"; public static final String APPLICATION_AUTHENTICATION_DEFAULT_NAMESPACE = "http://wso2.org/projects/carbon/application-authentication.xml"; @@ -38,6 +42,10 @@ public static class ConfigElements { public static final String ATTR_ENABLED = "enabled"; public static final String PROPERTY_TYPE_STRING = "STRING"; public static final String PROPERTY_TYPE_BLOB = "BLOB"; + + private ConfigElements(){ + } + } public static class Authenticator { @@ -48,8 +56,12 @@ public static class OpenID { public static final String REALM_ID = "RealmId"; public static final String OPEN_ID_URL = "OpenIdUrl"; public static final String IS_USER_ID_IN_CLAIMS = "IsUserIdInClaims"; + + private OpenID(){ + } } + public static class SAML2SSO { public static final String NAME = "samlsso"; @@ -66,6 +78,10 @@ public static class SAML2SSO { public static final String IS_AUTHN_RESP_SIGNED = "IsAuthnRespSigned"; public static final String IS_USER_ID_IN_CLAIMS = "IsUserIdInClaims"; public static final String REQUEST_METHOD = "RequestMethod"; + + private SAML2SSO(){ + } + } public static class OIDC extends OAuth2 { @@ -81,6 +97,9 @@ public static class PassiveSTS { public static final String REALM_ID = "RealmId"; public static final String PASSIVE_STS_URL = "PassiveSTSUrl"; public static final String IS_USER_ID_IN_CLAIMS = "IsUserIdInClaims"; + + private PassiveSTS(){ + } } public static class Facebook { @@ -90,10 +109,16 @@ public static class Facebook { public static final String CLIENT_SECRET = "ClientSecret"; public static final String SCOPE = "Scope"; public static final String USER_INFO_FIELDS = "UserInfoFields"; + + private Facebook(){ + } } public static class WSTrust { public static final String NAME = "wstrust"; + + private WSTrust(){ + } } } @@ -105,6 +130,9 @@ public static class OAuth10A { public static final String OAUTH10A_REQ_URL = "OAuth10AReqTokenUrl"; public static final String OAUTH10A_AUTHZ_URL = "OAuth10AAuthzTokenUrl"; public static final String OAUTH10A_ACCESS_URL = "OAuth10AAccessTokenUrl"; + + private OAuth10A(){ + } } public static class OAuth2 { @@ -114,6 +142,9 @@ public static class OAuth2 { public static final String CLIENT_SECRET = "ClientSecret"; public static final String OAUTH2_AUTHZ_URL = "OAuth2AuthzUrl"; public static final String OAUTH2_TOKEN_URL = "OAUTH2TokenUrl"; + + private OAuth2(){ + } } } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/util/IdentityApplicationManagementUtil.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/util/IdentityApplicationManagementUtil.java index 715fe2afd8..c674b3aea7 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/util/IdentityApplicationManagementUtil.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/util/IdentityApplicationManagementUtil.java @@ -1,33 +1,40 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ - package org.wso2.carbon.identity.application.common.util; import org.apache.axiom.om.OMElement; import org.apache.axiom.om.util.Base64; import org.apache.axiom.util.base64.Base64Utils; +import org.apache.commons.collections.MapUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.claim.mgt.ClaimManagerHandler; import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException; -import org.wso2.carbon.identity.application.common.model.*; -import org.wso2.carbon.identity.core.persistence.JDBCPersistenceManager; +import org.wso2.carbon.identity.application.common.model.CertData; +import org.wso2.carbon.identity.application.common.model.ClaimMapping; +import org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig; +import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig; +import org.wso2.carbon.identity.application.common.model.Property; +import org.wso2.carbon.identity.application.common.model.ProvisioningConnectorConfig; +import org.wso2.carbon.identity.application.common.model.ServiceProvider; +import org.wso2.carbon.identity.application.common.model.ThreadLocalProvisioningServiceProvider; import org.wso2.carbon.identity.base.IdentityException; +import org.wso2.carbon.identity.core.persistence.JDBCPersistenceManager; import javax.crypto.Mac; import javax.crypto.spec.SecretKeySpec; @@ -39,18 +46,33 @@ import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.SignatureException; -import java.security.cert.*; +import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; import java.sql.Connection; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; import java.text.Format; import java.text.SimpleDateFormat; -import java.util.*; +import java.util.Arrays; +import java.util.Date; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.Map; import java.util.Map.Entry; +import java.util.Properties; +import java.util.Set; public class IdentityApplicationManagementUtil { + private IdentityApplicationManagementUtil(){ + } + private static final Log log = LogFactory.getLog(IdentityApplicationManagementUtil.class); private static ThreadLocal threadLocalProvisioningServiceProvider = new ThreadLocal(); @@ -86,7 +108,7 @@ public static boolean validateURI(String uriString) { if (uriString != null) { try { - new URL(uriString); + URL url = new URL(uriString); } catch (MalformedURLException e) { log.debug(e.getMessage(), e); return false; @@ -267,7 +289,7 @@ public static String hexify(byte bytes[]) { if (bytes != null) { char[] hexDigits = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'}; - StringBuffer buf = new StringBuffer(bytes.length * 2); + StringBuilder buf = new StringBuilder(bytes.length * 2); for (int i = 0; i < bytes.length; ++i) { buf.append(hexDigits[(bytes[i] & 0xf0) >> 4]); buf.append(hexDigits[bytes[i] & 0x0f]); @@ -392,13 +414,12 @@ public static Map> getMappedClaims(String outboundCla // default values.since we do not know the out-bound claim mapping - whatever in the // in-bound claims will be mapped into the out-bound claim dialect. - if (inboundClaimValueMap == null || inboundClaimValueMap.size() == 0) { + if (MapUtils.isEmpty(inboundClaimValueMap)) { // we do not have out-bound claim mapping - and a default values to worry about. // just return what we got. return outboundClaimValueMappings; } - // {in-bound-dialect-claim-uri, out-bound-dialect-claim-uri} Map claimMap = null; // out-bound is not in wso2 carbon dialect. we need to find how it maps to wso2 @@ -501,18 +522,16 @@ public static Map> getMappedClaims(String outboundCla try { - if (inboundClaimValueMap == null || inboundClaimValueMap.size() == 0) { + if (MapUtils.isEmpty(inboundClaimValueMap)) { return outboundClaimValueMappings; } - // {in-bound-dialect-claim-uri, out-bound-dialect-claim-uri} Map claimMap = null; if (IdentityApplicationConstants.WSO2CARBON_CLAIM_DIALECT .equals(inboundClaimMappingDialect)) { // in-bound dialect is in default carbon dialect. // otherDialectURI, carbonClaimURIs, tenantDomain, carbonDialectAsKey - // this will return back a claim map {carbon-claim-uri,out-bound-claim-uri} // this map will have out-bound dialect as the key. claimMap = ClaimManagerHandler.getInstance() .getMappingsMapFromOtherDialectToCarbon(outboundClaimDialect, null, @@ -607,7 +626,7 @@ public static Map> getMappedClaims( outboundClaimValueMappings = new HashMap>(); } - if (inboundClaimValueMap == null || inboundClaimValueMap.size() == 0) { + if (MapUtils.isEmpty(inboundClaimValueMap)) { // we do not have any values in the incoming provisioning request. // we need to populate outboundClaimValueMappings map with the default values from // the out-bound claim mapping. @@ -628,7 +647,6 @@ public static Map> getMappedClaims( return outboundClaimValueMappings; } - // {in-bound-dialect-claim-uri, out-bound-dialect-claim-uri} Map claimMap = null; // out-bound is not in wso2 carbon dialect. we need to find how it maps to wso2 @@ -727,7 +745,7 @@ public static Map> getMappedClaims( try { - if (inboundClaimValueMap == null || inboundClaimValueMap.size() == 0) { + if (MapUtils.isEmpty(inboundClaimValueMap)) { // we do not have any values in the incoming provisioning request. // we need to populate outboundClaimValueMappings map with the default values from // the out-bound claim mapping. @@ -748,7 +766,6 @@ public static Map> getMappedClaims( return outboundClaimValueMappings; } - // {in-bound-dialect-claim-uri, out-bound-dialect-claim-uri} Map claimMap = null; // out-bound is not in wso2 carbon dialect. we need to find how it maps to wso2 @@ -762,7 +779,6 @@ public static Map> getMappedClaims( .getMappingsMapFromOtherDialectToCarbon(inboundClaimMappingDialect, inboundClaimValueMap.keySet(), tenantDomain, true); - // {in-bound claim dialect / out-bound claim dialect} claimMap = new HashMap(); Map outboundClaimDefaultValues = new HashMap(); @@ -909,7 +925,7 @@ public static String getSignedJWT(String jsonObj, ServiceProvider serviceProvide .getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs(); for (InboundAuthenticationRequestConfig authReqConfig : authReqConfigs) { - if (authReqConfig.getInboundAuthType().equals("oauth2")) { + if ("oauth2".equals(authReqConfig.getInboundAuthType())) { if (authReqConfig.getProperties() != null) { for (Property property : authReqConfig.getProperties()) { if ("oauthConsumerSecret".equalsIgnoreCase(property.getName())) { @@ -970,6 +986,9 @@ public static String calculateHmacSha1(String key, String value) throws Signatur byte[] rawHmac = mac.doFinal(value.getBytes()); result = Base64Utils.encode(rawHmac); } catch (Exception e) { + if(log.isDebugEnabled()){ + log.debug("Failed to create the HMAC Signature",e); + } throw new SignatureException("Failed to calculate HMAC : " + e.getMessage()); } return result; diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/test/java/org/wso2/carbon/identity/application/common/model/test/IdentityProviderBuild.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/test/java/org/wso2/carbon/identity/application/common/model/test/IdentityProviderBuild.java index cfc03dfc75..db3db05207 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/test/java/org/wso2/carbon/identity/application/common/model/test/IdentityProviderBuild.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/test/java/org/wso2/carbon/identity/application/common/model/test/IdentityProviderBuild.java @@ -1,11 +1,5 @@ package org.wso2.carbon.identity.application.common.model.test; -import java.io.BufferedReader; -import java.io.FileReader; -import java.io.IOException; - -import javax.xml.stream.XMLStreamException; - import org.apache.axiom.om.OMElement; import org.apache.axiom.om.util.AXIOMUtil; import org.wso2.carbon.identity.application.common.model.ApplicationPermission; @@ -20,6 +14,11 @@ import org.wso2.carbon.identity.application.common.model.ProvisioningConnectorConfig; import org.wso2.carbon.identity.application.common.model.RoleMapping; +import javax.xml.stream.XMLStreamException; +import java.io.BufferedReader; +import java.io.FileReader; +import java.io.IOException; + public class IdentityProviderBuild { public static void main(String args[]) throws IOException, XMLStreamException { diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/test/java/org/wso2/carbon/identity/application/common/model/test/ProvisioningConnectorConfigTest.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/test/java/org/wso2/carbon/identity/application/common/model/test/ProvisioningConnectorConfigTest.java index 1b06626865..667ee3ee8c 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/test/java/org/wso2/carbon/identity/application/common/model/test/ProvisioningConnectorConfigTest.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/test/java/org/wso2/carbon/identity/application/common/model/test/ProvisioningConnectorConfigTest.java @@ -22,8 +22,8 @@ import org.wso2.carbon.identity.application.common.model.Property; import org.wso2.carbon.identity.application.common.model.ProvisioningConnectorConfig; -import static org.junit.Assert.assertNotEquals; import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotEquals; /** * Testing the ProvisioningConnectorConfig class diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/test/java/org/wso2/carbon/identity/application/common/model/test/ServiceProviderBuild.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/test/java/org/wso2/carbon/identity/application/common/model/test/ServiceProviderBuild.java index 950eb457b1..0c9f9b82a7 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/test/java/org/wso2/carbon/identity/application/common/model/test/ServiceProviderBuild.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/test/java/org/wso2/carbon/identity/application/common/model/test/ServiceProviderBuild.java @@ -1,11 +1,5 @@ package org.wso2.carbon.identity.application.common.model.test; -import java.io.BufferedReader; -import java.io.FileReader; -import java.io.IOException; - -import javax.xml.stream.XMLStreamException; - import org.apache.axiom.om.OMElement; import org.apache.axiom.om.util.AXIOMUtil; import org.wso2.carbon.identity.application.common.model.ApplicationPermission; @@ -25,7 +19,11 @@ import org.wso2.carbon.identity.application.common.model.RequestPathAuthenticatorConfig; import org.wso2.carbon.identity.application.common.model.RoleMapping; import org.wso2.carbon.identity.application.common.model.ServiceProvider; -import org.wso2.carbon.identity.application.common.model.User; + +import javax.xml.stream.XMLStreamException; +import java.io.BufferedReader; +import java.io.FileReader; +import java.io.IOException; public class ServiceProviderBuild { diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/pom.xml b/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/pom.xml index 8eef8af724..f54ca5bd16 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/pom.xml +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/pom.xml @@ -19,7 +19,7 @@ org.wso2.carbon.identity application-mgt - 4.4.2-SNAPSHOT + 4.5.6-SNAPSHOT ../pom.xml WSO2 Carbon - Application Management UI @@ -71,6 +71,7 @@ org.apache.axis2.*; version="${axis2.osgi.version.range}", org.apache.commons.logging; version="${commons-logging.osgi.version.range}", + org.apache.commons.collections; version="${commons-collections.wso2.osgi.version.range}", org.wso2.carbon.ui.util; version="${carbon.kernel.package.import.version.range}", org.wso2.carbon.utils; version="${carbon.kernel.package.import.version.range}", diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/java/org/wso2/carbon/identity/application/mgt/ui/ApplicationBean.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/java/org/wso2/carbon/identity/application/mgt/ui/ApplicationBean.java index ca690e9060..228d331a31 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/java/org/wso2/carbon/identity/application/mgt/ui/ApplicationBean.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/java/org/wso2/carbon/identity/application/mgt/ui/ApplicationBean.java @@ -1,23 +1,44 @@ /* - *Copyright (c) 2005-2013, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.mgt.ui; -import org.wso2.carbon.identity.application.common.model.xsd.*; +import org.apache.commons.collections.CollectionUtils; +import org.wso2.carbon.identity.application.common.model.xsd.ApplicationPermission; +import org.wso2.carbon.identity.application.common.model.xsd.AuthenticationStep; +import org.wso2.carbon.identity.application.common.model.xsd.Claim; +import org.wso2.carbon.identity.application.common.model.xsd.ClaimConfig; +import org.wso2.carbon.identity.application.common.model.xsd.ClaimMapping; +import org.wso2.carbon.identity.application.common.model.xsd.FederatedAuthenticatorConfig; +import org.wso2.carbon.identity.application.common.model.xsd.IdentityProvider; +import org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationConfig; +import org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationRequestConfig; +import org.wso2.carbon.identity.application.common.model.xsd.InboundProvisioningConfig; +import org.wso2.carbon.identity.application.common.model.xsd.JustInTimeProvisioningConfig; +import org.wso2.carbon.identity.application.common.model.xsd.LocalAndOutboundAuthenticationConfig; +import org.wso2.carbon.identity.application.common.model.xsd.LocalAuthenticatorConfig; +import org.wso2.carbon.identity.application.common.model.xsd.LocalRole; +import org.wso2.carbon.identity.application.common.model.xsd.OutboundProvisioningConfig; +import org.wso2.carbon.identity.application.common.model.xsd.PermissionsAndRoleConfig; +import org.wso2.carbon.identity.application.common.model.xsd.Property; +import org.wso2.carbon.identity.application.common.model.xsd.ProvisioningConnectorConfig; +import org.wso2.carbon.identity.application.common.model.xsd.RequestPathAuthenticatorConfig; +import org.wso2.carbon.identity.application.common.model.xsd.RoleMapping; +import org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider; import org.wso2.carbon.ui.util.CharacterEncoder; import javax.servlet.http.HttpServletRequest; @@ -66,7 +87,6 @@ public void reset() { roleMap = null; claimMap = null; requestedClaims = new HashMap(); - ; samlIssuer = null; oauthAppName = null; wstrustEp = null; @@ -518,7 +538,7 @@ public void deleteSAMLIssuer() { } tempAuthRequest.add(authRequest[i]); } - if (tempAuthRequest.size() > 0) { + if (CollectionUtils.isNotEmpty(tempAuthRequest)) { serviceProvider .getInboundAuthenticationConfig() .setInboundAuthenticationRequestConfigs( @@ -553,7 +573,7 @@ public void deleteOauthApp() { } tempAuthRequest.add(authRequest[i]); } - if (tempAuthRequest.size() > 0) { + if (CollectionUtils.isNotEmpty(tempAuthRequest)) { serviceProvider .getInboundAuthenticationConfig() .setInboundAuthenticationRequestConfigs( @@ -580,7 +600,7 @@ public void deleteWstrustEp() { } tempAuthRequest.add(authRequest[i]); } - if (tempAuthRequest.size() > 0) { + if (CollectionUtils.isNotEmpty(tempAuthRequest)) { serviceProvider .getInboundAuthenticationConfig() .setInboundAuthenticationRequestConfigs( @@ -687,7 +707,6 @@ public String getPassiveSTSRealm() { } /** - * * @return */ public String getPassiveSTSWReply() { @@ -707,7 +726,7 @@ public String getPassiveSTSWReply() { Property[] properties = authRequest[i].getProperties(); if (properties != null) { for (int j = 0; j < properties.length; j++) { - if("passiveSTSWReply".equalsIgnoreCase(properties[j].getName())) { + if ("passiveSTSWReply".equalsIgnoreCase(properties[j].getName())) { passiveSTSWReply = properties[j].getValue(); break; } @@ -748,12 +767,12 @@ public void updateOutBoundAuthenticationConfig(HttpServletRequest request) { authStep.setStepOrder(Integer.parseInt(authstep)); boolean isSubjectStep = request.getParameter("subject_step_" + authstep) != null - && request.getParameter("subject_step_" + authstep).equals("on") ? true + && "on".equals(request.getParameter("subject_step_" + authstep)) ? true : false; authStep.setSubjectStep(isSubjectStep); boolean isAttributeStep = request.getParameter("attribute_step_" + authstep) != null - && request.getParameter("attribute_step_" + authstep).equals("on") ? true + && "on".equals(request.getParameter("attribute_step_" + authstep)) ? true : false; authStep.setAttributeStep(isAttributeStep); @@ -778,7 +797,7 @@ public void updateOutBoundAuthenticationConfig(HttpServletRequest request) { } } - if (localAuthList.size() > 0) { + if (localAuthList != null && !localAuthList.isEmpty()) { authStep.setLocalAuthenticatorConfigs(localAuthList .toArray(new LocalAuthenticatorConfig[localAuthList.size()])); } @@ -796,8 +815,8 @@ public void updateOutBoundAuthenticationConfig(HttpServletRequest request) { idp.setIdentityProviderName(name); FederatedAuthenticatorConfig authenticator = new FederatedAuthenticatorConfig(); - authenticator.setName(CharacterEncoder.getSafeText(request.getParameter("step_" + authstep + "_idp_" - + name + "_fed_authenticator"))); + authenticator.setName(CharacterEncoder.getSafeText(request.getParameter("step_" + + authstep + "_idp_" + name + "_fed_authenticator"))); idp.setDefaultAuthenticatorConfig(authenticator); idp.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[]{authenticator}); @@ -805,7 +824,7 @@ public void updateOutBoundAuthenticationConfig(HttpServletRequest request) { } } - if (fedIdpList.size() > 0) { + if (fedIdpList != null && !fedIdpList.isEmpty()) { authStep.setFederatedIdentityProviders(fedIdpList .toArray(new IdentityProvider[fedIdpList.size()])); } @@ -825,7 +844,7 @@ public void updateOutBoundAuthenticationConfig(HttpServletRequest request) { .setLocalAndOutBoundAuthenticationConfig(new LocalAndOutboundAuthenticationConfig()); } - if (authStepList != null && authStepList.size() > 0) { + if (CollectionUtils.isNotEmpty(authStepList)) { serviceProvider.getLocalAndOutBoundAuthenticationConfig().setAuthenticationSteps( authStepList.toArray(new AuthenticationStep[authStepList.size()])); } @@ -869,8 +888,10 @@ public void update(HttpServletRequest request) { List provisioningIdps = new ArrayList(); for (String proProvider : provisioningProviders) { - String connector = CharacterEncoder.getSafeText(request.getParameter("provisioning_con_idp_" + proProvider)); - String jitEnabled = CharacterEncoder.getSafeText(request.getParameter("provisioning_jit_" + proProvider)); + String connector = CharacterEncoder.getSafeText(request.getParameter("provisioning_con_idp_" + + proProvider)); + String jitEnabled = CharacterEncoder.getSafeText(request.getParameter("provisioning_jit_" + + proProvider)); String blocking = CharacterEncoder.getSafeText(request.getParameter("blocking_prov_" + proProvider)); if (connector != null) { IdentityProvider proIdp = new IdentityProvider(); @@ -896,7 +917,7 @@ public void update(HttpServletRequest request) { } } - if (provisioningIdps.size() > 0) { + if (CollectionUtils.isNotEmpty(provisioningIdps)) { OutboundProvisioningConfig outboundProConfig = new OutboundProvisioningConfig(); outboundProConfig.setProvisioningIdentityProviders(provisioningIdps .toArray(new IdentityProvider[provisioningIdps.size()])); @@ -920,7 +941,7 @@ public void update(HttpServletRequest request) { } } - if (reqAuthList.size() > 0) { + if (CollectionUtils.isNotEmpty(reqAuthList)) { serviceProvider.setRequestPathAuthenticatorConfigs(reqAuthList .toArray(new RequestPathAuthenticatorConfig[reqAuthList.size()])); } else { @@ -980,7 +1001,7 @@ public void update(HttpServletRequest request) { Property property = new Property(); property.setName("passiveSTSWReply"); property.setValue(passiveSTSWReply); - Property[] properties = { property }; + Property[] properties = {property}; opicAuthenticationRequest.setProperties(properties); } authRequestList.add(opicAuthenticationRequest); @@ -999,7 +1020,7 @@ public void update(HttpServletRequest request) { serviceProvider.setInboundAuthenticationConfig(new InboundAuthenticationConfig()); } - if (authRequestList.size() > 0) { + if (CollectionUtils.isNotEmpty(authRequestList)) { serviceProvider.getInboundAuthenticationConfig() .setInboundAuthenticationRequestConfigs( authRequestList @@ -1040,7 +1061,8 @@ public void update(HttpServletRequest request) { // already updated. } - String alwaysSendAuthListOfIdPs = CharacterEncoder.getSafeText(request.getParameter("always_send_auth_list_of_idps")); + String alwaysSendAuthListOfIdPs = CharacterEncoder.getSafeText( + request.getParameter("always_send_auth_list_of_idps")); serviceProvider.getLocalAndOutBoundAuthenticationConfig() .setAlwaysSendBackAuthenticatedListOfIdPs(alwaysSendAuthListOfIdPs != null && "on".equals(alwaysSendAuthListOfIdPs) ? true : false); @@ -1065,7 +1087,7 @@ public void update(HttpServletRequest request) { } } - if (appPermList.size() > 0) { + if (CollectionUtils.isNotEmpty(appPermList)) { permAndRoleConfig.setPermissions(appPermList .toArray(new ApplicationPermission[appPermList.size()])); } @@ -1094,7 +1116,7 @@ public void update(HttpServletRequest request) { } if (request.getParameter("claim_dialect") != null - && request.getParameter("claim_dialect").equals("custom")) { + && "custom".equals(request.getParameter("claim_dialect"))) { serviceProvider.getClaimConfig().setLocalClaimDialect(false); } else { serviceProvider.getClaimConfig().setLocalClaimDialect(true); @@ -1137,7 +1159,8 @@ public void update(HttpServletRequest request) { serviceProvider.getClaimConfig().setClaimMappings( claimMappingList.toArray(new ClaimMapping[claimMappingList.size()])); - serviceProvider.getClaimConfig().setRoleClaimURI(CharacterEncoder.getSafeText(request.getParameter("roleClaim"))); + serviceProvider.getClaimConfig().setRoleClaimURI(CharacterEncoder.getSafeText( + request.getParameter("roleClaim"))); String alwaysSendMappedLocalSubjectId = CharacterEncoder.getSafeText(request .getParameter("always_send_local_subject_id")); @@ -1169,7 +1192,6 @@ public void setPassivests(String passivests) { } /** - * * @param passiveSTSWReply */ public void setPassiveSTSWReply(String passiveSTSWReply) { @@ -1207,8 +1229,10 @@ public void updateLocalSp(HttpServletRequest request) { if (provisioningProviders != null && provisioningProviders.length > 0) { for (String proProvider : provisioningProviders) { - String connector = CharacterEncoder.getSafeText(request.getParameter("provisioning_con_idp_" + proProvider)); - String jitEnabled = CharacterEncoder.getSafeText(request.getParameter("provisioning_jit_" + proProvider)); + String connector = CharacterEncoder.getSafeText(request.getParameter( + "provisioning_con_idp_" + proProvider)); + String jitEnabled = CharacterEncoder.getSafeText(request.getParameter( + "provisioning_jit_" + proProvider)); String blocking = CharacterEncoder.getSafeText(request.getParameter("blocking_prov_" + proProvider)); JustInTimeProvisioningConfig jitpro = new JustInTimeProvisioningConfig(); @@ -1232,7 +1256,7 @@ public void updateLocalSp(HttpServletRequest request) { } } - if (provisioningIdps.size() > 0) { + if (CollectionUtils.isNotEmpty(provisioningIdps)) { OutboundProvisioningConfig outboundProConfig = new OutboundProvisioningConfig(); outboundProConfig.setProvisioningIdentityProviders(provisioningIdps .toArray(new IdentityProvider[provisioningIdps.size()])); diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/java/org/wso2/carbon/identity/application/mgt/ui/client/ApplicationManagementServiceClient.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/java/org/wso2/carbon/identity/application/mgt/ui/client/ApplicationManagementServiceClient.java index 489a2f6a87..aa4692dc55 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/java/org/wso2/carbon/identity/application/mgt/ui/client/ApplicationManagementServiceClient.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/java/org/wso2/carbon/identity/application/mgt/ui/client/ApplicationManagementServiceClient.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2013, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.mgt.ui.client; @@ -24,7 +24,11 @@ import org.apache.axis2.context.ConfigurationContext; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.wso2.carbon.identity.application.common.model.xsd.*; +import org.wso2.carbon.identity.application.common.model.xsd.ApplicationBasicInfo; +import org.wso2.carbon.identity.application.common.model.xsd.IdentityProvider; +import org.wso2.carbon.identity.application.common.model.xsd.LocalAuthenticatorConfig; +import org.wso2.carbon.identity.application.common.model.xsd.RequestPathAuthenticatorConfig; +import org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider; import org.wso2.carbon.identity.application.mgt.stub.IdentityApplicationManagementServiceIdentityApplicationManagementException; import org.wso2.carbon.identity.application.mgt.stub.IdentityApplicationManagementServiceStub; import org.wso2.carbon.user.mgt.stub.UserAdminStub; @@ -83,10 +87,11 @@ public void createApplication(ServiceProvider serviceProvider) throws Exception } stub.createApplication(serviceProvider); } catch (RemoteException e) { - log.error(e.getMessage(), e); + log.error("Error in registering the service provider"+ " " +serviceProvider.getApplicationName(), e); throw new Exception(e.getMessage()); } catch (IdentityApplicationManagementServiceIdentityApplicationManagementException e) { - log.error(e.getMessage(), e); + log.error("Error in creating the application in service provider"+ " " +serviceProvider. + getApplicationName(), e); throw new Exception(e.getMessage()); } @@ -104,7 +109,7 @@ public ServiceProvider getApplication(String applicationName) throws Exception { } return stub.getApplication(applicationName); } catch (Exception e) { - log.error(e.getMessage(), e); + log.error("Error occurred while in loading the application"+ " " +applicationName, e); throw new Exception(e.getMessage()); } @@ -118,10 +123,10 @@ public ApplicationBasicInfo[] getAllApplicationBasicInfo() throws Exception { try { return stub.getAllApplicationBasicInfo(); } catch (RemoteException e) { - log.error(e.getMessage(), e); + log.error("Error occurred while registering the service provider", e); throw new Exception(e.getMessage()); } catch (IdentityApplicationManagementServiceIdentityApplicationManagementException e) { - log.error(e.getMessage(), e); + log.error("Error occurred while retrieving the information of application", e); throw new Exception(e.getMessage()); } } @@ -134,10 +139,10 @@ public void updateApplicationData(ServiceProvider serviceProvider) throws Except try { stub.updateApplication(serviceProvider); } catch (RemoteException e) { - log.error(e.getMessage(), e); + log.error("Error occurred while registering the service provider", e); throw new Exception(e.getMessage()); } catch (IdentityApplicationManagementServiceIdentityApplicationManagementException e) { - log.error(e.getMessage(), e); + log.error("Error occurred while updating the information of application", e); throw new Exception(e.getMessage()); } } @@ -150,10 +155,10 @@ public void deleteApplication(String applicationID) throws Exception { try { stub.deleteApplication(applicationID); } catch (RemoteException e) { - log.error(e.getMessage(), e); + log.error("Error occurred while registering the service provider", e); throw new Exception(e.getMessage()); } catch (IdentityApplicationManagementServiceIdentityApplicationManagementException e) { - log.error(e.getMessage(), e); + log.error("Error occurred while deleting the application in the service provider", e); throw new Exception(e.getMessage()); } @@ -194,7 +199,7 @@ public IdentityProvider[] getAllFederatedIdentityProvider() throws Exception { try { idps = stub.getAllIdentityProviders(); } catch (Exception e) { - e.printStackTrace(); + log.error("Error occurred while retrieving the Identity Providers", e); } return idps; } @@ -225,9 +230,10 @@ public String[] getUserStoreDomains() throws Exception { } return readWriteDomainNames.toArray(new String[readWriteDomainNames.size()]); } catch (Exception e) { - log.error(e.getMessage(), e); + log.error("Error occurred while retrieving User Store Domains ", e); throw new Exception( - "Error occurred while retrieving Read-Write User Store Domain IDs for logged-in user's tenant realm"); + "Error occurred while retrieving Read-Write User Store Domain IDs for logged-in user's tenant " + + "realm"); } } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/java/org/wso2/carbon/identity/application/mgt/ui/internal/ApplicationMgtServiceComponentHolder.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/java/org/wso2/carbon/identity/application/mgt/ui/internal/ApplicationMgtServiceComponentHolder.java index 061d206ae0..23e3529d89 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/java/org/wso2/carbon/identity/application/mgt/ui/internal/ApplicationMgtServiceComponentHolder.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/java/org/wso2/carbon/identity/application/mgt/ui/internal/ApplicationMgtServiceComponentHolder.java @@ -1,20 +1,20 @@ /* -*Copyright (c) 2005-2013, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -*WSO2 Inc. licenses this file to you under the Apache License, -*Version 2.0 (the "License"); you may not use this file except -*in compliance with the License. -*You may obtain a copy of the License at -* -*http://www.apache.org/licenses/LICENSE-2.0 -* -*Unless required by applicable law or agreed to in writing, -*software distributed under the License is distributed on an -*"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -*KIND, either express or implied. See the License for the -*specific language governing permissions and limitations -*under the License. -*/ + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package org.wso2.carbon.identity.application.mgt.ui.internal; diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/java/org/wso2/carbon/identity/application/mgt/ui/internal/ApplicationMgtUIServiceComponent.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/java/org/wso2/carbon/identity/application/mgt/ui/internal/ApplicationMgtUIServiceComponent.java index 3048769c28..bb51b4ac92 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/java/org/wso2/carbon/identity/application/mgt/ui/internal/ApplicationMgtUIServiceComponent.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/java/org/wso2/carbon/identity/application/mgt/ui/internal/ApplicationMgtUIServiceComponent.java @@ -1,20 +1,20 @@ /* -*Copyright (c) 2005-2013, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -*WSO2 Inc. licenses this file to you under the Apache License, -*Version 2.0 (the "License"); you may not use this file except -*in compliance with the License. -*You may obtain a copy of the License at -* -*http://www.apache.org/licenses/LICENSE-2.0 -* -*Unless required by applicable law or agreed to in writing, -*software distributed under the License is distributed on an -*"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -*KIND, either express or implied. See the License for the -*specific language governing permissions and limitations -*under the License. -*/ + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package org.wso2.carbon.identity.application.mgt.ui.internal; diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/resources/org/wso2/carbon/identity/application/mgt/ui/i18n/Resources.properties b/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/resources/org/wso2/carbon/identity/application/mgt/ui/i18n/Resources.properties index 0a6be73e29..af84dd8d03 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/resources/org/wso2/carbon/identity/application/mgt/ui/i18n/Resources.properties +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/resources/org/wso2/carbon/identity/application/mgt/ui/i18n/Resources.properties @@ -130,4 +130,5 @@ help.desc=A meaningful description about the service provider local.sp=Resident Service Provider scim.inbound.provisioning.head=SCIM/SOAP Configuration help.inbound.scim=Select userstore domain name to provision users and groups. - +next=Next +prev=Prev \ No newline at end of file diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/resources/web/application/add-service-provider-finish.jsp b/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/resources/web/application/add-service-provider-finish.jsp index 8baa216797..432e0de431 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/resources/web/application/add-service-provider-finish.jsp +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/resources/web/application/add-service-provider-finish.jsp @@ -16,13 +16,13 @@ ~ under the License. --> -<%@page import="org.wso2.carbon.ui.util.CharacterEncoder"%> -<%@ page import="org.apache.axis2.context.ConfigurationContext"%> +<%@page import="org.apache.axis2.context.ConfigurationContext"%> <%@ page import="org.wso2.carbon.CarbonConstants"%> <%@ page import="org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider"%> <%@ page import="org.wso2.carbon.identity.application.mgt.ui.client.ApplicationManagementServiceClient"%> <%@ page import="org.wso2.carbon.ui.CarbonUIMessage"%> <%@ page import="org.wso2.carbon.ui.CarbonUIUtil"%> +<%@ page import="org.wso2.carbon.ui.util.CharacterEncoder"%> <%@ page import="org.wso2.carbon.utils.ServerConstants"%> <%@ page import="java.util.ResourceBundle"%> diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/resources/web/application/configure-local-service-provider.jsp b/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/resources/web/application/configure-local-service-provider.jsp index 3ba10b81b6..acd14dcee7 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/resources/web/application/configure-local-service-provider.jsp +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/resources/web/application/configure-local-service-provider.jsp @@ -17,17 +17,16 @@ --> <%@ page import="org.apache.axis2.context.ConfigurationContext"%> <%@ page import="org.wso2.carbon.CarbonConstants"%> -<%@ page import="org.wso2.carbon.ui.CarbonUIMessage" %> -<%@ page import="org.wso2.carbon.ui.CarbonUIUtil" %> -<%@ page import="org.wso2.carbon.utils.ServerConstants" %> -<%@ page import="org.wso2.carbon.identity.application.mgt.ui.client.ApplicationManagementServiceClient"%> -<%@ page import="org.wso2.carbon.identity.application.common.model.xsd.IdentityProvider"%> -<%@ page import="org.wso2.carbon.identity.application.common.model.xsd.ProvisioningConnectorConfig"%> +<%@ page import="org.wso2.carbon.identity.application.common.model.xsd.IdentityProvider" %> +<%@ page import="org.wso2.carbon.identity.application.common.model.xsd.ProvisioningConnectorConfig" %> +<%@ page import="org.wso2.carbon.identity.application.mgt.ui.client.ApplicationManagementServiceClient" %> +<%@ page import="org.wso2.carbon.ui.CarbonUIMessage"%> +<%@ page import="org.wso2.carbon.ui.CarbonUIUtil"%> +<%@ page import="org.wso2.carbon.utils.ServerConstants"%> <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %> <%@ taglib prefix="carbon" uri="http://wso2.org/projects/carbon/taglibs/carbontags.jar"%> <%@ page import="java.util.HashMap" %> <%@ page import="java.util.Map" %> -<%@ page import="org.wso2.carbon.identity.application.common.model.xsd.ProvisioningConnectorConfig" %> -<%@page import="org.wso2.carbon.ui.util.CharacterEncoder"%> -<%@ page import="org.apache.axis2.context.ConfigurationContext"%> +<%@page import="org.apache.axis2.context.ConfigurationContext"%> <%@ page import="org.wso2.carbon.CarbonConstants"%> <%@ page import="org.wso2.carbon.identity.application.mgt.ui.client.ApplicationManagementServiceClient"%> <%@ page import="org.wso2.carbon.ui.CarbonUIMessage"%> <%@ page import="org.wso2.carbon.ui.CarbonUIUtil"%> +<%@ page import="org.wso2.carbon.ui.util.CharacterEncoder"%> <%@ page import="org.wso2.carbon.utils.ServerConstants"%> <%@ page import="java.util.ResourceBundle"%> diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/resources/web/application/configure-service-provider.jsp b/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/resources/web/application/configure-service-provider.jsp index 22e3beb324..dff26c7113 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/resources/web/application/configure-service-provider.jsp +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/resources/web/application/configure-service-provider.jsp @@ -16,27 +16,26 @@ ~ under the License. --> -<%@page import="org.wso2.carbon.ui.util.CharacterEncoder"%> -<%@ page import="org.apache.axis2.context.ConfigurationContext"%> +<%@page import="org.apache.axis2.context.ConfigurationContext"%> <%@ page import="org.wso2.carbon.CarbonConstants"%> <%@ page import="org.wso2.carbon.identity.application.common.model.xsd.IdentityProvider"%> <%@ page import="org.wso2.carbon.identity.application.common.model.xsd.LocalAuthenticatorConfig"%> <%@ page import="org.wso2.carbon.identity.application.common.model.xsd.ProvisioningConnectorConfig"%> +<%@ page import="org.wso2.carbon.identity.application.common.model.xsd.RequestPathAuthenticatorConfig"%> <%@ page - import="org.wso2.carbon.identity.application.common.model.xsd.RequestPathAuthenticatorConfig"%> -<%@ page import="org.wso2.carbon.identity.application.mgt.ui.ApplicationBean"%> -<%@page import="org.wso2.carbon.identity.application.mgt.ui.client.ApplicationManagementServiceClient"%> + import="org.wso2.carbon.identity.application.mgt.ui.ApplicationBean"%> +<%@ page import="org.wso2.carbon.identity.application.mgt.ui.client.ApplicationManagementServiceClient"%> +<%@page import="org.wso2.carbon.ui.CarbonUIMessage"%> <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %> <%@ taglib prefix="carbon" uri="http://wso2.org/projects/carbon/taglibs/carbontags.jar"%> -<%@ page import="org.wso2.carbon.ui.CarbonUIMessage" %> <%@ page import="org.wso2.carbon.ui.CarbonUIUtil" %> +<%@ page import="org.wso2.carbon.ui.util.CharacterEncoder" %> <%@ page import="org.wso2.carbon.utils.ServerConstants" %> <%@page import="java.util.HashMap"%> <%@ page import="java.util.List" %> <%@ page import="java.util.Map" %> -<%@ page import="org.wso2.carbon.identity.application.common.model.xsd.ProvisioningConnectorConfig" %> - + @@ -84,6 +83,7 @@ location.href = 'list-service-provider.jsp'; if (samlIssuerName != null && "delete".equals(action)){ appBean.deleteSAMLIssuer(); + isNeedToUpdate = true; } samlIssuerName = appBean.getSAMLIssuer(); diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/resources/web/application/list-service-providers.jsp b/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/resources/web/application/list-service-providers.jsp index e24a9acd18..d6221949e5 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/resources/web/application/list-service-providers.jsp +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/resources/web/application/list-service-providers.jsp @@ -135,10 +135,10 @@ diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/resources/web/application/load-service-provider.jsp b/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/resources/web/application/load-service-provider.jsp index ecc0c18b57..4e8848bf36 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/resources/web/application/load-service-provider.jsp +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/resources/web/application/load-service-provider.jsp @@ -16,8 +16,7 @@ ~ under the License. --> -<%@page import="org.wso2.carbon.ui.util.CharacterEncoder"%> -<%@ page import="org.apache.axis2.context.ConfigurationContext"%> +<%@page import="org.apache.axis2.context.ConfigurationContext"%> <%@ page import="org.wso2.carbon.CarbonConstants"%> <%@ page import="org.wso2.carbon.identity.application.common.model.xsd.IdentityProvider"%> <%@ page import="org.wso2.carbon.identity.application.common.model.xsd.LocalAuthenticatorConfig"%> @@ -25,8 +24,9 @@ <%@ page import="org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider"%> <%@ page import="org.wso2.carbon.identity.application.mgt.ui.client.ApplicationManagementServiceClient"%> <%@ page import="org.wso2.carbon.ui.CarbonUIMessage"%> +<%@ page import="org.wso2.carbon.ui.CarbonUIUtil"%> <%@ page - import="org.wso2.carbon.ui.CarbonUIUtil"%> + import="org.wso2.carbon.ui.util.CharacterEncoder"%> <%@ page import="org.wso2.carbon.utils.ServerConstants" %> <%@ page import="java.util.ResourceBundle" %> diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/resources/web/application/remove-service-provider.jsp b/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/resources/web/application/remove-service-provider.jsp index a2c717d114..1084a23fe9 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/resources/web/application/remove-service-provider.jsp +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/resources/web/application/remove-service-provider.jsp @@ -16,12 +16,12 @@ ~ under the License. --> -<%@page import="org.wso2.carbon.ui.util.CharacterEncoder"%> -<%@ page import="org.apache.axis2.context.ConfigurationContext"%> +<%@page import="org.apache.axis2.context.ConfigurationContext"%> <%@ page import="org.wso2.carbon.CarbonConstants"%> <%@ page import="org.wso2.carbon.identity.application.mgt.ui.client.ApplicationManagementServiceClient"%> <%@ page import="org.wso2.carbon.ui.CarbonUIMessage"%> <%@ page import="org.wso2.carbon.ui.CarbonUIUtil"%> +<%@ page import="org.wso2.carbon.ui.util.CharacterEncoder"%> <%@ page import="org.wso2.carbon.utils.ServerConstants"%> <%@ page import="java.util.ResourceBundle"%> diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/pom.xml b/components/application-mgt/org.wso2.carbon.identity.application.mgt/pom.xml index e2a922dfb3..ccfcadab5f 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/pom.xml +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/pom.xml @@ -19,7 +19,7 @@ org.wso2.carbon.identity application-mgt - 4.4.2-SNAPSHOT + 4.5.6-SNAPSHOT ../pom.xml org.wso2.carbon.identity.application.mgt @@ -29,6 +29,10 @@ http://wso2.org + + commons-lang.wso2 + commons-lang + org.wso2.carbon org.wso2.carbon.logging @@ -116,7 +120,10 @@ org.osgi.service.component; version="${osgi.service.component.imp.pkg.version.range}", org.apache.rahas.impl; version="${rampart.wso2.osgi.version.range}", + org.apache.commons.lang; version="${commons-lang.wso2.osgi.version.range}", org.apache.commons.logging; version="${commons-logging.osgi.version.range}", + org.apache.commons.collections; version="${commons-collections.wso2.osgi.version.range}", + org.apache.axis2.*; version="${axis2.osgi.version.range}", org.apache.axiom.*; version="${axiom.osgi.version.range}", diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationConstants.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationConstants.java index 6fe7ec1448..6c4ebefa77 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationConstants.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationConstants.java @@ -1,25 +1,29 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.mgt; public class ApplicationConstants { + private ApplicationConstants() { + + } + public static final int LOCAL_IDP_ID = 1; public static final int LOCAL_IDP_AUTHENTICATOR_ID = 1; public static final String LOCAL_IDP = "wso2carbon-local-idp"; diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationInfoProvider.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationInfoProvider.java index 6bca029558..86e76deb60 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationInfoProvider.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationInfoProvider.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.mgt; @@ -62,15 +62,16 @@ public static ApplicationInfoProvider getInstance() { * @throws IdentityApplicationManagementException */ public Map getServiceProviderToLocalIdPClaimMapping(String serviceProviderName, - String tenantDomain) throws IdentityApplicationManagementException { + String tenantDomain) + throws IdentityApplicationManagementException { ApplicationDAO appDAO = ApplicationMgtSystemConfig.getInstance().getApplicationDAO(); Map claimMap = appDAO.getServiceProviderToLocalIdPClaimMapping( serviceProviderName, tenantDomain); if (claimMap == null - || claimMap.size() == 0 - && ApplicationManagementServiceComponent.getFileBasedSPs().containsKey( + || claimMap.isEmpty() + && ApplicationManagementServiceComponent.getFileBasedSPs().containsKey( serviceProviderName)) { return new FileBasedApplicationDAO().getServiceProviderToLocalIdPClaimMapping( serviceProviderName, tenantDomain); @@ -88,15 +89,16 @@ public Map getServiceProviderToLocalIdPClaimMapping(String servi * @throws IdentityApplicationManagementException */ public Map getLocalIdPToServiceProviderClaimMapping(String serviceProviderName, - String tenantDomain) throws IdentityApplicationManagementException { + String tenantDomain) + throws IdentityApplicationManagementException { ApplicationDAO appDAO = ApplicationMgtSystemConfig.getInstance().getApplicationDAO(); Map claimMap = appDAO.getLocalIdPToServiceProviderClaimMapping( serviceProviderName, tenantDomain); if (claimMap == null - || claimMap.size() == 0 - && ApplicationManagementServiceComponent.getFileBasedSPs().containsKey( + || claimMap.isEmpty() + && ApplicationManagementServiceComponent.getFileBasedSPs().containsKey( serviceProviderName)) { return new FileBasedApplicationDAO().getLocalIdPToServiceProviderClaimMapping( serviceProviderName, tenantDomain); @@ -115,15 +117,16 @@ public Map getLocalIdPToServiceProviderClaimMapping(String servi * @throws IdentityApplicationManagementException */ public List getAllRequestedClaimsByServiceProvider(String serviceProviderName, - String tenantDomain) throws IdentityApplicationManagementException { + String tenantDomain) + throws IdentityApplicationManagementException { ApplicationDAO appDAO = ApplicationMgtSystemConfig.getInstance().getApplicationDAO(); List reqClaims = appDAO.getAllRequestedClaimsByServiceProvider(serviceProviderName, - tenantDomain); + tenantDomain); if (reqClaims == null - || reqClaims.size() == 0 - && ApplicationManagementServiceComponent.getFileBasedSPs().containsKey( + || reqClaims.isEmpty() + && ApplicationManagementServiceComponent.getFileBasedSPs().containsKey( serviceProviderName)) { return new FileBasedApplicationDAO().getAllRequestedClaimsByServiceProvider( serviceProviderName, tenantDomain); @@ -149,7 +152,7 @@ public String getServiceProviderNameByClientId(String clientId, String clientTyp if (name == null) { name = new FileBasedApplicationDAO().getServiceProviderNameByClientId(clientId, - clientType, tenantDomain); + clientType, tenantDomain); } if (name == null) { @@ -175,7 +178,7 @@ public ServiceProvider getServiceProvider(String serviceProviderName, String ten ServiceProvider serviceProvider = appDAO.getApplication(serviceProviderName, tenantDomain); if (serviceProvider != null - && ApplicationManagementServiceComponent.getFileBasedSPs().containsKey( + && ApplicationManagementServiceComponent.getFileBasedSPs().containsKey( serviceProviderName)) { serviceProvider = ApplicationManagementServiceComponent.getFileBasedSPs().get( serviceProviderName); @@ -191,8 +194,8 @@ public ServiceProvider getServiceProvider(String serviceProviderName, String ten * @return * @throws IdentityApplicationManagementException */ - public ServiceProvider getServiceProviderByClienId(String clientId, String clientType, - String tenantDomain) throws IdentityApplicationManagementException { + public ServiceProvider getServiceProviderByClienId(String clientId, String clientType, String tenantDomain) + throws IdentityApplicationManagementException { // client id can contain the @ to identify the tenant domain. if (clientId != null && clientId.contains("@")) { @@ -259,8 +262,8 @@ public ServiceProvider getServiceProviderByClienId(String clientId, String clien } if (serviceProvider == null - && serviceProviderName != null - && ApplicationManagementServiceComponent.getFileBasedSPs().containsKey( + && serviceProviderName != null + && ApplicationManagementServiceComponent.getFileBasedSPs().containsKey( serviceProviderName)) { serviceProvider = ApplicationManagementServiceComponent.getFileBasedSPs().get( serviceProviderName); diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementAdminService.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementAdminService.java index 3ad12594ec..824f863276 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementAdminService.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementAdminService.java @@ -1,17 +1,17 @@ /* * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. - * + * * WSO2 Inc. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the + * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ @@ -22,7 +22,11 @@ import org.wso2.carbon.context.CarbonContext; import org.wso2.carbon.core.AbstractAdmin; import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException; -import org.wso2.carbon.identity.application.common.model.*; +import org.wso2.carbon.identity.application.common.model.ApplicationBasicInfo; +import org.wso2.carbon.identity.application.common.model.IdentityProvider; +import org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig; +import org.wso2.carbon.identity.application.common.model.RequestPathAuthenticatorConfig; +import org.wso2.carbon.identity.application.common.model.ServiceProvider; /** * Application management admin service diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementOSGIService.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementOSGIService.java index 77eea51f5f..7510be3380 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementOSGIService.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementOSGIService.java @@ -1,5 +1,5 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + *Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * *WSO2 Inc. licenses this file to you under the Apache License, *Version 2.0 (the "License"); you may not use this file except @@ -28,7 +28,14 @@ import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.core.RegistryResources; import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException; -import org.wso2.carbon.identity.application.common.model.*; +import org.wso2.carbon.identity.application.common.model.ApplicationBasicInfo; +import org.wso2.carbon.identity.application.common.model.ApplicationPermission; +import org.wso2.carbon.identity.application.common.model.IdentityProvider; +import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig; +import org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig; +import org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig; +import org.wso2.carbon.identity.application.common.model.RequestPathAuthenticatorConfig; +import org.wso2.carbon.identity.application.common.model.ServiceProvider; import org.wso2.carbon.identity.application.mgt.cache.IdentityServiceProviderCache; import org.wso2.carbon.identity.application.mgt.cache.IdentityServiceProviderCacheKey; import org.wso2.carbon.identity.application.mgt.dao.ApplicationDAO; @@ -286,9 +293,8 @@ public void deleteApplication(String applicationName) } else if ("wstrust".equalsIgnoreCase(config.getInboundAuthType()) && config.getInboundAuthKey() != null) { try { - /* AxisService stsService = getAxisConfig().getService( - ServerConstants.STS_NAME);*/ - AxisService stsService = ApplicationManagementServiceComponentHolder.getConfigContextService().getServerConfigContext().getAxisConfiguration().getService( + AxisService stsService = ApplicationManagementServiceComponentHolder.getInstance() + .getConfigContextService().getServerConfigContext().getAxisConfiguration().getService( ServerConstants.STS_NAME); Parameter origParam = stsService .getParameter(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG @@ -355,7 +361,7 @@ public IdentityProvider[] getAllIdentityProviders() if (fedIdpList != null) { return fedIdpList.toArray(new IdentityProvider[fedIdpList.size()]); } - return null; + return new IdentityProvider[0]; } catch (Exception e) { log.error("Error occurred while deleting the application", e); throw new IdentityApplicationManagementException( @@ -377,7 +383,7 @@ public LocalAuthenticatorConfig[] getAllLocalAuthenticators() return localAuthenticators.toArray(new LocalAuthenticatorConfig[localAuthenticators .size()]); } - return null; + return new LocalAuthenticatorConfig[0]; } catch (Exception e) { log.error("Error occurred while deleting the application", e); throw new IdentityApplicationManagementException( @@ -400,7 +406,7 @@ public RequestPathAuthenticatorConfig[] getAllRequestPathAuthenticators() return reqPathAuthenticators .toArray(new RequestPathAuthenticatorConfig[reqPathAuthenticators.size()]); } - return null; + return new RequestPathAuthenticatorConfig[0]; } catch (Exception e) { log.error("Error occurred while deleting the application", e); throw new IdentityApplicationManagementException( @@ -432,8 +438,10 @@ public String[] getAllLocalClaimUris() throws IdentityApplicationManagementExcep private void setSTSParameter(SAMLTokenIssuerConfig samlConfig) throws IdentityApplicationManagementException { Registry registry; try { - registry = (Registry) ApplicationManagementServiceComponentHolder.getRegistryService().getConfigSystemRegistry(getTenantId()); - new SecurityServiceAdmin(ApplicationManagementServiceComponentHolder.getConfigContextService().getServerConfigContext().getAxisConfiguration(), registry) + registry = (Registry) ApplicationManagementServiceComponentHolder.getInstance().getRegistryService(). + getConfigSystemRegistry(getTenantId()); + new SecurityServiceAdmin(ApplicationManagementServiceComponentHolder.getInstance() + .getConfigContextService().getServerConfigContext().getAxisConfiguration(), registry) .setServiceParameterElement(ServerConstants.STS_NAME, samlConfig.getParameter()); } catch (Exception ex) { throw new IdentityApplicationManagementException(ex); @@ -449,8 +457,8 @@ private void removeTrustedService(String groupName, String serviceName, String t try { resourcePath = RegistryResources.SERVICE_GROUPS + groupName + RegistryResources.SERVICES + serviceName + "/trustedServices"; - //registry = getConfigSystemRegistry(); - registry = (Registry) ApplicationManagementServiceComponentHolder.getRegistryService().getConfigSystemRegistry(getTenantId()); + registry = (Registry) ApplicationManagementServiceComponentHolder.getInstance().getRegistryService() + .getConfigSystemRegistry(getTenantId()); if (registry != null) { if (registry.resourceExists(resourcePath)) { resource = registry.get(resourcePath); diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementService.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementService.java index c437e67efa..b8d3876167 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementService.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementService.java @@ -1,24 +1,28 @@ /* * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. - * + * * WSO2 Inc. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the + * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ package org.wso2.carbon.identity.application.mgt; import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException; -import org.wso2.carbon.identity.application.common.model.*; +import org.wso2.carbon.identity.application.common.model.ApplicationBasicInfo; +import org.wso2.carbon.identity.application.common.model.IdentityProvider; +import org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig; +import org.wso2.carbon.identity.application.common.model.RequestPathAuthenticatorConfig; +import org.wso2.carbon.identity.application.common.model.ServiceProvider; /** * Application management service abstract class. diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImpl.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImpl.java index 172c29a894..59f8daf852 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImpl.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImpl.java @@ -23,14 +23,23 @@ import org.apache.axis2.description.AxisService; import org.apache.axis2.description.Parameter; import org.apache.axis2.engine.AxisConfiguration; +import org.apache.commons.lang.ArrayUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.rahas.impl.SAMLTokenIssuerConfig; import org.wso2.carbon.context.CarbonContext; import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.wso2.carbon.context.RegistryType; import org.wso2.carbon.core.RegistryResources; import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException; -import org.wso2.carbon.identity.application.common.model.*; +import org.wso2.carbon.identity.application.common.model.ApplicationBasicInfo; +import org.wso2.carbon.identity.application.common.model.ApplicationPermission; +import org.wso2.carbon.identity.application.common.model.IdentityProvider; +import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig; +import org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig; +import org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig; +import org.wso2.carbon.identity.application.common.model.RequestPathAuthenticatorConfig; +import org.wso2.carbon.identity.application.common.model.ServiceProvider; import org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants; import org.wso2.carbon.identity.application.mgt.cache.IdentityServiceProviderCache; import org.wso2.carbon.identity.application.mgt.cache.IdentityServiceProviderCacheKey; @@ -43,6 +52,7 @@ import org.wso2.carbon.identity.application.mgt.listener.ApplicationMgtListener; import org.wso2.carbon.registry.api.RegistryException; import org.wso2.carbon.registry.core.Registry; +import org.wso2.carbon.registry.core.RegistryConstants; import org.wso2.carbon.registry.core.Resource; import org.wso2.carbon.security.SecurityConfigException; import org.wso2.carbon.security.config.SecurityServiceAdmin; @@ -114,12 +124,12 @@ public int createApplication(ServiceProvider serviceProvider) ApplicationMgtUtil.createAppRole(serviceProvider.getApplicationName()); ApplicationDAO appDAO = ApplicationMgtSystemConfig.getInstance().getApplicationDAO(); ApplicationMgtUtil.storePermission(serviceProvider.getApplicationName(), - serviceProvider.getPermissionAndRoleConfig()); + serviceProvider.getPermissionAndRoleConfig()); return appDAO.createApplication(serviceProvider, tenantDomain); } catch (Exception e) { String error = "Error occurred while creating the application, " + - serviceProvider.getApplicationName(); + serviceProvider.getApplicationName(); log.error(error, e); throw new IdentityApplicationManagementException(error, e); @@ -230,23 +240,34 @@ public void updateApplication(ServiceProvider serviceProvider) // check whether use is authorized to update the application. if (!ApplicationConstants.LOCAL_SP.equals(serviceProvider.getApplicationName()) && - !ApplicationMgtUtil.isUserAuthorized(serviceProvider.getApplicationName(), - serviceProvider.getApplicationID())) { + !ApplicationMgtUtil.isUserAuthorized(serviceProvider.getApplicationName(), + serviceProvider.getApplicationID())) { log.warn("Illegal Access! User " + - CarbonContext.getThreadLocalCarbonContext().getUsername() + - " does not have access to the application " + - serviceProvider.getApplicationName()); + CarbonContext.getThreadLocalCarbonContext().getUsername() + + " does not have access to the application " + + serviceProvider.getApplicationName()); throw new IdentityApplicationManagementException("User not authorized"); } ApplicationDAO appDAO = ApplicationMgtSystemConfig.getInstance().getApplicationDAO(); + String storedAppName = appDAO.getApplicationName(serviceProvider.getApplicationID()); appDAO.updateApplication(serviceProvider); ApplicationPermission[] permissions = serviceProvider.getPermissionAndRoleConfig() .getPermissions(); - if (permissions != null && permissions.length > 0) { + String applicationNode = ApplicationMgtUtil.getApplicationPermissionPath() + RegistryConstants + .PATH_SEPARATOR +storedAppName; + org.wso2.carbon.registry.api.Registry tenantGovReg = CarbonContext.getThreadLocalCarbonContext() + .getRegistry(RegistryType.USER_GOVERNANCE); + + boolean exist = tenantGovReg.resourceExists(applicationNode); + if (exist && !storedAppName.equals(serviceProvider.getApplicationName())) { + ApplicationMgtUtil.renameAppPermissionPathNode(storedAppName, serviceProvider.getApplicationName()); + } + + if (ArrayUtils.isNotEmpty(permissions)) { ApplicationMgtUtil.updatePermissions(serviceProvider.getApplicationName(), - permissions); + permissions); } } catch (Exception e) { String error = "Error occurred while updating the application"; @@ -261,6 +282,7 @@ public void updateApplication(ServiceProvider serviceProvider) * @param applicationName Application name * @throws org.wso2.carbon.identity.application.common.IdentityApplicationManagementException */ + @Override public void deleteApplication(String applicationName) throws IdentityApplicationManagementException { try { @@ -274,25 +296,25 @@ public void deleteApplication(String applicationName) if (!ApplicationMgtUtil.isUserAuthorized(applicationName)) { log.warn("Illegal Access! User " + - CarbonContext.getThreadLocalCarbonContext().getUsername() + - " does not have access to the application " + applicationName); + CarbonContext.getThreadLocalCarbonContext().getUsername() + + " does not have access to the application " + applicationName); throw new IdentityApplicationManagementException("User not authorized"); } ApplicationDAO appDAO = ApplicationMgtSystemConfig.getInstance().getApplicationDAO(); ServiceProvider serviceProvider = appDAO.getApplication(applicationName, - CarbonContext.getThreadLocalCarbonContext() - .getTenantDomain()); + CarbonContext.getThreadLocalCarbonContext() + .getTenantDomain()); appDAO.deleteApplication(applicationName); ApplicationMgtUtil.deleteAppRole(applicationName); ApplicationMgtUtil.deletePermissions(applicationName); if (serviceProvider != null && - serviceProvider.getInboundAuthenticationConfig() != null && - serviceProvider.getInboundAuthenticationConfig() - .getInboundAuthenticationRequestConfigs() != null) { + serviceProvider.getInboundAuthenticationConfig() != null && + serviceProvider.getInboundAuthenticationConfig() + .getInboundAuthenticationRequestConfigs() != null) { InboundAuthenticationRequestConfig[] configs = serviceProvider.getInboundAuthenticationConfig() @@ -300,22 +322,22 @@ public void deleteApplication(String applicationName) for (InboundAuthenticationRequestConfig config : configs) { - if (IdentityApplicationConstants.Authenticator.SAML2SSO.NAME.equalsIgnoreCase(config.getInboundAuthType()) && - config.getInboundAuthKey() != null) { + if (IdentityApplicationConstants.Authenticator.SAML2SSO.NAME. + equalsIgnoreCase(config.getInboundAuthType()) && config.getInboundAuthKey() != null) { SAMLApplicationDAO samlDAO = ApplicationMgtSystemConfig.getInstance() .getSAMLClientDAO(); samlDAO.removeServiceProviderConfiguration(config.getInboundAuthKey()); } else if (IdentityApplicationConstants.OAuth2.NAME.equalsIgnoreCase(config.getInboundAuthType()) && - config.getInboundAuthKey() != null) { + config.getInboundAuthKey() != null) { OAuthApplicationDAO oathDAO = ApplicationMgtSystemConfig.getInstance() .getOAuthOIDCClientDAO(); oathDAO.removeOAuthApplication(config.getInboundAuthKey()); - } else if (IdentityApplicationConstants.Authenticator.WSTrust.NAME.equalsIgnoreCase(config.getInboundAuthType()) && - config.getInboundAuthKey() != null) { + } else if (IdentityApplicationConstants.Authenticator.WSTrust.NAME.equalsIgnoreCase( + config.getInboundAuthType()) && config.getInboundAuthKey() != null) { try { AxisService stsService = getAxisConfig().getService(ServerConstants.STS_NAME); @@ -331,12 +353,12 @@ public void deleteApplication(String applicationName) samlConfig.getTrustedServices().remove(config.getInboundAuthKey()); setSTSParameter(samlConfig); removeTrustedService(ServerConstants.STS_NAME, - ServerConstants.STS_NAME, - config.getInboundAuthKey()); + ServerConstants.STS_NAME, + config.getInboundAuthKey()); } else { throw new IdentityApplicationManagementException( "missing parameter : " + - SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG.getLocalPart()); + SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG.getLocalPart()); } } catch (Exception e) { String error = "Error while removing a trusted service"; @@ -361,6 +383,8 @@ public void deleteApplication(String applicationName) * @return Identity provider * @throws org.wso2.carbon.identity.application.common.IdentityApplicationManagementException */ + + @Override public IdentityProvider getIdentityProvider(String federatedIdPName) throws IdentityApplicationManagementException { try { @@ -381,6 +405,8 @@ public IdentityProvider getIdentityProvider(String federatedIdPName) * @return identity providers array * @throws org.wso2.carbon.identity.application.common.IdentityApplicationManagementException */ + + @Override public IdentityProvider[] getAllIdentityProviders() throws IdentityApplicationManagementException { try { @@ -391,7 +417,7 @@ public IdentityProvider[] getAllIdentityProviders() if (fedIdpList != null) { return fedIdpList.toArray(new IdentityProvider[fedIdpList.size()]); } - return null; + return new IdentityProvider[0]; } catch (Exception e) { String error = "Error occurred while retrieving all Identity Providers"; log.error(error, e); @@ -405,6 +431,7 @@ public IdentityProvider[] getAllIdentityProviders() * @return local authenticator config array * @throws org.wso2.carbon.identity.application.common.IdentityApplicationManagementException */ + @Override public LocalAuthenticatorConfig[] getAllLocalAuthenticators() throws IdentityApplicationManagementException { try { @@ -415,7 +442,7 @@ public LocalAuthenticatorConfig[] getAllLocalAuthenticators() if (localAuthenticators != null) { return localAuthenticators.toArray(new LocalAuthenticatorConfig[localAuthenticators.size()]); } - return null; + return new LocalAuthenticatorConfig[0]; } catch (Exception e) { String error = "Error occurred while retrieving all Local Authenticators"; log.error(error, e); @@ -429,6 +456,8 @@ public LocalAuthenticatorConfig[] getAllLocalAuthenticators() * @return request path authenticator config array * @throws org.wso2.carbon.identity.application.common.IdentityApplicationManagementException */ + + @Override public RequestPathAuthenticatorConfig[] getAllRequestPathAuthenticators() throws IdentityApplicationManagementException { try { @@ -440,7 +469,7 @@ public RequestPathAuthenticatorConfig[] getAllRequestPathAuthenticators() if (reqPathAuthenticators != null) { return reqPathAuthenticators.toArray(new RequestPathAuthenticatorConfig[reqPathAuthenticators.size()]); } - return null; + return new RequestPathAuthenticatorConfig[0]; } catch (Exception e) { String error = "Error occurred while retrieving all Request Path Authenticators"; log.error(error, e); @@ -454,6 +483,7 @@ public RequestPathAuthenticatorConfig[] getAllRequestPathAuthenticators() * @return Claim uri array * @throws org.wso2.carbon.identity.application.common.IdentityApplicationManagementException */ + @Override public String[] getAllLocalClaimUris() throws IdentityApplicationManagementException { try { @@ -478,10 +508,12 @@ public String[] getAllLocalClaimUris() throws IdentityApplicationManagementExcep * Get application data for given client Id and type * * @param clientId Client ID - * @param type Type + * @param type Type * @return ServiceProvider * @throws org.wso2.carbon.identity.application.common.IdentityApplicationManagementException */ + + @Override public String getServiceProviderNameByClientId(String clientId, String type) throws IdentityApplicationManagementException { @@ -494,7 +526,7 @@ public String getServiceProviderNameByClientId(String clientId, String type) } catch (Exception e) { String error = "Error occurred while retrieving the service provider for client id : " + - clientId; + clientId; log.error(error, e); throw new IdentityApplicationManagementException(error, e); } @@ -508,9 +540,10 @@ public String getServiceProviderNameByClientId(String clientId, String type) * @throws org.wso2.carbon.registry.api.RegistryException */ private void setSTSParameter(SAMLTokenIssuerConfig samlConfig) throws AxisFault, - RegistryException { - new SecurityServiceAdmin(getAxisConfig(), getConfigSystemRegistry()).setServiceParameterElement(ServerConstants.STS_NAME, - samlConfig.getParameter()); + RegistryException { + new SecurityServiceAdmin(getAxisConfig(), getConfigSystemRegistry()). + setServiceParameterElement(ServerConstants.STS_NAME, + samlConfig.getParameter()); } /** @@ -529,7 +562,7 @@ private void removeTrustedService(String groupName, String serviceName, String t try { resourcePath = RegistryResources.SERVICE_GROUPS + groupName + - RegistryResources.SERVICES + serviceName + "/trustedServices"; + RegistryResources.SERVICES + serviceName + "/trustedServices"; registry = getConfigSystemRegistry(); if (registry != null) { if (registry.resourceExists(resourcePath)) { @@ -553,7 +586,7 @@ private void removeTrustedService(String groupName, String serviceName, String t * @return axis configuration */ private AxisConfiguration getAxisConfig() { - return ApplicationManagementServiceComponentHolder.getConfigContextService() + return ApplicationManagementServiceComponentHolder.getInstance().getConfigContextService() .getServerConfigContext() .getAxisConfiguration(); } @@ -565,7 +598,7 @@ private AxisConfiguration getAxisConfig() { * @throws org.wso2.carbon.registry.api.RegistryException */ private Registry getConfigSystemRegistry() throws RegistryException { - return (Registry) ApplicationManagementServiceComponentHolder.getRegistryService() + return (Registry) ApplicationManagementServiceComponentHolder.getInstance().getRegistryService() .getConfigSystemRegistry(); } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationMgtDBQueries.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationMgtDBQueries.java index a2726f73e2..255614980d 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationMgtDBQueries.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationMgtDBQueries.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.mgt; @@ -26,77 +26,123 @@ public class ApplicationMgtDBQueries { // STORE Queries - public static String STORE_BASIC_APPINFO = "INSERT INTO SP_APP (TENANT_ID, APP_NAME, USER_STORE, USERNAME, DESCRIPTION, AUTH_TYPE) VALUES (?,?,?,?,?,?)"; - public static String UPDATE_BASIC_APPINFO = "UPDATE SP_APP SET APP_NAME=?, DESCRIPTION=?, IS_SAAS_APP=? WHERE TENANT_ID= ? AND ID = ?"; - public static String UPDATE_BASIC_APPINFO_WITH_ROLE_CLAIM = "UPDATE SP_APP SET ROLE_CLAIM=? WHERE TENANT_ID= ? AND ID = ?"; - public static String UPDATE_BASIC_APPINFO_WITH_CLAIM_DIALEECT = "UPDATE SP_APP SET IS_LOCAL_CLAIM_DIALECT=? WHERE TENANT_ID= ? AND ID = ?"; - public static String UPDATE_BASIC_APPINFO_WITH_SEND_LOCAL_SUB_ID = "UPDATE SP_APP SET IS_SEND_LOCAL_SUBJECT_ID=? WHERE TENANT_ID= ? AND ID = ?"; - public static String UPDATE_BASIC_APPINFO_WITH_SEND_AUTH_LIST_OF_IDPS = "UPDATE SP_APP SET IS_SEND_AUTH_LIST_OF_IDPS=? WHERE TENANT_ID= ? AND ID = ?"; - public static String UPDATE_BASIC_APPINFO_WITH_SUBJECT_CLAIM_URI = "UPDATE SP_APP SET SUBJECT_CLAIM_URI=? WHERE TENANT_ID= ? AND ID = ?"; - public static String UPDATE_BASIC_APPINFO_WITH_AUTH_TYPE = "UPDATE SP_APP SET AUTH_TYPE=? WHERE TENANT_ID= ? AND ID = ?"; - public static String UPDATE_BASIC_APPINFO_WITH_PRO_USERSTORE = "UPDATE SP_APP SET PROVISIONING_USERSTORE_DOMAIN=? WHERE TENANT_ID= ? AND ID = ?"; + public static final String STORE_BASIC_APPINFO = "INSERT INTO SP_APP (TENANT_ID, APP_NAME, USER_STORE, USERNAME, " + + "DESCRIPTION, AUTH_TYPE) VALUES (?,?,?,?,?,?)"; + public static final String UPDATE_BASIC_APPINFO = "UPDATE SP_APP SET APP_NAME=?, DESCRIPTION=?, IS_SAAS_APP=? " + + "WHERE TENANT_ID= ? AND ID = ?"; + public static final String UPDATE_BASIC_APPINFO_WITH_ROLE_CLAIM = "UPDATE SP_APP SET ROLE_CLAIM=? WHERE TENANT_ID" + + "= ? AND ID = ?"; + public static final String UPDATE_BASIC_APPINFO_WITH_CLAIM_DIALEECT = "UPDATE SP_APP SET IS_LOCAL_CLAIM_DIALECT=? "+ + "WHERE TENANT_ID= ? AND ID = ?"; + public static final String UPDATE_BASIC_APPINFO_WITH_SEND_LOCAL_SUB_ID = "UPDATE SP_APP SET IS_SEND_LOCAL_SUBJECT_"+ + "ID=? WHERE TENANT_ID= ? AND ID = ?"; + public static final String UPDATE_BASIC_APPINFO_WITH_SEND_AUTH_LIST_OF_IDPS = "UPDATE SP_APP SET IS_SEND_AUTH_" + + "LIST_OF_IDPS=? WHERE TENANT_ID= ? AND ID = ?"; + public static final String UPDATE_BASIC_APPINFO_WITH_SUBJECT_CLAIM_URI = "UPDATE SP_APP SET SUBJECT_CLAIM_URI=? " + + "WHERE TENANT_ID= ? AND ID = ?"; + public static final String UPDATE_BASIC_APPINFO_WITH_AUTH_TYPE = "UPDATE SP_APP SET AUTH_TYPE=? WHERE TENANT_ID= ? "+ + "AND ID = ?"; + public static final String UPDATE_BASIC_APPINFO_WITH_PRO_USERSTORE = "UPDATE SP_APP SET PROVISIONING_USERSTORE_" + + "DOMAIN=? WHERE TENANT_ID= ? AND ID = ?"; + public static final String UPDATE_SP_PERMISSIONS = "UPDATE UM_PERMISSION SET UM_RESOURCE_ID=? WHERE UM_ID=?"; - - public static String STORE_CLIENT_INFO = "INSERT INTO SP_INBOUND_AUTH (TENANT_ID, INBOUND_AUTH_KEY,INBOUND_AUTH_TYPE,PROP_NAME, PROP_VALUE, APP_ID) VALUES (?,?,?,?,?,?)"; - public static String STORE_STEP_INFO = "INSERT INTO SP_AUTH_STEP (TENANT_ID, STEP_ORDER, APP_ID, IS_SUBJECT_STEP, IS_ATTRIBUTE_STEP) VALUES (?,?,?,?,?)"; - public static String STORE_STEP_IDP_AUTH = "INSERT INTO SP_FEDERATED_IDP (ID, TENANT_ID, AUTHENTICATOR_ID) VALUES (?,?,?)"; - public static String STORE_CLAIM_MAPPING = "INSERT INTO SP_CLAIM_MAPPING (TENANT_ID, IDP_CLAIM, SP_CLAIM, APP_ID, IS_REQUESTED,DEFAULT_VALUE) VALUES (?,?,?,?,?,?)"; - public static String STORE_ROLE_MAPPING = "INSERT INTO SP_ROLE_MAPPING (TENANT_ID, IDP_ROLE, SP_ROLE, APP_ID) VALUES (?,?,?,?)"; - public static String STORE_REQ_PATH_AUTHENTICATORS = "INSERT INTO SP_REQ_PATH_AUTHENTICATOR (TENANT_ID, AUTHENTICATOR_NAME, APP_ID) VALUES (?,?,?)"; - public static String STORE_PRO_CONNECTORS = "INSERT INTO SP_PROVISIONING_CONNECTOR (TENANT_ID, IDP_NAME, CONNECTOR_NAME, APP_ID,IS_JIT_ENABLED, BLOCKING) VALUES (?,?,?,?,?,?)"; + public static final String STORE_CLIENT_INFO = "INSERT INTO SP_INBOUND_AUTH (TENANT_ID, INBOUND_AUTH_KEY," + + "INBOUND_AUTH_TYPE,PROP_NAME, PROP_VALUE, APP_ID) VALUES (?,?,?,?,?,?)"; + public static final String STORE_STEP_INFO = "INSERT INTO SP_AUTH_STEP (TENANT_ID, STEP_ORDER, APP_ID, " + + "IS_SUBJECT_STEP, IS_ATTRIBUTE_STEP) VALUES (?,?,?,?,?)"; + public static final String STORE_STEP_IDP_AUTH = "INSERT INTO SP_FEDERATED_IDP (ID, TENANT_ID, AUTHENTICATOR_ID) " + + "VALUES (?,?,?)"; + public static final String STORE_CLAIM_MAPPING = "INSERT INTO SP_CLAIM_MAPPING (TENANT_ID, IDP_CLAIM, SP_CLAIM, " + + "APP_ID, IS_REQUESTED,DEFAULT_VALUE) VALUES (?,?,?,?,?,?)"; + public static final String STORE_ROLE_MAPPING = "INSERT INTO SP_ROLE_MAPPING (TENANT_ID, IDP_ROLE, SP_ROLE, APP_ID)"+ + " VALUES (?,?,?,?)"; + public static final String STORE_REQ_PATH_AUTHENTICATORS = "INSERT INTO SP_REQ_PATH_AUTHENTICATOR (TENANT_ID, " + + "AUTHENTICATOR_NAME, APP_ID) VALUES (?,?,?)"; + public static final String STORE_PRO_CONNECTORS = "INSERT INTO SP_PROVISIONING_CONNECTOR (TENANT_ID, IDP_NAME, " + + "CONNECTOR_NAME, APP_ID,IS_JIT_ENABLED, BLOCKING) VALUES (?,?,?,?,?,?)"; // LOAD Queries - public static String LOAD_APP_ID_BY_APP_NAME = "SELECT ID FROM SP_APP WHERE APP_NAME = ? AND TENANT_ID = ?"; - public static String LOAD_APP_NAMES_BY_TENANT = "SELECT APP_NAME, DESCRIPTION FROM SP_APP WHERE TENANT_ID = ?"; - public static String LOAD_APP_ID_BY_CLIENT_ID_AND_TYPE = "SELECT APP_ID FROM SP_AUTH_STEP WHERE CLIENT_ID = ? AND CLIENT_TYPE= ? AND TENANT_ID = ?"; - public static String LOAD_APPLICATION_NAME_BY_CLIENT_ID_AND_TYPE = "SELECT APP_NAME " + public static final String LOAD_APP_ID_BY_APP_NAME = "SELECT ID FROM SP_APP WHERE APP_NAME = ? AND TENANT_ID = ?"; + public static final String LOAD_APP_NAMES_BY_TENANT = "SELECT APP_NAME, DESCRIPTION FROM SP_APP WHERE TENANT_ID = ?"; + public static final String LOAD_APP_ID_BY_CLIENT_ID_AND_TYPE = "SELECT APP_ID FROM SP_AUTH_STEP WHERE CLIENT_ID = ? " + + "AND CLIENT_TYPE= ? AND TENANT_ID = ?"; + public static final String LOAD_APPLICATION_NAME_BY_CLIENT_ID_AND_TYPE = "SELECT APP_NAME " + "FROM SP_APP INNER JOIN SP_INBOUND_AUTH " + "ON SP_APP.ID = SP_INBOUND_AUTH.APP_ID " - + "WHERE INBOUND_AUTH_KEY = ? AND INBOUND_AUTH_TYPE = ? AND SP_APP.TENANT_ID = ? AND SP_INBOUND_AUTH.TENANT_ID=?"; + + "WHERE INBOUND_AUTH_KEY = ? AND INBOUND_AUTH_TYPE = ? AND SP_APP.TENANT_ID = ? AND SP_INBOUND_AUTH.TENANT_" + + "ID=?"; - public static String LOAD_BASIC_APP_INFO_BY_APP_NAME = "SELECT * FROM SP_APP WHERE APP_NAME = ? AND TENANT_ID = ?"; - public static String LOAD_AUTH_TYPE_BY_APP_ID = "SELECT AUTH_TYPE FROM SP_APP WHERE ID = ? AND TENANT_ID = ?"; - public static String LOAD_APP_NAME_BY_APP_ID = "SELECT APP_NAME FROM SP_APP WHERE ID = ? AND TENANT_ID = ?"; - public static String LOAD_CLIENTS_INFO_BY_APP_ID = "SELECT INBOUND_AUTH_KEY, INBOUND_AUTH_TYPE, PROP_NAME, PROP_VALUE FROM SP_INBOUND_AUTH WHERE APP_ID = ? AND TENANT_ID = ?"; - public static String LOAD_STEPS_INFO_BY_APP_ID = "SELECT STEP_ORDER, AUTHENTICATOR_ID, IS_SUBJECT_STEP, IS_ATTRIBUTE_STEP " + public static final String LOAD_BASIC_APP_INFO_BY_APP_NAME = "SELECT * FROM SP_APP WHERE APP_NAME = ? AND TENANT_ID" + + "= ?"; + public static final String LOAD_AUTH_TYPE_BY_APP_ID = "SELECT AUTH_TYPE FROM SP_APP WHERE ID = ? AND TENANT_ID = ?"; + public static final String LOAD_APP_NAME_BY_APP_ID = "SELECT APP_NAME FROM SP_APP WHERE ID = ? AND TENANT_ID = ?"; + public static final String LOAD_CLIENTS_INFO_BY_APP_ID = "SELECT INBOUND_AUTH_KEY, INBOUND_AUTH_TYPE, PROP_NAME, " + + "PROP_VALUE FROM SP_INBOUND_AUTH WHERE APP_ID = ? AND TENANT_ID = ?"; + public static final String LOAD_STEPS_INFO_BY_APP_ID = "SELECT STEP_ORDER, AUTHENTICATOR_ID, IS_SUBJECT_STEP, " + + "IS_ATTRIBUTE_STEP " + "FROM SP_AUTH_STEP INNER JOIN SP_FEDERATED_IDP " + "ON SP_AUTH_STEP.ID=SP_FEDERATED_IDP.ID " + "WHERE APP_ID = ?"; - public static String LOAD_STEP_ID_BY_APP_ID = "SELECT ID FROM SP_AUTH_STEP WHERE APP_ID = ?"; - public static String LOAD_HUB_IDP_BY_NAME = "SELECT IS_FEDERATION_HUB FROM IDP WHERE NAME = ? AND TENANT_ID = ?"; + public static final String LOAD_STEP_ID_BY_APP_ID = "SELECT ID FROM SP_AUTH_STEP WHERE APP_ID = ?"; + public static final String LOAD_HUB_IDP_BY_NAME = "SELECT IS_FEDERATION_HUB FROM IDP WHERE NAME = ? AND TENANT_ID " + + "= ?"; - public static String LOAD_CLAIM_MAPPING_BY_APP_ID = "SELECT IDP_CLAIM, SP_CLAIM, IS_REQUESTED,DEFAULT_VALUE FROM SP_CLAIM_MAPPING WHERE APP_ID = ? AND TENANT_ID = ?"; - public static String LOAD_CLAIM_MAPPING_BY_APP_NAME = "SELECT IDP_CLAIM, SP_CLAIM, IS_REQUESTED,DEFAULT_VALUE FROM SP_CLAIM_MAPPING WHERE APP_ID = (SELECT ID FROM SP_APP WHERE APP_NAME = ?) AND TENANT_ID = ?"; - public static String LOAD_ROLE_MAPPING_BY_APP_ID = "SELECT IDP_ROLE, SP_ROLE FROM SP_ROLE_MAPPING WHERE APP_ID = ? AND TENANT_ID = ?"; - public static String LOAD_ROLE_CLAIM_BY_APP_ID = "SELECT ROLE_CLAIM FROM SP_APP WHERE TENANT_ID= ? AND ID = ?"; - public static String LOAD_CLAIM_DIALECT_BY_APP_ID = "SELECT IS_LOCAL_CLAIM_DIALECT FROM SP_APP WHERE TENANT_ID= ? AND ID = ?"; - public static String LOAD_SEND_LOCAL_SUB_ID_BY_APP_ID = "SELECT IS_SEND_LOCAL_SUBJECT_ID FROM SP_APP WHERE TENANT_ID= ? AND ID = ?"; - public static String LOAD_SEND_AUTH_LIST_OF_IDPS_BY_APP_ID = "SELECT IS_SEND_AUTH_LIST_OF_IDPS FROM SP_APP WHERE TENANT_ID= ? AND ID = ?"; - public static String LOAD_SUBJECT_CLAIM_URI_BY_APP_ID = "SELECT SUBJECT_CLAIM_URI FROM SP_APP WHERE TENANT_ID= ? AND ID = ?"; - public static String LOAD_REQ_PATH_AUTHENTICATORS_BY_APP_ID = "SELECT AUTHENTICATOR_NAME FROM SP_REQ_PATH_AUTHENTICATOR WHERE APP_ID = ? AND TENANT_ID = ?"; - public static String LOAD_PRO_USERSTORE_BY_APP_ID = "SELECT PROVISIONING_USERSTORE_DOMAIN FROM SP_APP WHERE TENANT_ID= ? AND ID = ?"; - public static String LOAD_PRO_CONNECTORS_BY_APP_ID = "SELECT IDP_NAME, CONNECTOR_NAME, IS_JIT_ENABLED, BLOCKING FROM SP_PROVISIONING_CONNECTOR WHERE APP_ID = ? AND TENANT_ID = ?"; + public static final String LOAD_CLAIM_MAPPING_BY_APP_ID = "SELECT IDP_CLAIM, SP_CLAIM, IS_REQUESTED,DEFAULT_VALUE " + + "FROM SP_CLAIM_MAPPING WHERE APP_ID = ? AND TENANT_ID = ?"; + public static final String LOAD_CLAIM_MAPPING_BY_APP_NAME = "SELECT IDP_CLAIM, SP_CLAIM, IS_REQUESTED,DEFAULT_VALUE " + + "FROM SP_CLAIM_MAPPING WHERE APP_ID = (SELECT ID FROM SP_APP WHERE APP_NAME = ?) AND TENANT_ID = ?"; + public static final String LOAD_ROLE_MAPPING_BY_APP_ID = "SELECT IDP_ROLE, SP_ROLE FROM SP_ROLE_MAPPING WHERE APP_ID"+ + " = ? AND TENANT_ID = ?"; + public static final String LOAD_ROLE_CLAIM_BY_APP_ID = "SELECT ROLE_CLAIM FROM SP_APP WHERE TENANT_ID= ? AND ID = ?"; + public static final String LOAD_CLAIM_DIALECT_BY_APP_ID = "SELECT IS_LOCAL_CLAIM_DIALECT FROM SP_APP WHERE TENANT_ID=" + + " ? AND ID = ?"; + public static final String LOAD_SEND_LOCAL_SUB_ID_BY_APP_ID = "SELECT IS_SEND_LOCAL_SUBJECT_ID FROM SP_APP WHERE " + + "TENANT_ID= ? AND ID = ?"; + public static final String LOAD_SEND_AUTH_LIST_OF_IDPS_BY_APP_ID = "SELECT IS_SEND_AUTH_LIST_OF_IDPS FROM SP_APP " + + "WHERE TENANT_ID= ? AND ID = ?"; + public static final String LOAD_SUBJECT_CLAIM_URI_BY_APP_ID = "SELECT SUBJECT_CLAIM_URI FROM SP_APP WHERE " + + "TENANT_ID= ? AND ID = ?"; + public static final String LOAD_REQ_PATH_AUTHENTICATORS_BY_APP_ID = "SELECT AUTHENTICATOR_NAME FROM " + + "SP_REQ_PATH_AUTHENTICATOR WHERE APP_ID = ? AND TENANT_ID = ?"; + public static final String LOAD_PRO_USERSTORE_BY_APP_ID = "SELECT PROVISIONING_USERSTORE_DOMAIN FROM " + + "SP_APP WHERE TENANT_ID= ? AND ID = ?"; + public static final String LOAD_PRO_CONNECTORS_BY_APP_ID = "SELECT IDP_NAME, CONNECTOR_NAME, IS_JIT_ENABLED, " + + "BLOCKING FROM SP_PROVISIONING_CONNECTOR WHERE APP_ID = ? AND TENANT_ID = ?"; + public static final String LOAD_UM_PERMISSIONS = "SELECT UM_ID, UM_RESOURCE_ID FROM UM_PERMISSION WHERE " + + "UM_RESOURCE_ID LIKE ?"; + public static final String LOAD_UM_PERMISSIONS_W = "SELECT UM_ID FROM UM_PERMISSION WHERE UM_RESOURCE_ID = ?"; // DELETE queries - public static String REMOVE_APP_FROM_APPMGT_APP = "DELETE FROM SP_APP WHERE APP_NAME = ? AND TENANT_ID = ?"; - public static String REMOVE_APP_FROM_APPMGT_APP_WITH_ID = "DELETE FROM SP_APP WHERE ID = ? AND TENANT_ID = ?"; - public static String REMOVE_CLIENT_FROM_APPMGT_CLIENT = "DELETE FROM SP_INBOUND_AUTH WHERE APP_ID = ? AND TENANT_ID = ?"; - public static String REMOVE_STEP_FROM_APPMGT_STEP = "DELETE FROM SP_AUTH_STEP WHERE APP_ID = ? AND TENANT_ID = ?"; - public static String REMOVE_CLAIM_MAPPINGS_FROM_APPMGT_CLAIM_MAPPING = "DELETE FROM SP_CLAIM_MAPPING WHERE APP_ID = ? AND TENANT_ID = ?"; - public static String REMOVE_ROLE_MAPPINGS_FROM_APPMGT_ROLE_MAPPING = "DELETE FROM SP_ROLE_MAPPING WHERE APP_ID = ? AND TENANT_ID = ?"; - public static String REMOVE_REQ_PATH_AUTHENTICATOR = "DELETE FROM SP_REQ_PATH_AUTHENTICATOR WHERE APP_ID = ? AND TENANT_ID = ?"; - public static String REMOVE_PRO_CONNECTORS = "DELETE FROM SP_PROVISIONING_CONNECTOR WHERE APP_ID = ? AND TENANT_ID = ?"; + public static final String REMOVE_APP_FROM_APPMGT_APP = "DELETE FROM SP_APP WHERE APP_NAME = ? AND TENANT_ID = ?"; + public static final String REMOVE_APP_FROM_APPMGT_APP_WITH_ID = "DELETE FROM SP_APP WHERE ID = ? AND TENANT_ID = ?"; + public static final String REMOVE_CLIENT_FROM_APPMGT_CLIENT = "DELETE FROM SP_INBOUND_AUTH WHERE APP_ID = ? " + + "AND TENANT_ID = ?"; + public static final String REMOVE_STEP_FROM_APPMGT_STEP = "DELETE FROM SP_AUTH_STEP WHERE APP_ID = ? AND " + + "TENANT_ID = ?"; + public static final String REMOVE_CLAIM_MAPPINGS_FROM_APPMGT_CLAIM_MAPPING = "DELETE FROM SP_CLAIM_MAPPING " + + "WHERE APP_ID = ? AND TENANT_ID = ?"; + public static final String REMOVE_ROLE_MAPPINGS_FROM_APPMGT_ROLE_MAPPING = "DELETE FROM SP_ROLE_MAPPING " + + "WHERE APP_ID = ? AND TENANT_ID = ?"; + public static final String REMOVE_REQ_PATH_AUTHENTICATOR = "DELETE FROM SP_REQ_PATH_AUTHENTICATOR WHERE " + + "APP_ID = ? AND TENANT_ID = ?"; + public static final String REMOVE_PRO_CONNECTORS = "DELETE FROM SP_PROVISIONING_CONNECTOR WHERE APP_ID = ? AND " + + "TENANT_ID = ?"; + public static final String REMOVE_UM_PERMISSIONS = "DELETE FROM UM_PERMISSION WHERE UM_ID = ?"; + public static final String REMOVE_UM_ROLE_PERMISSION = "DELETE FROM UM_ROLE_PERMISSION WHERE UM_PERMISSION_ID = ?"; // DELETE query - Oauth - public static String REMOVE_OAUTH_APPLICATION = "DELETE FROM IDN_OAUTH_CONSUMER_APPS WHERE CONSUMER_KEY=?"; + public static final String REMOVE_OAUTH_APPLICATION = "DELETE FROM IDN_OAUTH_CONSUMER_APPS WHERE CONSUMER_KEY=?"; - public static String LOAD_IDP_AUTHENTICATOR_ID = "SELECT A.ID FROM IDP_AUTHENTICATOR A JOIN IDP B ON A.IDP_ID = B" + + public static final String LOAD_IDP_AUTHENTICATOR_ID = "SELECT A.ID FROM IDP_AUTHENTICATOR A JOIN IDP B ON A.IDP_ID" + + + "= B" + ".ID WHERE A.NAME =? AND B.NAME=? AND ((A.TENANT_ID =? AND B.TENANT_ID =?) OR (B.TENANT_ID=? AND B" + ".NAME LIKE 'SHARED_%'))"; - public static String LOAD_IDP_AND_AUTHENTICATOR_NAMES = "SELECT A.NAME, B.NAME, " + + public static final String LOAD_IDP_AND_AUTHENTICATOR_NAMES = "SELECT A.NAME, B.NAME, " + "B.DISPLAY_NAME FROM IDP A JOIN IDP_AUTHENTICATOR B ON A.ID = B.IDP_ID WHERE B.ID =? AND ((A.TENANT_ID =?" + " AND B.TENANT_ID =?) OR (A.TENANT_ID=? AND A.NAME LIKE 'SHARED_%' AND B.TENANT_ID=?))"; - public static String STORE_LOCAL_AUTHENTICATOR = "INSERT INTO IDP_AUTHENTICATOR (TENANT_ID, IDP_ID, NAME,IS_ENABLED, DISPLAY_NAME) VALUES (?, (SELECT ID FROM IDP WHERE IDP.NAME=? AND IDP.TENANT_ID =?), ?, ?, ?)"; + public static final String STORE_LOCAL_AUTHENTICATOR = "INSERT INTO IDP_AUTHENTICATOR (TENANT_ID, IDP_ID, NAME," + + "IS_ENABLED, DISPLAY_NAME) VALUES (?, (SELECT ID FROM IDP WHERE IDP.NAME=? AND IDP.TENANT_ID =?), ?, ?, ?)"; } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationMgtOSGIUtil.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationMgtOSGIUtil.java index b2a332cc70..32d1888c48 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationMgtOSGIUtil.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationMgtOSGIUtil.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.mgt; @@ -38,17 +38,21 @@ import org.wso2.carbon.utils.multitenancy.MultitenantUtils; import java.util.ArrayList; +import java.util.Collections; import java.util.List; public class ApplicationMgtOSGIUtil { public static final String APPLICATION_ROOT_PERMISSION = "applications"; public static final String PATH_CONSTANT = RegistryConstants.PATH_SEPARATOR; - private static final ArrayList paths = new ArrayList(); + private static final List paths = new ArrayList(); private static String applicationNode; private static Log log = LogFactory.getLog(ApplicationMgtOSGIUtil.class); + private ApplicationMgtOSGIUtil() { + } + public static org.wso2.carbon.user.api.Permission[] buildPermissions(String applicationName, String[] permissions) { @@ -91,7 +95,8 @@ public static boolean isUserAuthorized(String applicationName) throws IdentityAp try { int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); - String[] userRoles = ApplicationManagementServiceComponentHolder.getRealmService().getTenantUserRealm(tenantId) + String[] userRoles = ApplicationManagementServiceComponentHolder.getInstance() + .getRealmService().getTenantUserRealm(tenantId) .getUserStoreManager().getRoleListOfUser(user); for (String userRole : userRoles) { if (applicationRoleName.equals(userRole)) { @@ -136,7 +141,8 @@ public static void createAppRole(String applicationName) throws IdentityApplicat try { // create a role for the application and assign the user to that role. int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); - ApplicationManagementServiceComponentHolder.getRealmService().getTenantUserRealm(tenantId).getUserStoreManager() + ApplicationManagementServiceComponentHolder.getInstance().getRealmService().getTenantUserRealm(tenantId). + getUserStoreManager() .addRole(roleName, user, null); } catch (UserStoreException e) { throw new IdentityApplicationManagementException("Error while creating application", e); @@ -155,8 +161,8 @@ public static void deleteAppRole(String applicationName) throws IdentityApplicat try { int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); - ApplicationManagementServiceComponentHolder.getRealmService().getTenantUserRealm(tenantId).getUserStoreManager() - .deleteRole(roleName); + ApplicationManagementServiceComponentHolder.getInstance().getRealmService().getTenantUserRealm(tenantId) + .getUserStoreManager().deleteRole(roleName); } catch (UserStoreException e) { throw new IdentityApplicationManagementException("Error while creating application", e); @@ -172,7 +178,7 @@ public static void renameRole(String oldName, String newName) throws UserStoreException { int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); - ApplicationManagementServiceComponentHolder.getRealmService().getTenantUserRealm(tenantId) + ApplicationManagementServiceComponentHolder.getInstance().getRealmService().getTenantUserRealm(tenantId) .getUserStoreManager().updateRoleName(UserCoreUtil.addInternalDomainName(oldName), UserCoreUtil.addInternalDomainName(newName)); @@ -189,7 +195,8 @@ public static void storePermission(String applicationName, PermissionsAndRoleCon try { String userName = CarbonContext.getThreadLocalCarbonContext().getUsername(); int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); - Registry tenantGovReg = ApplicationManagementServiceComponentHolder.getRegistryService().getGovernanceUserRegistry(userName, tenantId); + Registry tenantGovReg = ApplicationManagementServiceComponentHolder.getInstance(). + getRegistryService().getGovernanceUserRegistry(userName, tenantId); if (tenantGovReg == null) { throw new IdentityApplicationManagementException(" Registry can't be null "); } @@ -242,7 +249,8 @@ public static void updatePermissions(String applicationName, ApplicationPermissi try { String userName = CarbonContext.getThreadLocalCarbonContext().getUsername(); int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); - Registry tenantGovReg = ApplicationManagementServiceComponentHolder.getRegistryService().getGovernanceUserRegistry(userName, tenantId); + Registry tenantGovReg = ApplicationManagementServiceComponentHolder.getInstance(). + getRegistryService().getGovernanceUserRegistry(userName, tenantId); if (tenantGovReg == null) { throw new IdentityApplicationManagementException(" Registry can't be null "); } @@ -286,10 +294,12 @@ public static void updatePermissions(String applicationName, ApplicationPermissi } - private static void addPermission(ApplicationPermission[] permissions, Registry tenantGovReg) throws RegistryException { + private static void addPermission(ApplicationPermission[] permissions, Registry tenantGovReg) throws + RegistryException { for (ApplicationPermission permission : permissions) { String permissionValue = permission.getValue(); - if (permissionValue.substring(0, 1).equals("/")) { //if permissions are starts with slash remove that + + if (permissionValue.startsWith("/")) { //if permissions are starting with slash, remove that permissionValue = permissionValue.substring(1); } String[] splitedPermission = permissionValue.split("/"); @@ -319,18 +329,18 @@ public static List loadPermissions(String applicationName try { String userName = CarbonContext.getThreadLocalCarbonContext().getUsername(); int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); - Registry tenantGovReg = ApplicationManagementServiceComponentHolder.getRegistryService().getGovernanceUserRegistry(userName, tenantId); + Registry tenantGovReg = ApplicationManagementServiceComponentHolder.getInstance(). + getRegistryService().getGovernanceUserRegistry(userName, tenantId); if (tenantGovReg == null) { throw new IdentityApplicationManagementException(" Registry can't be null "); } boolean exist = tenantGovReg.resourceExists(applicationNode); if (!exist) { - return null; + return Collections.emptyList(); } paths.clear(); //clear current paths - Collection appCollection = (Collection) tenantGovReg.get(applicationNode); List permissions = new ArrayList(); @@ -381,7 +391,8 @@ public static void deletePermissions(String applicationName) throws IdentityAppl try { String userName = CarbonContext.getThreadLocalCarbonContext().getUsername(); int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); - Registry tenantGovReg = ApplicationManagementServiceComponentHolder.getRegistryService().getGovernanceUserRegistry(userName, tenantId); + Registry tenantGovReg = ApplicationManagementServiceComponentHolder.getInstance() + .getRegistryService().getGovernanceUserRegistry(userName, tenantId); if (tenantGovReg == null) { throw new IdentityApplicationManagementException(" Registry can't be null "); } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationMgtSystemConfig.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationMgtSystemConfig.java index 86f1ef20a0..e0003c5c61 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationMgtSystemConfig.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationMgtSystemConfig.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.mgt; diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationMgtUtil.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationMgtUtil.java index e788828956..b1304d6d72 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationMgtUtil.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationMgtUtil.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.mgt; @@ -38,20 +38,24 @@ import org.wso2.carbon.user.core.UserRealm; import org.wso2.carbon.user.core.util.UserCoreUtil; import org.wso2.carbon.user.mgt.UserMgtConstants; -import org.wso2.carbon.utils.multitenancy.MultitenantUtils; import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; import java.util.List; public class ApplicationMgtUtil { public static final String APPLICATION_ROOT_PERMISSION = "applications"; public static final String PATH_CONSTANT = RegistryConstants.PATH_SEPARATOR; - private static final ArrayList paths = new ArrayList(); + private static final List paths = new ArrayList(); private static String applicationNode; private static Log log = LogFactory.getLog(ApplicationMgtUtil.class); + private ApplicationMgtUtil() { + } + public static org.wso2.carbon.user.api.Permission[] buildPermissions(String applicationName, String[] permissions) { @@ -92,6 +96,11 @@ public static boolean isUserAuthorized(String applicationName) throws IdentityAp String applicationRoleName = UserCoreUtil.addInternalDomainName(applicationName); try { + if (log.isDebugEnabled()) { + log.debug("Checking whether user has role : " + applicationRoleName + " by retrieving role list of " + + "user " + + ": " + user); + } String[] userRoles = CarbonContext.getThreadLocalCarbonContext().getUserRealm() .getUserStoreManager().getRoleListOfUser(user); for (String userRole : userRoles) { @@ -132,10 +141,13 @@ public static String[] getAuthorizedApps(String[] tenantApplicationNames) public static void createAppRole(String applicationName) throws IdentityApplicationManagementException { String roleName = UserCoreUtil.addInternalDomainName(applicationName); String qualifiedUsername = CarbonContext.getThreadLocalCarbonContext().getUsername(); - String[] user = {MultitenantUtils.getTenantAwareUsername(qualifiedUsername)}; + String[] user = {qualifiedUsername}; try { // create a role for the application and assign the user to that role. + if (log.isDebugEnabled()) { + log.debug("Creating application role : " + roleName + " and assign the user : " + Arrays.toString(user) + " to that role"); + } CarbonContext.getThreadLocalCarbonContext().getUserRealm().getUserStoreManager() .addRole(roleName, user, null); } catch (UserStoreException e) { @@ -154,6 +166,9 @@ public static void deleteAppRole(String applicationName) throws IdentityApplicat String roleName = UserCoreUtil.addInternalDomainName(applicationName); try { + if (log.isDebugEnabled()) { + log.debug("Deleting application role : " + roleName); + } CarbonContext.getThreadLocalCarbonContext().getUserRealm().getUserStoreManager() .deleteRole(roleName); } catch (UserStoreException e) { @@ -168,6 +183,10 @@ public static void deleteAppRole(String applicationName) throws IdentityApplicat */ public static void renameRole(String oldName, String newName) throws UserStoreException { + if (log.isDebugEnabled()) { + log.debug("Renaming application role : " + UserCoreUtil.addInternalDomainName(oldName) + + " to new role : " + UserCoreUtil.addInternalDomainName(newName)); + } CarbonContext .getThreadLocalCarbonContext() .getUserRealm() @@ -177,6 +196,38 @@ public static void renameRole(String oldName, String newName) throws UserStoreEx } + /** + * Rename the registry path node name for a deleted Service provider role. + * + * @param oldName + * @param newName + * @throws IdentityApplicationManagementException + */ + public static void renameAppPermissionPathNode(String oldName, String newName) + throws IdentityApplicationManagementException { + + List loadPermissions = loadPermissions(oldName); + String newApplicationNode = ApplicationMgtUtil.getApplicationPermissionPath() + PATH_CONSTANT + oldName; + Registry tenantGovReg = CarbonContext.getThreadLocalCarbonContext().getRegistry( + RegistryType.USER_GOVERNANCE); + //creating new application node + try { + for (ApplicationPermission applicationPermission : loadPermissions) { + tenantGovReg.delete(newApplicationNode + PATH_CONSTANT + applicationPermission.getValue()); + } + tenantGovReg.delete(newApplicationNode); + Collection permissionNode = tenantGovReg.newCollection(); + permissionNode.setProperty("name", newName); + newApplicationNode = ApplicationMgtUtil.getApplicationPermissionPath() + PATH_CONSTANT + newName; + ApplicationMgtUtil.applicationNode = newApplicationNode; + tenantGovReg.put(newApplicationNode, permissionNode); + addPermission(loadPermissions.toArray(new ApplicationPermission[loadPermissions.size()]), tenantGovReg); + } catch (RegistryException e) { + throw new IdentityApplicationManagementException("Error while renaming permission node " + + oldName + "to " + newName, e); + } + } + /** * @param applicationName * @param permissionsConfig @@ -272,7 +323,7 @@ public static void updatePermissions(String applicationName, ApplicationPermissi tenantGovReg.delete(applicationNode); } - if (permissions == null) { + if (permissions == null || permissions.length == 0) { return; } @@ -295,10 +346,12 @@ public static void updatePermissions(String applicationName, ApplicationPermissi } - private static void addPermission(ApplicationPermission[] permissions, Registry tenantGovReg) throws RegistryException { + private static void addPermission(ApplicationPermission[] permissions, Registry tenantGovReg) throws + RegistryException { for (ApplicationPermission permission : permissions) { String permissionValue = permission.getValue(); - if (permissionValue.substring(0, 1).equals("/")) { //if permissions are starts with slash remove that + + if ("/".equals(permissionValue.substring(0, 1))) { //if permissions are starts with slash remove that permissionValue = permissionValue.substring(1); } String[] splitedPermission = permissionValue.split("/"); @@ -331,11 +384,10 @@ public static List loadPermissions(String applicationName boolean exist = tenantGovReg.resourceExists(applicationNode); if (!exist) { - return null; + return Collections.emptyList(); } paths.clear(); //clear current paths - Collection appCollection = (Collection) tenantGovReg.get(applicationNode); List permissions = new ArrayList(); diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/cache/IdentityServiceProviderCache.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/cache/IdentityServiceProviderCache.java index b767247aaa..fe5f18024a 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/cache/IdentityServiceProviderCache.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/cache/IdentityServiceProviderCache.java @@ -1,3 +1,22 @@ +/* + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + package org.wso2.carbon.identity.application.mgt.cache; import org.wso2.carbon.identity.application.common.cache.BaseCache; diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/cache/IdentityServiceProviderCacheEntry.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/cache/IdentityServiceProviderCacheEntry.java index 0e4f73c76e..653adaf022 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/cache/IdentityServiceProviderCacheEntry.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/cache/IdentityServiceProviderCacheEntry.java @@ -1,3 +1,21 @@ +/* + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + package org.wso2.carbon.identity.application.mgt.cache; import org.wso2.carbon.identity.application.common.cache.CacheEntry; @@ -5,6 +23,7 @@ public class IdentityServiceProviderCacheEntry extends CacheEntry { + /** * */ diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/cache/IdentityServiceProviderCacheKey.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/cache/IdentityServiceProviderCacheKey.java index 3cb0ba5346..3172340dde 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/cache/IdentityServiceProviderCacheKey.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/cache/IdentityServiceProviderCacheKey.java @@ -1,3 +1,21 @@ +/* + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + package org.wso2.carbon.identity.application.mgt.cache; import org.wso2.carbon.identity.application.common.cache.CacheKey; @@ -29,9 +47,15 @@ public String getServiceProviderKey() { @Override public boolean equals(Object o) { - if (this == o) return true; - if (o == null || getClass() != o.getClass()) return false; - if (!super.equals(o)) return false; + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + if (!super.equals(o)) { + return false; + } IdentityServiceProviderCacheKey that = (IdentityServiceProviderCacheKey) o; diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/ApplicationDAO.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/ApplicationDAO.java index 57c2290839..18c433ff11 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/ApplicationDAO.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/ApplicationDAO.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.mgt.dao; diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/IdentityProviderDAO.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/IdentityProviderDAO.java index b63bc9a1ec..e50c8a34f9 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/IdentityProviderDAO.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/IdentityProviderDAO.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.mgt.dao; diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/OAuthApplicationDAO.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/OAuthApplicationDAO.java index 1650d3c4a9..6f583a0961 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/OAuthApplicationDAO.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/OAuthApplicationDAO.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.mgt.dao; diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/SAMLApplicationDAO.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/SAMLApplicationDAO.java index e78f27cee6..93fef40916 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/SAMLApplicationDAO.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/SAMLApplicationDAO.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.mgt.dao; diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/ApplicationDAOImpl.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/ApplicationDAOImpl.java index 51cbff260f..70ba103373 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/ApplicationDAOImpl.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/ApplicationDAOImpl.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.mgt.dao.impl; @@ -23,9 +23,29 @@ import org.wso2.carbon.CarbonConstants; import org.wso2.carbon.context.CarbonContext; import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException; -import org.wso2.carbon.identity.application.common.model.*; -import org.wso2.carbon.identity.base.IdentityException; -import org.wso2.carbon.identity.core.persistence.JDBCPersistenceManager; +import org.wso2.carbon.identity.application.common.model.ApplicationBasicInfo; +import org.wso2.carbon.identity.application.common.model.ApplicationPermission; +import org.wso2.carbon.identity.application.common.model.AuthenticationStep; +import org.wso2.carbon.identity.application.common.model.Claim; +import org.wso2.carbon.identity.application.common.model.ClaimConfig; +import org.wso2.carbon.identity.application.common.model.ClaimMapping; +import org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig; +import org.wso2.carbon.identity.application.common.model.IdentityProvider; +import org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig; +import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig; +import org.wso2.carbon.identity.application.common.model.InboundProvisioningConfig; +import org.wso2.carbon.identity.application.common.model.JustInTimeProvisioningConfig; +import org.wso2.carbon.identity.application.common.model.LocalAndOutboundAuthenticationConfig; +import org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig; +import org.wso2.carbon.identity.application.common.model.LocalRole; +import org.wso2.carbon.identity.application.common.model.OutboundProvisioningConfig; +import org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig; +import org.wso2.carbon.identity.application.common.model.Property; +import org.wso2.carbon.identity.application.common.model.ProvisioningConnectorConfig; +import org.wso2.carbon.identity.application.common.model.RequestPathAuthenticatorConfig; +import org.wso2.carbon.identity.application.common.model.RoleMapping; +import org.wso2.carbon.identity.application.common.model.ServiceProvider; +import org.wso2.carbon.identity.application.common.model.User; import org.wso2.carbon.identity.application.common.util.CharacterEncoder; import org.wso2.carbon.identity.application.common.util.IdentityApplicationManagementUtil; import org.wso2.carbon.identity.application.mgt.ApplicationConstants; @@ -36,6 +56,8 @@ import org.wso2.carbon.identity.application.mgt.dao.IdentityProviderDAO; import org.wso2.carbon.identity.application.mgt.internal.ApplicationManagementServiceComponent; import org.wso2.carbon.identity.application.mgt.internal.ApplicationManagementServiceComponentHolder; +import org.wso2.carbon.identity.base.IdentityException; +import org.wso2.carbon.identity.core.persistence.JDBCPersistenceManager; import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.core.util.UserCoreUtil; import org.wso2.carbon.utils.DBUtils; @@ -45,7 +67,13 @@ import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; -import java.util.*; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Comparator; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; import java.util.Map.Entry; /** @@ -72,6 +100,7 @@ public class ApplicationDAOImpl implements ApplicationDAO { * @param serviceProvider * @throws IdentityApplicationManagementException */ + @Override public int createApplication(ServiceProvider serviceProvider, String tenantDomain) throws IdentityApplicationManagementException { @@ -80,7 +109,7 @@ public int createApplication(ServiceProvider serviceProvider, String tenantDomai if (tenantDomain != null) { try { - tenantID = ApplicationManagementServiceComponentHolder.getRealmService() + tenantID = ApplicationManagementServiceComponentHolder.getInstance().getRealmService() .getTenantManager().getTenantId(tenantDomain); } catch (UserStoreException e1) { throw new IdentityApplicationManagementException("Error while reading application"); @@ -176,6 +205,8 @@ public int createApplication(ServiceProvider serviceProvider, String tenantDomai /** * */ + + @Override public void updateApplication(ServiceProvider serviceProvider) throws IdentityApplicationManagementException { @@ -226,6 +257,8 @@ public void updateApplication(ServiceProvider serviceProvider) deletePermissionAndRoleConfiguration(applicationId, connection); updatePermissionAndRoleConfiguration(serviceProvider.getApplicationID(), serviceProvider.getPermissionAndRoleConfig(), connection); + deleteAssignedPermissions(connection, serviceProvider.getApplicationName(), + serviceProvider.getPermissionAndRoleConfig().getPermissions()); if (!connection.getAutoCommit()) { connection.commit(); @@ -255,6 +288,7 @@ public void updateApplication(ServiceProvider serviceProvider) * @throws UserStoreException * @throws IdentityApplicationManagementException */ + private void updateBasicApplicationData(int applicationId, String applicationName, String description, boolean isSaasApp, Connection connection) throws SQLException, UserStoreException, IdentityApplicationManagementException { @@ -279,13 +313,40 @@ private void updateBasicApplicationData(int applicationId, String applicationNam } // only if the application has been renamed - if (!applicationName.equalsIgnoreCase(storedAppName)) { + if (!applicationName.equals(storedAppName)) { // rename the role ApplicationMgtUtil.renameRole(storedAppName, applicationName); if (debugMode) { log.debug("Renaming application role from " + storedAppName + " to " + applicationName); } + PreparedStatement readPermissions = null; + ResultSet resultSet = null; + try { + readPermissions = connection.prepareStatement(ApplicationMgtDBQueries.LOAD_UM_PERMISSIONS); + readPermissions.setString(1, "%" + ApplicationMgtUtil.getApplicationPermissionPath() + "%"); + resultSet = readPermissions.executeQuery(); + while (resultSet.next()) { + String UM_ID = resultSet.getString(1); + String permission = resultSet.getString(2); + if (permission.contains(ApplicationMgtUtil.getApplicationPermissionPath() + + ApplicationMgtUtil.PATH_CONSTANT + storedAppName.toLowerCase())) { + permission = permission.replace(storedAppName.toLowerCase(), applicationName.toLowerCase()); + PreparedStatement updatePermission = null; + try { + updatePermission = connection.prepareStatement(ApplicationMgtDBQueries.UPDATE_SP_PERMISSIONS); + updatePermission.setString(1, permission); + updatePermission.setString(2, UM_ID); + updatePermission.executeUpdate(); + } finally { + IdentityApplicationManagementUtil.closeStatement(updatePermission); + } + } + } + } finally { + IdentityApplicationManagementUtil.closeResultSet(resultSet); + IdentityApplicationManagementUtil.closeStatement(readPermissions); + } } // update the application data @@ -908,7 +969,7 @@ private void updateClaimConfiguration(int applicationId, ClaimConfig claimConfig List claimMappings = Arrays.asList(claimConfiguration.getClaimMappings()); - if (claimConfiguration == null || claimMappings.size() < 1) { + if (claimConfiguration == null || claimMappings.isEmpty()) { log.debug("No claim mapping found, Skipping .."); return; } @@ -1003,6 +1064,8 @@ private void updatePermissionAndRoleConfiguration(int applicationID, /** * */ + + @Override public ServiceProvider getApplication(String applicationName, String tenantDomain) throws IdentityApplicationManagementException { @@ -1010,10 +1073,11 @@ public ServiceProvider getApplication(String applicationName, String tenantDomai int tenantID = MultitenantConstants.SUPER_TENANT_ID; if (tenantDomain != null) { try { - tenantID = ApplicationManagementServiceComponentHolder.getRealmService() + tenantID = ApplicationManagementServiceComponentHolder.getInstance().getRealmService() .getTenantManager().getTenantId(tenantDomain); } catch (UserStoreException e1) { - throw new IdentityApplicationManagementException("Error while reading application"); + log.error("Error in reading application", e1); + throw new IdentityApplicationManagementException("Error while reading application", e1); } } @@ -1114,15 +1178,15 @@ private ServiceProvider getBasicApplicationData(String applicationName, Connecti String tenantDomain; try { - tenantDomain = ApplicationManagementServiceComponentHolder.getRealmService() - .getTenantManager() - .getDomain( - basicAppDataResultSet.getInt(2)); + tenantDomain = ApplicationManagementServiceComponentHolder.getInstance().getRealmService() + .getTenantManager() + .getDomain( + basicAppDataResultSet.getInt(2)); } catch (UserStoreException e) { log.error("Error while reading tenantDomain", e); throw new IdentityApplicationManagementException("Error while reading tenant " + - "domain for application " + - applicationName); + "domain for application " + + applicationName); } User owner = new User(); @@ -1217,10 +1281,11 @@ public ServiceProvider getApplicationData(String clientId, String type, String t int tenantID = -123; try { - tenantID = ApplicationManagementServiceComponentHolder.getRealmService() + tenantID = ApplicationManagementServiceComponentHolder.getInstance().getRealmService() .getTenantManager().getTenantId(tenantDomain); } catch (UserStoreException e1) { - throw new IdentityApplicationManagementException("Error while reading application"); + log.error("Error while reading application", e1); + throw new IdentityApplicationManagementException("Error while reading application", e1); } String applicationName = null; @@ -1259,6 +1324,7 @@ public ServiceProvider getApplicationData(String clientId, String type, String t * @return * @throws IdentityApplicationManagementException */ + @Override public String getApplicationName(int applicationID) throws IdentityApplicationManagementException { Connection connection = null; @@ -1348,7 +1414,8 @@ private int getApplicationIDByName(String applicationName, int tenantID, Connect } catch (SQLException e) { IdentityApplicationManagementUtil.closeConnection(connection); - throw new IdentityApplicationManagementException("Error while storing application"); + log.error("Error in storing the application", e); + throw new IdentityApplicationManagementException("Error while storing application", e); } finally { IdentityApplicationManagementUtil.closeResultSet(appidResult); IdentityApplicationManagementUtil.closeStatement(getAppIDPrepStmt); @@ -1388,16 +1455,18 @@ private InboundAuthenticationConfig getInboundAuthenticationConfig(int applicati InboundAuthenticationRequestConfig inbountAuthRequest = null; String authKey = resultSet.getString(1); + String authType = resultSet.getString(2); + String mapKey = authType + ":" + authKey; - if (!authRequestMap.containsKey(authKey)) { + if (!authRequestMap.containsKey(mapKey)) { inbountAuthRequest = new InboundAuthenticationRequestConfig(); inbountAuthRequest.setInboundAuthKey(authKey); - inbountAuthRequest.setInboundAuthType(resultSet.getString(2)); + inbountAuthRequest.setInboundAuthType(authType); inbountAuthRequest.setProperties(new Property[0]); - authRequestMap.put(authKey, inbountAuthRequest); + authRequestMap.put(mapKey, inbountAuthRequest); } - inbountAuthRequest = authRequestMap.get(authKey); + inbountAuthRequest = authRequestMap.get(mapKey); String propName = resultSet.getString(3); @@ -2236,6 +2305,76 @@ public void deletePermissionAndRoleConfiguration(int applicationID, Connection c } } + /** + * Delete assigned role permission mappings for deleted permissions + * + * @param connection + * @param applicationName + * @param permissions + * @throws IdentityApplicationManagementException + * @throws SQLException + */ + public void deleteAssignedPermissions(Connection connection, String applicationName, ApplicationPermission[] permissions) + throws IdentityApplicationManagementException, SQLException { + List loadPermissions = ApplicationMgtUtil.loadPermissions(applicationName); + List removedPermissions = null; + if (loadPermissions != null && loadPermissions.size() > 0) { + if (permissions == null || permissions.length == 0) { + removedPermissions = new ArrayList(loadPermissions); + } else { + removedPermissions = new ArrayList(); + for (ApplicationPermission storedPermission : loadPermissions) { + boolean isStored = false; + for (ApplicationPermission applicationPermission : permissions) { + if (applicationPermission.getValue().equals(storedPermission.getValue())) { + isStored = true; + break; + } + } + if (!isStored) { + removedPermissions.add(storedPermission); + } + } + } + } + if (removedPermissions != null && removedPermissions.size() > 0) { + //delete permissions + for (ApplicationPermission applicationPermission : removedPermissions) { + String permissionValue = ApplicationMgtUtil.PATH_CONSTANT + + ApplicationMgtUtil.getApplicationPermissionPath() + + ApplicationMgtUtil.PATH_CONSTANT + + applicationName + ApplicationMgtUtil.PATH_CONSTANT + + applicationPermission.getValue(); + PreparedStatement selectQuery = null; + ResultSet resultSet = null; + try { + selectQuery = connection.prepareStatement(ApplicationMgtDBQueries.LOAD_UM_PERMISSIONS_W); + selectQuery.setString(1, permissionValue.toLowerCase()); + resultSet = selectQuery.executeQuery(); + if (resultSet.next()) { + int UM_ID = resultSet.getInt(1); + PreparedStatement deleteRolePermission = null; + PreparedStatement deletePermission = null; + try { + deleteRolePermission = connection.prepareStatement(ApplicationMgtDBQueries.REMOVE_UM_ROLE_PERMISSION); + deleteRolePermission.setInt(1, UM_ID); + deleteRolePermission.executeUpdate(); + deletePermission = connection.prepareStatement(ApplicationMgtDBQueries.REMOVE_UM_PERMISSIONS); + deletePermission.setInt(1, UM_ID); + deletePermission.executeUpdate(); + } finally { + IdentityApplicationManagementUtil.closeStatement(deleteRolePermission); + IdentityApplicationManagementUtil.closeStatement(deletePermission); + } + } + } finally { + IdentityApplicationManagementUtil.closeResultSet(resultSet); + IdentityApplicationManagementUtil.closeStatement(selectQuery); + } + } + } + } + /* * (non-Javadoc) * @@ -2249,7 +2388,7 @@ public String getServiceProviderNameByClientId(String clientId, String clientTyp if (tenantDomain != null) { try { - tenantID = ApplicationManagementServiceComponentHolder.getRealmService() + tenantID = ApplicationManagementServiceComponentHolder.getInstance().getRealmService() .getTenantManager().getTenantId(tenantDomain); } catch (UserStoreException e1) { throw new IdentityApplicationManagementException("Error while reading application"); @@ -2301,7 +2440,7 @@ private Map getClaimMapping(String serviceProviderName, String t if (tenantDomain != null) { try { - tenantID = ApplicationManagementServiceComponentHolder.getRealmService() + tenantID = ApplicationManagementServiceComponentHolder.getInstance().getRealmService() .getTenantManager().getTenantId(tenantDomain); } catch (UserStoreException e1) { throw new IdentityApplicationManagementException("Error while reading application"); @@ -2374,7 +2513,7 @@ public List getAllRequestedClaimsByServiceProvider(String serviceProvide if (tenantDomain != null) { try { - tenantID = ApplicationManagementServiceComponentHolder.getRealmService() + tenantID = ApplicationManagementServiceComponentHolder.getInstance().getRealmService() .getTenantManager().getTenantId(tenantDomain); } catch (UserStoreException e1) { throw new IdentityApplicationManagementException("Error while reading application"); diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/FileBasedApplicationDAO.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/FileBasedApplicationDAO.java index 8b184302e8..4cd3107df5 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/FileBasedApplicationDAO.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/FileBasedApplicationDAO.java @@ -1,3 +1,22 @@ +/* + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + package org.wso2.carbon.identity.application.mgt.dao.impl; import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException; @@ -8,7 +27,11 @@ import org.wso2.carbon.identity.application.mgt.dao.ApplicationDAO; import org.wso2.carbon.identity.application.mgt.internal.ApplicationManagementServiceComponent; -import java.util.*; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; import java.util.Map.Entry; public class FileBasedApplicationDAO implements ApplicationDAO { diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/IdentityProviderDAOImpl.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/IdentityProviderDAOImpl.java index 60d5303cd9..53d4f650a2 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/IdentityProviderDAOImpl.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/IdentityProviderDAOImpl.java @@ -1,27 +1,32 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.mgt.dao.impl; +import org.apache.commons.collections.CollectionUtils; import org.wso2.carbon.context.CarbonContext; import org.wso2.carbon.identity.application.common.ApplicationAuthenticatorService; import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException; -import org.wso2.carbon.identity.application.common.model.*; +import org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig; +import org.wso2.carbon.identity.application.common.model.IdentityProvider; +import org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig; +import org.wso2.carbon.identity.application.common.model.ProvisioningConnectorConfig; +import org.wso2.carbon.identity.application.common.model.RequestPathAuthenticatorConfig; import org.wso2.carbon.identity.application.mgt.dao.IdentityProviderDAO; import org.wso2.carbon.idp.mgt.IdentityProviderManager; @@ -45,6 +50,7 @@ public class IdentityProviderDAOImpl implements IdentityProviderDAO { * @return * @throws IdentityApplicationManagementException */ + @Override public String getDefaultAuthenticator(String idpName) throws IdentityApplicationManagementException { IdentityProviderManager idpManager = IdentityProviderManager.getInstance(); @@ -87,7 +93,7 @@ public IdentityProvider getIdentityProvider(String idpName) } } - if (federatedAuthenticators.size() > 0) { + if (CollectionUtils.isNotEmpty(federatedAuthenticators)) { identityProvider.setFederatedAuthenticatorConfigs(federatedAuthenticators .toArray(new FederatedAuthenticatorConfig[federatedAuthenticators.size()])); } @@ -103,7 +109,7 @@ public IdentityProvider getIdentityProvider(String idpName) } } - if (provisioningConnectors.size() > 0) { + if (CollectionUtils.isNotEmpty(provisioningConnectors)) { identityProvider.setProvisioningConnectorConfigs(provisioningConnectors .toArray(new ProvisioningConnectorConfig[provisioningConnectors.size()])); } @@ -136,7 +142,7 @@ public List getAllIdentityProviders() List federatedIdentityProviders = new ArrayList(); - if (idps.size() > 0) { + if (idps != null && !idps.isEmpty()) { for (IdentityProvider idp : idps) { federatedIdentityProviders.add(getIdentityProvider(idp.getIdentityProviderName())); } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/OAuthApplicationDAOImpl.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/OAuthApplicationDAOImpl.java index 5fb3e0e213..a11f0e911c 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/OAuthApplicationDAOImpl.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/OAuthApplicationDAOImpl.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.mgt.dao.impl; @@ -38,6 +38,7 @@ public class OAuthApplicationDAOImpl implements OAuthApplicationDAO { /** * */ + @Override public void removeOAuthApplication(String clientIdentifier) throws IdentityApplicationManagementException { Connection connection = null; PreparedStatement prepStmt = null; diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/SAMLApplicationDAOImpl.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/SAMLApplicationDAOImpl.java index aaf3db1d1c..42a5fee642 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/SAMLApplicationDAOImpl.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/SAMLApplicationDAOImpl.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.mgt.dao.impl; @@ -32,8 +32,7 @@ public class SAMLApplicationDAOImpl implements SAMLApplicationDAO { Log log = LogFactory.getLog(SAMLApplicationDAOImpl.class); - /*SAMLSSOConfigService samlService = new SAMLSSOConfigService();*/ - + @Override public void removeServiceProviderConfiguration(String issuer) throws IdentityApplicationManagementException { try { IdentityPersistenceManager persistenceManager = IdentityPersistenceManager.getPersistanceManager(); @@ -41,6 +40,7 @@ public void removeServiceProviderConfiguration(String issuer) throws IdentityApp getRegistry(RegistryType.SYSTEM_CONFIGURATION); persistenceManager.removeServiceProvider(configSystemRegistry, issuer); } catch (IdentityException e) { + log.error("Erro while deleting the issuer", e); throw new IdentityApplicationManagementException("Error while deleting SAML issuer " + e.getMessage()); } } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/internal/ApplicationManagementServiceComponent.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/internal/ApplicationManagementServiceComponent.java index 6e650a45fe..6693fb2278 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/internal/ApplicationManagementServiceComponent.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/internal/ApplicationManagementServiceComponent.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.mgt.internal; @@ -66,16 +66,6 @@ public static Map getFileBasedSPs() { protected void activate(ComponentContext context) { try { -// if (System.getProperty("setup") != null) { - // initialize the identity application persistence manager -// JDBCPersistenceManager jdbcPersistenceManager = JDBCPersistenceManager.getInstance(); -// jdbcPersistenceManager.initializeDatabase(); -// } else { -// if (log.isDebugEnabled()) { -// log.debug("Identity Application Management Database initialization not attempted since \'setup\' " + -// "variable was not provided during startup"); -// } -// } // Registering Application management service as a OSGIService bundleContext = context.getBundleContext(); bundleContext.registerService(ApplicationManagementService.class.getName(), @@ -99,42 +89,42 @@ protected void setRegistryService(RegistryService registryService) { if (log.isDebugEnabled()) { log.debug("RegistryService set in Identity ApplicationManagementComponent bundle"); } - ApplicationManagementServiceComponentHolder.setRegistryService(registryService); + ApplicationManagementServiceComponentHolder.getInstance().setRegistryService(registryService); } protected void unsetRegistryService(RegistryService registryService) { if (log.isDebugEnabled()) { log.debug("RegistryService unset in Identity ApplicationManagementComponent bundle"); } - ApplicationManagementServiceComponentHolder.setRegistryService(null); + ApplicationManagementServiceComponentHolder.getInstance().setRegistryService(null); } protected void setRealmService(RealmService realmService) { if (log.isDebugEnabled()) { log.debug("Setting the Realm Service"); } - ApplicationManagementServiceComponentHolder.setRealmService(realmService); + ApplicationManagementServiceComponentHolder.getInstance().setRealmService(realmService); } protected void unsetRealmService(RealmService realmService) { if (log.isDebugEnabled()) { log.debug("Unsetting the Realm Service"); } - ApplicationManagementServiceComponentHolder.setRealmService(null); + ApplicationManagementServiceComponentHolder.getInstance().setRealmService(null); } protected void setConfigurationContextService(ConfigurationContextService configContextService) { if (log.isDebugEnabled()) { log.debug("Setting the Configuration Context Service"); } - ApplicationManagementServiceComponentHolder.setConfigContextService(configContextService); + ApplicationManagementServiceComponentHolder.getInstance().setConfigContextService(configContextService); } protected void unsetConfigurationContextService(ConfigurationContextService configContextService) { if (log.isDebugEnabled()) { log.debug("Unsetting the Configuration Context Service"); } - ApplicationManagementServiceComponentHolder.setConfigContextService(null); + ApplicationManagementServiceComponentHolder.getInstance().setConfigContextService(null); } private void buildFileBasedSPList() { diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/internal/ApplicationManagementServiceComponentHolder.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/internal/ApplicationManagementServiceComponentHolder.java index 5ee8ee001d..4d9417fb5e 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/internal/ApplicationManagementServiceComponentHolder.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/internal/ApplicationManagementServiceComponentHolder.java @@ -1,21 +1,20 @@ /* - *Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ - package org.wso2.carbon.identity.application.mgt.internal; import org.wso2.carbon.registry.api.RegistryService; @@ -23,33 +22,44 @@ import org.wso2.carbon.utils.ConfigurationContextService; public class ApplicationManagementServiceComponentHolder { - private static RegistryService registryService; - private static RealmService realmService; - private static ConfigurationContextService configContextService; - public static RegistryService getRegistryService() { + private static ApplicationManagementServiceComponentHolder instance=new + ApplicationManagementServiceComponentHolder(); + + private RegistryService registryService; + + private RealmService realmService; + + private ConfigurationContextService configContextService; + + private ApplicationManagementServiceComponentHolder(){ + } + + public static ApplicationManagementServiceComponentHolder getInstance(){return instance;} + + public RegistryService getRegistryService() { return registryService; } - public static void setRegistryService(RegistryService registryService) { - ApplicationManagementServiceComponentHolder.registryService = registryService; + public void setRegistryService(RegistryService registryService) { + this.registryService = registryService; } - public static RealmService getRealmService() { + public RealmService getRealmService() { return realmService; } - public static void setRealmService(RealmService realmService) { - ApplicationManagementServiceComponentHolder.realmService = realmService; + public void setRealmService(RealmService realmService) { + this.realmService = realmService; } - public static ConfigurationContextService getConfigContextService() { + public ConfigurationContextService getConfigContextService() { return configContextService; } - public static void setConfigContextService( + public void setConfigContextService( ConfigurationContextService configContextService) { - ApplicationManagementServiceComponentHolder.configContextService = configContextService; + this.configContextService = configContextService; } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/internal/ApplicationMgtListenerServiceComponent.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/internal/ApplicationMgtListenerServiceComponent.java index 3bf74b3a61..05b91b4b04 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/internal/ApplicationMgtListenerServiceComponent.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/internal/ApplicationMgtListenerServiceComponent.java @@ -1,19 +1,19 @@ /* - *Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - *WSO2 Inc. licenses this file to you under the Apache License, - *Version 2.0 (the "License"); you may not use this file except - *in compliance with the License. - *You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - *http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - *Unless required by applicable law or agreed to in writing, - *software distributed under the License is distributed on an - *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - *KIND, either express or implied. See the License for the - *specific language governing permissions and limitations - *under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.wso2.carbon.identity.application.mgt.internal; @@ -36,6 +36,7 @@ public class ApplicationMgtListenerServiceComponent { private static List listners = new ArrayList(); + public static void setApplicationMgtListenerService( ApplicationMgtListener identityProviderMgtListerService) { diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/listener/ApplicationMgtListener.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/listener/ApplicationMgtListener.java index d5ca21a8b8..d446b63a41 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/listener/ApplicationMgtListener.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/listener/ApplicationMgtListener.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * * WSO2 Inc. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except diff --git a/components/application-mgt/pom.xml b/components/application-mgt/pom.xml index a8d8cb0bf8..00ed8555c7 100644 --- a/components/application-mgt/pom.xml +++ b/components/application-mgt/pom.xml @@ -21,7 +21,7 @@ org.wso2.carbon.identity carbon-identity - 4.4.2-SNAPSHOT + 4.5.6-SNAPSHOT ../../pom.xml diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/pom.xml b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/pom.xml index 7cb26b3e04..d1ee99cf0e 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/pom.xml +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/pom.xml @@ -1,10 +1,26 @@ - + + org.wso2.carbon.identity authentication-framework - 4.4.2-SNAPSHOT + 4.5.6-SNAPSHOT ../pom.xml @@ -16,6 +32,10 @@ http://wso2.org + + commons-lang.wso2 + commons-lang + javax.servlet servlet-api @@ -31,10 +51,6 @@ commons-codec.wso2 commons-codec - - commons-lang.wso2 - commons-lang - org.apache.ws.commons.axiom axiom-api @@ -42,6 +58,12 @@ org.wso2.securevault org.wso2.securevault + + + commons-lang + commons-lang + + @@ -50,8 +72,8 @@ maven-compiler-plugin - 1.5 - 1.5 + 1.7 + 1.7 2.3.2 diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/AuthenticationEndpointFilter.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/AuthenticationEndpointFilter.java index 48c6f911b9..ba23607767 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/AuthenticationEndpointFilter.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/AuthenticationEndpointFilter.java @@ -1,12 +1,12 @@ /* - * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an @@ -18,12 +18,19 @@ package org.wso2.carbon.identity.application.authentication.endpoint; +import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.identity.application.authentication.endpoint.util.AuthenticationEndpointUtil; import org.wso2.carbon.identity.application.authentication.endpoint.util.CharacterEncoder; -import javax.servlet.*; +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; @@ -61,10 +68,12 @@ public class AuthenticationEndpointFilter implements Filter { private ServletContext context = null; + @Override public void init(FilterConfig filterConfig) throws ServletException { context = filterConfig.getServletContext(); } + @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { @@ -76,7 +85,7 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo servletRequest.getParameter(REQUEST_PARAM_APPLICATION) : null; String relativePath = ((HttpServletRequest) servletRequest).getRequestURI().substring( ((HttpServletRequest) servletRequest).getContextPath().length()); - if (serviceProviderName != null && !serviceProviderName.isEmpty()){ + if (StringUtils.isNotBlank(serviceProviderName)) { appSpecificCustomPageConfigKey = AuthenticationEndpointUtil.getApplicationSpecificCustomPageConfigKey (CharacterEncoder.getSafeText(serviceProviderName), relativePath); } @@ -105,7 +114,7 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo return; } - if (((HttpServletRequest)servletRequest).getRequestURI().contains(URI_LOGIN)) { + if (((HttpServletRequest) servletRequest).getRequestURI().contains(URI_LOGIN)) { String hrdParam = CharacterEncoder.getSafeText(servletRequest.getParameter(REQUEST_PARAM_HRD)); if (hrdParam != null && "true".equalsIgnoreCase(hrdParam)) { servletRequest.getRequestDispatcher("domain.jsp").forward(servletRequest, servletResponse); @@ -151,11 +160,12 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo loadPage = "login.jsp"; } servletRequest.getRequestDispatcher(loadPage).forward(servletRequest, servletResponse); - } else{ + } else { filterChain.doFilter(servletRequest, servletResponse); } } + @Override public void destroy() { // Nothing to implement } diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/AuthenticationException.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/AuthenticationException.java index 9743b820d5..b104ece8d8 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/AuthenticationException.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/AuthenticationException.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * * WSO2 Inc. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except @@ -11,15 +11,13 @@ * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the + * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ package org.wso2.carbon.identity.application.authentication.endpoint; -import java.io.IOException; - -public class AuthenticationException extends IOException { +public class AuthenticationException extends Exception { public AuthenticationException() { super(); } @@ -31,4 +29,8 @@ public AuthenticationException(Exception e) { public AuthenticationException(String message) { super(message); } + + public AuthenticationException(String message, Throwable cause) { + super(message, cause); + } } diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/Constants.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/Constants.java index 1fd646be3f..a5d3eb9b38 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/Constants.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/Constants.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * * WSO2 Inc. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except @@ -11,7 +11,7 @@ * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the + * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ @@ -22,19 +22,22 @@ public class Constants { public static final String SESSION_DATA_KEY = "sessionDataKey"; public static final String SESSION_DATA_KEY_CONSENT = "sessionDataKeyConsent"; - public static final String AUTH_FAILURE = "authFailure"; public static final String AUTH_FAILURE_MSG = "authFailureMsg"; - public static final String STATUS = "status"; public static final String STATUS_MSG = "statusMsg"; - public static final String IDP_AUTHENTICATOR_MAP = "idpAuthenticatorMap"; public static final String RESIDENT_IDP_RESERVED_NAME = "LOCAL"; + private Constants() { + } + public static class SAML2SSO { public static final String ASSERTION_CONSUMER_URL = "assertnConsumerURL"; public static final String RELAY_STATE = "RelayState"; public static final String SAML_RESP = "SAMLResponse"; + + private SAML2SSO() { + } } } \ No newline at end of file diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/listener/AuthenticationEndpointContextListener.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/listener/AuthenticationEndpointContextListener.java index 0787c8353e..18c39aa453 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/listener/AuthenticationEndpointContextListener.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/listener/AuthenticationEndpointContextListener.java @@ -1,20 +1,20 @@ /* -* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package org.wso2.carbon.identity.application.authentication.endpoint.listener; @@ -37,6 +37,7 @@ public class AuthenticationEndpointContextListener implements ServletContextList * * @param servletContextEvent */ + @Override public void contextInitialized(ServletContextEvent servletContextEvent) { // Initialize TenantDataManager for tenant domains dropdown feature in SSO login page @@ -49,6 +50,7 @@ public void contextInitialized(ServletContextEvent servletContextEvent) { * * @param servletContextEvent */ + @Override public void contextDestroyed(ServletContextEvent servletContextEvent) { // Tasks to be done after context destroy can be written here diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/util/AuthenticationEndpointUtil.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/util/AuthenticationEndpointUtil.java index 1708daa663..0d45297540 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/util/AuthenticationEndpointUtil.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/util/AuthenticationEndpointUtil.java @@ -1,12 +1,12 @@ /* - * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an @@ -33,11 +33,11 @@ private AuthenticationEndpointUtil() { * Returns the application specific custom page configuration servlet context parameter key given the service * provider name and the relative URL path. * - * @param serviceProviderName name of the service provider configured at IdP - * @param relativePath relative URL path - * @return the possible servlet context parameter key configured for the given application + * @param serviceProviderName name of the service provider configured at IdP + * @param relativePath relative URL path + * @return the possible servlet context parameter key configured for the given application */ - public static String getApplicationSpecificCustomPageConfigKey(String serviceProviderName, String relativePath){ + public static String getApplicationSpecificCustomPageConfigKey(String serviceProviderName, String relativePath) { return serviceProviderName + CUSTOM_PAGE_APP_SPECIFIC_CONFIG_KEY_SEPARATOR + relativePath; } @@ -47,9 +47,9 @@ public static String getApplicationSpecificCustomPageConfigKey(String servicePro * * @param customPageConfigValue configured custom page url value as a servlet context param * @param queryString query string of the incoming request - * @return redirect url of the custom page configuration + * @return redirect url of the custom page configuration */ - public static String getCustomPageRedirectUrl(String customPageConfigValue, String queryString){ + public static String getCustomPageRedirectUrl(String customPageConfigValue, String queryString) { String redirectUrl = customPageConfigValue; if (customPageConfigValue != null && queryString != null && !queryString.isEmpty()) { diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/util/CharacterEncoder.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/util/CharacterEncoder.java index 642df5f02d..ba3d4f7839 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/util/CharacterEncoder.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/util/CharacterEncoder.java @@ -1,20 +1,20 @@ /* -* Copyright (c) 2005-2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package org.wso2.carbon.identity.application.authentication.endpoint.util; /* @@ -22,6 +22,9 @@ */ public class CharacterEncoder { + private CharacterEncoder() { + } + public static String getSafeText(String text) { if (text == null) { return text; diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/util/TenantDataManager.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/util/TenantDataManager.java index 3a0ab72b70..71a1e6dbbf 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/util/TenantDataManager.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/util/TenantDataManager.java @@ -1,20 +1,20 @@ /* -* Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package org.wso2.carbon.identity.application.authentication.endpoint.util; @@ -25,6 +25,7 @@ import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; +import org.wso2.carbon.identity.application.authentication.endpoint.AuthenticationException; import org.wso2.securevault.SecretResolver; import org.wso2.securevault.SecretResolverFactory; import org.xml.sax.InputSource; @@ -35,9 +36,15 @@ import java.io.File; import java.io.FileInputStream; import java.io.IOException; -import java.io.StringReader; import java.io.InputStream; -import java.util.*; +import java.io.StringReader; +import java.util.ArrayList; +import java.util.Collections; +import java.util.Enumeration; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Properties; public class TenantDataManager { @@ -53,7 +60,6 @@ public class TenantDataManager { private static final String CLIENT_KEY_STORE_PASSWORD = "Carbon.Security.KeyStore.Password"; private static final String CLIENT_TRUST_STORE_PASSWORD = "Carbon.Security.TrustStore.Password"; private static final String HOSTNAME_VERIFICATION_ENABLED = "hostname.verification.enabled"; - private static final String TENANT_CONFIG_PROPERTIES = "TenantConfig.properties"; private static final String TENANT_LIST_ENABLED = "tenantListEnabled"; // Service URL constants @@ -79,6 +85,9 @@ public class TenantDataManager { private static boolean initialized = false; private static boolean initAttempted = false; + private TenantDataManager() { + } + /** * Initialize Tenant data manager */ @@ -111,7 +120,7 @@ public static synchronized void init() { carbonLogin = getPropertyValue(USERNAME); // Base64 encoded username - carbonLogin = new String(Base64.encode(carbonLogin.getBytes(CHARACTER_ENCODING))); + carbonLogin = Base64.encode(carbonLogin.getBytes(CHARACTER_ENCODING)); String clientKeyStorePath = buildFilePath(getPropertyValue(CLIENT_KEY_STORE)); String clientTrustStorePath = buildFilePath(getPropertyValue(CLIENT_TRUST_STORE)); @@ -126,12 +135,12 @@ public static synchronized void init() { // Build the service URL of tenant management admin service StringBuilder builder = new StringBuilder(); serviceURL = builder.append(HTTPS_URL).append(getPropertyValue(HOST)).append(COLON) - .append(getPropertyValue(PORT)).append(TENANT_MGT_ADMIN_SERVICE_URL).toString(); + .append(getPropertyValue(PORT)).append(TENANT_MGT_ADMIN_SERVICE_URL).toString(); initialized = true; } - } catch (Exception e) { + } catch (AuthenticationException | IOException e) { log.error("Initialization failed : ", e); } finally { if (inputStream != null) { @@ -223,9 +232,7 @@ public static void setTenantDataList(String dataList) { // Remove all existing tenant domains from the list tenantDomainList.clear(); - for (String domain : domains) { - tenantDomainList.add(domain); - } + Collections.addAll(tenantDomainList, domains); // Sort the tenant domains list according to alphabetical order Collections.sort(tenantDomainList); } @@ -250,7 +257,7 @@ private static void refreshActiveTenantDomainsList() { InputSource inputSource = new InputSource(new StringReader(xmlString)); String xPathExpression = "/*[local-name() = '" + RETRIEVE_TENANTS_RESPONSE + "']/*[local-name() = '" + - RETURN + "']"; + RETURN + "']"; NodeList nodeList = null; nodeList = (NodeList) xpath.evaluate(xPathExpression, inputSource, XPathConstants.NODESET); diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/util/TenantMgtAdminServiceClient.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/util/TenantMgtAdminServiceClient.java index b8e8cbfdfa..219a2886cf 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/util/TenantMgtAdminServiceClient.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/util/TenantMgtAdminServiceClient.java @@ -1,31 +1,50 @@ /* -* Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package org.wso2.carbon.identity.application.authentication.endpoint.util; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; - -import javax.net.ssl.*; -import java.io.*; +import org.wso2.carbon.identity.application.authentication.endpoint.AuthenticationException; + +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSession; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; +import javax.net.ssl.X509TrustManager; +import java.io.BufferedReader; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.OutputStream; import java.net.URL; -import java.security.*; +import java.nio.charset.StandardCharsets; +import java.security.KeyManagementException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; import java.security.cert.CertificateException; import java.util.Map; @@ -68,106 +87,141 @@ public class TenantMgtAdminServiceClient { private static HttpsURLConnection httpsURLConnection; private static SSLSocketFactory sslSocketFactory; + private TenantMgtAdminServiceClient() { + + } + /** * Load key store with given keystore.jks * - * @param keyStorePath Path to keystore - * @param keyStorePassoword Password of keystore - * @throws KeyStoreException - * @throws IOException - * @throws CertificateException - * @throws NoSuchAlgorithmException + * @param keyStorePath Path to keystore + * @param keyStorePassword Password of keystore + * @throws AuthenticationException */ - public static void loadKeyStore(String keyStorePath, String keyStorePassoword) - throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException { - keyStorePassword = keyStorePassoword.toCharArray(); - keyStore = KeyStore.getInstance(keyStoreType); - keyStore.load(new FileInputStream(keyStorePath), keyStorePassword); + public static void loadKeyStore(String keyStorePath, String keyStorePassword) + throws AuthenticationException { + InputStream fis = null; + try { + TenantMgtAdminServiceClient.keyStorePassword = keyStorePassword.toCharArray(); + keyStore = KeyStore.getInstance(keyStoreType); + fis = new FileInputStream(keyStorePath); + keyStore.load(fis, TenantMgtAdminServiceClient.keyStorePassword); + } catch (KeyStoreException | CertificateException | NoSuchAlgorithmException | IOException e) { + throw new AuthenticationException("Error while trying to load Key Store.", e); + } finally { + if (fis != null) { + try { + fis.close(); + } catch (IOException e) { + log.error("Failed to close file. ", e); + } + } + } } /** * Load trust store with given .jks file * - * @param trustStorePath Path to truststore - * @param trustStorePassoword Password of truststore - * @throws KeyStoreException - * @throws IOException - * @throws CertificateException - * @throws NoSuchAlgorithmException + * @param trustStorePath Path to truststore + * @param trustStorePassword Password of truststore + * @throws AuthenticationException */ - public static void loadTrustStore(String trustStorePath, String trustStorePassoword) - throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException { + public static void loadTrustStore(String trustStorePath, String trustStorePassword) + throws AuthenticationException { - trustStore = KeyStore.getInstance(trustStoreType); - trustStore.load(new FileInputStream(trustStorePath), trustStorePassoword.toCharArray()); + InputStream is = null; + try { + trustStore = KeyStore.getInstance(trustStoreType); + is = new FileInputStream(trustStorePath); + trustStore.load(is, trustStorePassword.toCharArray()); + } catch (KeyStoreException | CertificateException | IOException | NoSuchAlgorithmException e) { + throw new AuthenticationException("Error while trying to load Trust Store.", e); + } finally { + if (is != null) { + try { + is.close(); + } catch (IOException e) { + log.error("Failed to close file. ", e); + } + } + } } /** * Create basic SSL connection factory * - * @throws NoSuchAlgorithmException - * @throws KeyStoreException - * @throws KeyManagementException - * @throws IOException - * @throws UnrecoverableKeyException + * @throws AuthenticationException */ public static void initMutualSSLConnection(boolean hostNameVerificationEnabled) - throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException, - UnrecoverableKeyException { + throws AuthenticationException { - KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(keyManagerType); - keyManagerFactory.init(keyStore, keyStorePassword); - TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(trustManagerType); - trustManagerFactory.init(trustStore); + try { + KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(keyManagerType); + keyManagerFactory.init(keyStore, keyStorePassword); + TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(trustManagerType); + trustManagerFactory.init(trustStore); - // Create and initialize SSLContext for HTTPS communication - SSLContext sslContext = SSLContext.getInstance(protocol); + // Create and initialize SSLContext for HTTPS communication + SSLContext sslContext = SSLContext.getInstance(protocol); - if (hostNameVerificationEnabled) { - sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); - sslSocketFactory = sslContext.getSocketFactory(); + if (hostNameVerificationEnabled) { + sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); + sslSocketFactory = sslContext.getSocketFactory(); - if (log.isDebugEnabled()) { - log.debug("Mutual SSL Client initialized with Hostname Verification enabled"); - } - } else { - // All the code below is to overcome host name verification failure we get in certificate - // validation due to selfsigned certificate. - - // Create empty HostnameVerifier - HostnameVerifier hv = new HostnameVerifier() { - public boolean verify(String urlHostName, SSLSession session) { - return true; + if (log.isDebugEnabled()) { + log.debug("Mutual SSL Client initialized with Hostname Verification enabled"); } - }; - - // Create a trust manager that does not validate certificate chains - TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() { - public java.security.cert.X509Certificate[] getAcceptedIssuers() { - return null; + } else { + // All the code below is to overcome host name verification failure we get in certificate + // validation due to self signed certificate. + + // Create empty HostnameVerifier + HostnameVerifier hv = new HostnameVerifier() { + @Override + public boolean verify(String urlHostName, SSLSession session) { + return true; + } + }; + + // Create a trust manager that does not validate certificate chains + TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() { + @Override + public java.security.cert.X509Certificate[] getAcceptedIssuers() { + return new java.security.cert.X509Certificate[0]; + } + + @Override + public void checkClientTrusted(java.security.cert.X509Certificate[] certs, + String authType) { + /* + skipped implementation + */ + } + + @Override + public void checkServerTrusted(java.security.cert.X509Certificate[] certs, + String authType) { + /* + skipped implementation + */ + } + }}; + + sslContext.init(keyManagerFactory.getKeyManagers(), trustAllCerts, new java.security.SecureRandom()); + + if (log.isDebugEnabled()) { + log.debug("SSL Context is initialized with trust manager for excluding certificate validation"); } + SSLContext.setDefault(sslContext); + sslSocketFactory = sslContext.getSocketFactory(); + HttpsURLConnection.setDefaultHostnameVerifier(hv); - public void checkClientTrusted(java.security.cert.X509Certificate[] certs, - String authType) { + if (log.isDebugEnabled()) { + log.debug("Mutual SSL Client initialized with Hostname Verification disabled"); } - - public void checkServerTrusted(java.security.cert.X509Certificate[] certs, - String authType) { - } - }}; - - sslContext.init(keyManagerFactory.getKeyManagers(), trustAllCerts, new java.security.SecureRandom()); - - if (log.isDebugEnabled()) { - log.debug("SSL Context is initialized with trust manager for excluding certificate validation"); - } - SSLContext.setDefault(sslContext); - sslSocketFactory = sslContext.getSocketFactory(); - HttpsURLConnection.setDefaultHostnameVerifier(hv); - - if (log.isDebugEnabled()) { - log.debug("Mutual SSL Client initialized with Hostname Verification disabled"); } + } catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException | KeyManagementException e) { + throw new AuthenticationException("Error while trying to load Trust Store.", e); } } @@ -176,7 +230,7 @@ public void checkServerTrusted(java.security.cert.X509Certificate[] certs, * * @param backendURL URL of the service * @param message Message sent to the URL - * @param requestProps Requeset properties + * @param requestProps Request properties * @return Received data * @throws IOException */ @@ -195,7 +249,7 @@ public static String sendPostRequest(String backendURL, String message, Map 0) { + if (requestProps != null) { for (Map.Entry entry : requestProps.entrySet()) { httpsURLConnection.setRequestProperty(entry.getKey(), entry.getValue()); } @@ -203,10 +257,10 @@ public static String sendPostRequest(String backendURL, String message, Map + + diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/webapp/assets/css/bootstrap.min.css b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/webapp/assets/css/bootstrap.min.css index 1c75d0c07a..92fbbce425 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/webapp/assets/css/bootstrap.min.css +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/webapp/assets/css/bootstrap.min.css @@ -1,9 +1,4560 @@ -/*! - * Bootstrap v2.0.3 +/* + * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at * - * Copyright 2012 Twitter, Inc - * Licensed under the Apache License v2.0 * http://www.apache.org/licenses/LICENSE-2.0 * - * Designed and built with all the love in the world @twitter by @mdo and @fat. - */article,aside,details,figcaption,figure,footer,header,hgroup,nav,section{display:block}audio,canvas,video{display:inline-block;*display:inline;*zoom:1}audio:not([controls]){display:none}html{font-size:100%;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}a:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}a:hover,a:active{outline:0}sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{max-width:100%;vertical-align:middle;border:0;-ms-interpolation-mode:bicubic}button,input,select,textarea{margin:0;font-size:100%;vertical-align:middle}button,input{*overflow:visible;line-height:normal}button::-moz-focus-inner,input::-moz-focus-inner{padding:0;border:0}button,input[type="button"],input[type="reset"],input[type="submit"]{cursor:pointer;-webkit-appearance:button}input[type="search"]{-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-appearance:textfield}input[type="search"]::-webkit-search-decoration,input[type="search"]::-webkit-search-cancel-button{-webkit-appearance:none}textarea{overflow:auto;vertical-align:top}.clearfix{*zoom:1}.clearfix:before,.clearfix:after{display:table;content:""}.clearfix:after{clear:both}.hide-text{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.input-block-level{display:block;width:100%;min-height:28px;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;-ms-box-sizing:border-box;box-sizing:border-box}body{margin:0;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:13px;line-height:18px;color:#333;background-color:#fff}a{color:#08c;text-decoration:none}a:hover{color:#005580;text-decoration:underline}.row{margin-left:-20px;*zoom:1}.row:before,.row:after{display:table;content:""}.row:after{clear:both}[class*="span"]{float:left;margin-left:20px}.container,.navbar-fixed-top .container,.navbar-fixed-bottom .container{width:940px}.span12{width:940px}.span11{width:860px}.span10{width:780px}.span9{width:700px}.span8{width:620px}.span7{width:540px}.span6{width:460px}.span5{width:380px}.span4{width:300px}.span3{width:220px}.span2{width:140px}.span1{width:60px}.offset12{margin-left:980px}.offset11{margin-left:900px}.offset10{margin-left:820px}.offset9{margin-left:740px}.offset8{margin-left:660px}.offset7{margin-left:580px}.offset6{margin-left:500px}.offset5{margin-left:420px}.offset4{margin-left:340px}.offset3{margin-left:260px}.offset2{margin-left:180px}.offset1{margin-left:100px}.row-fluid{width:100%;*zoom:1}.row-fluid:before,.row-fluid:after{display:table;content:""}.row-fluid:after{clear:both}.row-fluid [class*="span"]{display:block;float:left;width:100%;min-height:28px;margin-left:2.127659574%;*margin-left:2.0744680846382977%;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;-ms-box-sizing:border-box;box-sizing:border-box}.row-fluid [class*="span"]:first-child{margin-left:0}.row-fluid .span12{width:99.99999998999999%;*width:99.94680850063828%}.row-fluid .span11{width:91.489361693%;*width:91.4361702036383%}.row-fluid .span10{width:82.97872339599999%;*width:82.92553190663828%}.row-fluid .span9{width:74.468085099%;*width:74.4148936096383%}.row-fluid .span8{width:65.95744680199999%;*width:65.90425531263828%}.row-fluid .span7{width:57.446808505%;*width:57.3936170156383%}.row-fluid .span6{width:48.93617020799999%;*width:48.88297871863829%}.row-fluid .span5{width:40.425531911%;*width:40.3723404216383%}.row-fluid .span4{width:31.914893614%;*width:31.8617021246383%}.row-fluid .span3{width:23.404255317%;*width:23.3510638276383%}.row-fluid .span2{width:14.89361702%;*width:14.8404255306383%}.row-fluid .span1{width:6.382978723%;*width:6.329787233638298%}.container{margin-right:auto;margin-left:auto;*zoom:1}.container:before,.container:after{display:table;content:""}.container:after{clear:both}.container-fluid{padding-right:20px;padding-left:20px;*zoom:1}.container-fluid:before,.container-fluid:after{display:table;content:""}.container-fluid:after{clear:both}p{margin:0 0 9px;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:13px;line-height:18px}p small{font-size:11px;color:#999}.lead{margin-bottom:18px;font-size:20px;font-weight:200;line-height:27px}h1,h2,h3,h4,h5,h6{margin:0;font-family:inherit;font-weight:bold;color:inherit;text-rendering:optimizelegibility}h1 small,h2 small,h3 small,h4 small,h5 small,h6 small{font-weight:normal;color:#999}h1{font-size:30px;line-height:36px}h1 small{font-size:18px}h2{font-size:24px;line-height:36px}h2 small{font-size:18px}h3{font-size:18px;line-height:27px}h3 small{font-size:14px}h4,h5,h6{line-height:18px}h4{font-size:14px}h4 small{font-size:12px}h5{font-size:12px}h6{font-size:11px;color:#999;text-transform:uppercase}.page-header{padding-bottom:17px;margin:18px 0;border-bottom:1px solid #eee}.page-header h1{line-height:1}ul,ol{padding:0;margin:0 0 9px 25px}ul ul,ul ol,ol ol,ol ul{margin-bottom:0}ul{list-style:disc}ol{list-style:decimal}li{line-height:18px}ul.unstyled,ol.unstyled{margin-left:0;list-style:none}dl{margin-bottom:18px}dt,dd{line-height:18px}dt{font-weight:bold;line-height:17px}dd{margin-left:9px}.dl-horizontal dt{float:left;width:120px;overflow:hidden;clear:left;text-align:right;text-overflow:ellipsis;white-space:nowrap}.dl-horizontal dd{margin-left:130px}hr{margin:18px 0;border:0;border-top:1px solid #eee;border-bottom:1px solid #fff}strong{font-weight:bold}em{font-style:italic}.muted{color:#999}abbr[title]{cursor:help;border-bottom:1px dotted #ddd}abbr.initialism{font-size:90%;text-transform:uppercase}blockquote{padding:0 0 0 15px;margin:0 0 18px;border-left:5px solid #eee}blockquote p{margin-bottom:0;font-size:16px;font-weight:300;line-height:22.5px}blockquote small{display:block;line-height:18px;color:#999}blockquote small:before{content:'\2014 \00A0'}blockquote.pull-right{float:right;padding-right:15px;padding-left:0;border-right:5px solid #eee;border-left:0}blockquote.pull-right p,blockquote.pull-right small{text-align:right}q:before,q:after,blockquote:before,blockquote:after{content:""}address{display:block;margin-bottom:18px;font-style:normal;line-height:18px}small{font-size:100%}cite{font-style:normal}code,pre{padding:0 3px 2px;font-family:Menlo,Monaco,Consolas,"Courier New",monospace;font-size:12px;color:#333;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px}code{padding:2px 4px;color:#d14;background-color:#f7f7f9;border:1px solid #e1e1e8}pre{display:block;padding:8.5px;margin:0 0 9px;font-size:12.025px;line-height:18px;word-break:break-all;word-wrap:break-word;white-space:pre;white-space:pre-wrap;background-color:#f5f5f5;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.15);-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}pre.prettyprint{margin-bottom:18px}pre code{padding:0;color:inherit;background-color:transparent;border:0}.pre-scrollable{max-height:340px;overflow-y:scroll}form{margin:0 0 18px}fieldset{padding:0;margin:0;border:0}legend{display:block;width:100%;padding:0;margin-bottom:27px;font-size:19.5px;line-height:36px;color:#333;border:0;border-bottom:1px solid #eee}legend small{font-size:13.5px;color:#999}label,input,button,select,textarea{font-size:13px;font-weight:normal;line-height:18px}input,button,select,textarea{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif}label{display:block;margin-bottom:5px;color:#333}input,textarea,select,.uneditable-input{display:inline-block;width:210px;height:18px;padding:4px;margin-bottom:9px;font-size:13px;line-height:18px;color:#555;background-color:#fff;border:1px solid #ccc;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px}.uneditable-textarea{width:auto;height:auto}label input,label textarea,label select{display:block}input[type="image"],input[type="checkbox"],input[type="radio"]{width:auto;height:auto;padding:0;margin:3px 0;*margin-top:0;line-height:normal;cursor:pointer;background-color:transparent;border:0 \9;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}input[type="image"]{border:0}input[type="file"]{width:auto;padding:initial;line-height:initial;background-color:#fff;background-color:initial;border:initial;-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none}input[type="button"],input[type="reset"],input[type="submit"]{width:auto;height:auto}select,input[type="file"]{height:28px;*margin-top:4px;line-height:28px}input[type="file"]{line-height:18px \9}select{width:220px;background-color:#fff}select[multiple],select[size]{height:auto}input[type="image"]{-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none}textarea{height:auto}input[type="hidden"]{display:none}.radio,.checkbox{min-height:18px;padding-left:18px}.radio input[type="radio"],.checkbox input[type="checkbox"]{float:left;margin-left:-18px}.controls>.radio:first-child,.controls>.checkbox:first-child{padding-top:5px}.radio.inline,.checkbox.inline{display:inline-block;padding-top:5px;margin-bottom:0;vertical-align:middle}.radio.inline+.radio.inline,.checkbox.inline+.checkbox.inline{margin-left:10px}input,textarea{-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-webkit-transition:border linear .2s,box-shadow linear .2s;-moz-transition:border linear .2s,box-shadow linear .2s;-ms-transition:border linear .2s,box-shadow linear .2s;-o-transition:border linear .2s,box-shadow linear .2s;transition:border linear .2s,box-shadow linear .2s}input:focus,textarea:focus{border-color:rgba(82,168,236,0.8);outline:0;outline:thin dotted \9;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6)}input[type="file"]:focus,input[type="radio"]:focus,input[type="checkbox"]:focus,select:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px;-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none}.input-mini{width:60px}.input-small{width:90px}.input-medium{width:150px}.input-large{width:210px}.input-xlarge{width:270px}.input-xxlarge{width:530px}input[class*="span"],select[class*="span"],textarea[class*="span"],.uneditable-input[class*="span"],.row-fluid input[class*="span"],.row-fluid select[class*="span"],.row-fluid textarea[class*="span"],.row-fluid .uneditable-input[class*="span"]{float:none;margin-left:0}input,textarea,.uneditable-input{margin-left:0}input.span12,textarea.span12,.uneditable-input.span12{width:930px}input.span11,textarea.span11,.uneditable-input.span11{width:850px}input.span10,textarea.span10,.uneditable-input.span10{width:770px}input.span9,textarea.span9,.uneditable-input.span9{width:690px}input.span8,textarea.span8,.uneditable-input.span8{width:610px}input.span7,textarea.span7,.uneditable-input.span7{width:530px}input.span6,textarea.span6,.uneditable-input.span6{width:450px}input.span5,textarea.span5,.uneditable-input.span5{width:370px}input.span4,textarea.span4,.uneditable-input.span4{width:290px}input.span3,textarea.span3,.uneditable-input.span3{width:210px}input.span2,textarea.span2,.uneditable-input.span2{width:130px}input.span1,textarea.span1,.uneditable-input.span1{width:50px}input[disabled],select[disabled],textarea[disabled],input[readonly],select[readonly],textarea[readonly]{cursor:not-allowed;background-color:#eee;border-color:#ddd}input[type="radio"][disabled],input[type="checkbox"][disabled],input[type="radio"][readonly],input[type="checkbox"][readonly]{background-color:transparent}.control-group.warning>label,.control-group.warning .help-block,.control-group.warning .help-inline{color:#c09853}.control-group.warning input,.control-group.warning select,.control-group.warning textarea{color:#c09853;border-color:#c09853}.control-group.warning input:focus,.control-group.warning select:focus,.control-group.warning textarea:focus{border-color:#a47e3c;-webkit-box-shadow:0 0 6px #dbc59e;-moz-box-shadow:0 0 6px #dbc59e;box-shadow:0 0 6px #dbc59e}.control-group.warning .input-prepend .add-on,.control-group.warning .input-append .add-on{color:#c09853;background-color:#fcf8e3;border-color:#c09853}.control-group.error>label,.control-group.error .help-block,.control-group.error .help-inline{color:#b94a48}.control-group.error input,.control-group.error select,.control-group.error textarea{color:#b94a48;border-color:#b94a48}.control-group.error input:focus,.control-group.error select:focus,.control-group.error textarea:focus{border-color:#953b39;-webkit-box-shadow:0 0 6px #d59392;-moz-box-shadow:0 0 6px #d59392;box-shadow:0 0 6px #d59392}.control-group.error .input-prepend .add-on,.control-group.error .input-append .add-on{color:#b94a48;background-color:#f2dede;border-color:#b94a48}.control-group.success>label,.control-group.success .help-block,.control-group.success .help-inline{color:#468847}.control-group.success input,.control-group.success select,.control-group.success textarea{color:#468847;border-color:#468847}.control-group.success input:focus,.control-group.success select:focus,.control-group.success textarea:focus{border-color:#356635;-webkit-box-shadow:0 0 6px #7aba7b;-moz-box-shadow:0 0 6px #7aba7b;box-shadow:0 0 6px #7aba7b}.control-group.success .input-prepend .add-on,.control-group.success .input-append .add-on{color:#468847;background-color:#dff0d8;border-color:#468847}input:focus:required:invalid,textarea:focus:required:invalid,select:focus:required:invalid{color:#b94a48;border-color:#ee5f5b}input:focus:required:invalid:focus,textarea:focus:required:invalid:focus,select:focus:required:invalid:focus{border-color:#e9322d;-webkit-box-shadow:0 0 6px #f8b9b7;-moz-box-shadow:0 0 6px #f8b9b7;box-shadow:0 0 6px #f8b9b7}.form-actions{padding:17px 20px 18px;margin-top:18px;margin-bottom:18px;background-color:#f5f5f5;border-top:1px solid #ddd;*zoom:1}.form-actions:before,.form-actions:after{display:table;content:""}.form-actions:after{clear:both}.uneditable-input{overflow:hidden;white-space:nowrap;cursor:not-allowed;background-color:#fff;border-color:#eee;-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,0.025);-moz-box-shadow:inset 0 1px 2px rgba(0,0,0,0.025);box-shadow:inset 0 1px 2px rgba(0,0,0,0.025)}:-moz-placeholder{color:#999}::-webkit-input-placeholder{color:#999}.help-block,.help-inline{color:#555}.help-block{display:block;margin-bottom:9px}.help-inline{display:inline-block;*display:inline;padding-left:5px;vertical-align:middle;*zoom:1}.input-prepend,.input-append{margin-bottom:5px}.input-prepend input,.input-append input,.input-prepend select,.input-append select,.input-prepend .uneditable-input,.input-append .uneditable-input{position:relative;margin-bottom:0;*margin-left:0;vertical-align:middle;-webkit-border-radius:0 3px 3px 0;-moz-border-radius:0 3px 3px 0;border-radius:0 3px 3px 0}.input-prepend input:focus,.input-append input:focus,.input-prepend select:focus,.input-append select:focus,.input-prepend .uneditable-input:focus,.input-append .uneditable-input:focus{z-index:2}.input-prepend .uneditable-input,.input-append .uneditable-input{border-left-color:#ccc}.input-prepend .add-on,.input-append .add-on{display:inline-block;width:auto;height:18px;min-width:16px;padding:4px 5px;font-weight:normal;line-height:18px;text-align:center;text-shadow:0 1px 0 #fff;vertical-align:middle;background-color:#eee;border:1px solid #ccc}.input-prepend .add-on,.input-append .add-on,.input-prepend .btn,.input-append .btn{margin-left:-1px;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.input-prepend .active,.input-append .active{background-color:#a9dba9;border-color:#46a546}.input-prepend .add-on,.input-prepend .btn{margin-right:-1px}.input-prepend .add-on:first-child,.input-prepend .btn:first-child{-webkit-border-radius:3px 0 0 3px;-moz-border-radius:3px 0 0 3px;border-radius:3px 0 0 3px}.input-append input,.input-append select,.input-append .uneditable-input{-webkit-border-radius:3px 0 0 3px;-moz-border-radius:3px 0 0 3px;border-radius:3px 0 0 3px}.input-append .uneditable-input{border-right-color:#ccc;border-left-color:#eee}.input-append .add-on:last-child,.input-append .btn:last-child{-webkit-border-radius:0 3px 3px 0;-moz-border-radius:0 3px 3px 0;border-radius:0 3px 3px 0}.input-prepend.input-append input,.input-prepend.input-append select,.input-prepend.input-append .uneditable-input{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.input-prepend.input-append .add-on:first-child,.input-prepend.input-append .btn:first-child{margin-right:-1px;-webkit-border-radius:3px 0 0 3px;-moz-border-radius:3px 0 0 3px;border-radius:3px 0 0 3px}.input-prepend.input-append .add-on:last-child,.input-prepend.input-append .btn:last-child{margin-left:-1px;-webkit-border-radius:0 3px 3px 0;-moz-border-radius:0 3px 3px 0;border-radius:0 3px 3px 0}.search-query{padding-right:14px;padding-right:4px \9;padding-left:14px;padding-left:4px \9;margin-bottom:0;-webkit-border-radius:14px;-moz-border-radius:14px;border-radius:14px}.form-search input,.form-inline input,.form-horizontal input,.form-search textarea,.form-inline textarea,.form-horizontal textarea,.form-search select,.form-inline select,.form-horizontal select,.form-search .help-inline,.form-inline .help-inline,.form-horizontal .help-inline,.form-search .uneditable-input,.form-inline .uneditable-input,.form-horizontal .uneditable-input,.form-search .input-prepend,.form-inline .input-prepend,.form-horizontal .input-prepend,.form-search .input-append,.form-inline .input-append,.form-horizontal .input-append{display:inline-block;*display:inline;margin-bottom:0;*zoom:1}.form-search .hide,.form-inline .hide,.form-horizontal .hide{display:none}.form-search label,.form-inline label{display:inline-block}.form-search .input-append,.form-inline .input-append,.form-search .input-prepend,.form-inline .input-prepend{margin-bottom:0}.form-search .radio,.form-search .checkbox,.form-inline .radio,.form-inline .checkbox{padding-left:0;margin-bottom:0;vertical-align:middle}.form-search .radio input[type="radio"],.form-search .checkbox input[type="checkbox"],.form-inline .radio input[type="radio"],.form-inline .checkbox input[type="checkbox"]{float:left;margin-right:3px;margin-left:0}.control-group{margin-bottom:9px}legend+.control-group{margin-top:18px;-webkit-margin-top-collapse:separate}.form-horizontal .control-group{margin-bottom:18px;*zoom:1}.form-horizontal .control-group:before,.form-horizontal .control-group:after{display:table;content:""}.form-horizontal .control-group:after{clear:both}.form-horizontal .control-label{float:left;width:140px;padding-top:5px;text-align:right}.form-horizontal .controls{*display:inline-block;*padding-left:20px;margin-left:160px;*margin-left:0}.form-horizontal .controls:first-child{*padding-left:160px}.form-horizontal .help-block{margin-top:9px;margin-bottom:0}.form-horizontal .form-actions{padding-left:160px}table{max-width:100%;background-color:transparent;border-collapse:collapse;border-spacing:0}.table{width:100%;margin-bottom:18px}.table th,.table td{padding:8px;line-height:18px;text-align:left;vertical-align:top;border-top:1px solid #ddd}.table th{font-weight:bold}.table thead th{vertical-align:bottom}.table caption+thead tr:first-child th,.table caption+thead tr:first-child td,.table colgroup+thead tr:first-child th,.table colgroup+thead tr:first-child td,.table thead:first-child tr:first-child th,.table thead:first-child tr:first-child td{border-top:0}.table tbody+tbody{border-top:2px solid #ddd}.table-condensed th,.table-condensed td{padding:4px 5px}.table-bordered{border:1px solid #ddd;border-collapse:separate;*border-collapse:collapsed;border-left:0;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}.table-bordered th,.table-bordered td{border-left:1px solid #ddd}.table-bordered caption+thead tr:first-child th,.table-bordered caption+tbody tr:first-child th,.table-bordered caption+tbody tr:first-child td,.table-bordered colgroup+thead tr:first-child th,.table-bordered colgroup+tbody tr:first-child th,.table-bordered colgroup+tbody tr:first-child td,.table-bordered thead:first-child tr:first-child th,.table-bordered tbody:first-child tr:first-child th,.table-bordered tbody:first-child tr:first-child td{border-top:0}.table-bordered thead:first-child tr:first-child th:first-child,.table-bordered tbody:first-child tr:first-child td:first-child{-webkit-border-top-left-radius:4px;border-top-left-radius:4px;-moz-border-radius-topleft:4px}.table-bordered thead:first-child tr:first-child th:last-child,.table-bordered tbody:first-child tr:first-child td:last-child{-webkit-border-top-right-radius:4px;border-top-right-radius:4px;-moz-border-radius-topright:4px}.table-bordered thead:last-child tr:last-child th:first-child,.table-bordered tbody:last-child tr:last-child td:first-child{-webkit-border-radius:0 0 0 4px;-moz-border-radius:0 0 0 4px;border-radius:0 0 0 4px;-webkit-border-bottom-left-radius:4px;border-bottom-left-radius:4px;-moz-border-radius-bottomleft:4px}.table-bordered thead:last-child tr:last-child th:last-child,.table-bordered tbody:last-child tr:last-child td:last-child{-webkit-border-bottom-right-radius:4px;border-bottom-right-radius:4px;-moz-border-radius-bottomright:4px}.table-striped tbody tr:nth-child(odd) td,.table-striped tbody tr:nth-child(odd) th{background-color:#f9f9f9}.table tbody tr:hover td,.table tbody tr:hover th{background-color:#f5f5f5}table .span1{float:none;width:44px;margin-left:0}table .span2{float:none;width:124px;margin-left:0}table .span3{float:none;width:204px;margin-left:0}table .span4{float:none;width:284px;margin-left:0}table .span5{float:none;width:364px;margin-left:0}table .span6{float:none;width:444px;margin-left:0}table .span7{float:none;width:524px;margin-left:0}table .span8{float:none;width:604px;margin-left:0}table .span9{float:none;width:684px;margin-left:0}table .span10{float:none;width:764px;margin-left:0}table .span11{float:none;width:844px;margin-left:0}table .span12{float:none;width:924px;margin-left:0}table .span13{float:none;width:1004px;margin-left:0}table .span14{float:none;width:1084px;margin-left:0}table .span15{float:none;width:1164px;margin-left:0}table .span16{float:none;width:1244px;margin-left:0}table .span17{float:none;width:1324px;margin-left:0}table .span18{float:none;width:1404px;margin-left:0}table .span19{float:none;width:1484px;margin-left:0}table .span20{float:none;width:1564px;margin-left:0}table .span21{float:none;width:1644px;margin-left:0}table .span22{float:none;width:1724px;margin-left:0}table .span23{float:none;width:1804px;margin-left:0}table .span24{float:none;width:1884px;margin-left:0}[class^="icon-"],[class*=" icon-"]{display:inline-block;width:14px;height:14px;*margin-right:.3em;line-height:14px;vertical-align:text-top;background-image:url("../img/glyphicons-halflings.png");background-position:14px 14px;background-repeat:no-repeat}[class^="icon-"]:last-child,[class*=" icon-"]:last-child{*margin-left:0}.icon-white{background-image:url("../img/glyphicons-halflings-white.png")}.icon-glass{background-position:0 0}.icon-music{background-position:-24px 0}.icon-search{background-position:-48px 0}.icon-envelope{background-position:-72px 0}.icon-heart{background-position:-96px 0}.icon-star{background-position:-120px 0}.icon-star-empty{background-position:-144px 0}.icon-user{background-position:-168px 0}.icon-film{background-position:-192px 0}.icon-th-large{background-position:-216px 0}.icon-th{background-position:-240px 0}.icon-th-list{background-position:-264px 0}.icon-ok{background-position:-288px 0}.icon-remove{background-position:-312px 0}.icon-zoom-in{background-position:-336px 0}.icon-zoom-out{background-position:-360px 0}.icon-off{background-position:-384px 0}.icon-signal{background-position:-408px 0}.icon-cog{background-position:-432px 0}.icon-trash{background-position:-456px 0}.icon-home{background-position:0 -24px}.icon-file{background-position:-24px -24px}.icon-time{background-position:-48px -24px}.icon-road{background-position:-72px -24px}.icon-download-alt{background-position:-96px -24px}.icon-download{background-position:-120px -24px}.icon-upload{background-position:-144px -24px}.icon-inbox{background-position:-168px -24px}.icon-play-circle{background-position:-192px -24px}.icon-repeat{background-position:-216px -24px}.icon-refresh{background-position:-240px -24px}.icon-list-alt{background-position:-264px -24px}.icon-lock{background-position:-287px -24px}.icon-flag{background-position:-312px -24px}.icon-headphones{background-position:-336px -24px}.icon-volume-off{background-position:-360px -24px}.icon-volume-down{background-position:-384px -24px}.icon-volume-up{background-position:-408px -24px}.icon-qrcode{background-position:-432px -24px}.icon-barcode{background-position:-456px -24px}.icon-tag{background-position:0 -48px}.icon-tags{background-position:-25px -48px}.icon-book{background-position:-48px -48px}.icon-bookmark{background-position:-72px -48px}.icon-print{background-position:-96px -48px}.icon-camera{background-position:-120px -48px}.icon-font{background-position:-144px -48px}.icon-bold{background-position:-167px -48px}.icon-italic{background-position:-192px -48px}.icon-text-height{background-position:-216px -48px}.icon-text-width{background-position:-240px -48px}.icon-align-left{background-position:-264px -48px}.icon-align-center{background-position:-288px -48px}.icon-align-right{background-position:-312px -48px}.icon-align-justify{background-position:-336px -48px}.icon-list{background-position:-360px -48px}.icon-indent-left{background-position:-384px -48px}.icon-indent-right{background-position:-408px -48px}.icon-facetime-video{background-position:-432px -48px}.icon-picture{background-position:-456px -48px}.icon-pencil{background-position:0 -72px}.icon-map-marker{background-position:-24px -72px}.icon-adjust{background-position:-48px -72px}.icon-tint{background-position:-72px -72px}.icon-edit{background-position:-96px -72px}.icon-share{background-position:-120px -72px}.icon-check{background-position:-144px -72px}.icon-move{background-position:-168px -72px}.icon-step-backward{background-position:-192px -72px}.icon-fast-backward{background-position:-216px -72px}.icon-backward{background-position:-240px -72px}.icon-play{background-position:-264px -72px}.icon-pause{background-position:-288px -72px}.icon-stop{background-position:-312px -72px}.icon-forward{background-position:-336px -72px}.icon-fast-forward{background-position:-360px -72px}.icon-step-forward{background-position:-384px -72px}.icon-eject{background-position:-408px -72px}.icon-chevron-left{background-position:-432px -72px}.icon-chevron-right{background-position:-456px -72px}.icon-plus-sign{background-position:0 -96px}.icon-minus-sign{background-position:-24px -96px}.icon-remove-sign{background-position:-48px -96px}.icon-ok-sign{background-position:-72px -96px}.icon-question-sign{background-position:-96px -96px}.icon-info-sign{background-position:-120px -96px}.icon-screenshot{background-position:-144px -96px}.icon-remove-circle{background-position:-168px -96px}.icon-ok-circle{background-position:-192px -96px}.icon-ban-circle{background-position:-216px -96px}.icon-arrow-left{background-position:-240px -96px}.icon-arrow-right{background-position:-264px -96px}.icon-arrow-up{background-position:-289px -96px}.icon-arrow-down{background-position:-312px -96px}.icon-share-alt{background-position:-336px -96px}.icon-resize-full{background-position:-360px -96px}.icon-resize-small{background-position:-384px -96px}.icon-plus{background-position:-408px -96px}.icon-minus{background-position:-433px -96px}.icon-asterisk{background-position:-456px -96px}.icon-exclamation-sign{background-position:0 -120px}.icon-gift{background-position:-24px -120px}.icon-leaf{background-position:-48px -120px}.icon-fire{background-position:-72px -120px}.icon-eye-open{background-position:-96px -120px}.icon-eye-close{background-position:-120px -120px}.icon-warning-sign{background-position:-144px -120px}.icon-plane{background-position:-168px -120px}.icon-calendar{background-position:-192px -120px}.icon-random{background-position:-216px -120px}.icon-comment{background-position:-240px -120px}.icon-magnet{background-position:-264px -120px}.icon-chevron-up{background-position:-288px -120px}.icon-chevron-down{background-position:-313px -119px}.icon-retweet{background-position:-336px -120px}.icon-shopping-cart{background-position:-360px -120px}.icon-folder-close{background-position:-384px -120px}.icon-folder-open{background-position:-408px -120px}.icon-resize-vertical{background-position:-432px -119px}.icon-resize-horizontal{background-position:-456px -118px}.icon-hdd{background-position:0 -144px}.icon-bullhorn{background-position:-24px -144px}.icon-bell{background-position:-48px -144px}.icon-certificate{background-position:-72px -144px}.icon-thumbs-up{background-position:-96px -144px}.icon-thumbs-down{background-position:-120px -144px}.icon-hand-right{background-position:-144px -144px}.icon-hand-left{background-position:-168px -144px}.icon-hand-up{background-position:-192px -144px}.icon-hand-down{background-position:-216px -144px}.icon-circle-arrow-right{background-position:-240px -144px}.icon-circle-arrow-left{background-position:-264px -144px}.icon-circle-arrow-up{background-position:-288px -144px}.icon-circle-arrow-down{background-position:-312px -144px}.icon-globe{background-position:-336px -144px}.icon-wrench{background-position:-360px -144px}.icon-tasks{background-position:-384px -144px}.icon-filter{background-position:-408px -144px}.icon-briefcase{background-position:-432px -144px}.icon-fullscreen{background-position:-456px -144px}.dropup,.dropdown{position:relative}.dropdown-toggle{*margin-bottom:-3px}.dropdown-toggle:active,.open .dropdown-toggle{outline:0}.caret{display:inline-block;width:0;height:0;vertical-align:top;border-top:4px solid #000;border-right:4px solid transparent;border-left:4px solid transparent;content:"";opacity:.3;filter:alpha(opacity=30)}.dropdown .caret{margin-top:8px;margin-left:2px}.dropdown:hover .caret,.open .caret{opacity:1;filter:alpha(opacity=100)}.dropdown-menu{position:absolute;top:100%;left:0;z-index:1000;display:none;float:left;min-width:160px;padding:4px 0;margin:1px 0 0;list-style:none;background-color:#fff;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.2);*border-right-width:2px;*border-bottom-width:2px;-webkit-border-radius:5px;-moz-border-radius:5px;border-radius:5px;-webkit-box-shadow:0 5px 10px rgba(0,0,0,0.2);-moz-box-shadow:0 5px 10px rgba(0,0,0,0.2);box-shadow:0 5px 10px rgba(0,0,0,0.2);-webkit-background-clip:padding-box;-moz-background-clip:padding;background-clip:padding-box}.dropdown-menu.pull-right{right:0;left:auto}.dropdown-menu .divider{*width:100%;height:1px;margin:8px 1px;*margin:-5px 0 5px;overflow:hidden;background-color:#e5e5e5;border-bottom:1px solid #fff}.dropdown-menu a{display:block;padding:3px 15px;clear:both;font-weight:normal;line-height:18px;color:#333;white-space:nowrap}.dropdown-menu li>a:hover,.dropdown-menu .active>a,.dropdown-menu .active>a:hover{color:#fff;text-decoration:none;background-color:#08c}.open{*z-index:1000}.open .dropdown-menu{display:block}.pull-right .dropdown-menu{right:0;left:auto}.dropup .caret,.navbar-fixed-bottom .dropdown .caret{border-top:0;border-bottom:4px solid #000;content:"\2191"}.dropup .dropdown-menu,.navbar-fixed-bottom .dropdown .dropdown-menu{top:auto;bottom:100%;margin-bottom:1px}.typeahead{margin-top:2px;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}.well{min-height:20px;padding:19px;margin-bottom:20px;background-color:#f5f5f5;border:1px solid #eee;border:1px solid rgba(0,0,0,0.05);-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.05);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.05);box-shadow:inset 0 1px 1px rgba(0,0,0,0.05)}.well blockquote{border-color:#ddd;border-color:rgba(0,0,0,0.15)}.well-large{padding:24px;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px}.well-small{padding:9px;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px}.fade{opacity:0;filter:alpha(opacity=0);-webkit-transition:opacity .15s linear;-moz-transition:opacity .15s linear;-ms-transition:opacity .15s linear;-o-transition:opacity .15s linear;transition:opacity .15s linear}.fade.in{opacity:1;filter:alpha(opacity=100)}.collapse{position:relative;height:0;overflow:hidden;-webkit-transition:height .35s ease;-moz-transition:height .35s ease;-ms-transition:height .35s ease;-o-transition:height .35s ease;transition:height .35s ease}.collapse.in{height:auto}.close{float:right;font-size:20px;font-weight:bold;line-height:18px;color:#000;text-shadow:0 1px 0 #fff;opacity:.2;filter:alpha(opacity=20)}.close:hover{color:#000;text-decoration:none;cursor:pointer;opacity:.4;filter:alpha(opacity=40)}button.close{padding:0;cursor:pointer;background:transparent;border:0;-webkit-appearance:none}.btn{display:inline-block;*display:inline;padding:4px 10px 4px;margin-bottom:0;*margin-left:.3em;font-size:13px;line-height:18px;*line-height:20px;color:#333;text-align:center;text-shadow:0 1px 1px rgba(255,255,255,0.75);vertical-align:middle;cursor:pointer;background-color:#f5f5f5;*background-color:#e6e6e6;background-image:-ms-linear-gradient(top,#fff,#e6e6e6);background-image:-webkit-gradient(linear,0 0,0 100%,from(#fff),to(#e6e6e6));background-image:-webkit-linear-gradient(top,#fff,#e6e6e6);background-image:-o-linear-gradient(top,#fff,#e6e6e6);background-image:linear-gradient(top,#fff,#e6e6e6);background-image:-moz-linear-gradient(top,#fff,#e6e6e6);background-repeat:repeat-x;border:1px solid #ccc;*border:0;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);border-color:#e6e6e6 #e6e6e6 #bfbfbf;border-bottom-color:#b3b3b3;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;filter:progid:dximagetransform.microsoft.gradient(startColorstr='#ffffff',endColorstr='#e6e6e6',GradientType=0);filter:progid:dximagetransform.microsoft.gradient(enabled=false);*zoom:1;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05);-moz-box-shadow:inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05);box-shadow:inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05)}.btn:hover,.btn:active,.btn.active,.btn.disabled,.btn[disabled]{background-color:#e6e6e6;*background-color:#d9d9d9}.btn:active,.btn.active{background-color:#ccc \9}.btn:first-child{*margin-left:0}.btn:hover{color:#333;text-decoration:none;background-color:#e6e6e6;*background-color:#d9d9d9;background-position:0 -15px;-webkit-transition:background-position .1s linear;-moz-transition:background-position .1s linear;-ms-transition:background-position .1s linear;-o-transition:background-position .1s linear;transition:background-position .1s linear}.btn:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.btn.active,.btn:active{background-color:#e6e6e6;background-color:#d9d9d9 \9;background-image:none;outline:0;-webkit-box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05);-moz-box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05);box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05)}.btn.disabled,.btn[disabled]{cursor:default;background-color:#e6e6e6;background-image:none;opacity:.65;filter:alpha(opacity=65);-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none}.btn-large{padding:9px 14px;font-size:15px;line-height:normal;-webkit-border-radius:5px;-moz-border-radius:5px;border-radius:5px}.btn-large [class^="icon-"]{margin-top:1px}.btn-small{padding:5px 9px;font-size:11px;line-height:16px}.btn-small [class^="icon-"]{margin-top:-1px}.btn-mini{padding:2px 6px;font-size:11px;line-height:14px}.btn-primary,.btn-primary:hover,.btn-warning,.btn-warning:hover,.btn-danger,.btn-danger:hover,.btn-success,.btn-success:hover,.btn-info,.btn-info:hover,.btn-inverse,.btn-inverse:hover{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25)}.btn-primary.active,.btn-warning.active,.btn-danger.active,.btn-success.active,.btn-info.active,.btn-inverse.active{color:rgba(255,255,255,0.75)}.btn{border-color:#ccc;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25)}.btn-primary{background-color:#0074cc;*background-color:#05c;background-image:-ms-linear-gradient(top,#08c,#05c);background-image:-webkit-gradient(linear,0 0,0 100%,from(#08c),to(#05c));background-image:-webkit-linear-gradient(top,#08c,#05c);background-image:-o-linear-gradient(top,#08c,#05c);background-image:-moz-linear-gradient(top,#08c,#05c);background-image:linear-gradient(top,#08c,#05c);background-repeat:repeat-x;border-color:#05c #05c #003580;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:dximagetransform.microsoft.gradient(startColorstr='#0088cc',endColorstr='#0055cc',GradientType=0);filter:progid:dximagetransform.microsoft.gradient(enabled=false)}.btn-primary:hover,.btn-primary:active,.btn-primary.active,.btn-primary.disabled,.btn-primary[disabled]{background-color:#05c;*background-color:#004ab3}.btn-primary:active,.btn-primary.active{background-color:#004099 \9}.btn-warning{background-color:#faa732;*background-color:#f89406;background-image:-ms-linear-gradient(top,#fbb450,#f89406);background-image:-webkit-gradient(linear,0 0,0 100%,from(#fbb450),to(#f89406));background-image:-webkit-linear-gradient(top,#fbb450,#f89406);background-image:-o-linear-gradient(top,#fbb450,#f89406);background-image:-moz-linear-gradient(top,#fbb450,#f89406);background-image:linear-gradient(top,#fbb450,#f89406);background-repeat:repeat-x;border-color:#f89406 #f89406 #ad6704;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:dximagetransform.microsoft.gradient(startColorstr='#fbb450',endColorstr='#f89406',GradientType=0);filter:progid:dximagetransform.microsoft.gradient(enabled=false)}.btn-warning:hover,.btn-warning:active,.btn-warning.active,.btn-warning.disabled,.btn-warning[disabled]{background-color:#f89406;*background-color:#df8505}.btn-warning:active,.btn-warning.active{background-color:#c67605 \9}.btn-danger{background-color:#da4f49;*background-color:#bd362f;background-image:-ms-linear-gradient(top,#ee5f5b,#bd362f);background-image:-webkit-gradient(linear,0 0,0 100%,from(#ee5f5b),to(#bd362f));background-image:-webkit-linear-gradient(top,#ee5f5b,#bd362f);background-image:-o-linear-gradient(top,#ee5f5b,#bd362f);background-image:-moz-linear-gradient(top,#ee5f5b,#bd362f);background-image:linear-gradient(top,#ee5f5b,#bd362f);background-repeat:repeat-x;border-color:#bd362f #bd362f #802420;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:dximagetransform.microsoft.gradient(startColorstr='#ee5f5b',endColorstr='#bd362f',GradientType=0);filter:progid:dximagetransform.microsoft.gradient(enabled=false)}.btn-danger:hover,.btn-danger:active,.btn-danger.active,.btn-danger.disabled,.btn-danger[disabled]{background-color:#bd362f;*background-color:#a9302a}.btn-danger:active,.btn-danger.active{background-color:#942a25 \9}.btn-success{background-color:#5bb75b;*background-color:#51a351;background-image:-ms-linear-gradient(top,#62c462,#51a351);background-image:-webkit-gradient(linear,0 0,0 100%,from(#62c462),to(#51a351));background-image:-webkit-linear-gradient(top,#62c462,#51a351);background-image:-o-linear-gradient(top,#62c462,#51a351);background-image:-moz-linear-gradient(top,#62c462,#51a351);background-image:linear-gradient(top,#62c462,#51a351);background-repeat:repeat-x;border-color:#51a351 #51a351 #387038;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:dximagetransform.microsoft.gradient(startColorstr='#62c462',endColorstr='#51a351',GradientType=0);filter:progid:dximagetransform.microsoft.gradient(enabled=false)}.btn-success:hover,.btn-success:active,.btn-success.active,.btn-success.disabled,.btn-success[disabled]{background-color:#51a351;*background-color:#499249}.btn-success:active,.btn-success.active{background-color:#408140 \9}.btn-info{background-color:#49afcd;*background-color:#2f96b4;background-image:-ms-linear-gradient(top,#5bc0de,#2f96b4);background-image:-webkit-gradient(linear,0 0,0 100%,from(#5bc0de),to(#2f96b4));background-image:-webkit-linear-gradient(top,#5bc0de,#2f96b4);background-image:-o-linear-gradient(top,#5bc0de,#2f96b4);background-image:-moz-linear-gradient(top,#5bc0de,#2f96b4);background-image:linear-gradient(top,#5bc0de,#2f96b4);background-repeat:repeat-x;border-color:#2f96b4 #2f96b4 #1f6377;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:dximagetransform.microsoft.gradient(startColorstr='#5bc0de',endColorstr='#2f96b4',GradientType=0);filter:progid:dximagetransform.microsoft.gradient(enabled=false)}.btn-info:hover,.btn-info:active,.btn-info.active,.btn-info.disabled,.btn-info[disabled]{background-color:#2f96b4;*background-color:#2a85a0}.btn-info:active,.btn-info.active{background-color:#24748c \9}.btn-inverse{background-color:#414141;*background-color:#222;background-image:-ms-linear-gradient(top,#555,#222);background-image:-webkit-gradient(linear,0 0,0 100%,from(#555),to(#222));background-image:-webkit-linear-gradient(top,#555,#222);background-image:-o-linear-gradient(top,#555,#222);background-image:-moz-linear-gradient(top,#555,#222);background-image:linear-gradient(top,#555,#222);background-repeat:repeat-x;border-color:#222 #222 #000;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:dximagetransform.microsoft.gradient(startColorstr='#555555',endColorstr='#222222',GradientType=0);filter:progid:dximagetransform.microsoft.gradient(enabled=false)}.btn-inverse:hover,.btn-inverse:active,.btn-inverse.active,.btn-inverse.disabled,.btn-inverse[disabled]{background-color:#222;*background-color:#151515}.btn-inverse:active,.btn-inverse.active{background-color:#080808 \9}button.btn,input[type="submit"].btn{*padding-top:2px;*padding-bottom:2px}button.btn::-moz-focus-inner,input[type="submit"].btn::-moz-focus-inner{padding:0;border:0}button.btn.btn-large,input[type="submit"].btn.btn-large{*padding-top:7px;*padding-bottom:7px}button.btn.btn-small,input[type="submit"].btn.btn-small{*padding-top:3px;*padding-bottom:3px}button.btn.btn-mini,input[type="submit"].btn.btn-mini{*padding-top:1px;*padding-bottom:1px}.btn-group{position:relative;*margin-left:.3em;*zoom:1}.btn-group:before,.btn-group:after{display:table;content:""}.btn-group:after{clear:both}.btn-group:first-child{*margin-left:0}.btn-group+.btn-group{margin-left:5px}.btn-toolbar{margin-top:9px;margin-bottom:9px}.btn-toolbar .btn-group{display:inline-block;*display:inline;*zoom:1}.btn-group>.btn{position:relative;float:left;margin-left:-1px;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.btn-group>.btn:first-child{margin-left:0;-webkit-border-bottom-left-radius:4px;border-bottom-left-radius:4px;-webkit-border-top-left-radius:4px;border-top-left-radius:4px;-moz-border-radius-bottomleft:4px;-moz-border-radius-topleft:4px}.btn-group>.btn:last-child,.btn-group>.dropdown-toggle{-webkit-border-top-right-radius:4px;border-top-right-radius:4px;-webkit-border-bottom-right-radius:4px;border-bottom-right-radius:4px;-moz-border-radius-topright:4px;-moz-border-radius-bottomright:4px}.btn-group>.btn.large:first-child{margin-left:0;-webkit-border-bottom-left-radius:6px;border-bottom-left-radius:6px;-webkit-border-top-left-radius:6px;border-top-left-radius:6px;-moz-border-radius-bottomleft:6px;-moz-border-radius-topleft:6px}.btn-group>.btn.large:last-child,.btn-group>.large.dropdown-toggle{-webkit-border-top-right-radius:6px;border-top-right-radius:6px;-webkit-border-bottom-right-radius:6px;border-bottom-right-radius:6px;-moz-border-radius-topright:6px;-moz-border-radius-bottomright:6px}.btn-group>.btn:hover,.btn-group>.btn:focus,.btn-group>.btn:active,.btn-group>.btn.active{z-index:2}.btn-group .dropdown-toggle:active,.btn-group.open .dropdown-toggle{outline:0}.btn-group>.dropdown-toggle{*padding-top:4px;padding-right:8px;*padding-bottom:4px;padding-left:8px;-webkit-box-shadow:inset 1px 0 0 rgba(255,255,255,0.125),inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05);-moz-box-shadow:inset 1px 0 0 rgba(255,255,255,0.125),inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05);box-shadow:inset 1px 0 0 rgba(255,255,255,0.125),inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05)}.btn-group>.btn-mini.dropdown-toggle{padding-right:5px;padding-left:5px}.btn-group>.btn-small.dropdown-toggle{*padding-top:4px;*padding-bottom:4px}.btn-group>.btn-large.dropdown-toggle{padding-right:12px;padding-left:12px}.btn-group.open .dropdown-toggle{background-image:none;-webkit-box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05);-moz-box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05);box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05)}.btn-group.open .btn.dropdown-toggle{background-color:#e6e6e6}.btn-group.open .btn-primary.dropdown-toggle{background-color:#05c}.btn-group.open .btn-warning.dropdown-toggle{background-color:#f89406}.btn-group.open .btn-danger.dropdown-toggle{background-color:#bd362f}.btn-group.open .btn-success.dropdown-toggle{background-color:#51a351}.btn-group.open .btn-info.dropdown-toggle{background-color:#2f96b4}.btn-group.open .btn-inverse.dropdown-toggle{background-color:#222}.btn .caret{margin-top:7px;margin-left:0}.btn:hover .caret,.open.btn-group .caret{opacity:1;filter:alpha(opacity=100)}.btn-mini .caret{margin-top:5px}.btn-small .caret{margin-top:6px}.btn-large .caret{margin-top:6px;border-top-width:5px;border-right-width:5px;border-left-width:5px}.dropup .btn-large .caret{border-top:0;border-bottom:5px solid #000}.btn-primary .caret,.btn-warning .caret,.btn-danger .caret,.btn-info .caret,.btn-success .caret,.btn-inverse .caret{border-top-color:#fff;border-bottom-color:#fff;opacity:.75;filter:alpha(opacity=75)}.alert{padding:8px 35px 8px 14px;margin-bottom:18px;color:#c09853;text-shadow:0 1px 0 rgba(255,255,255,0.5);background-color:#fcf8e3;border:1px solid #fbeed5;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}.alert-heading{color:inherit}.alert .close{position:relative;top:-2px;right:-21px;line-height:18px}.alert-success{color:#468847;background-color:#dff0d8;border-color:#d6e9c6}.alert-danger,.alert-error{color:#b94a48;background-color:#f2dede;border-color:#eed3d7}.alert-info{color:#3a87ad;background-color:#d9edf7;border-color:#bce8f1}.alert-block{padding-top:14px;padding-bottom:14px}.alert-block>p,.alert-block>ul{margin-bottom:0}.alert-block p+p{margin-top:5px}.nav{margin-bottom:18px;margin-left:0;list-style:none}.nav>li>a{display:block}.nav>li>a:hover{text-decoration:none;background-color:#eee}.nav>.pull-right{float:right}.nav .nav-header{display:block;padding:3px 15px;font-size:11px;font-weight:bold;line-height:18px;color:#999;text-shadow:0 1px 0 rgba(255,255,255,0.5);text-transform:uppercase}.nav li+.nav-header{margin-top:9px}.nav-list{padding-right:15px;padding-left:15px;margin-bottom:0}.nav-list>li>a,.nav-list .nav-header{margin-right:-15px;margin-left:-15px;text-shadow:0 1px 0 rgba(255,255,255,0.5)}.nav-list>li>a{padding:3px 15px}.nav-list>.active>a,.nav-list>.active>a:hover{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.2);background-color:#08c}.nav-list [class^="icon-"]{margin-right:2px}.nav-list .divider{*width:100%;height:1px;margin:8px 1px;*margin:-5px 0 5px;overflow:hidden;background-color:#e5e5e5;border-bottom:1px solid #fff}.nav-tabs,.nav-pills{*zoom:1}.nav-tabs:before,.nav-pills:before,.nav-tabs:after,.nav-pills:after{display:table;content:""}.nav-tabs:after,.nav-pills:after{clear:both}.nav-tabs>li,.nav-pills>li{float:left}.nav-tabs>li>a,.nav-pills>li>a{padding-right:12px;padding-left:12px;margin-right:2px;line-height:14px}.nav-tabs{border-bottom:1px solid #ddd}.nav-tabs>li{margin-bottom:-1px}.nav-tabs>li>a{padding-top:8px;padding-bottom:8px;line-height:18px;border:1px solid transparent;-webkit-border-radius:4px 4px 0 0;-moz-border-radius:4px 4px 0 0;border-radius:4px 4px 0 0}.nav-tabs>li>a:hover{border-color:#eee #eee #ddd}.nav-tabs>.active>a,.nav-tabs>.active>a:hover{color:#555;cursor:default;background-color:#fff;border:1px solid #ddd;border-bottom-color:transparent}.nav-pills>li>a{padding-top:8px;padding-bottom:8px;margin-top:2px;margin-bottom:2px;-webkit-border-radius:5px;-moz-border-radius:5px;border-radius:5px}.nav-pills>.active>a,.nav-pills>.active>a:hover{color:#fff;background-color:#08c}.nav-stacked>li{float:none}.nav-stacked>li>a{margin-right:0}.nav-tabs.nav-stacked{border-bottom:0}.nav-tabs.nav-stacked>li>a{border:1px solid #ddd;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.nav-tabs.nav-stacked>li:first-child>a{-webkit-border-radius:4px 4px 0 0;-moz-border-radius:4px 4px 0 0;border-radius:4px 4px 0 0}.nav-tabs.nav-stacked>li:last-child>a{-webkit-border-radius:0 0 4px 4px;-moz-border-radius:0 0 4px 4px;border-radius:0 0 4px 4px}.nav-tabs.nav-stacked>li>a:hover{z-index:2;border-color:#ddd}.nav-pills.nav-stacked>li>a{margin-bottom:3px}.nav-pills.nav-stacked>li:last-child>a{margin-bottom:1px}.nav-tabs .dropdown-menu{-webkit-border-radius:0 0 5px 5px;-moz-border-radius:0 0 5px 5px;border-radius:0 0 5px 5px}.nav-pills .dropdown-menu{-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}.nav-tabs .dropdown-toggle .caret,.nav-pills .dropdown-toggle .caret{margin-top:6px;border-top-color:#08c;border-bottom-color:#08c}.nav-tabs .dropdown-toggle:hover .caret,.nav-pills .dropdown-toggle:hover .caret{border-top-color:#005580;border-bottom-color:#005580}.nav-tabs .active .dropdown-toggle .caret,.nav-pills .active .dropdown-toggle .caret{border-top-color:#333;border-bottom-color:#333}.nav>.dropdown.active>a:hover{color:#000;cursor:pointer}.nav-tabs .open .dropdown-toggle,.nav-pills .open .dropdown-toggle,.nav>li.dropdown.open.active>a:hover{color:#fff;background-color:#999;border-color:#999}.nav li.dropdown.open .caret,.nav li.dropdown.open.active .caret,.nav li.dropdown.open a:hover .caret{border-top-color:#fff;border-bottom-color:#fff;opacity:1;filter:alpha(opacity=100)}.tabs-stacked .open>a:hover{border-color:#999}.tabbable{*zoom:1}.tabbable:before,.tabbable:after{display:table;content:""}.tabbable:after{clear:both}.tab-content{overflow:auto}.tabs-below>.nav-tabs,.tabs-right>.nav-tabs,.tabs-left>.nav-tabs{border-bottom:0}.tab-content>.tab-pane,.pill-content>.pill-pane{display:none}.tab-content>.active,.pill-content>.active{display:block}.tabs-below>.nav-tabs{border-top:1px solid #ddd}.tabs-below>.nav-tabs>li{margin-top:-1px;margin-bottom:0}.tabs-below>.nav-tabs>li>a{-webkit-border-radius:0 0 4px 4px;-moz-border-radius:0 0 4px 4px;border-radius:0 0 4px 4px}.tabs-below>.nav-tabs>li>a:hover{border-top-color:#ddd;border-bottom-color:transparent}.tabs-below>.nav-tabs>.active>a,.tabs-below>.nav-tabs>.active>a:hover{border-color:transparent #ddd #ddd #ddd}.tabs-left>.nav-tabs>li,.tabs-right>.nav-tabs>li{float:none}.tabs-left>.nav-tabs>li>a,.tabs-right>.nav-tabs>li>a{min-width:74px;margin-right:0;margin-bottom:3px}.tabs-left>.nav-tabs{float:left;margin-right:19px;border-right:1px solid #ddd}.tabs-left>.nav-tabs>li>a{margin-right:-1px;-webkit-border-radius:4px 0 0 4px;-moz-border-radius:4px 0 0 4px;border-radius:4px 0 0 4px}.tabs-left>.nav-tabs>li>a:hover{border-color:#eee #ddd #eee #eee}.tabs-left>.nav-tabs .active>a,.tabs-left>.nav-tabs .active>a:hover{border-color:#ddd transparent #ddd #ddd;*border-right-color:#fff}.tabs-right>.nav-tabs{float:right;margin-left:19px;border-left:1px solid #ddd}.tabs-right>.nav-tabs>li>a{margin-left:-1px;-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0}.tabs-right>.nav-tabs>li>a:hover{border-color:#eee #eee #eee #ddd}.tabs-right>.nav-tabs .active>a,.tabs-right>.nav-tabs .active>a:hover{border-color:#ddd #ddd #ddd transparent;*border-left-color:#fff}.navbar{*position:relative;*z-index:2;margin-bottom:18px;overflow:visible}.navbar-inner{min-height:40px;padding-right:20px;padding-left:20px;background-color:#2c2c2c;background-image:-moz-linear-gradient(top,#333,#222);background-image:-ms-linear-gradient(top,#333,#222);background-image:-webkit-gradient(linear,0 0,0 100%,from(#333),to(#222));background-image:-webkit-linear-gradient(top,#333,#222);background-image:-o-linear-gradient(top,#333,#222);background-image:linear-gradient(top,#333,#222);background-repeat:repeat-x;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;filter:progid:dximagetransform.microsoft.gradient(startColorstr='#333333',endColorstr='#222222',GradientType=0);-webkit-box-shadow:0 1px 3px rgba(0,0,0,0.25),inset 0 -1px 0 rgba(0,0,0,0.1);-moz-box-shadow:0 1px 3px rgba(0,0,0,0.25),inset 0 -1px 0 rgba(0,0,0,0.1);box-shadow:0 1px 3px rgba(0,0,0,0.25),inset 0 -1px 0 rgba(0,0,0,0.1)}.navbar .container{width:auto}.nav-collapse.collapse{height:auto}.navbar{color:#999}.navbar .brand:hover{text-decoration:none}.navbar .brand{display:block;float:left;padding:8px 20px 12px;margin-left:-20px;font-size:20px;font-weight:200;line-height:1;color:#999}.navbar .navbar-text{margin-bottom:0;line-height:40px}.navbar .navbar-link{color:#999}.navbar .navbar-link:hover{color:#fff}.navbar .btn,.navbar .btn-group{margin-top:5px}.navbar .btn-group .btn{margin:0}.navbar-form{margin-bottom:0;*zoom:1}.navbar-form:before,.navbar-form:after{display:table;content:""}.navbar-form:after{clear:both}.navbar-form input,.navbar-form select,.navbar-form .radio,.navbar-form .checkbox{margin-top:5px}.navbar-form input,.navbar-form select{display:inline-block;margin-bottom:0}.navbar-form input[type="image"],.navbar-form input[type="checkbox"],.navbar-form input[type="radio"]{margin-top:3px}.navbar-form .input-append,.navbar-form .input-prepend{margin-top:6px;white-space:nowrap}.navbar-form .input-append input,.navbar-form .input-prepend input{margin-top:0}.navbar-search{position:relative;float:left;margin-top:6px;margin-bottom:0}.navbar-search .search-query{padding:4px 9px;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:13px;font-weight:normal;line-height:1;color:#fff;background-color:#626262;border:1px solid #151515;-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1),0 1px 0 rgba(255,255,255,0.15);-moz-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1),0 1px 0 rgba(255,255,255,0.15);box-shadow:inset 0 1px 2px rgba(0,0,0,0.1),0 1px 0 rgba(255,255,255,0.15);-webkit-transition:none;-moz-transition:none;-ms-transition:none;-o-transition:none;transition:none}.navbar-search .search-query:-moz-placeholder{color:#ccc}.navbar-search .search-query::-webkit-input-placeholder{color:#ccc}.navbar-search .search-query:focus,.navbar-search .search-query.focused{padding:5px 10px;color:#333;text-shadow:0 1px 0 #fff;background-color:#fff;border:0;outline:0;-webkit-box-shadow:0 0 3px rgba(0,0,0,0.15);-moz-box-shadow:0 0 3px rgba(0,0,0,0.15);box-shadow:0 0 3px rgba(0,0,0,0.15)}.navbar-fixed-top,.navbar-fixed-bottom{position:fixed;right:0;left:0;z-index:1030;margin-bottom:0}.navbar-fixed-top .navbar-inner,.navbar-fixed-bottom .navbar-inner{padding-right:0;padding-left:0;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.navbar-fixed-top .container,.navbar-fixed-bottom .container{width:940px}.navbar-fixed-top{top:0}.navbar-fixed-bottom{bottom:0}.navbar .nav{position:relative;left:0;display:block;float:left;margin:0 10px 0 0}.navbar .nav.pull-right{float:right}.navbar .nav>li{display:block;float:left}.navbar .nav>li>a{float:none;padding:9px 10px 11px;line-height:19px;color:#999;text-decoration:none;text-shadow:0 -1px 0 rgba(0,0,0,0.25)}.navbar .btn{display:inline-block;padding:4px 10px 4px;margin:5px 5px 6px;line-height:18px}.navbar .btn-group{padding:5px 5px 6px;margin:0}.navbar .nav>li>a:hover{color:#fff;text-decoration:none;background-color:transparent}.navbar .nav .active>a,.navbar .nav .active>a:hover{color:#fff;text-decoration:none;background-color:#222}.navbar .divider-vertical{width:1px;height:40px;margin:0 9px;overflow:hidden;background-color:#222;border-right:1px solid #333}.navbar .nav.pull-right{margin-right:0;margin-left:10px}.navbar .btn-navbar{display:none;float:right;padding:7px 10px;margin-right:5px;margin-left:5px;background-color:#2c2c2c;*background-color:#222;background-image:-ms-linear-gradient(top,#333,#222);background-image:-webkit-gradient(linear,0 0,0 100%,from(#333),to(#222));background-image:-webkit-linear-gradient(top,#333,#222);background-image:-o-linear-gradient(top,#333,#222);background-image:linear-gradient(top,#333,#222);background-image:-moz-linear-gradient(top,#333,#222);background-repeat:repeat-x;border-color:#222 #222 #000;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:dximagetransform.microsoft.gradient(startColorstr='#333333',endColorstr='#222222',GradientType=0);filter:progid:dximagetransform.microsoft.gradient(enabled=false);-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.075);-moz-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.075);box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.075)}.navbar .btn-navbar:hover,.navbar .btn-navbar:active,.navbar .btn-navbar.active,.navbar .btn-navbar.disabled,.navbar .btn-navbar[disabled]{background-color:#222;*background-color:#151515}.navbar .btn-navbar:active,.navbar .btn-navbar.active{background-color:#080808 \9}.navbar .btn-navbar .icon-bar{display:block;width:18px;height:2px;background-color:#f5f5f5;-webkit-border-radius:1px;-moz-border-radius:1px;border-radius:1px;-webkit-box-shadow:0 1px 0 rgba(0,0,0,0.25);-moz-box-shadow:0 1px 0 rgba(0,0,0,0.25);box-shadow:0 1px 0 rgba(0,0,0,0.25)}.btn-navbar .icon-bar+.icon-bar{margin-top:3px}.navbar .dropdown-menu:before{position:absolute;top:-7px;left:9px;display:inline-block;border-right:7px solid transparent;border-bottom:7px solid #ccc;border-left:7px solid transparent;border-bottom-color:rgba(0,0,0,0.2);content:''}.navbar .dropdown-menu:after{position:absolute;top:-6px;left:10px;display:inline-block;border-right:6px solid transparent;border-bottom:6px solid #fff;border-left:6px solid transparent;content:''}.navbar-fixed-bottom .dropdown-menu:before{top:auto;bottom:-7px;border-top:7px solid #ccc;border-bottom:0;border-top-color:rgba(0,0,0,0.2)}.navbar-fixed-bottom .dropdown-menu:after{top:auto;bottom:-6px;border-top:6px solid #fff;border-bottom:0}.navbar .nav li.dropdown .dropdown-toggle .caret,.navbar .nav li.dropdown.open .caret{border-top-color:#fff;border-bottom-color:#fff}.navbar .nav li.dropdown.active .caret{opacity:1;filter:alpha(opacity=100)}.navbar .nav li.dropdown.open>.dropdown-toggle,.navbar .nav li.dropdown.active>.dropdown-toggle,.navbar .nav li.dropdown.open.active>.dropdown-toggle{background-color:transparent}.navbar .nav li.dropdown.active>.dropdown-toggle:hover{color:#fff}.navbar .pull-right .dropdown-menu,.navbar .dropdown-menu.pull-right{right:0;left:auto}.navbar .pull-right .dropdown-menu:before,.navbar .dropdown-menu.pull-right:before{right:12px;left:auto}.navbar .pull-right .dropdown-menu:after,.navbar .dropdown-menu.pull-right:after{right:13px;left:auto}.breadcrumb{padding:7px 14px;margin:0 0 18px;list-style:none;background-color:#fbfbfb;background-image:-moz-linear-gradient(top,#fff,#f5f5f5);background-image:-ms-linear-gradient(top,#fff,#f5f5f5);background-image:-webkit-gradient(linear,0 0,0 100%,from(#fff),to(#f5f5f5));background-image:-webkit-linear-gradient(top,#fff,#f5f5f5);background-image:-o-linear-gradient(top,#fff,#f5f5f5);background-image:linear-gradient(top,#fff,#f5f5f5);background-repeat:repeat-x;border:1px solid #ddd;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px;filter:progid:dximagetransform.microsoft.gradient(startColorstr='#ffffff',endColorstr='#f5f5f5',GradientType=0);-webkit-box-shadow:inset 0 1px 0 #fff;-moz-box-shadow:inset 0 1px 0 #fff;box-shadow:inset 0 1px 0 #fff}.breadcrumb li{display:inline-block;*display:inline;text-shadow:0 1px 0 #fff;*zoom:1}.breadcrumb .divider{padding:0 5px;color:#999}.breadcrumb .active a{color:#333}.pagination{height:36px;margin:18px 0}.pagination ul{display:inline-block;*display:inline;margin-bottom:0;margin-left:0;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px;*zoom:1;-webkit-box-shadow:0 1px 2px rgba(0,0,0,0.05);-moz-box-shadow:0 1px 2px rgba(0,0,0,0.05);box-shadow:0 1px 2px rgba(0,0,0,0.05)}.pagination li{display:inline}.pagination a{float:left;padding:0 14px;line-height:34px;text-decoration:none;border:1px solid #ddd;border-left-width:0}.pagination a:hover,.pagination .active a{background-color:#f5f5f5}.pagination .active a{color:#999;cursor:default}.pagination .disabled span,.pagination .disabled a,.pagination .disabled a:hover{color:#999;cursor:default;background-color:transparent}.pagination li:first-child a{border-left-width:1px;-webkit-border-radius:3px 0 0 3px;-moz-border-radius:3px 0 0 3px;border-radius:3px 0 0 3px}.pagination li:last-child a{-webkit-border-radius:0 3px 3px 0;-moz-border-radius:0 3px 3px 0;border-radius:0 3px 3px 0}.pagination-centered{text-align:center}.pagination-right{text-align:right}.pager{margin-bottom:18px;margin-left:0;text-align:center;list-style:none;*zoom:1}.pager:before,.pager:after{display:table;content:""}.pager:after{clear:both}.pager li{display:inline}.pager a{display:inline-block;padding:5px 14px;background-color:#fff;border:1px solid #ddd;-webkit-border-radius:15px;-moz-border-radius:15px;border-radius:15px}.pager a:hover{text-decoration:none;background-color:#f5f5f5}.pager .next a{float:right}.pager .previous a{float:left}.pager .disabled a,.pager .disabled a:hover{color:#999;cursor:default;background-color:#fff}.modal-open .dropdown-menu{z-index:2050}.modal-open .dropdown.open{*z-index:2050}.modal-open .popover{z-index:2060}.modal-open .tooltip{z-index:2070}.modal-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1040;background-color:#000}.modal-backdrop.fade{opacity:0}.modal-backdrop,.modal-backdrop.fade.in{opacity:.8;filter:alpha(opacity=80)}.modal{position:fixed;top:50%;left:50%;z-index:1050;width:560px;margin:-250px 0 0 -280px;overflow:auto;background-color:#fff;border:1px solid #999;border:1px solid rgba(0,0,0,0.3);*border:1px solid #999;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;-webkit-box-shadow:0 3px 7px rgba(0,0,0,0.3);-moz-box-shadow:0 3px 7px rgba(0,0,0,0.3);box-shadow:0 3px 7px rgba(0,0,0,0.3);-webkit-background-clip:padding-box;-moz-background-clip:padding-box;background-clip:padding-box}.modal.fade{top:-25%;-webkit-transition:opacity .3s linear,top .3s ease-out;-moz-transition:opacity .3s linear,top .3s ease-out;-ms-transition:opacity .3s linear,top .3s ease-out;-o-transition:opacity .3s linear,top .3s ease-out;transition:opacity .3s linear,top .3s ease-out}.modal.fade.in{top:50%}.modal-header{padding:9px 15px;border-bottom:1px solid #eee}.modal-header .close{margin-top:2px}.modal-body{max-height:400px;padding:15px;overflow-y:auto}.modal-form{margin-bottom:0}.modal-footer{padding:14px 15px 15px;margin-bottom:0;text-align:right;background-color:#f5f5f5;border-top:1px solid #ddd;-webkit-border-radius:0 0 6px 6px;-moz-border-radius:0 0 6px 6px;border-radius:0 0 6px 6px;*zoom:1;-webkit-box-shadow:inset 0 1px 0 #fff;-moz-box-shadow:inset 0 1px 0 #fff;box-shadow:inset 0 1px 0 #fff}.modal-footer:before,.modal-footer:after{display:table;content:""}.modal-footer:after{clear:both}.modal-footer .btn+.btn{margin-bottom:0;margin-left:5px}.modal-footer .btn-group .btn+.btn{margin-left:-1px}.tooltip{position:absolute;z-index:1020;display:block;padding:5px;font-size:11px;opacity:0;filter:alpha(opacity=0);visibility:visible}.tooltip.in{opacity:.8;filter:alpha(opacity=80)}.tooltip.top{margin-top:-2px}.tooltip.right{margin-left:2px}.tooltip.bottom{margin-top:2px}.tooltip.left{margin-left:-2px}.tooltip.top .tooltip-arrow{bottom:0;left:50%;margin-left:-5px;border-top:5px solid #000;border-right:5px solid transparent;border-left:5px solid transparent}.tooltip.left .tooltip-arrow{top:50%;right:0;margin-top:-5px;border-top:5px solid transparent;border-bottom:5px solid transparent;border-left:5px solid #000}.tooltip.bottom .tooltip-arrow{top:0;left:50%;margin-left:-5px;border-right:5px solid transparent;border-bottom:5px solid #000;border-left:5px solid transparent}.tooltip.right .tooltip-arrow{top:50%;left:0;margin-top:-5px;border-top:5px solid transparent;border-right:5px solid #000;border-bottom:5px solid transparent}.tooltip-inner{max-width:200px;padding:3px 8px;color:#fff;text-align:center;text-decoration:none;background-color:#000;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}.tooltip-arrow{position:absolute;width:0;height:0}.popover{position:absolute;top:0;left:0;z-index:1010;display:none;padding:5px}.popover.top{margin-top:-5px}.popover.right{margin-left:5px}.popover.bottom{margin-top:5px}.popover.left{margin-left:-5px}.popover.top .arrow{bottom:0;left:50%;margin-left:-5px;border-top:5px solid #000;border-right:5px solid transparent;border-left:5px solid transparent}.popover.right .arrow{top:50%;left:0;margin-top:-5px;border-top:5px solid transparent;border-right:5px solid #000;border-bottom:5px solid transparent}.popover.bottom .arrow{top:0;left:50%;margin-left:-5px;border-right:5px solid transparent;border-bottom:5px solid #000;border-left:5px solid transparent}.popover.left .arrow{top:50%;right:0;margin-top:-5px;border-top:5px solid transparent;border-bottom:5px solid transparent;border-left:5px solid #000}.popover .arrow{position:absolute;width:0;height:0}.popover-inner{width:280px;padding:3px;overflow:hidden;background:#000;background:rgba(0,0,0,0.8);-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;-webkit-box-shadow:0 3px 7px rgba(0,0,0,0.3);-moz-box-shadow:0 3px 7px rgba(0,0,0,0.3);box-shadow:0 3px 7px rgba(0,0,0,0.3)}.popover-title{padding:9px 15px;line-height:1;background-color:#f5f5f5;border-bottom:1px solid #eee;-webkit-border-radius:3px 3px 0 0;-moz-border-radius:3px 3px 0 0;border-radius:3px 3px 0 0}.popover-content{padding:14px;background-color:#fff;-webkit-border-radius:0 0 3px 3px;-moz-border-radius:0 0 3px 3px;border-radius:0 0 3px 3px;-webkit-background-clip:padding-box;-moz-background-clip:padding-box;background-clip:padding-box}.popover-content p,.popover-content ul,.popover-content ol{margin-bottom:0}.thumbnails{margin-left:-20px;list-style:none;*zoom:1}.thumbnails:before,.thumbnails:after{display:table;content:""}.thumbnails:after{clear:both}.row-fluid .thumbnails{margin-left:0}.thumbnails>li{float:left;margin-bottom:18px;margin-left:20px}.thumbnail{display:block;padding:4px;line-height:1;border:1px solid #ddd;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:0 1px 1px rgba(0,0,0,0.075);box-shadow:0 1px 1px rgba(0,0,0,0.075)}a.thumbnail:hover{border-color:#08c;-webkit-box-shadow:0 1px 4px rgba(0,105,214,0.25);-moz-box-shadow:0 1px 4px rgba(0,105,214,0.25);box-shadow:0 1px 4px rgba(0,105,214,0.25)}.thumbnail>img{display:block;max-width:100%;margin-right:auto;margin-left:auto}.thumbnail .caption{padding:9px}.label,.badge{font-size:10.998px;font-weight:bold;line-height:14px;color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);white-space:nowrap;vertical-align:baseline;background-color:#999}.label{padding:1px 4px 2px;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px}.badge{padding:1px 9px 2px;-webkit-border-radius:9px;-moz-border-radius:9px;border-radius:9px}a.label:hover,a.badge:hover{color:#fff;text-decoration:none;cursor:pointer}.label-important,.badge-important{background-color:#b94a48}.label-important[href],.badge-important[href]{background-color:#953b39}.label-warning,.badge-warning{background-color:#f89406}.label-warning[href],.badge-warning[href]{background-color:#c67605}.label-success,.badge-success{background-color:#468847}.label-success[href],.badge-success[href]{background-color:#356635}.label-info,.badge-info{background-color:#3a87ad}.label-info[href],.badge-info[href]{background-color:#2d6987}.label-inverse,.badge-inverse{background-color:#333}.label-inverse[href],.badge-inverse[href]{background-color:#1a1a1a}@-webkit-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-moz-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-ms-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-o-keyframes progress-bar-stripes{from{background-position:0 0}to{background-position:40px 0}}@keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}.progress{height:18px;margin-bottom:18px;overflow:hidden;background-color:#f7f7f7;background-image:-moz-linear-gradient(top,#f5f5f5,#f9f9f9);background-image:-ms-linear-gradient(top,#f5f5f5,#f9f9f9);background-image:-webkit-gradient(linear,0 0,0 100%,from(#f5f5f5),to(#f9f9f9));background-image:-webkit-linear-gradient(top,#f5f5f5,#f9f9f9);background-image:-o-linear-gradient(top,#f5f5f5,#f9f9f9);background-image:linear-gradient(top,#f5f5f5,#f9f9f9);background-repeat:repeat-x;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;filter:progid:dximagetransform.microsoft.gradient(startColorstr='#f5f5f5',endColorstr='#f9f9f9',GradientType=0);-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1);-moz-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1);box-shadow:inset 0 1px 2px rgba(0,0,0,0.1)}.progress .bar{width:0;height:18px;font-size:12px;color:#fff;text-align:center;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#0e90d2;background-image:-moz-linear-gradient(top,#149bdf,#0480be);background-image:-webkit-gradient(linear,0 0,0 100%,from(#149bdf),to(#0480be));background-image:-webkit-linear-gradient(top,#149bdf,#0480be);background-image:-o-linear-gradient(top,#149bdf,#0480be);background-image:linear-gradient(top,#149bdf,#0480be);background-image:-ms-linear-gradient(top,#149bdf,#0480be);background-repeat:repeat-x;filter:progid:dximagetransform.microsoft.gradient(startColorstr='#149bdf',endColorstr='#0480be',GradientType=0);-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);-moz-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);-webkit-box-sizing:border-box;-moz-box-sizing:border-box;-ms-box-sizing:border-box;box-sizing:border-box;-webkit-transition:width .6s ease;-moz-transition:width .6s ease;-ms-transition:width .6s ease;-o-transition:width .6s ease;transition:width .6s ease}.progress-striped .bar{background-color:#149bdf;background-image:-o-linear-gradient(-45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-webkit-linear-gradient(-45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(-45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-ms-linear-gradient(-45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:linear-gradient(-45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);-webkit-background-size:40px 40px;-moz-background-size:40px 40px;-o-background-size:40px 40px;background-size:40px 40px}.progress.active .bar{-webkit-animation:progress-bar-stripes 2s linear infinite;-moz-animation:progress-bar-stripes 2s linear infinite;-ms-animation:progress-bar-stripes 2s linear infinite;-o-animation:progress-bar-stripes 2s linear infinite;animation:progress-bar-stripes 2s linear infinite}.progress-danger .bar{background-color:#dd514c;background-image:-moz-linear-gradient(top,#ee5f5b,#c43c35);background-image:-ms-linear-gradient(top,#ee5f5b,#c43c35);background-image:-webkit-gradient(linear,0 0,0 100%,from(#ee5f5b),to(#c43c35));background-image:-webkit-linear-gradient(top,#ee5f5b,#c43c35);background-image:-o-linear-gradient(top,#ee5f5b,#c43c35);background-image:linear-gradient(top,#ee5f5b,#c43c35);background-repeat:repeat-x;filter:progid:dximagetransform.microsoft.gradient(startColorstr='#ee5f5b',endColorstr='#c43c35',GradientType=0)}.progress-danger.progress-striped .bar{background-color:#ee5f5b;background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(-45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(-45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-ms-linear-gradient(-45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(-45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(-45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.progress-success .bar{background-color:#5eb95e;background-image:-moz-linear-gradient(top,#62c462,#57a957);background-image:-ms-linear-gradient(top,#62c462,#57a957);background-image:-webkit-gradient(linear,0 0,0 100%,from(#62c462),to(#57a957));background-image:-webkit-linear-gradient(top,#62c462,#57a957);background-image:-o-linear-gradient(top,#62c462,#57a957);background-image:linear-gradient(top,#62c462,#57a957);background-repeat:repeat-x;filter:progid:dximagetransform.microsoft.gradient(startColorstr='#62c462',endColorstr='#57a957',GradientType=0)}.progress-success.progress-striped .bar{background-color:#62c462;background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(-45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(-45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-ms-linear-gradient(-45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(-45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(-45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.progress-info .bar{background-color:#4bb1cf;background-image:-moz-linear-gradient(top,#5bc0de,#339bb9);background-image:-ms-linear-gradient(top,#5bc0de,#339bb9);background-image:-webkit-gradient(linear,0 0,0 100%,from(#5bc0de),to(#339bb9));background-image:-webkit-linear-gradient(top,#5bc0de,#339bb9);background-image:-o-linear-gradient(top,#5bc0de,#339bb9);background-image:linear-gradient(top,#5bc0de,#339bb9);background-repeat:repeat-x;filter:progid:dximagetransform.microsoft.gradient(startColorstr='#5bc0de',endColorstr='#339bb9',GradientType=0)}.progress-info.progress-striped .bar{background-color:#5bc0de;background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(-45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(-45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-ms-linear-gradient(-45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(-45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(-45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.progress-warning .bar{background-color:#faa732;background-image:-moz-linear-gradient(top,#fbb450,#f89406);background-image:-ms-linear-gradient(top,#fbb450,#f89406);background-image:-webkit-gradient(linear,0 0,0 100%,from(#fbb450),to(#f89406));background-image:-webkit-linear-gradient(top,#fbb450,#f89406);background-image:-o-linear-gradient(top,#fbb450,#f89406);background-image:linear-gradient(top,#fbb450,#f89406);background-repeat:repeat-x;filter:progid:dximagetransform.microsoft.gradient(startColorstr='#fbb450',endColorstr='#f89406',GradientType=0)}.progress-warning.progress-striped .bar{background-color:#fbb450;background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(-45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(-45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-ms-linear-gradient(-45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(-45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(-45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.accordion{margin-bottom:18px}.accordion-group{margin-bottom:2px;border:1px solid #e5e5e5;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}.accordion-heading{border-bottom:0}.accordion-heading .accordion-toggle{display:block;padding:8px 15px}.accordion-toggle{cursor:pointer}.accordion-inner{padding:9px 15px;border-top:1px solid #e5e5e5}.carousel{position:relative;margin-bottom:18px;line-height:1}.carousel-inner{position:relative;width:100%;overflow:hidden}.carousel .item{position:relative;display:none;-webkit-transition:.6s ease-in-out left;-moz-transition:.6s ease-in-out left;-ms-transition:.6s ease-in-out left;-o-transition:.6s ease-in-out left;transition:.6s ease-in-out left}.carousel .item>img{display:block;line-height:1}.carousel .active,.carousel .next,.carousel .prev{display:block}.carousel .active{left:0}.carousel .next,.carousel .prev{position:absolute;top:0;width:100%}.carousel .next{left:100%}.carousel .prev{left:-100%}.carousel .next.left,.carousel .prev.right{left:0}.carousel .active.left{left:-100%}.carousel .active.right{left:100%}.carousel-control{position:absolute;top:40%;left:15px;width:40px;height:40px;margin-top:-20px;font-size:60px;font-weight:100;line-height:30px;color:#fff;text-align:center;background:#222;border:3px solid #fff;-webkit-border-radius:23px;-moz-border-radius:23px;border-radius:23px;opacity:.5;filter:alpha(opacity=50)}.carousel-control.right{right:15px;left:auto}.carousel-control:hover{color:#fff;text-decoration:none;opacity:.9;filter:alpha(opacity=90)}.carousel-caption{position:absolute;right:0;bottom:0;left:0;padding:10px 15px 5px;background:#333;background:rgba(0,0,0,0.75)}.carousel-caption h4,.carousel-caption p{color:#fff}.hero-unit{padding:60px;margin-bottom:30px;background-color:#eee;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px}.hero-unit h1{margin-bottom:0;font-size:60px;line-height:1;letter-spacing:-1px;color:inherit}.hero-unit p{font-size:18px;font-weight:200;line-height:27px;color:inherit}.pull-right{float:right}.pull-left{float:left}.hide{display:none}.show{display:block}.invisible{visibility:hidden} + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +article, aside, details, figcaption, figure, footer, header, hgroup, nav, section { + display: block +} + +audio, canvas, video { + display: inline-block; + *display: inline; + *zoom: 1 +} + +audio:not([controls]) { + display: none +} + +html { + font-size: 100%; + -webkit-text-size-adjust: 100%; + -ms-text-size-adjust: 100% +} + +a:focus { + outline: thin dotted #333; + outline: 5px auto -webkit-focus-ring-color; + outline-offset: -2px +} + +a:hover, a:active { + outline: 0 +} + +sub, sup { + position: relative; + font-size: 75%; + line-height: 0; + vertical-align: baseline +} + +sup { + top: -0.5em +} + +sub { + bottom: -0.25em +} + +img { + max-width: 100%; + vertical-align: middle; + border: 0; + -ms-interpolation-mode: bicubic +} + +button, input, select, textarea { + margin: 0; + font-size: 100%; + vertical-align: middle +} + +button, input { + *overflow: visible; + line-height: normal +} + +button::-moz-focus-inner, input::-moz-focus-inner { + padding: 0; + border: 0 +} + +button, input[type="button"], input[type="reset"], input[type="submit"] { + cursor: pointer; + -webkit-appearance: button +} + +input[type="search"] { + -webkit-box-sizing: content-box; + -moz-box-sizing: content-box; + box-sizing: content-box; + -webkit-appearance: textfield +} + +input[type="search"]::-webkit-search-decoration, input[type="search"]::-webkit-search-cancel-button { + -webkit-appearance: none +} + +textarea { + overflow: auto; + vertical-align: top +} + +.clearfix { + *zoom: 1 +} + +.clearfix:before, .clearfix:after { + display: table; + content: "" +} + +.clearfix:after { + clear: both +} + +.hide-text { + font: 0/0 a; + color: transparent; + text-shadow: none; + background-color: transparent; + border: 0 +} + +.input-block-level { + display: block; + width: 100%; + min-height: 28px; + -webkit-box-sizing: border-box; + -moz-box-sizing: border-box; + -ms-box-sizing: border-box; + box-sizing: border-box +} + +body { + margin: 0; + font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; + font-size: 13px; + line-height: 18px; + color: #333; + background-color: #fff +} + +a { + color: #08c; + text-decoration: none +} + +a:hover { + color: #005580; + text-decoration: underline +} + +.row { + margin-left: -20px; + *zoom: 1 +} + +.row:before, .row:after { + display: table; + content: "" +} + +.row:after { + clear: both +} + +[class*="span"] { + float: left; + margin-left: 20px +} + +.container, .navbar-fixed-top .container, .navbar-fixed-bottom .container { + width: 940px +} + +.span12 { + width: 940px +} + +.span11 { + width: 860px +} + +.span10 { + width: 780px +} + +.span9 { + width: 700px +} + +.span8 { + width: 620px +} + +.span7 { + width: 540px +} + +.span6 { + width: 460px +} + +.span5 { + width: 380px +} + +.span4 { + width: 300px +} + +.span3 { + width: 220px +} + +.span2 { + width: 140px +} + +.span1 { + width: 60px +} + +.offset12 { + margin-left: 980px +} + +.offset11 { + margin-left: 900px +} + +.offset10 { + margin-left: 820px +} + +.offset9 { + margin-left: 740px +} + +.offset8 { + margin-left: 660px +} + +.offset7 { + margin-left: 580px +} + +.offset6 { + margin-left: 500px +} + +.offset5 { + margin-left: 420px +} + +.offset4 { + margin-left: 340px +} + +.offset3 { + margin-left: 260px +} + +.offset2 { + margin-left: 180px +} + +.offset1 { + margin-left: 100px +} + +.row-fluid { + width: 100%; + *zoom: 1 +} + +.row-fluid:before, .row-fluid:after { + display: table; + content: "" +} + +.row-fluid:after { + clear: both +} + +.row-fluid [class*="span"] { + display: block; + float: left; + width: 100%; + min-height: 28px; + margin-left: 2.127659574%; + *margin-left: 2.0744680846382977%; + -webkit-box-sizing: border-box; + -moz-box-sizing: border-box; + -ms-box-sizing: border-box; + box-sizing: border-box +} + +.row-fluid [class*="span"]:first-child { + margin-left: 0 +} + +.row-fluid .span12 { + width: 99.99999998999999%; + *width: 99.94680850063828% +} + +.row-fluid .span11 { + width: 91.489361693%; + *width: 91.4361702036383% +} + +.row-fluid .span10 { + width: 82.97872339599999%; + *width: 82.92553190663828% +} + +.row-fluid .span9 { + width: 74.468085099%; + *width: 74.4148936096383% +} + +.row-fluid .span8 { + width: 65.95744680199999%; + *width: 65.90425531263828% +} + +.row-fluid .span7 { + width: 57.446808505%; + *width: 57.3936170156383% +} + +.row-fluid .span6 { + width: 48.93617020799999%; + *width: 48.88297871863829% +} + +.row-fluid .span5 { + width: 40.425531911%; + *width: 40.3723404216383% +} + +.row-fluid .span4 { + width: 31.914893614%; + *width: 31.8617021246383% +} + +.row-fluid .span3 { + width: 23.404255317%; + *width: 23.3510638276383% +} + +.row-fluid .span2 { + width: 14.89361702%; + *width: 14.8404255306383% +} + +.row-fluid .span1 { + width: 6.382978723%; + *width: 6.329787233638298% +} + +.container { + margin-right: auto; + margin-left: auto; + *zoom: 1 +} + +.container:before, .container:after { + display: table; + content: "" +} + +.container:after { + clear: both +} + +.container-fluid { + padding-right: 20px; + padding-left: 20px; + *zoom: 1 +} + +.container-fluid:before, .container-fluid:after { + display: table; + content: "" +} + +.container-fluid:after { + clear: both +} + +p { + margin: 0 0 9px; + font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; + font-size: 13px; + line-height: 18px +} + +p small { + font-size: 11px; + color: #999 +} + +.lead { + margin-bottom: 18px; + font-size: 20px; + font-weight: 200; + line-height: 27px +} + +h1, h2, h3, h4, h5, h6 { + margin: 0; + font-family: inherit; + font-weight: bold; + color: inherit; + text-rendering: optimizelegibility +} + +h1 small, h2 small, h3 small, h4 small, h5 small, h6 small { + font-weight: normal; + color: #999 +} + +h1 { + font-size: 30px; + line-height: 36px +} + +h1 small { + font-size: 18px +} + +h2 { + font-size: 24px; + line-height: 36px +} + +h2 small { + font-size: 18px +} + +h3 { + font-size: 18px; + line-height: 27px +} + +h3 small { + font-size: 14px +} + +h4, h5, h6 { + line-height: 18px +} + +h4 { + font-size: 14px +} + +h4 small { + font-size: 12px +} + +h5 { + font-size: 12px +} + +h6 { + font-size: 11px; + color: #999; + text-transform: uppercase +} + +.page-header { + padding-bottom: 17px; + margin: 18px 0; + border-bottom: 1px solid #eee +} + +.page-header h1 { + line-height: 1 +} + +ul, ol { + padding: 0; + margin: 0 0 9px 25px +} + +ul ul, ul ol, ol ol, ol ul { + margin-bottom: 0 +} + +ul { + list-style: disc +} + +ol { + list-style: decimal +} + +li { + line-height: 18px +} + +ul.unstyled, ol.unstyled { + margin-left: 0; + list-style: none +} + +dl { + margin-bottom: 18px +} + +dt, dd { + line-height: 18px +} + +dt { + font-weight: bold; + line-height: 17px +} + +dd { + margin-left: 9px +} + +.dl-horizontal dt { + float: left; + width: 120px; + overflow: hidden; + clear: left; + text-align: right; + text-overflow: ellipsis; + white-space: nowrap +} + +.dl-horizontal dd { + margin-left: 130px +} + +hr { + margin: 18px 0; + border: 0; + border-top: 1px solid #eee; + border-bottom: 1px solid #fff +} + +strong { + font-weight: bold +} + +em { + font-style: italic +} + +.muted { + color: #999 +} + +abbr[title] { + cursor: help; + border-bottom: 1px dotted #ddd +} + +abbr.initialism { + font-size: 90%; + text-transform: uppercase +} + +blockquote { + padding: 0 0 0 15px; + margin: 0 0 18px; + border-left: 5px solid #eee +} + +blockquote p { + margin-bottom: 0; + font-size: 16px; + font-weight: 300; + line-height: 22.5px +} + +blockquote small { + display: block; + line-height: 18px; + color: #999 +} + +blockquote small:before { + content: '\2014 \00A0' +} + +blockquote.pull-right { + float: right; + padding-right: 15px; + padding-left: 0; + border-right: 5px solid #eee; + border-left: 0 +} + +blockquote.pull-right p, blockquote.pull-right small { + text-align: right +} + +q:before, q:after, blockquote:before, blockquote:after { + content: "" +} + +address { + display: block; + margin-bottom: 18px; + font-style: normal; + line-height: 18px +} + +small { + font-size: 100% +} + +cite { + font-style: normal +} + +code, pre { + padding: 0 3px 2px; + font-family: Menlo, Monaco, Consolas, "Courier New", monospace; + font-size: 12px; + color: #333; + -webkit-border-radius: 3px; + -moz-border-radius: 3px; + border-radius: 3px +} + +code { + padding: 2px 4px; + color: #d14; + background-color: #f7f7f9; + border: 1px solid #e1e1e8 +} + +pre { + display: block; + padding: 8.5px; + margin: 0 0 9px; + font-size: 12.025px; + line-height: 18px; + word-break: break-all; + word-wrap: break-word; + white-space: pre; + white-space: pre-wrap; + background-color: #f5f5f5; + border: 1px solid #ccc; + border: 1px solid rgba(0, 0, 0, 0.15); + -webkit-border-radius: 4px; + -moz-border-radius: 4px; + border-radius: 4px +} + +pre.prettyprint { + margin-bottom: 18px +} + +pre code { + padding: 0; + color: inherit; + background-color: transparent; + border: 0 +} + +.pre-scrollable { + max-height: 340px; + overflow-y: scroll +} + +form { + margin: 0 0 18px +} + +fieldset { + padding: 0; + margin: 0; + border: 0 +} + +legend { + display: block; + width: 100%; + padding: 0; + margin-bottom: 27px; + font-size: 19.5px; + line-height: 36px; + color: #333; + border: 0; + border-bottom: 1px solid #eee +} + +legend small { + font-size: 13.5px; + color: #999 +} + +label, input, button, select, textarea { + font-size: 13px; + font-weight: normal; + line-height: 18px +} + +input, button, select, textarea { + font-family: "Helvetica Neue", Helvetica, Arial, sans-serif +} + +label { + display: block; + margin-bottom: 5px; + color: #333 +} + +input, textarea, select, .uneditable-input { + display: inline-block; + width: 210px; + height: 18px; + padding: 4px; + margin-bottom: 9px; + font-size: 13px; + line-height: 18px; + color: #555; + background-color: #fff; + border: 1px solid #ccc; + -webkit-border-radius: 3px; + -moz-border-radius: 3px; + border-radius: 3px +} + +.uneditable-textarea { + width: auto; + height: auto +} + +label input, label textarea, label select { + display: block +} + +input[type="image"], input[type="checkbox"], input[type="radio"] { + width: auto; + height: auto; + padding: 0; + margin: 3px 0; + *margin-top: 0; + line-height: normal; + cursor: pointer; + background-color: transparent; + border: 0 \9; + -webkit-border-radius: 0; + -moz-border-radius: 0; + border-radius: 0 +} + +input[type="image"] { + border: 0 +} + +input[type="file"] { + width: auto; + padding: initial; + line-height: initial; + background-color: #fff; + background-color: initial; + border: initial; + -webkit-box-shadow: none; + -moz-box-shadow: none; + box-shadow: none +} + +input[type="button"], input[type="reset"], input[type="submit"] { + width: auto; + height: auto +} + +select, input[type="file"] { + height: 28px; + *margin-top: 4px; + line-height: 28px +} + +input[type="file"] { + line-height: 18px \9 +} + +select { + width: 220px; + background-color: #fff +} + +select[multiple], select[size] { + height: auto +} + +input[type="image"] { + -webkit-box-shadow: none; + -moz-box-shadow: none; + box-shadow: none +} + +textarea { + height: auto +} + +input[type="hidden"] { + display: none +} + +.radio, .checkbox { + min-height: 18px; + padding-left: 18px +} + +.radio input[type="radio"], .checkbox input[type="checkbox"] { + float: left; + margin-left: -18px +} + +.controls > .radio:first-child, .controls > .checkbox:first-child { + padding-top: 5px +} + +.radio.inline, .checkbox.inline { + display: inline-block; + padding-top: 5px; + margin-bottom: 0; + vertical-align: middle +} + +.radio.inline + .radio.inline, .checkbox.inline + .checkbox.inline { + margin-left: 10px +} + +input, textarea { + -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); + -moz-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); + box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); + -webkit-transition: border linear .2s, box-shadow linear .2s; + -moz-transition: border linear .2s, box-shadow linear .2s; + -ms-transition: border linear .2s, box-shadow linear .2s; + -o-transition: border linear .2s, box-shadow linear .2s; + transition: border linear .2s, box-shadow linear .2s +} + +input:focus, textarea:focus { + border-color: rgba(82, 168, 236, 0.8); + outline: 0; + outline: thin dotted \9; + -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 8px rgba(82, 168, 236, 0.6); + -moz-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 8px rgba(82, 168, 236, 0.6); + box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 8px rgba(82, 168, 236, 0.6) +} + +input[type="file"]:focus, input[type="radio"]:focus, input[type="checkbox"]:focus, select:focus { + outline: thin dotted #333; + outline: 5px auto -webkit-focus-ring-color; + outline-offset: -2px; + -webkit-box-shadow: none; + -moz-box-shadow: none; + box-shadow: none +} + +.input-mini { + width: 60px +} + +.input-small { + width: 90px +} + +.input-medium { + width: 150px +} + +.input-large { + width: 210px +} + +.input-xlarge { + width: 270px +} + +.input-xxlarge { + width: 530px +} + +input[class*="span"], select[class*="span"], textarea[class*="span"], .uneditable-input[class*="span"], .row-fluid input[class*="span"], .row-fluid select[class*="span"], .row-fluid textarea[class*="span"], .row-fluid .uneditable-input[class*="span"] { + float: none; + margin-left: 0 +} + +input, textarea, .uneditable-input { + margin-left: 0 +} + +input.span12, textarea.span12, .uneditable-input.span12 { + width: 930px +} + +input.span11, textarea.span11, .uneditable-input.span11 { + width: 850px +} + +input.span10, textarea.span10, .uneditable-input.span10 { + width: 770px +} + +input.span9, textarea.span9, .uneditable-input.span9 { + width: 690px +} + +input.span8, textarea.span8, .uneditable-input.span8 { + width: 610px +} + +input.span7, textarea.span7, .uneditable-input.span7 { + width: 530px +} + +input.span6, textarea.span6, .uneditable-input.span6 { + width: 450px +} + +input.span5, textarea.span5, .uneditable-input.span5 { + width: 370px +} + +input.span4, textarea.span4, .uneditable-input.span4 { + width: 290px +} + +input.span3, textarea.span3, .uneditable-input.span3 { + width: 210px +} + +input.span2, textarea.span2, .uneditable-input.span2 { + width: 130px +} + +input.span1, textarea.span1, .uneditable-input.span1 { + width: 50px +} + +input[disabled], select[disabled], textarea[disabled], input[readonly], select[readonly], textarea[readonly] { + cursor: not-allowed; + background-color: #eee; + border-color: #ddd +} + +input[type="radio"][disabled], input[type="checkbox"][disabled], input[type="radio"][readonly], input[type="checkbox"][readonly] { + background-color: transparent +} + +.control-group.warning > label, .control-group.warning .help-block, .control-group.warning .help-inline { + color: #c09853 +} + +.control-group.warning input, .control-group.warning select, .control-group.warning textarea { + color: #c09853; + border-color: #c09853 +} + +.control-group.warning input:focus, .control-group.warning select:focus, .control-group.warning textarea:focus { + border-color: #a47e3c; + -webkit-box-shadow: 0 0 6px #dbc59e; + -moz-box-shadow: 0 0 6px #dbc59e; + box-shadow: 0 0 6px #dbc59e +} + +.control-group.warning .input-prepend .add-on, .control-group.warning .input-append .add-on { + color: #c09853; + background-color: #fcf8e3; + border-color: #c09853 +} + +.control-group.error > label, .control-group.error .help-block, .control-group.error .help-inline { + color: #b94a48 +} + +.control-group.error input, .control-group.error select, .control-group.error textarea { + color: #b94a48; + border-color: #b94a48 +} + +.control-group.error input:focus, .control-group.error select:focus, .control-group.error textarea:focus { + border-color: #953b39; + -webkit-box-shadow: 0 0 6px #d59392; + -moz-box-shadow: 0 0 6px #d59392; + box-shadow: 0 0 6px #d59392 +} + +.control-group.error .input-prepend .add-on, .control-group.error .input-append .add-on { + color: #b94a48; + background-color: #f2dede; + border-color: #b94a48 +} + +.control-group.success > label, .control-group.success .help-block, .control-group.success .help-inline { + color: #468847 +} + +.control-group.success input, .control-group.success select, .control-group.success textarea { + color: #468847; + border-color: #468847 +} + +.control-group.success input:focus, .control-group.success select:focus, .control-group.success textarea:focus { + border-color: #356635; + -webkit-box-shadow: 0 0 6px #7aba7b; + -moz-box-shadow: 0 0 6px #7aba7b; + box-shadow: 0 0 6px #7aba7b +} + +.control-group.success .input-prepend .add-on, .control-group.success .input-append .add-on { + color: #468847; + background-color: #dff0d8; + border-color: #468847 +} + +input:focus:required:invalid, textarea:focus:required:invalid, select:focus:required:invalid { + color: #b94a48; + border-color: #ee5f5b +} + +input:focus:required:invalid:focus, textarea:focus:required:invalid:focus, select:focus:required:invalid:focus { + border-color: #e9322d; + -webkit-box-shadow: 0 0 6px #f8b9b7; + -moz-box-shadow: 0 0 6px #f8b9b7; + box-shadow: 0 0 6px #f8b9b7 +} + +.form-actions { + padding: 17px 20px 18px; + margin-top: 18px; + margin-bottom: 18px; + background-color: #f5f5f5; + border-top: 1px solid #ddd; + *zoom: 1 +} + +.form-actions:before, .form-actions:after { + display: table; + content: "" +} + +.form-actions:after { + clear: both +} + +.uneditable-input { + overflow: hidden; + white-space: nowrap; + cursor: not-allowed; + background-color: #fff; + border-color: #eee; + -webkit-box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.025); + -moz-box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.025); + box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.025) +} + +:-moz-placeholder { + color: #999 +} + +::-webkit-input-placeholder { + color: #999 +} + +.help-block, .help-inline { + color: #555 +} + +.help-block { + display: block; + margin-bottom: 9px +} + +.help-inline { + display: inline-block; + *display: inline; + padding-left: 5px; + vertical-align: middle; + *zoom: 1 +} + +.input-prepend, .input-append { + margin-bottom: 5px +} + +.input-prepend input, .input-append input, .input-prepend select, .input-append select, .input-prepend .uneditable-input, .input-append .uneditable-input { + position: relative; + margin-bottom: 0; + *margin-left: 0; + vertical-align: middle; + -webkit-border-radius: 0 3px 3px 0; + -moz-border-radius: 0 3px 3px 0; + border-radius: 0 3px 3px 0 +} + +.input-prepend input:focus, .input-append input:focus, .input-prepend select:focus, .input-append select:focus, .input-prepend .uneditable-input:focus, .input-append .uneditable-input:focus { + z-index: 2 +} + +.input-prepend .uneditable-input, .input-append .uneditable-input { + border-left-color: #ccc +} + +.input-prepend .add-on, .input-append .add-on { + display: inline-block; + width: auto; + height: 18px; + min-width: 16px; + padding: 4px 5px; + font-weight: normal; + line-height: 18px; + text-align: center; + text-shadow: 0 1px 0 #fff; + vertical-align: middle; + background-color: #eee; + border: 1px solid #ccc +} + +.input-prepend .add-on, .input-append .add-on, .input-prepend .btn, .input-append .btn { + margin-left: -1px; + -webkit-border-radius: 0; + -moz-border-radius: 0; + border-radius: 0 +} + +.input-prepend .active, .input-append .active { + background-color: #a9dba9; + border-color: #46a546 +} + +.input-prepend .add-on, .input-prepend .btn { + margin-right: -1px +} + +.input-prepend .add-on:first-child, .input-prepend .btn:first-child { + -webkit-border-radius: 3px 0 0 3px; + -moz-border-radius: 3px 0 0 3px; + border-radius: 3px 0 0 3px +} + +.input-append input, .input-append select, .input-append .uneditable-input { + -webkit-border-radius: 3px 0 0 3px; + -moz-border-radius: 3px 0 0 3px; + border-radius: 3px 0 0 3px +} + +.input-append .uneditable-input { + border-right-color: #ccc; + border-left-color: #eee +} + +.input-append .add-on:last-child, .input-append .btn:last-child { + -webkit-border-radius: 0 3px 3px 0; + -moz-border-radius: 0 3px 3px 0; + border-radius: 0 3px 3px 0 +} + +.input-prepend.input-append input, .input-prepend.input-append select, .input-prepend.input-append .uneditable-input { + -webkit-border-radius: 0; + -moz-border-radius: 0; + border-radius: 0 +} + +.input-prepend.input-append .add-on:first-child, .input-prepend.input-append .btn:first-child { + margin-right: -1px; + -webkit-border-radius: 3px 0 0 3px; + -moz-border-radius: 3px 0 0 3px; + border-radius: 3px 0 0 3px +} + +.input-prepend.input-append .add-on:last-child, .input-prepend.input-append .btn:last-child { + margin-left: -1px; + -webkit-border-radius: 0 3px 3px 0; + -moz-border-radius: 0 3px 3px 0; + border-radius: 0 3px 3px 0 +} + +.search-query { + padding-right: 14px; + padding-right: 4px \9; + padding-left: 14px; + padding-left: 4px \9; + margin-bottom: 0; + -webkit-border-radius: 14px; + -moz-border-radius: 14px; + border-radius: 14px +} + +.form-search input, .form-inline input, .form-horizontal input, .form-search textarea, .form-inline textarea, .form-horizontal textarea, .form-search select, .form-inline select, .form-horizontal select, .form-search .help-inline, .form-inline .help-inline, .form-horizontal .help-inline, .form-search .uneditable-input, .form-inline .uneditable-input, .form-horizontal .uneditable-input, .form-search .input-prepend, .form-inline .input-prepend, .form-horizontal .input-prepend, .form-search .input-append, .form-inline .input-append, .form-horizontal .input-append { + display: inline-block; + *display: inline; + margin-bottom: 0; + *zoom: 1 +} + +.form-search .hide, .form-inline .hide, .form-horizontal .hide { + display: none +} + +.form-search label, .form-inline label { + display: inline-block +} + +.form-search .input-append, .form-inline .input-append, .form-search .input-prepend, .form-inline .input-prepend { + margin-bottom: 0 +} + +.form-search .radio, .form-search .checkbox, .form-inline .radio, .form-inline .checkbox { + padding-left: 0; + margin-bottom: 0; + vertical-align: middle +} + +.form-search .radio input[type="radio"], .form-search .checkbox input[type="checkbox"], .form-inline .radio input[type="radio"], .form-inline .checkbox input[type="checkbox"] { + float: left; + margin-right: 3px; + margin-left: 0 +} + +.control-group { + margin-bottom: 9px +} + +legend + .control-group { + margin-top: 18px; + -webkit-margin-top-collapse: separate +} + +.form-horizontal .control-group { + margin-bottom: 18px; + *zoom: 1 +} + +.form-horizontal .control-group:before, .form-horizontal .control-group:after { + display: table; + content: "" +} + +.form-horizontal .control-group:after { + clear: both +} + +.form-horizontal .control-label { + float: left; + width: 140px; + padding-top: 5px; + text-align: right +} + +.form-horizontal .controls { + *display: inline-block; + *padding-left: 20px; + margin-left: 160px; + *margin-left: 0 +} + +.form-horizontal .controls:first-child { + *padding-left: 160px +} + +.form-horizontal .help-block { + margin-top: 9px; + margin-bottom: 0 +} + +.form-horizontal .form-actions { + padding-left: 160px +} + +table { + max-width: 100%; + background-color: transparent; + border-collapse: collapse; + border-spacing: 0 +} + +.table { + width: 100%; + margin-bottom: 18px +} + +.table th, .table td { + padding: 8px; + line-height: 18px; + text-align: left; + vertical-align: top; + border-top: 1px solid #ddd +} + +.table th { + font-weight: bold +} + +.table thead th { + vertical-align: bottom +} + +.table caption + thead tr:first-child th, .table caption + thead tr:first-child td, .table colgroup + thead tr:first-child th, .table colgroup + thead tr:first-child td, .table thead:first-child tr:first-child th, .table thead:first-child tr:first-child td { + border-top: 0 +} + +.table tbody + tbody { + border-top: 2px solid #ddd +} + +.table-condensed th, .table-condensed td { + padding: 4px 5px +} + +.table-bordered { + border: 1px solid #ddd; + border-collapse: separate; + *border-collapse: collapsed; + border-left: 0; + -webkit-border-radius: 4px; + -moz-border-radius: 4px; + border-radius: 4px +} + +.table-bordered th, .table-bordered td { + border-left: 1px solid #ddd +} + +.table-bordered caption + thead tr:first-child th, .table-bordered caption + tbody tr:first-child th, .table-bordered caption + tbody tr:first-child td, .table-bordered colgroup + thead tr:first-child th, .table-bordered colgroup + tbody tr:first-child th, .table-bordered colgroup + tbody tr:first-child td, .table-bordered thead:first-child tr:first-child th, .table-bordered tbody:first-child tr:first-child th, .table-bordered tbody:first-child tr:first-child td { + border-top: 0 +} + +.table-bordered thead:first-child tr:first-child th:first-child, .table-bordered tbody:first-child tr:first-child td:first-child { + -webkit-border-top-left-radius: 4px; + border-top-left-radius: 4px; + -moz-border-radius-topleft: 4px +} + +.table-bordered thead:first-child tr:first-child th:last-child, .table-bordered tbody:first-child tr:first-child td:last-child { + -webkit-border-top-right-radius: 4px; + border-top-right-radius: 4px; + -moz-border-radius-topright: 4px +} + +.table-bordered thead:last-child tr:last-child th:first-child, .table-bordered tbody:last-child tr:last-child td:first-child { + -webkit-border-radius: 0 0 0 4px; + -moz-border-radius: 0 0 0 4px; + border-radius: 0 0 0 4px; + -webkit-border-bottom-left-radius: 4px; + border-bottom-left-radius: 4px; + -moz-border-radius-bottomleft: 4px +} + +.table-bordered thead:last-child tr:last-child th:last-child, .table-bordered tbody:last-child tr:last-child td:last-child { + -webkit-border-bottom-right-radius: 4px; + border-bottom-right-radius: 4px; + -moz-border-radius-bottomright: 4px +} + +.table-striped tbody tr:nth-child(odd) td, .table-striped tbody tr:nth-child(odd) th { + background-color: #f9f9f9 +} + +.table tbody tr:hover td, .table tbody tr:hover th { + background-color: #f5f5f5 +} + +table .span1 { + float: none; + width: 44px; + margin-left: 0 +} + +table .span2 { + float: none; + width: 124px; + margin-left: 0 +} + +table .span3 { + float: none; + width: 204px; + margin-left: 0 +} + +table .span4 { + float: none; + width: 284px; + margin-left: 0 +} + +table .span5 { + float: none; + width: 364px; + margin-left: 0 +} + +table .span6 { + float: none; + width: 444px; + margin-left: 0 +} + +table .span7 { + float: none; + width: 524px; + margin-left: 0 +} + +table .span8 { + float: none; + width: 604px; + margin-left: 0 +} + +table .span9 { + float: none; + width: 684px; + margin-left: 0 +} + +table .span10 { + float: none; + width: 764px; + margin-left: 0 +} + +table .span11 { + float: none; + width: 844px; + margin-left: 0 +} + +table .span12 { + float: none; + width: 924px; + margin-left: 0 +} + +table .span13 { + float: none; + width: 1004px; + margin-left: 0 +} + +table .span14 { + float: none; + width: 1084px; + margin-left: 0 +} + +table .span15 { + float: none; + width: 1164px; + margin-left: 0 +} + +table .span16 { + float: none; + width: 1244px; + margin-left: 0 +} + +table .span17 { + float: none; + width: 1324px; + margin-left: 0 +} + +table .span18 { + float: none; + width: 1404px; + margin-left: 0 +} + +table .span19 { + float: none; + width: 1484px; + margin-left: 0 +} + +table .span20 { + float: none; + width: 1564px; + margin-left: 0 +} + +table .span21 { + float: none; + width: 1644px; + margin-left: 0 +} + +table .span22 { + float: none; + width: 1724px; + margin-left: 0 +} + +table .span23 { + float: none; + width: 1804px; + margin-left: 0 +} + +table .span24 { + float: none; + width: 1884px; + margin-left: 0 +} + +[class^="icon-"], [class*=" icon-"] { + display: inline-block; + width: 14px; + height: 14px; + *margin-right: .3em; + line-height: 14px; + vertical-align: text-top; + background-image: url("../img/glyphicons-halflings.png"); + background-position: 14px 14px; + background-repeat: no-repeat +} + +[class^="icon-"]:last-child, [class*=" icon-"]:last-child { + *margin-left: 0 +} + +.icon-white { + background-image: url("../img/glyphicons-halflings-white.png") +} + +.icon-glass { + background-position: 0 0 +} + +.icon-music { + background-position: -24px 0 +} + +.icon-search { + background-position: -48px 0 +} + +.icon-envelope { + background-position: -72px 0 +} + +.icon-heart { + background-position: -96px 0 +} + +.icon-star { + background-position: -120px 0 +} + +.icon-star-empty { + background-position: -144px 0 +} + +.icon-user { + background-position: -168px 0 +} + +.icon-film { + background-position: -192px 0 +} + +.icon-th-large { + background-position: -216px 0 +} + +.icon-th { + background-position: -240px 0 +} + +.icon-th-list { + background-position: -264px 0 +} + +.icon-ok { + background-position: -288px 0 +} + +.icon-remove { + background-position: -312px 0 +} + +.icon-zoom-in { + background-position: -336px 0 +} + +.icon-zoom-out { + background-position: -360px 0 +} + +.icon-off { + background-position: -384px 0 +} + +.icon-signal { + background-position: -408px 0 +} + +.icon-cog { + background-position: -432px 0 +} + +.icon-trash { + background-position: -456px 0 +} + +.icon-home { + background-position: 0 -24px +} + +.icon-file { + background-position: -24px -24px +} + +.icon-time { + background-position: -48px -24px +} + +.icon-road { + background-position: -72px -24px +} + +.icon-download-alt { + background-position: -96px -24px +} + +.icon-download { + background-position: -120px -24px +} + +.icon-upload { + background-position: -144px -24px +} + +.icon-inbox { + background-position: -168px -24px +} + +.icon-play-circle { + background-position: -192px -24px +} + +.icon-repeat { + background-position: -216px -24px +} + +.icon-refresh { + background-position: -240px -24px +} + +.icon-list-alt { + background-position: -264px -24px +} + +.icon-lock { + background-position: -287px -24px +} + +.icon-flag { + background-position: -312px -24px +} + +.icon-headphones { + background-position: -336px -24px +} + +.icon-volume-off { + background-position: -360px -24px +} + +.icon-volume-down { + background-position: -384px -24px +} + +.icon-volume-up { + background-position: -408px -24px +} + +.icon-qrcode { + background-position: -432px -24px +} + +.icon-barcode { + background-position: -456px -24px +} + +.icon-tag { + background-position: 0 -48px +} + +.icon-tags { + background-position: -25px -48px +} + +.icon-book { + background-position: -48px -48px +} + +.icon-bookmark { + background-position: -72px -48px +} + +.icon-print { + background-position: -96px -48px +} + +.icon-camera { + background-position: -120px -48px +} + +.icon-font { + background-position: -144px -48px +} + +.icon-bold { + background-position: -167px -48px +} + +.icon-italic { + background-position: -192px -48px +} + +.icon-text-height { + background-position: -216px -48px +} + +.icon-text-width { + background-position: -240px -48px +} + +.icon-align-left { + background-position: -264px -48px +} + +.icon-align-center { + background-position: -288px -48px +} + +.icon-align-right { + background-position: -312px -48px +} + +.icon-align-justify { + background-position: -336px -48px +} + +.icon-list { + background-position: -360px -48px +} + +.icon-indent-left { + background-position: -384px -48px +} + +.icon-indent-right { + background-position: -408px -48px +} + +.icon-facetime-video { + background-position: -432px -48px +} + +.icon-picture { + background-position: -456px -48px +} + +.icon-pencil { + background-position: 0 -72px +} + +.icon-map-marker { + background-position: -24px -72px +} + +.icon-adjust { + background-position: -48px -72px +} + +.icon-tint { + background-position: -72px -72px +} + +.icon-edit { + background-position: -96px -72px +} + +.icon-share { + background-position: -120px -72px +} + +.icon-check { + background-position: -144px -72px +} + +.icon-move { + background-position: -168px -72px +} + +.icon-step-backward { + background-position: -192px -72px +} + +.icon-fast-backward { + background-position: -216px -72px +} + +.icon-backward { + background-position: -240px -72px +} + +.icon-play { + background-position: -264px -72px +} + +.icon-pause { + background-position: -288px -72px +} + +.icon-stop { + background-position: -312px -72px +} + +.icon-forward { + background-position: -336px -72px +} + +.icon-fast-forward { + background-position: -360px -72px +} + +.icon-step-forward { + background-position: -384px -72px +} + +.icon-eject { + background-position: -408px -72px +} + +.icon-chevron-left { + background-position: -432px -72px +} + +.icon-chevron-right { + background-position: -456px -72px +} + +.icon-plus-sign { + background-position: 0 -96px +} + +.icon-minus-sign { + background-position: -24px -96px +} + +.icon-remove-sign { + background-position: -48px -96px +} + +.icon-ok-sign { + background-position: -72px -96px +} + +.icon-question-sign { + background-position: -96px -96px +} + +.icon-info-sign { + background-position: -120px -96px +} + +.icon-screenshot { + background-position: -144px -96px +} + +.icon-remove-circle { + background-position: -168px -96px +} + +.icon-ok-circle { + background-position: -192px -96px +} + +.icon-ban-circle { + background-position: -216px -96px +} + +.icon-arrow-left { + background-position: -240px -96px +} + +.icon-arrow-right { + background-position: -264px -96px +} + +.icon-arrow-up { + background-position: -289px -96px +} + +.icon-arrow-down { + background-position: -312px -96px +} + +.icon-share-alt { + background-position: -336px -96px +} + +.icon-resize-full { + background-position: -360px -96px +} + +.icon-resize-small { + background-position: -384px -96px +} + +.icon-plus { + background-position: -408px -96px +} + +.icon-minus { + background-position: -433px -96px +} + +.icon-asterisk { + background-position: -456px -96px +} + +.icon-exclamation-sign { + background-position: 0 -120px +} + +.icon-gift { + background-position: -24px -120px +} + +.icon-leaf { + background-position: -48px -120px +} + +.icon-fire { + background-position: -72px -120px +} + +.icon-eye-open { + background-position: -96px -120px +} + +.icon-eye-close { + background-position: -120px -120px +} + +.icon-warning-sign { + background-position: -144px -120px +} + +.icon-plane { + background-position: -168px -120px +} + +.icon-calendar { + background-position: -192px -120px +} + +.icon-random { + background-position: -216px -120px +} + +.icon-comment { + background-position: -240px -120px +} + +.icon-magnet { + background-position: -264px -120px +} + +.icon-chevron-up { + background-position: -288px -120px +} + +.icon-chevron-down { + background-position: -313px -119px +} + +.icon-retweet { + background-position: -336px -120px +} + +.icon-shopping-cart { + background-position: -360px -120px +} + +.icon-folder-close { + background-position: -384px -120px +} + +.icon-folder-open { + background-position: -408px -120px +} + +.icon-resize-vertical { + background-position: -432px -119px +} + +.icon-resize-horizontal { + background-position: -456px -118px +} + +.icon-hdd { + background-position: 0 -144px +} + +.icon-bullhorn { + background-position: -24px -144px +} + +.icon-bell { + background-position: -48px -144px +} + +.icon-certificate { + background-position: -72px -144px +} + +.icon-thumbs-up { + background-position: -96px -144px +} + +.icon-thumbs-down { + background-position: -120px -144px +} + +.icon-hand-right { + background-position: -144px -144px +} + +.icon-hand-left { + background-position: -168px -144px +} + +.icon-hand-up { + background-position: -192px -144px +} + +.icon-hand-down { + background-position: -216px -144px +} + +.icon-circle-arrow-right { + background-position: -240px -144px +} + +.icon-circle-arrow-left { + background-position: -264px -144px +} + +.icon-circle-arrow-up { + background-position: -288px -144px +} + +.icon-circle-arrow-down { + background-position: -312px -144px +} + +.icon-globe { + background-position: -336px -144px +} + +.icon-wrench { + background-position: -360px -144px +} + +.icon-tasks { + background-position: -384px -144px +} + +.icon-filter { + background-position: -408px -144px +} + +.icon-briefcase { + background-position: -432px -144px +} + +.icon-fullscreen { + background-position: -456px -144px +} + +.dropup, .dropdown { + position: relative +} + +.dropdown-toggle { + *margin-bottom: -3px +} + +.dropdown-toggle:active, .open .dropdown-toggle { + outline: 0 +} + +.caret { + display: inline-block; + width: 0; + height: 0; + vertical-align: top; + border-top: 4px solid #000; + border-right: 4px solid transparent; + border-left: 4px solid transparent; + content: ""; + opacity: .3; + filter: alpha(opacity=30) +} + +.dropdown .caret { + margin-top: 8px; + margin-left: 2px +} + +.dropdown:hover .caret, .open .caret { + opacity: 1; + filter: alpha(opacity=100) +} + +.dropdown-menu { + position: absolute; + top: 100%; + left: 0; + z-index: 1000; + display: none; + float: left; + min-width: 160px; + padding: 4px 0; + margin: 1px 0 0; + list-style: none; + background-color: #fff; + border: 1px solid #ccc; + border: 1px solid rgba(0, 0, 0, 0.2); + *border-right-width: 2px; + *border-bottom-width: 2px; + -webkit-border-radius: 5px; + -moz-border-radius: 5px; + border-radius: 5px; + -webkit-box-shadow: 0 5px 10px rgba(0, 0, 0, 0.2); + -moz-box-shadow: 0 5px 10px rgba(0, 0, 0, 0.2); + box-shadow: 0 5px 10px rgba(0, 0, 0, 0.2); + -webkit-background-clip: padding-box; + -moz-background-clip: padding; + background-clip: padding-box +} + +.dropdown-menu.pull-right { + right: 0; + left: auto +} + +.dropdown-menu .divider { + *width: 100%; + height: 1px; + margin: 8px 1px; + *margin: -5px 0 5px; + overflow: hidden; + background-color: #e5e5e5; + border-bottom: 1px solid #fff +} + +.dropdown-menu a { + display: block; + padding: 3px 15px; + clear: both; + font-weight: normal; + line-height: 18px; + color: #333; + white-space: nowrap +} + +.dropdown-menu li > a:hover, .dropdown-menu .active > a, .dropdown-menu .active > a:hover { + color: #fff; + text-decoration: none; + background-color: #08c +} + +.open { + *z-index: 1000 +} + +.open .dropdown-menu { + display: block +} + +.pull-right .dropdown-menu { + right: 0; + left: auto +} + +.dropup .caret, .navbar-fixed-bottom .dropdown .caret { + border-top: 0; + border-bottom: 4px solid #000; + content: "\2191" +} + +.dropup .dropdown-menu, .navbar-fixed-bottom .dropdown .dropdown-menu { + top: auto; + bottom: 100%; + margin-bottom: 1px +} + +.typeahead { + margin-top: 2px; + -webkit-border-radius: 4px; + -moz-border-radius: 4px; + border-radius: 4px +} + +.well { + min-height: 20px; + padding: 19px; + margin-bottom: 20px; + background-color: #f5f5f5; + border: 1px solid #eee; + border: 1px solid rgba(0, 0, 0, 0.05); + -webkit-border-radius: 4px; + -moz-border-radius: 4px; + border-radius: 4px; + -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.05); + -moz-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.05); + box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.05) +} + +.well blockquote { + border-color: #ddd; + border-color: rgba(0, 0, 0, 0.15) +} + +.well-large { + padding: 24px; + -webkit-border-radius: 6px; + -moz-border-radius: 6px; + border-radius: 6px +} + +.well-small { + padding: 9px; + -webkit-border-radius: 3px; + -moz-border-radius: 3px; + border-radius: 3px +} + +.fade { + opacity: 0; + filter: alpha(opacity=0); + -webkit-transition: opacity .15s linear; + -moz-transition: opacity .15s linear; + -ms-transition: opacity .15s linear; + -o-transition: opacity .15s linear; + transition: opacity .15s linear +} + +.fade.in { + opacity: 1; + filter: alpha(opacity=100) +} + +.collapse { + position: relative; + height: 0; + overflow: hidden; + -webkit-transition: height .35s ease; + -moz-transition: height .35s ease; + -ms-transition: height .35s ease; + -o-transition: height .35s ease; + transition: height .35s ease +} + +.collapse.in { + height: auto +} + +.close { + float: right; + font-size: 20px; + font-weight: bold; + line-height: 18px; + color: #000; + text-shadow: 0 1px 0 #fff; + opacity: .2; + filter: alpha(opacity=20) +} + +.close:hover { + color: #000; + text-decoration: none; + cursor: pointer; + opacity: .4; + filter: alpha(opacity=40) +} + +button.close { + padding: 0; + cursor: pointer; + background: transparent; + border: 0; + -webkit-appearance: none +} + +.btn { + display: inline-block; + *display: inline; + padding: 4px 10px 4px; + margin-bottom: 0; + *margin-left: .3em; + font-size: 13px; + line-height: 18px; + *line-height: 20px; + color: #333; + text-align: center; + text-shadow: 0 1px 1px rgba(255, 255, 255, 0.75); + vertical-align: middle; + cursor: pointer; + background-color: #f5f5f5; + *background-color: #e6e6e6; + background-image: -ms-linear-gradient(top, #fff, #e6e6e6); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#fff), to(#e6e6e6)); + background-image: -webkit-linear-gradient(top, #fff, #e6e6e6); + background-image: -o-linear-gradient(top, #fff, #e6e6e6); + background-image: linear-gradient(top, #fff, #e6e6e6); + background-image: -moz-linear-gradient(top, #fff, #e6e6e6); + background-repeat: repeat-x; + border: 1px solid #ccc; + *border: 0; + border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); + border-color: #e6e6e6 #e6e6e6 #bfbfbf; + border-bottom-color: #b3b3b3; + -webkit-border-radius: 4px; + -moz-border-radius: 4px; + border-radius: 4px; + filter: progid:dximagetransform.microsoft.gradient(startColorstr='#ffffff', endColorstr='#e6e6e6', GradientType=0); + filter: progid:dximagetransform.microsoft.gradient(enabled=false); + *zoom: 1; + -webkit-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05); + -moz-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05); + box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05) +} + +.btn:hover, .btn:active, .btn.active, .btn.disabled, .btn[disabled] { + background-color: #e6e6e6; + *background-color: #d9d9d9 +} + +.btn:active, .btn.active { + background-color: #ccc \9 +} + +.btn:first-child { + *margin-left: 0 +} + +.btn:hover { + color: #333; + text-decoration: none; + background-color: #e6e6e6; + *background-color: #d9d9d9; + background-position: 0 -15px; + -webkit-transition: background-position .1s linear; + -moz-transition: background-position .1s linear; + -ms-transition: background-position .1s linear; + -o-transition: background-position .1s linear; + transition: background-position .1s linear +} + +.btn:focus { + outline: thin dotted #333; + outline: 5px auto -webkit-focus-ring-color; + outline-offset: -2px +} + +.btn.active, .btn:active { + background-color: #e6e6e6; + background-color: #d9d9d9 \9; + background-image: none; + outline: 0; + -webkit-box-shadow: inset 0 2px 4px rgba(0, 0, 0, 0.15), 0 1px 2px rgba(0, 0, 0, 0.05); + -moz-box-shadow: inset 0 2px 4px rgba(0, 0, 0, 0.15), 0 1px 2px rgba(0, 0, 0, 0.05); + box-shadow: inset 0 2px 4px rgba(0, 0, 0, 0.15), 0 1px 2px rgba(0, 0, 0, 0.05) +} + +.btn.disabled, .btn[disabled] { + cursor: default; + background-color: #e6e6e6; + background-image: none; + opacity: .65; + filter: alpha(opacity=65); + -webkit-box-shadow: none; + -moz-box-shadow: none; + box-shadow: none +} + +.btn-large { + padding: 9px 14px; + font-size: 15px; + line-height: normal; + -webkit-border-radius: 5px; + -moz-border-radius: 5px; + border-radius: 5px +} + +.btn-large [class^="icon-"] { + margin-top: 1px +} + +.btn-small { + padding: 5px 9px; + font-size: 11px; + line-height: 16px +} + +.btn-small [class^="icon-"] { + margin-top: -1px +} + +.btn-mini { + padding: 2px 6px; + font-size: 11px; + line-height: 14px +} + +.btn-primary, .btn-primary:hover, .btn-warning, .btn-warning:hover, .btn-danger, .btn-danger:hover, .btn-success, .btn-success:hover, .btn-info, .btn-info:hover, .btn-inverse, .btn-inverse:hover { + color: #fff; + text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25) +} + +.btn-primary.active, .btn-warning.active, .btn-danger.active, .btn-success.active, .btn-info.active, .btn-inverse.active { + color: rgba(255, 255, 255, 0.75) +} + +.btn { + border-color: #ccc; + border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25) +} + +.btn-primary { + background-color: #0074cc; + *background-color: #05c; + background-image: -ms-linear-gradient(top, #08c, #05c); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#08c), to(#05c)); + background-image: -webkit-linear-gradient(top, #08c, #05c); + background-image: -o-linear-gradient(top, #08c, #05c); + background-image: -moz-linear-gradient(top, #08c, #05c); + background-image: linear-gradient(top, #08c, #05c); + background-repeat: repeat-x; + border-color: #05c #05c #003580; + border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); + filter: progid:dximagetransform.microsoft.gradient(startColorstr='#0088cc', endColorstr='#0055cc', GradientType=0); + filter: progid:dximagetransform.microsoft.gradient(enabled=false) +} + +.btn-primary:hover, .btn-primary:active, .btn-primary.active, .btn-primary.disabled, .btn-primary[disabled] { + background-color: #05c; + *background-color: #004ab3 +} + +.btn-primary:active, .btn-primary.active { + background-color: #004099 \9 +} + +.btn-warning { + background-color: #faa732; + *background-color: #f89406; + background-image: -ms-linear-gradient(top, #fbb450, #f89406); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#fbb450), to(#f89406)); + background-image: -webkit-linear-gradient(top, #fbb450, #f89406); + background-image: -o-linear-gradient(top, #fbb450, #f89406); + background-image: -moz-linear-gradient(top, #fbb450, #f89406); + background-image: linear-gradient(top, #fbb450, #f89406); + background-repeat: repeat-x; + border-color: #f89406 #f89406 #ad6704; + border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); + filter: progid:dximagetransform.microsoft.gradient(startColorstr='#fbb450', endColorstr='#f89406', GradientType=0); + filter: progid:dximagetransform.microsoft.gradient(enabled=false) +} + +.btn-warning:hover, .btn-warning:active, .btn-warning.active, .btn-warning.disabled, .btn-warning[disabled] { + background-color: #f89406; + *background-color: #df8505 +} + +.btn-warning:active, .btn-warning.active { + background-color: #c67605 \9 +} + +.btn-danger { + background-color: #da4f49; + *background-color: #bd362f; + background-image: -ms-linear-gradient(top, #ee5f5b, #bd362f); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#ee5f5b), to(#bd362f)); + background-image: -webkit-linear-gradient(top, #ee5f5b, #bd362f); + background-image: -o-linear-gradient(top, #ee5f5b, #bd362f); + background-image: -moz-linear-gradient(top, #ee5f5b, #bd362f); + background-image: linear-gradient(top, #ee5f5b, #bd362f); + background-repeat: repeat-x; + border-color: #bd362f #bd362f #802420; + border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); + filter: progid:dximagetransform.microsoft.gradient(startColorstr='#ee5f5b', endColorstr='#bd362f', GradientType=0); + filter: progid:dximagetransform.microsoft.gradient(enabled=false) +} + +.btn-danger:hover, .btn-danger:active, .btn-danger.active, .btn-danger.disabled, .btn-danger[disabled] { + background-color: #bd362f; + *background-color: #a9302a +} + +.btn-danger:active, .btn-danger.active { + background-color: #942a25 \9 +} + +.btn-success { + background-color: #5bb75b; + *background-color: #51a351; + background-image: -ms-linear-gradient(top, #62c462, #51a351); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#62c462), to(#51a351)); + background-image: -webkit-linear-gradient(top, #62c462, #51a351); + background-image: -o-linear-gradient(top, #62c462, #51a351); + background-image: -moz-linear-gradient(top, #62c462, #51a351); + background-image: linear-gradient(top, #62c462, #51a351); + background-repeat: repeat-x; + border-color: #51a351 #51a351 #387038; + border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); + filter: progid:dximagetransform.microsoft.gradient(startColorstr='#62c462', endColorstr='#51a351', GradientType=0); + filter: progid:dximagetransform.microsoft.gradient(enabled=false) +} + +.btn-success:hover, .btn-success:active, .btn-success.active, .btn-success.disabled, .btn-success[disabled] { + background-color: #51a351; + *background-color: #499249 +} + +.btn-success:active, .btn-success.active { + background-color: #408140 \9 +} + +.btn-info { + background-color: #49afcd; + *background-color: #2f96b4; + background-image: -ms-linear-gradient(top, #5bc0de, #2f96b4); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#5bc0de), to(#2f96b4)); + background-image: -webkit-linear-gradient(top, #5bc0de, #2f96b4); + background-image: -o-linear-gradient(top, #5bc0de, #2f96b4); + background-image: -moz-linear-gradient(top, #5bc0de, #2f96b4); + background-image: linear-gradient(top, #5bc0de, #2f96b4); + background-repeat: repeat-x; + border-color: #2f96b4 #2f96b4 #1f6377; + border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); + filter: progid:dximagetransform.microsoft.gradient(startColorstr='#5bc0de', endColorstr='#2f96b4', GradientType=0); + filter: progid:dximagetransform.microsoft.gradient(enabled=false) +} + +.btn-info:hover, .btn-info:active, .btn-info.active, .btn-info.disabled, .btn-info[disabled] { + background-color: #2f96b4; + *background-color: #2a85a0 +} + +.btn-info:active, .btn-info.active { + background-color: #24748c \9 +} + +.btn-inverse { + background-color: #414141; + *background-color: #222; + background-image: -ms-linear-gradient(top, #555, #222); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#555), to(#222)); + background-image: -webkit-linear-gradient(top, #555, #222); + background-image: -o-linear-gradient(top, #555, #222); + background-image: -moz-linear-gradient(top, #555, #222); + background-image: linear-gradient(top, #555, #222); + background-repeat: repeat-x; + border-color: #222 #222 #000; + border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); + filter: progid:dximagetransform.microsoft.gradient(startColorstr='#555555', endColorstr='#222222', GradientType=0); + filter: progid:dximagetransform.microsoft.gradient(enabled=false) +} + +.btn-inverse:hover, .btn-inverse:active, .btn-inverse.active, .btn-inverse.disabled, .btn-inverse[disabled] { + background-color: #222; + *background-color: #151515 +} + +.btn-inverse:active, .btn-inverse.active { + background-color: #080808 \9 +} + +button.btn, input[type="submit"].btn { + *padding-top: 2px; + *padding-bottom: 2px +} + +button.btn::-moz-focus-inner, input[type="submit"].btn::-moz-focus-inner { + padding: 0; + border: 0 +} + +button.btn.btn-large, input[type="submit"].btn.btn-large { + *padding-top: 7px; + *padding-bottom: 7px +} + +button.btn.btn-small, input[type="submit"].btn.btn-small { + *padding-top: 3px; + *padding-bottom: 3px +} + +button.btn.btn-mini, input[type="submit"].btn.btn-mini { + *padding-top: 1px; + *padding-bottom: 1px +} + +.btn-group { + position: relative; + *margin-left: .3em; + *zoom: 1 +} + +.btn-group:before, .btn-group:after { + display: table; + content: "" +} + +.btn-group:after { + clear: both +} + +.btn-group:first-child { + *margin-left: 0 +} + +.btn-group + .btn-group { + margin-left: 5px +} + +.btn-toolbar { + margin-top: 9px; + margin-bottom: 9px +} + +.btn-toolbar .btn-group { + display: inline-block; + *display: inline; + *zoom: 1 +} + +.btn-group > .btn { + position: relative; + float: left; + margin-left: -1px; + -webkit-border-radius: 0; + -moz-border-radius: 0; + border-radius: 0 +} + +.btn-group > .btn:first-child { + margin-left: 0; + -webkit-border-bottom-left-radius: 4px; + border-bottom-left-radius: 4px; + -webkit-border-top-left-radius: 4px; + border-top-left-radius: 4px; + -moz-border-radius-bottomleft: 4px; + -moz-border-radius-topleft: 4px +} + +.btn-group > .btn:last-child, .btn-group > .dropdown-toggle { + -webkit-border-top-right-radius: 4px; + border-top-right-radius: 4px; + -webkit-border-bottom-right-radius: 4px; + border-bottom-right-radius: 4px; + -moz-border-radius-topright: 4px; + -moz-border-radius-bottomright: 4px +} + +.btn-group > .btn.large:first-child { + margin-left: 0; + -webkit-border-bottom-left-radius: 6px; + border-bottom-left-radius: 6px; + -webkit-border-top-left-radius: 6px; + border-top-left-radius: 6px; + -moz-border-radius-bottomleft: 6px; + -moz-border-radius-topleft: 6px +} + +.btn-group > .btn.large:last-child, .btn-group > .large.dropdown-toggle { + -webkit-border-top-right-radius: 6px; + border-top-right-radius: 6px; + -webkit-border-bottom-right-radius: 6px; + border-bottom-right-radius: 6px; + -moz-border-radius-topright: 6px; + -moz-border-radius-bottomright: 6px +} + +.btn-group > .btn:hover, .btn-group > .btn:focus, .btn-group > .btn:active, .btn-group > .btn.active { + z-index: 2 +} + +.btn-group .dropdown-toggle:active, .btn-group.open .dropdown-toggle { + outline: 0 +} + +.btn-group > .dropdown-toggle { + *padding-top: 4px; + padding-right: 8px; + *padding-bottom: 4px; + padding-left: 8px; + -webkit-box-shadow: inset 1px 0 0 rgba(255, 255, 255, 0.125), inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05); + -moz-box-shadow: inset 1px 0 0 rgba(255, 255, 255, 0.125), inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05); + box-shadow: inset 1px 0 0 rgba(255, 255, 255, 0.125), inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05) +} + +.btn-group > .btn-mini.dropdown-toggle { + padding-right: 5px; + padding-left: 5px +} + +.btn-group > .btn-small.dropdown-toggle { + *padding-top: 4px; + *padding-bottom: 4px +} + +.btn-group > .btn-large.dropdown-toggle { + padding-right: 12px; + padding-left: 12px +} + +.btn-group.open .dropdown-toggle { + background-image: none; + -webkit-box-shadow: inset 0 2px 4px rgba(0, 0, 0, 0.15), 0 1px 2px rgba(0, 0, 0, 0.05); + -moz-box-shadow: inset 0 2px 4px rgba(0, 0, 0, 0.15), 0 1px 2px rgba(0, 0, 0, 0.05); + box-shadow: inset 0 2px 4px rgba(0, 0, 0, 0.15), 0 1px 2px rgba(0, 0, 0, 0.05) +} + +.btn-group.open .btn.dropdown-toggle { + background-color: #e6e6e6 +} + +.btn-group.open .btn-primary.dropdown-toggle { + background-color: #05c +} + +.btn-group.open .btn-warning.dropdown-toggle { + background-color: #f89406 +} + +.btn-group.open .btn-danger.dropdown-toggle { + background-color: #bd362f +} + +.btn-group.open .btn-success.dropdown-toggle { + background-color: #51a351 +} + +.btn-group.open .btn-info.dropdown-toggle { + background-color: #2f96b4 +} + +.btn-group.open .btn-inverse.dropdown-toggle { + background-color: #222 +} + +.btn .caret { + margin-top: 7px; + margin-left: 0 +} + +.btn:hover .caret, .open.btn-group .caret { + opacity: 1; + filter: alpha(opacity=100) +} + +.btn-mini .caret { + margin-top: 5px +} + +.btn-small .caret { + margin-top: 6px +} + +.btn-large .caret { + margin-top: 6px; + border-top-width: 5px; + border-right-width: 5px; + border-left-width: 5px +} + +.dropup .btn-large .caret { + border-top: 0; + border-bottom: 5px solid #000 +} + +.btn-primary .caret, .btn-warning .caret, .btn-danger .caret, .btn-info .caret, .btn-success .caret, .btn-inverse .caret { + border-top-color: #fff; + border-bottom-color: #fff; + opacity: .75; + filter: alpha(opacity=75) +} + +.alert { + padding: 8px 35px 8px 14px; + margin-bottom: 18px; + color: #c09853; + text-shadow: 0 1px 0 rgba(255, 255, 255, 0.5); + background-color: #fcf8e3; + border: 1px solid #fbeed5; + -webkit-border-radius: 4px; + -moz-border-radius: 4px; + border-radius: 4px +} + +.alert-heading { + color: inherit +} + +.alert .close { + position: relative; + top: -2px; + right: -21px; + line-height: 18px +} + +.alert-success { + color: #468847; + background-color: #dff0d8; + border-color: #d6e9c6 +} + +.alert-danger, .alert-error { + color: #b94a48; + background-color: #f2dede; + border-color: #eed3d7 +} + +.alert-info { + color: #3a87ad; + background-color: #d9edf7; + border-color: #bce8f1 +} + +.alert-block { + padding-top: 14px; + padding-bottom: 14px +} + +.alert-block > p, .alert-block > ul { + margin-bottom: 0 +} + +.alert-block p + p { + margin-top: 5px +} + +.nav { + margin-bottom: 18px; + margin-left: 0; + list-style: none +} + +.nav > li > a { + display: block +} + +.nav > li > a:hover { + text-decoration: none; + background-color: #eee +} + +.nav > .pull-right { + float: right +} + +.nav .nav-header { + display: block; + padding: 3px 15px; + font-size: 11px; + font-weight: bold; + line-height: 18px; + color: #999; + text-shadow: 0 1px 0 rgba(255, 255, 255, 0.5); + text-transform: uppercase +} + +.nav li + .nav-header { + margin-top: 9px +} + +.nav-list { + padding-right: 15px; + padding-left: 15px; + margin-bottom: 0 +} + +.nav-list > li > a, .nav-list .nav-header { + margin-right: -15px; + margin-left: -15px; + text-shadow: 0 1px 0 rgba(255, 255, 255, 0.5) +} + +.nav-list > li > a { + padding: 3px 15px +} + +.nav-list > .active > a, .nav-list > .active > a:hover { + color: #fff; + text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.2); + background-color: #08c +} + +.nav-list [class^="icon-"] { + margin-right: 2px +} + +.nav-list .divider { + *width: 100%; + height: 1px; + margin: 8px 1px; + *margin: -5px 0 5px; + overflow: hidden; + background-color: #e5e5e5; + border-bottom: 1px solid #fff +} + +.nav-tabs, .nav-pills { + *zoom: 1 +} + +.nav-tabs:before, .nav-pills:before, .nav-tabs:after, .nav-pills:after { + display: table; + content: "" +} + +.nav-tabs:after, .nav-pills:after { + clear: both +} + +.nav-tabs > li, .nav-pills > li { + float: left +} + +.nav-tabs > li > a, .nav-pills > li > a { + padding-right: 12px; + padding-left: 12px; + margin-right: 2px; + line-height: 14px +} + +.nav-tabs { + border-bottom: 1px solid #ddd +} + +.nav-tabs > li { + margin-bottom: -1px +} + +.nav-tabs > li > a { + padding-top: 8px; + padding-bottom: 8px; + line-height: 18px; + border: 1px solid transparent; + -webkit-border-radius: 4px 4px 0 0; + -moz-border-radius: 4px 4px 0 0; + border-radius: 4px 4px 0 0 +} + +.nav-tabs > li > a:hover { + border-color: #eee #eee #ddd +} + +.nav-tabs > .active > a, .nav-tabs > .active > a:hover { + color: #555; + cursor: default; + background-color: #fff; + border: 1px solid #ddd; + border-bottom-color: transparent +} + +.nav-pills > li > a { + padding-top: 8px; + padding-bottom: 8px; + margin-top: 2px; + margin-bottom: 2px; + -webkit-border-radius: 5px; + -moz-border-radius: 5px; + border-radius: 5px +} + +.nav-pills > .active > a, .nav-pills > .active > a:hover { + color: #fff; + background-color: #08c +} + +.nav-stacked > li { + float: none +} + +.nav-stacked > li > a { + margin-right: 0 +} + +.nav-tabs.nav-stacked { + border-bottom: 0 +} + +.nav-tabs.nav-stacked > li > a { + border: 1px solid #ddd; + -webkit-border-radius: 0; + -moz-border-radius: 0; + border-radius: 0 +} + +.nav-tabs.nav-stacked > li:first-child > a { + -webkit-border-radius: 4px 4px 0 0; + -moz-border-radius: 4px 4px 0 0; + border-radius: 4px 4px 0 0 +} + +.nav-tabs.nav-stacked > li:last-child > a { + -webkit-border-radius: 0 0 4px 4px; + -moz-border-radius: 0 0 4px 4px; + border-radius: 0 0 4px 4px +} + +.nav-tabs.nav-stacked > li > a:hover { + z-index: 2; + border-color: #ddd +} + +.nav-pills.nav-stacked > li > a { + margin-bottom: 3px +} + +.nav-pills.nav-stacked > li:last-child > a { + margin-bottom: 1px +} + +.nav-tabs .dropdown-menu { + -webkit-border-radius: 0 0 5px 5px; + -moz-border-radius: 0 0 5px 5px; + border-radius: 0 0 5px 5px +} + +.nav-pills .dropdown-menu { + -webkit-border-radius: 4px; + -moz-border-radius: 4px; + border-radius: 4px +} + +.nav-tabs .dropdown-toggle .caret, .nav-pills .dropdown-toggle .caret { + margin-top: 6px; + border-top-color: #08c; + border-bottom-color: #08c +} + +.nav-tabs .dropdown-toggle:hover .caret, .nav-pills .dropdown-toggle:hover .caret { + border-top-color: #005580; + border-bottom-color: #005580 +} + +.nav-tabs .active .dropdown-toggle .caret, .nav-pills .active .dropdown-toggle .caret { + border-top-color: #333; + border-bottom-color: #333 +} + +.nav > .dropdown.active > a:hover { + color: #000; + cursor: pointer +} + +.nav-tabs .open .dropdown-toggle, .nav-pills .open .dropdown-toggle, .nav > li.dropdown.open.active > a:hover { + color: #fff; + background-color: #999; + border-color: #999 +} + +.nav li.dropdown.open .caret, .nav li.dropdown.open.active .caret, .nav li.dropdown.open a:hover .caret { + border-top-color: #fff; + border-bottom-color: #fff; + opacity: 1; + filter: alpha(opacity=100) +} + +.tabs-stacked .open > a:hover { + border-color: #999 +} + +.tabbable { + *zoom: 1 +} + +.tabbable:before, .tabbable:after { + display: table; + content: "" +} + +.tabbable:after { + clear: both +} + +.tab-content { + overflow: auto +} + +.tabs-below > .nav-tabs, .tabs-right > .nav-tabs, .tabs-left > .nav-tabs { + border-bottom: 0 +} + +.tab-content > .tab-pane, .pill-content > .pill-pane { + display: none +} + +.tab-content > .active, .pill-content > .active { + display: block +} + +.tabs-below > .nav-tabs { + border-top: 1px solid #ddd +} + +.tabs-below > .nav-tabs > li { + margin-top: -1px; + margin-bottom: 0 +} + +.tabs-below > .nav-tabs > li > a { + -webkit-border-radius: 0 0 4px 4px; + -moz-border-radius: 0 0 4px 4px; + border-radius: 0 0 4px 4px +} + +.tabs-below > .nav-tabs > li > a:hover { + border-top-color: #ddd; + border-bottom-color: transparent +} + +.tabs-below > .nav-tabs > .active > a, .tabs-below > .nav-tabs > .active > a:hover { + border-color: transparent #ddd #ddd #ddd +} + +.tabs-left > .nav-tabs > li, .tabs-right > .nav-tabs > li { + float: none +} + +.tabs-left > .nav-tabs > li > a, .tabs-right > .nav-tabs > li > a { + min-width: 74px; + margin-right: 0; + margin-bottom: 3px +} + +.tabs-left > .nav-tabs { + float: left; + margin-right: 19px; + border-right: 1px solid #ddd +} + +.tabs-left > .nav-tabs > li > a { + margin-right: -1px; + -webkit-border-radius: 4px 0 0 4px; + -moz-border-radius: 4px 0 0 4px; + border-radius: 4px 0 0 4px +} + +.tabs-left > .nav-tabs > li > a:hover { + border-color: #eee #ddd #eee #eee +} + +.tabs-left > .nav-tabs .active > a, .tabs-left > .nav-tabs .active > a:hover { + border-color: #ddd transparent #ddd #ddd; + *border-right-color: #fff +} + +.tabs-right > .nav-tabs { + float: right; + margin-left: 19px; + border-left: 1px solid #ddd +} + +.tabs-right > .nav-tabs > li > a { + margin-left: -1px; + -webkit-border-radius: 0 4px 4px 0; + -moz-border-radius: 0 4px 4px 0; + border-radius: 0 4px 4px 0 +} + +.tabs-right > .nav-tabs > li > a:hover { + border-color: #eee #eee #eee #ddd +} + +.tabs-right > .nav-tabs .active > a, .tabs-right > .nav-tabs .active > a:hover { + border-color: #ddd #ddd #ddd transparent; + *border-left-color: #fff +} + +.navbar { + *position: relative; + *z-index: 2; + margin-bottom: 18px; + overflow: visible +} + +.navbar-inner { + min-height: 40px; + padding-right: 20px; + padding-left: 20px; + background-color: #2c2c2c; + background-image: -moz-linear-gradient(top, #333, #222); + background-image: -ms-linear-gradient(top, #333, #222); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#333), to(#222)); + background-image: -webkit-linear-gradient(top, #333, #222); + background-image: -o-linear-gradient(top, #333, #222); + background-image: linear-gradient(top, #333, #222); + background-repeat: repeat-x; + -webkit-border-radius: 4px; + -moz-border-radius: 4px; + border-radius: 4px; + filter: progid:dximagetransform.microsoft.gradient(startColorstr='#333333', endColorstr='#222222', GradientType=0); + -webkit-box-shadow: 0 1px 3px rgba(0, 0, 0, 0.25), inset 0 -1px 0 rgba(0, 0, 0, 0.1); + -moz-box-shadow: 0 1px 3px rgba(0, 0, 0, 0.25), inset 0 -1px 0 rgba(0, 0, 0, 0.1); + box-shadow: 0 1px 3px rgba(0, 0, 0, 0.25), inset 0 -1px 0 rgba(0, 0, 0, 0.1) +} + +.navbar .container { + width: auto +} + +.nav-collapse.collapse { + height: auto +} + +.navbar { + color: #999 +} + +.navbar .brand:hover { + text-decoration: none +} + +.navbar .brand { + display: block; + float: left; + padding: 8px 20px 12px; + margin-left: -20px; + font-size: 20px; + font-weight: 200; + line-height: 1; + color: #999 +} + +.navbar .navbar-text { + margin-bottom: 0; + line-height: 40px +} + +.navbar .navbar-link { + color: #999 +} + +.navbar .navbar-link:hover { + color: #fff +} + +.navbar .btn, .navbar .btn-group { + margin-top: 5px +} + +.navbar .btn-group .btn { + margin: 0 +} + +.navbar-form { + margin-bottom: 0; + *zoom: 1 +} + +.navbar-form:before, .navbar-form:after { + display: table; + content: "" +} + +.navbar-form:after { + clear: both +} + +.navbar-form input, .navbar-form select, .navbar-form .radio, .navbar-form .checkbox { + margin-top: 5px +} + +.navbar-form input, .navbar-form select { + display: inline-block; + margin-bottom: 0 +} + +.navbar-form input[type="image"], .navbar-form input[type="checkbox"], .navbar-form input[type="radio"] { + margin-top: 3px +} + +.navbar-form .input-append, .navbar-form .input-prepend { + margin-top: 6px; + white-space: nowrap +} + +.navbar-form .input-append input, .navbar-form .input-prepend input { + margin-top: 0 +} + +.navbar-search { + position: relative; + float: left; + margin-top: 6px; + margin-bottom: 0 +} + +.navbar-search .search-query { + padding: 4px 9px; + font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; + font-size: 13px; + font-weight: normal; + line-height: 1; + color: #fff; + background-color: #626262; + border: 1px solid #151515; + -webkit-box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1), 0 1px 0 rgba(255, 255, 255, 0.15); + -moz-box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1), 0 1px 0 rgba(255, 255, 255, 0.15); + box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1), 0 1px 0 rgba(255, 255, 255, 0.15); + -webkit-transition: none; + -moz-transition: none; + -ms-transition: none; + -o-transition: none; + transition: none +} + +.navbar-search .search-query:-moz-placeholder { + color: #ccc +} + +.navbar-search .search-query::-webkit-input-placeholder { + color: #ccc +} + +.navbar-search .search-query:focus, .navbar-search .search-query.focused { + padding: 5px 10px; + color: #333; + text-shadow: 0 1px 0 #fff; + background-color: #fff; + border: 0; + outline: 0; + -webkit-box-shadow: 0 0 3px rgba(0, 0, 0, 0.15); + -moz-box-shadow: 0 0 3px rgba(0, 0, 0, 0.15); + box-shadow: 0 0 3px rgba(0, 0, 0, 0.15) +} + +.navbar-fixed-top, .navbar-fixed-bottom { + position: fixed; + right: 0; + left: 0; + z-index: 1030; + margin-bottom: 0 +} + +.navbar-fixed-top .navbar-inner, .navbar-fixed-bottom .navbar-inner { + padding-right: 0; + padding-left: 0; + -webkit-border-radius: 0; + -moz-border-radius: 0; + border-radius: 0 +} + +.navbar-fixed-top .container, .navbar-fixed-bottom .container { + width: 940px +} + +.navbar-fixed-top { + top: 0 +} + +.navbar-fixed-bottom { + bottom: 0 +} + +.navbar .nav { + position: relative; + left: 0; + display: block; + float: left; + margin: 0 10px 0 0 +} + +.navbar .nav.pull-right { + float: right +} + +.navbar .nav > li { + display: block; + float: left +} + +.navbar .nav > li > a { + float: none; + padding: 9px 10px 11px; + line-height: 19px; + color: #999; + text-decoration: none; + text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25) +} + +.navbar .btn { + display: inline-block; + padding: 4px 10px 4px; + margin: 5px 5px 6px; + line-height: 18px +} + +.navbar .btn-group { + padding: 5px 5px 6px; + margin: 0 +} + +.navbar .nav > li > a:hover { + color: #fff; + text-decoration: none; + background-color: transparent +} + +.navbar .nav .active > a, .navbar .nav .active > a:hover { + color: #fff; + text-decoration: none; + background-color: #222 +} + +.navbar .divider-vertical { + width: 1px; + height: 40px; + margin: 0 9px; + overflow: hidden; + background-color: #222; + border-right: 1px solid #333 +} + +.navbar .nav.pull-right { + margin-right: 0; + margin-left: 10px +} + +.navbar .btn-navbar { + display: none; + float: right; + padding: 7px 10px; + margin-right: 5px; + margin-left: 5px; + background-color: #2c2c2c; + *background-color: #222; + background-image: -ms-linear-gradient(top, #333, #222); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#333), to(#222)); + background-image: -webkit-linear-gradient(top, #333, #222); + background-image: -o-linear-gradient(top, #333, #222); + background-image: linear-gradient(top, #333, #222); + background-image: -moz-linear-gradient(top, #333, #222); + background-repeat: repeat-x; + border-color: #222 #222 #000; + border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); + filter: progid:dximagetransform.microsoft.gradient(startColorstr='#333333', endColorstr='#222222', GradientType=0); + filter: progid:dximagetransform.microsoft.gradient(enabled=false); + -webkit-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.1), 0 1px 0 rgba(255, 255, 255, 0.075); + -moz-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.1), 0 1px 0 rgba(255, 255, 255, 0.075); + box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.1), 0 1px 0 rgba(255, 255, 255, 0.075) +} + +.navbar .btn-navbar:hover, .navbar .btn-navbar:active, .navbar .btn-navbar.active, .navbar .btn-navbar.disabled, .navbar .btn-navbar[disabled] { + background-color: #222; + *background-color: #151515 +} + +.navbar .btn-navbar:active, .navbar .btn-navbar.active { + background-color: #080808 \9 +} + +.navbar .btn-navbar .icon-bar { + display: block; + width: 18px; + height: 2px; + background-color: #f5f5f5; + -webkit-border-radius: 1px; + -moz-border-radius: 1px; + border-radius: 1px; + -webkit-box-shadow: 0 1px 0 rgba(0, 0, 0, 0.25); + -moz-box-shadow: 0 1px 0 rgba(0, 0, 0, 0.25); + box-shadow: 0 1px 0 rgba(0, 0, 0, 0.25) +} + +.btn-navbar .icon-bar + .icon-bar { + margin-top: 3px +} + +.navbar .dropdown-menu:before { + position: absolute; + top: -7px; + left: 9px; + display: inline-block; + border-right: 7px solid transparent; + border-bottom: 7px solid #ccc; + border-left: 7px solid transparent; + border-bottom-color: rgba(0, 0, 0, 0.2); + content: '' +} + +.navbar .dropdown-menu:after { + position: absolute; + top: -6px; + left: 10px; + display: inline-block; + border-right: 6px solid transparent; + border-bottom: 6px solid #fff; + border-left: 6px solid transparent; + content: '' +} + +.navbar-fixed-bottom .dropdown-menu:before { + top: auto; + bottom: -7px; + border-top: 7px solid #ccc; + border-bottom: 0; + border-top-color: rgba(0, 0, 0, 0.2) +} + +.navbar-fixed-bottom .dropdown-menu:after { + top: auto; + bottom: -6px; + border-top: 6px solid #fff; + border-bottom: 0 +} + +.navbar .nav li.dropdown .dropdown-toggle .caret, .navbar .nav li.dropdown.open .caret { + border-top-color: #fff; + border-bottom-color: #fff +} + +.navbar .nav li.dropdown.active .caret { + opacity: 1; + filter: alpha(opacity=100) +} + +.navbar .nav li.dropdown.open > .dropdown-toggle, .navbar .nav li.dropdown.active > .dropdown-toggle, .navbar .nav li.dropdown.open.active > .dropdown-toggle { + background-color: transparent +} + +.navbar .nav li.dropdown.active > .dropdown-toggle:hover { + color: #fff +} + +.navbar .pull-right .dropdown-menu, .navbar .dropdown-menu.pull-right { + right: 0; + left: auto +} + +.navbar .pull-right .dropdown-menu:before, .navbar .dropdown-menu.pull-right:before { + right: 12px; + left: auto +} + +.navbar .pull-right .dropdown-menu:after, .navbar .dropdown-menu.pull-right:after { + right: 13px; + left: auto +} + +.breadcrumb { + padding: 7px 14px; + margin: 0 0 18px; + list-style: none; + background-color: #fbfbfb; + background-image: -moz-linear-gradient(top, #fff, #f5f5f5); + background-image: -ms-linear-gradient(top, #fff, #f5f5f5); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#fff), to(#f5f5f5)); + background-image: -webkit-linear-gradient(top, #fff, #f5f5f5); + background-image: -o-linear-gradient(top, #fff, #f5f5f5); + background-image: linear-gradient(top, #fff, #f5f5f5); + background-repeat: repeat-x; + border: 1px solid #ddd; + -webkit-border-radius: 3px; + -moz-border-radius: 3px; + border-radius: 3px; + filter: progid:dximagetransform.microsoft.gradient(startColorstr='#ffffff', endColorstr='#f5f5f5', GradientType=0); + -webkit-box-shadow: inset 0 1px 0 #fff; + -moz-box-shadow: inset 0 1px 0 #fff; + box-shadow: inset 0 1px 0 #fff +} + +.breadcrumb li { + display: inline-block; + *display: inline; + text-shadow: 0 1px 0 #fff; + *zoom: 1 +} + +.breadcrumb .divider { + padding: 0 5px; + color: #999 +} + +.breadcrumb .active a { + color: #333 +} + +.pagination { + height: 36px; + margin: 18px 0 +} + +.pagination ul { + display: inline-block; + *display: inline; + margin-bottom: 0; + margin-left: 0; + -webkit-border-radius: 3px; + -moz-border-radius: 3px; + border-radius: 3px; + *zoom: 1; + -webkit-box-shadow: 0 1px 2px rgba(0, 0, 0, 0.05); + -moz-box-shadow: 0 1px 2px rgba(0, 0, 0, 0.05); + box-shadow: 0 1px 2px rgba(0, 0, 0, 0.05) +} + +.pagination li { + display: inline +} + +.pagination a { + float: left; + padding: 0 14px; + line-height: 34px; + text-decoration: none; + border: 1px solid #ddd; + border-left-width: 0 +} + +.pagination a:hover, .pagination .active a { + background-color: #f5f5f5 +} + +.pagination .active a { + color: #999; + cursor: default +} + +.pagination .disabled span, .pagination .disabled a, .pagination .disabled a:hover { + color: #999; + cursor: default; + background-color: transparent +} + +.pagination li:first-child a { + border-left-width: 1px; + -webkit-border-radius: 3px 0 0 3px; + -moz-border-radius: 3px 0 0 3px; + border-radius: 3px 0 0 3px +} + +.pagination li:last-child a { + -webkit-border-radius: 0 3px 3px 0; + -moz-border-radius: 0 3px 3px 0; + border-radius: 0 3px 3px 0 +} + +.pagination-centered { + text-align: center +} + +.pagination-right { + text-align: right +} + +.pager { + margin-bottom: 18px; + margin-left: 0; + text-align: center; + list-style: none; + *zoom: 1 +} + +.pager:before, .pager:after { + display: table; + content: "" +} + +.pager:after { + clear: both +} + +.pager li { + display: inline +} + +.pager a { + display: inline-block; + padding: 5px 14px; + background-color: #fff; + border: 1px solid #ddd; + -webkit-border-radius: 15px; + -moz-border-radius: 15px; + border-radius: 15px +} + +.pager a:hover { + text-decoration: none; + background-color: #f5f5f5 +} + +.pager .next a { + float: right +} + +.pager .previous a { + float: left +} + +.pager .disabled a, .pager .disabled a:hover { + color: #999; + cursor: default; + background-color: #fff +} + +.modal-open .dropdown-menu { + z-index: 2050 +} + +.modal-open .dropdown.open { + *z-index: 2050 +} + +.modal-open .popover { + z-index: 2060 +} + +.modal-open .tooltip { + z-index: 2070 +} + +.modal-backdrop { + position: fixed; + top: 0; + right: 0; + bottom: 0; + left: 0; + z-index: 1040; + background-color: #000 +} + +.modal-backdrop.fade { + opacity: 0 +} + +.modal-backdrop, .modal-backdrop.fade.in { + opacity: .8; + filter: alpha(opacity=80) +} + +.modal { + position: fixed; + top: 50%; + left: 50%; + z-index: 1050; + width: 560px; + margin: -250px 0 0 -280px; + overflow: auto; + background-color: #fff; + border: 1px solid #999; + border: 1px solid rgba(0, 0, 0, 0.3); + *border: 1px solid #999; + -webkit-border-radius: 6px; + -moz-border-radius: 6px; + border-radius: 6px; + -webkit-box-shadow: 0 3px 7px rgba(0, 0, 0, 0.3); + -moz-box-shadow: 0 3px 7px rgba(0, 0, 0, 0.3); + box-shadow: 0 3px 7px rgba(0, 0, 0, 0.3); + -webkit-background-clip: padding-box; + -moz-background-clip: padding-box; + background-clip: padding-box +} + +.modal.fade { + top: -25%; + -webkit-transition: opacity .3s linear, top .3s ease-out; + -moz-transition: opacity .3s linear, top .3s ease-out; + -ms-transition: opacity .3s linear, top .3s ease-out; + -o-transition: opacity .3s linear, top .3s ease-out; + transition: opacity .3s linear, top .3s ease-out +} + +.modal.fade.in { + top: 50% +} + +.modal-header { + padding: 9px 15px; + border-bottom: 1px solid #eee +} + +.modal-header .close { + margin-top: 2px +} + +.modal-body { + max-height: 400px; + padding: 15px; + overflow-y: auto +} + +.modal-form { + margin-bottom: 0 +} + +.modal-footer { + padding: 14px 15px 15px; + margin-bottom: 0; + text-align: right; + background-color: #f5f5f5; + border-top: 1px solid #ddd; + -webkit-border-radius: 0 0 6px 6px; + -moz-border-radius: 0 0 6px 6px; + border-radius: 0 0 6px 6px; + *zoom: 1; + -webkit-box-shadow: inset 0 1px 0 #fff; + -moz-box-shadow: inset 0 1px 0 #fff; + box-shadow: inset 0 1px 0 #fff +} + +.modal-footer:before, .modal-footer:after { + display: table; + content: "" +} + +.modal-footer:after { + clear: both +} + +.modal-footer .btn + .btn { + margin-bottom: 0; + margin-left: 5px +} + +.modal-footer .btn-group .btn + .btn { + margin-left: -1px +} + +.tooltip { + position: absolute; + z-index: 1020; + display: block; + padding: 5px; + font-size: 11px; + opacity: 0; + filter: alpha(opacity=0); + visibility: visible +} + +.tooltip.in { + opacity: .8; + filter: alpha(opacity=80) +} + +.tooltip.top { + margin-top: -2px +} + +.tooltip.right { + margin-left: 2px +} + +.tooltip.bottom { + margin-top: 2px +} + +.tooltip.left { + margin-left: -2px +} + +.tooltip.top .tooltip-arrow { + bottom: 0; + left: 50%; + margin-left: -5px; + border-top: 5px solid #000; + border-right: 5px solid transparent; + border-left: 5px solid transparent +} + +.tooltip.left .tooltip-arrow { + top: 50%; + right: 0; + margin-top: -5px; + border-top: 5px solid transparent; + border-bottom: 5px solid transparent; + border-left: 5px solid #000 +} + +.tooltip.bottom .tooltip-arrow { + top: 0; + left: 50%; + margin-left: -5px; + border-right: 5px solid transparent; + border-bottom: 5px solid #000; + border-left: 5px solid transparent +} + +.tooltip.right .tooltip-arrow { + top: 50%; + left: 0; + margin-top: -5px; + border-top: 5px solid transparent; + border-right: 5px solid #000; + border-bottom: 5px solid transparent +} + +.tooltip-inner { + max-width: 200px; + padding: 3px 8px; + color: #fff; + text-align: center; + text-decoration: none; + background-color: #000; + -webkit-border-radius: 4px; + -moz-border-radius: 4px; + border-radius: 4px +} + +.tooltip-arrow { + position: absolute; + width: 0; + height: 0 +} + +.popover { + position: absolute; + top: 0; + left: 0; + z-index: 1010; + display: none; + padding: 5px +} + +.popover.top { + margin-top: -5px +} + +.popover.right { + margin-left: 5px +} + +.popover.bottom { + margin-top: 5px +} + +.popover.left { + margin-left: -5px +} + +.popover.top .arrow { + bottom: 0; + left: 50%; + margin-left: -5px; + border-top: 5px solid #000; + border-right: 5px solid transparent; + border-left: 5px solid transparent +} + +.popover.right .arrow { + top: 50%; + left: 0; + margin-top: -5px; + border-top: 5px solid transparent; + border-right: 5px solid #000; + border-bottom: 5px solid transparent +} + +.popover.bottom .arrow { + top: 0; + left: 50%; + margin-left: -5px; + border-right: 5px solid transparent; + border-bottom: 5px solid #000; + border-left: 5px solid transparent +} + +.popover.left .arrow { + top: 50%; + right: 0; + margin-top: -5px; + border-top: 5px solid transparent; + border-bottom: 5px solid transparent; + border-left: 5px solid #000 +} + +.popover .arrow { + position: absolute; + width: 0; + height: 0 +} + +.popover-inner { + width: 280px; + padding: 3px; + overflow: hidden; + background: #000; + background: rgba(0, 0, 0, 0.8); + -webkit-border-radius: 6px; + -moz-border-radius: 6px; + border-radius: 6px; + -webkit-box-shadow: 0 3px 7px rgba(0, 0, 0, 0.3); + -moz-box-shadow: 0 3px 7px rgba(0, 0, 0, 0.3); + box-shadow: 0 3px 7px rgba(0, 0, 0, 0.3) +} + +.popover-title { + padding: 9px 15px; + line-height: 1; + background-color: #f5f5f5; + border-bottom: 1px solid #eee; + -webkit-border-radius: 3px 3px 0 0; + -moz-border-radius: 3px 3px 0 0; + border-radius: 3px 3px 0 0 +} + +.popover-content { + padding: 14px; + background-color: #fff; + -webkit-border-radius: 0 0 3px 3px; + -moz-border-radius: 0 0 3px 3px; + border-radius: 0 0 3px 3px; + -webkit-background-clip: padding-box; + -moz-background-clip: padding-box; + background-clip: padding-box +} + +.popover-content p, .popover-content ul, .popover-content ol { + margin-bottom: 0 +} + +.thumbnails { + margin-left: -20px; + list-style: none; + *zoom: 1 +} + +.thumbnails:before, .thumbnails:after { + display: table; + content: "" +} + +.thumbnails:after { + clear: both +} + +.row-fluid .thumbnails { + margin-left: 0 +} + +.thumbnails > li { + float: left; + margin-bottom: 18px; + margin-left: 20px +} + +.thumbnail { + display: block; + padding: 4px; + line-height: 1; + border: 1px solid #ddd; + -webkit-border-radius: 4px; + -moz-border-radius: 4px; + border-radius: 4px; + -webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, 0.075); + -moz-box-shadow: 0 1px 1px rgba(0, 0, 0, 0.075); + box-shadow: 0 1px 1px rgba(0, 0, 0, 0.075) +} + +a.thumbnail:hover { + border-color: #08c; + -webkit-box-shadow: 0 1px 4px rgba(0, 105, 214, 0.25); + -moz-box-shadow: 0 1px 4px rgba(0, 105, 214, 0.25); + box-shadow: 0 1px 4px rgba(0, 105, 214, 0.25) +} + +.thumbnail > img { + display: block; + max-width: 100%; + margin-right: auto; + margin-left: auto +} + +.thumbnail .caption { + padding: 9px +} + +.label, .badge { + font-size: 10.998px; + font-weight: bold; + line-height: 14px; + color: #fff; + text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25); + white-space: nowrap; + vertical-align: baseline; + background-color: #999 +} + +.label { + padding: 1px 4px 2px; + -webkit-border-radius: 3px; + -moz-border-radius: 3px; + border-radius: 3px +} + +.badge { + padding: 1px 9px 2px; + -webkit-border-radius: 9px; + -moz-border-radius: 9px; + border-radius: 9px +} + +a.label:hover, a.badge:hover { + color: #fff; + text-decoration: none; + cursor: pointer +} + +.label-important, .badge-important { + background-color: #b94a48 +} + +.label-important[href], .badge-important[href] { + background-color: #953b39 +} + +.label-warning, .badge-warning { + background-color: #f89406 +} + +.label-warning[href], .badge-warning[href] { + background-color: #c67605 +} + +.label-success, .badge-success { + background-color: #468847 +} + +.label-success[href], .badge-success[href] { + background-color: #356635 +} + +.label-info, .badge-info { + background-color: #3a87ad +} + +.label-info[href], .badge-info[href] { + background-color: #2d6987 +} + +.label-inverse, .badge-inverse { + background-color: #333 +} + +.label-inverse[href], .badge-inverse[href] { + background-color: #1a1a1a +} + +@-webkit-keyframes progress-bar-stripes { + from { + background-position: 40px 0 + } + to { + background-position: 0 0 + } +} + +@-moz-keyframes progress-bar-stripes { + from { + background-position: 40px 0 + } + to { + background-position: 0 0 + } +} + +@-ms-keyframes progress-bar-stripes { + from { + background-position: 40px 0 + } + to { + background-position: 0 0 + } +} + +@-o-keyframes progress-bar-stripes { + from { + background-position: 0 0 + } + to { + background-position: 40px 0 + } +} + +@keyframes progress-bar-stripes { + from { + background-position: 40px 0 + } + to { + background-position: 0 0 + } +} + +.progress { + height: 18px; + margin-bottom: 18px; + overflow: hidden; + background-color: #f7f7f7; + background-image: -moz-linear-gradient(top, #f5f5f5, #f9f9f9); + background-image: -ms-linear-gradient(top, #f5f5f5, #f9f9f9); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#f5f5f5), to(#f9f9f9)); + background-image: -webkit-linear-gradient(top, #f5f5f5, #f9f9f9); + background-image: -o-linear-gradient(top, #f5f5f5, #f9f9f9); + background-image: linear-gradient(top, #f5f5f5, #f9f9f9); + background-repeat: repeat-x; + -webkit-border-radius: 4px; + -moz-border-radius: 4px; + border-radius: 4px; + filter: progid:dximagetransform.microsoft.gradient(startColorstr='#f5f5f5', endColorstr='#f9f9f9', GradientType=0); + -webkit-box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1); + -moz-box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1); + box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1) +} + +.progress .bar { + width: 0; + height: 18px; + font-size: 12px; + color: #fff; + text-align: center; + text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25); + background-color: #0e90d2; + background-image: -moz-linear-gradient(top, #149bdf, #0480be); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#149bdf), to(#0480be)); + background-image: -webkit-linear-gradient(top, #149bdf, #0480be); + background-image: -o-linear-gradient(top, #149bdf, #0480be); + background-image: linear-gradient(top, #149bdf, #0480be); + background-image: -ms-linear-gradient(top, #149bdf, #0480be); + background-repeat: repeat-x; + filter: progid:dximagetransform.microsoft.gradient(startColorstr='#149bdf', endColorstr='#0480be', GradientType=0); + -webkit-box-shadow: inset 0 -1px 0 rgba(0, 0, 0, 0.15); + -moz-box-shadow: inset 0 -1px 0 rgba(0, 0, 0, 0.15); + box-shadow: inset 0 -1px 0 rgba(0, 0, 0, 0.15); + -webkit-box-sizing: border-box; + -moz-box-sizing: border-box; + -ms-box-sizing: border-box; + box-sizing: border-box; + -webkit-transition: width .6s ease; + -moz-transition: width .6s ease; + -ms-transition: width .6s ease; + -o-transition: width .6s ease; + transition: width .6s ease +} + +.progress-striped .bar { + background-color: #149bdf; + background-image: -o-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -webkit-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -moz-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -ms-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent)); + background-image: linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + -webkit-background-size: 40px 40px; + -moz-background-size: 40px 40px; + -o-background-size: 40px 40px; + background-size: 40px 40px +} + +.progress.active .bar { + -webkit-animation: progress-bar-stripes 2s linear infinite; + -moz-animation: progress-bar-stripes 2s linear infinite; + -ms-animation: progress-bar-stripes 2s linear infinite; + -o-animation: progress-bar-stripes 2s linear infinite; + animation: progress-bar-stripes 2s linear infinite +} + +.progress-danger .bar { + background-color: #dd514c; + background-image: -moz-linear-gradient(top, #ee5f5b, #c43c35); + background-image: -ms-linear-gradient(top, #ee5f5b, #c43c35); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#ee5f5b), to(#c43c35)); + background-image: -webkit-linear-gradient(top, #ee5f5b, #c43c35); + background-image: -o-linear-gradient(top, #ee5f5b, #c43c35); + background-image: linear-gradient(top, #ee5f5b, #c43c35); + background-repeat: repeat-x; + filter: progid:dximagetransform.microsoft.gradient(startColorstr='#ee5f5b', endColorstr='#c43c35', GradientType=0) +} + +.progress-danger.progress-striped .bar { + background-color: #ee5f5b; + background-image: -webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent)); + background-image: -webkit-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -moz-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -ms-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -o-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent) +} + +.progress-success .bar { + background-color: #5eb95e; + background-image: -moz-linear-gradient(top, #62c462, #57a957); + background-image: -ms-linear-gradient(top, #62c462, #57a957); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#62c462), to(#57a957)); + background-image: -webkit-linear-gradient(top, #62c462, #57a957); + background-image: -o-linear-gradient(top, #62c462, #57a957); + background-image: linear-gradient(top, #62c462, #57a957); + background-repeat: repeat-x; + filter: progid:dximagetransform.microsoft.gradient(startColorstr='#62c462', endColorstr='#57a957', GradientType=0) +} + +.progress-success.progress-striped .bar { + background-color: #62c462; + background-image: -webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent)); + background-image: -webkit-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -moz-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -ms-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -o-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent) +} + +.progress-info .bar { + background-color: #4bb1cf; + background-image: -moz-linear-gradient(top, #5bc0de, #339bb9); + background-image: -ms-linear-gradient(top, #5bc0de, #339bb9); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#5bc0de), to(#339bb9)); + background-image: -webkit-linear-gradient(top, #5bc0de, #339bb9); + background-image: -o-linear-gradient(top, #5bc0de, #339bb9); + background-image: linear-gradient(top, #5bc0de, #339bb9); + background-repeat: repeat-x; + filter: progid:dximagetransform.microsoft.gradient(startColorstr='#5bc0de', endColorstr='#339bb9', GradientType=0) +} + +.progress-info.progress-striped .bar { + background-color: #5bc0de; + background-image: -webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent)); + background-image: -webkit-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -moz-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -ms-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -o-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent) +} + +.progress-warning .bar { + background-color: #faa732; + background-image: -moz-linear-gradient(top, #fbb450, #f89406); + background-image: -ms-linear-gradient(top, #fbb450, #f89406); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#fbb450), to(#f89406)); + background-image: -webkit-linear-gradient(top, #fbb450, #f89406); + background-image: -o-linear-gradient(top, #fbb450, #f89406); + background-image: linear-gradient(top, #fbb450, #f89406); + background-repeat: repeat-x; + filter: progid:dximagetransform.microsoft.gradient(startColorstr='#fbb450', endColorstr='#f89406', GradientType=0) +} + +.progress-warning.progress-striped .bar { + background-color: #fbb450; + background-image: -webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent)); + background-image: -webkit-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -moz-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -ms-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -o-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent) +} + +.accordion { + margin-bottom: 18px +} + +.accordion-group { + margin-bottom: 2px; + border: 1px solid #e5e5e5; + -webkit-border-radius: 4px; + -moz-border-radius: 4px; + border-radius: 4px +} + +.accordion-heading { + border-bottom: 0 +} + +.accordion-heading .accordion-toggle { + display: block; + padding: 8px 15px +} + +.accordion-toggle { + cursor: pointer +} + +.accordion-inner { + padding: 9px 15px; + border-top: 1px solid #e5e5e5 +} + +.carousel { + position: relative; + margin-bottom: 18px; + line-height: 1 +} + +.carousel-inner { + position: relative; + width: 100%; + overflow: hidden +} + +.carousel .item { + position: relative; + display: none; + -webkit-transition: .6s ease-in-out left; + -moz-transition: .6s ease-in-out left; + -ms-transition: .6s ease-in-out left; + -o-transition: .6s ease-in-out left; + transition: .6s ease-in-out left +} + +.carousel .item > img { + display: block; + line-height: 1 +} + +.carousel .active, .carousel .next, .carousel .prev { + display: block +} + +.carousel .active { + left: 0 +} + +.carousel .next, .carousel .prev { + position: absolute; + top: 0; + width: 100% +} + +.carousel .next { + left: 100% +} + +.carousel .prev { + left: -100% +} + +.carousel .next.left, .carousel .prev.right { + left: 0 +} + +.carousel .active.left { + left: -100% +} + +.carousel .active.right { + left: 100% +} + +.carousel-control { + position: absolute; + top: 40%; + left: 15px; + width: 40px; + height: 40px; + margin-top: -20px; + font-size: 60px; + font-weight: 100; + line-height: 30px; + color: #fff; + text-align: center; + background: #222; + border: 3px solid #fff; + -webkit-border-radius: 23px; + -moz-border-radius: 23px; + border-radius: 23px; + opacity: .5; + filter: alpha(opacity=50) +} + +.carousel-control.right { + right: 15px; + left: auto +} + +.carousel-control:hover { + color: #fff; + text-decoration: none; + opacity: .9; + filter: alpha(opacity=90) +} + +.carousel-caption { + position: absolute; + right: 0; + bottom: 0; + left: 0; + padding: 10px 15px 5px; + background: #333; + background: rgba(0, 0, 0, 0.75) +} + +.carousel-caption h4, .carousel-caption p { + color: #fff +} + +.hero-unit { + padding: 60px; + margin-bottom: 30px; + background-color: #eee; + -webkit-border-radius: 6px; + -moz-border-radius: 6px; + border-radius: 6px +} + +.hero-unit h1 { + margin-bottom: 0; + font-size: 60px; + line-height: 1; + letter-spacing: -1px; + color: inherit +} + +.hero-unit p { + font-size: 18px; + font-weight: 200; + line-height: 27px; + color: inherit +} + +.pull-right { + float: right +} + +.pull-left { + float: left +} + +.hide { + display: none +} + +.show { + display: block +} + +.invisible { + visibility: hidden +} \ No newline at end of file diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/webapp/authentication.jsp b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/webapp/authentication.jsp index bbc43e26ca..6987abde56 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/webapp/authentication.jsp +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/webapp/authentication.jsp @@ -1,30 +1,30 @@ - +<%-- + ~ Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + ~ + ~ WSO2 Inc. licenses this file to you under the Apache License, + ~ Version 2.0 (the "License"); you may not use this file except + ~ in compliance with the License. + ~ You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, + ~ software distributed under the License is distributed on an + ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + ~ KIND, either express or implied. See the License for the + ~ specific language governing permissions and limitations + ~ under the License. + --%> <%@ page contentType="text/html;charset=UTF-8" language="java" %> -<%@ page import="org.wso2.carbon.identity.application.authentication.endpoint.util.CharacterEncoder"%> +<%@ page import="org.wso2.carbon.identity.application.authentication.endpoint.util.CharacterEncoder" %> <% - String authRequest = (String) request.getParameter("data"); + String authRequest = CharacterEncoder.getSafeText(request.getParameter("data")); %> @@ -32,15 +32,15 @@ - + @@ -72,20 +72,16 @@
- +
-
-
-

Login to continue

-
-
+
+
+

Login to continue

+
+
- <%@ page import="java.util.Map" %> - <%@ page import="org.wso2.carbon.identity.application.authentication.endpoint.util.CharacterEncoder" %> - <%@ page import="org.wso2.carbon.identity.application.authentication.endpoint.Constants" %> - <%@ page import="org.wso2.carbon.identity.application.authentication.endpoint.util.TenantDataManager" %> <% @@ -93,22 +89,22 @@ String queryString = request.getQueryString(); Map idpAuthenticatorMapping = null; if (request.getAttribute(Constants.IDP_AUTHENTICATOR_MAP) != null) { - idpAuthenticatorMapping = (Map)request.getAttribute(Constants.IDP_AUTHENTICATOR_MAP); + idpAuthenticatorMapping = (Map) request.getAttribute(Constants.IDP_AUTHENTICATOR_MAP); } - + String errorMessage = "Authentication Failed! Please Retry"; String loginFailed = "false"; - + if (CharacterEncoder.getSafeText(request.getParameter(Constants.AUTH_FAILURE)) != null && - "true".equals(CharacterEncoder.getSafeText(request.getParameter(Constants - .AUTH_FAILURE)))) { + "true".equals(CharacterEncoder.getSafeText(request.getParameter(Constants + .AUTH_FAILURE)))) { loginFailed = "true"; - - if(CharacterEncoder.getSafeText(request.getParameter(Constants.AUTH_FAILURE_MSG)) != - null){ + + if (CharacterEncoder.getSafeText(request.getParameter(Constants.AUTH_FAILURE_MSG)) != + null) { errorMessage = (String) CharacterEncoder.getSafeText(request.getParameter - (Constants.AUTH_FAILURE_MSG)); - + (Constants.AUTH_FAILURE_MSG)); + if (errorMessage.equalsIgnoreCase("login.fail.message")) { errorMessage = "Authentication Failed! Please Retry"; } @@ -122,34 +118,34 @@ loginForm.submit(); } - -<% -boolean hasLocalLoginOptions = false; -List localAuthenticatorNames = new ArrayList(); + <% -if (idpAuthenticatorMapping.get(Constants.RESIDENT_IDP_RESERVED_NAME) != null){ - String authList = idpAuthenticatorMapping.get(Constants.RESIDENT_IDP_RESERVED_NAME); - if (authList!=null){ - localAuthenticatorNames = Arrays.asList(authList.split(",")); - } -} + boolean hasLocalLoginOptions = false; + List localAuthenticatorNames = new ArrayList(); + if (idpAuthenticatorMapping.get(Constants.RESIDENT_IDP_RESERVED_NAME) != null) { + String authList = idpAuthenticatorMapping.get(Constants.RESIDENT_IDP_RESERVED_NAME); + if (authList != null) { + localAuthenticatorNames = Arrays.asList(authList.split(",")); + } + } -%> -<%if(localAuthenticatorNames.contains("BasicAuthenticator")){ %> + %> + + <%if (localAuthenticatorNames.contains("BasicAuthenticator")) { %> - <%} %> - <% + <%if(idpAuthenticatorMapping.get(Constants.RESIDENT_IDP_RESERVED_NAME) != null){ %> + + <%} %> + <% if ((hasLocalLoginOptions && localAuthenticatorNames.size() > 1) || (!hasLocalLoginOptions) - || (hasLocalLoginOptions && idpAuthenticatorMapping.size() > 1)) { - %> -
-
-
- <% if(hasLocalLoginOptions) { %> -

Other login options:

- <%} else { %> - - <%} %> -
-
+ || (hasLocalLoginOptions && idpAuthenticatorMapping.size() > 1)) { + %> +
+
+
+ <% if (hasLocalLoginOptions) { %> +

Other login options:

+ <%} else { %> + + <%} %> +
+
- -
-
-
-
-
- You are logged in as <%=loggedInUser%>. - - <%=CharacterEncoder.getSafeText(request.getParameter("application"))%> - requests access to your profile information -
-
-
-
- - + diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/webapp/oauth2_consent.jsp b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/webapp/oauth2_consent.jsp index 386aba2f31..262e3bf00b 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/webapp/oauth2_consent.jsp +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint/src/main/webapp/oauth2_consent.jsp @@ -1,33 +1,33 @@ - - -<%@ page import="org.wso2.carbon.identity.application.authentication.endpoint.util.CharacterEncoder"%> +<%-- + ~ Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + ~ + ~ WSO2 Inc. licenses this file to you under the Apache License, + ~ Version 2.0 (the "License"); you may not use this file except + ~ in compliance with the License. + ~ You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, + ~ software distributed under the License is distributed on an + ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + ~ KIND, either express or implied. See the License for the + ~ specific language governing permissions and limitations + ~ under the License. + --%> + <%@ page import="org.wso2.carbon.identity.application.authentication.endpoint.Constants" %> +<%@ page import="org.wso2.carbon.identity.application.authentication.endpoint.util.CharacterEncoder" %> <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %> <% - String app = CharacterEncoder.getSafeText(request.getParameter("application")); + String app = CharacterEncoder.getSafeText(request.getParameter("application")); %> WSO2 Identity Server OAuth2.0 Consent - + @@ -58,60 +58,59 @@ -
-
-
-
- <%=app%> application requests access to your profile information -
-
-
-
- -