stsconfigadmin.java

开源的OpenId的一个java实现

/*
 * Copyright 2005-2007 WSO2, Inc. (http://wso2.com)
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.wso2.solutions.identity.admin;

import org.apache.axis2.AxisFault;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.description.AxisService;
import org.apache.axis2.description.Parameter;
import org.apache.axis2.engine.AxisConfiguration;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.wso2.solutions.identity.IdentityProviderConstants;
import org.wso2.solutions.identity.IdentityProviderException;
import org.wso2.solutions.identity.i18n.Messages;
import org.wso2.solutions.identity.sts.IPPasswordCallback;
import org.wso2.wsas.admin.service.SecurityScenarioConfigAdmin;
import org.wso2.wsas.persistence.PersistenceManager;
import org.wso2.wsas.persistence.dataobject.KeyStoreDO;
import org.wso2.wsas.security.WSS4JUtil;

import javax.security.auth.callback.CallbackHandler;

/**
 * This will allow setting the SecurityTokenService security configuration
 */
public class STSConfigAdmin {

    private final static Log log = LogFactory.getLog(STSConfigAdmin.class);

    private final static Messages messages = Messages
            .getInstance(IdentityProviderConstants.RESOURCES);

    public static void configuraServices(boolean initial)
            throws IdentityProviderException {
        SecurityScenarioConfigAdmin admin = new SecurityScenarioConfigAdmin();
        ConfigurationContext configContext = ConfigurationContextHolder
                .getConfigurationContext();
        AxisConfiguration axisConfig = configContext.getAxisConfiguration();

        try {
            if (initial) {
                admin.assignUsersAndRoles(
                        IdentityProviderConstants.SERVICE_NAME_STS_UT, null,
                        "scenario1", new String[] { "admin" }, new String[] {});

                admin
                        .assignUsersAndRoles(
                                IdentityProviderConstants.OpenId.SERVICE_NAME_STS_OPENID,
                                null, "scenario1", new String[] { "admin" },
                                new String[] {});

                PersistenceManager db = new PersistenceManager();
                KeyStoreDO[] keyStoreDOs = db.getKeyStores();

                // Assuming there's only one keystore
                // Keystore path comparison to find the default keystore doesn't
                // work
                // in windows :-(
                String ksName = keyStoreDOs[0].getKeyStoreName();

                admin.assignUsersAndRolesAndKeyStores(
                        IdentityProviderConstants.SERVICE_NAME_STS_IC, null,
                        "scenario2", new String[] { ksName }, ksName,
                        new String[] { "admin" }, new String[] {});

                admin
                        .assignUsersAndRolesAndKeyStores(
                                IdentityProviderConstants.OpenId.SERVICE_NAME_STS_IC_OPENID,
                                null, "scenario2", new String[] { ksName },
                                ksName, new String[] { "admin" },
                                new String[] {});

                admin.assignUsersAndRolesAndKeyStores(
                        IdentityProviderConstants.SERVICE_NAME_STS_UT_SYMM,
                        null, "scenario3", new String[] { ksName }, ksName,
                        new String[] { "admin" }, new String[] {});

                admin.assignUsersAndRolesAndKeyStores(
                        IdentityProviderConstants.SERVICE_NAME_STS_IC_SYMM,
                        null, "scenario4", new String[] { ksName }, ksName,
                        new String[] { "admin" }, new String[] {});
            }

            // Set the callback handler
            overrideCallbackHandler(axisConfig,
                    IdentityProviderConstants.SERVICE_NAME_STS_UT);
            overrideCallbackHandler(axisConfig,
                    IdentityProviderConstants.SERVICE_NAME_STS_UT_SYMM);
            overrideCallbackHandler(axisConfig,
                    IdentityProviderConstants.OpenId.SERVICE_NAME_STS_OPENID);

        } catch (AxisFault e) {
            log.error(messages
                    .getMessage("errorInChangingSecurityConfiguration"), e);
            throw new IdentityProviderException(
                    "errorInChangingSecurityConfiguration", e);
        }
    }

    /**
     * Override WSAS callback handler to be able to auth users with usermanager.
     * 
     * @param axisConfig
     * @throws AxisFault
     */
    private static void overrideCallbackHandler(AxisConfiguration axisConfig,
            String service) throws AxisFault {
        AxisService sts = axisConfig.getService(service);
        Parameter cbHandlerParam = sts
                .getParameter(WSHandlerConstants.PW_CALLBACK_REF);
        if (cbHandlerParam != null) {
            sts.removeParameter(cbHandlerParam);
            if (log.isDebugEnabled()) {
                log.debug(messages.getMessage("removedParameter", new String[] {
                        cbHandlerParam.getName(), sts.getName() }));
            }
        }

        IPPasswordCallback cb = new IPPasswordCallback(
                (CallbackHandler) WSS4JUtil.getPasswordCallBackRefParameter(
                        service, null).getValue());

        Parameter param = new Parameter();
        param.setName(WSHandlerConstants.PW_CALLBACK_REF);
        param.setValue(cb);
        sts.addParameter(param);

        if (log.isDebugEnabled()) {
            log.debug(messages.getMessage("addedParameter", new String[] {
                    param.getName(), sts.getName() }));
        }
    }

}