/** * Copyright 2005 Sun Microsystems, Inc. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * - Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * - Redistribution in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * Neither the name of Sun Microsystems, Inc. or the names of * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * This software is provided "AS IS," without a warranty of any * kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND * WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY * EXCLUDED. SUN AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY * DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR * DISTRIBUTING THE SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL SUN * OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, * OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR * PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF * LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE SOFTWARE, * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. * * You acknowledge that Software is not designed, licensed or * intended for use in the design, construction, operation or * maintenance of any nuclear facility. */ /** * This class WebservicesClientWithoutJSR196 showcases the user's * authentication using Identity webservices API provided by the Access * Manager with an Authentication Provider (A provider which hosts Liberty * Authentication Service). */ public class WebservicesClientWithoutJSR196 { // Default constructor. public WebservicesClientWithoutJSR196() {} /** * Authenticates the user with a remote Authentication service provider * using PLAIN SASL Authentication mechanism. * @param userName userID * @param password Password * @param authurl URL for the Remote Authentication Service. * @return SASLResponse SASL Authentication Response which contains the * Authentication status. Also if the authentication is successful * it contains discovery service bootstrap resource offering * information and possible credentials for accesing discovery * @exception if error is occured. */ public SASLResponse authenticate( String userName, String password, String authurl) throws Exception { /** * Create a SASL Request using the username/password * SASL Authentication is a two step authentication process., in the * first pass a caller needs to present the identity that is willing * to authenticate using PLAIN auth mech., and in the second pass * by presenting it's credentials. */ // This is a first pass SASLRequest saslReq = new SASLRequest(AuthnSvcConstants.MECHANISM_PLAIN); saslReq.setAuthzID(userName); saslReq.setAdvisoryAuthnID(userName); SASLResponse saslResp = AuthnSvcClient.sendRequest(saslReq, authurl); if(!saslResp.getStatusCode().equals(SASLResponse.CONTINUE)) { System.err.println("Authentication Service issued an abort."); throw new Exception("Authentication abort"); } // now pass the user's credential if authnsv service issues a continue String serverMechanism = saslResp.getServerMechanism(); saslReq = new SASLRequest(serverMechanism); String dataStr = userName + "\0" + userName + "\0" + password; saslReq.setData(dataStr.getBytes("UTF-8")); saslReq.setRefToMessageID(saslResp.getMessageID()); saslResp = AuthnSvcClient.sendRequest(saslReq, authurl); if(!saslResp.getStatusCode().equals(SASLResponse.OK)) { System.err.println("Authentication failure"); throw new Exception("Authentication abort"); } return saslResp; } /** * Returns the webservice resource offering registered in * discovery service. * @param saslResponse Authentication Service Response. * @param serviceType Webservice type for e.g. chips web service URI. * @return QueryResponse Discovery Query Response that has webservice * resource offerings registered in the discovery * service. Also this would return if there are * any credentials that are needed to invoke the * webservice. * */ public QueryResponse getWebServiceOffering( SASLResponse saslResponse, String serviceType) throws Exception { //Get the discovery resource offering ResourceOffering discoRO = saslResponse.getResourceOffering(); //Get the credentials List credentials = saslResponse.getCredentials(); // Check if there are any credentials needed for accessing discovery // service. This would be a SAML Assertion if the credential is from // an Authn service. SecurityAssertion assertion = null; if(credentials != null && !credentials.isEmpty()) { assertion = new SecurityAssertion((Element)credentials.get(0)); } // Get the discovery end point String discoEndpoint = ((Description)discoRO.getServiceInstance(). getDescription().get(0)).getEndpoint(); // Construct the requested service type. RequestedService rs = new RequestedService(null, serviceType); //Construct the query. List list = new ArrayList(); list.add(rs); Query discoQuery = new Query(discoRO.getResourceID(), list); // Construct the discovery client DiscoveryClient discoClient = null; if(assertion != null) { discoClient = new DiscoveryClient( assertion, discoEndpoint, null); } else { discoClient = new DiscoveryClient(discoEndpoint, null); } //Make a discovery query return discoClient.getResourceOffering(discoQuery); } /** * Do a webservices request using discovery response that has * webservice resource offerings and any possible credentials. * @param discoResponse Discovery Query Response. * @param request Webservices request. * @return Element Webservices response. * @exception if any error is occured. */ public Element doWebServiceRequest( QueryResponse discoResponse, Element request) throws Exception { //Each resource can have multiple resource offerings, here just take // the first one for simplicity. List offerings = discoResponse.getResourceOffering(); ResourceOffering webserviceRO = (ResourceOffering)offerings.get(0); //Retrieve if there are any credentials for accessing WS. SecurityAssertion assertion = null; List credentials = discoResponse.getCredentials(); if(credentials != null && !credentials.isEmpty()) { assertion = (SecurityAssertion)credentials.get(0); } // Get the webservice endpoint. String wsEndpoint = ((Description)webserviceRO.getServiceInstance(). getDescription().get(0)).getEndpoint(); // SecurityAssertion assertion = null; // Create a SOAP Message request. Message msg = null; if(assertion != null) { msg = new Message(null, assertion); } else { msg = new Message(); } //Set the request in to the SOAP Body. List list = new ArrayList(); list.add(request); msg.setSOAPBodies(list); // Make a call to the webservice Message response = Client.sendRequest(msg, wsEndpoint, null, null); List responseBodies = response.getBodies(); if(responseBodies != null && !responseBodies.isEmpty()) { return (Element)responseBodies.get(0); } throw new Exception("Webservices request failed"); } }