CLOUDSTACK-7083: Add SAML2 SSO plugin skeleton and stub Signed-off-by: Rohit Yadav <rohit.ya...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/9282f76d Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/9282f76d Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/9282f76d Branch: refs/heads/auth-refactor Commit: 9282f76d4458d64d7f46e45925f839ffa9ad1047 Parents: 737f76d Author: Rohit Yadav <rohit.ya...@shapeblue.com> Authored: Tue Aug 5 17:03:44 2014 +0200 Committer: Rohit Yadav <rohit.ya...@shapeblue.com> Committed: Tue Aug 12 09:19:41 2014 +0200 ---------------------------------------------------------------------- plugins/pom.xml | 1 + .../saml2/findbugsExcludeFilter.xml | 25 +++++++++++ plugins/user-authenticators/saml2/pom.xml | 29 ++++++++++++ .../META-INF/cloudstack/saml2/module.properties | 18 ++++++++ .../cloudstack/saml2/spring-saml2-context.xml | 32 ++++++++++++++ .../cloudstack/SAML2UserAuthenticator.java | 46 ++++++++++++++++++++ .../cloudstack/SAML2UserAuthenticatorTest.java | 39 +++++++++++++++++ 7 files changed, 190 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9282f76d/plugins/pom.xml ---------------------------------------------------------------------- diff --git a/plugins/pom.xml b/plugins/pom.xml index b3890c0..0b1b62d 100755 --- a/plugins/pom.xml +++ b/plugins/pom.xml @@ -72,6 +72,7 @@ <module>user-authenticators/ldap</module> <module>user-authenticators/md5</module> <module>user-authenticators/plain-text</module> + <module>user-authenticators/saml2</module> <module>user-authenticators/sha256salted</module> <module>network-elements/dns-notifier</module> <module>storage/image/s3</module> http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9282f76d/plugins/user-authenticators/saml2/findbugsExcludeFilter.xml ---------------------------------------------------------------------- diff --git a/plugins/user-authenticators/saml2/findbugsExcludeFilter.xml b/plugins/user-authenticators/saml2/findbugsExcludeFilter.xml new file mode 100644 index 0000000..d372850 --- /dev/null +++ b/plugins/user-authenticators/saml2/findbugsExcludeFilter.xml @@ -0,0 +1,25 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> +<FindBugsFilter> + + +</FindBugsFilter> http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9282f76d/plugins/user-authenticators/saml2/pom.xml ---------------------------------------------------------------------- diff --git a/plugins/user-authenticators/saml2/pom.xml b/plugins/user-authenticators/saml2/pom.xml new file mode 100644 index 0000000..bfe5eb7 --- /dev/null +++ b/plugins/user-authenticators/saml2/pom.xml @@ -0,0 +1,29 @@ +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> + <modelVersion>4.0.0</modelVersion> + <artifactId>cloud-plugin-user-authenticator-saml2</artifactId> + <name>Apache CloudStack Plugin - User Authenticator SAML2</name> + <parent> + <groupId>org.apache.cloudstack</groupId> + <artifactId>cloudstack-plugins</artifactId> + <version>4.5.0-SNAPSHOT</version> + <relativePath>../../pom.xml</relativePath> + </parent> +</project> http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9282f76d/plugins/user-authenticators/saml2/resources/META-INF/cloudstack/saml2/module.properties ---------------------------------------------------------------------- diff --git a/plugins/user-authenticators/saml2/resources/META-INF/cloudstack/saml2/module.properties b/plugins/user-authenticators/saml2/resources/META-INF/cloudstack/saml2/module.properties new file mode 100644 index 0000000..0da9d5b --- /dev/null +++ b/plugins/user-authenticators/saml2/resources/META-INF/cloudstack/saml2/module.properties @@ -0,0 +1,18 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +name=saml2 +parent=api http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9282f76d/plugins/user-authenticators/saml2/resources/META-INF/cloudstack/saml2/spring-saml2-context.xml ---------------------------------------------------------------------- diff --git a/plugins/user-authenticators/saml2/resources/META-INF/cloudstack/saml2/spring-saml2-context.xml b/plugins/user-authenticators/saml2/resources/META-INF/cloudstack/saml2/spring-saml2-context.xml new file mode 100644 index 0000000..f244292 --- /dev/null +++ b/plugins/user-authenticators/saml2/resources/META-INF/cloudstack/saml2/spring-saml2-context.xml @@ -0,0 +1,32 @@ +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:context="http://www.springframework.org/schema/context"; + xmlns:aop="http://www.springframework.org/schema/aop"; + xsi:schemaLocation="http://www.springframework.org/schema/beans + http://www.springframework.org/schema/beans/spring-beans-3.0.xsd + http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd + http://www.springframework.org/schema/context + http://www.springframework.org/schema/context/spring-context-3.0.xsd";> + + <bean id="SAML2UserAuthenticator" class="org.apache.cloudstack.SAML2UserAuthenticator"> + <property name="name" value="SAML2"/> + </bean> + +</beans> http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9282f76d/plugins/user-authenticators/saml2/src/org/apache/cloudstack/SAML2UserAuthenticator.java ---------------------------------------------------------------------- diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/SAML2UserAuthenticator.java b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/SAML2UserAuthenticator.java new file mode 100644 index 0000000..4e1e795 --- /dev/null +++ b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/SAML2UserAuthenticator.java @@ -0,0 +1,46 @@ +// Licensed to the Apache Software Foundation (ASF) under one or more +// contributor license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright ownership. +// The ASF licenses this file to You under the Apache License, Version 2.0 +// (the "License"); you may not use this file except in compliance with +// the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package org.apache.cloudstack; + +import com.cloud.server.auth.DefaultUserAuthenticator; +import com.cloud.server.auth.UserAuthenticator; +import com.cloud.utils.Pair; +import org.apache.log4j.Logger; + +import javax.ejb.Local; +import java.util.Map; + +@Local(value = {UserAuthenticator.class}) +public class SAML2UserAuthenticator extends DefaultUserAuthenticator { + public static final Logger s_logger = Logger.getLogger(SAML2UserAuthenticator.class); + + @Override + public Pair<Boolean, ActionOnFailedAuthentication> authenticate(String username, String password, Long domainId, Map<String, Object[]> requestParameters) { + if (s_logger.isDebugEnabled()) { + s_logger.debug("Trying SAML2 auth for user: " + username); + } + + // TODO: implement core logic, HTTP GET redirections etc. + + return new Pair<Boolean, ActionOnFailedAuthentication>(true, null); + } + + @Override + public String encode(final String password) { + // TODO: Complete method + StringBuilder sb = new StringBuilder(32); + return sb.toString(); + } +} http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9282f76d/plugins/user-authenticators/saml2/test/org/apache/cloudstack/SAML2UserAuthenticatorTest.java ---------------------------------------------------------------------- diff --git a/plugins/user-authenticators/saml2/test/org/apache/cloudstack/SAML2UserAuthenticatorTest.java b/plugins/user-authenticators/saml2/test/org/apache/cloudstack/SAML2UserAuthenticatorTest.java new file mode 100644 index 0000000..8298c6c --- /dev/null +++ b/plugins/user-authenticators/saml2/test/org/apache/cloudstack/SAML2UserAuthenticatorTest.java @@ -0,0 +1,39 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cloudstack; + +import org.junit.Test; +import org.junit.runner.RunWith; + +import org.mockito.runners.MockitoJUnitRunner; + +@RunWith(MockitoJUnitRunner.class) +public class SAML2UserAuthenticatorTest { + + @Test + public void encode() { + + } + + @Test + public void authenticate() throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException { + + } +}
