You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by co...@apache.org on 2009/06/24 16:03:58 UTC
svn commit: r788027 - in /webservices/wss4j/branches/1_5_x-fixes:
src/org/apache/ws/security/ src/org/apache/ws/security/handler/
src/org/apache/ws/security/message/token/
src/org/apache/ws/security/processor/ test/wssec/
Author: coheigea
Date: Wed Jun 24 14:03:58 2009
New Revision: 788027
URL: http://svn.apache.org/viewvc?rev=788027&view=rev
Log:
[WSS-199] - Backported from trunk.
Added:
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityWSS199.java
- copied, changed from r787976, webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS199.java
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSConfig.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandlerConstants.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/token/UsernameToken.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/UsernameTokenProcessor.java
webservices/wss4j/branches/1_5_x-fixes/test/wssec/PackageTests.java
Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSConfig.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSConfig.java?rev=788027&r1=788026&r2=788027&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSConfig.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSConfig.java Wed Jun 24 14:03:58 2009
@@ -196,6 +196,14 @@
*/
protected boolean handleCustomPasswordTypes = false;
+ /**
+ * This variable controls whether (wsse) namespace qualified password types are
+ * accepted when processing UsernameTokens.
+ *
+ * By default this is set to false.
+ */
+ protected boolean allowNamespaceQualifiedPasswordTypes = false;
+
/**
* The default wsu:Id allocator is a simple "start at 1 and increment up"
@@ -383,7 +391,22 @@
public boolean getHandleCustomPasswordTypes() {
return handleCustomPasswordTypes;
}
-
+
+ /**
+ * @param allowNamespaceQualifiedTypes
+ * whether (wsse) namespace qualified password types are accepted or not
+ */
+ public void setAllowNamespaceQualifiedPasswordTypes(boolean allowNamespaceQualifiedTypes) {
+ allowNamespaceQualifiedPasswordTypes = allowNamespaceQualifiedTypes;
+ }
+
+ /**
+ * @return whether (wsse) namespace qualified password types are accepted or not
+ */
+ public boolean getAllowNamespaceQualifiedPasswordTypes() {
+ return allowNamespaceQualifiedPasswordTypes;
+ }
+
/**
* @return Returns if we shall throw an exception on expired request
* semantic
Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java?rev=788027&r1=788026&r2=788027&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java Wed Jun 24 14:03:58 2009
@@ -258,6 +258,9 @@
);
wssConfig.setTimeStampStrict(decodeTimestampStrict(reqData));
wssConfig.setHandleCustomPasswordTypes(decodeCustomPasswordTypes(reqData));
+ wssConfig.setAllowNamespaceQualifiedPasswordTypes(
+ decodeNamespaceQualifiedPasswordTypes(reqData)
+ );
reqData.setWssConfig(wssConfig);
if ((doAction & WSConstants.SIGN) == WSConstants.SIGN) {
@@ -728,6 +731,28 @@
"WSHandler: illegal handleCustomPasswordTypes parameter"
);
}
+
+ protected boolean decodeNamespaceQualifiedPasswordTypes(RequestData reqData)
+ throws WSSecurityException {
+ String value = getString(
+ WSHandlerConstants.ALLOW_NAMESPACE_QUALIFIED_PASSWORD_TYPES,
+ reqData.getMsgContext()
+ );
+
+ if (value == null) {
+ return false;
+ }
+ if ("0".equals(value) || "false".equals(value)) {
+ return false;
+ }
+ if ("1".equals(value) || "true".equals(value)) {
+ return true;
+ }
+
+ throw new WSSecurityException(
+ "WSHandler: illegal allowNamespaceQualifiedPasswordTypes parameter"
+ );
+ }
protected boolean decodeTimestampStrict(RequestData reqData)
throws WSSecurityException {
Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandlerConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandlerConstants.java?rev=788027&r1=788026&r2=788027&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandlerConstants.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandlerConstants.java Wed Jun 24 14:03:58 2009
@@ -496,6 +496,15 @@
* reject custom token types in the callback handler.
*/
public static final String HANDLE_CUSTOM_PASSWORD_TYPES = "handleCustomPasswordTypes";
+
+ /**
+ * This variable controls whether (wsse) namespace qualified password types are
+ * accepted when processing UsernameTokens.
+ *
+ * By default this is set to false.
+ */
+ public static final String ALLOW_NAMESPACE_QUALIFIED_PASSWORD_TYPES
+ = "allowNamespaceQualifiedPasswordTypes";
/**
* Parameter to generate additional elements in <code>UsernameToken</code>.
Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/token/UsernameToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/token/UsernameToken.java?rev=788027&r1=788026&r2=788027&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/token/UsernameToken.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/token/UsernameToken.java Wed Jun 24 14:03:58 2009
@@ -71,7 +71,7 @@
protected String passwordType = null;
protected boolean hashed = true;
private String rawPassword; // enhancement by Alberto Coletti
-
+
static {
try {
random = WSSecurityUtil.resolveSecureRandom();
@@ -81,7 +81,7 @@
}
}
}
-
+
/**
* Constructs a <code>UsernameToken</code> object and parses the
* <code>wsse:UsernameToken</code> element to initialize it.
@@ -91,6 +91,23 @@
* @throws WSSecurityException
*/
public UsernameToken(Element elem) throws WSSecurityException {
+ this (elem, false);
+ }
+
+ /**
+ * Constructs a <code>UsernameToken</code> object and parses the
+ * <code>wsse:UsernameToken</code> element to initialize it.
+ *
+ * @param elem the <code>wsse:UsernameToken</code> element that contains
+ * the UsernameToken data
+ * @param allowNamespaceQualifiedPasswordTypes whether to allow (wsse)
+ * namespace qualified password types or not (for interop with WCF)
+ * @throws WSSecurityException
+ */
+ public UsernameToken(
+ Element elem,
+ boolean allowNamespaceQualifiedPasswordTypes
+ ) throws WSSecurityException {
element = elem;
QName el = new QName(element.getNamespaceURI(), element.getLocalName());
if (!el.equals(TOKEN)) {
@@ -147,9 +164,26 @@
}
return;
}
- if (elementPassword != null
- && elementPassword.hasAttribute(WSConstants.PASSWORD_TYPE_ATTR)) {
- passwordType = elementPassword.getAttribute(WSConstants.PASSWORD_TYPE_ATTR);
+ if (elementPassword != null) {
+ if (elementPassword.hasAttribute(WSConstants.PASSWORD_TYPE_ATTR)) {
+ passwordType = elementPassword.getAttribute(WSConstants.PASSWORD_TYPE_ATTR);
+ } else if (elementPassword.hasAttributeNS(
+ WSConstants.WSSE_NS, WSConstants.PASSWORD_TYPE_ATTR)
+ ) {
+ if (allowNamespaceQualifiedPasswordTypes) {
+ passwordType =
+ elementPassword.getAttributeNS(
+ WSConstants.WSSE_NS, WSConstants.PASSWORD_TYPE_ATTR
+ );
+ } else {
+ throw new WSSecurityException(
+ WSSecurityException.INVALID_SECURITY_TOKEN,
+ "badTokenType01",
+ new Object[] {el}
+ );
+ }
+ }
+
}
if (passwordType != null
&& passwordType.equals(WSConstants.PASSWORD_DIGEST)) {
Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/UsernameTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/UsernameTokenProcessor.java?rev=788027&r1=788026&r2=788027&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/UsernameTokenProcessor.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/UsernameTokenProcessor.java Wed Jun 24 14:03:58 2009
@@ -43,6 +43,7 @@
private String utId;
private UsernameToken ut;
private boolean handleCustomPasswordTypes;
+ private boolean allowNamespaceQualifiedPasswordTypes;
public void handleToken(Element elem, Crypto crypto, Crypto decCrypto, CallbackHandler cb,
WSDocInfo wsDocInfo, Vector returnResults, WSSConfig wsc) throws WSSecurityException {
@@ -50,6 +51,7 @@
log.debug("Found UsernameToken list element");
}
handleCustomPasswordTypes = wsc.getHandleCustomPasswordTypes();
+ allowNamespaceQualifiedPasswordTypes = wsc.getAllowNamespaceQualifiedPasswordTypes();
Principal lastPrincipalFound = handleUsernameToken((Element) elem, cb);
returnResults.add(
@@ -86,7 +88,7 @@
//
// Parse the UsernameToken element
//
- ut = new UsernameToken(token);
+ ut = new UsernameToken(token, allowNamespaceQualifiedPasswordTypes);
String user = ut.getName();
String password = ut.getPassword();
String nonce = ut.getNonce();
Modified: webservices/wss4j/branches/1_5_x-fixes/test/wssec/PackageTests.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/test/wssec/PackageTests.java?rev=788027&r1=788026&r2=788027&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/test/wssec/PackageTests.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/test/wssec/PackageTests.java Wed Jun 24 14:03:58 2009
@@ -88,6 +88,7 @@
suite.addTestSuite(TestWSSecurityResultsOrder.class);
suite.addTestSuite(TestWSSecurityWSS178.class);
suite.addTestSuite(TestWSSecurityWSS194.class);
+ suite.addTestSuite(TestWSSecurityWSS199.class);
return suite;
}
Copied: webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityWSS199.java (from r787976, webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS199.java)
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityWSS199.java?p2=webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityWSS199.java&p1=webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS199.java&r1=787976&r2=788027&rev=788027&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS199.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityWSS199.java Wed Jun 24 14:03:58 2009
@@ -148,12 +148,12 @@
if (callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
assertEquals(pc.getPasswordType(), WSConstants.PASSWORD_TEXT);
- if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN
- && "wernerd".equals(pc.getIdentifier())) {
- pc.setPassword("verySecret");
- } else if (
- pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN
- ) {
+ if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+ if (!"wernerd".equals(pc.getIdentifier())
+ && !"verySecret".equals(pc.getPassword())) {
+ throw new IOException("Authentication failed");
+ }
+ } else {
throw new IOException("Authentication failed");
}
} else {
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org