You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by we...@apache.org on 2006/01/10 16:38:35 UTC
svn commit: r367649 [2/2] -
/webservices/commons/trunk/policy/src/examples/secParser/
Modified: webservices/commons/trunk/policy/src/examples/secParser/WSSPolicyProcessorFull.java
URL: http://svn.apache.org/viewcvs/webservices/commons/trunk/policy/src/examples/secParser/WSSPolicyProcessorFull.java?rev=367649&r1=367648&r2=367649&view=diff
==============================================================================
--- webservices/commons/trunk/policy/src/examples/secParser/WSSPolicyProcessorFull.java (original)
+++ webservices/commons/trunk/policy/src/examples/secParser/WSSPolicyProcessorFull.java Tue Jan 10 07:38:28 2006
@@ -20,7 +20,6 @@
import java.io.FileNotFoundException;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
-import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
@@ -32,248 +31,306 @@
import org.apache.ws.policy.util.PolicyReader;
import org.apache.ws.policy.util.PolicyFactory;
-
/**
* @author Werner Dittmann (werner@apache.org)
*/
public class WSSPolicyProcessorFull {
- FileInputStream fis = null;
+ FileInputStream fis = null;
- PolicyReader prdr = null;
+ PolicyReader prdr = null;
- Policy merged = null;
+ Policy merged = null;
- int level = 0;
+ SecurityPolicyToken topLevel = new SecurityPolicyToken("_TopLevel_",
+ SecurityPolicyToken.COMPLEX_TOKEN, null);
-// ArrayList securityTokens = new ArrayList();
-
- SecurityPolicyToken topLevel = new SecurityPolicyToken("_TopLevel_",
- SecurityPolicyToken.COMPLEX_TOKEN, true, null);
-
- SecurityPolicy secPolicy = null;
-
- public static void main(String[] args) throws Exception {
-
- WSSPolicyProcessorFull processor = new WSSPolicyProcessorFull();
- if (!processor.setup()) {
- return;
- }
- String[] files = new String[1];
- // files[0] = "policy/src/examples/policy2.xml";
- // files[0] = "policy/src/examples/SecurityPolicyMsg.xml";
- // processor.go(files);
- // System.out
- // .println("\n ----------------------------------------------------");
- files = new String[2];
- files[0] = "policy/src/examples/SecurityPolicyBindings.xml";
- files[1] = "policy/src/examples/SecurityPolicyMsg.xml";
- processor.go(files);
- }
-
- boolean setup() throws NoSuchMethodException {
- prdr = PolicyFactory.getPolicyReader(PolicyFactory.OM_POLICY_READER);
- secPolicy = new SecurityPolicy();
-
- SecurityPolicyToken spt = secPolicy.initializeSignedParts(this);
- topLevel.setChildToken(spt);
-
- return true;
- }
-
- void go(String[] args) {
-
- merged = null;
- for (int i = 0; i < args.length; i++) {
- try {
- fis = new FileInputStream(args[i]);
- } catch (FileNotFoundException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
-
- Policy newPolicy = prdr.readPolicy(fis);
- newPolicy = (Policy) newPolicy.normalize();
- // if (!newPolicy.isNormalized()) {
- // throw new RuntimeException("newPolicy is not in normalized
- // format");
- // }
- if (merged == null) {
- merged = newPolicy;
- } else {
- merged = (Policy) merged.merge(newPolicy);
- }
- try {
- fis.close();
- } catch (IOException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
- processPolicy(merged);
- }
-
- /**
- * This method takes a normalized policy object, processes it and returns
- * true if all assertion can be fulfilled.
- *
- * Each policy must be nromalized accordig to the WS Policy framework
- * specification. Therefore a policy has one child (wsp:ExactlyOne) that is
- * a XorCompositeAssertion. This child may contain one or more other terms
- * (alternatives). To match the policy one of these terms (alternatives)
- * must match. If none of the contained terms match this policy cannot be
- * enforced.
- *
- * @param policy
- * The policy to process
- * @return True if this policy can be enforced by the policy enforcement
- * implmentation
- */
- public boolean processPolicy(Policy policy) {
-
- if (!policy.isNormalized()) {
- throw new RuntimeException("Policy is not in normalized format");
- }
-
- XorCompositeAssertion xor = (XorCompositeAssertion) policy.getTerms()
- .get(0);
- List listOfPolicyAlternatives = xor.getTerms();
-
- boolean success = false;
- int numberOfAlternatives = listOfPolicyAlternatives.size();
-
- for (int i = 0; !success && i < numberOfAlternatives; i++) {
- AndCompositeAssertion aPolicyAlternative = (AndCompositeAssertion) listOfPolicyAlternatives
- .get(i);
-
- List listOfAssertions = aPolicyAlternative.getTerms();
-
- Iterator iterator = listOfAssertions.iterator();
- /*
- * Loop over all assertions in this alternative. If all assertions
- * can be fulfilled then we choose this alternative and signal a
- * success.
- */
- boolean all = true;
- while (all && iterator.hasNext()) {
- Assertion assertion = (Assertion) iterator.next();
- if (assertion instanceof Policy) {
- all = processPolicy((Policy) assertion);
- continue;
- }
- if (!(assertion instanceof PrimitiveAssertion)) {
- System.out.println("Got a unexpected assertion type: "
- + assertion.getClass().getName());
- continue;
- }
- all = processPrimitiveAssertion((PrimitiveAssertion) assertion);
- }
- /*
- * copy the status of assertion processing. If all is true the this
- * alternative is "success"ful
- */
- success = all;
- }
- return success;
- }
-
- boolean processPrimitiveAssertion(PrimitiveAssertion pa) {
- /*
- * We need to pick only the primitive assertions which conatain a
- * WSSecurityPolicy policy assertion. For that we'll check the namespace
- * of the primitive assertion
- */
- boolean commit = true;
-
- if (pa.getName().getNamespaceURI().equals(
- "http://schemas.xmlsoap.org/ws/2005/07/securitypolicy")) {
- commit = startPolicyTransaction(pa);
- }
-
- List terms = pa.getTerms();
- if (terms.size() > 0) {
- for (int i = 0; commit && i < terms.size(); i++) {
- level++;
- Assertion assertion = (Assertion) pa.getTerms().get(i);
- if (assertion instanceof Policy) {
- assertion = assertion.normalize();
- commit = processPolicy((Policy) assertion);
- } else if (assertion instanceof PrimitiveAssertion) {
- commit = processPrimitiveAssertion((PrimitiveAssertion) assertion);
- }
- level--;
- }
- }
- if (commit) {
- commitPolicyTransaction(pa);
- } else {
- abortPolicyTransaction(pa);
- }
- return commit;
- }
-
- public boolean startPolicyTransaction(PrimitiveAssertion prim) {
-
- /*
- * May be I should be setting the configuration options in
- * WSDoAll*Handler according to this security assertion.
- */
- StringBuffer indent = new StringBuffer();
- for (int i = 0; i < level; i++) {
- indent.append(" ");
- }
- String tokenName = prim.getName().getLocalPart();
- System.out.println(new String(indent) + tokenName);
- String text = prim.getStrValue();
- if (text != null) {
- text = text.trim();
- System.out
- .println(new String(indent) + "Value: '" + text.toString() + "'");
- }
- SecurityPolicyToken spt = topLevel.getChildToken(tokenName);
- SecurityProcessorContext spc = new SecurityProcessorContext();
- if (spt != null) {
- try {
- System.out.println("SPT: " + spt);
- spt.invokeProcessTokenMethod(spc);
- } catch (IllegalArgumentException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (IllegalAccessException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (InvocationTargetException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
- return true;
- }
-
- public void abortPolicyTransaction(PrimitiveAssertion prim) {
- System.out.println("Aborting Policy transaction "
- + prim.getName().getLocalPart());
- }
-
- public void commitPolicyTransaction(PrimitiveAssertion prim) {
- System.out.println("Commit Policy transaction "
- + prim.getName().getLocalPart());
- }
-
- public Object doSignedParts(SecurityProcessorContext spc) {
- System.out.println("We found a SignedParts token");
- return new Boolean(true);
- }
-
- public Object doBody(SecurityProcessorContext spc) {
- System.out.println("We found a Body token");
- return new Boolean(true);
- }
-
- public Object doHeader(SecurityProcessorContext spc) {
- System.out.println("We found a Header token");
- return new Boolean(true);
- }
-
+ SecurityPolicy secPolicy = null;
+
+ SecurityProcessorContext secProcessorContext = null;
+
+ public static void main(String[] args) throws Exception {
+
+ WSSPolicyProcessorFull processor = new WSSPolicyProcessorFull();
+ if (!processor.setup()) {
+ return;
+ }
+ String[] files = new String[1];
+ files = new String[2];
+ files[0] = "policy/src/examples/SecurityPolicyBindings.xml";
+ files[1] = "policy/src/examples/SecurityPolicyMsg.xml";
+ processor.go(files);
+ }
+
+ boolean setup() throws NoSuchMethodException {
+ prdr = PolicyFactory.getPolicyReader(PolicyFactory.OM_POLICY_READER);
+
+ secPolicy = new SecurityPolicy();
+
+ /*
+ * Initialize the top level security policy token.
+ */
+ SecurityPolicyToken spt = null;
+
+ SignedPartsElementsProcessor spep = new SignedPartsElementsProcessor();
+ spt = secPolicy.signedParts.copy();
+ spt.setProcessTokenMethod(spep);
+ topLevel.setChildToken(spt);
+
+ spt = secPolicy.signedElements.copy();
+ spt.setProcessTokenMethod(spep);
+ topLevel.setChildToken(spt);
+
+ EncryptedPartsElementsProcessor epep = new EncryptedPartsElementsProcessor();
+ spt = secPolicy.encryptedParts.copy();
+ spt.setProcessTokenMethod(epep);
+ topLevel.setChildToken(spt);
+
+ spt = secPolicy.encryptedElements.copy();
+ spt.setProcessTokenMethod(epep);
+ topLevel.setChildToken(spt);
+
+// X509TokenProcessor x509t = new X509TokenProcessor();
+// spt = secPolicy.x509Token.copy();
+// spt.setProcessTokenMethod(x509t);
+// topLevel.setChildToken(spt);
+//
+// UsernameTokenProcessor unt = new UsernameTokenProcessor();
+// spt = secPolicy.usernameToken.copy();
+// spt.setProcessTokenMethod(unt);
+// topLevel.setChildToken(spt);
+
+ /*
+ * Now get a context and push the top level token onto the token stack.
+ * The top level token is a special token that acts as anchor to start
+ * parsing.
+ */
+ secProcessorContext = new SecurityProcessorContext();
+ secProcessorContext.pushSecurityToken(topLevel);
+
+ return true;
+ }
+
+ void go(String[] args) {
+
+ merged = null;
+ for (int i = 0; i < args.length; i++) {
+ try {
+ fis = new FileInputStream(args[i]);
+ } catch (FileNotFoundException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+
+ Policy newPolicy = prdr.readPolicy(fis);
+ newPolicy = (Policy) newPolicy.normalize();
+
+ if (merged == null) {
+ merged = newPolicy;
+ } else {
+ merged = (Policy) merged.merge(newPolicy);
+ }
+ try {
+ fis.close();
+ } catch (IOException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+ processPolicy(merged);
+ }
+
+ /**
+ * This method takes a normalized policy object, processes it and returns
+ * true if all assertion can be fulfilled.
+ *
+ * Each policy must be nromalized accordig to the WS Policy framework
+ * specification. Therefore a policy has one child (wsp:ExactlyOne) that is
+ * a XorCompositeAssertion. This child may contain one or more other terms
+ * (alternatives). To match the policy one of these terms (alternatives)
+ * must match. If none of the contained terms match this policy cannot be
+ * enforced.
+ *
+ * @param policy
+ * The policy to process
+ * @return True if this policy can be enforced by the policy enforcement
+ * implmentation
+ */
+ public boolean processPolicy(Policy policy) {
+
+ if (!policy.isNormalized()) {
+ throw new RuntimeException("Policy is not in normalized format");
+ }
+
+ XorCompositeAssertion xor = (XorCompositeAssertion) policy.getTerms()
+ .get(0);
+ List listOfPolicyAlternatives = xor.getTerms();
+
+ boolean success = false;
+ int numberOfAlternatives = listOfPolicyAlternatives.size();
+
+ for (int i = 0; !success && i < numberOfAlternatives; i++) {
+ AndCompositeAssertion aPolicyAlternative = (AndCompositeAssertion) listOfPolicyAlternatives
+ .get(i);
+
+ List listOfAssertions = aPolicyAlternative.getTerms();
+
+ Iterator iterator = listOfAssertions.iterator();
+ /*
+ * Loop over all assertions in this alternative. If all assertions
+ * can be fulfilled then we choose this alternative and signal a
+ * success.
+ */
+ boolean all = true;
+ while (all && iterator.hasNext()) {
+ Assertion assertion = (Assertion) iterator.next();
+
+ /*
+ * At this point we expect PrimitiveAssertions only.
+ */
+ if (!(assertion instanceof PrimitiveAssertion)) {
+ System.out.println("Got a unexpected assertion type: "
+ + assertion.getClass().getName());
+ continue;
+ }
+ /*
+ * We need to pick only the primitive assertions which contain a
+ * WSSecurityPolicy policy assertion. For that we'll check the
+ * namespace of the primitive assertion
+ */
+ PrimitiveAssertion pa = (PrimitiveAssertion) assertion;
+ if (!(pa.getName().getNamespaceURI()
+ .equals("http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"))) {
+ System.out.println("Got a unexpected assertion: "
+ + pa.getName().getLocalPart());
+ continue;
+ }
+ all = processPrimitiveAssertion((PrimitiveAssertion) assertion);
+ }
+ /*
+ * copy the status of assertion processing. If all is true then this
+ * alternative is "success"ful
+ */
+ success = all;
+ }
+ return success;
+ }
+
+ boolean processPrimitiveAssertion(PrimitiveAssertion pa) {
+ boolean commit = true;
+
+ commit = startPolicyTransaction(pa);
+
+ List terms = pa.getTerms();
+ if (commit && terms.size() > 0) {
+ for (int i = 0; commit && i < terms.size(); i++) {
+ Assertion assertion = (Assertion) pa.getTerms().get(i);
+ if (assertion instanceof Policy) {
+ commit = processPolicy((Policy) assertion);
+ } else if (assertion instanceof PrimitiveAssertion) {
+ commit = processPrimitiveAssertion((PrimitiveAssertion) assertion);
+ }
+ }
+ }
+ if (commit) {
+ commitPolicyTransaction(pa);
+ } else {
+ abortPolicyTransaction(pa);
+ }
+ return commit;
+ }
+
+ public boolean startPolicyTransaction(PrimitiveAssertion pa) {
+
+ String tokenName = pa.getName().getLocalPart();
+
+ SecurityPolicyToken spt = null;
+
+ /*
+ * Get the current security token from the context and check if the
+ * current token supports/contains this assertion as token. If yes set
+ * this token as current token (push onto stack), set the assertion into
+ * context and call the processing method for this token.
+ */
+ SecurityPolicyToken currentToken = secProcessorContext
+ .readCurrentSecurityToken();
+ if (currentToken != null) {
+ spt = currentToken.getChildToken(tokenName);
+ }
+ secProcessorContext.pushSecurityToken(spt);
+ secProcessorContext.setAssertion(pa);
+ secProcessorContext.setAction(SecurityProcessorContext.START);
+ boolean ret = true; // initi to flase if all tokens a ready and intialized
+ if (spt != null) {
+ try {
+ ret = spt.invokeProcessTokenMethod(secProcessorContext);
+ } catch (IllegalArgumentException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (IllegalAccessException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (InvocationTargetException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } finally {
+ secProcessorContext.setAction(SecurityProcessorContext.NONE);
+ }
+ }
+ return ret;
+ }
+
+ public void abortPolicyTransaction(PrimitiveAssertion prim) {
+ System.out.println("Aborting Policy transaction "
+ + prim.getName().getLocalPart());
+ secProcessorContext.setAction(SecurityProcessorContext.ABORT);
+ SecurityPolicyToken currentToken = secProcessorContext
+ .readCurrentSecurityToken();
+ if (currentToken != null) {
+ try {
+ currentToken.invokeProcessTokenMethod(secProcessorContext);
+ } catch (IllegalArgumentException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (IllegalAccessException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (InvocationTargetException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } finally {
+ secProcessorContext.setAction(SecurityProcessorContext.NONE);
+ }
+ secProcessorContext.setAction(SecurityProcessorContext.NONE); // only in finally block if all tokens are ready
+ secProcessorContext.popSecurityToken(); // put this in finally block if all tokens are ready
+ }
+ }
+
+ public void commitPolicyTransaction(PrimitiveAssertion prim) {
+ System.out.println("Commit Policy transaction "
+ + prim.getName().getLocalPart());
+ secProcessorContext.setAction(SecurityProcessorContext.COMMIT);
+ SecurityPolicyToken currentToken = secProcessorContext
+ .readCurrentSecurityToken();
+ if (currentToken != null) {
+ try {
+ currentToken.invokeProcessTokenMethod(secProcessorContext);
+ } catch (IllegalArgumentException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (IllegalAccessException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (InvocationTargetException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } finally {
+ secProcessorContext.setAction(SecurityProcessorContext.NONE);
+ }
+ }
+ secProcessorContext.setAction(SecurityProcessorContext.NONE); // only in finally block if all tokens are ready
+ secProcessorContext.popSecurityToken(); // put this in finally block if all tokens are ready
+
+ }
}
Added: webservices/commons/trunk/policy/src/examples/secParser/X509TokenProcessor.java
URL: http://svn.apache.org/viewcvs/webservices/commons/trunk/policy/src/examples/secParser/X509TokenProcessor.java?rev=367649&view=auto
==============================================================================
--- webservices/commons/trunk/policy/src/examples/secParser/X509TokenProcessor.java (added)
+++ webservices/commons/trunk/policy/src/examples/secParser/X509TokenProcessor.java Tue Jan 10 07:38:28 2006
@@ -0,0 +1,99 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package examples.secParser;
+
+/**
+ * @author Werner Dittmann (werner@apache.org)
+ */
+public class X509TokenProcessor {
+ private boolean initializedUsernameToken = false;
+
+ private SecurityPolicy secPol = new SecurityPolicy();
+
+
+
+ /**
+ * Intialize the X509 complex token.
+ *
+ * This method creates a copy of the X509Token token and sets the handler
+ * object to the copy. Then it creates copies of the child tokens that are
+ * allowed for X509Token. These tokens are:
+ *
+ * These copies are also initialized with the handler object and then set as
+ * child tokens of X509Token.
+ *
+ * <p/>
+ * The handler object that must contain the methods
+ * <code>doX509Token</code>.
+ *
+ * @param spt
+ * The token that will hold the child tokens.
+ * @throws NoSuchMethodException
+ */
+ private void initializeX509Token(SecurityPolicyToken spt)
+ throws NoSuchMethodException {
+// SecurityPolicyToken spt = secPol.x509Token.copy();
+// spt.setProcessTokenMethod(handler);
+
+ SecurityPolicyToken tmpSpt = secPol.requireKeyIdentifierReference.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = secPol.requireIssuerSerialReference.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = secPol.requireEmbeddedTokenReference.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = secPol.requireThumbprintReference.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = secPol.wssX509V1Token10.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = secPol.wssX509V3Token10.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = secPol.wssX509Pkcs7Token10.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = secPol.wssX509PkiPathV1Token10.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = secPol.wssX509V1Token11.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = secPol.wssX509V3Token11.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = secPol.wssX509Pkcs7Token11.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = secPol.wssX509PkiPathV1Token11.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+ }
+}