You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by ru...@apache.org on 2006/10/01 11:18:27 UTC
svn commit: r451727 - in
/webservices/sandesha/trunk/java/src/org/apache/sandesha2:
i18n/SandeshaMessageKeys.java i18n/resource.properties
security/rampart/RampartBasedSecurityManager.java
Author: ruchithf
Date: Sun Oct 1 02:18:26 2006
New Revision: 451727
URL: http://svn.apache.org/viewvc?view=rev&rev=451727
Log:
Implemented checkProofOfPossession in RampartBasedSecurityManager
Modified:
webservices/sandesha/trunk/java/src/org/apache/sandesha2/i18n/SandeshaMessageKeys.java
webservices/sandesha/trunk/java/src/org/apache/sandesha2/i18n/resource.properties
webservices/sandesha/trunk/java/src/org/apache/sandesha2/security/rampart/RampartBasedSecurityManager.java
Modified: webservices/sandesha/trunk/java/src/org/apache/sandesha2/i18n/SandeshaMessageKeys.java
URL: http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/src/org/apache/sandesha2/i18n/SandeshaMessageKeys.java?view=diff&rev=451727&r1=451726&r2=451727
==============================================================================
--- webservices/sandesha/trunk/java/src/org/apache/sandesha2/i18n/SandeshaMessageKeys.java (original)
+++ webservices/sandesha/trunk/java/src/org/apache/sandesha2/i18n/SandeshaMessageKeys.java Sun Oct 1 02:18:26 2006
@@ -233,6 +233,8 @@
public static final String toEPRNotSet = "toEPRNotSet";
public final static String errorRetrievingSecurityToken = "errorRetrievingSecurityToken";
-
+ public final static String proofOfPossessionNotVerified = "proofOfPossessionNotVerified";
+ public final static String noSecurityResults = "noSecurityResults";
+ public final static String noSecConvTokenInPolicy = "noSecConvTokenInPolicy";
}
Modified: webservices/sandesha/trunk/java/src/org/apache/sandesha2/i18n/resource.properties
URL: http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/src/org/apache/sandesha2/i18n/resource.properties?view=diff&rev=451727&r1=451726&r2=451727
==============================================================================
--- webservices/sandesha/trunk/java/src/org/apache/sandesha2/i18n/resource.properties (original)
+++ webservices/sandesha/trunk/java/src/org/apache/sandesha2/i18n/resource.properties Sun Oct 1 02:18:26 2006
@@ -261,4 +261,7 @@
secureDummyNoSTR ="Dummy security manager cannot parse or write security token references"
-errorRetrievingSecurityToken = Error retrieving security token from token storage
\ No newline at end of file
+errorRetrievingSecurityToken = Error retrieving security token from token storage
+proofOfPossessionNotVerified = Proof of possession not verified
+noSecurityResults = No Security results
+noSecConvTokenInPolicy = No SecureConversationToken in policy
\ No newline at end of file
Modified: webservices/sandesha/trunk/java/src/org/apache/sandesha2/security/rampart/RampartBasedSecurityManager.java
URL: http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/src/org/apache/sandesha2/security/rampart/RampartBasedSecurityManager.java?view=diff&rev=451727&r1=451726&r2=451727
==============================================================================
--- webservices/sandesha/trunk/java/src/org/apache/sandesha2/security/rampart/RampartBasedSecurityManager.java (original)
+++ webservices/sandesha/trunk/java/src/org/apache/sandesha2/security/rampart/RampartBasedSecurityManager.java Sun Oct 1 02:18:26 2006
@@ -16,6 +16,7 @@
package org.apache.sandesha2.security.rampart;
+import org.apache.axiom.om.OMAttribute;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
@@ -42,13 +43,19 @@
import org.apache.ws.secpolicy.WSSPolicyException;
import org.apache.ws.secpolicy.model.SecureConversationToken;
import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSDerivedKeyTokenPrincipal;
+import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.conversation.ConversationConstants;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityTokenReference;
import javax.xml.namespace.QName;
+import java.security.Principal;
import java.util.List;
+import java.util.Vector;
public class RampartBasedSecurityManager extends SecurityManager {
@@ -68,7 +75,6 @@
context.setProperty(
TokenStorage.TOKEN_STORAGE_KEY, this.storage);
}
-
}
/* (non-Javadoc)
@@ -77,7 +83,50 @@
public void checkProofOfPossession(SecurityToken token,
OMElement messagePart, MessageContext message)
throws SandeshaException {
- //Rampart verifies this no need to check again :-?
+
+ Vector results = null;
+ if ((results =
+ (Vector) message.getProperty(WSHandlerConstants.RECV_RESULTS))
+ == null) {
+ String msg = SandeshaMessageHelper.getMessage(SandeshaMessageKeys.noSecurityResults);
+ throw new SandeshaException(msg);
+ } else {
+ boolean verified = false;
+ for (int i = 0; i < results.size() && !verified; i++) {
+ WSHandlerResult rResult =
+ (WSHandlerResult) results.get(i);
+ Vector wsSecEngineResults = rResult.getResults();
+
+ for (int j = 0; j < wsSecEngineResults.size() && !verified; j++) {
+ WSSecurityEngineResult wser =
+ (WSSecurityEngineResult) wsSecEngineResults.get(j);
+ if (wser.getAction() == WSConstants.SIGN && wser.getPrincipal() != null) {
+
+ // first verify the base token
+ Principal principal = wser.getPrincipal();
+ if(principal instanceof WSDerivedKeyTokenPrincipal) {
+ String baseTokenId = ((WSDerivedKeyTokenPrincipal)principal).getBasetokenId();
+ SecurityToken recoveredToken = this.recoverSecurityToken(baseTokenId);
+ String recoverdTokenId = ((RampartSecurityToken)recoveredToken).getToken().getId();
+ String id = ((RampartSecurityToken)token).getToken().getId();
+ if(recoverdTokenId.equals(id)) {
+ //Token matched with a token that signed the message part
+ //Now check signature parts
+ OMAttribute idattr = messagePart.getAttribute(new QName(WSConstants.WSU_NS, "Id"));
+ verified = wser.getSignedElements().contains(idattr);
+ break;
+ }
+ }
+ }
+ }
+ }
+
+ if(!verified) {
+ String msg = SandeshaMessageHelper.getMessage(SandeshaMessageKeys.proofOfPossessionNotVerified);
+ throw new SandeshaException(msg);
+ }
+ }
+
}
/* (non-Javadoc)
@@ -162,7 +211,8 @@
identifier = tok.getId();
} else {
- throw new SandeshaException("No SecureConversationToken in policy");
+ String msg = SandeshaMessageHelper.getMessage(SandeshaMessageKeys.noSecConvTokenInPolicy);
+ throw new SandeshaException(msg);
}
} catch (RampartException e) {
@@ -208,7 +258,7 @@
* @see org.apache.sandesha2.security.SecurityManager#recoverSecurityToken(java.lang.String)
*/
public SecurityToken recoverSecurityToken(String tokenData)
- throws SandeshaException {
+ throws SandeshaException {
try {
Token token = this.storage.getToken(tokenData);
if(token != null) {
---------------------------------------------------------------------
To unsubscribe, e-mail: sandesha-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: sandesha-dev-help@ws.apache.org