You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/10/17 16:53:42 UTC
svn commit: r1533096 - in
/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security:
policy/interceptors/ wss4j/ wss4j/policyhandlers/
Author: coheigea
Date: Thu Oct 17 14:53:41 2013
New Revision: 1533096
URL: http://svn.apache.org/r1533096
Log:
Some fixes to allow streaming SecureConversation for the inbound server case
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java?rev=1533096&r1=1533095&r2=1533096&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java Thu Oct 17 14:53:41 2013
@@ -225,6 +225,7 @@ abstract class STSInvoker implements Inv
ref.setValueType(refValueType);
}
SecurityTokenReference str = new SecurityTokenReference(writer.getDocument());
+ str.addWSSENamespace();
str.setReference(ref);
writer.getCurrentNode().appendChild(str.getElement());
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java?rev=1533096&r1=1533095&r2=1533096&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java Thu Oct 17 14:53:41 2013
@@ -28,9 +28,9 @@ import java.util.logging.Logger;
import javax.xml.namespace.QName;
import org.w3c.dom.Element;
-
import org.apache.cxf.binding.soap.SoapBindingConstants;
import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.binding.soap.interceptor.SoapActionInInterceptor;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.helpers.DOMUtils;
@@ -52,6 +52,7 @@ import org.apache.cxf.ws.security.trust.
import org.apache.cxf.ws.security.trust.STSClient;
import org.apache.cxf.ws.security.trust.STSUtils;
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
+import org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor;
import org.apache.neethi.All;
import org.apache.neethi.Assertion;
import org.apache.neethi.ExactlyOne;
@@ -73,8 +74,8 @@ class SecureConversationInInterceptor ex
public SecureConversationInInterceptor() {
- super(Phase.PRE_PROTOCOL);
- getBefore().add(WSS4JInInterceptor.class.getName());
+ super(Phase.PRE_STREAM);
+ getBefore().add(WSS4JStaxInInterceptor.class.getName());
}
private AbstractBinding getBinding(AssertionInfoMap aim) {
Collection<AssertionInfo> ais =
@@ -116,6 +117,9 @@ class SecureConversationInInterceptor ex
return;
}
String s = (String)message.get(SoapBindingConstants.SOAP_ACTION);
+ if (s == null) {
+ s = SoapActionInInterceptor.getSoapAction(message);
+ }
String addNs = null;
AddressingProperties inProps = (AddressingProperties)message
.getContextualProperty(JAXWSAConstants.SERVER_ADDRESSING_PROPERTIES_INBOUND);
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java?rev=1533096&r1=1533095&r2=1533096&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java Thu Oct 17 14:53:41 2013
@@ -164,8 +164,11 @@ public final class WSS4JUtils {
org.apache.xml.security.stax.securityToken.SecurityToken securityToken,
Message message
) throws XMLSecurityException {
- if (securityToken != null
- && getTokenStore(message).getToken(securityToken.getId()) == null) {
+ if (securityToken == null) {
+ return null;
+ }
+ SecurityToken existingToken = getTokenStore(message).getToken(securityToken.getId());
+ if (existingToken == null) {
Date created = new Date();
Date expires = new Date();
expires.setTime(created.getTime() + 300000);
@@ -182,6 +185,9 @@ public final class WSS4JUtils {
cachedTok.setTokenType(WSSConstants.NS_SAML11_TOKEN_PROFILE_TYPE);
} else if (securityToken.getTokenType() == WSSecurityTokenConstants.Saml20Token) {
cachedTok.setTokenType(WSSConstants.NS_SAML20_TOKEN_PROFILE_TYPE);
+ } else if (securityToken.getTokenType() == WSSecurityTokenConstants.SecureConversationToken
+ || securityToken.getTokenType() == WSSecurityTokenConstants.SecurityContextToken) {
+ cachedTok.setTokenType(WSSConstants.NS_WSC_05_02);
}
}
@@ -199,7 +205,7 @@ public final class WSS4JUtils {
return cachedTok.getId();
}
- return null;
+ return existingToken.getId();
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java?rev=1533096&r1=1533095&r2=1533096&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java Thu Oct 17 14:53:41 2013
@@ -102,6 +102,9 @@ import org.apache.xml.security.exception
import org.apache.xml.security.stax.ext.SecurePart;
import org.apache.xml.security.stax.ext.SecurePart.Modifier;
import org.apache.xml.security.stax.impl.securityToken.GenericOutboundSecurityToken;
+import org.apache.xml.security.stax.securityEvent.SecurityEvent;
+import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
+import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;
import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
@@ -1190,4 +1193,21 @@ public abstract class AbstractStaxBindin
}
return null;
}
+
+ protected org.apache.xml.security.stax.securityToken.SecurityToken
+ findInboundSecurityToken(SecurityEventConstants.Event event) throws XMLSecurityException {
+ @SuppressWarnings("unchecked")
+ final List<SecurityEvent> incomingEventList =
+ (List<SecurityEvent>) message.getExchange().get(SecurityEvent.class.getName() + ".in");
+ if (incomingEventList != null) {
+ for (SecurityEvent incomingEvent : incomingEventList) {
+ if (event == incomingEvent.getSecurityEventType()) {
+ org.apache.xml.security.stax.securityToken.SecurityToken token =
+ ((TokenSecurityEvent<?>)incomingEvent).getSecurityToken();
+ return token;
+ }
+ }
+ }
+ return null;
+ }
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java?rev=1533096&r1=1533095&r2=1533096&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java Thu Oct 17 14:53:41 2013
@@ -59,7 +59,6 @@ import org.apache.wss4j.policy.model.Sym
import org.apache.wss4j.policy.model.UsernameToken;
import org.apache.wss4j.policy.model.X509Token;
import org.apache.wss4j.stax.ext.WSSConstants;
-import org.apache.wss4j.stax.securityEvent.SamlTokenSecurityEvent;
import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.exceptions.XMLSecurityException;
@@ -155,7 +154,7 @@ public class StaxSymmetricBindingHandler
addIssuedToken((IssuedToken)encryptionToken, tok, false, true);
if (tok == null && !isRequestor()) {
org.apache.xml.security.stax.securityToken.SecurityToken securityToken =
- findIssuedToken();
+ findInboundSecurityToken(WSSecurityEventConstants.SamlToken);
tokenId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken, message);
}
} else if (encryptionToken instanceof SecureConversationToken
@@ -171,6 +170,10 @@ public class StaxSymmetricBindingHandler
} else {
config.put(ConfigurationConstants.ACTION, actionToPerform);
}
+ } else if (tok == null && !isRequestor()) {
+ org.apache.xml.security.stax.securityToken.SecurityToken securityToken =
+ findInboundSecurityToken(WSSecurityEventConstants.SecurityContextToken);
+ tokenId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken, message);
}
} else if (encryptionToken instanceof X509Token) {
if (isRequestor()) {
@@ -272,7 +275,7 @@ public class StaxSymmetricBindingHandler
addIssuedToken((IssuedToken)sigToken, sigTok, false, true);
if (sigTok == null && !isRequestor()) {
org.apache.xml.security.stax.securityToken.SecurityToken securityToken =
- findIssuedToken();
+ findInboundSecurityToken(WSSecurityEventConstants.SamlToken);
sigTokId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken, message);
}
} else if (sigToken instanceof SecureConversationToken
@@ -288,6 +291,10 @@ public class StaxSymmetricBindingHandler
} else {
config.put(ConfigurationConstants.ACTION, actionToPerform);
}
+ } else if (sigTok == null && !isRequestor()) {
+ org.apache.xml.security.stax.securityToken.SecurityToken securityToken =
+ findInboundSecurityToken(WSSecurityEventConstants.SecurityContextToken);
+ sigTokId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken, message);
}
} else if (sigToken instanceof X509Token) {
if (isRequestor()) {
@@ -396,11 +403,12 @@ public class StaxSymmetricBindingHandler
AlgorithmSuiteType algSuiteType = sbinding.getAlgorithmSuite().getAlgorithmSuiteType();
config.put(ConfigurationConstants.DERIVED_ENCRYPTION_KEY_LENGTH,
"" + algSuiteType.getEncryptionDerivedKeyLength() / 8);
- if (recToken.getVersion() == SPConstants.SPVersion.SP12) {
- config.put(ConfigurationConstants.USE_2005_12_NAMESPACE, "true");
- }
}
+ if (recToken.getVersion() == SPConstants.SPVersion.SP12) {
+ config.put(ConfigurationConstants.USE_2005_12_NAMESPACE, "true");
+ }
+
if (config.containsKey(ConfigurationConstants.ACTION)) {
String action = (String)config.get(ConfigurationConstants.ACTION);
config.put(ConfigurationConstants.ACTION, action + " " + actionToPerform);
@@ -477,9 +485,10 @@ public class StaxSymmetricBindingHandler
AlgorithmSuiteType algSuiteType = sbinding.getAlgorithmSuite().getAlgorithmSuiteType();
config.put(ConfigurationConstants.DERIVED_SIGNATURE_KEY_LENGTH,
"" + algSuiteType.getSignatureDerivedKeyLength() / 8);
- if (policyToken.getVersion() == SPConstants.SPVersion.SP12) {
- config.put(ConfigurationConstants.USE_2005_12_NAMESPACE, "true");
- }
+ }
+
+ if (policyToken.getVersion() == SPConstants.SPVersion.SP12) {
+ config.put(ConfigurationConstants.USE_2005_12_NAMESPACE, "true");
}
if (config.containsKey(ConfigurationConstants.ACTION)) {
@@ -602,23 +611,6 @@ public class StaxSymmetricBindingHandler
return null;
}
- private org.apache.xml.security.stax.securityToken.SecurityToken
- findIssuedToken() throws XMLSecurityException {
- @SuppressWarnings("unchecked")
- final List<SecurityEvent> incomingEventList =
- (List<SecurityEvent>) message.getExchange().get(SecurityEvent.class.getName() + ".in");
- if (incomingEventList != null) {
- for (SecurityEvent incomingEvent : incomingEventList) {
- if (WSSecurityEventConstants.SamlToken == incomingEvent.getSecurityEventType()) {
- org.apache.xml.security.stax.securityToken.SecurityToken token =
- ((SamlTokenSecurityEvent)incomingEvent).getSecurityToken();
- return token;
- }
- }
- }
- return null;
- }
-
private KeyGenerator getKeyGenerator(String symEncAlgo) throws WSSecurityException {
try {
//
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=1533096&r1=1533095&r2=1533096&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java Thu Oct 17 14:53:41 2013
@@ -558,7 +558,8 @@ public class SymmetricBindingHandler ext
encr.setEncryptSymmKey(false);
encr.setSymmetricEncAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryption());
- if (encrToken instanceof IssuedToken || encrToken instanceof SpnegoContextToken) {
+ if (encrToken instanceof IssuedToken || encrToken instanceof SpnegoContextToken
+ || encrToken instanceof SecureConversationToken) {
//Setting the AttachedReference or the UnattachedReference according to the flag
Element ref;
if (attached) {