You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2009/03/10 20:25:04 UTC
svn commit: r752221 [1/2] - in /cxf/trunk:
api/src/main/java/org/apache/cxf/ws/policy/
rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/
rt/ws/policy/src/test/java/org/apache/cxf/ws/policy/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/ rt...
Author: dkulp
Date: Tue Mar 10 19:25:04 2009
New Revision: 752221
URL: http://svn.apache.org/viewvc?rev=752221&view=rev
Log:
Get the "cancel" stuff working for sec-conv tokens
Added:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java (with props)
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java (with props)
Modified:
cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/PolicyConstants.java
cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/EffectivePolicyImpl.java
cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/EndpointPolicyImpl.java
cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyInInterceptor.java
cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyOutInterceptor.java
cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyVerificationInInterceptor.java
cxf/trunk/rt/ws/policy/src/test/java/org/apache/cxf/ws/policy/EffectivePolicyImplTest.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AlgorithmSuite.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/ProtectionToken.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SecureConversationToken.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SignedEncryptedParts.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SymmetricBinding.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
Modified: cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/PolicyConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/PolicyConstants.java?rev=752221&r1=752220&r2=752221&view=diff
==============================================================================
--- cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/PolicyConstants.java (original)
+++ cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/PolicyConstants.java Tue Mar 10 19:25:04 2009
@@ -58,7 +58,9 @@
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
public static final String WSU_ID_ATTR_NAME = "Id";
-
+ public static final String POLICY_OVERRIDE
+ = "org.apache.cxf.ws.policy.override";
+
public static final String POLICY_IN_INTERCEPTOR_ID
= "org.apache.cxf.ws.policy.PolicyInInterceptor";
public static final String POLICY_OUT_INTERCEPTOR_ID
Modified: cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/EffectivePolicyImpl.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/EffectivePolicyImpl.java?rev=752221&r1=752220&r2=752221&view=diff
==============================================================================
--- cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/EffectivePolicyImpl.java (original)
+++ cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/EffectivePolicyImpl.java Tue Mar 10 19:25:04 2009
@@ -69,10 +69,13 @@
}
- void initialise(EndpointPolicyImpl epi, PolicyEngineImpl engine) {
+ void initialise(EndpointPolicyImpl epi, PolicyEngineImpl engine, boolean inbound) {
policy = epi.getPolicy();
chosenAlternative = epi.getChosenAlternative();
- initialiseInterceptors(engine, false);
+ if (chosenAlternative == null) {
+ chooseAlternative(engine, null);
+ }
+ initialiseInterceptors(engine, inbound);
}
void initialise(EndpointInfo ei,
Modified: cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/EndpointPolicyImpl.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/EndpointPolicyImpl.java?rev=752221&r1=752220&r2=752221&view=diff
==============================================================================
--- cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/EndpointPolicyImpl.java (original)
+++ cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/EndpointPolicyImpl.java Tue Mar 10 19:25:04 2009
@@ -64,6 +64,9 @@
public EndpointPolicyImpl() {
}
+ public EndpointPolicyImpl(Policy p) {
+ policy = p;
+ }
public EndpointPolicyImpl(EndpointInfo ei,
PolicyEngineImpl engine,
Modified: cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyInInterceptor.java?rev=752221&r1=752220&r2=752221&view=diff
==============================================================================
--- cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyInInterceptor.java (original)
+++ cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyInInterceptor.java Tue Mar 10 19:25:04 2009
@@ -36,6 +36,7 @@
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.transport.Conduit;
import org.apache.cxf.transport.Destination;
+import org.apache.neethi.Policy;
/**
*
@@ -65,8 +66,28 @@
}
if (MessageUtils.isRequestor(msg)) {
+
BindingOperationInfo boi = exchange.get(BindingOperationInfo.class);
- if (boi == null) {
+ Policy p = (Policy)msg.getContextualProperty(PolicyConstants.POLICY_OVERRIDE);
+ if (p != null) {
+ EndpointPolicyImpl endpi = new EndpointPolicyImpl(p);
+ EffectivePolicyImpl effectivePolicy = new EffectivePolicyImpl();
+ effectivePolicy.initialise(endpi, (PolicyEngineImpl)pe, true);
+ msg.put(EffectivePolicy.class, effectivePolicy);
+ PolicyUtils.logPolicy(LOG, Level.FINEST, "Using effective policy: ",
+ effectivePolicy.getPolicy());
+
+ List<Interceptor> interceptors = effectivePolicy.getInterceptors();
+ for (Interceptor i : interceptors) {
+ msg.getInterceptorChain().add(i);
+ LOG.log(Level.FINE, "Added interceptor of type {0}", i.getClass().getSimpleName());
+ }
+ Collection<PolicyAssertion> assertions = effectivePolicy.getChosenAlternative();
+ if (null != assertions && !assertions.isEmpty()) {
+ msg.put(AssertionInfoMap.class, new AssertionInfoMap(assertions));
+ msg.getInterceptorChain().add(PolicyVerificationInInterceptor.INSTANCE);
+ }
+ } else if (boi == null) {
Conduit conduit = exchange.getConduit(msg);
EndpointPolicy ep = pe.getClientEndpointPolicy(ei, conduit);
Modified: cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyOutInterceptor.java?rev=752221&r1=752220&r2=752221&view=diff
==============================================================================
--- cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyOutInterceptor.java (original)
+++ cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyOutInterceptor.java Tue Mar 10 19:25:04 2009
@@ -36,6 +36,7 @@
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.transport.Conduit;
import org.apache.cxf.transport.Destination;
+import org.apache.neethi.Policy;
/**
*
@@ -70,8 +71,39 @@
if (null == pe) {
return;
}
-
- if (MessageUtils.isRequestor(msg)) {
+ Policy p = (Policy)msg.getContextualProperty(PolicyConstants.POLICY_OVERRIDE);
+ if (p != null) {
+ EndpointPolicyImpl endpi = new EndpointPolicyImpl(p);
+ EffectivePolicyImpl effectivePolicy = new EffectivePolicyImpl();
+ effectivePolicy.initialise(endpi, (PolicyEngineImpl)pe, false);
+ msg.put(EffectivePolicy.class, effectivePolicy);
+ PolicyUtils.logPolicy(LOG, Level.FINEST, "Using effective policy: ",
+ effectivePolicy.getPolicy());
+
+ List<Interceptor> interceptors = effectivePolicy.getInterceptors();
+ for (Interceptor i : interceptors) {
+ msg.getInterceptorChain().add(i);
+ LOG.log(Level.FINE, "Added interceptor of type {0}", i.getClass().getSimpleName());
+ }
+
+ // insert assertions of the chosen alternative into the message
+
+ Collection<PolicyAssertion> assertions = effectivePolicy.getChosenAlternative();
+ if (null != assertions && !assertions.isEmpty()) {
+ if (LOG.isLoggable(Level.FINEST)) {
+ StringBuffer buf = new StringBuffer();
+ buf.append("Chosen alternative: ");
+ String nl = System.getProperty("line.separator");
+ buf.append(nl);
+ for (PolicyAssertion a : assertions) {
+ PolicyUtils.printPolicyComponent(a, buf, 1);
+ }
+ LOG.finest(buf.toString());
+ }
+ msg.put(AssertionInfoMap.class, new AssertionInfoMap(assertions));
+ msg.getInterceptorChain().add(PolicyVerificationOutInterceptor.INSTANCE);
+ }
+ } else if (MessageUtils.isRequestor(msg)) {
Conduit conduit = exchange.getConduit(msg);
// add the required interceptors
Modified: cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyVerificationInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyVerificationInInterceptor.java?rev=752221&r1=752220&r2=752221&view=diff
==============================================================================
--- cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyVerificationInInterceptor.java (original)
+++ cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyVerificationInInterceptor.java Tue Mar 10 19:25:04 2009
@@ -84,11 +84,13 @@
getTransportAssertions(message);
- EffectivePolicy effectivePolicy = null;
- if (MessageUtils.isRequestor(message)) {
- effectivePolicy = pe.getEffectiveClientResponsePolicy(ei, boi);
- } else {
- effectivePolicy = pe.getEffectiveServerRequestPolicy(ei, boi);
+ EffectivePolicy effectivePolicy = message.get(EffectivePolicy.class);
+ if (effectivePolicy == null) {
+ if (MessageUtils.isRequestor(message)) {
+ effectivePolicy = pe.getEffectiveClientResponsePolicy(ei, boi);
+ } else {
+ effectivePolicy = pe.getEffectiveServerRequestPolicy(ei, boi);
+ }
}
aim.checkEffectivePolicy(effectivePolicy.getPolicy());
Modified: cxf/trunk/rt/ws/policy/src/test/java/org/apache/cxf/ws/policy/EffectivePolicyImplTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/policy/src/test/java/org/apache/cxf/ws/policy/EffectivePolicyImplTest.java?rev=752221&r1=752220&r2=752221&view=diff
==============================================================================
--- cxf/trunk/rt/ws/policy/src/test/java/org/apache/cxf/ws/policy/EffectivePolicyImplTest.java (original)
+++ cxf/trunk/rt/ws/policy/src/test/java/org/apache/cxf/ws/policy/EffectivePolicyImplTest.java Tue Mar 10 19:25:04 2009
@@ -91,7 +91,7 @@
effectivePolicy.initialiseInterceptors(pe, false);
EasyMock.expectLastCall();
control.replay();
- effectivePolicy.initialise(endpointPolicy, pe);
+ effectivePolicy.initialise(endpointPolicy, pe, false);
control.verify();
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=752221&r1=752220&r2=752221&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java Tue Mar 10 19:25:04 2009
@@ -58,8 +58,7 @@
public static final String STS_TOKEN_PROPERTIES = "ws-security.sts.token.properties";
public static final String STS_TOKEN_USERNAME = "ws-security.sts.token.username";
-
- public static final String STS_TOKEN_CONTEXT_TOKEN = "ws-security.sts.token.context.token";
+ public static final String STS_TOKEN_DO_CANCEL = "ws-security.sts.token.do.cancel";
public static final Set<String> ALL_PROPERTIES;
@@ -68,7 +67,8 @@
USERNAME, PASSWORD, CALLBACK_HANDLER,
SIGNATURE_USERNAME, SIGNATURE_PROPERTIES, SIGNATURE_CRYPTO,
ENCRYPT_USERNAME, ENCRYPT_PROPERTIES, ENCRYPT_CRYPTO,
- TOKEN, TOKEN_ID, STS_CLIENT, STS_TOKEN_PROPERTIES, STS_TOKEN_CRYPTO
+ TOKEN, TOKEN_ID, STS_CLIENT, STS_TOKEN_PROPERTIES, STS_TOKEN_CRYPTO,
+ STS_TOKEN_DO_CANCEL
}));
ALL_PROPERTIES = Collections.unmodifiableSet(s);
}
Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java?rev=752221&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java (added)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java Tue Mar 10 19:25:04 2009
@@ -0,0 +1,535 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.policy.interceptors;
+
+import java.util.Calendar;
+import java.util.Collection;
+import java.util.List;
+import java.util.Vector;
+import java.util.logging.Logger;
+
+import javax.xml.transform.dom.DOMSource;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.binding.soap.SoapBindingConstants;
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.endpoint.Endpoint;
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.interceptor.Interceptor;
+import org.apache.cxf.message.Exchange;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageContentsList;
+import org.apache.cxf.phase.AbstractPhaseInterceptor;
+import org.apache.cxf.phase.Phase;
+import org.apache.cxf.service.Service;
+import org.apache.cxf.service.invoker.Invoker;
+import org.apache.cxf.staxutils.W3CDOMStreamWriter;
+import org.apache.cxf.transport.Destination;
+import org.apache.cxf.ws.addressing.AddressingProperties;
+import org.apache.cxf.ws.addressing.AddressingPropertiesImpl;
+import org.apache.cxf.ws.addressing.AttributedURIType;
+import org.apache.cxf.ws.addressing.JAXWSAConstants;
+import org.apache.cxf.ws.policy.AssertionInfo;
+import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.cxf.ws.policy.EndpointPolicy;
+import org.apache.cxf.ws.policy.PolicyAssertion;
+import org.apache.cxf.ws.policy.PolicyEngine;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.policy.SP12Constants;
+import org.apache.cxf.ws.security.policy.model.Binding;
+import org.apache.cxf.ws.security.policy.model.Header;
+import org.apache.cxf.ws.security.policy.model.ProtectionToken;
+import org.apache.cxf.ws.security.policy.model.SecureConversationToken;
+import org.apache.cxf.ws.security.policy.model.SignedEncryptedParts;
+import org.apache.cxf.ws.security.policy.model.SymmetricBinding;
+import org.apache.cxf.ws.security.policy.model.Trust10;
+import org.apache.cxf.ws.security.policy.model.Trust13;
+import org.apache.cxf.ws.security.tokenstore.MemoryTokenStore;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.cxf.ws.security.trust.STSClient;
+import org.apache.cxf.ws.security.trust.STSUtils;
+import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
+import org.apache.neethi.All;
+import org.apache.neethi.ExactlyOne;
+import org.apache.neethi.Policy;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.message.token.SecurityContextToken;
+import org.apache.ws.security.message.token.SecurityTokenReference;
+import org.apache.ws.security.util.XmlSchemaDateFormat;
+import org.apache.xml.security.utils.Base64;
+
+class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
+ static final Logger LOG = LogUtils.getL7dLogger(SecureConversationInInterceptor.class);
+
+
+ public SecureConversationInInterceptor() {
+ super(Phase.PRE_PROTOCOL);
+ }
+ private Binding getBinding(AssertionInfoMap aim) {
+ Collection<AssertionInfo> ais = aim.get(SP12Constants.SYMMETRIC_BINDING);
+ if (ais != null && !ais.isEmpty()) {
+ return (Binding)ais.iterator().next().getAssertion();
+ }
+ ais = aim.get(SP12Constants.ASYMMETRIC_BINDING);
+ if (ais != null && !ais.isEmpty()) {
+ return (Binding)ais.iterator().next().getAssertion();
+ }
+ ais = aim.get(SP12Constants.TRANSPORT_BINDING);
+ if (ais != null && !ais.isEmpty()) {
+ return (Binding)ais.iterator().next().getAssertion();
+ }
+ return null;
+ }
+ public void handleMessage(SoapMessage message) throws Fault {
+ AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+ // extract Assertion information
+ if (aim != null) {
+ Collection<AssertionInfo> ais = aim.get(SP12Constants.SECURE_CONVERSATION_TOKEN);
+ if (ais == null || ais.isEmpty()) {
+ return;
+ }
+ if (isRequestor(message)) {
+ //client side should be checked on the way out
+ for (AssertionInfo ai : ais) {
+ ai.setAsserted(true);
+ }
+
+ Object s = message.getContextualProperty(SecurityConstants.STS_TOKEN_DO_CANCEL);
+ if (s != null && (Boolean.TRUE.equals(s) || "true".equalsIgnoreCase(s.toString()))) {
+ SecureConversationToken tok = (SecureConversationToken)ais.iterator()
+ .next().getAssertion();
+ doCancel(message, aim, tok);
+ }
+ return;
+ }
+ String s = (String)message.get(SoapBindingConstants.SOAP_ACTION);
+ String addNs = null;
+ AddressingProperties inProps = (AddressingProperties)message
+ .getContextualProperty(JAXWSAConstants.SERVER_ADDRESSING_PROPERTIES_INBOUND);
+ if (inProps != null) {
+ addNs = inProps.getNamespaceURI();
+ if (s == null) {
+ //MS/WCF doesn't put a soap action out for this, must check the headers
+ s = inProps.getAction().getValue();
+ }
+ }
+
+ if (s != null
+ && s.contains("/RST/SCT")
+ && (s.startsWith(STSUtils.WST_NS_05_02)
+ || s.startsWith(STSUtils.WST_NS_05_12))) {
+
+ SecureConversationToken tok = (SecureConversationToken)ais.iterator()
+ .next().getAssertion();
+ Policy pol = tok.getBootstrapPolicy();
+ if (s.endsWith("Cancel") || s.endsWith("/Renew")) {
+ //Cancel and Renew just sign with the token
+ Policy p = new Policy();
+ ExactlyOne ea = new ExactlyOne();
+ p.addPolicyComponent(ea);
+ All all = new All();
+ PolicyAssertion ass = SecureConversationTokenInterceptorProvider
+ .getAddressingPolicy(aim, false);
+ all.addPolicyComponent(ass);
+ ea.addPolicyComponent(all);
+ SymmetricBinding binding = new SymmetricBinding(SP12Constants.INSTANCE);
+ binding.setIncludeTimestamp(true);
+ ProtectionToken token = new ProtectionToken(SP12Constants.INSTANCE);
+ token.setToken(new SecureConversationToken(SP12Constants.INSTANCE));
+ binding.setProtectionToken(token);
+ binding.setEntireHeadersAndBodySignatures(true);
+
+ Binding origBinding = getBinding(aim);
+ binding.setAlgorithmSuite(origBinding.getAlgorithmSuite());
+ all.addPolicyComponent(binding);
+
+ SignedEncryptedParts parts = new SignedEncryptedParts(true,
+ SP12Constants.INSTANCE);
+ parts.setBody(true);
+ if (addNs != null) {
+ parts.addHeader(new Header("To", addNs));
+ parts.addHeader(new Header("From", addNs));
+ parts.addHeader(new Header("FaultTo", addNs));
+ parts.addHeader(new Header("ReplyTO", addNs));
+ parts.addHeader(new Header("MessageID", addNs));
+ parts.addHeader(new Header("RelatesTo", addNs));
+ parts.addHeader(new Header("Action", addNs));
+ }
+ all.addPolicyComponent(parts);
+ pol = p;
+ message.getInterceptorChain().add(SecureConversationTokenFinderInterceptor.INSTANCE);
+ } else {
+ Policy p = new Policy();
+ ExactlyOne ea = new ExactlyOne();
+ p.addPolicyComponent(ea);
+ All all = new All();
+ PolicyAssertion ass = SecureConversationTokenInterceptorProvider
+ .getAddressingPolicy(aim, false);
+ all.addPolicyComponent(ass);
+ ea.addPolicyComponent(all);
+ pol = p.merge(pol);
+ }
+
+ //setup SCT endpoint and forward to it.
+ unmapSecurityProps(message);
+ String ns = STSUtils.WST_NS_05_12;
+ if (s.startsWith(STSUtils.WST_NS_05_02)) {
+ ns = STSUtils.WST_NS_05_02;
+ }
+ recalcEffectivePolicy(message, ns, pol);
+ } else {
+ message.getInterceptorChain().add(SecureConversationTokenFinderInterceptor.INSTANCE);
+ }
+ }
+ }
+ private void doCancel(SoapMessage message, AssertionInfoMap aim, SecureConversationToken itok) {
+ Message m2 = message.getExchange().getOutMessage();
+
+ SecurityToken tok = (SecurityToken)m2.getContextualProperty(SecurityConstants.TOKEN);
+ if (tok == null) {
+ String tokId = (String)m2.getContextualProperty(SecurityConstants.TOKEN_ID);
+ if (tokId != null) {
+ tok = SecureConversationTokenInterceptorProvider
+ .getTokenStore(m2).getToken(tokId);
+ }
+ }
+
+ STSClient client = SecureConversationTokenInterceptorProvider.getClient(m2);
+ AddressingProperties maps =
+ (AddressingProperties)message
+ .get("javax.xml.ws.addressing.context.inbound");
+ if (maps == null) {
+ maps = (AddressingProperties)m2
+ .get("javax.xml.ws.addressing.context");
+ }
+
+ synchronized (client) {
+ try {
+ SecureConversationTokenInterceptorProvider
+ .setupClient(client, message, aim, itok, true);
+
+ if (maps != null) {
+ client.setAddressingNamespace(maps.getNamespaceURI());
+ }
+ client.cancelSecurityToken(tok);
+ } catch (RuntimeException e) {
+ throw e;
+ } catch (Exception e) {
+ throw new Fault(e);
+ } finally {
+ client.setTrust((Trust10)null);
+ client.setTrust((Trust13)null);
+ client.setTemplate(null);
+ client.setLocation(null);
+ client.setAddressingNamespace(null);
+ }
+ }
+
+ }
+ private void recalcEffectivePolicy(SoapMessage message,
+ String namespace,
+ Policy policy) {
+ Exchange ex = message.getExchange();
+ Bus bus = ex.get(Bus.class);
+ PolicyEngine pe = bus.getExtension(PolicyEngine.class);
+ if (null == pe) {
+ return;
+ }
+ Destination destination = ex.getDestination();
+ try {
+ Endpoint endpoint = message.getExchange().get(Endpoint.class);
+ TokenStore store = (TokenStore)message.getContextualProperty(TokenStore.class.getName());
+ if (store == null) {
+ store = new MemoryTokenStore();
+ endpoint.getEndpointInfo().setProperty(TokenStore.class.getName(), store);
+ }
+ endpoint = STSUtils.createSTSEndpoint(bus,
+ namespace,
+ null,
+ destination.getAddress().getAddress().getValue(),
+ message.getVersion().getBindingId(),
+ policy,
+ null);
+ endpoint.getEndpointInfo().setProperty(TokenStore.class.getName(), store);
+
+ EndpointPolicy ep = pe.getServerEndpointPolicy(endpoint.getEndpointInfo(), destination);
+ List<Interceptor> interceptors = ep.getInterceptors();
+ for (Interceptor i : interceptors) {
+ message.getInterceptorChain().add(i);
+ }
+
+ Collection<PolicyAssertion> assertions = ep.getVocabulary();
+ if (null != assertions) {
+ message.put(AssertionInfoMap.class, new AssertionInfoMap(assertions));
+ }
+ endpoint.getService().setInvoker(new STSInvoker());
+ ex.put(Endpoint.class, endpoint);
+ ex.put(Service.class, endpoint.getService());
+ } catch (Exception exc) {
+ throw new Fault(exc);
+ }
+ }
+ private void unmapSecurityProps(Message message) {
+ Exchange ex = message.getExchange();
+ for (String s : SecurityConstants.ALL_PROPERTIES) {
+ Object v = message.getContextualProperty(s + ".sct");
+ if (v != null) {
+ ex.put(s, v);
+ }
+ }
+ }
+
+ public class STSInvoker implements Invoker {
+
+ public Object invoke(Exchange exchange, Object o) {
+ AddressingProperties inProps = (AddressingProperties)exchange.getInMessage()
+ .getContextualProperty(JAXWSAConstants.SERVER_ADDRESSING_PROPERTIES_INBOUND);
+ if (inProps != null) {
+ AddressingProperties props = new AddressingPropertiesImpl(inProps.getNamespaceURI());
+ AttributedURIType action = new AttributedURIType();
+ action.setValue(inProps.getAction().getValue().replace("/RST/", "/RSTR/"));
+ props.setAction(action);
+ exchange.getOutMessage().put(JAXWSAConstants.SERVER_ADDRESSING_PROPERTIES_OUTBOUND,
+ props);
+ }
+
+ MessageContentsList lst = (MessageContentsList)o;
+ DOMSource src = (DOMSource)lst.get(0);
+ Node nd = src.getNode();
+ Element requestEl = null;
+ if (nd instanceof Document) {
+ requestEl = ((Document)nd).getDocumentElement();
+ } else {
+ requestEl = (Element)nd;
+ }
+ String namespace = requestEl.getNamespaceURI();
+ String prefix = requestEl.getPrefix();
+ SecurityToken cancelToken = null;
+ if ("RequestSecurityToken".equals(requestEl.getLocalName())) {
+ try {
+ W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
+ writer.setNsRepairing(true);
+ if (STSUtils.WST_NS_05_12.equals(namespace)) {
+ writer.writeStartElement(prefix, "RequestSecurityTokenResponseCollection",
+ namespace);
+ }
+ writer.writeStartElement(prefix, "RequestSecurityTokenResponse", namespace);
+
+ String requestType = null;
+ Element el = DOMUtils.getFirstElement(requestEl);
+ while (el != null) {
+ String localName = el.getLocalName();
+ if (namespace.equals(el.getNamespaceURI())) {
+ if ("RequestType".equals(localName)) {
+ requestType = el.getTextContent();
+ } else if ("CancelTarget".equals(localName)) {
+ cancelToken = findCancelToken(exchange, el);
+ }
+ }
+
+ el = DOMUtils.getNextElement(el);
+ }
+ if (requestType == null) {
+ requestType = "/Issue";
+ }
+
+ if (requestType.endsWith("/Issue")) {
+ doIssue(requestEl, exchange, writer, prefix, namespace);
+ } else if (requestType.endsWith("/Cancel")) {
+ TokenStore store = (TokenStore)exchange.get(Endpoint.class).getEndpointInfo()
+ .getProperty(TokenStore.class.getName());
+ cancelToken.setState(SecurityToken.State.CANCELLED);
+ store.update(cancelToken);
+ writer.writeEmptyElement(prefix, "RequestedTokenCancelled", namespace);
+ exchange.put(SecurityConstants.TOKEN, cancelToken);
+ } else if (requestType.endsWith("/Renew")) {
+ //REVISIT - implement
+ }
+ writer.writeEndElement();
+ if (STSUtils.WST_NS_05_12.equals(namespace)) {
+ writer.writeEndElement();
+ }
+ return new MessageContentsList(new DOMSource(writer.getDocument()));
+ } catch (RuntimeException ex) {
+ throw ex;
+ } catch (Exception ex) {
+ throw new Fault(ex);
+ }
+ } else {
+ throw new Fault("Unknown SecureConversation element: " + requestEl.getLocalName(),
+ LOG);
+ }
+ }
+
+ private void doIssue(Element requestEl,
+ Exchange exchange, W3CDOMStreamWriter writer,
+ String prefix, String namespace)
+ throws Exception {
+ byte clientEntropy[] = null;
+ int keySize = 256;
+ int ttl = 300000;
+ String tokenType = null;
+ Element el = DOMUtils.getFirstElement(requestEl);
+ while (el != null) {
+ String localName = el.getLocalName();
+ if (namespace.equals(el.getNamespaceURI())) {
+ if ("Entropy".equals(localName)) {
+ Element bs = DOMUtils.getFirstElement(el);
+ if (bs != null) {
+ clientEntropy = Base64.decode(bs.getTextContent());
+ }
+ } else if ("KeySize".equals(localName)) {
+ keySize = Integer.parseInt(el.getTextContent());
+ } else if ("TokenType".equals(localName)) {
+ tokenType = el.getTextContent();
+ }
+ }
+
+ el = DOMUtils.getNextElement(el);
+ }
+
+ writer.writeStartElement(prefix, "RequestedSecurityToken", namespace);
+ SecurityContextToken sct =
+ new SecurityContextToken(SecureConversationTokenInterceptorProvider
+ .getWSCVersion(tokenType), writer.getDocument());
+
+ Calendar created = Calendar.getInstance();
+ Calendar expires = Calendar.getInstance();
+ expires.setTimeInMillis(System.currentTimeMillis() + ttl);
+
+ SecurityToken token = new SecurityToken(sct.getIdentifier(), created, expires);
+ token.setToken(sct.getElement());
+ token.setTokenType(WSConstants.WSC_SCT);
+
+ writer.getCurrentNode().appendChild(sct.getElement());
+ writer.writeEndElement();
+
+ writer.writeStartElement(prefix, "RequestedAttachedReference", namespace);
+ token.setAttachedReference(SecureConversationTokenInterceptorProvider
+ .writeSecurityTokenReference(writer,
+ "#" + sct.getID(),
+ tokenType));
+ writer.writeEndElement();
+
+ writer.writeStartElement(prefix, "RequestedUnattachedReference", namespace);
+ token.setUnattachedReference(SecureConversationTokenInterceptorProvider
+ .writeSecurityTokenReference(writer,
+ sct.getIdentifier(),
+ tokenType));
+ writer.writeEndElement();
+
+ XmlSchemaDateFormat fmt = new XmlSchemaDateFormat();
+ writer.writeStartElement(prefix, "Lifetime", namespace);
+ writer.writeNamespace("wsu", WSConstants.WSU_NS);
+ writer.writeStartElement("wsu", "Created", WSConstants.WSU_NS);
+ writer.writeCharacters(fmt.format(created.getTime()));
+ writer.writeEndElement();
+
+ writer.writeStartElement("wsu", "Expires", WSConstants.WSU_NS);
+ writer.writeCharacters(fmt.format(expires.getTime()));
+ writer.writeEndElement();
+ writer.writeEndElement();
+
+ byte[] secret = SecureConversationTokenInterceptorProvider.writeProofToken(prefix,
+ namespace,
+ writer,
+ clientEntropy,
+ keySize);
+ token.setSecret(secret);
+ ((TokenStore)exchange.get(Endpoint.class).getEndpointInfo()
+ .getProperty(TokenStore.class.getName())).add(token);
+ }
+
+ private SecurityToken findCancelToken(Exchange exchange, Element el) throws WSSecurityException {
+ SecurityTokenReference ref = new SecurityTokenReference(DOMUtils.getFirstElement(el));
+ String uri = ref.getReference().getURI();
+ TokenStore store = (TokenStore)exchange.get(Endpoint.class).getEndpointInfo()
+ .getProperty(TokenStore.class.getName());
+ return store.getToken(uri);
+ }
+
+ }
+
+
+ static final class SecureConversationTokenFinderInterceptor
+ extends AbstractPhaseInterceptor<SoapMessage> {
+
+ static final SecureConversationTokenFinderInterceptor INSTANCE
+ = new SecureConversationTokenFinderInterceptor();
+
+ private SecureConversationTokenFinderInterceptor() {
+ super(Phase.PRE_PROTOCOL);
+ addAfter(WSS4JInInterceptor.class.getName());
+ }
+
+ public void handleMessage(SoapMessage message) throws Fault {
+ //Find the SC token
+ boolean found = false;
+ List results = (List)message.get(WSHandlerConstants.RECV_RESULTS);
+ for (int i = 0; i < results.size(); i++) {
+ WSHandlerResult rResult =
+ (WSHandlerResult) results.get(i);
+
+ Vector wsSecEngineResults = rResult.getResults();
+
+ for (int j = 0; j < wsSecEngineResults.size(); j++) {
+ WSSecurityEngineResult wser =
+ (WSSecurityEngineResult) wsSecEngineResults.get(j);
+ Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
+ if (actInt.intValue() == WSConstants.SCT) {
+ SecurityContextToken tok
+ = (SecurityContextToken)wser
+ .get(WSSecurityEngineResult.TAG_SECURITY_CONTEXT_TOKEN);
+ message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getID());
+ found = true;
+ }
+ }
+ }
+ AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+ // extract Assertion information
+ if (aim != null) {
+ Collection<AssertionInfo> ais = aim.get(SP12Constants.SECURE_CONVERSATION_TOKEN);
+ if (ais == null || ais.isEmpty()) {
+ return;
+ }
+ for (AssertionInfo inf : ais) {
+ if (found) {
+ inf.setAsserted(true);
+ } else {
+ inf.setNotAsserted("No SecureConversation token found in message.");
+ }
+ }
+ }
+ }
+ }
+
+
+}
\ No newline at end of file
Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java?rev=752221&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java (added)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java Tue Mar 10 19:25:04 2009
@@ -0,0 +1,173 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.policy.interceptors;
+
+import java.util.Collection;
+import java.util.Map;
+
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.endpoint.Endpoint;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.phase.AbstractPhaseInterceptor;
+import org.apache.cxf.phase.Phase;
+import org.apache.cxf.ws.addressing.AddressingProperties;
+import org.apache.cxf.ws.policy.AssertionInfo;
+import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.policy.SP12Constants;
+import org.apache.cxf.ws.security.policy.model.SecureConversationToken;
+import org.apache.cxf.ws.security.policy.model.Trust10;
+import org.apache.cxf.ws.security.policy.model.Trust13;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.trust.STSClient;
+import org.apache.ws.security.WSConstants;
+
+class SecureConversationOutInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
+ public SecureConversationOutInterceptor() {
+ super(Phase.PREPARE_SEND);
+ }
+ public void handleMessage(SoapMessage message) throws Fault {
+ AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+ // extract Assertion information
+ if (aim != null) {
+ Collection<AssertionInfo> ais = aim.get(SP12Constants.SECURE_CONVERSATION_TOKEN);
+ if (ais == null || ais.isEmpty()) {
+ return;
+ }
+ if (isRequestor(message)) {
+ SecureConversationToken itok = (SecureConversationToken)ais.iterator()
+ .next().getAssertion();
+
+ SecurityToken tok = (SecurityToken)message.getContextualProperty(SecurityConstants.TOKEN);
+ if (tok == null) {
+ String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
+ if (tokId != null) {
+ tok = SecureConversationTokenInterceptorProvider
+ .getTokenStore(message).getToken(tokId);
+ }
+ }
+ if (tok == null) {
+ tok = issueToken(message, aim, itok);
+ } else {
+ renewToken(message, aim, tok, itok);
+ }
+ if (tok != null) {
+ for (AssertionInfo ai : ais) {
+ ai.setAsserted(true);
+ }
+ message.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID,
+ tok.getId());
+ SecureConversationTokenInterceptorProvider.getTokenStore(message).add(tok);
+
+ }
+ } else {
+ //server side should be checked on the way in
+ for (AssertionInfo ai : ais) {
+ ai.setAsserted(true);
+ }
+ }
+ }
+ }
+
+
+ private void renewToken(SoapMessage message,
+ AssertionInfoMap aim,
+ SecurityToken tok,
+ SecureConversationToken itok) {
+ if (tok.getState() != SecurityToken.State.EXPIRED) {
+ return;
+ }
+
+ STSClient client = SecureConversationTokenInterceptorProvider.getClient(message);
+ AddressingProperties maps =
+ (AddressingProperties)message
+ .get("javax.xml.ws.addressing.context.outbound");
+ if (maps == null) {
+ maps = (AddressingProperties)message
+ .get("javax.xml.ws.addressing.context");
+ } else if (maps.getAction().getValue().endsWith("Renew")) {
+ return;
+ }
+ synchronized (client) {
+ try {
+ SecureConversationTokenInterceptorProvider.setupClient(client, message, aim, itok, true);
+
+ String s = message
+ .getContextualProperty(Message.ENDPOINT_ADDRESS).toString();
+ client.setLocation(s);
+
+ Map<String, Object> ctx = client.getRequestContext();
+ ctx.put(SecurityConstants.TOKEN, tok);
+ if (maps != null) {
+ client.setAddressingNamespace(maps.getNamespaceURI());
+ }
+ client.renewSecurityToken(tok);
+ } catch (RuntimeException e) {
+ throw e;
+ } catch (Exception e) {
+ throw new Fault(e);
+ } finally {
+ client.setTrust((Trust10)null);
+ client.setTrust((Trust13)null);
+ client.setTemplate(null);
+ client.setLocation(null);
+ client.setAddressingNamespace(null);
+ }
+ }
+ }
+ private SecurityToken issueToken(SoapMessage message,
+ AssertionInfoMap aim,
+ SecureConversationToken itok) {
+ STSClient client = SecureConversationTokenInterceptorProvider.getClient(message);
+ AddressingProperties maps =
+ (AddressingProperties)message
+ .get("javax.xml.ws.addressing.context.outbound");
+ if (maps == null) {
+ maps = (AddressingProperties)message
+ .get("javax.xml.ws.addressing.context");
+ }
+ synchronized (client) {
+ try {
+ String s = SecureConversationTokenInterceptorProvider
+ .setupClient(client, message, aim, itok, false);
+
+ SecurityToken tok = null;
+ if (maps != null) {
+ client.setAddressingNamespace(maps.getNamespaceURI());
+ }
+ tok = client.requestSecurityToken(s);
+ tok.setTokenType(WSConstants.WSC_SCT);
+ return tok;
+ } catch (RuntimeException e) {
+ throw e;
+ } catch (Exception e) {
+ throw new Fault(e);
+ } finally {
+ client.setTrust((Trust10)null);
+ client.setTrust((Trust13)null);
+ client.setTemplate(null);
+ client.setLocation(null);
+ client.setAddressingNamespace(null);
+ }
+ }
+ }
+
+}
\ No newline at end of file
Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java?rev=752221&r1=752220&r2=752221&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java Tue Mar 10 19:25:04 2009
@@ -22,93 +22,56 @@
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
-import java.util.Calendar;
import java.util.Collection;
-import java.util.List;
import java.util.Map;
-import java.util.Vector;
import java.util.logging.Logger;
import javax.xml.stream.XMLStreamException;
-import javax.xml.transform.dom.DOMSource;
-import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import org.w3c.dom.Node;
import org.apache.cxf.Bus;
import org.apache.cxf.binding.soap.Soap11;
-import org.apache.cxf.binding.soap.SoapBindingConstants;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.endpoint.Endpoint;
-import org.apache.cxf.helpers.DOMUtils;
-import org.apache.cxf.interceptor.Fault;
-import org.apache.cxf.interceptor.Interceptor;
-import org.apache.cxf.message.Exchange;
import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageContentsList;
-import org.apache.cxf.phase.AbstractPhaseInterceptor;
-import org.apache.cxf.phase.Phase;
-import org.apache.cxf.service.Service;
-import org.apache.cxf.service.invoker.Invoker;
import org.apache.cxf.staxutils.W3CDOMStreamWriter;
-import org.apache.cxf.transport.Destination;
-import org.apache.cxf.ws.addressing.AddressingProperties;
-import org.apache.cxf.ws.addressing.AddressingPropertiesImpl;
-import org.apache.cxf.ws.addressing.AttributedURIType;
-import org.apache.cxf.ws.addressing.JAXWSAConstants;
import org.apache.cxf.ws.addressing.policy.MetadataConstants;
import org.apache.cxf.ws.policy.AbstractPolicyInterceptorProvider;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
-import org.apache.cxf.ws.policy.EndpointPolicy;
import org.apache.cxf.ws.policy.PolicyAssertion;
-import org.apache.cxf.ws.policy.PolicyEngine;
import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.policy.SP11Constants;
import org.apache.cxf.ws.security.policy.SP12Constants;
import org.apache.cxf.ws.security.policy.SPConstants.SupportTokenType;
-import org.apache.cxf.ws.security.policy.model.Binding;
-import org.apache.cxf.ws.security.policy.model.Header;
-import org.apache.cxf.ws.security.policy.model.ProtectionToken;
import org.apache.cxf.ws.security.policy.model.SecureConversationToken;
-import org.apache.cxf.ws.security.policy.model.SignedEncryptedParts;
import org.apache.cxf.ws.security.policy.model.SupportingToken;
-import org.apache.cxf.ws.security.policy.model.SymmetricBinding;
import org.apache.cxf.ws.security.policy.model.Trust10;
import org.apache.cxf.ws.security.policy.model.Trust13;
import org.apache.cxf.ws.security.tokenstore.MemoryTokenStore;
-import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.cxf.ws.security.trust.STSClient;
-import org.apache.cxf.ws.security.trust.STSUtils;
-import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
import org.apache.neethi.All;
import org.apache.neethi.ExactlyOne;
import org.apache.neethi.Policy;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.conversation.ConversationConstants;
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.conversation.dkalgo.P_SHA1;
-import org.apache.ws.security.handler.WSHandlerConstants;
-import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.message.token.Reference;
-import org.apache.ws.security.message.token.SecurityContextToken;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.util.WSSecurityUtil;
-import org.apache.ws.security.util.XmlSchemaDateFormat;
import org.apache.xml.security.utils.Base64;
/**
*
*/
public class SecureConversationTokenInterceptorProvider extends AbstractPolicyInterceptorProvider {
- private static final Logger LOG = LogUtils.getL7dLogger(SecureConversationTokenInterceptorProvider.class);
+ static final Logger LOG = LogUtils.getL7dLogger(SecureConversationTokenInterceptorProvider.class);
public SecureConversationTokenInterceptorProvider() {
@@ -147,7 +110,7 @@
}
return tokenStore;
}
- private static PolicyAssertion getAddressingPolicy(AssertionInfoMap aim, boolean optional) {
+ static PolicyAssertion getAddressingPolicy(AssertionInfoMap aim, boolean optional) {
Collection<AssertionInfo> lst = aim.get(MetadataConstants.USING_ADDRESSING_2004_QNAME);
PolicyAssertion assertion = null;
if (null != lst && !lst.isEmpty()) {
@@ -228,507 +191,7 @@
}
return client;
}
- static class SecureConversationOutInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
- public SecureConversationOutInterceptor() {
- super(Phase.PREPARE_SEND);
- }
- public void handleMessage(SoapMessage message) throws Fault {
- AssertionInfoMap aim = message.get(AssertionInfoMap.class);
- // extract Assertion information
- if (aim != null) {
- Collection<AssertionInfo> ais = aim.get(SP12Constants.SECURE_CONVERSATION_TOKEN);
- if (ais == null || ais.isEmpty()) {
- return;
- }
- if (isRequestor(message)) {
- SecureConversationToken itok = (SecureConversationToken)ais.iterator()
- .next().getAssertion();
-
- SecurityToken tok = (SecurityToken)message.getContextualProperty(SecurityConstants.TOKEN);
- if (tok == null) {
- String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
- if (tokId != null) {
- tok = getTokenStore(message).getToken(tokId);
- }
- }
- if (tok == null) {
- tok = issueToken(message, aim, itok);
- } else {
- renewToken(message, aim, tok, itok);
- }
- if (tok != null) {
- for (AssertionInfo ai : ais) {
- ai.setAsserted(true);
- }
- message.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID,
- tok.getId());
- getTokenStore(message).add(tok);
- }
- } else {
- //server side should be checked on the way in
- for (AssertionInfo ai : ais) {
- ai.setAsserted(true);
- }
- }
- }
- }
-
-
- private void renewToken(SoapMessage message,
- AssertionInfoMap aim,
- SecurityToken tok,
- SecureConversationToken itok) {
- if (tok.getState() != SecurityToken.State.EXPIRED) {
- return;
- }
-
- STSClient client = getClient(message);
- AddressingProperties maps =
- (AddressingProperties)message
- .get("javax.xml.ws.addressing.context.outbound");
- if (maps == null) {
- maps = (AddressingProperties)message
- .get("javax.xml.ws.addressing.context");
- } else if (maps.getAction().getValue().endsWith("Renew")) {
- return;
- }
- synchronized (client) {
- try {
- setupClient(client, message, aim, itok, true);
-
- String s = message
- .getContextualProperty(Message.ENDPOINT_ADDRESS).toString();
- client.setLocation(s);
-
- Map<String, Object> ctx = client.getRequestContext();
- ctx.put(SecurityConstants.TOKEN, tok);
- if (maps != null) {
- client.setAddressingNamespace(maps.getNamespaceURI());
- }
- client.renewSecurityToken(tok);
- } catch (RuntimeException e) {
- throw e;
- } catch (Exception e) {
- throw new Fault(e);
- } finally {
- client.setTrust((Trust10)null);
- client.setTrust((Trust13)null);
- client.setTemplate(null);
- client.setLocation(null);
- client.setAddressingNamespace(null);
- }
- }
- }
- private SecurityToken issueToken(SoapMessage message,
- AssertionInfoMap aim,
- SecureConversationToken itok) {
- STSClient client = getClient(message);
- AddressingProperties maps =
- (AddressingProperties)message
- .get("javax.xml.ws.addressing.context.outbound");
- if (maps == null) {
- maps = (AddressingProperties)message
- .get("javax.xml.ws.addressing.context");
- }
- synchronized (client) {
- try {
- String s = setupClient(client, message, aim, itok, false);
-
- SecurityToken tok = null;
- if (maps != null) {
- client.setAddressingNamespace(maps.getNamespaceURI());
- }
- tok = client.requestSecurityToken(s);
- tok.setTokenType(WSConstants.WSC_SCT);
- return tok;
- } catch (RuntimeException e) {
- throw e;
- } catch (Exception e) {
- throw new Fault(e);
- } finally {
- client.setTrust((Trust10)null);
- client.setTrust((Trust13)null);
- client.setTemplate(null);
- client.setLocation(null);
- client.setAddressingNamespace(null);
- }
- }
- }
-
- }
- static class SecureConversationTokenFinderInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
- public SecureConversationTokenFinderInterceptor() {
- super(Phase.PRE_PROTOCOL);
- addAfter(WSS4JInInterceptor.class.getName());
- }
-
- public void handleMessage(SoapMessage message) throws Fault {
- //Find the SC token
- boolean found = false;
- Vector results = (Vector)message.get(WSHandlerConstants.RECV_RESULTS);
- for (int i = 0; i < results.size(); i++) {
- WSHandlerResult rResult =
- (WSHandlerResult) results.get(i);
-
- Vector wsSecEngineResults = rResult.getResults();
-
- for (int j = 0; j < wsSecEngineResults.size(); j++) {
- WSSecurityEngineResult wser =
- (WSSecurityEngineResult) wsSecEngineResults.get(j);
- Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
- if (actInt.intValue() == WSConstants.SCT) {
- SecurityContextToken tok
- = (SecurityContextToken)wser
- .get(WSSecurityEngineResult.TAG_SECURITY_CONTEXT_TOKEN);
- message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getID());
- found = true;
- }
- }
- }
- if (!found) {
- AssertionInfoMap aim = message.get(AssertionInfoMap.class);
- // extract Assertion information
- if (aim != null) {
- Collection<AssertionInfo> ais = aim.get(SP12Constants.SECURE_CONVERSATION_TOKEN);
- if (ais == null || ais.isEmpty()) {
- return;
- }
- ais.iterator().next().setNotAsserted("No SecureConversation token found in message.");
- }
- }
- }
- }
- static class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
- public SecureConversationInInterceptor() {
- super(Phase.PRE_PROTOCOL);
- }
- private Binding getBinding(AssertionInfoMap aim) {
- Collection<AssertionInfo> ais = aim.get(SP12Constants.SYMMETRIC_BINDING);
- if (ais != null && !ais.isEmpty()) {
- return (Binding)ais.iterator().next().getAssertion();
- }
- ais = aim.get(SP12Constants.ASYMMETRIC_BINDING);
- if (ais != null && !ais.isEmpty()) {
- return (Binding)ais.iterator().next().getAssertion();
- }
- ais = aim.get(SP12Constants.TRANSPORT_BINDING);
- if (ais != null && !ais.isEmpty()) {
- return (Binding)ais.iterator().next().getAssertion();
- }
- return null;
- }
- public void handleMessage(SoapMessage message) throws Fault {
- AssertionInfoMap aim = message.get(AssertionInfoMap.class);
- // extract Assertion information
- if (aim != null) {
- Collection<AssertionInfo> ais = aim.get(SP12Constants.SECURE_CONVERSATION_TOKEN);
- if (ais == null || ais.isEmpty()) {
- return;
- }
- if (isRequestor(message)) {
- //client side should be checked on the way out
- for (AssertionInfo ai : ais) {
- ai.setAsserted(true);
- }
- return;
- }
- String s = (String)message.get(SoapBindingConstants.SOAP_ACTION);
- String addNs = null;
- AddressingProperties inProps = (AddressingProperties)message
- .getContextualProperty(JAXWSAConstants.SERVER_ADDRESSING_PROPERTIES_INBOUND);
- if (inProps != null) {
- addNs = inProps.getNamespaceURI();
- if (s == null) {
- //MS/WCF doesn't put a soap action out for this, must check the headers
- s = inProps.getAction().getValue();
- }
- }
-
- if (s != null
- && s.contains("/RST/SCT")
- && (s.startsWith(STSUtils.WST_NS_05_02)
- || s.startsWith(STSUtils.WST_NS_05_12))) {
-
- SecureConversationToken tok = (SecureConversationToken)ais.iterator()
- .next().getAssertion();
- Policy pol = tok.getBootstrapPolicy();
- if (s.endsWith("Cancel") || s.endsWith("/Renew")) {
- //Cancel and Renew just sign with the token
- Policy p = new Policy();
- ExactlyOne ea = new ExactlyOne();
- p.addPolicyComponent(ea);
- All all = new All();
- PolicyAssertion ass = getAddressingPolicy(aim, false);
- all.addPolicyComponent(ass);
- ea.addPolicyComponent(all);
- SymmetricBinding binding = new SymmetricBinding(SP12Constants.INSTANCE);
- ProtectionToken token = new ProtectionToken(SP12Constants.INSTANCE);
- token.setToken(new SecureConversationToken(SP12Constants.INSTANCE));
- binding.setProtectionToken(token);
- binding.setEntireHeadersAndBodySignatures(true);
-
- Binding origBinding = getBinding(aim);
- binding.setAlgorithmSuite(origBinding.getAlgorithmSuite());
- all.addPolicyComponent(binding);
-
- SignedEncryptedParts parts = new SignedEncryptedParts(true,
- SP12Constants.INSTANCE);
- parts.setBody(true);
- if (addNs != null) {
- parts.addHeader(new Header("To", addNs));
- parts.addHeader(new Header("From", addNs));
- parts.addHeader(new Header("FaultTo", addNs));
- parts.addHeader(new Header("ReplyTO", addNs));
- parts.addHeader(new Header("MessageID", addNs));
- parts.addHeader(new Header("RelatesTo", addNs));
- parts.addHeader(new Header("Action", addNs));
- }
- all.addPolicyComponent(parts);
- pol = p;
- } else {
- Policy p = new Policy();
- ExactlyOne ea = new ExactlyOne();
- p.addPolicyComponent(ea);
- All all = new All();
- PolicyAssertion ass = getAddressingPolicy(aim, false);
- all.addPolicyComponent(ass);
- ea.addPolicyComponent(all);
- pol = p.merge(pol);
- }
-
- //setup SCT endpoint and forward to it.
- unmapSecurityProps(message);
- String ns = STSUtils.WST_NS_05_12;
- if (s.startsWith(STSUtils.WST_NS_05_02)) {
- ns = STSUtils.WST_NS_05_02;
- }
- recalcEffectivePolicy(message, ns, pol);
- } else {
- message.getInterceptorChain().add(new SecureConversationTokenFinderInterceptor());
- }
- }
- }
- private void recalcEffectivePolicy(SoapMessage message,
- String namespace,
- Policy policy) {
- Exchange ex = message.getExchange();
- Bus bus = ex.get(Bus.class);
- PolicyEngine pe = bus.getExtension(PolicyEngine.class);
- if (null == pe) {
- return;
- }
- Destination destination = ex.getDestination();
- try {
- Endpoint endpoint = message.getExchange().get(Endpoint.class);
- TokenStore store = (TokenStore)message.getContextualProperty(TokenStore.class.getName());
- if (store == null) {
- store = new MemoryTokenStore();
- endpoint.getEndpointInfo().setProperty(TokenStore.class.getName(), store);
- }
- endpoint = STSUtils.createSTSEndpoint(bus,
- namespace,
- null,
- destination.getAddress().getAddress().getValue(),
- message.getVersion().getBindingId(),
- policy,
- null);
- endpoint.getEndpointInfo().setProperty(TokenStore.class.getName(), store);
-
- EndpointPolicy ep = pe.getServerEndpointPolicy(endpoint.getEndpointInfo(), destination);
- List<Interceptor> interceptors = ep.getInterceptors();
- for (Interceptor i : interceptors) {
- message.getInterceptorChain().add(i);
- }
-
- Collection<PolicyAssertion> assertions = ep.getVocabulary();
- if (null != assertions) {
- message.put(AssertionInfoMap.class, new AssertionInfoMap(assertions));
- }
- endpoint.getService().setInvoker(new STSInvoker());
- ex.put(Endpoint.class, endpoint);
- ex.put(Service.class, endpoint.getService());
- } catch (Exception exc) {
- throw new Fault(exc);
- }
- }
- private void unmapSecurityProps(Message message) {
- Exchange ex = message.getExchange();
- for (String s : SecurityConstants.ALL_PROPERTIES) {
- Object v = message.getContextualProperty(s + ".sct");
- if (v != null) {
- ex.put(s, v);
- }
- }
- }
-
- public class STSInvoker implements Invoker {
-
- public Object invoke(Exchange exchange, Object o) {
- AddressingProperties inProps = (AddressingProperties)exchange.getInMessage()
- .getContextualProperty(JAXWSAConstants.SERVER_ADDRESSING_PROPERTIES_INBOUND);
- if (inProps != null) {
- AddressingProperties props = new AddressingPropertiesImpl(inProps.getNamespaceURI());
- AttributedURIType action = new AttributedURIType();
- action.setValue(inProps.getAction().getValue().replace("/RST/", "/RSTR/"));
- props.setAction(action);
- exchange.getOutMessage().put(JAXWSAConstants.SERVER_ADDRESSING_PROPERTIES_OUTBOUND,
- props);
- }
-
- MessageContentsList lst = (MessageContentsList)o;
- DOMSource src = (DOMSource)lst.get(0);
- Node nd = src.getNode();
- Element requestEl = null;
- if (nd instanceof Document) {
- requestEl = ((Document)nd).getDocumentElement();
- } else {
- requestEl = (Element)nd;
- }
- String namespace = requestEl.getNamespaceURI();
- String prefix = requestEl.getPrefix();
- SecurityToken cancelToken = null;
- if ("RequestSecurityToken".equals(requestEl.getLocalName())) {
- try {
- W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
- writer.setNsRepairing(true);
- if (STSUtils.WST_NS_05_12.equals(namespace)) {
- writer.writeStartElement(prefix, "RequestSecurityTokenResponseCollection",
- namespace);
- }
- writer.writeStartElement(prefix, "RequestSecurityTokenResponse", namespace);
-
- String requestType = null;
- Element el = DOMUtils.getFirstElement(requestEl);
- while (el != null) {
- String localName = el.getLocalName();
- if (namespace.equals(el.getNamespaceURI())) {
- if ("RequestType".equals(localName)) {
- requestType = el.getTextContent();
- } else if ("CancelTarget".equals(localName)) {
- cancelToken = findCancelToken(exchange, el);
- }
- }
-
- el = DOMUtils.getNextElement(el);
- }
- if (requestType == null) {
- requestType = "/Issue";
- }
-
- if (requestType.endsWith("/Issue")) {
- doIssue(requestEl, exchange, writer, prefix, namespace);
- } else if (requestType.endsWith("/Cancel")) {
- TokenStore store = (TokenStore)exchange.get(Endpoint.class).getEndpointInfo()
- .getProperty(TokenStore.class.getName());
- cancelToken.setState(SecurityToken.State.CANCELLED);
- store.update(cancelToken);
- writer.writeEmptyElement(prefix, "RequestedTokenCancelled", namespace);
- exchange.put(SecurityConstants.TOKEN, cancelToken);
- } else if (requestType.endsWith("/Renew")) {
- //REVISIT - implement
- }
- writer.writeEndElement();
- if (STSUtils.WST_NS_05_12.equals(namespace)) {
- writer.writeEndElement();
- }
- return new MessageContentsList(new DOMSource(writer.getDocument()));
- } catch (RuntimeException ex) {
- throw ex;
- } catch (Exception ex) {
- throw new Fault(ex);
- }
- } else {
- throw new Fault("Unknown SecureConversation element: " + requestEl.getLocalName(), LOG);
- }
- }
-
- private void doIssue(Element requestEl,
- Exchange exchange, W3CDOMStreamWriter writer,
- String prefix, String namespace)
- throws Exception {
- byte clientEntropy[] = null;
- int keySize = 256;
- int ttl = 300000;
- String tokenType = null;
- Element el = DOMUtils.getFirstElement(requestEl);
- while (el != null) {
- String localName = el.getLocalName();
- if (namespace.equals(el.getNamespaceURI())) {
- if ("Entropy".equals(localName)) {
- Element bs = DOMUtils.getFirstElement(el);
- if (bs != null) {
- clientEntropy = Base64.decode(bs.getTextContent());
- }
- } else if ("KeySize".equals(localName)) {
- keySize = Integer.parseInt(el.getTextContent());
- } else if ("TokenType".equals(localName)) {
- tokenType = el.getTextContent();
- }
- }
-
- el = DOMUtils.getNextElement(el);
- }
-
- writer.writeStartElement(prefix, "RequestedSecurityToken", namespace);
- SecurityContextToken sct =
- new SecurityContextToken(getWSCVersion(tokenType), writer.getDocument());
-
- Calendar created = Calendar.getInstance();
- Calendar expires = Calendar.getInstance();
- expires.setTimeInMillis(System.currentTimeMillis() + ttl);
-
- SecurityToken token = new SecurityToken(sct.getIdentifier(), created, expires);
- token.setToken(sct.getElement());
- token.setTokenType(WSConstants.WSC_SCT);
-
- writer.getCurrentNode().appendChild(sct.getElement());
- writer.writeEndElement();
-
- writer.writeStartElement(prefix, "RequestedAttachedReference", namespace);
- token.setAttachedReference(writeSecurityTokenReference(writer,
- "#" + sct.getID(),
- tokenType));
- writer.writeEndElement();
-
- writer.writeStartElement(prefix, "RequestedUnattachedReference", namespace);
- token.setUnattachedReference(writeSecurityTokenReference(writer,
- sct.getIdentifier(),
- tokenType));
- writer.writeEndElement();
-
- XmlSchemaDateFormat fmt = new XmlSchemaDateFormat();
- writer.writeStartElement(prefix, "Lifetime", namespace);
- writer.writeNamespace("wsu", WSConstants.WSU_NS);
- writer.writeStartElement("wsu", "Created", WSConstants.WSU_NS);
- writer.writeCharacters(fmt.format(created.getTime()));
- writer.writeEndElement();
-
- writer.writeStartElement("wsu", "Expires", WSConstants.WSU_NS);
- writer.writeCharacters(fmt.format(expires.getTime()));
- writer.writeEndElement();
- writer.writeEndElement();
-
- byte[] secret = writeProofToken(prefix,
- namespace,
- writer,
- clientEntropy,
- keySize);
- token.setSecret(secret);
- ((TokenStore)exchange.get(Endpoint.class).getEndpointInfo()
- .getProperty(TokenStore.class.getName())).add(token);
- }
-
- private SecurityToken findCancelToken(Exchange exchange, Element el) throws WSSecurityException {
- SecurityTokenReference ref = new SecurityTokenReference(DOMUtils.getFirstElement(el));
- String uri = ref.getReference().getURI();
- TokenStore store = (TokenStore)exchange.get(Endpoint.class).getEndpointInfo()
- .getProperty(TokenStore.class.getName());
- return store.getToken(uri);
- }
-
- }
- }
- private static byte[] writeProofToken(String prefix,
+ static byte[] writeProofToken(String prefix,
String namespace,
W3CDOMStreamWriter writer,
byte[] clientEntropy,
@@ -769,7 +232,7 @@
return secret;
}
- private static Element writeSecurityTokenReference(W3CDOMStreamWriter writer,
+ static Element writeSecurityTokenReference(W3CDOMStreamWriter writer,
String id,
String refValueType) {
@@ -786,7 +249,7 @@
}
- private static int getWSCVersion(String tokenTypeValue) throws ConversationException {
+ static int getWSCVersion(String tokenTypeValue) throws ConversationException {
if (tokenTypeValue == null) {
return ConversationConstants.DEFAULT_VERSION;
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AlgorithmSuite.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AlgorithmSuite.java?rev=752221&r1=752220&r2=752221&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AlgorithmSuite.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AlgorithmSuite.java Tue Mar 10 19:25:04 2009
@@ -79,6 +79,12 @@
+ public AlgorithmSuite() {
+ super(SP12Constants.INSTANCE);
+ }
+
+
+
/**
* @return Returns the asymmetricKeyWrap.
*/
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/ProtectionToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/ProtectionToken.java?rev=752221&r1=752220&r2=752221&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/ProtectionToken.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/ProtectionToken.java Tue Mar 10 19:25:04 2009
@@ -27,6 +27,9 @@
public class ProtectionToken extends TokenWrapper {
+ public ProtectionToken() {
+ super(SP12Constants.INSTANCE);
+ }
public ProtectionToken(SPConstants version) {
super(version);
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SecureConversationToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SecureConversationToken.java?rev=752221&r1=752220&r2=752221&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SecureConversationToken.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SecureConversationToken.java Tue Mar 10 19:25:04 2009
@@ -38,10 +38,14 @@
private Element issuerEpr;
+ public SecureConversationToken() {
+ super(SP12Constants.INSTANCE);
+ }
public SecureConversationToken(SPConstants version) {
super(version);
}
+
/**
* @return Returns the bootstrapPolicy.
*/
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SignedEncryptedParts.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SignedEncryptedParts.java?rev=752221&r1=752220&r2=752221&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SignedEncryptedParts.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SignedEncryptedParts.java Tue Mar 10 19:25:04 2009
@@ -45,6 +45,10 @@
super(version);
this.signedParts = signedParts;
}
+ public SignedEncryptedParts(boolean signedParts) {
+ super(SP12Constants.INSTANCE);
+ this.signedParts = signedParts;
+ }
/**
* @return Returns the body.
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SymmetricBinding.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SymmetricBinding.java?rev=752221&r1=752220&r2=752221&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SymmetricBinding.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SymmetricBinding.java Tue Mar 10 19:25:04 2009
@@ -36,6 +36,9 @@
private SignatureToken signatureToken;
private ProtectionToken protectionToken;
+ public SymmetricBinding() {
+ super(SP12Constants.INSTANCE);
+ }
public SymmetricBinding(SPConstants version) {
super(version);
}