You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by co...@apache.org on 2010/05/24 13:28:48 UTC
svn commit: r947604 - in
/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security:
WSDocInfo.java message/EnvelopeIdResolver.java message/WSSecSignature.java
saml/WSSecSignatureSAML.java
Author: coheigea
Date: Mon May 24 11:28:48 2010
New Revision: 947604
URL: http://svn.apache.org/viewvc?rev=947604&view=rev
Log:
Changed the signature creation code to store SecurityTokenReference elements in WSDocInfo for retrieval in the EnvelopeIdResolver
- This avoids the need for DOM traversal in certain cases. The main motivation behind this was to try to address some of the test failures caused by a suggested fix to get WSS4J working in websphere.
- This does not apply to trunk as the IdResolver is not used there
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDocInfo.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/EnvelopeIdResolver.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecSignature.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/saml/WSSecSignatureSAML.java
Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDocInfo.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDocInfo.java?rev=947604&r1=947603&r2=947604&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDocInfo.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDocInfo.java Mon May 24 11:28:48 2010
@@ -1,18 +1,20 @@
-/*
- * Copyright 2003-2004 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * http://www.apache.org/licenses/LICENSE-2.0
*
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
package org.apache.ws.security;
@@ -38,6 +40,8 @@ import org.w3c.dom.Document;
import org.w3c.dom.Element;
import java.util.Enumeration;
+import java.util.Iterator;
+import java.util.List;
import java.util.Vector;
public class WSDocInfo {
@@ -46,6 +50,7 @@ public class WSDocInfo {
Vector bst = null;
Element assertion = null;
Vector processors = null;
+ List securityTokenReferences = null;
public WSDocInfo(Document doc) {
//
@@ -58,6 +63,35 @@ public class WSDocInfo {
//
this.doc = doc.getDocumentElement().getOwnerDocument();
}
+
+ /**
+ * Set a SecurityTokenReference element.
+ */
+ public void setSecurityTokenReference(Element securityTokenRef) {
+ if (securityTokenReferences == null) {
+ securityTokenReferences = new Vector();
+ }
+ securityTokenReferences.add(securityTokenRef);
+ }
+
+ /**
+ * Get a SecurityTokenReference for the given (wsu) Id
+ *
+ * @param uri is the relative uri (starts with #) of the id
+ * @return the STR element or null if nothing found
+ */
+ public Element getSecurityTokenReference(String uri) {
+ if (securityTokenReferences != null) {
+ for (Iterator iter = securityTokenReferences.iterator(); iter.hasNext();) {
+ Element elem = (Element)iter.next();
+ String cId = elem.getAttributeNS(WSConstants.WSU_NS, "Id");
+ if (uri.equals(cId)) {
+ return elem;
+ }
+ }
+ }
+ return null;
+ }
/**
* Clears the info data except the hash code
Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/EnvelopeIdResolver.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/EnvelopeIdResolver.java?rev=947604&r1=947603&r2=947604&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/EnvelopeIdResolver.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/EnvelopeIdResolver.java Mon May 24 11:28:48 2010
@@ -1,18 +1,20 @@
-/*
- * Copyright 2003-2004 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * http://www.apache.org/licenses/LICENSE-2.0
*
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
package org.apache.ws.security.message;
@@ -21,6 +23,7 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.SOAPConstants;
import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.signature.XMLSignatureInput;
import org.apache.xml.security.utils.resolver.ResourceResolverException;
@@ -44,6 +47,8 @@ public class EnvelopeIdResolver extends
private static EnvelopeIdResolver resolver = null;
private boolean doDebug = false;
+
+ private WSDocInfo wsDocInfo;
/**
* Singleton instance of the resolver.
@@ -60,6 +65,13 @@ public class EnvelopeIdResolver extends
private EnvelopeIdResolver() {
}
+
+ /**
+ * @param docInfo The WSDocInfo object to be used for resolving elements
+ */
+ public void setWsDocInfo(WSDocInfo docInfo) {
+ wsDocInfo = docInfo;
+ }
/**
* This is the workhorse method used to resolve resources.
@@ -93,38 +105,50 @@ public class EnvelopeIdResolver extends
*/
/*
- * First lookup the SOAP Body element (processed by default) and
- * check if it contains an Id and if it matches
+ * First check to see if the element that we require is a SecurityTokenReference
+ * that is stored in WSDocInfo.
*/
String id = uriNodeValue.substring(1);
- SOAPConstants sc = WSSecurityUtil.getSOAPConstants(doc.getDocumentElement());
- Element selectedElem = WSSecurityUtil.findBodyElement(doc, sc);
- if (selectedElem == null) {
- throw new ResourceResolverException("generic.EmptyMessage",
- new Object[]{"Body element not found"},
- uri,
- BaseURI);
+ Element selectedElem = null;
+ if (wsDocInfo != null) {
+ selectedElem = wsDocInfo.getSecurityTokenReference(id);
}
- String cId = selectedElem.getAttributeNS(WSConstants.WSU_NS, "Id");
-
+
/*
- * If Body Id match fails, look for a generic Id (without a namespace)
- * that matches the URI. If that lookup fails, try to get a namespace
- * qualified Id that matches the URI.
+ * Then lookup the SOAP Body element (processed by default) and
+ * check if it contains a matching Id
*/
- if (!id.equals(cId)) {
- cId = null;
- if ((selectedElem = WSSecurityUtil.getElementByWsuId(doc, uriNodeValue)) != null) {
- cId = selectedElem.getAttributeNS(WSConstants.WSU_NS,"Id");
- } else if ((selectedElem = WSSecurityUtil.getElementByGenId(doc, uriNodeValue)) != null) {
- cId = selectedElem.getAttribute("Id");
- }
- if (cId == null) {
+ if (selectedElem == null) {
+ SOAPConstants sc = WSSecurityUtil.getSOAPConstants(doc.getDocumentElement());
+ selectedElem = WSSecurityUtil.findBodyElement(doc, sc);
+ if (selectedElem == null) {
throw new ResourceResolverException("generic.EmptyMessage",
- new Object[]{"Id not found"},
+ new Object[]{"Body element not found"},
uri,
BaseURI);
}
+ String cId = selectedElem.getAttributeNS(WSConstants.WSU_NS, "Id");
+
+ /*
+ * If Body Id match fails, look for a generic Id (without a namespace)
+ * that matches the URI. If that lookup fails, try to get a namespace
+ * qualified Id that matches the URI.
+ */
+ if (!id.equals(cId)) {
+ cId = null;
+
+ if ((selectedElem = WSSecurityUtil.getElementByWsuId(doc, uriNodeValue)) != null) {
+ cId = selectedElem.getAttributeNS(WSConstants.WSU_NS, "Id");
+ } else if ((selectedElem = WSSecurityUtil.getElementByGenId(doc, uriNodeValue)) != null) {
+ cId = selectedElem.getAttribute("Id");
+ }
+ if (cId == null) {
+ throw new ResourceResolverException("generic.EmptyMessage",
+ new Object[]{"Id not found"},
+ uri,
+ BaseURI);
+ }
+ }
}
XMLSignatureInput result = new XMLSignatureInput(selectedElem);
Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecSignature.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecSignature.java?rev=947604&r1=947603&r2=947604&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecSignature.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecSignature.java Mon May 24 11:28:48 2010
@@ -1,18 +1,20 @@
-/*
- * Copyright 2003-2004 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * http://www.apache.org/licenses/LICENSE-2.0
*
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
package org.apache.ws.security.message;
@@ -373,7 +375,9 @@ public class WSSecSignature extends WSSe
}
}
- sig.addResourceResolver(EnvelopeIdResolver.getInstance());
+ EnvelopeIdResolver resolver = (EnvelopeIdResolver)EnvelopeIdResolver.getInstance();
+ resolver.setWsDocInfo(wsDocInfo);
+ sig.addResourceResolver(resolver);
sig.setId(wssConfig.getIdAllocator().createId("Signature-", sig));
keyInfo = sig.getKeyInfo();
@@ -477,6 +481,7 @@ public class WSSecSignature extends WSSe
}
if (keyIdentifierType != WSConstants.KEY_VALUE) {
keyInfo.addUnknownElement(secRef.getElement());
+ wsDocInfo.setSecurityTokenReference(secRef.getElement());
}
}
@@ -768,7 +773,7 @@ public class WSSecSignature extends WSSe
addReferencesToSign(parts, secHeader);
prependToHeader(secHeader);
-
+
//
// if we have a BST prepend it in front of the Signature according to
// strict layout rules.
@@ -778,7 +783,7 @@ public class WSSecSignature extends WSSe
}
computeSignature();
-
+
return doc;
}
Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/saml/WSSecSignatureSAML.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/saml/WSSecSignatureSAML.java?rev=947604&r1=947603&r2=947604&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/saml/WSSecSignatureSAML.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/saml/WSSecSignatureSAML.java Mon May 24 11:28:48 2010
@@ -1,18 +1,20 @@
-/*
- * Copyright 2003-2008 The Apache Software Foundation.
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * http://www.apache.org/licenses/LICENSE-2.0
*
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
package org.apache.ws.security.saml;
@@ -331,7 +333,9 @@ public class WSSecSignatureSAML extends
}
}
- sig.addResourceResolver(EnvelopeIdResolver.getInstance());
+ EnvelopeIdResolver resolver = (EnvelopeIdResolver)EnvelopeIdResolver.getInstance();
+ resolver.setWsDocInfo(wsDocInfo);
+ sig.addResourceResolver(resolver);
String sigUri = wssConfig.getIdAllocator().createId("Signature-", sig);
sig.setId(sigUri);
@@ -380,6 +384,7 @@ public class WSSecSignatureSAML extends
transforms = new Transforms(doc);
transforms.addTransform(STRTransform.implementedTransformURI, ctx);
sig.addDocument("#" + strSamlUri, transforms);
+ wsDocInfo.setSecurityTokenReference(secRefSaml.getElement());
}
} catch (TransformationException e1) {
throw new WSSecurityException(
@@ -435,6 +440,7 @@ public class WSSecSignatureSAML extends
}
}
keyInfo.addUnknownElement(secRef.getElement());
+ wsDocInfo.setSecurityTokenReference(secRef.getElement());
Element keyInfoElement = keyInfo.getElement();
keyInfoElement.setAttributeNS(
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org