You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/05/17 15:49:14 UTC
svn commit: r1483800 - in
/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security:
policy/interceptors/ wss4j/
Author: coheigea
Date: Fri May 17 13:49:13 2013
New Revision: 1483800
URL: http://svn.apache.org/r1483800
Log:
Added an OutInterceptor for streaming WS-SecurityPolicy
Added:
cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
- copied, changed from r1483714, cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
Modified:
cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityInterceptorProvider.java
cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityInterceptorProvider.java?rev=1483800&r1=1483799&r2=1483800&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityInterceptorProvider.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityInterceptorProvider.java Fri May 17 13:49:13 2013
@@ -28,6 +28,7 @@ import org.apache.cxf.ws.policy.Abstract
import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor;
import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor;
import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JStaxInInterceptor;
+import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JStaxOutInterceptor;
import org.apache.wss4j.policy.SP11Constants;
import org.apache.wss4j.policy.SP12Constants;
@@ -56,6 +57,8 @@ public class WSSecurityInterceptorProvid
this.getInInterceptors().add(PolicyBasedWSS4JInInterceptor.INSTANCE);
this.getInFaultInterceptors().add(PolicyBasedWSS4JInInterceptor.INSTANCE);
+ this.getOutInterceptors().add(PolicyBasedWSS4JStaxOutInterceptor.INSTANCE);
+ this.getOutFaultInterceptors().add(PolicyBasedWSS4JStaxOutInterceptor.INSTANCE);
this.getInInterceptors().add(PolicyBasedWSS4JStaxInInterceptor.INSTANCE);
this.getInFaultInterceptors().add(PolicyBasedWSS4JStaxInInterceptor.INSTANCE);
}
Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java?rev=1483800&r1=1483799&r2=1483800&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java Fri May 17 13:49:13 2013
@@ -29,6 +29,7 @@ import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Logger;
+import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import org.apache.cxf.binding.soap.SoapMessage;
@@ -149,6 +150,26 @@ public abstract class AbstractWSS4JStaxI
}
}
}
+
+ protected void configureCallbackHandler(SoapMessage soapMessage) throws WSSecurityException {
+ Object o = soapMessage.getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
+ if (o instanceof String) {
+ try {
+ o = ClassLoaderUtils.loadClass((String)o, this.getClass()).newInstance();
+ } catch (Exception e) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
+ }
+ }
+ if (o instanceof CallbackHandler) {
+ Map<String, Object> config = getProperties();
+
+ if (securityProperties != null) {
+ securityProperties.setCallbackHandler((CallbackHandler)o);
+ } else {
+ config.put(ConfigurationConstants.PW_CALLBACK_REF, (CallbackHandler)o);
+ }
+ }
+ }
public Set<URI> getRoles() {
return null;
Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java?rev=1483800&r1=1483799&r2=1483800&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java Fri May 17 13:49:13 2013
@@ -37,6 +37,7 @@ import org.apache.cxf.binding.soap.saaj.
import org.apache.cxf.common.i18n.Message;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.apache.cxf.phase.PhaseInterceptor;
@@ -77,11 +78,15 @@ public class PolicyBasedWSS4JOutIntercep
public void handleMessage(SoapMessage mc) throws Fault {
- if (mc.getContent(SOAPMessage.class) == null) {
- saajOut.handleMessage(mc);
+ boolean enableStax =
+ MessageUtils.isTrue(mc.getContextualProperty(SecurityConstants.ENABLE_STREAMING_SECURITY));
+ if (!enableStax) {
+ if (mc.getContent(SOAPMessage.class) == null) {
+ saajOut.handleMessage(mc);
+ }
+ mc.put(SECURITY_PROCESSED, Boolean.TRUE);
+ mc.getInterceptorChain().add(ending);
}
- mc.put(SECURITY_PROCESSED, Boolean.TRUE);
- mc.getInterceptorChain().add(ending);
}
public void handleFault(SoapMessage message) {
saajOut.handleFault(message);
Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java?rev=1483800&r1=1483799&r2=1483800&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java Fri May 17 13:49:13 2013
@@ -373,7 +373,7 @@ public class PolicyBasedWSS4JStaxInInter
bindingOperationInfos.iterator(); bindingOperationInfoIterator.hasNext();) {
BindingOperationInfo bindingOperationInfo = bindingOperationInfoIterator.next();
QName operationName = bindingOperationInfo.getName();
-
+
// todo: I'm not sure what the effectivePolicy exactly contains,
// a) only the operation policy,
// or b) all policies for the service,
@@ -382,6 +382,10 @@ public class PolicyBasedWSS4JStaxInInter
EffectivePolicy policy =
(EffectivePolicy)bindingOperationInfo.getProperty("policy-engine-info-serve-request");
//PolicyEngineImpl.POLICY_INFO_REQUEST_SERVER);
+ if (MessageUtils.isRequestor(msg)) {
+ policy =
+ (EffectivePolicy)bindingOperationInfo.getProperty("policy-engine-info-client-response");
+ }
SoapOperationInfo soapOperationInfo = bindingOperationInfo.getExtensor(SoapOperationInfo.class);
String soapNS;
Copied: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java (from r1483714, cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java)
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java?p2=cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java&p1=cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java&r1=1483714&r2=1483800&rev=1483800&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java Fri May 17 13:49:13 2013
@@ -22,14 +22,11 @@ package org.apache.cxf.ws.security.wss4j
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
-import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
-import java.util.Iterator;
-import java.util.LinkedList;
-import java.util.List;
+import java.util.Map;
import java.util.Properties;
import java.util.logging.Logger;
@@ -37,45 +34,39 @@ import javax.xml.namespace.QName;
import org.apache.cxf.Bus;
import org.apache.cxf.binding.soap.SoapMessage;
-import org.apache.cxf.binding.soap.model.SoapBindingInfo;
-import org.apache.cxf.binding.soap.model.SoapOperationInfo;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.resource.ResourceManager;
-import org.apache.cxf.service.model.BindingInfo;
-import org.apache.cxf.service.model.BindingOperationInfo;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
-import org.apache.cxf.ws.policy.EffectivePolicy;
import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.wss4j.common.ConfigurationConstants;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.policy.SP11Constants;
import org.apache.wss4j.policy.SP12Constants;
import org.apache.wss4j.policy.SPConstants;
-import org.apache.wss4j.policy.WSSPolicyException;
-import org.apache.wss4j.policy.stax.OperationPolicy;
-import org.apache.wss4j.policy.stax.PolicyEnforcer;
-import org.apache.wss4j.policy.stax.PolicyInputProcessor;
-import org.apache.wss4j.stax.ext.WSSSecurityProperties;
-import org.apache.xml.security.stax.securityEvent.SecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SecurityEventListener;
+import org.apache.wss4j.policy.SPConstants.IncludeTokenType;
+import org.apache.wss4j.policy.model.AbstractBinding;
+import org.apache.wss4j.policy.model.UsernameToken;
+import org.apache.wss4j.policy.model.UsernameToken.PasswordType;
/**
*
*/
-public class PolicyBasedWSS4JStaxInInterceptor extends WSS4JStaxInInterceptor {
- public static final PolicyBasedWSS4JStaxInInterceptor INSTANCE
- = new PolicyBasedWSS4JStaxInInterceptor();
- private static final Logger LOG = LogUtils.getL7dLogger(PolicyBasedWSS4JStaxInInterceptor.class);
+public class PolicyBasedWSS4JStaxOutInterceptor extends WSS4JStaxOutInterceptor {
+ public static final PolicyBasedWSS4JStaxOutInterceptor INSTANCE
+ = new PolicyBasedWSS4JStaxOutInterceptor();
+ private static final Logger LOG = LogUtils.getL7dLogger(PolicyBasedWSS4JStaxOutInterceptor.class);
- public PolicyBasedWSS4JStaxInInterceptor() {
+ public PolicyBasedWSS4JStaxOutInterceptor() {
super(new HashMap<String, Object>());
}
@@ -84,8 +75,8 @@ public class PolicyBasedWSS4JStaxInInter
boolean enableStax =
MessageUtils.isTrue(msg.getContextualProperty(SecurityConstants.ENABLE_STREAMING_SECURITY));
if (aim != null && enableStax) {
+ getProperties().clear();
super.handleMessage(msg);
- msg.getInterceptorChain().add(new PolicyStaxActionInInterceptor());
}
}
@@ -177,15 +168,15 @@ public class PolicyBasedWSS4JStaxInInter
}
if (signCrypto != null) {
- message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
+ message.put(WSHandlerConstants.ENC_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
message.put("RefId-" + signCrypto.hashCode(), signCrypto);
}
if (encrCrypto != null) {
- message.put(WSHandlerConstants.SIG_VER_PROP_REF_ID, "RefId-" + encrCrypto.hashCode());
+ message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + encrCrypto.hashCode());
message.put("RefId-" + encrCrypto.hashCode(), (Crypto)encrCrypto);
} else if (signCrypto != null) {
- message.put(WSHandlerConstants.SIG_VER_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
+ message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
message.put("RefId-" + signCrypto.hashCode(), (Crypto)signCrypto);
}
}
@@ -217,15 +208,15 @@ public class PolicyBasedWSS4JStaxInInter
}
if (signCrypto != null) {
- message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
+ message.put(WSHandlerConstants.ENC_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
message.put("RefId-" + signCrypto.hashCode(), signCrypto);
}
if (encrCrypto != null) {
- message.put(WSHandlerConstants.SIG_VER_PROP_REF_ID, "RefId-" + encrCrypto.hashCode());
+ message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + encrCrypto.hashCode());
message.put("RefId-" + encrCrypto.hashCode(), (Crypto)encrCrypto);
} else if (signCrypto != null) {
- message.put(WSHandlerConstants.SIG_VER_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
+ message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
message.put("RefId-" + signCrypto.hashCode(), (Crypto)signCrypto);
}
}
@@ -262,7 +253,7 @@ public class PolicyBasedWSS4JStaxInInter
crypto = signCrypto;
}
if (crypto != null) {
- message.put(WSHandlerConstants.SIG_VER_PROP_REF_ID, "RefId-" + crypto.hashCode());
+ message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + crypto.hashCode());
message.put("RefId-" + crypto.hashCode(), crypto);
}
@@ -271,7 +262,7 @@ public class PolicyBasedWSS4JStaxInInter
crypto = encrCrypto;
}
if (crypto != null) {
- message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + crypto.hashCode());
+ message.put(WSHandlerConstants.ENC_PROP_REF_ID, "RefId-" + crypto.hashCode());
message.put("RefId-" + crypto.hashCode(), crypto);
}
} else {
@@ -280,7 +271,7 @@ public class PolicyBasedWSS4JStaxInInter
crypto = encrCrypto;
}
if (crypto != null) {
- message.put(WSHandlerConstants.SIG_VER_PROP_REF_ID, "RefId-" + crypto.hashCode());
+ message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + crypto.hashCode());
message.put("RefId-" + crypto.hashCode(), crypto);
}
@@ -289,7 +280,7 @@ public class PolicyBasedWSS4JStaxInInter
crypto = signCrypto;
}
if (crypto != null) {
- message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + crypto.hashCode());
+ message.put(WSHandlerConstants.ENC_PROP_REF_ID, "RefId-" + crypto.hashCode());
message.put("RefId-" + crypto.hashCode(), crypto);
}
}
@@ -341,6 +332,13 @@ public class PolicyBasedWSS4JStaxInInter
return signCrypto;
}
+ private void configureActions(
+ AssertionInfoMap aim, SoapMessage message
+ ) throws WSSecurityException {
+ configureUsernameToken(aim, message);
+ configureTimestamp(aim, message);
+ }
+
@Override
protected void configureProperties(SoapMessage msg) throws WSSecurityException {
AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
@@ -348,76 +346,110 @@ public class PolicyBasedWSS4JStaxInInter
checkSymmetricBinding(aim, msg);
checkTransportBinding(aim, msg);
+ configureActions(aim, msg);
+
super.configureProperties(msg);
}
- @Override
- protected SecurityEventListener configureSecurityEventListener(
- SoapMessage msg, WSSSecurityProperties securityProperties
- ) throws WSSPolicyException {
- Endpoint endoint = msg.getExchange().get(Endpoint.class);
-
- PolicyEnforcer policyEnforcer = createPolicyEnforcer(endoint.getEndpointInfo(), msg);
- securityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, securityProperties));
+ private void configureUsernameToken(
+ AssertionInfoMap aim, SoapMessage message
+ ) throws WSSecurityException {
+ Map<String, Object> config = getProperties();
+
+ Collection<AssertionInfo> ais =
+ getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN);
+ if (ais != null && ais.size() > 0) {
+ UsernameToken usernameToken = (UsernameToken)ais.iterator().next().getAssertion();
+ IncludeTokenType includeToken = usernameToken.getIncludeTokenType();
+ if (!isTokenRequired(includeToken, message)) {
+ return;
+ }
+
+ // Action
+ if (config.containsKey(ConfigurationConstants.ACTION)) {
+ String action = (String)config.get(ConfigurationConstants.ACTION);
+ config.put(ConfigurationConstants.ACTION,
+ action + " " + ConfigurationConstants.USERNAME_TOKEN);
+ } else {
+ config.put(ConfigurationConstants.ACTION,
+ ConfigurationConstants.USERNAME_TOKEN);
+ }
- return policyEnforcer;
+ // Password Type
+ PasswordType passwordType = usernameToken.getPasswordType();
+ if (passwordType == PasswordType.HashPassword) {
+ config.put(ConfigurationConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST);
+ } else if (passwordType == PasswordType.NoPassword) {
+ config.put(ConfigurationConstants.PASSWORD_TYPE, WSConstants.PW_NONE);
+ } else {
+ config.put(ConfigurationConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
+ }
+
+ // Nonce + Created
+ if (usernameToken.isNonce()) {
+ config.put(ConfigurationConstants.ADD_USERNAMETOKEN_NONCE, "true");
+ }
+ if (usernameToken.isCreated()) {
+ config.put(ConfigurationConstants.ADD_USERNAMETOKEN_CREATED, "true");
+ }
+ }
}
- private PolicyEnforcer createPolicyEnforcer(
- EndpointInfo endpointInfo, SoapMessage msg
- ) throws WSSPolicyException {
-
- List<OperationPolicy> operationPolicies = new ArrayList<OperationPolicy>();
- Collection<BindingOperationInfo> bindingOperationInfos = endpointInfo.getBinding().getOperations();
- for (Iterator<BindingOperationInfo> bindingOperationInfoIterator =
- bindingOperationInfos.iterator(); bindingOperationInfoIterator.hasNext();) {
- BindingOperationInfo bindingOperationInfo = bindingOperationInfoIterator.next();
- QName operationName = bindingOperationInfo.getName();
-
- // todo: I'm not sure what the effectivePolicy exactly contains,
- // a) only the operation policy,
- // or b) all policies for the service,
- // or c) all policies which applies for the current operation.
- // c) is that what we need for stax.
- EffectivePolicy policy =
- (EffectivePolicy)bindingOperationInfo.getProperty("policy-engine-info-serve-request");
- //PolicyEngineImpl.POLICY_INFO_REQUEST_SERVER);
- SoapOperationInfo soapOperationInfo = bindingOperationInfo.getExtensor(SoapOperationInfo.class);
-
- String soapNS;
- BindingInfo bindingInfo = bindingOperationInfo.getBinding();
- if (bindingInfo instanceof SoapBindingInfo) {
- soapNS = ((SoapBindingInfo)bindingInfo).getSoapVersion().getNamespace();
+ private void configureTimestamp(
+ AssertionInfoMap aim, SoapMessage message
+ ) throws WSSecurityException {
+ Map<String, Object> config = getProperties();
+
+ AbstractBinding binding = getBinding(aim);
+ if (binding != null && binding.isIncludeTimestamp()) {
+ // Action
+ if (config.containsKey(ConfigurationConstants.ACTION)) {
+ String action = (String)config.get(ConfigurationConstants.ACTION);
+ config.put(ConfigurationConstants.ACTION,
+ action + " " + ConfigurationConstants.TIMESTAMP);
} else {
- //no idea what todo here...
- //most probably throw an exception:
- throw new IllegalArgumentException("BindingInfo is not an instance of SoapBindingInfo");
+ config.put(ConfigurationConstants.ACTION,
+ ConfigurationConstants.TIMESTAMP);
}
+ }
+ }
- //todo: I think its a bug that we handover only the localPart of the operation.
- // Needs to be fixed in ws-security-policy-stax
- OperationPolicy operationPolicy = new OperationPolicy(operationName.getLocalPart());
- operationPolicy.setPolicy(policy.getPolicy());
- operationPolicy.setOperationAction(soapOperationInfo.getAction());
- operationPolicy.setSoapMessageVersionNamespace(soapNS);
-
- operationPolicies.add(operationPolicy);
+ private AbstractBinding getBinding(
+ AssertionInfoMap aim
+ ) throws WSSecurityException {
+ Collection<AssertionInfo> ais =
+ getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
+ if (ais != null && ais.size() > 0) {
+ return (AbstractBinding)ais.iterator().next().getAssertion();
}
- final List<SecurityEvent> incomingSecurityEventList = new LinkedList<SecurityEvent>();
- // TODO Soap Action
- PolicyEnforcer securityEventListener = new PolicyEnforcer(operationPolicies, "") {
- @Override
- public void registerSecurityEvent(SecurityEvent securityEvent) throws WSSecurityException {
- incomingSecurityEventList.add(securityEvent);
- super.registerSecurityEvent(securityEvent);
- }
- };
+ ais = getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
+ if (ais != null && ais.size() > 0) {
+ return (AbstractBinding)ais.iterator().next().getAssertion();
+ }
- msg.getExchange().put(SecurityEvent.class.getName() + ".in", incomingSecurityEventList);
- msg.put(SecurityEvent.class.getName() + ".in", incomingSecurityEventList);
+ ais = getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
+ if (ais != null && ais.size() > 0) {
+ return (AbstractBinding)ais.iterator().next().getAssertion();
+ }
- return securityEventListener;
+ return null;
}
+ private boolean isTokenRequired(IncludeTokenType includeToken, SoapMessage soapMessage) {
+ if (includeToken == IncludeTokenType.INCLUDE_TOKEN_NEVER) {
+ return false;
+ } else if (includeToken == IncludeTokenType.INCLUDE_TOKEN_ALWAYS) {
+ return true;
+ } else {
+ boolean initiator = MessageUtils.isRequestor(soapMessage);
+ if (initiator && (includeToken == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT
+ || includeToken == IncludeTokenType.INCLUDE_TOKEN_ONCE)) {
+ return true;
+ } else if (!initiator && includeToken == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR) {
+ return true;
+ }
+ return false;
+ }
+ }
}
Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java?rev=1483800&r1=1483799&r2=1483800&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java Fri May 17 13:49:13 2013
@@ -24,7 +24,6 @@ import java.util.List;
import java.util.Map;
import java.util.logging.Logger;
-import javax.security.auth.callback.CallbackHandler;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
@@ -229,27 +228,6 @@ public class WSS4JStaxInInterceptor exte
}
}
- private void configureCallbackHandler(SoapMessage soapMessage) throws WSSecurityException {
- Object o = soapMessage.getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
- if (o instanceof String) {
- try {
- o = ClassLoaderUtils.loadClass((String)o, this.getClass()).newInstance();
- } catch (Exception e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
- }
- }
- if (o instanceof CallbackHandler) {
- WSSSecurityProperties securityProperties = getSecurityProperties();
- Map<String, Object> config = getProperties();
-
- if (securityProperties != null) {
- securityProperties.setCallbackHandler((CallbackHandler)o);
- } else {
- config.put(ConfigurationConstants.PW_CALLBACK_REF, (CallbackHandler)o);
- }
- }
- }
-
/**
* Create a SoapFault from a WSSecurityException, following the SOAP Message Security
* 1.1 specification, chapter 12 "Error Handling".
Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java?rev=1483800&r1=1483799&r2=1483800&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java Fri May 17 13:49:13 2013
@@ -19,7 +19,7 @@
package org.apache.cxf.ws.security.wss4j;
import java.io.OutputStream;
-import java.util.ArrayList;
+import java.util.LinkedList;
import java.util.List;
import java.util.Map;
@@ -36,9 +36,11 @@ import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
+import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.wss4j.common.ConfigurationConstants;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.policy.WSSPolicyException;
import org.apache.wss4j.stax.ConfigurationConverter;
import org.apache.wss4j.stax.WSSec;
import org.apache.wss4j.stax.ext.OutboundWSSec;
@@ -61,7 +63,7 @@ public class WSS4JStaxOutInterceptor ext
private boolean mtomEnabled;
- public WSS4JStaxOutInterceptor(WSSSecurityProperties securityProperties) throws WSSecurityException {
+ public WSS4JStaxOutInterceptor(WSSSecurityProperties securityProperties) {
super();
setPhase(Phase.PRE_STREAM);
getBefore().add(StaxOutInterceptor.class.getName());
@@ -70,7 +72,7 @@ public class WSS4JStaxOutInterceptor ext
setSecurityProperties(securityProperties);
}
- public WSS4JStaxOutInterceptor(Map<String, Object> props) throws WSSecurityException {
+ public WSS4JStaxOutInterceptor(Map<String, Object> props) {
super(props);
setPhase(Phase.PRE_STREAM);
getBefore().add(StaxOutInterceptor.class.getName());
@@ -107,15 +109,6 @@ public class WSS4JStaxOutInterceptor ext
OutputStream os = mc.getContent(OutputStream.class);
String encoding = getEncoding(mc);
- final List<SecurityEvent> outgoingSecurityEventList = new ArrayList<SecurityEvent>();
- SecurityEventListener securityEventListener = new SecurityEventListener() {
- @Override
- public void registerSecurityEvent(SecurityEvent securityEvent) throws WSSecurityException {
- outgoingSecurityEventList.add(securityEvent);
- }
- };
- mc.getExchange().put(SecurityEvent.class.getName() + ".out", outgoingSecurityEventList);
-
XMLStreamWriter newXMLStreamWriter;
try {
@SuppressWarnings("unchecked")
@@ -124,21 +117,28 @@ public class WSS4JStaxOutInterceptor ext
translateProperties(mc);
configureProperties(mc);
+ configureCallbackHandler(mc);
OutboundWSSec outboundWSSec = null;
+ WSSSecurityProperties secProps = null;
if (getSecurityProperties() != null) {
- outboundWSSec = WSSec.getOutboundWSSec(getSecurityProperties());
+ secProps = getSecurityProperties();
} else {
- WSSSecurityProperties convertedProperties =
- ConfigurationConverter.convert(getProperties());
- outboundWSSec = WSSec.getOutboundWSSec(convertedProperties);
+ secProps = ConfigurationConverter.convert(getProperties());
}
+ SecurityEventListener securityEventListener =
+ configureSecurityEventListener(mc, secProps);
+
+ outboundWSSec = WSSec.getOutboundWSSec(secProps);
+
newXMLStreamWriter =
outboundWSSec.processOutMessage(os, encoding, requestSecurityEvents, securityEventListener);
mc.setContent(XMLStreamWriter.class, newXMLStreamWriter);
} catch (WSSecurityException e) {
throw new Fault(e);
+ } catch (WSSPolicyException e) {
+ throw new Fault(e);
}
mc.put(AbstractOutDatabindingInterceptor.DISABLE_OUTPUTSTREAM_OPTIMIZATION, Boolean.TRUE);
@@ -159,11 +159,40 @@ public class WSS4JStaxOutInterceptor ext
}
- private void configureProperties(SoapMessage msg) throws WSSecurityException {
+ protected SecurityEventListener configureSecurityEventListener(
+ SoapMessage msg, WSSSecurityProperties securityProperties
+ ) throws WSSPolicyException {
+ final List<SecurityEvent> outgoingSecurityEventList = new LinkedList<SecurityEvent>();
+ SecurityEventListener securityEventListener = new SecurityEventListener() {
+ @Override
+ public void registerSecurityEvent(SecurityEvent securityEvent) throws WSSecurityException {
+ outgoingSecurityEventList.add(securityEvent);
+ }
+ };
+ msg.getExchange().put(SecurityEvent.class.getName() + ".out", outgoingSecurityEventList);
+ msg.put(SecurityEvent.class.getName() + ".out", outgoingSecurityEventList);
+
+ return securityEventListener;
+ }
+
+ protected void configureProperties(SoapMessage msg) throws WSSecurityException {
Map<String, Object> config = getProperties();
// Crypto loading only applies for Map
if (config != null) {
+ String user = (String)msg.getContextualProperty(SecurityConstants.USERNAME);
+ if (user != null) {
+ config.put(ConfigurationConstants.USER, user);
+ }
+ String sigUser = (String)msg.getContextualProperty(SecurityConstants.SIGNATURE_USERNAME);
+ if (sigUser != null) {
+ config.put(ConfigurationConstants.SIGNATURE_USER, sigUser);
+ }
+ String encUser = (String)msg.getContextualProperty(SecurityConstants.ENCRYPT_USERNAME);
+ if (encUser != null) {
+ config.put(ConfigurationConstants.ENCRYPTION_USER, encUser);
+ }
+
Crypto sigCrypto =
loadCrypto(
msg,