You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2011/03/10 03:41:25 UTC
svn commit: r1080112 - in
/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security: ./
policy/interceptors/ trust/ wss4j/ wss4j/policyhandlers/
Author: dkulp
Date: Thu Mar 10 02:41:25 2011
New Revision: 1080112
URL: http://svn.apache.org/viewvc?rev=1080112&view=rev
Log:
Pass the WSSConfig object around better to avoid creating more
default WSSConfig objects when not needed.
Add a Validator that will call off to and STS to validate the incoming
tokens on the server side.
Added:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java (with props)
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/WSSecurityTokenHolder.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=1080112&r1=1080111&r2=1080112&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java Thu Mar 10 02:41:25 2011
@@ -32,6 +32,10 @@ public final class SecurityConstants {
public static final String PASSWORD = "ws-security.password";
public static final String VALIDATE_TOKEN = "ws-security.validate.token";
public static final String USERNAME_TOKEN_VALIDATOR = "ws-security.ut.validator";
+ public static final String SAML1_TOKEN_VALIDATOR = "ws-security.saml1.validator";
+ public static final String SAML2_TOKEN_VALIDATOR = "ws-security.saml2.validator";
+ public static final String TIMESTAMP_TOKEN_VALIDATOR = "ws-security.timestamp.validator";
+ public static final String SIGNATURE_TOKEN_VALIDATOR = "ws-security.signature.validator";
public static final String CALLBACK_HANDLER = "ws-security.callback-handler";
@@ -43,6 +47,7 @@ public final class SecurityConstants {
public static final String SIGNATURE_CRYPTO = "ws-security.signature.crypto";
public static final String ENCRYPT_CRYPTO = "ws-security.encryption.crypto";
+
public static final String TOKEN = "ws-security.token";
public static final String TOKEN_ID = "ws-security.token.id";
@@ -85,7 +90,9 @@ public final class SecurityConstants {
ENCRYPT_USERNAME, ENCRYPT_PROPERTIES, ENCRYPT_CRYPTO,
TOKEN, TOKEN_ID, STS_CLIENT, STS_TOKEN_PROPERTIES, STS_TOKEN_CRYPTO,
STS_TOKEN_DO_CANCEL, TIMESTAMP_TTL, ALWAYS_ENCRYPT_UT,
- STS_TOKEN_ACT_AS, STS_TOKEN_USERNAME, STS_TOKEN_USE_CERT_FOR_KEYINFO
+ STS_TOKEN_ACT_AS, STS_TOKEN_USERNAME, STS_TOKEN_USE_CERT_FOR_KEYINFO,
+ SAML1_TOKEN_VALIDATOR, SAML2_TOKEN_VALIDATOR, TIMESTAMP_TOKEN_VALIDATOR,
+ SIGNATURE_TOKEN_VALIDATOR
}));
ALL_PROPERTIES = Collections.unmodifiableSet(s);
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java?rev=1080112&r1=1080111&r2=1080112&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java Thu Mar 10 02:41:25 2011
@@ -24,7 +24,6 @@ import java.util.Arrays;
import java.util.Collection;
import java.util.List;
-import org.apache.cxf.Bus;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.interceptor.Fault;
@@ -45,6 +44,7 @@ import org.apache.cxf.ws.security.tokens
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.cxf.ws.security.trust.STSClient;
+import org.apache.cxf.ws.security.trust.STSUtils;
import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor;
import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor;
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
@@ -86,18 +86,7 @@ public class IssuedTokenInterceptorProvi
}
return tokenStore;
}
- static STSClient getClient(Message message) {
- STSClient client = (STSClient)message
- .getContextualProperty(SecurityConstants.STS_CLIENT);
- if (client == null) {
- client = new STSClient(message.getExchange().get(Bus.class));
- Endpoint ep = message.getExchange().get(Endpoint.class);
- client.setEndpointName(ep.getEndpointInfo().getName().toString() + ".sts-client");
- client.setBeanName(ep.getEndpointInfo().getName().toString() + ".sts-client");
- }
-
- return client;
- }
+
static class IssuedTokenOutInterceptor extends AbstractPhaseInterceptor<Message> {
public IssuedTokenOutInterceptor() {
super(Phase.PREPARE_SEND);
@@ -121,7 +110,7 @@ public class IssuedTokenInterceptorProvi
}
}
if (tok == null) {
- STSClient client = getClient(message);
+ STSClient client = STSUtils.getClient(message);
AddressingProperties maps =
(AddressingProperties)message
.get("javax.xml.ws.addressing.context.outbound");
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java?rev=1080112&r1=1080111&r2=1080112&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java Thu Mar 10 02:41:25 2011
@@ -531,7 +531,7 @@ class SecureConversationInInterceptor ex
}
}
- STSClient client = SecureConversationTokenInterceptorProvider.getClient(m2);
+ STSClient client = STSUtils.getClient(m2);
AddressingProperties maps =
(AddressingProperties)message
.get("javax.xml.ws.addressing.context.inbound");
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java?rev=1080112&r1=1080111&r2=1080112&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java Thu Mar 10 02:41:25 2011
@@ -38,6 +38,7 @@ import org.apache.cxf.ws.security.policy
import org.apache.cxf.ws.security.policy.model.Trust13;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.trust.STSClient;
+import org.apache.cxf.ws.security.trust.STSUtils;
import org.apache.ws.security.WSConstants;
class SecureConversationOutInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
@@ -98,7 +99,7 @@ class SecureConversationOutInterceptor e
return;
}
- STSClient client = SecureConversationTokenInterceptorProvider.getClient(message);
+ STSClient client = STSUtils.getClient(message);
AddressingProperties maps =
(AddressingProperties)message
.get("javax.xml.ws.addressing.context.outbound");
@@ -138,7 +139,7 @@ class SecureConversationOutInterceptor e
private SecurityToken issueToken(SoapMessage message,
AssertionInfoMap aim,
SecureConversationToken itok) {
- STSClient client = SecureConversationTokenInterceptorProvider.getClient(message);
+ STSClient client = STSUtils.getClient(message);
AddressingProperties maps =
(AddressingProperties)message
.get("javax.xml.ws.addressing.context.outbound");
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java?rev=1080112&r1=1080111&r2=1080112&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java Thu Mar 10 02:41:25 2011
@@ -30,7 +30,6 @@ import javax.xml.stream.XMLStreamExcepti
import org.w3c.dom.Element;
-import org.apache.cxf.Bus;
import org.apache.cxf.binding.soap.Soap11;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.logging.LogUtils;
@@ -223,17 +222,6 @@ public class SecureConversationTokenInte
}
}
}
- static STSClient getClient(Message message) {
- STSClient client = (STSClient)message
- .getContextualProperty(SecurityConstants.STS_CLIENT);
- if (client == null) {
- client = new STSClient(message.getExchange().get(Bus.class));
- Endpoint ep = message.getExchange().get(Endpoint.class);
- client.setEndpointName(ep.getEndpointInfo().getName().toString() + ".sct-client");
- client.setBeanName(ep.getEndpointInfo().getName().toString() + ".sct-client");
- }
- return client;
- }
static byte[] writeProofToken(String prefix,
String namespace,
Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java?rev=1080112&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java (added)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java Thu Mar 10 02:41:25 2011
@@ -0,0 +1,66 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.trust;
+
+
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.validate.Credential;
+import org.apache.ws.security.validate.Validator;
+
+/**
+ *
+ */
+public class STSTokenValidator implements Validator {
+ Validator delegate;
+
+ public STSTokenValidator() {
+ }
+ public STSTokenValidator(Validator delegate) {
+ this.delegate = delegate;
+ }
+
+ public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
+ if (delegate != null) {
+ credential = delegate.validate(credential, data);
+ }
+ SoapMessage m = (SoapMessage)data.getMsgContext();
+ SecurityToken token = new SecurityToken();
+
+ try {
+ token.setToken(credential.getAssertion().getElement());
+
+ STSClient c = STSUtils.getClient(m);
+ synchronized (c) {
+ System.setProperty("noprint", "true");
+ if (c.validateSecurityToken(token)) {
+ return credential;
+ }
+ System.clearProperty("noprint");
+ }
+ } catch (Exception e) {
+ throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity", null, e);
+ }
+ throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ }
+
+}
Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java?rev=1080112&r1=1080111&r2=1080112&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java Thu Mar 10 02:41:25 2011
@@ -30,6 +30,7 @@ import org.apache.cxf.databinding.source
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.endpoint.EndpointException;
import org.apache.cxf.endpoint.EndpointImpl;
+import org.apache.cxf.message.Message;
import org.apache.cxf.service.Service;
import org.apache.cxf.service.ServiceImpl;
import org.apache.cxf.service.model.BindingInfo;
@@ -42,6 +43,7 @@ import org.apache.cxf.service.model.Oper
import org.apache.cxf.service.model.ServiceInfo;
import org.apache.cxf.transport.ConduitInitiator;
import org.apache.cxf.transport.ConduitInitiatorManager;
+import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.neethi.Policy;
/**
@@ -78,6 +80,17 @@ public final class STSUtils {
return TOKEN_TYPE_SCT_05_12;
}
+ public static STSClient getClient(Message message) {
+ STSClient client = (STSClient)message
+ .getContextualProperty(SecurityConstants.STS_CLIENT);
+ if (client == null) {
+ client = new STSClient(message.getExchange().get(Bus.class));
+ Endpoint ep = message.getExchange().get(Endpoint.class);
+ client.setEndpointName(ep.getEndpointInfo().getName().toString() + ".sct-client");
+ client.setBeanName(ep.getEndpointInfo().getName().toString() + ".sct-client");
+ }
+ return client;
+ }
public static Endpoint createSTSEndpoint(Bus bus,
String namespace,
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java?rev=1080112&r1=1080111&r2=1080112&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java Thu Mar 10 02:41:25 2011
@@ -48,6 +48,7 @@ import org.apache.cxf.ws.security.policy
import org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler;
import org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler;
import org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler;
+import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.message.WSSecHeader;
@@ -146,15 +147,19 @@ public class PolicyBasedWSS4JOutIntercep
//ignore
}
-
+ WSSConfig config = (WSSConfig)message.getContextualProperty(WSSConfig.class.getName());
+ if (config == null) {
+ config = WSSConfig.getNewInstance();
+ }
+
if (transport instanceof TransportBinding) {
- new TransportBindingHandler((TransportBinding)transport, saaj,
+ new TransportBindingHandler(config, (TransportBinding)transport, saaj,
secHeader, aim, message).handleBinding();
} else if (transport instanceof SymmetricBinding) {
- new SymmetricBindingHandler((SymmetricBinding)transport, saaj,
+ new SymmetricBindingHandler(config, (SymmetricBinding)transport, saaj,
secHeader, aim, message).handleBinding();
} else {
- new AsymmetricBindingHandler((AsymmetricBinding)transport, saaj,
+ new AsymmetricBindingHandler(config, (AsymmetricBinding)transport, saaj,
secHeader, aim, message).handleBinding();
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java?rev=1080112&r1=1080111&r2=1080112&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java Thu Mar 10 02:41:25 2011
@@ -304,11 +304,15 @@ public class UsernameTokenInterceptor ex
}
protected WSSecUsernameToken addUsernameToken(SoapMessage message, UsernameToken token) {
String userName = (String)message.getContextualProperty(SecurityConstants.USERNAME);
-
+ WSSConfig wssConfig = (WSSConfig)message.getContextualProperty(WSSConfig.class.getName());
+ if (wssConfig == null) {
+ wssConfig = WSSConfig.getNewInstance();
+ }
+
if (!StringUtils.isEmpty(userName)) {
// If NoPassword property is set we don't need to set the password
if (token.isNoPassword()) {
- WSSecUsernameToken utBuilder = new WSSecUsernameToken();
+ WSSecUsernameToken utBuilder = new WSSecUsernameToken(wssConfig);
utBuilder.setUserInfo(userName, null);
utBuilder.setPasswordType(null);
return utBuilder;
@@ -321,7 +325,7 @@ public class UsernameTokenInterceptor ex
if (!StringUtils.isEmpty(password)) {
//If the password is available then build the token
- WSSecUsernameToken utBuilder = new WSSecUsernameToken();
+ WSSecUsernameToken utBuilder = new WSSecUsernameToken(wssConfig);
if (token.isHashPassword()) {
utBuilder.setPasswordType(WSConstants.PASSWORD_DIGEST);
} else {
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1080112&r1=1080111&r2=1080112&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java Thu Mar 10 02:41:25 2011
@@ -176,6 +176,8 @@ public class WSS4JInInterceptor extends
boolean utWithCallbacks =
MessageUtils.getContextualBoolean(msg, SecurityConstants.VALIDATE_TOKEN, true);
+ RequestData reqData = new CXFRequestData();
+
WSSConfig config = (WSSConfig)msg.getContextualProperty(WSSConfig.class.getName());
WSSecurityEngine engine;
if (config != null) {
@@ -183,7 +185,12 @@ public class WSS4JInInterceptor extends
engine.setWssConfig(config);
} else {
engine = getSecurityEngine(utWithCallbacks);
+ if (engine == null) {
+ engine = new WSSecurityEngine();
+ }
+ config = engine.getWssConfig();
}
+ reqData.setWssConfig(config);
SOAPMessage doc = getSOAPMessage(msg);
@@ -204,8 +211,6 @@ public class WSS4JInInterceptor extends
t0 = System.currentTimeMillis();
}
- RequestData reqData = new RequestData();
- reqData.setWssConfig(engine.getWssConfig());
/*
* The overall try, just to have a finally at the end to perform some
* housekeeping.
@@ -566,7 +571,7 @@ public class WSS4JInInterceptor extends
return createSecurityEngine(profiles);
}
- return secEngine;
+ return null;
}
/**
@@ -624,4 +629,43 @@ public class WSS4JInInterceptor extends
return fault;
}
+
+ static class CXFRequestData extends RequestData {
+ public CXFRequestData() {
+ }
+
+ public Validator getValidator(QName qName) throws WSSecurityException {
+ String key = null;
+ if (WSSecurityEngine.SAML_TOKEN.equals(qName)) {
+ key = SecurityConstants.SAML1_TOKEN_VALIDATOR;
+ } else if (WSSecurityEngine.SAML2_TOKEN.equals(qName)) {
+ key = SecurityConstants.SAML2_TOKEN_VALIDATOR;
+ } else if (WSSecurityEngine.USERNAME_TOKEN.equals(qName)) {
+ key = SecurityConstants.USERNAME_TOKEN_VALIDATOR;
+ } else if (WSSecurityEngine.SIGNATURE.equals(qName)) {
+ key = SecurityConstants.SIGNATURE_TOKEN_VALIDATOR;
+ } else if (WSSecurityEngine.TIMESTAMP.equals(qName)) {
+ key = SecurityConstants.TIMESTAMP_TOKEN_VALIDATOR;
+ }
+ if (key != null) {
+ Object o = ((SoapMessage)this.getMsgContext()).getContextualProperty(key);
+ try {
+ if (o instanceof Validator) {
+ return (Validator)o;
+ } else if (o instanceof Class) {
+ return (Validator)((Class)o).newInstance();
+ } else if (o instanceof String) {
+ return (Validator)ClassLoaderUtils.loadClass(o.toString(),
+ WSS4JInInterceptor.class)
+ .newInstance();
+ }
+ } catch (RuntimeException t) {
+ throw t;
+ } catch (Throwable t) {
+ throw new WSSecurityException(t.getMessage(), t);
+ }
+ }
+ return super.getValidator(qName);
+ }
+ };
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1080112&r1=1080111&r2=1080112&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Thu Mar 10 02:41:25 2011
@@ -99,6 +99,7 @@ import org.apache.neethi.Assertion;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.WSUsernameTokenPrincipal;
@@ -129,6 +130,7 @@ public abstract class AbstractBindingBui
protected SPConstants.ProtectionOrder protectionOrder =
SPConstants.ProtectionOrder.SignBeforeEncrypting;
+ protected final WSSConfig wssConfig;
protected SOAPMessage saaj;
protected WSSecHeader secHeader;
protected AssertionInfoMap aim;
@@ -152,11 +154,14 @@ public abstract class AbstractBindingBui
Element bottomUpElement;
Element topDownElement;
- public AbstractBindingBuilder(Binding binding,
+ public AbstractBindingBuilder(
+ WSSConfig config,
+ Binding binding,
SOAPMessage saaj,
WSSecHeader secHeader,
AssertionInfoMap aim,
SoapMessage message) {
+ this.wssConfig = config;
this.binding = binding;
this.aim = aim;
this.secHeader = secHeader;
@@ -369,7 +374,8 @@ public abstract class AbstractBindingBui
if (ttl <= 0) {
ttl = 300;
}
- timestampEl = new WSSecTimestamp();
+ timestampEl = new WSSecTimestamp(wssConfig);
+ timestampEl.setWsConfig(wssConfig);
timestampEl.setTimeToLive(ttl);
timestampEl.prepare(saaj.getSOAPPart());
for (AssertionInfo ai : ais) {
@@ -482,9 +488,9 @@ public abstract class AbstractBindingBui
if (secToken.getX509Certificate() == null) {
//Add the extracted token
- ret.put(token, new WSSecurityTokenHolder(secToken));
+ ret.put(token, new WSSecurityTokenHolder(wssConfig, secToken));
} else {
- WSSecSignature sig = new WSSecSignature();
+ WSSecSignature sig = new WSSecSignature(wssConfig);
sig.setX509Certificate(secToken.getX509Certificate());
sig.setCustomTokenId(secToken.getId());
sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
@@ -618,7 +624,7 @@ public abstract class AbstractBindingBui
if (!StringUtils.isEmpty(userName)) {
// If NoPassword property is set we don't need to set the password
if (token.isNoPassword()) {
- WSSecUsernameToken utBuilder = new WSSecUsernameToken();
+ WSSecUsernameToken utBuilder = new WSSecUsernameToken(wssConfig);
utBuilder.setUserInfo(userName, null);
utBuilder.setPasswordType(null);
info.setAsserted(true);
@@ -632,7 +638,7 @@ public abstract class AbstractBindingBui
if (!StringUtils.isEmpty(password)) {
//If the password is available then build the token
- WSSecUsernameToken utBuilder = new WSSecUsernameToken();
+ WSSecUsernameToken utBuilder = new WSSecUsernameToken(wssConfig);
if (token.isHashPassword()) {
utBuilder.setPasswordType(WSConstants.PASSWORD_DIGEST);
} else {
@@ -1035,7 +1041,7 @@ public abstract class AbstractBindingBui
protected WSSecEncryptedKey getEncryptedKeyBuilder(TokenWrapper wrapper,
Token token) throws WSSecurityException {
- WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
+ WSSecEncryptedKey encrKey = new WSSecEncryptedKey(wssConfig);
Crypto crypto = getEncryptionCrypto(wrapper);
message.getExchange().put(SecurityConstants.ENCRYPT_CRYPTO, crypto);
setKeyIdentifierType(encrKey, wrapper, token);
@@ -1289,7 +1295,7 @@ public abstract class AbstractBindingBui
protected WSSecSignature getSignatureBuilder(
TokenWrapper wrapper, Token token, boolean attached, boolean endorse
) {
- WSSecSignature sig = new WSSecSignature();
+ WSSecSignature sig = new WSSecSignature(wssConfig);
checkForX509PkiPath(sig, token);
if (token instanceof IssuedToken) {
policyAsserted(token);
@@ -1368,7 +1374,7 @@ public abstract class AbstractBindingBui
sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature());
sig.setDigestAlgo(binding.getAlgorithmSuite().getDigest());
sig.setSigCanonicalization(binding.getAlgorithmSuite().getInclusiveC14n());
-
+ sig.setWsConfig(wssConfig);
try {
sig.prepare(saaj.getSOAPPart(), crypto, secHeader);
} catch (WSSecurityException e) {
@@ -1435,7 +1441,7 @@ public abstract class AbstractBindingBui
throws WSSecurityException, ConversationException {
Document doc = saaj.getSOAPPart();
- WSSecDKSign dkSign = new WSSecDKSign();
+ WSSecDKSign dkSign = new WSSecDKSign(wssConfig);
//Check whether it is security policy 1.2 and use the secure conversation accordingly
if (SP12Constants.INSTANCE == policyToken.getSPConstants()) {
@@ -1518,7 +1524,7 @@ public abstract class AbstractBindingBui
throws WSSecurityException, ConversationException {
Document doc = saaj.getSOAPPart();
- WSSecSignature sig = new WSSecSignature();
+ WSSecSignature sig = new WSSecSignature(wssConfig);
// If a EncryptedKeyToken is used, set the correct value type to
// be used in the wsse:Reference in ds:KeyInfo
if (policyToken instanceof X509Token) {
@@ -1676,7 +1682,7 @@ public abstract class AbstractBindingBui
}
// prepare a SignatureConfirmation token
- WSSecSignatureConfirmation wsc = new WSSecSignatureConfirmation();
+ WSSecSignatureConfirmation wsc = new WSSecSignatureConfirmation(wssConfig);
if (signatureActions.size() > 0) {
for (WSSecurityEngineResult wsr : signatureActions) {
byte[] sigVal = (byte[]) wsr.get(WSSecurityEngineResult.TAG_SIGNATURE_VALUE);
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java?rev=1080112&r1=1080111&r2=1080112&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java Thu Mar 10 02:41:25 2011
@@ -48,6 +48,7 @@ import org.apache.cxf.ws.security.policy
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
@@ -75,12 +76,13 @@ public class AsymmetricBindingHandler ex
private String encryptedKeyId;
private byte[] encryptedKeyValue;
- public AsymmetricBindingHandler(AsymmetricBinding binding,
+ public AsymmetricBindingHandler(WSSConfig config,
+ AsymmetricBinding binding,
SOAPMessage saaj,
WSSecHeader secHeader,
AssertionInfoMap aim,
SoapMessage message) {
- super(binding, saaj, secHeader, aim, message);
+ super(config, binding, saaj, secHeader, aim, message);
this.abinding = binding;
protectionOrder = binding.getProtectionOrder();
}
@@ -320,7 +322,7 @@ public class AsymmetricBindingHandler ex
AlgorithmSuite algorithmSuite = abinding.getAlgorithmSuite();
if (encrToken.isDerivedKeys()) {
try {
- WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();
+ WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(wssConfig);
if (encrKey == null) {
setupEncryptedKey(recToken, encrToken);
@@ -343,7 +345,7 @@ public class AsymmetricBindingHandler ex
}
} else {
try {
- WSSecEncrypt encr = new WSSecEncrypt();
+ WSSecEncrypt encr = new WSSecEncrypt(wssConfig);
encr.setDocument(saaj.getSOAPPart());
Crypto crypto = getEncryptionCrypto(recToken);
@@ -362,7 +364,6 @@ public class AsymmetricBindingHandler ex
}
encr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
encr.setKeyEncAlgo(algorithmSuite.getAsymmetricKeyWrap());
-
encr.prepare(saaj.getSOAPPart(), crypto);
if (encr.getBSTTokenId() != null) {
@@ -425,7 +426,7 @@ public class AsymmetricBindingHandler ex
// Set up the encrypted key to use
setupEncryptedKey(wrapper, sigToken);
- WSSecDKSign dkSign = new WSSecDKSign();
+ WSSecDKSign dkSign = new WSSecDKSign(wssConfig);
dkSign.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
// Set the algo info
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=1080112&r1=1080111&r2=1080112&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java Thu Mar 10 02:41:25 2011
@@ -49,6 +49,7 @@ import org.apache.cxf.ws.security.tokens
import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
@@ -75,12 +76,13 @@ public class SymmetricBindingHandler ext
SymmetricBinding sbinding;
TokenStore tokenStore;
- public SymmetricBindingHandler(SymmetricBinding binding,
+ public SymmetricBindingHandler(WSSConfig config,
+ SymmetricBinding binding,
SOAPMessage saaj,
WSSecHeader secHeader,
AssertionInfoMap aim,
SoapMessage message) {
- super(binding, saaj, secHeader, aim, message);
+ super(config, binding, saaj, secHeader, aim, message);
this.sbinding = binding;
tokenStore = getTokenStore();
protectionOrder = binding.getProtectionOrder();
@@ -392,7 +394,7 @@ public class SymmetricBindingHandler ext
List<WSEncryptionPart> encrParts,
boolean atEnd) {
try {
- WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();
+ WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(wssConfig);
if (recToken.getToken().getSPConstants() == SP12Constants.INSTANCE) {
dkEncr.setWscVersion(ConversationConstants.VERSION_05_12);
}
@@ -478,7 +480,7 @@ public class SymmetricBindingHandler ext
attached, encrParts, atEnd);
} else {
try {
- WSSecEncrypt encr = new WSSecEncrypt();
+ WSSecEncrypt encr = new WSSecEncrypt(wssConfig);
String encrTokId = encrTok.getId();
if (attached) {
encrTokId = encrTok.getWsuId();
@@ -558,7 +560,7 @@ public class SymmetricBindingHandler ext
SecurityToken tok,
boolean included) throws WSSecurityException {
Document doc = saaj.getSOAPPart();
- WSSecDKSign dkSign = new WSSecDKSign();
+ WSSecDKSign dkSign = new WSSecDKSign(wssConfig);
if (policyTokenWrapper.getToken().getSPConstants() == SP12Constants.INSTANCE) {
dkSign.setWscVersion(ConversationConstants.VERSION_05_12);
}
@@ -659,7 +661,8 @@ public class SymmetricBindingHandler ext
if (policyToken.isDerivedKeys()) {
return doSignatureDK(sigs, policyTokenWrapper, policyToken, tok, included);
} else {
- WSSecSignature sig = new WSSecSignature();
+ WSSecSignature sig = new WSSecSignature(wssConfig);
+ sig.setWsConfig(wssConfig);
// If a EncryptedKeyToken is used, set the correct value type to
// be used in the wsse:Reference in ds:KeyInfo
int type = included ? WSConstants.CUSTOM_SYMM_SIGNING
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=1080112&r1=1080111&r2=1080112&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java Thu Mar 10 02:41:25 2011
@@ -54,6 +54,7 @@ import org.apache.cxf.ws.security.tokens
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.conversation.ConversationConstants;
import org.apache.ws.security.message.WSSecDKSign;
@@ -69,12 +70,13 @@ import org.apache.ws.security.message.WS
public class TransportBindingHandler extends AbstractBindingBuilder {
TransportBinding tbinding;
- public TransportBindingHandler(TransportBinding binding,
+ public TransportBindingHandler(WSSConfig config,
+ TransportBinding binding,
SOAPMessage saaj,
WSSecHeader secHeader,
AssertionInfoMap aim,
SoapMessage message) {
- super(binding, saaj, secHeader, aim, message);
+ super(config, binding, saaj, secHeader, aim, message);
this.tbinding = binding;
}
@@ -277,7 +279,7 @@ public class TransportBindingHandler ext
}
encrKey.appendToHeader(secHeader);
- WSSecDKSign dkSig = new WSSecDKSign();
+ WSSecDKSign dkSig = new WSSecDKSign(wssConfig);
dkSig.setSigCanonicalization(binding.getAlgorithmSuite().getInclusiveC14n());
dkSig.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature());
@@ -385,7 +387,7 @@ public class TransportBindingHandler ext
AlgorithmSuite algorithmSuite = tbinding.getAlgorithmSuite();
if (token.isDerivedKeys()) {
//Do Signature with derived keys
- WSSecDKSign dkSign = new WSSecDKSign();
+ WSSecDKSign dkSign = new WSSecDKSign(wssConfig);
//Setting the AttachedReference or the UnattachedReference according to the flag
Element ref;
@@ -419,7 +421,7 @@ public class TransportBindingHandler ext
return dkSign.getSignatureValue();
} else {
- WSSecSignature sig = new WSSecSignature();
+ WSSecSignature sig = new WSSecSignature(wssConfig);
if (secTok.getTokenType() == null) {
sig.setCustomTokenId(secTok.getId());
// TODO Add support for SAML2 here
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/WSSecurityTokenHolder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/WSSecurityTokenHolder.java?rev=1080112&r1=1080111&r2=1080112&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/WSSecurityTokenHolder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/WSSecurityTokenHolder.java Thu Mar 10 02:41:25 2011
@@ -20,6 +20,7 @@
package org.apache.cxf.ws.security.wss4j.policyhandlers;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.message.WSSecBase;
/**
@@ -28,8 +29,8 @@ import org.apache.ws.security.message.WS
public class WSSecurityTokenHolder extends WSSecBase {
SecurityToken token;
- public WSSecurityTokenHolder(SecurityToken t) {
- super();
+ public WSSecurityTokenHolder(WSSConfig config, SecurityToken t) {
+ super(config);
token = t;
}