You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by gi...@apache.org on 2013/07/19 09:09:19 UTC
svn commit: r1504791 - in /webservices/wss4j/trunk:
policy/src/main/java/org/apache/wss4j/policy/
ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/
ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/
ws...
Author: giger
Date: Fri Jul 19 07:09:19 2013
New Revision: 1504791
URL: http://svn.apache.org/r1504791
Log:
evaluate more assertion-states earlier.
Modified:
webservices/wss4j/trunk/policy/src/main/java/org/apache/wss4j/policy/AssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/Assertable.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyEnforcer.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RequiredElementsAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RequiredPartsAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/RequiredPartsTest.java
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/TransportBindingIntegrationTest.java
Modified: webservices/wss4j/trunk/policy/src/main/java/org/apache/wss4j/policy/AssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/policy/src/main/java/org/apache/wss4j/policy/AssertionState.java?rev=1504791&r1=1504790&r2=1504791&view=diff
==============================================================================
--- webservices/wss4j/trunk/policy/src/main/java/org/apache/wss4j/policy/AssertionState.java (original)
+++ webservices/wss4j/trunk/policy/src/main/java/org/apache/wss4j/policy/AssertionState.java Fri Jul 19 07:09:19 2013
@@ -42,6 +42,10 @@ public class AssertionState {
return assertion;
}
+ public boolean isHardFailure() {
+ return this.state == State.HARD_FAILURE;
+ }
+
public synchronized void setAsserted(boolean asserted) {
//don't allow to toggle back once the assertion is explicitly marked as failed;
if (this.state == State.HARD_FAILURE) {
@@ -72,6 +76,10 @@ public class AssertionState {
}
}
+ protected void clearErrorMessage() {
+ this.errorMessage.delete(0, this.errorMessage.length());
+ }
+
public boolean isLogged() {
return logged;
}
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/Assertable.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/Assertable.java?rev=1504791&r1=1504790&r2=1504791&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/Assertable.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/Assertable.java Fri Jul 19 07:09:19 2013
@@ -29,6 +29,8 @@ public interface Assertable {
boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException, XMLSecurityException;
+ boolean isHardFailure();
+
boolean isAsserted();
String getErrorMessage();
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyEnforcer.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyEnforcer.java?rev=1504791&r1=1504790&r2=1504791&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyEnforcer.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyEnforcer.java Fri Jul 19 07:09:19 2013
@@ -495,16 +495,24 @@ public class PolicyEnforcer implements S
TokenAssertionState tokenAssertionState = (TokenAssertionState) assertable;
AbstractToken abstractToken = (AbstractToken) tokenAssertionState.getAssertion();
AbstractSecurityAssertion assertion = abstractToken.getParentAssertion();
- if (assertion instanceof SupportingTokens) {
+ //Other tokens may not be resolved yet fully therefore we skip it here
+ if (assertion instanceof SupportingTokens ||
+ assertable instanceof HttpsTokenAssertionState ||
+ assertable instanceof RelTokenAssertionState ||
+ assertable instanceof SecurityContextTokenAssertionState ||
+ assertable instanceof SpnegoContextTokenAssertionState ||
+ assertable instanceof UsernameTokenAssertionState) {
doAssert = true;
}
- } else if (assertable instanceof TokenProtectionAssertionState) {
- doAssert = true;
- } else if (assertable instanceof SignatureConfirmationAssertionState) {
+ } else if (assertable instanceof TokenProtectionAssertionState ||
+ assertable instanceof SignatureConfirmationAssertionState ||
+ assertable instanceof IncludeTimeStampAssertionState ||
+ assertable instanceof RequiredPartsAssertionState ||
+ assertable instanceof SignatureProtectionAssertionState) {
doAssert = true;
}
- if (doAssert && !assertable.isAsserted()) {
+ if (!assertable.isAsserted() && (doAssert || assertable.isHardFailure())) {
assertionMessage = assertable.getErrorMessage();
failedAssertionStateMap.add(map);
assertionStateMapIterator.remove();
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RequiredElementsAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RequiredElementsAssertionState.java?rev=1504791&r1=1504790&r2=1504791&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RequiredElementsAssertionState.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RequiredElementsAssertionState.java Fri Jul 19 07:09:19 2013
@@ -87,6 +87,7 @@ public class RequiredElementsAssertionSt
@Override
public boolean isAsserted() {
+ clearErrorMessage();
Iterator<Map.Entry<List<QName>, Boolean>> elementMapIterator = pathElements.entrySet().iterator();
while (elementMapIterator.hasNext()) {
Map.Entry<List<QName>, Boolean> next = elementMapIterator.next();
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RequiredPartsAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RequiredPartsAssertionState.java?rev=1504791&r1=1504790&r2=1504791&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RequiredPartsAssertionState.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RequiredPartsAssertionState.java Fri Jul 19 07:09:19 2013
@@ -83,6 +83,7 @@ public class RequiredPartsAssertionState
@Override
public boolean isAsserted() {
+ clearErrorMessage();
Iterator<Map.Entry<Header, Boolean>> elementMapIterator = headers.entrySet().iterator();
while (elementMapIterator.hasNext()) {
Map.Entry<Header, Boolean> next = elementMapIterator.next();
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/RequiredPartsTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/RequiredPartsTest.java?rev=1504791&r1=1504790&r2=1504791&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/RequiredPartsTest.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/RequiredPartsTest.java Fri Jul 19 07:09:19 2013
@@ -18,7 +18,7 @@
*/
package org.apache.wss4j.policy.stax.test;
-import org.apache.wss4j.policy.WSSPolicyException;
+import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.policy.stax.PolicyEnforcer;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.securityEvent.OperationSecurityEvent;
@@ -40,24 +40,25 @@ public class RequiredPartsTest extends A
"</sp:RequiredParts>";
PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
- OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
- operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-
RequiredPartSecurityEvent requiredPartSecurityEvent = new RequiredPartSecurityEvent();
- requiredPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(requiredPartSecurityEvent);
List<QName> headerPath = new ArrayList<QName>();
headerPath.addAll(WSSConstants.SOAP_11_HEADER_PATH);
headerPath.add(new QName("http://example.org", "a"));
requiredPartSecurityEvent.setElementPath(headerPath);
policyEnforcer.registerSecurityEvent(requiredPartSecurityEvent);
- //additional encryptedParts are also allowed!
+
+ //additional requiredParts are also allowed!
+ requiredPartSecurityEvent = new RequiredPartSecurityEvent();
headerPath = new ArrayList<QName>();
headerPath.addAll(WSSConstants.SOAP_11_HEADER_PATH);
headerPath.add(new QName("http://example.org", "b"));
requiredPartSecurityEvent.setElementPath(headerPath);
policyEnforcer.registerSecurityEvent(requiredPartSecurityEvent);
+
+ OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
+ operationSecurityEvent.setOperation(new QName("definitions"));
+ policyEnforcer.registerSecurityEvent(operationSecurityEvent);
+
policyEnforcer.doFinal();
}
@@ -69,17 +70,20 @@ public class RequiredPartsTest extends A
"</sp:RequiredParts>";
PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ RequiredPartSecurityEvent requiredPartSecurityEvent = new RequiredPartSecurityEvent();
+ List<QName> headerPath = new ArrayList<QName>();
+ headerPath.addAll(WSSConstants.SOAP_11_HEADER_PATH);
+ headerPath.add(new QName("http://example.org", "b"));
+ requiredPartSecurityEvent.setElementPath(headerPath);
+ policyEnforcer.registerSecurityEvent(requiredPartSecurityEvent);
+
OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
operationSecurityEvent.setOperation(new QName("definitions"));
- policyEnforcer.registerSecurityEvent(operationSecurityEvent);
- RequiredPartSecurityEvent requiredPartSecurityEvent = new RequiredPartSecurityEvent();
- requiredPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
- policyEnforcer.registerSecurityEvent(requiredPartSecurityEvent);
try {
- policyEnforcer.doFinal();
+ policyEnforcer.registerSecurityEvent(operationSecurityEvent);
Assert.fail("Exception expected");
- } catch (WSSPolicyException e) {
+ } catch (WSSecurityException e) {
Assert.assertEquals(e.getMessage(), "Element {http://example.org}a must be present");
}
}
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/TransportBindingIntegrationTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/TransportBindingIntegrationTest.java?rev=1504791&r1=1504790&r2=1504791&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/TransportBindingIntegrationTest.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/TransportBindingIntegrationTest.java Fri Jul 19 07:09:19 2013
@@ -538,7 +538,7 @@ public class TransportBindingIntegration
outSecurityProperties.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE);
outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.USERNAMETOKEN, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
+ WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
outSecurityProperties.setOutAction(actions);
InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
@@ -552,17 +552,15 @@ public class TransportBindingIntegration
PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, inSecurityProperties));
-/*
HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
httpsTokenSecurityEvent.setIssuerName("transmitter");
httpsTokenSecurityEvent.setAuthenticationType(HttpsTokenSecurityEvent.AuthenticationType.HttpBasicAuthentication);
HttpsSecurityTokenImpl httpsSecurityToken = new HttpsSecurityTokenImpl(true, "transmitter");
httpsSecurityToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_MainSignature);
httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
-*/
List<SecurityEvent> securityEventList = new ArrayList<SecurityEvent>();
- //securityEventList.add(httpsTokenSecurityEvent);
+ securityEventList.add(httpsTokenSecurityEvent);
try {
Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), securityEventList, policyEnforcer);