You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2009/07/08 21:02:31 UTC
svn commit: r792265 - in /cxf/trunk:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/
systests/src/test/resources/wsdl_systest/
Author: dkulp
Date: Wed Jul 8 19:02:30 2009
New Revision: 792265
URL: http://svn.apache.org/viewvc?rev=792265&view=rev
Log:
[CXF-2334] Support for the RequiredElements/RequiredParts assertions
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java?rev=792265&r1=792264&r2=792265&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java Wed Jul 8 19:02:30 2009
@@ -49,6 +49,8 @@
ASSERTION_TYPES.add(SP12Constants.USERNAME_TOKEN);
ASSERTION_TYPES.add(SP12Constants.TRANSPORT_TOKEN);
ASSERTION_TYPES.add(SP12Constants.SIGNED_PARTS);
+ ASSERTION_TYPES.add(SP12Constants.REQUIRED_PARTS);
+ ASSERTION_TYPES.add(SP12Constants.REQUIRED_ELEMENTS);
ASSERTION_TYPES.add(SP12Constants.ENCRYPTED_PARTS);
ASSERTION_TYPES.add(SP12Constants.ENCRYPTED_ELEMENTS);
ASSERTION_TYPES.add(SP12Constants.SIGNED_ELEMENTS);
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=792265&r1=792264&r2=792265&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java Wed Jul 8 19:02:30 2009
@@ -32,10 +32,12 @@
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
+import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPMessage;
import javax.xml.stream.XMLStreamException;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import org.w3c.dom.Element;
@@ -60,6 +62,8 @@
import org.apache.cxf.ws.security.policy.model.AsymmetricBinding;
import org.apache.cxf.ws.security.policy.model.ContentEncryptedElements;
import org.apache.cxf.ws.security.policy.model.Header;
+import org.apache.cxf.ws.security.policy.model.RequiredElements;
+import org.apache.cxf.ws.security.policy.model.RequiredParts;
import org.apache.cxf.ws.security.policy.model.SignedEncryptedElements;
import org.apache.cxf.ws.security.policy.model.SignedEncryptedParts;
import org.apache.cxf.ws.security.policy.model.SymmetricBinding;
@@ -519,6 +523,8 @@
assertXPathTokens(aim, SP12Constants.ENCRYPTED_ELEMENTS, encrypted, msg, doc, "encrypted", false);
assertXPathTokens(aim, SP12Constants.CONTENT_ENCRYPTED_ELEMENTS, encrypted, msg,
doc, "encrypted", true);
+
+ assertHeadersExists(aim, msg, doc);
assertAsymetricBinding(aim, msg, doc, prots, hasDerivedKeys);
assertSymetricBinding(aim, msg, doc, prots, hasDerivedKeys);
@@ -539,6 +545,51 @@
super.doResults(msg, actor, doc, results);
}
+ private void assertHeadersExists(AssertionInfoMap aim, SoapMessage msg, SOAPMessage doc)
+ throws SOAPException {
+
+ SOAPHeader header = doc.getSOAPHeader();
+ Collection<AssertionInfo> ais = aim.get(SP12Constants.REQUIRED_PARTS);
+ if (ais != null) {
+ for (AssertionInfo ai : ais) {
+ RequiredParts rp = (RequiredParts)ai.getAssertion();
+ ai.setAsserted(true);
+ for (Header h : rp.getHeaders()) {
+ if (header == null || !header.getChildElements(h.getQName()).hasNext()) {
+ ai.setNotAsserted("No header element of name " + h.getQName() + " found.");
+ }
+ }
+ }
+ }
+ ais = aim.get(SP12Constants.REQUIRED_ELEMENTS);
+ if (ais != null) {
+ for (AssertionInfo ai : ais) {
+ RequiredElements rp = (RequiredElements)ai.getAssertion();
+ ai.setAsserted(true);
+ Map<String, String> namespaces = rp.getDeclaredNamespaces();
+ XPathFactory factory = XPathFactory.newInstance();
+ for (String expression : rp.getXPathExpressions()) {
+ XPath xpath = factory.newXPath();
+ if (namespaces != null) {
+ xpath.setNamespaceContext(new MapNamespaceContext(namespaces));
+ }
+ NodeList list;
+ try {
+ list = (NodeList)xpath.evaluate(expression,
+ header,
+ XPathConstants.NODESET);
+ if (list.getLength() == 0) {
+ ai.setNotAsserted("No header element matching XPath " + expression + " found.");
+ }
+ } catch (XPathExpressionException e) {
+ ai.setNotAsserted("Invalid XPath expression " + expression + " " + e.getMessage());
+ }
+ }
+ }
+ }
+
+ }
+
private boolean assertSymetricBinding(AssertionInfoMap aim,
SoapMessage message,
SOAPMessage doc,
@@ -586,7 +637,7 @@
Protections prots,
boolean derived) {
Collection<AssertionInfo> ais = aim.get(SP12Constants.ASYMMETRIC_BINDING);
- if (ais == null) {
+ if (ais == null) {
return true;
}
for (AssertionInfo ai : ais) {
Modified: cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl?rev=792265&r1=792264&r2=792265&view=diff
==============================================================================
--- cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl (original)
+++ cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl Wed Jul 8 19:02:30 2009
@@ -392,6 +392,14 @@
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:XPath xmlns:example1="http://cxf.apache.org/policytest/DoubleIt">//example1:DoubleIt/numberToDouble</sp:XPath>
</sp:EncryptedElements>
+ <sp:RequiredElements
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:XPath xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">wsse:Security</sp:XPath>
+ </sp:RequiredElements>
+ <sp:RequiredParts
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Header Name="Security" Namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>
+ </sp:RequiredParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>