You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2008/08/28 20:26:12 UTC
svn commit: r689924 - in /cxf/trunk:
api/src/main/java/org/apache/cxf/ws/policy/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/
rt/ws/security/src/main/java/org/apache/cxf/ws/sec...
Author: dkulp
Date: Thu Aug 28 11:26:10 2008
New Revision: 689924
URL: http://svn.apache.org/viewvc?rev=689924&view=rev
Log:
Get UsernameToken security-policy working
Added:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java (with props)
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java (with props)
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java (with props)
Modified:
cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/AssertionInfo.java
cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/AssertionInfoMap.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP11Constants.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SPConstants.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/LayoutBuilder.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/Layout.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SupportingToken.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TransportBinding.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
cxf/trunk/systests/src/test/java/org/apache/cxf/systest/mtom/MtomPolicyTest.java
cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/policy/HTTPServerPolicyTest.java
cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl
Modified: cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/AssertionInfo.java
URL: http://svn.apache.org/viewvc/cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/AssertionInfo.java?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/AssertionInfo.java (original)
+++ cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/AssertionInfo.java Thu Aug 28 11:26:10 2008
@@ -27,6 +27,7 @@
private boolean asserted;
private final PolicyAssertion assertion;
+ private String errorMessage;
public AssertionInfo(PolicyAssertion a) {
assertion = a;
@@ -37,6 +38,14 @@
public void setAsserted(boolean a) {
asserted = a;
}
+ public void setNotAsserted(String message) {
+ asserted = false;
+ errorMessage = message;
+ }
+ public String getErrorMessage() {
+ return errorMessage;
+ }
+
public PolicyAssertion getAssertion() {
return assertion;
}
Modified: cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/AssertionInfoMap.java
URL: http://svn.apache.org/viewvc/cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/AssertionInfoMap.java?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/AssertionInfoMap.java (original)
+++ cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/AssertionInfoMap.java Thu Aug 28 11:26:10 2008
@@ -113,7 +113,22 @@
return;
}
}
- throw new PolicyException(new Message("NO_ALTERNATIVE_EXC", BUNDLE, errors));
+ StringBuilder error = new StringBuilder("\n");
+ for (QName name : errors) {
+ Collection<AssertionInfo> ais = getAssertionInfo(name);
+ for (AssertionInfo ai : ais) {
+ if (!ai.isAsserted()) {
+ error.append("\n ");
+ error.append(name.toString());
+ if (ai.getErrorMessage() != null) {
+ error.append(": ").append(ai.getErrorMessage());
+ }
+ }
+ }
+ }
+
+
+ throw new PolicyException(new Message("NO_ALTERNATIVE_EXC", BUNDLE, error.toString()));
}
Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=689924&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java (added)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java Thu Aug 28 11:26:10 2008
@@ -0,0 +1,33 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security;
+
+/**
+ *
+ */
+public final class SecurityConstants {
+ public static final String USERNAME = "ws-security.username";
+ public static final String PASSWORD = "ws-security.password";
+ public static final String CALLBACK_HANDLER = "ws-security.callback-handler";
+
+ private SecurityConstants() {
+ //utility class
+ }
+}
Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP11Constants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP11Constants.java?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP11Constants.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP11Constants.java Thu Aug 28 11:26:10 2008
@@ -62,18 +62,6 @@
public static final QName LAYOUT = new QName(SP_NS, SPConstants.LAYOUT, SP_PREFIX);
- public static final QName STRICT = new QName(SP11Constants.SP_NS, SPConstants.LAYOUT_STRICT,
- SP11Constants.SP_PREFIX);
-
- public static final QName LAX = new QName(SP11Constants.SP_NS, SPConstants.LAYOUT_LAX ,
- SP11Constants.SP_PREFIX);
-
- public static final QName LAXTSFIRST = new QName(SP11Constants.SP_NS,
- SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST, SP11Constants.SP_PREFIX);
-
- public static final QName LAXTSLAST = new QName(SP11Constants.SP_NS,
- SPConstants.LAYOUT_LAX_TIMESTAMP_LAST, SP11Constants.SP_PREFIX);
-
// ////////////////
public static final QName INCLUDE_TIMESTAMP = new QName(SP_NS,
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java Thu Aug 28 11:26:10 2008
@@ -77,18 +77,6 @@
public static final QName LAYOUT = new QName(SP_NS, SPConstants.LAYOUT, SP_PREFIX);
- public static final QName STRICT = new QName(SP12Constants.SP_NS, SPConstants.LAYOUT_STRICT,
- SP12Constants.SP_PREFIX);
-
- public static final QName LAX = new QName(SP12Constants.SP_NS, SPConstants.LAYOUT_LAX ,
- SP12Constants.SP_PREFIX);
-
- public static final QName LAXTSFIRST = new QName(SP12Constants.SP_NS,
- SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST, SP12Constants.SP_PREFIX);
-
- public static final QName LAXTSLAST = new QName(SP12Constants.SP_NS,
- SPConstants.LAYOUT_LAX_TIMESTAMP_LAST, SP12Constants.SP_PREFIX);
-
// ////////////////
public static final QName INCLUDE_TIMESTAMP = new QName(SP12Constants.SP_NS,
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SPConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SPConstants.java?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SPConstants.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SPConstants.java Thu Aug 28 11:26:10 2008
@@ -37,27 +37,16 @@
////////////////////////////////////////////////////////////////////////////////////////////////
+
public static final String LAYOUT = "Layout";
- /**
- * Security Header Layout : Strict
- */
- public static final String LAYOUT_STRICT = "Strict";
-
- /**
- * Security Header Layout : Lax
- */
- public static final String LAYOUT_LAX = "Lax";
-
- /**
- * Security Header Layout : LaxTimestampFirst
- */
- public static final String LAYOUT_LAX_TIMESTAMP_FIRST = "LaxTimestampFirst";
+ public enum Layout {
+ Lax,
+ Strict,
+ LaxTimestampFirst,
+ LaxTimestampLast
+ };
- /**
- * Security Header Layout : LaxTimestampLast
- */
- public static final String LAYOUT_LAX_TIMESTAMP_LAST = "LaxTimestampLast";
////////////////////////////////////////////////////////////////////////////////////////////////
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/LayoutBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/LayoutBuilder.java?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/LayoutBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/LayoutBuilder.java Thu Aug 28 11:26:10 2008
@@ -62,15 +62,7 @@
if (polEl != null) {
Element child = DOMUtils.getFirstElement(polEl);
if (child != null) {
- if (SPConstants.LAYOUT_STRICT.equals(child.getLocalName())) {
- parent.setValue(SPConstants.LAYOUT_STRICT);
- } else if (SPConstants.LAYOUT_LAX.equals(child.getLocalName())) {
- parent.setValue(SPConstants.LAYOUT_LAX);
- } else if (SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST.equals(child.getLocalName())) {
- parent.setValue(SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST);
- } else if (SPConstants.LAYOUT_LAX_TIMESTAMP_LAST.equals(child.getLocalName())) {
- parent.setValue(SPConstants.LAYOUT_LAX_TIMESTAMP_LAST);
- }
+ parent.setValue(SPConstants.Layout.valueOf(child.getLocalName()));
}
}
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java Thu Aug 28 11:26:10 2008
@@ -90,35 +90,34 @@
for (AssertionInfo ai : ais) {
HttpsToken token = (HttpsToken)ai.getAssertion();
- boolean asserted = true;
HttpURLConnection connection =
(HttpURLConnection) message.get("http.connection");
+ ai.setAsserted(true);
Map<String, List<String>> headers = getSetProtocolHeaders(message);
if (connection instanceof HttpsURLConnection) {
HttpsURLConnection https = (HttpsURLConnection)connection;
if (token.isRequireClientCertificate()
&& https.getLocalCertificates().length == 0) {
- asserted = false;
+ ai.setNotAsserted("RequireClientCertificate is set, but no local certificates");
}
if (token.isHttpBasicAuthentication()) {
List<String> auth = headers.get("Authorization");
if (auth == null || auth.size() == 0
|| !auth.get(0).startsWith("Basic")) {
- asserted = false;
+ ai.setNotAsserted("HttpBasicAuthentication is set, but not being used");
}
}
if (token.isHttpDigestAuthentication()) {
List<String> auth = headers.get("Authorization");
if (auth == null || auth.size() == 0
|| !auth.get(0).startsWith("Digest")) {
- asserted = false;
+ ai.setNotAsserted("HttpDigestAuthentication is set, but not being used");
}
}
} else {
- asserted = false;
+ ai.setNotAsserted("HttpURLConnection is not a HttpsURLConnection");
}
- ai.setAsserted(asserted);
}
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/Layout.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/Layout.java?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/Layout.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/Layout.java Thu Aug 28 11:26:10 2008
@@ -26,8 +26,7 @@
import org.apache.cxf.ws.security.policy.SPConstants;
public class Layout extends AbstractSecurityAssertion {
-
- private String value = SPConstants.LAYOUT_LAX;
+ private SPConstants.Layout value = SPConstants.Layout.Lax;
public Layout(SPConstants version) {
super(version);
@@ -36,22 +35,15 @@
/**
* @return Returns the value.
*/
- public String getValue() {
+ public SPConstants.Layout getValue() {
return value;
}
/**
* @param value The value to set.
*/
- public void setValue(String value) {
- if (SPConstants.LAYOUT_LAX.equals(value) || SPConstants.LAYOUT_STRICT.equals(value)
- || SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST.equals(value)
- || SPConstants.LAYOUT_LAX_TIMESTAMP_LAST.equals(value)) {
- this.value = value;
- } else {
- // throw new WSSPolicyException("Incorrect layout value : " +
- // value);
- }
+ public void setValue(SPConstants.Layout value) {
+ this.value = value;
}
public QName getRealName() {
@@ -81,20 +73,7 @@
SPConstants.POLICY.getNamespaceURI());
// .. <sp:Strict /> | <sp:Lax /> | <sp:LaxTsFirst /> | <sp:LaxTsLast /> ..
- if (SPConstants.LAYOUT_STRICT.equals(value)) {
- writer.writeStartElement(prefix, SPConstants.LAYOUT_STRICT, namespaceURI);
-
- } else if (SPConstants.LAYOUT_LAX.equals(value)) {
- writer.writeStartElement(prefix, SPConstants.LAYOUT_LAX, namespaceURI);
-
- } else if (SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST.equals(value)) {
- writer.writeStartElement(prefix, SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST, namespaceURI);
-
- } else if (SPConstants.LAYOUT_LAX_TIMESTAMP_LAST.equals(value)) {
- writer.writeStartElement(prefix, SPConstants.LAYOUT_LAX_TIMESTAMP_LAST, namespaceURI);
- }
-
- writer.writeEndElement();
+ writer.writeEmptyElement(prefix, value.name(), namespaceURI);
// </wsp:Policy>
writer.writeEndElement();
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SupportingToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SupportingToken.java?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SupportingToken.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SupportingToken.java Thu Aug 28 11:26:10 2008
@@ -19,7 +19,6 @@
package org.apache.cxf.ws.security.policy.model;
import java.util.ArrayList;
-import java.util.Iterator;
import java.util.List;
import javax.xml.namespace.QName;
@@ -29,6 +28,9 @@
import org.apache.cxf.ws.security.policy.SP12Constants;
import org.apache.cxf.ws.security.policy.SPConstants;
import org.apache.cxf.ws.security.policy.SPConstants.SupportTokenType;
+import org.apache.neethi.All;
+import org.apache.neethi.ExactlyOne;
+import org.apache.neethi.Policy;
import org.apache.neethi.PolicyComponent;
public class SupportingToken extends AbstractSecurityAssertion implements AlgorithmWrapper, TokenWrapper {
@@ -279,22 +281,17 @@
writer.writeStartElement(pPrefix, SPConstants.POLICY.getLocalPart(), SPConstants.POLICY
.getNamespaceURI());
- Token token;
- for (Iterator iterator = getTokens().iterator(); iterator.hasNext();) {
+ for (Token token : getTokens()) {
// [Token Assertion] +
- token = (Token)iterator.next();
token.serialize(writer);
}
if (signedParts != null) {
signedParts.serialize(writer);
-
} else if (signedElements != null) {
signedElements.serialize(writer);
-
} else if (encryptedParts != null) {
encryptedParts.serialize(writer);
-
} else if (encryptedElements != null) {
encryptedElements.serialize(writer);
}
@@ -304,4 +301,37 @@
writer.writeEndElement();
// </sp:SupportingToken>
}
+
+
+ public Policy getPolicy() {
+ Policy p = new Policy();
+ ExactlyOne ea = new ExactlyOne();
+ p.addPolicyComponent(ea);
+ All all = new All();
+
+ for (Token token : getTokens()) {
+ all.addPolicyComponent(token);
+ }
+
+ if (signedParts != null) {
+ all.addPolicyComponent(signedParts);
+ } else if (signedElements != null) {
+ all.addPolicyComponent(signedElements);
+ } else if (encryptedParts != null) {
+ all.addPolicyComponent(encryptedParts);
+ } else if (encryptedElements != null) {
+ all.addPolicyComponent(encryptedElements);
+ }
+
+ ea.addPolicyComponent(all);
+ PolicyComponent pc = p.normalize(true);
+ if (pc instanceof Policy) {
+ return (Policy)pc;
+ } else {
+ p = new Policy();
+ p.addPolicyComponent(pc);
+ return p;
+ }
+ }
+
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TransportBinding.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TransportBinding.java?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TransportBinding.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TransportBinding.java Thu Aug 28 11:26:10 2008
@@ -126,30 +126,6 @@
}
public PolicyComponent normalize() {
return this;
- /*
- Policy p = new Policy();
- ExactlyOne ea = new ExactlyOne();
- p.addPolicyComponent(ea);
- All all = new All();
- if (transportToken != null) {
- all.addPolicyComponent(transportToken);
- }
- if (isIncludeTimestamp()) {
- all.addPolicyComponent(new PrimitiveAssertion(SP12Constants.INCLUDE_TIMESTAMP));
- }
- if (getLayout() != null) {
- all.addPolicyComponent(getLayout());
- }
- ea.addPolicyComponent(all);
- PolicyComponent pc = p.normalize(true);
- if (pc instanceof Policy) {
- return new NestedPrimitiveAssertion(getName(), false, (Policy)pc, true);
- } else {
- p = new Policy();
- p.addPolicyComponent(pc);
- return new NestedPrimitiveAssertion(getName(), false, p, true);
- }
- */
}
public Policy getPolicy() {
Policy p = new Policy();
@@ -174,6 +150,5 @@
p.addPolicyComponent(pc);
return p;
}
-
}
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java Thu Aug 28 11:26:10 2008
@@ -22,6 +22,7 @@
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
+import java.util.List;
import java.util.Map;
import java.util.Set;
@@ -37,6 +38,9 @@
import org.apache.cxf.ws.security.policy.SP12Constants;
import org.apache.cxf.ws.security.policy.SPConstants;
import org.apache.cxf.ws.security.policy.model.Layout;
+import org.apache.cxf.ws.security.policy.model.SupportingToken;
+import org.apache.cxf.ws.security.policy.model.Token;
+import org.apache.cxf.ws.security.policy.model.UsernameToken;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.handler.WSHandler;
@@ -145,20 +149,26 @@
this.before = before;
}
+ private boolean isRequestor(SoapMessage message) {
+ return Boolean.TRUE.equals(message.containsKey(
+ org.apache.cxf.message.Message.REQUESTOR_ROLE));
+ }
+
+
protected void checkPolicies(SoapMessage message, RequestData data) {
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
// extract Assertion information
+ String action = getString(WSHandlerConstants.ACTION, message);
+ if (action == null) {
+ action = "";
+ }
if (aim != null) {
Collection<AssertionInfo> ais = aim.get(SP12Constants.INCLUDE_TIMESTAMP);
if (ais != null) {
for (AssertionInfo ai : ais) {
- String action = getString(WSHandlerConstants.ACTION, message);
- if (action == null) {
- action = WSHandlerConstants.TIMESTAMP;
- } else {
- action += " " + WSHandlerConstants.TIMESTAMP;
+ if (!action.contains(WSHandlerConstants.TIMESTAMP)) {
+ action = WSHandlerConstants.TIMESTAMP + " " + action;
}
- message.put(WSHandlerConstants.ACTION, action);
ai.setAsserted(true);
}
}
@@ -167,7 +177,7 @@
for (AssertionInfo ai : ais) {
Layout lay = (Layout)ai.getAssertion();
//wss4j can only do "Lax"
- if (SPConstants.LAYOUT_LAX.equals(lay.getValue())) {
+ if (SPConstants.Layout.Lax == lay.getValue()) {
ai.setAsserted(true);
}
}
@@ -178,8 +188,38 @@
ai.setAsserted(true);
}
}
-
+ ais = aim.get(SP12Constants.SIGNED_SUPPORTING_TOKENS);
+ if (ais != null) {
+ for (AssertionInfo ai : ais) {
+ SupportingToken sp = (SupportingToken)ai.getAssertion();
+ action = doTokens(sp.getTokens(), action, aim, message);
+ ai.setAsserted(true);
+ }
+ }
+ message.put(WSHandlerConstants.ACTION, action.trim());
}
}
-
+
+ private String doTokens(List<Token> tokens,
+ String action,
+ AssertionInfoMap aim,
+ SoapMessage msg) {
+ for (Token token : tokens) {
+ if (token instanceof UsernameToken) {
+ if (!action.contains(WSHandlerConstants.USERNAME_TOKEN)
+ && !isRequestor(msg)) {
+ action = WSHandlerConstants.USERNAME_TOKEN + " " + action;
+ }
+ Collection<AssertionInfo> ais2 = aim.get(SP12Constants.USERNAME_TOKEN);
+ if (ais2 != null && !ais2.isEmpty()) {
+ for (AssertionInfo ai2 : ais2) {
+ if (ai2.getAssertion() == token) {
+ ai2.setAsserted(true);
+ }
+ }
+ }
+ }
+ }
+ return action;
+ }
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java Thu Aug 28 11:26:10 2008
@@ -33,10 +33,9 @@
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.policy.SP12Constants;
-import org.apache.cxf.ws.security.policy.SPConstants;
-import org.apache.cxf.ws.security.policy.model.Layout;
+import org.apache.cxf.ws.security.policy.model.TransportBinding;
+import org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler;
import org.apache.ws.security.message.WSSecHeader;
-import org.apache.ws.security.message.WSSecTimestamp;
public class PolicyBasedWSS4JOutInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
private PolicyBasedWSS4JOutInterceptorInternal ending;
@@ -83,46 +82,21 @@
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
// extract Assertion information
if (aim != null) {
- WSSecTimestamp timestamp = null;
- ais = aim.get(SP12Constants.INCLUDE_TIMESTAMP);
- if (ais != null) {
- for (AssertionInfo ai : ais) {
- timestamp = new WSSecTimestamp();
- timestamp.prepare(saaj.getSOAPPart());
- ai.setAsserted(true);
- }
- }
- ais = aim.get(SP12Constants.LAYOUT);
- if (ais != null) {
- for (AssertionInfo ai : ais) {
- Layout layout = (Layout)ai.getAssertion();
- if (SPConstants.LAYOUT_LAX_TIMESTAMP_LAST.equals(layout.getValue())) {
- if (timestamp == null) {
- ai.setAsserted(false);
- } else {
- ai.setAsserted(true);
- //get the timestamp into the header first before anything else
- timestamp.prependToHeader(secHeader);
- timestamp = null;
- }
- } else if (SPConstants.LAYOUT_STRICT.equals(layout.getValue())) {
- //FIXME - don't have strict writing working yet
- ai.setAsserted(false);
- } else {
- ai.setAsserted(true);
- }
- }
- }
+ TransportBinding transport = null;
ais = aim.get(SP12Constants.TRANSPORT_BINDING);
if (ais != null) {
for (AssertionInfo ai : ais) {
+ transport = (TransportBinding)ai.getAssertion();
ai.setAsserted(true);
}
}
- if (timestamp != null) {
- timestamp.prependToHeader(secHeader);
+
+
+ if (transport != null) {
+ new TransportBindingHandler(transport, saaj, secHeader, aim, message).handleBinding();
}
}
+
}
public Set<String> getAfter() {
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java Thu Aug 28 11:26:10 2008
@@ -46,6 +46,7 @@
import org.apache.cxf.phase.Phase;
import org.apache.cxf.security.SecurityContext;
import org.apache.cxf.staxutils.StaxUtils;
+import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngine;
@@ -325,7 +326,12 @@
*/
CallbackHandler cbHandler = null;
if ((doAction & (WSConstants.ENCR | WSConstants.UT)) != 0) {
- cbHandler = getPasswordCB(reqData);
+ cbHandler
+ = (CallbackHandler)((SoapMessage)reqData.getMsgContext())
+ .getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
+ if (cbHandler == null) {
+ cbHandler = getPasswordCB(reqData);
+ }
}
return cbHandler;
}
Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java?rev=689924&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java (added)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java Thu Aug 28 11:26:10 2008
@@ -0,0 +1,155 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.wss4j.policyhandlers;
+
+import java.util.Collection;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.xml.soap.SOAPMessage;
+
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.ws.policy.AssertionInfo;
+import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.policy.model.Binding;
+import org.apache.cxf.ws.security.policy.model.SupportingToken;
+import org.apache.cxf.ws.security.policy.model.Token;
+import org.apache.cxf.ws.security.policy.model.UsernameToken;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.message.WSSecHeader;
+import org.apache.ws.security.message.WSSecUsernameToken;
+
+/**
+ *
+ */
+public class BindingBuilder {
+ SOAPMessage saaj;
+ WSSecHeader secHeader;
+ AssertionInfoMap aim;
+ Binding binding;
+ SoapMessage message;
+
+ public BindingBuilder(Binding binding,
+ SOAPMessage saaj,
+ WSSecHeader secHeader,
+ AssertionInfoMap aim,
+ SoapMessage message) {
+ this.binding = binding;
+ this.aim = aim;
+ this.secHeader = secHeader;
+ this.saaj = saaj;
+ this.message = message;
+ }
+
+
+ private boolean isRequestor() {
+ return Boolean.TRUE.equals(message.containsKey(
+ org.apache.cxf.message.Message.REQUESTOR_ROLE));
+ }
+
+
+ protected void handleSupportingTokens(SupportingToken suppTokens) {
+ for (Token token : suppTokens.getTokens()) {
+ if (token instanceof UsernameToken) {
+ WSSecUsernameToken utBuilder = addUsernameToken((UsernameToken)token);
+ if (utBuilder != null) {
+ utBuilder.prepare(saaj.getSOAPPart());
+ utBuilder.appendToHeader(secHeader);
+ }
+ }
+ }
+ }
+
+
+
+ protected WSSecUsernameToken addUsernameToken(UsernameToken token) {
+
+ AssertionInfo info = null;
+ Collection<AssertionInfo> ais = aim.getAssertionInfo(token.getName());
+ for (AssertionInfo ai : ais) {
+ if (ai.getAssertion() == token) {
+ info = ai;
+ if (!isRequestor()) {
+ info.setAsserted(true);
+ return null;
+ }
+ }
+ }
+
+ String userName = (String)message.getContextualProperty(SecurityConstants.USERNAME);
+
+ if (!StringUtils.isEmpty(userName)) {
+ // If NoPassword property is set we don't need to set the password
+ if (token.isNoPassword()) {
+ WSSecUsernameToken utBuilder = new WSSecUsernameToken();
+ utBuilder.setUserInfo(userName, null);
+ utBuilder.setPasswordType(null);
+ info.setAsserted(true);
+ return utBuilder;
+ }
+
+ String password = (String)message.getContextualProperty(SecurityConstants.PASSWORD);
+ if (StringUtils.isEmpty(password)) {
+
+ //Then try to get the password from the given callback handler
+ CallbackHandler handler
+ = (CallbackHandler)message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
+
+ if (handler == null) {
+ info.setNotAsserted("No callback handler and not password available");
+ return null;
+ }
+
+ WSPasswordCallback[] cb = {new WSPasswordCallback(userName,
+ WSPasswordCallback.USERNAME_TOKEN)};
+ try {
+ handler.handle(cb);
+ } catch (Exception e) {
+ //REVISIT - Exception?
+ }
+
+ //get the password
+ password = cb[0].getPassword();
+ }
+
+ if (!StringUtils.isEmpty(password)) {
+ //If the password is available then build the token
+ WSSecUsernameToken utBuilder = new WSSecUsernameToken();
+ if (token.isHashPassword()) {
+ utBuilder.setPasswordType(WSConstants.PASSWORD_DIGEST);
+ } else {
+ utBuilder.setPasswordType(WSConstants.PASSWORD_TEXT);
+ }
+
+ utBuilder.setUserInfo(userName, password);
+ info.setAsserted(true);
+ return utBuilder;
+ } else {
+ info.setNotAsserted("No password available");
+ }
+ } else {
+ info.setNotAsserted("No username available");
+ }
+ return null;
+ }
+
+}
Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=689924&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java (added)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java Thu Aug 28 11:26:10 2008
@@ -0,0 +1,102 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.wss4j.policyhandlers;
+
+import java.util.Collection;
+
+import javax.xml.soap.SOAPMessage;
+
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.ws.policy.AssertionInfo;
+import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.cxf.ws.security.policy.SP12Constants;
+import org.apache.cxf.ws.security.policy.SPConstants;
+import org.apache.cxf.ws.security.policy.model.Layout;
+import org.apache.cxf.ws.security.policy.model.SupportingToken;
+import org.apache.cxf.ws.security.policy.model.TransportBinding;
+import org.apache.ws.security.message.WSSecHeader;
+import org.apache.ws.security.message.WSSecTimestamp;
+
+/**
+ *
+ */
+public class TransportBindingHandler extends BindingBuilder {
+ TransportBinding tbinding;
+
+ public TransportBindingHandler(TransportBinding binding,
+ SOAPMessage saaj,
+ WSSecHeader secHeader,
+ AssertionInfoMap aim,
+ SoapMessage message) {
+ super(binding, saaj, secHeader, aim, message);
+ this.tbinding = binding;
+ }
+
+ public void handleBinding() {
+ Collection<AssertionInfo> ais;
+ WSSecTimestamp timestamp = null;
+ ais = aim.get(SP12Constants.INCLUDE_TIMESTAMP);
+ if (ais != null) {
+ for (AssertionInfo ai : ais) {
+ timestamp = new WSSecTimestamp();
+ timestamp.prepare(saaj.getSOAPPart());
+ ai.setAsserted(true);
+ }
+ }
+ ais = aim.get(SP12Constants.LAYOUT);
+ if (ais != null) {
+ for (AssertionInfo ai : ais) {
+ Layout layout = (Layout)ai.getAssertion();
+ if (SPConstants.Layout.LaxTimestampLast == layout.getValue()) {
+ if (timestamp == null) {
+ ai.setAsserted(false);
+ } else {
+ ai.setAsserted(true);
+ //get the timestamp into the header first before anything else
+ timestamp.prependToHeader(secHeader);
+ timestamp = null;
+ }
+ } else if (SPConstants.Layout.Strict == layout.getValue()) {
+ //FIXME - don't have strict writing working yet
+ ai.setAsserted(false);
+ } else {
+ ai.setAsserted(true);
+ }
+ }
+ }
+ ais = aim.get(SP12Constants.SIGNED_SUPPORTING_TOKENS);
+ if (ais != null) {
+ SupportingToken sgndSuppTokens = null;
+ for (AssertionInfo ai : ais) {
+ sgndSuppTokens = (SupportingToken)ai.getAssertion();
+ ai.setAsserted(true);
+ }
+ if (sgndSuppTokens != null && sgndSuppTokens.getTokens() != null
+ && sgndSuppTokens.getTokens().size() > 0) {
+ handleSupportingTokens(sgndSuppTokens);
+ }
+ }
+
+ if (timestamp != null) {
+ timestamp.prependToHeader(secHeader);
+ }
+ }
+
+}
Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified: cxf/trunk/systests/src/test/java/org/apache/cxf/systest/mtom/MtomPolicyTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/mtom/MtomPolicyTest.java?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/systests/src/test/java/org/apache/cxf/systest/mtom/MtomPolicyTest.java (original)
+++ cxf/trunk/systests/src/test/java/org/apache/cxf/systest/mtom/MtomPolicyTest.java Thu Aug 28 11:26:10 2008
@@ -28,6 +28,7 @@
import org.w3c.dom.Element;
import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
import org.apache.cxf.Bus;
import org.apache.cxf.BusException;
@@ -76,9 +77,11 @@
Node res = invoke(address, "http://schemas.xmlsoap.org/soap/http", "nonmtom.xml");
- assertValid("//faultstring[text()='These policy alternatives can not be satisfied: "
- + "[{http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization}"
- + "OptimizedMimeSerialization]']", res);
+ NodeList list = assertValid("//faultstring", res);
+ String text = list.item(0).getTextContent();
+ assertTrue(text.contains("These policy alternatives can not be satisfied: "));
+ assertTrue(text.contains("{http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization}"
+ + "OptimizedMimeSerialization"));
}
@Test
Modified: cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/policy/HTTPServerPolicyTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/policy/HTTPServerPolicyTest.java?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/policy/HTTPServerPolicyTest.java (original)
+++ cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/policy/HTTPServerPolicyTest.java Thu Aug 28 11:26:10 2008
@@ -119,9 +119,10 @@
} catch (WebServiceException wse) {
SoapFault sf = (SoapFault)wse.getCause();
assertEquals("Server", sf.getFaultCode().getLocalPart());
- assertEquals("These policy alternatives can not be satisfied: "
- + "[{http://cxf.apache.org/transports/http/configuration}server]",
- sf.getMessage());
+
+ String text = sf.getMessage();
+ assertTrue(text.contains("{http://cxf.apache.org/transports/http/configuration}server"));
+
// assertEquals("INCOMPATIBLE_HTTPSERVERPOLICY_ASSERTIONS", ex.getCode());
}
Modified: cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java (original)
+++ cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java Thu Aug 28 11:26:10 2008
@@ -19,17 +19,24 @@
package org.apache.cxf.systest.ws.security;
+import java.io.IOException;
import java.math.BigInteger;
import javax.jws.WebService;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.xml.ws.BindingProvider;
import javax.xml.ws.Endpoint;
import org.apache.cxf.interceptor.LoggingOutInterceptor;
+import org.apache.cxf.jaxws.EndpointImpl;
import org.apache.cxf.policytest.doubleit.DoubleItPortType;
import org.apache.cxf.policytest.doubleit.DoubleItService;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.apache.cxf.ws.policy.PolicyEngine;
-import org.apache.cxf.ws.policy.PolicyException;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.ws.security.WSPasswordCallback;
import org.junit.BeforeClass;
import org.junit.Test;
@@ -38,14 +45,32 @@
public static final String POLICY_ADDRESS = "http://localhost:9010/SecPolTest";
public static final String POLICY_HTTPS_ADDRESS = "https://localhost:9009/SecPolTest";
+
+ public static class ServerPasswordCallback implements CallbackHandler {
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
+
+ if (pc.getIdentifer().equals("bob")) {
+ // set the password on the callback. This will be compared to the
+ // password which was sent from the client.
+ pc.setPassword("pwd");
+ }
+ }
+ }
+
+
+
@BeforeClass
public static void init() throws Exception {
createStaticBus(SecurityPolicyTest.class.getResource("https_config.xml").toString())
.getExtension(PolicyEngine.class).setEnabled(true);
getStaticBus().getOutInterceptors().add(new LoggingOutInterceptor());
- Endpoint.publish(POLICY_HTTPS_ADDRESS,
- new DoubleItImplHttps());
+ EndpointImpl ep = (EndpointImpl)Endpoint.publish(POLICY_HTTPS_ADDRESS,
+ new DoubleItImplHttps());
+ ep.getServer().getEndpoint().getEndpointInfo().setProperty(SecurityConstants.CALLBACK_HANDLER,
+ new ServerPasswordCallback());
Endpoint.publish(POLICY_ADDRESS,
new DoubleItImpl());
}
@@ -56,6 +81,16 @@
DoubleItPortType pt;
pt = service.getDoubleItPortHttps();
+ try {
+ pt.doubleIt(BigInteger.valueOf(25));
+ } catch (Exception ex) {
+ String msg = ex.getMessage();
+ if (!msg.contains("UsernameToken: No user")) {
+ throw ex;
+ }
+ }
+ ((BindingProvider)pt).getRequestContext().put(SecurityConstants.USERNAME, "bob");
+ ((BindingProvider)pt).getRequestContext().put(SecurityConstants.PASSWORD, "pwd");
pt.doubleIt(BigInteger.valueOf(25));
try {
@@ -63,7 +98,8 @@
pt.doubleIt(BigInteger.valueOf(25));
fail("https policy should have triggered");
} catch (Exception ex) {
- if (!(ex.getCause().getCause() instanceof PolicyException)) {
+ String msg = ex.getMessage();
+ if (!msg.contains("HttpsToken")) {
throw ex;
}
}
Modified: cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl (original)
+++ cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl Thu Aug 28 11:26:10 2008
@@ -90,11 +90,11 @@
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
- <!--sp:Layout>
+ <sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
- </sp:Layout-->
+ </sp:Layout>
<sp:IncludeTimestamp/>
<!--sp:AlgorithmSuite>
<wsp:Policy>
@@ -108,7 +108,7 @@
<sp:MustSupportRefKeyIdentifier/>
</wsp:Policy>
</sp:Wss10-->
- <!-- sp:SignedSupportingTokens>
+ <sp:SignedSupportingTokens>
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
@@ -116,7 +116,7 @@
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
- </sp:SignedSupportingTokens-->
+ </sp:SignedSupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>