You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2012/10/03 11:36:40 UTC
svn commit: r1393374 - in
/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j:
AbstractWSS4JInterceptor.java PolicyBasedWSS4JInInterceptor.java
WSS4JInInterceptor.java
Author: coheigea
Date: Wed Oct 3 09:36:40 2012
New Revision: 1393374
URL: http://svn.apache.org/viewvc?rev=1393374&view=rev
Log:
Merged revisions 1393360 via git cherry-pick from
https://svn.apache.org/repos/asf/cxf/trunk
........
r1393360 | coheigea | 2012-10-03 10:11:01 +0100 (Wed, 03 Oct 2012) | 3 lines
[CXF-4539] - WS-Security inbound performance regression
- Fix confirmed by Alessio.
........
Conflicts:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
Modified:
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java?rev=1393374&r1=1393373&r2=1393374&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java (original)
+++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java Wed Oct 3 09:36:40 2012
@@ -22,11 +22,11 @@ import java.io.InputStream;
import java.net.URI;
import java.net.URL;
import java.util.Collection;
-import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
import javax.xml.namespace.QName;
@@ -58,7 +58,8 @@ public abstract class AbstractWSS4JInter
HEADERS.add(new QName(WSConstants.ENC_NS, "EncryptedData"));
}
- private Map<String, Object> properties = new HashMap<String, Object>();
+ private Map<String, Object> properties = new ConcurrentHashMap<String, Object>();
+ private Map<String, Crypto> cryptoMap = new ConcurrentHashMap<String, Crypto>();
private Set<String> before = new HashSet<String>();
private Set<String> after = new HashSet<String>();
private String phase;
@@ -216,5 +217,49 @@ public abstract class AbstractWSS4JInter
}
}
}
+
+ // TODO Remove once we pick up WSS4J 1.6.8
+ @Override
+ protected Crypto loadCrypto(
+ String cryptoPropertyFile,
+ String cryptoPropertyRefId,
+ RequestData requestData
+ ) throws WSSecurityException {
+ Object mc = requestData.getMsgContext();
+ Crypto crypto = null;
+
+ //
+ // Try the Property Ref Id first
+ //
+ String refId = getString(cryptoPropertyRefId, mc);
+ if (refId != null) {
+ crypto = cryptoMap.get(refId);
+ if (crypto == null) {
+ Object obj = getProperty(mc, refId);
+ if (obj instanceof Properties) {
+ crypto = CryptoFactory.getInstance((Properties)obj);
+ cryptoMap.put(refId, crypto);
+ } else if (obj instanceof Crypto) {
+ crypto = (Crypto)obj;
+ cryptoMap.put(refId, crypto);
+ }
+ }
+ }
+
+ //
+ // Now try loading the properties file
+ //
+ if (crypto == null) {
+ String propFile = getString(cryptoPropertyFile, mc);
+ if (propFile != null) {
+ crypto = cryptoMap.get(propFile);
+ if (crypto == null) {
+ crypto = loadCryptoFromPropertiesFile(propFile, requestData);
+ cryptoMap.put(propFile, crypto);
+ }
+ }
+ }
+ return crypto;
+ }
}
Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=1393374&r1=1393373&r2=1393374&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java (original)
+++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java Wed Oct 3 09:36:40 2012
@@ -28,7 +28,6 @@ import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Properties;
-import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Logger;
import javax.xml.namespace.QName;
@@ -91,6 +90,7 @@ import org.apache.ws.security.WSDataRef;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.message.token.Timestamp;
@@ -100,7 +100,6 @@ import org.apache.ws.security.util.WSSec
*
*/
public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor {
- public static final String PROPERTIES_CACHE = "ws-security.properties.cache";
public static final PolicyBasedWSS4JInInterceptor INSTANCE
= new PolicyBasedWSS4JInInterceptor();
private static final Logger LOG = LogUtils.getL7dLogger(PolicyBasedWSS4JInInterceptor.class);
@@ -112,24 +111,8 @@ public class PolicyBasedWSS4JInIntercept
super(true);
}
- protected static Map<Object, Properties> getPropertiesCache(SoapMessage message) {
- EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
- synchronized (info) {
- Map<Object, Properties> o =
- CastUtils.cast((Map<?, ?>)message.getContextualProperty(PROPERTIES_CACHE));
- if (o == null) {
- o = new ConcurrentHashMap<Object, Properties>();
- info.setProperty(PROPERTIES_CACHE, o);
- }
- return o;
- }
- }
-
private static Properties getProps(Object o, String propsKey, URL propsURL, SoapMessage message) {
- Properties properties = getPropertiesCache(message).get(propsKey);
- if (properties != null) {
- return properties;
- }
+ Properties properties = null;
if (o instanceof Properties) {
properties = (Properties)o;
} else if (propsURL != null) {
@@ -143,9 +126,6 @@ public class PolicyBasedWSS4JInIntercept
}
}
- if (properties != null) {
- getPropertiesCache(message).put(propsKey, properties);
- }
return properties;
}
@@ -210,7 +190,7 @@ public class PolicyBasedWSS4JInIntercept
private String checkAsymmetricBinding(
AssertionInfoMap aim, String action, SoapMessage message
- ) {
+ ) throws WSSecurityException {
Collection<AssertionInfo> ais = aim.get(SP12Constants.ASYMMETRIC_BINDING);
if (ais == null || ais.isEmpty()) {
return action;
@@ -227,34 +207,25 @@ public class PolicyBasedWSS4JInIntercept
e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
}
- if (s != null) {
- URL propsURL = getPropertiesFileURL(s, message);
- String propsKey = s.toString();
- if (propsURL != null) {
- propsKey = propsURL.getPath();
- }
- message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + propsKey);
- if (s instanceof Crypto) {
- message.put("RefId-" + propsKey, (Crypto)s);
- } else {
- message.put("RefId-" + propsKey, getProps(s, propsKey, propsURL, message));
- }
- if (e == null) {
- e = s;
- }
+ Crypto encrCrypto = getEncryptionCrypto(e, message);
+ Crypto signCrypto = null;
+ if (e != null && e.equals(s)) {
+ signCrypto = encrCrypto;
+ } else {
+ signCrypto = getSignatureCrypto(s, message);
}
- if (e != null) {
- URL propsURL = getPropertiesFileURL(e, message);
- String propsKey = e.toString();
- if (propsURL != null) {
- propsKey = propsURL.getPath();
- }
- message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + propsKey);
- if (e instanceof Crypto) {
- message.put("RefId-" + propsKey, (Crypto)e);
- } else {
- message.put("RefId-" + propsKey, getProps(e, propsKey, propsURL, message));
- }
+
+ if (signCrypto != null) {
+ message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
+ message.put("RefId-" + signCrypto.hashCode(), signCrypto);
+ }
+
+ if (encrCrypto != null) {
+ message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + encrCrypto.hashCode());
+ message.put("RefId-" + encrCrypto.hashCode(), (Crypto)encrCrypto);
+ } else if (signCrypto != null) {
+ message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
+ message.put("RefId-" + signCrypto.hashCode(), (Crypto)signCrypto);
}
return action;
@@ -262,7 +233,7 @@ public class PolicyBasedWSS4JInIntercept
private String checkTransportBinding(
AssertionInfoMap aim, String action, SoapMessage message
- ) {
+ ) throws WSSecurityException {
Collection<AssertionInfo> ais = aim.get(SP12Constants.TRANSPORT_BINDING);
if (ais == null || ais.isEmpty()) {
return action;
@@ -279,34 +250,25 @@ public class PolicyBasedWSS4JInIntercept
e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
}
- if (s != null) {
- URL propsURL = getPropertiesFileURL(s, message);
- String propsKey = s.toString();
- if (propsURL != null) {
- propsKey = propsURL.getPath();
- }
- message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + propsKey);
- if (s instanceof Crypto) {
- message.put("RefId-" + propsKey, (Crypto)s);
- } else {
- message.put("RefId-" + propsKey, getProps(s, propsKey, propsURL, message));
- }
- if (e == null) {
- e = s;
- }
+ Crypto encrCrypto = getEncryptionCrypto(e, message);
+ Crypto signCrypto = null;
+ if (e != null && e.equals(s)) {
+ signCrypto = encrCrypto;
+ } else {
+ signCrypto = getSignatureCrypto(s, message);
}
- if (e != null) {
- URL propsURL = getPropertiesFileURL(e, message);
- String propsKey = e.toString();
- if (propsURL != null) {
- propsKey = propsURL.getPath();
- }
- message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + propsKey);
- if (e instanceof Crypto) {
- message.put("RefId-" + propsKey, (Crypto)e);
- } else {
- message.put("RefId-" + propsKey, getProps(e, propsKey, propsURL, message));
- }
+
+ if (signCrypto != null) {
+ message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
+ message.put("RefId-" + signCrypto.hashCode(), signCrypto);
+ }
+
+ if (encrCrypto != null) {
+ message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + encrCrypto.hashCode());
+ message.put("RefId-" + encrCrypto.hashCode(), (Crypto)encrCrypto);
+ } else if (signCrypto != null) {
+ message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
+ message.put("RefId-" + signCrypto.hashCode(), (Crypto)signCrypto);
}
return action;
@@ -314,7 +276,7 @@ public class PolicyBasedWSS4JInIntercept
private String checkSymmetricBinding(
AssertionInfoMap aim, String action, SoapMessage message
- ) {
+ ) throws WSSecurityException {
Collection<AssertionInfo> ais = aim.get(SP12Constants.SYMMETRIC_BINDING);
if (ais == null || ais.isEmpty()) {
return action;
@@ -331,71 +293,97 @@ public class PolicyBasedWSS4JInIntercept
e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
}
- if (e != null && s == null) {
- s = e;
- } else if (s != null && e == null) {
- e = s;
+ Crypto encrCrypto = getEncryptionCrypto(e, message);
+ Crypto signCrypto = null;
+ if (e != null && e.equals(s)) {
+ signCrypto = encrCrypto;
+ } else {
+ signCrypto = getSignatureCrypto(s, message);
}
if (isRequestor(message)) {
- if (e != null) {
- URL propsURL = getPropertiesFileURL(e, message);
- String propsKey = e.toString();
- if (propsURL != null) {
- propsKey = propsURL.getPath();
- }
- message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + propsKey);
- if (e instanceof Crypto) {
- message.put("RefId-" + propsKey, (Crypto)e);
- } else {
- message.put("RefId-" + propsKey, getProps(e, propsKey, propsURL, message));
- }
+ Crypto crypto = encrCrypto;
+ if (crypto == null) {
+ crypto = signCrypto;
+ }
+ if (crypto != null) {
+ message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + crypto.hashCode());
+ message.put("RefId-" + crypto.hashCode(), crypto);
}
- if (s != null) {
- URL propsURL = getPropertiesFileURL(s, message);
- String propsKey = s.toString();
- if (propsURL != null) {
- propsKey = propsURL.getPath();
- }
- message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + propsKey);
- if (s instanceof Crypto) {
- message.put("RefId-" + propsKey, (Crypto)s);
- } else {
- message.put("RefId-" + propsKey, getProps(s, propsKey, propsURL, message));
- }
+
+ crypto = signCrypto;
+ if (crypto == null) {
+ crypto = encrCrypto;
+ }
+ if (crypto != null) {
+ message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + crypto.hashCode());
+ message.put("RefId-" + crypto.hashCode(), crypto);
}
} else {
- if (s != null) {
- URL propsURL = getPropertiesFileURL(s, message);
- String propsKey = s.toString();
- if (propsURL != null) {
- propsKey = propsURL.getPath();
- }
- message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + propsKey);
- if (s instanceof Crypto) {
- message.put("RefId-" + propsKey, (Crypto)s);
- } else {
- message.put("RefId-" + propsKey, getProps(s, propsKey, propsURL, message));
- }
+ Crypto crypto = signCrypto;
+ if (crypto == null) {
+ crypto = encrCrypto;
+ }
+ if (crypto != null) {
+ message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + crypto.hashCode());
+ message.put("RefId-" + crypto.hashCode(), crypto);
}
- if (e != null) {
- URL propsURL = getPropertiesFileURL(e, message);
- String propsKey = e.toString();
- if (propsURL != null) {
- propsKey = propsURL.getPath();
- }
- message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + propsKey);
- if (e instanceof Crypto) {
- message.put("RefId-" + propsKey, (Crypto)e);
- } else {
- message.put("RefId-" + propsKey, getProps(e, propsKey, propsURL, message));
- }
+
+ crypto = encrCrypto;
+ if (crypto == null) {
+ crypto = signCrypto;
+ }
+ if (crypto != null) {
+ message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + crypto.hashCode());
+ message.put("RefId-" + crypto.hashCode(), crypto);
}
}
return action;
}
+ private Crypto getEncryptionCrypto(Object e, SoapMessage message) throws WSSecurityException {
+ Crypto encrCrypto = null;
+ if (e instanceof Crypto) {
+ encrCrypto = (Crypto)e;
+ } else if (e != null) {
+ URL propsURL = getPropertiesFileURL(e, message);
+ String propsKey = e.toString();
+ if (propsURL != null) {
+ propsKey = propsURL.getPath();
+ }
+ Properties props = getProps(e, propsKey, propsURL, message);
+ encrCrypto = CryptoFactory.getInstance(props);
+
+ EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
+ synchronized (info) {
+ info.setProperty(SecurityConstants.ENCRYPT_CRYPTO, encrCrypto);
+ }
+ }
+ return encrCrypto;
+ }
+
+ private Crypto getSignatureCrypto(Object s, SoapMessage message) throws WSSecurityException {
+ Crypto signCrypto = null;
+ if (s instanceof Crypto) {
+ signCrypto = (Crypto)s;
+ } else if (s != null) {
+ URL propsURL = getPropertiesFileURL(s, message);
+ String propsKey = s.toString();
+ if (propsURL != null) {
+ propsKey = propsURL.getPath();
+ }
+ Properties props = getProps(s, propsKey, propsURL, message);
+ signCrypto = CryptoFactory.getInstance(props);
+
+ EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
+ synchronized (info) {
+ info.setProperty(SecurityConstants.SIGNATURE_CRYPTO, signCrypto);
+ }
+ }
+ return signCrypto;
+ }
+
private boolean assertXPathTokens(AssertionInfoMap aim,
QName name,
Collection<WSDataRef> refs,
@@ -482,7 +470,7 @@ public class PolicyBasedWSS4JInIntercept
return true;
}
- protected void computeAction(SoapMessage message, RequestData data) {
+ protected void computeAction(SoapMessage message, RequestData data) throws WSSecurityException {
String action = getString(WSHandlerConstants.ACTION, message);
if (action == null) {
action = "";
Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1393374&r1=1393373&r2=1393374&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java (original)
+++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java Wed Oct 3 09:36:40 2012
@@ -423,7 +423,7 @@ public class WSS4JInInterceptor extends
* @param msg
* @param reqData
*/
- protected void computeAction(SoapMessage msg, RequestData reqData) {
+ protected void computeAction(SoapMessage msg, RequestData reqData) throws WSSecurityException {
//
// Try to get Crypto Provider from message context properties.
// It gives a possibility to use external Crypto Provider