You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by di...@apache.org on 2005/09/08 06:20:15 UTC

svn commit: r279508 - in /webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security: WSDoAllReceiver.java handler/WSSHandlerConstants.java

Author: dims
Date: Wed Sep  7 21:20:11 2005
New Revision: 279508

URL: http://svn.apache.org/viewcvs?rev=279508&view=rev
Log:
make the checking of action order optional


Modified:
    webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/WSDoAllReceiver.java
    webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSSHandlerConstants.java

Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/WSDoAllReceiver.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/WSDoAllReceiver.java?rev=279508&r1=279507&r2=279508&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/WSDoAllReceiver.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/WSDoAllReceiver.java Wed Sep  7 21:20:11 2005
@@ -28,6 +28,7 @@
 import org.apache.axis2.context.MessageContext;
 import org.apache.axis2.om.OMException;
 import org.apache.axis2.security.handler.WSDoAllHandler;
+import org.apache.axis2.security.handler.WSSHandlerConstants;
 import org.apache.axis2.security.util.Axis2Util;
 import org.apache.axis2.soap.SOAPEnvelope;
 import org.apache.axis2.soap.SOAPHeader;
@@ -265,20 +266,25 @@
                  throw new AxisFault(
                          "WSDoAllReceiver: security processing failed (actions number mismatch)");
              }
-             for (int i = 0; i < size; i++) {
-                 if (((Integer) actions.get(i)).intValue() != ((WSSecurityEngineResult) wsResult
-                         .get(i)).getAction()) {
-                     throw new AxisFault(
-                             "WSDoAllReceiver: security processing failed (actions mismatch)");
-                 }
-             }
-
-             /*
-             * All ok up to this point. Now construct and setup the security
-             * result structure. The service may fetch this and check it.
-             * Also the DoAllSender will use this in certain situations such as:
-             * USE_REQ_SIG_CERT to encrypt
-             */
+            String enforce = null;
+            if ((enforce = (String) getOption(WSSHandlerConstants.ENFORCE_ACTION_ORDER)) == null) {
+                enforce = (String) getProperty(msgContext, WSSHandlerConstants.ENFORCE_ACTION_ORDER);
+            }
+            if (enforce != null && (enforce.equalsIgnoreCase("yes") || enforce.equalsIgnoreCase("true"))) {
+                for (int i = 0; i < size; i++) {
+                    if (((Integer) actions.get(i)).intValue() != ((WSSecurityEngineResult) wsResult
+                            .get(i)).getAction()) {
+                        throw new AxisFault(
+                                "WSDoAllReceiver: security processing failed (actions mismatch)");
+                    }
+                }
+            }
+            /*
+            * All ok up to this point. Now construct and setup the security
+            * result structure. The service may fetch this and check it.
+            * Also the DoAllSender will use this in certain situations such as:
+            * USE_REQ_SIG_CERT to encrypt
+            */
              Vector results = null;
              if ((results = (Vector) getProperty(msgContext, WSHandlerConstants.RECV_RESULTS)) == null) {
                  results = new Vector();

Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSSHandlerConstants.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSSHandlerConstants.java?rev=279508&r1=279507&r2=279508&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSSHandlerConstants.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSSHandlerConstants.java Wed Sep  7 21:20:11 2005
@@ -21,12 +21,14 @@
  */
 public interface WSSHandlerConstants {
 
-	interface In {
+    public static final String ENFORCE_ACTION_ORDER = "EnforceActionOrder";
+
+    interface In {
 		public static final String ACTION = "InAction";
 		public static final String PW_CALLBACK_CLASS = "InPasswordCallbackClass";
 		public static final String SIG_PROP_FILE = "InSignaturePropFile";
 		public static final String SIG_KEY_ID = "InSignatureKeyIdentifier";
-	}
+    }
 	
 	interface Out {
 		public static final String ACTION = "OutAction";