You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by di...@apache.org on 2005/09/08 06:20:15 UTC
svn commit: r279508 - in
/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security:
WSDoAllReceiver.java handler/WSSHandlerConstants.java
Author: dims
Date: Wed Sep 7 21:20:11 2005
New Revision: 279508
URL: http://svn.apache.org/viewcvs?rev=279508&view=rev
Log:
make the checking of action order optional
Modified:
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/WSDoAllReceiver.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSSHandlerConstants.java
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/WSDoAllReceiver.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/WSDoAllReceiver.java?rev=279508&r1=279507&r2=279508&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/WSDoAllReceiver.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/WSDoAllReceiver.java Wed Sep 7 21:20:11 2005
@@ -28,6 +28,7 @@
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.om.OMException;
import org.apache.axis2.security.handler.WSDoAllHandler;
+import org.apache.axis2.security.handler.WSSHandlerConstants;
import org.apache.axis2.security.util.Axis2Util;
import org.apache.axis2.soap.SOAPEnvelope;
import org.apache.axis2.soap.SOAPHeader;
@@ -265,20 +266,25 @@
throw new AxisFault(
"WSDoAllReceiver: security processing failed (actions number mismatch)");
}
- for (int i = 0; i < size; i++) {
- if (((Integer) actions.get(i)).intValue() != ((WSSecurityEngineResult) wsResult
- .get(i)).getAction()) {
- throw new AxisFault(
- "WSDoAllReceiver: security processing failed (actions mismatch)");
- }
- }
-
- /*
- * All ok up to this point. Now construct and setup the security
- * result structure. The service may fetch this and check it.
- * Also the DoAllSender will use this in certain situations such as:
- * USE_REQ_SIG_CERT to encrypt
- */
+ String enforce = null;
+ if ((enforce = (String) getOption(WSSHandlerConstants.ENFORCE_ACTION_ORDER)) == null) {
+ enforce = (String) getProperty(msgContext, WSSHandlerConstants.ENFORCE_ACTION_ORDER);
+ }
+ if (enforce != null && (enforce.equalsIgnoreCase("yes") || enforce.equalsIgnoreCase("true"))) {
+ for (int i = 0; i < size; i++) {
+ if (((Integer) actions.get(i)).intValue() != ((WSSecurityEngineResult) wsResult
+ .get(i)).getAction()) {
+ throw new AxisFault(
+ "WSDoAllReceiver: security processing failed (actions mismatch)");
+ }
+ }
+ }
+ /*
+ * All ok up to this point. Now construct and setup the security
+ * result structure. The service may fetch this and check it.
+ * Also the DoAllSender will use this in certain situations such as:
+ * USE_REQ_SIG_CERT to encrypt
+ */
Vector results = null;
if ((results = (Vector) getProperty(msgContext, WSHandlerConstants.RECV_RESULTS)) == null) {
results = new Vector();
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSSHandlerConstants.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSSHandlerConstants.java?rev=279508&r1=279507&r2=279508&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSSHandlerConstants.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSSHandlerConstants.java Wed Sep 7 21:20:11 2005
@@ -21,12 +21,14 @@
*/
public interface WSSHandlerConstants {
- interface In {
+ public static final String ENFORCE_ACTION_ORDER = "EnforceActionOrder";
+
+ interface In {
public static final String ACTION = "InAction";
public static final String PW_CALLBACK_CLASS = "InPasswordCallbackClass";
public static final String SIG_PROP_FILE = "InSignaturePropFile";
public static final String SIG_KEY_ID = "InSignatureKeyIdentifier";
- }
+ }
interface Out {
public static final String ACTION = "OutAction";