You are viewing a plain text version of this content. The canonical link for it is here.
Posted to axis-cvs@ws.apache.org by ru...@apache.org on 2006/01/25 11:14:35 UTC
svn commit: r372182 - in /webservices/axis2/trunk/java/modules:
core/src/org/apache/axis2/description/ security/src/META-INF/
security/src/org/apache/axis2/security/
security/src/org/apache/axis2/security/handler/
security/src/org/apache/axis2/security...
Author: ruchithf
Date: Wed Jan 25 02:14:09 2006
New Revision: 372182
URL: http://svn.apache.org/viewcvs?rev=372182&view=rev
Log:
- Update to the security module - one more step closer to supporting a subset of WS-SecurityPolicy assertions based on the existing WSS4J
- Fixed getParent() of PolicyInclude
Modified:
webservices/axis2/trunk/java/modules/core/src/org/apache/axis2/description/PolicyInclude.java
webservices/axis2/trunk/java/modules/security/src/META-INF/module.xml
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/SecurityModule.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSSHandlerConstants.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/config/InflowConfiguration.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/config/OutflowConfiguration.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/util/HandlerParameterDecoder.java
webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/WSS4JConfig.java
webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/WSS4JConfigBuilder.java
webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/SymmetricAsymmetricBindingBase.java
webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/WSSPolicyProcessor.java
webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/processors/AsymmetricBindingProcessor.java
Modified: webservices/axis2/trunk/java/modules/core/src/org/apache/axis2/description/PolicyInclude.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/core/src/org/apache/axis2/description/PolicyInclude.java?rev=372182&r1=372181&r2=372182&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/core/src/org/apache/axis2/description/PolicyInclude.java (original)
+++ webservices/axis2/trunk/java/modules/core/src/org/apache/axis2/description/PolicyInclude.java Wed Jan 25 02:14:09 2006
@@ -114,8 +114,8 @@
private PolicyInclude getParent() {
- if (description != null) {
- return description.getPolicyInclude();
+ if (description != null && description.getParent() != null) {
+ return description.getParent().getPolicyInclude();
}
return null;
}
Modified: webservices/axis2/trunk/java/modules/security/src/META-INF/module.xml
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/META-INF/module.xml?rev=372182&r1=372181&r2=372182&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/META-INF/module.xml (original)
+++ webservices/axis2/trunk/java/modules/security/src/META-INF/module.xml Wed Jan 25 02:14:09 2006
@@ -1,4 +1,4 @@
-<module name="security">
+<module name="security" class="org.apache.axis2.security.SecurityModule">
<inflow>
<handler name="SecurityInHandler" class="org.apache.axis2.security.WSDoAllReceiver">
<order phase="Dispatch" after="RequestURIBasedDispatcher"/>
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/SecurityModule.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/SecurityModule.java?rev=372182&r1=372181&r2=372182&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/SecurityModule.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/SecurityModule.java Wed Jan 25 02:14:09 2006
@@ -20,33 +20,83 @@
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.description.AxisDescription;
import org.apache.axis2.description.AxisModule;
+import org.apache.axis2.description.AxisOperation;
+import org.apache.axis2.description.Parameter;
import org.apache.axis2.engine.AxisConfiguration;
import org.apache.axis2.modules.Module;
+import org.apache.axis2.security.handler.WSSHandlerConstants;
+import org.apache.axis2.security.handler.config.InflowConfiguration;
+import org.apache.axis2.security.handler.config.OutflowConfiguration;
+import org.apache.axis2.security.util.HandlerParameterDecoder;
+import org.apache.ws.policy.Policy;
+import org.apache.ws.security.policy.WSS4JConfig;
+import org.apache.ws.security.policy.WSS4JConfigBuilder;
+import org.apache.ws.security.policy.parser.WSSPolicyProcessor;
public class SecurityModule implements Module {
- /* (non-Javadoc)
- * @see org.apache.axis2.modules.Module#engageNotify(org.apache.axis2.description.AxisDescription)
- */
public void engageNotify(AxisDescription axisDescription) throws AxisFault {
- // TODO TODO
- throw new UnsupportedOperationException("TODO");
+ Policy policy = axisDescription.getPolicyInclude().getEffectivePolicy();
+ if(axisDescription instanceof AxisOperation && policy != null) {
+// PolicyWriter writer = PolicyFactory.getPolicyWriter(PolicyFactory.StAX_POLICY_WRITER);
+// writer.writePolicy(policy, System.out);
+ try {
+ WSSPolicyProcessor wssPolicyProcessor = new WSSPolicyProcessor();
+ wssPolicyProcessor.setup();
+ wssPolicyProcessor.processPolicy(policy);
+
+ WSS4JConfig config = WSS4JConfigBuilder.build(wssPolicyProcessor.getRootPED().getTopLevelPEDs());
+
+ InflowConfiguration policyInflowConfig = config.getInflowConfiguration();
+ OutflowConfiguration policyOutflowConfig = config.getOutflowConfiguration();
+
+ Parameter inflowSecParam = axisDescription.getParameter(WSSHandlerConstants.INFLOW_SECURITY);
+ Parameter outflowSecParam = axisDescription.getParameter(WSSHandlerConstants.OUTFLOW_SECURITY);
+
+ InflowConfiguration staticInflowConfig = HandlerParameterDecoder.getInflowConfiguration(inflowSecParam);
+ OutflowConfiguration staticOutflowConfig = HandlerParameterDecoder.getOutflowConfiguration(outflowSecParam);
+
+ if(staticInflowConfig == null || staticOutflowConfig == null) {
+ throw new Exception("Static configuration not available!!!");
+ }
+ OutflowConfiguration mergedOutflowConfig = this
+ .mergeStaticAndPolicyOutflowConfiguration(
+ staticOutflowConfig, policyOutflowConfig);
+
+ InflowConfiguration mergedInflowConfig = this.mergeStaticAndPolicyInflowConfiguration(staticInflowConfig, policyInflowConfig);
+
+ axisDescription.addParameter(mergedOutflowConfig.getProperty());
+ axisDescription.addParameter(mergedInflowConfig.getProperty());
+ } catch (Exception e) {
+ throw new AxisFault(e.getMessage(),e);
+ }
+ }
}
- /* (non-Javadoc)
- * @see org.apache.axis2.modules.Module#shutdown(org.apache.axis2.engine.AxisConfiguration)
- */
public void shutdown(AxisConfiguration axisSystem) throws AxisFault {
- // TODO TODO
- throw new UnsupportedOperationException("TODO");
+ //Do nothing
}
- /* (non-Javadoc)
- * @see org.apache.axis2.modules.Module#init(org.apache.axis2.context.ConfigurationContext, org.apache.axis2.description.AxisModule)
- */
public void init(ConfigurationContext configContext, AxisModule module) throws AxisFault {
- // TODO TODO
- throw new UnsupportedOperationException("TODO");
+ //DO nothing
}
+ private OutflowConfiguration mergeStaticAndPolicyOutflowConfiguration(
+ OutflowConfiguration staticConfig, OutflowConfiguration policyConfig) {
+ policyConfig.setPasswordCallbackClass(staticConfig.getPasswordCallbackClass());
+ policyConfig.setSignaturePropFile(staticConfig.getSignaturePropFile());
+ policyConfig.setEncryptionPropFile(staticConfig.getEncryptionPropFile());
+ policyConfig.setEmbeddedKeyCallbackClass(staticConfig.getEmbeddedKeyCallbackClass());
+ policyConfig.setUser(staticConfig.getUser());
+ policyConfig.setEncryptionUser(staticConfig.getEncryptionUser());
+ return policyConfig;
+ }
+
+ private InflowConfiguration mergeStaticAndPolicyInflowConfiguration(
+ InflowConfiguration staticConfig, InflowConfiguration policyConfig) {
+ policyConfig.setPasswordCallbackClass(staticConfig.getPasswordCallbackClass());
+ policyConfig.setDecryptionPropFile(staticConfig.getDecryptionPropFile());
+ policyConfig.setSignaturePropFile(staticConfig.getSignaturePropFile());
+ return policyConfig;
+ }
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSSHandlerConstants.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSSHandlerConstants.java?rev=372182&r1=372181&r2=372182&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSSHandlerConstants.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSSHandlerConstants.java Wed Jan 25 02:14:09 2006
@@ -73,4 +73,8 @@
public static final String THUMBPRINT_IDENTIFIER = "Thumbprint";
+
+ public final static String SIGN_ALL_HEADERS = "signAllHeaders";
+ public final static String SIGN_BODY = "signBody";
+ public final static String ENCRYPT_BODY = "encryptBody";
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/config/InflowConfiguration.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/config/InflowConfiguration.java?rev=372182&r1=372181&r2=372182&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/config/InflowConfiguration.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/config/InflowConfiguration.java Wed Jan 25 02:14:09 2006
@@ -54,12 +54,15 @@
while (keys.hasNext()) {
String key = (String) keys.next();
- // Create an element with the name of the key
- OMElement elem = fac.createOMElement(key, ns);
- // Set the text value of the element
- elem.setText((String) action.get(key));
- // Add the element as a child of this action element
- actionElem.addChild(elem);
+ String value = (String) action.get(key);
+ if(value != null && value.length() > 0) {
+ // Create an element with the name of the key
+ OMElement elem = fac.createOMElement(key, ns);
+ // Set the text value of the element
+ elem.setText(value);
+ // Add the element as a child of this action element
+ actionElem.addChild(elem);
+ }
}
propertyElement.addChild(actionElem);
@@ -151,5 +154,5 @@
return (String) this.action
.get(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION);
}
-
+
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/config/OutflowConfiguration.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/config/OutflowConfiguration.java?rev=372182&r1=372181&r2=372182&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/config/OutflowConfiguration.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/config/OutflowConfiguration.java Wed Jan 25 02:14:09 2006
@@ -85,12 +85,15 @@
while (keys.hasNext()) {
String key = (String) keys.next();
- // Create an element with the name of the key
- OMElement elem = fac.createOMElement(key, ns);
- // Set the text value of the element
- elem.setText((String) action.get(key));
- // Add the element as a child of this action element
- actionElem.addChild(elem);
+ String value = (String) action.get(key);
+ if(value != null && value.length() > 0) {
+ // Create an element with the name of the key
+ OMElement elem = fac.createOMElement(key, ns);
+ // Set the text value of the element
+ elem.setText(value);
+ // Add the element as a child of this action element
+ actionElem.addChild(elem);
+ }
}
propertyElement.addChild(actionElem);
@@ -514,4 +517,18 @@
return (String) this.actionList[this.currentAction]
.get(WSSHandlerConstants.PRESERVE_ORIGINAL_ENV);
}
+
+
+ public void setSignAllHeadersAndBody() {
+ this.actionList[this.currentAction].put(WSSHandlerConstants.SIGN_ALL_HEADERS, "true");
+ this.setSignBody();
+ }
+
+ public void setSignBody() {
+ this.actionList[this.currentAction].put(WSSHandlerConstants.SIGN_BODY, "true");
+ }
+
+ public void setEncryptBody() {
+ this.actionList[this.currentAction].put(WSSHandlerConstants.ENCRYPT_BODY, "true");
+ }
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/util/HandlerParameterDecoder.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/util/HandlerParameterDecoder.java?rev=372182&r1=372181&r2=372182&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/util/HandlerParameterDecoder.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/util/HandlerParameterDecoder.java Wed Jan 25 02:14:09 2006
@@ -19,7 +19,10 @@
import org.apache.axis2.description.Parameter;
import org.apache.axis2.om.OMElement;
import org.apache.axis2.security.handler.WSSHandlerConstants;
+import org.apache.axis2.security.handler.config.InflowConfiguration;
+import org.apache.axis2.security.handler.config.OutflowConfiguration;
import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.WSHandlerConstants;
import javax.xml.namespace.QName;
import java.util.Iterator;
@@ -81,7 +84,7 @@
}
/*
- * Populate the ourflow parameters
+ * Populate the outflow parameters
*/
if (outFlowSecParam != null && !inflow) {
OMElement outFlowParamElem = outFlowSecParam.getParameterElement();
@@ -112,8 +115,77 @@
msgCtx.setProperty(WSSHandlerConstants.SENDER_REPEAT_COUNT,
new Integer(repetitionCount));
}
-
-
}
+
+ public static OutflowConfiguration getOutflowConfiguration(Parameter outflowConfigParam) throws Exception {
+ if (outflowConfigParam != null) {
+ OMElement outflowParamElem = outflowConfigParam.getParameterElement();
+
+ OMElement actionElem = outflowParamElem
+ .getFirstChildWithName(new QName(WSSHandlerConstants.ACTION));
+ if (actionElem == null) {
+ throw new Exception(
+ "Inflow configurtion must contain an 'action' "
+ + "elementas the child of 'InflowSecurity' element");
+ }
+
+ OutflowConfiguration outflowConfiguration = new OutflowConfiguration();
+
+ Iterator childElements = actionElem.getChildElements();
+ while (childElements.hasNext()) {
+ OMElement element = (OMElement) childElements.next();
+
+ String localName = element.getLocalName();
+ if(localName.equals(WSHandlerConstants.PW_CALLBACK_CLASS)) {
+ outflowConfiguration.setPasswordCallbackClass(element.getText());
+ } else if(localName.equals(WSHandlerConstants.SIG_PROP_FILE)) {
+ outflowConfiguration.setSignaturePropFile(element.getText());
+ } else if(localName.equals(WSHandlerConstants.ENC_PROP_FILE)) {
+ outflowConfiguration.setEncryptionPropFile(element.getText());
+ } else if(localName.equals(WSHandlerConstants.ENC_CALLBACK_CLASS)) {
+ outflowConfiguration.setEmbeddedKeyCallbackClass(element.getText());
+ } else if(localName.equals(WSHandlerConstants.USER)) {
+ outflowConfiguration.setUser(element.getText());
+ } else if(localName.equals(WSHandlerConstants.ENCRYPTION_USER)) {
+ outflowConfiguration.setEncryptionUser(element.getText());
+ }
+ }
+ return outflowConfiguration;
+ }
+ return null;
+ }
+
+ public static InflowConfiguration getInflowConfiguration(Parameter inflowConfigParam) throws Exception {
+
+ if (inflowConfigParam != null) {
+ OMElement inFlowParamElem = inflowConfigParam.getParameterElement();
+
+ OMElement actionElem = inFlowParamElem
+ .getFirstChildWithName(new QName(WSSHandlerConstants.ACTION));
+ if (actionElem == null) {
+ throw new Exception(
+ "Inflow configurtion must contain an 'action' "
+ + "elementas the child of 'InflowSecurity' element");
+ }
+
+ InflowConfiguration inflowConfiguration = new InflowConfiguration();
+
+ Iterator childElements = actionElem.getChildElements();
+ while (childElements.hasNext()) {
+ OMElement element = (OMElement) childElements.next();
+
+ String localName = element.getLocalName();
+ if(localName.equals(WSHandlerConstants.PW_CALLBACK_CLASS)) {
+ inflowConfiguration.setPasswordCallbackClass(element.getText());
+ } else if(localName.equals(WSHandlerConstants.SIG_PROP_FILE)) {
+ inflowConfiguration.setSignaturePropFile(element.getText());
+ } else if(localName.equals(WSHandlerConstants.DEC_PROP_FILE)) {
+ inflowConfiguration.setDecryptionPropFile(element.getText());
+ }
+ }
+ return inflowConfiguration;
+ }
+ return null;
+ }
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/WSS4JConfig.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/WSS4JConfig.java?rev=372182&r1=372181&r2=372182&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/WSS4JConfig.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/WSS4JConfig.java Wed Jan 25 02:14:09 2006
@@ -18,11 +18,16 @@
import org.apache.axis2.security.handler.config.InflowConfiguration;
import org.apache.axis2.security.handler.config.OutflowConfiguration;
+import org.apache.ws.security.policy.model.Binding;
public class WSS4JConfig {
- private OutflowConfiguration outflowConfiguration;
- private InflowConfiguration inflowConfiguration;
+ private OutflowConfiguration outflowConfiguration = new OutflowConfiguration();
+ private InflowConfiguration inflowConfiguration = new InflowConfiguration();
+
+ Binding binding;
+ boolean signature;
+ boolean encryption;
/**
* @return Returns the inflowConfiguration.
@@ -30,23 +35,23 @@
public InflowConfiguration getInflowConfiguration() {
return inflowConfiguration;
}
- /**
- * @param inflowConfiguration The inflowConfiguration to set.
- */
- public void setInflowConfiguration(InflowConfiguration inflowConfiguration) {
- this.inflowConfiguration = inflowConfiguration;
- }
+// /**
+// * @param inflowConfiguration The inflowConfiguration to set.
+// */
+// public void setInflowConfiguration(InflowConfiguration inflowConfiguration) {
+// this.inflowConfiguration = inflowConfiguration;
+// }
/**
* @return Returns the outflowConfiguration.
*/
public OutflowConfiguration getOutflowConfiguration() {
return outflowConfiguration;
}
- /**
- * @param outflowConfiguration The outflowConfiguration to set.
- */
- public void setOutflowConfiguration(OutflowConfiguration outflowConfiguration) {
- this.outflowConfiguration = outflowConfiguration;
- }
+// /**
+// * @param outflowConfiguration The outflowConfiguration to set.
+// */
+// public void setOutflowConfiguration(OutflowConfiguration outflowConfiguration) {
+// this.outflowConfiguration = outflowConfiguration;
+// }
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/WSS4JConfigBuilder.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/WSS4JConfigBuilder.java?rev=372182&r1=372181&r2=372182&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/WSS4JConfigBuilder.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/WSS4JConfigBuilder.java Wed Jan 25 02:14:09 2006
@@ -18,47 +18,117 @@
import java.util.ArrayList;
import java.util.Iterator;
+import org.apache.ws.security.WSConstants;
import org.apache.ws.security.policy.model.AsymmetricBinding;
import org.apache.ws.security.policy.model.Binding;
+import org.apache.ws.security.policy.model.Header;
import org.apache.ws.security.policy.model.PolicyEngineData;
-import org.apache.ws.security.policy.model.SymmetricBinding;
+import org.apache.ws.security.policy.model.SignedEncryptedParts;
+import org.apache.ws.security.policy.model.SymmetricAsymmetricBindingBase;
+import org.apache.ws.security.policy.model.TransportBinding;
import org.apache.ws.security.policy.model.Wss10;
import org.apache.ws.security.policy.model.Wss11;
public class WSS4JConfigBuilder {
- public static void build(ArrayList topLevelPeds) throws WSSPolicyException {
+ public static WSS4JConfig build(ArrayList topLevelPeds) throws WSSPolicyException {
Iterator topLevelPEDIterator = topLevelPeds.iterator();
WSS4JConfig config = new WSS4JConfig();
while (topLevelPEDIterator.hasNext()) {
PolicyEngineData ped = (PolicyEngineData) topLevelPEDIterator.next();
if(ped instanceof Binding) {
- if(ped instanceof SymmetricBinding) {
- processSymmetricPolicyBinding((SymmetricBinding)ped, config);
- } else {
- processAsymmetricPolicyBinding((AsymmetricBinding)ped, config);
- }
+ config.binding = (Binding)ped;
} else if(ped instanceof Wss10) {
processWSS10((Wss10)ped, config);
} else if(ped instanceof Wss11) {
processWSS11((Wss11)ped, config);
+ } else if (ped instanceof SignedEncryptedParts) {
+ processSignedEncryptedParts((SignedEncryptedParts)ped, config);
+ } else {
+ //Unrecognized token
}
}
+ finalizeConfig(config);
+ return config;
}
-
- private static void processSymmetricPolicyBinding(SymmetricBinding symmbinding, WSS4JConfig config) {
- //TODO
- throw new UnsupportedOperationException("TODO");
+ private static void finalizeConfig(WSS4JConfig config) throws WSSPolicyException{
+
+ if(config.binding instanceof TransportBinding) {
+ //TODO TransportBinding
+ throw new UnsupportedOperationException("TODO TransportBinding");
+ } else {
+ //Handle common properties from SymmetricAsymmetricBindingBase
+ SymmetricAsymmetricBindingBase base = (SymmetricAsymmetricBindingBase) config.binding;
+ if(base.isEntireHeaderAndBodySignatures()) {
+ config.getOutflowConfiguration().setSignAllHeadersAndBody();
+ }
+ if (base.isSignatureProtection()) {
+ if (base.getProtectionOrder().equals(
+ Constants.SIGN_BEFORE_ENCRYPTING)) {
+ //Makesure encryption is on
+ config.encryption = true;
+
+ //Add a sign part pointing to the signature
+ String encrParts = config.getOutflowConfiguration()
+ .getEncryptionParts();
+ boolean otherSignPartsExists = encrParts != null
+ && encrParts.length() > 0;
+ String part = getEncryptedPartSnippet(false, WSConstants.SIG_NS,
+ WSConstants.SIG_LN, !otherSignPartsExists);
+ if(otherSignPartsExists) {
+ part = encrParts + part;
+ }
+ config.getOutflowConfiguration().setEncryptionParts(part);
+ } else {
+ throw new WSSPolicyException("To enable SignatureProtection" +
+ " the ProtectionOrder must be SignBeforeEncrypting");
+ }
+ }
+ if(base.isTokenProtection()) {
+ throw new WSSPolicyException(
+ "TokenProtection is not supported right now " +
+ "since there's no way to specify how to sign " +
+ "the token that is used to sign ???");
+ }
+
+ //Start building action items
+ String actionItems = "";
+ if(config.signature && config.encryption) {
+ if(base.getProtectionOrder().equals(Constants.SIGN_BEFORE_ENCRYPTING)) {
+ actionItems = "Signature Encrypt";
+ } else {
+ actionItems = "Encrypt Signature";
+ }
+ } else if(config.signature) {
+ actionItems = " Signature";
+ } else if(config.encryption) {
+ actionItems = " Encrypt";
+ }
+
+ if(base.isIncludeTimestamp()) {
+ //TODO: Caution: including Timestamp as the starting action item
+ actionItems = " Timestamp " + actionItems;
+
+ }
+ if(actionItems.length() == 0) {
+ actionItems = "NoSecurity";
+ }
+ config.getInflowConfiguration().setActionItems(actionItems.trim());
+ config.getOutflowConfiguration().setActionItems(actionItems.trim());
+ }
+
+
+ if(config.binding instanceof AsymmetricBinding) {
+ //TODO Handle asymmetric binding
+ } else {
+ //TODO Handle symmetric binding
+ }
}
+
private static void processWSS10(Wss10 wss10, WSS4JConfig config) {
- //TODO
- throw new UnsupportedOperationException("TODO");
- }
- private static void processAsymmetricPolicyBinding(AsymmetricBinding binding, WSS4JConfig config) {
- // TODO TODO
- throw new UnsupportedOperationException("TODO");
+ //There's nothing to populate in WSS4J Config right now
}
private static void processWSS11(Wss11 wss11, WSS4JConfig config) {
@@ -68,4 +138,55 @@
}
}
+ private static void processSignedEncryptedParts(SignedEncryptedParts parts,
+ WSS4JConfig config) {
+ if(parts.isSignedParts()) {
+ config.signature = true;
+ if(parts.isBody()) {
+ config.getOutflowConfiguration().setSignBody();
+ }
+ Iterator headersIter = parts.getHeaders().iterator();
+ String signedParts = "";
+ while (headersIter.hasNext()) {
+ Header header = (Header) headersIter.next();
+ signedParts += getSignedPartSnippet(header.getNamespace(),
+ header.getNamespace(), signedParts.length() == 0);
+ }
+ if(signedParts.length() != 0) {
+ config.getOutflowConfiguration().setSignatureParts(signedParts);
+ }
+ } else {
+ config.encryption = true;
+ if(parts.isBody()) {
+ config.getOutflowConfiguration().setEncryptBody();
+ }
+ Iterator headersIter = parts.getHeaders().iterator();
+ String encryptedParts = "";
+ while (headersIter.hasNext()) {
+ Header header = (Header) headersIter.next();
+ encryptedParts += getEncryptedPartSnippet(false, header
+ .getNamespace(), header.getName(), encryptedParts
+ .length() == 0);
+ }
+ if(encryptedParts.length() != 0) {
+ config.getOutflowConfiguration().setEncryptionParts(encryptedParts);
+ }
+ }
+ }
+
+ private static String getSignedPartSnippet(String namespace, String name,
+ boolean first) {
+ return first ? "{Element}{" + namespace + "}" + name : ";{Element}{"
+ + namespace + "}" + name;
+ }
+
+ private static String getEncryptedPartSnippet(boolean content,
+ String namespace, String name, boolean first) {
+ String ret = "";
+ if(!first) {
+ ret=";";
+ }
+ return content ? ret + "{}{" + namespace + "}" + name : ret
+ + "{Element}{" + namespace + "}" + name;
+ }
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/SymmetricAsymmetricBindingBase.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/SymmetricAsymmetricBindingBase.java?rev=372182&r1=372181&r2=372182&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/SymmetricAsymmetricBindingBase.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/SymmetricAsymmetricBindingBase.java Wed Jan 25 02:14:09 2006
@@ -19,7 +19,7 @@
import org.apache.ws.security.policy.Constants;
import org.apache.ws.security.policy.WSSPolicyException;
-class SymmetricAsymmetricBindingBase extends Binding {
+public class SymmetricAsymmetricBindingBase extends Binding {
private String protectionOrder = Constants.SIGN_BEFORE_ENCRYPTING;
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/WSSPolicyProcessor.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/WSSPolicyProcessor.java?rev=372182&r1=372181&r2=372182&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/WSSPolicyProcessor.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/WSSPolicyProcessor.java Wed Jan 25 02:14:09 2006
@@ -62,7 +62,7 @@
SecurityProcessorContext secProcessorContext = null;
- boolean setup() throws NoSuchMethodException {
+ public boolean setup() throws NoSuchMethodException {
prdr = PolicyFactory.getPolicyReader(PolicyFactory.OM_POLICY_READER);
/*
@@ -372,4 +372,16 @@
}
}
}
+
+ /**
+ * @return Returns the secProcessorContext.
+ */
+ public RootPolicyEngineData getRootPED() {
+ if(this.secProcessorContext != null && this.secProcessorContext.getAction() == SecurityProcessorContext.NONE) {
+ return (RootPolicyEngineData)secProcessorContext.getPedStack().get(0);
+ } else {
+ return null;
+ }
+ }
+
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/processors/AsymmetricBindingProcessor.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/processors/AsymmetricBindingProcessor.java?rev=372182&r1=372181&r2=372182&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/processors/AsymmetricBindingProcessor.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/processors/AsymmetricBindingProcessor.java Wed Jan 25 02:14:09 2006
@@ -17,6 +17,7 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.ws.security.policy.model.Binding;
import org.apache.ws.security.policy.parser.SecurityPolicy;
import org.apache.ws.security.policy.parser.SecurityPolicyToken;
import org.apache.ws.security.policy.parser.SecurityProcessorContext;
@@ -135,6 +136,9 @@
log.debug("Processing "
+ spc.readCurrentSecurityToken().getTokenName() + ": "
+ SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ if(spc.getAction() == 2) {
+ ((Binding)spc.readCurrentPolicyEngineData()).setIncludeTimestamp(true);
+ }
return new Boolean(true);
}