You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2013/06/06 18:50:49 UTC
svn commit: r1490356 - in /webservices/wss4j/trunk:
ws-security-common/src/main/java/org/apache/wss4j/common/
ws-security-common/src/main/resources/
ws-security-stax/src/main/java/org/apache/wss4j/stax/
ws-security-stax/src/main/java/org/apache/wss4j/s...
Author: coheigea
Date: Thu Jun 6 16:50:49 2013
New Revision: 1490356
URL: http://svn.apache.org/r1490356
Log:
Added a "pure" Kerberos action + made it possible to take a Kerberos ticket from the security context
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
webservices/wss4j/trunk/ws-security-common/src/main/resources/wss4j-ehcache.xml
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/KerberosSecurityTokenOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosClientSecurityToken.java
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java?rev=1490356&r1=1490355&r2=1490356&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java Thu Jun 6 16:50:49 2013
@@ -96,6 +96,23 @@ public final class ConfigurationConstant
*/
public static final String ENCRYPT_DERIVED = "EncryptDerived";
+ /**
+ * Perform a Signature action with a kerberos token. The signature specific parameters define how
+ * to sign, which keys to use, and so on.
+ */
+ public static final String SIGNATURE_WITH_KERBEROS_TOKEN = "SignatureWithKerberosToken";
+
+ /**
+ * Perform a Encryption action with a kerberos token. The signature specific parameters define how
+ * to encrypt, which keys to use, and so on.
+ */
+ public static final String ENCRYPT_WITH_KERBEROS_TOKEN = "EncryptWithKerberosToken";
+
+ /**
+ * Add a kerberos token.
+ */
+ public static final String KERBEROS_TOKEN = "KerberosToken";
+
//
// User properties
//
Modified: webservices/wss4j/trunk/ws-security-common/src/main/resources/wss4j-ehcache.xml
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/resources/wss4j-ehcache.xml?rev=1490356&r1=1490355&r2=1490356&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/resources/wss4j-ehcache.xml (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/resources/wss4j-ehcache.xml Thu Jun 6 16:50:49 2013
@@ -1,4 +1,4 @@
-<ehcache xsi:noNamespaceSchemaLocation="ehcache.xsd" updateCheck="false" monitoring="autodetect" dynamicConfig="true">
+<ehcache xsi:noNamespaceSchemaLocation="ehcache.xsd" updateCheck="false" monitoring="autodetect" dynamicConfig="true" name="wss4jCache">
<diskStore path="java.io.tmpdir"/>
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java?rev=1490356&r1=1490355&r2=1490356&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java Thu Jun 6 16:50:49 2013
@@ -104,6 +104,12 @@ public final class ConfigurationConverte
actions.add(WSSConstants.SIGNATURE_WITH_DERIVED_KEY);
} else if (single[i].equals(ConfigurationConstants.ENCRYPT_DERIVED)) {
actions.add(WSSConstants.ENCRYPT_WITH_DERIVED_KEY);
+ } else if (single[i].equals(ConfigurationConstants.SIGNATURE_WITH_KERBEROS_TOKEN)) {
+ actions.add(WSSConstants.SIGNATURE_WITH_KERBEROS_TOKEN);
+ } else if (single[i].equals(ConfigurationConstants.ENCRYPT_WITH_KERBEROS_TOKEN)) {
+ actions.add(WSSConstants.ENCRYPT_WITH_KERBEROS_TOKEN);
+ } else if (single[i].equals(ConfigurationConstants.KERBEROS_TOKEN)) {
+ actions.add(WSSConstants.KERBEROS_TOKEN);
}
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java?rev=1490356&r1=1490355&r2=1490356&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java Thu Jun 6 16:50:49 2013
@@ -21,6 +21,7 @@ package org.apache.wss4j.stax.ext;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.stax.impl.processor.output.*;
import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.stax.ext.OutboundSecurityContext;
import org.apache.xml.security.stax.ext.OutputProcessor;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.impl.DocumentContextImpl;
@@ -86,7 +87,10 @@ public class OutboundWSSec {
public XMLStreamWriter processOutMessage(
OutputStream outputStream, String encoding, List<SecurityEvent> requestSecurityEvents,
SecurityEventListener securityEventListener) throws WSSecurityException {
- return processOutMessage((Object) outputStream, encoding, requestSecurityEvents, securityEventListener);
+ final OutboundSecurityContextImpl outboundSecurityContext = new OutboundSecurityContextImpl();
+ outboundSecurityContext.putList(SecurityEvent.class, requestSecurityEvents);
+ outboundSecurityContext.addSecurityEventListener(securityEventListener);
+ return processOutMessage((Object) outputStream, encoding, outboundSecurityContext);
}
/**
@@ -100,16 +104,28 @@ public class OutboundWSSec {
public XMLStreamWriter processOutMessage(
XMLStreamWriter xmlStreamWriter, String encoding, List<SecurityEvent> requestSecurityEvents,
SecurityEventListener securityEventListener) throws WSSecurityException {
- return processOutMessage((Object) xmlStreamWriter, encoding, requestSecurityEvents, securityEventListener);
- }
-
- private XMLStreamWriter processOutMessage(
- Object output, String encoding, List<SecurityEvent> requestSecurityEvents,
- SecurityEventListener securityEventListener) throws WSSecurityException {
-
final OutboundSecurityContextImpl outboundSecurityContext = new OutboundSecurityContextImpl();
outboundSecurityContext.putList(SecurityEvent.class, requestSecurityEvents);
outboundSecurityContext.addSecurityEventListener(securityEventListener);
+ return processOutMessage((Object) xmlStreamWriter, encoding, outboundSecurityContext);
+ }
+
+ /**
+ * This method is the entry point for the incoming security-engine.
+ * Hand over the original XMLStreamWriter and use the returned one for further processing
+ *
+ * @param xmlStreamWriter The original outputStream
+ * @return A new XMLStreamWriter which does transparently the security processing.
+ * @throws WSSecurityException thrown when a Security failure occurs
+ */
+ public XMLStreamWriter processOutMessage(
+ XMLStreamWriter xmlStreamWriter, String encoding, OutboundSecurityContext outbounSecurityContext) throws WSSecurityException {
+ return processOutMessage((Object) xmlStreamWriter, encoding, outbounSecurityContext);
+ }
+
+ public XMLStreamWriter processOutMessage(
+ Object output, String encoding, OutboundSecurityContext outboundSecurityContext
+ ) throws WSSecurityException {
final DocumentContextImpl documentContext = new DocumentContextImpl();
documentContext.setEncoding(encoding);
@@ -223,6 +239,10 @@ public class OutboundWSSec {
final EncryptOutputProcessor encryptOutputProcessor = new EncryptOutputProcessor();
initializeOutputProcessor(outputProcessorChain, encryptOutputProcessor, action);
+ } else if (WSSConstants.KERBEROS_TOKEN.equals(action)) {
+ final KerberosSecurityTokenOutputProcessor kerberosTokenOutputProcessor =
+ new KerberosSecurityTokenOutputProcessor();
+ initializeOutputProcessor(outputProcessorChain, kerberosTokenOutputProcessor, action);
}
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java?rev=1490356&r1=1490355&r2=1490356&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java Thu Jun 6 16:50:49 2013
@@ -266,6 +266,7 @@ public class WSSConstants extends XMLSec
public static final String NS_WSS_ENC_KEY_VALUE_TYPE = NS11_SOAPMESSAGE_SECURITY + "#EncryptedKey";
+ public static final String PROP_USE_THIS_TOKEN_ID_FOR_BST = "PROP_USE_THIS_TOKEN_ID_FOR_BST";
public static final String PROP_USE_THIS_TOKEN_ID_FOR_DERIVED_KEY = "PROP_USE_THIS_TOKEN_ID_FOR_DERIVED_KEY";
public static final String PROP_USE_THIS_TOKEN_ID_FOR_SECURITYCONTEXTTOKEN = "PROP_USE_THIS_TOKEN_ID_FOR_SECURITYCONTEXTTOKEN";
@@ -280,6 +281,7 @@ public class WSSConstants extends XMLSec
public static final Action SAML_TOKEN_UNSIGNED = new Action(ConfigurationConstants.SAML_TOKEN_UNSIGNED);
public static final Action SIGNATURE_WITH_KERBEROS_TOKEN = new Action("SignatureWithKerberosToken");
public static final Action ENCRYPT_WITH_KERBEROS_TOKEN = new Action("EncryptWithKerberosToken");
+ public static final Action KERBEROS_TOKEN = new Action("KerberosToken");
public static final AlgorithmUsage Comp_Key = new AlgorithmUsage("Comp_Key");
public static final AlgorithmUsage Enc_KD = new AlgorithmUsage("Enc_KD");
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/KerberosSecurityTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/KerberosSecurityTokenOutputProcessor.java?rev=1490356&r1=1490355&r2=1490356&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/KerberosSecurityTokenOutputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/KerberosSecurityTokenOutputProcessor.java Thu Jun 6 16:50:49 2013
@@ -52,48 +52,54 @@ public class KerberosSecurityTokenOutput
XMLSecurityConstants.Action action = getAction();
- final KerberosClientSecurityToken kerberosClientSecurityToken =
- new KerberosClientSecurityToken(
- ((WSSSecurityProperties) getSecurityProperties()).getCallbackHandler(),
- bstId
- );
-
-
- final SecurityTokenProvider<OutboundSecurityToken> kerberosSecurityTokenProvider =
- new SecurityTokenProvider<OutboundSecurityToken>() {
-
- @Override
- public OutboundSecurityToken getSecurityToken() throws WSSecurityException {
- return kerberosClientSecurityToken;
- }
-
- @Override
- public String getId() {
- return bstId;
- }
- };
+ String tokenId =
+ outputProcessorChain.getSecurityContext().get(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_BST);
+ KerberosClientSecurityToken kerberosToken = null;
+ if (tokenId != null) {
+ SecurityTokenProvider<OutboundSecurityToken> securityTokenProvider =
+ outputProcessorChain.getSecurityContext().getSecurityTokenProvider(tokenId);
+ kerberosToken = (KerberosClientSecurityToken)securityTokenProvider.getSecurityToken();
+ }
+ if (kerberosToken == null) {
+ final KerberosClientSecurityToken kerberosClientSecurityToken =
+ new KerberosClientSecurityToken(
+ ((WSSSecurityProperties) getSecurityProperties()).getCallbackHandler(),
+ bstId
+ );
+
+ final SecurityTokenProvider<OutboundSecurityToken> kerberosSecurityTokenProvider =
+ new SecurityTokenProvider<OutboundSecurityToken>() {
+
+ @Override
+ public OutboundSecurityToken getSecurityToken() throws WSSecurityException {
+ return kerberosClientSecurityToken;
+ }
+
+ @Override
+ public String getId() {
+ return bstId;
+ }
+ };
+
+ outputProcessorChain.getSecurityContext().registerSecurityTokenProvider(bstId, kerberosSecurityTokenProvider);
+ kerberosToken = kerberosClientSecurityToken;
+ }
+ FinalKerberosSecurityTokenOutputProcessor finalKerberosSecurityTokenOutputProcessor =
+ new FinalKerberosSecurityTokenOutputProcessor(kerberosToken);
+ finalKerberosSecurityTokenOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
+ finalKerberosSecurityTokenOutputProcessor.setAction(getAction());
+
if (WSSConstants.SIGNATURE_WITH_KERBEROS_TOKEN.equals(action)) {
outputProcessorChain.getSecurityContext().put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE, bstId);
- FinalKerberosSecurityTokenOutputProcessor finalKerberosSecurityTokenOutputProcessor =
- new FinalKerberosSecurityTokenOutputProcessor(kerberosClientSecurityToken);
- finalKerberosSecurityTokenOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
- finalKerberosSecurityTokenOutputProcessor.setAction(getAction());
finalKerberosSecurityTokenOutputProcessor.addBeforeProcessor(WSSSignatureOutputProcessor.class.getName());
- finalKerberosSecurityTokenOutputProcessor.init(outputProcessorChain);
- kerberosClientSecurityToken.setProcessor(finalKerberosSecurityTokenOutputProcessor);
} else if (WSSConstants.ENCRYPT_WITH_KERBEROS_TOKEN.equals(action)) {
outputProcessorChain.getSecurityContext().put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION, bstId);
- FinalKerberosSecurityTokenOutputProcessor finalKerberosSecurityTokenOutputProcessor =
- new FinalKerberosSecurityTokenOutputProcessor(kerberosClientSecurityToken);
- finalKerberosSecurityTokenOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
- finalKerberosSecurityTokenOutputProcessor.setAction(getAction());
finalKerberosSecurityTokenOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
- finalKerberosSecurityTokenOutputProcessor.init(outputProcessorChain);
- kerberosClientSecurityToken.setProcessor(finalKerberosSecurityTokenOutputProcessor);
}
+ finalKerberosSecurityTokenOutputProcessor.init(outputProcessorChain);
+ kerberosToken.setProcessor(finalKerberosSecurityTokenOutputProcessor);
- outputProcessorChain.getSecurityContext().registerSecurityTokenProvider(bstId, kerberosSecurityTokenProvider);
} finally {
outputProcessorChain.removeProcessor(this);
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosClientSecurityToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosClientSecurityToken.java?rev=1490356&r1=1490355&r2=1490356&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosClientSecurityToken.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosClientSecurityToken.java Thu Jun 6 16:50:49 2013
@@ -45,6 +45,12 @@ public class KerberosClientSecurityToken
private Key secretKey;
private byte[] ticket;
+ public KerberosClientSecurityToken(byte[] ticket, Key secretKey, String id) {
+ super(id, WSSecurityTokenConstants.KerberosToken);
+ this.ticket = ticket;
+ this.secretKey = secretKey;
+ }
+
public KerberosClientSecurityToken(CallbackHandler callbackHandler, String id) {
super(id, WSSecurityTokenConstants.KerberosToken);
this.callbackHandler = callbackHandler;