You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2011/08/29 15:57:21 UTC
svn commit: r1162806 - in
/webservices/wss4j/trunk/src/main/java/org/apache/ws/security:
message/token/SecurityContextToken.java
processor/SecurityContextTokenProcessor.java validate/Credential.java
Author: coheigea
Date: Mon Aug 29 13:57:20 2011
New Revision: 1162806
URL: http://svn.apache.org/viewvc?rev=1162806&view=rev
Log:
Add the ability to use a Validator implementation to validate a SecurityContextToken
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/SecurityContextToken.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SecurityContextTokenProcessor.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/Credential.java
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/SecurityContextToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/SecurityContextToken.java?rev=1162806&r1=1162805&r2=1162806&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/SecurityContextToken.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/SecurityContextToken.java Mon Aug 29 13:57:20 2011
@@ -191,7 +191,7 @@ public class SecurityContextToken {
/**
* Returns the dom element of this <code>SecurityContextToken</code> object.
*
- * @return the <code>wsse:UsernameToken</code> element
+ * @return the <code>wsse:SecurityContextToken</code> element
*/
public Element getElement() {
return element;
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SecurityContextTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SecurityContextTokenProcessor.java?rev=1162806&r1=1162805&r2=1162806&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SecurityContextTokenProcessor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SecurityContextTokenProcessor.java Mon Aug 29 13:57:20 2011
@@ -26,11 +26,14 @@ import org.apache.ws.security.WSSecurity
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.SecurityContextToken;
+import org.apache.ws.security.validate.Credential;
+import org.apache.ws.security.validate.Validator;
import org.w3c.dom.Element;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.xml.namespace.QName;
import java.util.List;
import java.io.IOException;
@@ -48,13 +51,28 @@ public class SecurityContextTokenProcess
WSDocInfo wsDocInfo
) throws WSSecurityException {
SecurityContextToken sct = new SecurityContextToken(elem);
- byte[] secret = getSecret(data.getCallbackHandler(), sct);
+ Validator validator =
+ data.getValidator(new QName(elem.getNamespaceURI(), elem.getLocalName()));
+
WSSecurityEngineResult result =
new WSSecurityEngineResult(WSConstants.SCT, sct);
+ if (validator != null) {
+ // Hook to allow the user to validate the SecurityContextToken
+ Credential credential = new Credential();
+ credential.setSecurityContextToken(sct);
+
+ Credential returnedCredential = validator.validate(credential, data);
+ result.put(WSSecurityEngineResult.TAG_VALIDATED_TOKEN, Boolean.TRUE);
+ result.put(WSSecurityEngineResult.TAG_ID, sct.getID());
+ result.put(WSSecurityEngineResult.TAG_SECRET, returnedCredential.getSecretKey());
+ } else {
+ byte[] secret = getSecret(data.getCallbackHandler(), sct);
+ result.put(WSSecurityEngineResult.TAG_ID, sct.getID());
+ result.put(WSSecurityEngineResult.TAG_SECRET, secret);
+ }
+
wsDocInfo.addTokenElement(elem);
- result.put(WSSecurityEngineResult.TAG_ID, sct.getID());
- result.put(WSSecurityEngineResult.TAG_SECRET, secret);
wsDocInfo.addResult(result);
return java.util.Collections.singletonList(result);
}
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/Credential.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/Credential.java?rev=1162806&r1=1162805&r2=1162806&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/Credential.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/Credential.java Mon Aug 29 13:57:20 2011
@@ -24,6 +24,7 @@ import java.security.PublicKey;
import java.security.cert.X509Certificate;
import org.apache.ws.security.message.token.BinarySecurity;
+import org.apache.ws.security.message.token.SecurityContextToken;
import org.apache.ws.security.message.token.Timestamp;
import org.apache.ws.security.message.token.UsernameToken;
import org.apache.ws.security.saml.ext.AssertionWrapper;
@@ -42,10 +43,27 @@ public class Credential {
private BinarySecurity binarySecurityToken;
private AssertionWrapper assertion;
private AssertionWrapper transformedToken;
+ private SecurityContextToken securityContextToken;
private Principal principal;
private byte[] secretKey;
/**
+ * Set a SecurityContextToken to be validated
+ * @param securityContextToken a SecurityContextToken to be validated
+ */
+ public void setSecurityContextToken(SecurityContextToken securityContextToken) {
+ this.securityContextToken = securityContextToken;
+ }
+
+ /**
+ * Get a SecurityContextToken to be validated
+ * @return a SecurityContextToken to be validated
+ */
+ public SecurityContextToken getSecurityContextToken() {
+ return securityContextToken;
+ }
+
+ /**
* Set a SecretKey (byte[]) to be validated
* @param secretKey a SecretKey (byte) to be validated
*/