You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2009/03/17 20:42:30 UTC
svn commit: r755365 - in /cxf/trunk/rt/ws:
policy/src/main/java/org/apache/cxf/ws/policy/
security/src/main/java/org/apache/cxf/ws/security/trust/
security/src/main/java/org/apache/cxf/ws/security/wss4j/
security/src/main/java/org/apache/cxf/ws/securit...
Author: dkulp
Date: Tue Mar 17 19:42:30 2009
New Revision: 755365
URL: http://svn.apache.org/viewvc?rev=755365&view=rev
Log:
Updates to make sure streams close. Cache some properties.
Modified:
cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyBuilderImpl.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
Modified: cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyBuilderImpl.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyBuilderImpl.java?rev=755365&r1=755364&r2=755365&view=diff
==============================================================================
--- cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyBuilderImpl.java (original)
+++ cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyBuilderImpl.java Tue Mar 17 19:42:30 2009
@@ -100,10 +100,11 @@
if (!Constants.ELEM_POLICY_REF.equals(element.getLocalName())) {
throw new PolicyException(new Message("NOT_A_POLICYREF_ELEMENT_EXC", BUNDLE));
}
-
- PolicyReference reference = new PolicyReference();
- reference.setURI(element.getAttribute("URI"));
- return reference;
+ synchronized (element) {
+ PolicyReference reference = new PolicyReference();
+ reference.setURI(element.getAttribute("URI"));
+ return reference;
+ }
}
/**
@@ -141,57 +142,59 @@
}
private PolicyOperator processOperationElement(Element operationElement, PolicyOperator operator) {
-
- if (Constants.TYPE_POLICY == operator.getType()) {
- Policy policyOperator = (Policy)operator;
- QName key;
-
- NamedNodeMap nnm = operationElement.getAttributes();
- for (int i = 0; i < nnm.getLength(); i++) {
- Node n = nnm.item(i);
- if (Node.ATTRIBUTE_NODE == n.getNodeType()) {
- String namespace = n.getNamespaceURI();
- if (namespace == null) {
- key = new QName(n.getLocalName());
-
- } else if (n.getPrefix() == null) {
- key = new QName(namespace, n.getLocalName());
-
- } else {
- key = new QName(namespace, n.getLocalName(), n.getPrefix());
+ synchronized (operationElement) {
+
+ if (Constants.TYPE_POLICY == operator.getType()) {
+ Policy policyOperator = (Policy)operator;
+ QName key;
+
+ NamedNodeMap nnm = operationElement.getAttributes();
+ for (int i = 0; i < nnm.getLength(); i++) {
+ Node n = nnm.item(i);
+ if (Node.ATTRIBUTE_NODE == n.getNodeType()) {
+ String namespace = n.getNamespaceURI();
+ if (namespace == null) {
+ key = new QName(n.getLocalName());
+
+ } else if (n.getPrefix() == null) {
+ key = new QName(namespace, n.getLocalName());
+
+ } else {
+ key = new QName(namespace, n.getLocalName(), n.getPrefix());
+ }
+ policyOperator.addAttribute(key, n.getNodeValue());
}
- policyOperator.addAttribute(key, n.getNodeValue());
- }
- }
- }
-
-
- Element childElement;
- for (Node n = operationElement.getFirstChild(); n != null; n = n.getNextSibling()) {
- if (Node.ELEMENT_NODE != n.getNodeType()) {
- continue;
+ }
}
- childElement = (Element)n;
- String namespaceURI = childElement.getNamespaceURI();
- String localName = childElement.getLocalName();
-
- QName qn = new QName(namespaceURI, localName);
- if (PolicyConstants.isPolicyElem(qn)) {
- operator.addPolicyComponent(getPolicyOperator(childElement));
- } else if (PolicyConstants.isAll(qn)) {
- operator.addPolicyComponent(getAllOperator(childElement));
- } else if (PolicyConstants.isExactlyOne(qn)) {
- operator.addPolicyComponent(getExactlyOneOperator(childElement));
- } else if (PolicyConstants.isPolicyRefElem(qn)) {
- operator.addPolicyComponent(getPolicyReference(childElement));
- } else if (null != assertionBuilderRegistry) {
- PolicyAssertion a = assertionBuilderRegistry.build(childElement);
- if (null != a) {
- operator.addPolicyComponent(a);
+
+
+ Element childElement;
+ for (Node n = operationElement.getFirstChild(); n != null; n = n.getNextSibling()) {
+ if (Node.ELEMENT_NODE != n.getNodeType()) {
+ continue;
+ }
+ childElement = (Element)n;
+ String namespaceURI = childElement.getNamespaceURI();
+ String localName = childElement.getLocalName();
+
+ QName qn = new QName(namespaceURI, localName);
+ if (PolicyConstants.isPolicyElem(qn)) {
+ operator.addPolicyComponent(getPolicyOperator(childElement));
+ } else if (PolicyConstants.isAll(qn)) {
+ operator.addPolicyComponent(getAllOperator(childElement));
+ } else if (PolicyConstants.isExactlyOne(qn)) {
+ operator.addPolicyComponent(getExactlyOneOperator(childElement));
+ } else if (PolicyConstants.isPolicyRefElem(qn)) {
+ operator.addPolicyComponent(getPolicyReference(childElement));
+ } else if (null != assertionBuilderRegistry) {
+ PolicyAssertion a = assertionBuilderRegistry.build(childElement);
+ if (null != a) {
+ operator.addPolicyComponent(a);
+ }
}
}
+ return operator;
}
- return operator;
}
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=755365&r1=755364&r2=755365&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java Tue Mar 17 19:42:30 2009
@@ -20,6 +20,7 @@
package org.apache.cxf.ws.security.trust;
import java.io.IOException;
+import java.io.InputStream;
import java.net.URL;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
@@ -794,13 +795,17 @@
}
if (url != null) {
properties = new Properties();
- properties.load(url.openStream());
+ InputStream ins = url.openStream();
+ properties.load(ins);
+ ins.close();
} else {
throw new Fault("Could not find properties file " + url, LOG);
}
} else if (o instanceof URL) {
properties = new Properties();
- properties.load(((URL)o).openStream());
+ InputStream ins = ((URL)o).openStream();
+ properties.load(ins);
+ ins.close();
}
if (properties != null) {
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java?rev=755365&r1=755364&r2=755365&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java Tue Mar 17 19:42:30 2009
@@ -21,10 +21,10 @@
import java.net.URI;
import java.util.HashMap;
import java.util.HashSet;
-import java.util.Hashtable;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
import javax.xml.namespace.QName;
@@ -57,7 +57,7 @@
private Set<String> after = new HashSet<String>();
private String phase;
private String id;
- private Map<String, Crypto> cryptoTable = new Hashtable<String, Crypto>();
+ private Map<String, Crypto> cryptoTable = new ConcurrentHashMap<String, Crypto>();
public AbstractWSS4JInterceptor() {
super();
@@ -160,13 +160,13 @@
*/
String sigPropFile = getString(WSHandlerConstants.SIG_PROP_FILE,
reqData.getMsgContext());
+ String refId = null;
if (sigPropFile != null) {
- if (cryptoTable.get(sigPropFile) == null) {
+ crypto = cryptoTable.get(sigPropFile);
+ if (crypto == null) {
crypto = CryptoFactory.getInstance(sigPropFile, this
.getClassLoader(reqData.getMsgContext()));
cryptoTable.put(sigPropFile, crypto);
- } else {
- crypto = cryptoTable.get(sigPropFile);
}
} else if (getString(WSHandlerConstants.SIG_PROP_REF_ID, reqData
.getMsgContext()) != null) {
@@ -174,19 +174,16 @@
* If the property file is missing then
* look for the Properties object
*/
- String refId = getString(WSHandlerConstants.SIG_PROP_REF_ID,
+ refId = getString(WSHandlerConstants.SIG_PROP_REF_ID,
reqData.getMsgContext());
if (refId != null) {
Object propObj = getProperty(reqData.getMsgContext(), refId);
if (propObj instanceof Properties) {
- if (cryptoTable.get(refId) == null) {
+ crypto = cryptoTable.get(refId);
+ if (crypto == null) {
crypto = CryptoFactory.getInstance((Properties)propObj);
cryptoTable.put(refId, crypto);
- } else {
- crypto = cryptoTable.get(refId);
}
- } else {
- return crypto;
}
}
}
@@ -198,13 +195,13 @@
Crypto crypto = null;
String decPropFile = getString(WSHandlerConstants.DEC_PROP_FILE,
reqData.getMsgContext());
+ String refId = null;
if (decPropFile != null) {
- if (cryptoTable.get(decPropFile) == null) {
+ crypto = cryptoTable.get(decPropFile);
+ if (crypto == null) {
crypto = CryptoFactory.getInstance(decPropFile, this
.getClassLoader(reqData.getMsgContext()));
cryptoTable.put(decPropFile, crypto);
- } else {
- crypto = cryptoTable.get(decPropFile);
}
} else if (getString(WSHandlerConstants.DEC_PROP_REF_ID, reqData
.getMsgContext()) != null) {
@@ -212,19 +209,16 @@
* If the property file is missing then
* look for the Properties object
*/
- String refId = getString(WSHandlerConstants.DEC_PROP_REF_ID,
+ refId = getString(WSHandlerConstants.DEC_PROP_REF_ID,
reqData.getMsgContext());
if (refId != null) {
Object propObj = getProperty(reqData.getMsgContext(), refId);
if (propObj instanceof Properties) {
- if (cryptoTable.get(refId) == null) {
+ crypto = cryptoTable.get(refId);
+ if (crypto == null) {
crypto = CryptoFactory.getInstance((Properties)propObj);
cryptoTable.put(refId, crypto);
- } else {
- crypto = cryptoTable.get(refId);
}
- } else {
- return crypto;
}
}
}
@@ -240,13 +234,13 @@
*/
String encPropFile = getString(WSHandlerConstants.ENC_PROP_FILE,
reqData.getMsgContext());
+ String refId = null;
if (encPropFile != null) {
- if (cryptoTable.get(encPropFile) == null) {
+ crypto = cryptoTable.get(encPropFile);
+ if (crypto == null) {
crypto = CryptoFactory.getInstance(encPropFile, this
.getClassLoader(reqData.getMsgContext()));
cryptoTable.put(encPropFile, crypto);
- } else {
- crypto = cryptoTable.get(encPropFile);
}
} else if (getString(WSHandlerConstants.ENC_PROP_REF_ID, reqData
.getMsgContext()) != null) {
@@ -254,19 +248,16 @@
* If the property file is missing then
* look for the Properties object
*/
- String refId = getString(WSHandlerConstants.ENC_PROP_REF_ID,
+ refId = getString(WSHandlerConstants.ENC_PROP_REF_ID,
reqData.getMsgContext());
if (refId != null) {
Object propObj = getProperty(reqData.getMsgContext(), refId);
if (propObj instanceof Properties) {
- if (cryptoTable.get(refId) == null) {
+ crypto = cryptoTable.get(refId);
+ if (crypto == null) {
crypto = CryptoFactory.getInstance((Properties)propObj);
cryptoTable.put(refId, crypto);
- } else {
- crypto = cryptoTable.get(encPropFile);
}
- } else {
- return crypto;
}
}
} else if (reqData.getSigCrypto() == null) {
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=755365&r1=755364&r2=755365&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java Tue Mar 17 19:42:30 2009
@@ -20,12 +20,15 @@
package org.apache.cxf.ws.security.wss4j;
import java.io.IOException;
+import java.io.InputStream;
import java.net.URL;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
+import java.util.Map;
import java.util.Properties;
import java.util.Vector;
+import java.util.concurrent.ConcurrentHashMap;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
@@ -37,9 +40,11 @@
import org.apache.cxf.Bus;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
+import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.resource.ResourceManager;
+import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.policy.PolicyAssertion;
@@ -64,6 +69,7 @@
*
*/
public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor {
+ public static final String PROPERTIES_CACHE = "ws-security.properties.cache";
/**
*
@@ -72,9 +78,24 @@
super(true);
}
-
+ protected static Map<Object, Properties> getPropertiesCache(SoapMessage message) {
+ EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
+ synchronized (info) {
+ Map<Object, Properties> o = CastUtils.cast((Map<?, ?>)message
+ .getContextualProperty(PROPERTIES_CACHE));
+ if (o == null) {
+ o = new ConcurrentHashMap<Object, Properties>();
+ info.setProperty(PROPERTIES_CACHE, o);
+ }
+ return o;
+ }
+ }
+
private static Properties getProps(Object o, SoapMessage message) {
- Properties properties = null;
+ Properties properties = getPropertiesCache(message).get(o);
+ if (properties != null) {
+ return properties;
+ }
if (o instanceof Properties) {
properties = (Properties)o;
} else if (o instanceof String) {
@@ -86,7 +107,9 @@
}
if (url != null) {
properties = new Properties();
- properties.load(url.openStream());
+ InputStream ins = url.openStream();
+ properties.load(ins);
+ ins.close();
}
} catch (IOException e) {
properties = null;
@@ -94,12 +117,16 @@
} else if (o instanceof URL) {
properties = new Properties();
try {
- properties.load(((URL)o).openStream());
+ InputStream ins = ((URL)o).openStream();
+ properties.load(ins);
+ ins.close();
} catch (IOException e) {
properties = null;
}
}
-
+ if (properties != null) {
+ getPropertiesCache(message).put(o, properties);
+ }
return properties;
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=755365&r1=755364&r2=755365&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Tue Mar 17 19:42:30 2009
@@ -20,6 +20,7 @@
package org.apache.cxf.ws.security.wss4j.policyhandlers;
import java.io.IOException;
+import java.io.InputStream;
import java.net.URL;
import java.security.KeyStoreException;
import java.security.cert.X509Certificate;
@@ -33,6 +34,7 @@
import java.util.Properties;
import java.util.Set;
import java.util.Vector;
+import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
@@ -59,11 +61,13 @@
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.endpoint.Endpoint;
+import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.helpers.MapNamespaceContext;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.resource.ResourceManager;
+import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.policy.PolicyAssertion;
@@ -119,7 +123,9 @@
*
*/
public abstract class AbstractBindingBuilder {
- private static final Logger LOG = LogUtils.getL7dLogger(AbstractBindingBuilder.class);
+ public static final String CRYPTO_CACHE = "ws-security.crypto.cache";
+ private static final Logger LOG = LogUtils.getL7dLogger(AbstractBindingBuilder.class);
+
protected SPConstants.ProtectionOrder protectionOrder = SPConstants.ProtectionOrder.SignBeforeEncrypting;
@@ -308,14 +314,27 @@
return null;
}
+ protected final Map<Object, Crypto> getCryptoCache() {
+ EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
+ synchronized (info) {
+ Map<Object, Crypto> o = CastUtils.cast((Map<?, ?>)message.getContextualProperty(CRYPTO_CACHE));
+ if (o == null) {
+ o = new ConcurrentHashMap<Object, Crypto>();
+ info.setProperty(CRYPTO_CACHE, o);
+ }
+ return o;
+ }
+ }
protected final TokenStore getTokenStore() {
- TokenStore tokenStore = (TokenStore)message.getContextualProperty(TokenStore.class.getName());
- if (tokenStore == null) {
- tokenStore = new MemoryTokenStore();
- message.getExchange().get(Endpoint.class).getEndpointInfo()
- .setProperty(TokenStore.class.getName(), tokenStore);
+ EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
+ synchronized (info) {
+ TokenStore tokenStore = (TokenStore)message.getContextualProperty(TokenStore.class.getName());
+ if (tokenStore == null) {
+ tokenStore = new MemoryTokenStore();
+ info.setProperty(TokenStore.class.getName(), tokenStore);
+ }
+ return tokenStore;
}
- return tokenStore;
}
protected WSSecTimestamp createTimestamp() {
Collection<AssertionInfo> ais;
@@ -879,7 +898,15 @@
}
- Object o = message.getContextualProperty(propKey);
+ Object o = message.getContextualProperty(propKey);
+ if (o == null) {
+ return null;
+ }
+
+ crypto = getCryptoCache().get(o);
+ if (crypto != null) {
+ return crypto;
+ }
Properties properties = null;
if (o instanceof Properties) {
properties = (Properties)o;
@@ -891,8 +918,10 @@
url = ClassLoaderUtils.getResource((String)o, this.getClass());
}
if (url != null) {
+ InputStream ins = url.openStream();
properties = new Properties();
- properties.load(url.openStream());
+ properties.load(ins);
+ ins.close();
} else {
policyNotAsserted(wrapper, "Could not find properties file " + o);
}
@@ -902,16 +931,19 @@
} else if (o instanceof URL) {
properties = new Properties();
try {
- properties.load(((URL)o).openStream());
+ InputStream ins = ((URL)o).openStream();
+ properties.load(ins);
+ ins.close();
} catch (IOException e) {
policyNotAsserted(wrapper, e);
}
}
if (properties != null) {
- return CryptoFactory.getInstance(properties);
+ crypto = CryptoFactory.getInstance(properties);
+ getCryptoCache().put(o, crypto);
}
- return null;
+ return crypto;
}
public void setKeyIdentifierType(WSSecBase secBase, TokenWrapper wrapper, Token token) {