You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by ru...@apache.org on 2006/03/29 20:20:58 UTC
svn commit: r389849 - in
/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security:
rahas/ trust/ trust/impl/ util/
Author: ruchithf
Date: Wed Mar 29 10:20:56 2006
New Revision: 389849
URL: http://svn.apache.org/viewcvs?rev=389849&view=rev
Log:
- Updated the Sender to send the STS request and invoke the general security handlers when the context is not available and the STS address is available (using the STSRequester)
- Updated the Rahas Configuration to properly create the configuration element
- Updated TokenStorage to allow requesting a token by its id and updated the SimpleTokenStore
- Updated the SCTIssuer to include the issued token within the proper RequestedSecurityToken element
Added:
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/STSRequester.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Util.java
Modified:
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasConfiguration.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasHandlerConstants.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Sender.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/errors.properties
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/Constants.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/SimpleTokenStore.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenStorage.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/errors.properties
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/util/Axis2Util.java
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasConfiguration.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasConfiguration.java?rev=389849&r1=389848&r2=389849&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasConfiguration.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasConfiguration.java Wed Mar 29 10:20:56 2006
@@ -24,8 +24,15 @@
import org.apache.axis2.context.OperationContext;
import org.apache.axis2.description.Parameter;
import org.apache.axis2.security.trust.TokenStorage;
+import org.apache.axis2.security.util.Axis2Util;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.message.token.SecurityContextToken;
import org.apache.wsdl.WSDLConstants;
+import org.w3c.dom.Document;
+import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import java.util.Hashtable;
@@ -56,6 +63,9 @@
public final static QName CRYPTO_PROPERTIES_FILE = new QName(
"cryptoProperties");
+ public final static QName PW_CALLBACK_CLASS = new QName(
+ WSHandlerConstants.PW_CALLBACK_CLASS);
+
private String scope = SCOPE_SERVICE;
private String stsEPRAddress;
@@ -100,30 +110,62 @@
*/
private String cryptoPropertiesFile;
+ private String passwordCallbackClass;
+
+ /**
+ * WSPasswordCallback handler reference
+ */
+ private CallbackHandler passwordCallbackRef;
+
+ /**
+ * Whether this configuration instance is created/used by the sender
+ * handler or not
+ */
private boolean sender;
+ private Document doc;
+
+ private Crypto crypto;
+
+ private ClassLoader classLoader;
+
+ private SecurityContextToken sct;
+
public static RahasConfiguration load(MessageContext msgCtx, boolean sender)
- throws RahasException, AxisFault {
+ throws RahasException, WSSecurityException, AxisFault {
Parameter param = msgCtx.getParameter(RAHAS_CONFIG);
+ if(param == null) {
+ param = (Parameter)msgCtx.getProperty(RAHAS_CONFIG);
+ }
if(param != null) {
OMElement elem = param.getParameterElement();
- if(elem != null && elem.getLocalName().equals(RAHAS_CONFIG)) {
+ if (elem != null
+ && elem.getFirstElement() != null
+ && elem.getFirstElement().getLocalName().equals(
+ RAHAS_CONFIG)) {
+
+ OMElement conFileElem = elem.getFirstElement();
RahasConfiguration config = new RahasConfiguration();
- config.scope = getStringValue(elem.getFirstChildWithName(SCOPE));
+ config.msgCtx = msgCtx;
- config.stsEPRAddress = getStringValue(elem
+ config.scope = getStringValue(conFileElem.getFirstChildWithName(SCOPE));
+
+ config.stsEPRAddress = getStringValue(conFileElem
.getFirstChildWithName(STS_EPR_ADDRESS));
- config.keyDerivationAlgorithmClass = getStringValue(elem
+ config.keyDerivationAlgorithmClass = getStringValue(conFileElem
.getFirstChildWithName(KEY_DERIVATION_ALGORITHM_CLASS));
- config.tokenStoreClass = getStringValue(elem
+ config.tokenStoreClass = getStringValue(conFileElem
.getFirstChildWithName(TOKEN_STORE_CLASS));
- config.cryptoPropertiesFile = getStringValue(elem
+ config.cryptoPropertiesFile = getStringValue(conFileElem
.getFirstChildWithName(CRYPTO_PROPERTIES_FILE));
+
+ config.passwordCallbackClass = getStringValue(conFileElem
+ .getFirstChildWithName(PW_CALLBACK_CLASS));
//Get the action<->ctx-identifier map
config.contextMap = (Hashtable) msgCtx
@@ -154,7 +196,7 @@
MessageContext inMsgCtx;
RahasConfiguration inConfig = null;
if(opCtx != null && (inMsgCtx = opCtx.getMessageContext(WSDLConstants.MESSAGE_LABEL_IN_VALUE)) != null) {
- inConfig = (RahasConfiguration)inMsgCtx.getProperty(RahasHandlerConstants.RAHAS_CONFIG_KEY);
+ inConfig = (RahasConfiguration)inMsgCtx.getProperty(RAHAS_CONFIG);
}
if(inConfig != null && inConfig.contextIdentifier != null) {
config.contextIdentifier = inConfig.contextIdentifier;
@@ -171,7 +213,14 @@
config.cryptoClassName = (String) msgCtx
.getProperty(RahasHandlerConstants.CRYPTO_CLASS_KEY);
+ config.passwordCallbackRef = (CallbackHandler)msgCtx
+ .getProperty(WSHandlerConstants.PW_CALLBACK_REF);
+
config.sender = sender;
+
+ //Convert the Envelop to DOOM
+ config.doc = Axis2Util.getDocumentFromSOAPEnvelope(msgCtx.getEnvelope(), false);
+
return config;
} else {
throw new RahasException("missingConfiguration",
@@ -185,19 +234,13 @@
}
/**
- * @param scopeElem
+ * @param elem
* @throws RahasException
*/
- private static String getStringValue(OMElement scopeElem) throws RahasException {
- if(scopeElem != null) {
- String tempScope = scopeElem.getText();
- if(tempScope != null &&
- (SCOPE_SERVICE.equals(tempScope) ||
- SCOPE_OPERATION.equals(tempScope))) {
- return tempScope;
- } else {
- throw new RahasException("missingScopeValue");
- }
+ private static String getStringValue(OMElement elem) throws RahasException {
+ if(elem != null) {
+ String tempVal = elem.getText();
+ return tempVal;
}
return null;
}
@@ -206,20 +249,36 @@
OMFactory factory = OMAbstractFactory.getOMFactory();
OMElement elem = factory.createOMElement(RAHAS_CONFIG, null);
if (this.scope != null) {
- factory.createOMElement(SCOPE, elem).setText(this.scope);
+ OMElement tempElem = factory.createOMElement(SCOPE, elem);
+ tempElem.setText(this.scope);
+ elem.addChild(tempElem);
}
if (this.stsEPRAddress != null) {
- factory.createOMElement(STS_EPR_ADDRESS, elem).setText(
- this.stsEPRAddress);
+ OMElement tempElem = factory.createOMElement(STS_EPR_ADDRESS, elem);
+ tempElem.setText(this.stsEPRAddress);
+ elem.addChild(tempElem);
}
if (this.derivedKeyLength != null) {
- factory.createOMElement(DERIVED_KEY_LENGTH, elem).setText(
- this.derivedKeyLength);
+ OMElement tempElem = factory.createOMElement(DERIVED_KEY_LENGTH, elem);
+ tempElem.setText(this.derivedKeyLength);
+ elem.addChild(tempElem);
}
if (this.keyDerivationAlgorithmClass != null) {
- factory.createOMElement(KEY_DERIVATION_ALGORITHM_CLASS, elem)
- .setText(this.keyDerivationAlgorithmClass);
+ OMElement tempElem = factory.createOMElement(KEY_DERIVATION_ALGORITHM_CLASS, elem);
+ tempElem.setText(this.keyDerivationAlgorithmClass);
+ elem.addChild(tempElem);
+ }
+ if (this.passwordCallbackClass != null) {
+ OMElement tempElem = factory.createOMElement(PW_CALLBACK_CLASS, elem);
+ tempElem.setText(this.passwordCallbackClass);
+ elem.addChild(tempElem);
+ }
+ if(this.cryptoPropertiesFile != null) {
+ OMElement tempElem = factory.createOMElement(CRYPTO_PROPERTIES_FILE, elem);
+ tempElem.setText(this.cryptoPropertiesFile);
+ elem.addChild(tempElem);
}
+
return elem;
}
@@ -410,6 +469,83 @@
*/
protected boolean isSender() {
return sender;
+ }
+
+ /**
+ * @return Returns the doc.
+ */
+ protected Document getDocument() {
+ return doc;
+ }
+
+ /**
+ * @param doc The doc to set.
+ */
+ protected void setDocument(Document doc) {
+ this.doc = doc;
+ }
+
+ /**
+ * @return Returns the passwordCallbackClass.
+ */
+ public String getPasswordCallbackClass() {
+ return passwordCallbackClass;
+ }
+
+ /**
+ * @return Returns the passwordCallbackRef.
+ */
+ public CallbackHandler getPasswordCallbackRef() {
+ return passwordCallbackRef;
+ }
+
+ /**
+ * @return Returns the crypto.
+ */
+ protected Crypto getCrypto() {
+ return crypto;
+ }
+
+ /**
+ * @param crypto The crypto to set.
+ */
+ protected void setCrypto(Crypto crypto) {
+ this.crypto = crypto;
+ }
+
+ /**
+ * @return Returns the classLoader.
+ */
+ protected ClassLoader getClassLoader() {
+ return classLoader;
+ }
+
+ /**
+ * @param classLoader The classLoader to set.
+ */
+ protected void setClassLoader(ClassLoader classLoader) {
+ this.classLoader = classLoader;
+ }
+
+ /**
+ * @return Returns the sct.
+ */
+ protected SecurityContextToken getSecurityContextToken() {
+ return sct;
+ }
+
+ /**
+ * @param sct The sct to set.
+ */
+ protected void setSecurityContextToken(SecurityContextToken sct) {
+ this.sct = sct;
+ }
+
+ /**
+ * @param passwordCallbackClass The passwordCallbackClass to set.
+ */
+ public void setPasswordCallbackClass(String passwordCallbackClass) {
+ this.passwordCallbackClass = passwordCallbackClass;
}
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasHandlerConstants.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasHandlerConstants.java?rev=389849&r1=389848&r2=389849&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasHandlerConstants.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/RahasHandlerConstants.java Wed Mar 29 10:20:56 2006
@@ -52,11 +52,4 @@
*/
public final static String CRYPTO_CLASS_KEY = "cryptoClass";
- /**
- * Rahas Configuration of a certain message will be held in the message
- * context using this key
- * @see RahasConfiguration
- */
- public final static String RAHAS_CONFIG_KEY = "rahasConfiguration";
-
}
Added: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/STSRequester.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/STSRequester.java?rev=389849&view=auto
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/STSRequester.java (added)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/STSRequester.java Wed Mar 29 10:20:56 2006
@@ -0,0 +1,179 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security.rahas;
+
+import org.apache.axiom.om.OMDocument;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.databinding.types.URI;
+import org.apache.axis2.description.AxisService;
+import org.apache.axis2.description.OutInAxisOperation;
+import org.apache.axis2.description.Parameter;
+import org.apache.axis2.security.handler.WSSHandlerConstants;
+import org.apache.axis2.security.trust.Constants;
+import org.apache.axis2.security.trust.Token;
+import org.apache.axis2.security.trust.TrustException;
+import org.apache.axis2.security.trust.types.RequestSecurityTokenType;
+import org.apache.axis2.security.util.Axis2Util;
+import org.apache.axis2.util.Base64;
+import org.apache.axis2.util.Loader;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.message.token.SecurityContextToken;
+import org.apache.ws.security.processor.EncryptedKeyProcessor;
+import org.w3c.dom.Element;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.xml.namespace.QName;
+
+import java.util.Vector;
+
+public class STSRequester {
+
+ public static void issueRequest(RahasConfiguration config) throws RahasException, AxisFault {
+ MessageContext msgCtx = config.getMsgCtx();
+ AxisService axisService = new AxisService("SecurityTokenService");
+ QName rstQn = new QName("requestSecurityToken");
+ OutInAxisOperation operation = new OutInAxisOperation(rstQn);
+ axisService.addOperation(operation);
+ ServiceClient client = new ServiceClient(msgCtx
+ .getConfigurationContext(), axisService);
+
+ Options options = new Options();
+ options.setTo(new EndpointReference(config.getStsEPRAddress()));
+ options.setAction(Constants.RST_ACTON_SCT);
+
+ //Get the security configurations
+ Parameter outFlowParam = msgCtx
+ .getParameter(WSSHandlerConstants.OUTFLOW_SECURITY);
+ Parameter inFlowParam = msgCtx
+ .getParameter(WSSHandlerConstants.INFLOW_SECURITY);
+
+ if(outFlowParam == null) {
+ outFlowParam = (Parameter) msgCtx
+ .getProperty(WSSHandlerConstants.OUTFLOW_SECURITY);
+ }
+ if(inFlowParam == null) {
+ inFlowParam = (Parameter) msgCtx
+ .getProperty(WSSHandlerConstants.INFLOW_SECURITY);
+ }
+
+ options.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY, outFlowParam);
+ options.setProperty(WSSHandlerConstants.INFLOW_SECURITY, inFlowParam);
+
+ client.setOptions(options);
+
+ RequestSecurityTokenType rst = new RequestSecurityTokenType();
+
+ try {
+ rst.setRequestType(new URI(Constants.REQ_TYPE_ISSUE));
+ rst.setTokenType(new URI(Constants.TOK_TYPE_SCT));
+ rst.setContext(new URI("http://get.optional.attrs.working"));
+ StAXOMBuilder builder = new StAXOMBuilder(rst
+ .getPullParser(new QName(Constants.WST_NS,
+ Constants.REQUEST_SECURITY_TOKEN_LN)));
+
+ OMElement tempResult = client.sendReceive(rstQn, builder.getDocumentElement());
+
+ OMElement elem = Axis2Util.toDOOM(((OMDocument) config.getDocument())
+ .getOMFactory(), tempResult);
+ processRSTR(elem, config);
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new RahasException(e.getMessage());
+ }
+ }
+
+ private static void processRSTR(OMElement rstr, RahasConfiguration config)
+ throws Exception {
+ //Extract the SecurityContextToken
+ OMElement rstElem = rstr.getFirstChildWithName(new QName(
+ Constants.WST_NS, Constants.REQUESTED_SECURITY_TOKEN_LN));
+ Token token = null;
+ if(rstElem != null) {
+ OMElement sctElem = rstElem.getFirstChildWithName(SecurityContextToken.TOKEN);
+ if(sctElem != null) {
+ SecurityContextToken sct = new SecurityContextToken((Element)sctElem);
+ token = new Token(sct.getIdentifier(), sctElem);
+ } else {
+ throw new RahasException("sctMissingInResponse");
+ }
+ } else {
+ throw new TrustException("reqestedSecTokMissing");
+ }
+
+ // Process RequestedProofToken and extract the secret
+ byte[] secret = null;
+ OMElement rpt = rstr.getFirstChildWithName(new QName(Constants.WST_NS,
+ Constants.REQUESTED_PROOF_TOKEN_LN));
+ if (rpt != null) {
+ OMElement elem = rpt.getFirstElement();
+
+ if (WSConstants.ENC_KEY_LN.equals(elem.getLocalName())
+ && WSConstants.ENC_NS
+ .equals(elem.getNamespace().getName())) {
+ //Handle the xenc:EncryptedKey case
+ EncryptedKeyProcessor processor = new EncryptedKeyProcessor();
+ processor.handleToken((Element) elem, null,
+ Util.getCryptoInstace(config),
+ getCallbackHandlerInstance(config), null, new Vector(),
+ null);
+ secret = processor.getDecryptedBytes();
+ } else if (Constants.BINARY_SECRET.equals(elem.getLocalName())
+ && Constants.WST_NS.equals(elem.getNamespace().getName())) {
+ //Handle the wst:BinarySecret case
+ secret = Base64.decode(elem.getText());
+ } else {
+ throw new TrustException("notSupported", new String[] { "{"
+ + elem.getNamespace().getName() + "}"
+ + elem.getLocalName() });
+ }
+ } else {
+ throw new TrustException("rptMissing");
+ }
+
+ token.setSecret(secret);
+ config.getTokenStore().add(token);
+ }
+
+
+ private static CallbackHandler getCallbackHandlerInstance(
+ RahasConfiguration config) throws Exception {
+ if (config.getPasswordCallbackRef() != null) {
+ return config.getPasswordCallbackRef();
+ } else if (config.getPasswordCallbackClass() != null) {
+ if (config.getClassLoader() != null) {
+ Class clazz = Loader.loadClass(config.getClassLoader(), config
+ .getPasswordCallbackClass());
+ return (CallbackHandler) clazz.newInstance();
+ } else {
+ Class clazz = Loader.loadClass(config
+ .getPasswordCallbackClass());
+ return (CallbackHandler) clazz.newInstance();
+ }
+ } else {
+ throw new RahasException("noInfoForCBhandler");
+ }
+ }
+
+
+}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Sender.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Sender.java?rev=389849&r1=389848&r2=389849&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Sender.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Sender.java Wed Mar 29 10:20:56 2006
@@ -16,27 +16,23 @@
package org.apache.axis2.security.rahas;
-import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.description.HandlerDescription;
import org.apache.axis2.description.Parameter;
import org.apache.axis2.engine.Handler;
-import org.apache.axis2.security.trust.Token;
-import org.apache.axis2.security.util.Axis2Util;
+import org.apache.axis2.security.WSDoAllSender;
+import org.apache.axis2.security.trust.Constants;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.message.WSSecDKEncrypt;
import org.apache.ws.security.message.WSSecHeader;
-import org.apache.ws.security.message.WSSecSecurityContextToken;
+import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
import javax.xml.namespace.QName;
-import java.security.SecureRandom;
-
/**
* Rahas outflow handler
*/
@@ -49,22 +45,33 @@
public void invoke(MessageContext msgContext) throws AxisFault {
try {
+ System.out.println(msgContext.getWSAAction());
+ if(Constants.RST_ACTON_SCT.equals(msgContext.getWSAAction())) {
+ WSDoAllSender secSender = new WSDoAllSender();
+ secSender.init(this.handlerDescription);
+ secSender.invoke(msgContext);
+ return;
+ }
+
//Parse the configuration
RahasConfiguration config = RahasConfiguration.load(msgContext, true);
-
- if(config.getContextIdentifier() != null) {
+ if(config.getContextIdentifier() == null && config.getStsEPRAddress() != null) {
+
+ String sts = config.getStsEPRAddress();
+ if(sts != null) {
+ //Use a security token service
+ STSRequester.issueRequest(config);
+ } else {
+ //Create a token
+ }
+
+
- } else {
- this.constructMessage(config);
}
- String sts = config.getStsEPRAddress();
-
- if(sts != null) { //Use a security token service
-
- }
+
@@ -85,32 +92,17 @@
DocumentBuilderFactoryImpl.setDOOMRequired(true);
- Crypto crypto = null;
- if (config.getCryptoClassName() != null) {
- //we can let the crypto properties be null since there can be a
- //crypto impl that doesn't use any expernal properties
- crypto = CryptoFactory.getInstance(config.getCryptoClassName(),
- config.getCryptoProperties());
- } else if (config.getCryptoPropertiesFile() != null) {
- crypto = CryptoFactory
- .getInstance(config.getCryptoPropertiesFile());
- }
+ Crypto crypto = Util.getCryptoInstace(config);
- //convert the envelope to DOOM
- Document doc = Axis2Util.getDocumentFromSOAPEnvelope(config.getMsgCtx()
- .getEnvelope(), false);
+ Document doc = config.getDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
+
+ byte[] tempSecret = config.getTokenStore().getToken(
+ config.getContextIdentifier()).getSecret();
- WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken();
- sctBuilder.prepare(doc, crypto);
-
- SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
- byte[] tempSecret = new byte[16];
- random.nextBytes(tempSecret);
-
- String tokenId = sctBuilder.getSctId();
+ String tokenId = config.getSecurityContextToken().getID();
// Derived key encryption
WSSecDKEncrypt encrBuilder = new WSSecDKEncrypt();
@@ -118,17 +110,8 @@
encrBuilder.setExternalKey(tempSecret, tokenId);
encrBuilder.build(doc, crypto, secHeader);
- sctBuilder.prependSCTElementToHeader(doc, secHeader);
-
- Token tok = new Token(sctBuilder.getIdentifier(), (OMElement) sctBuilder
- .getSct().getElement());
-
- tok.setSecret(tempSecret);
-
- config.getTokenStore().add(tok);
-
-
-
+ WSSecurityUtil.prependChildElement(doc, secHeader.getSecurityHeader(),
+ config.getSecurityContextToken().getElement(), false);
}
Added: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Util.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Util.java?rev=389849&view=auto
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Util.java (added)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/Util.java Wed Mar 29 10:20:56 2006
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security.rahas;
+
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+
+public class Util {
+
+ /**
+ * Returns the crypto instance of this configuration.
+ * If one is not availabale then it will try to create a <code>Crypto</code>
+ * instance using available configuration information and will set it as
+ * the <code>Crypto</code> instance of the configuration.
+ *
+ * @param config
+ * @return
+ * @throws RahasException
+ */
+ public static Crypto getCryptoInstace(RahasConfiguration config) throws RahasException {
+ if(config.getCrypto() != null) {
+ return config.getCrypto();
+ } else {
+ Crypto crypto = null;
+ if(config.getCryptoClassName() != null && config.getCryptoProperties() != null) {
+ crypto = CryptoFactory.getInstance(config.getCryptoClassName(), config.getCryptoProperties());
+ } else if(config.getCryptoPropertiesFile() != null) {
+ crypto = CryptoFactory.getInstance(config.getCryptoPropertiesFile());
+ } else {
+ throw new RahasException("cannotCrateCryptoInstance");
+ }
+ config.setCrypto(crypto);
+ return crypto;
+ }
+ }
+
+}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/errors.properties
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/errors.properties?rev=389849&r1=389848&r2=389849&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/errors.properties (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/errors.properties Wed Mar 29 10:20:56 2006
@@ -1,6 +1,9 @@
missingConfiguration = Missing or malformed configuration: \"{0}\"
expectedParameterMissing = Expected parameter missing : \"{0}\"
missingScopeValue = Missing or incorrect scope value
-canotFindContextIdentifier=Cannot find context identifier
-missingWSAAction=wsa:Action value missing
-missingWSATo=wsa:To address value missing
\ No newline at end of file
+canotFindContextIdentifier = Cannot find context identifier
+missingWSAAction = wsa:Action value missing
+missingWSATo = wsa:To address value missing
+sctMissingInResponse = Response doesn't contain a SecurityContextToken
+cannotCrateCryptoInstance = Cannot create Crypto instace
+noInfoForCBhandler = Cannot obtain a callback handler with available configuration information
\ No newline at end of file
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/Constants.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/Constants.java?rev=389849&r1=389848&r2=389849&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/Constants.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/Constants.java Wed Mar 29 10:20:56 2006
@@ -23,6 +23,11 @@
//Local names
public final static String REQUEST_TYPE_LN = "RequestType";
+ public final static String REQUEST_SECURITY_TOKEN_LN = "RequestSecurityToken";
+ public static final String REQUESTED_PROOF_TOKEN_LN = "RequestedProofToken";
+ public static final String REQUEST_SECURITY_TOKEN_RESPONSE_LN = "RequestSecurityTokenResponse";
+ public static final String REQUESTED_SECURITY_TOKEN_LN = "RequestedSecurityToken";
+ public final static String BINARY_SECRET = "BinarySecret";
//RequestTypes
public final static String REQ_TYPE_ISSUE = "http://schemas.xmlsoap.org/ws/2005/02/trust/Issue";
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/SimpleTokenStore.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/SimpleTokenStore.java?rev=389849&r1=389848&r2=389849&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/SimpleTokenStore.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/SimpleTokenStore.java Wed Mar 29 10:20:56 2006
@@ -110,4 +110,8 @@
}
}
+
+ public Token getToken(String id) throws TrustException {
+ return (Token)this.tokens.get(id);
+ }
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenStorage.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenStorage.java?rev=389849&r1=389848&r2=389849&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenStorage.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/TokenStorage.java Wed Mar 29 10:20:56 2006
@@ -77,4 +77,12 @@
*/
public ArrayList getCancelledTokens() throws TrustException;
+ /**
+ * Returns the <code>Token</code> of the given id
+ * @param id
+ * @return
+ * @throws TrustException
+ */
+ public Token getToken(String id) throws TrustException;
+
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/errors.properties
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/errors.properties?rev=389849&r1=389848&r2=389849&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/errors.properties (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/errors.properties Wed Mar 29 10:20:56 2006
@@ -23,4 +23,7 @@
missingDispatcherConfiguration = Cannot find the token-dispatcher-configuration
sctIssuerCryptoPropertiesMissing = When the tokenType is not \"BinarySecret\" the cryptoProperties MUST be specified
missingConfiguration = Missing configuration: \"{0}\"
-expectedParameterMissing=Expected parameter missing : \"{0}\"
\ No newline at end of file
+expectedParameterMissing = Expected parameter missing : \"{0}\"
+reqestedSecTokMissing = RequestedSecurityToken missing in the response
+rptMissing = RequestedProofToken missing in the response
+notSupported = Not supported: {0}
\ No newline at end of file
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java?rev=389849&r1=389848&r2=389849&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/trust/impl/SCTIssuer.java Wed Mar 29 10:20:56 2006
@@ -173,11 +173,13 @@
sct.setID("sctId-" + sct.getElement().hashCode());
OMElement rstrElem = env.getOMFactory().createOMElement(
- new QName(Constants.WST_NS, "RequestSecurityTokenResponse",
+ new QName(Constants.WST_NS,
+ Constants.REQUEST_SECURITY_TOKEN_RESPONSE_LN,
Constants.WST_PREFIX), env.getBody());
-
+
OMElement rstElem = env.getOMFactory().createOMElement(
- new QName(Constants.WST_NS, "RequestSecurityToken",
+ new QName(Constants.WST_NS,
+ Constants.REQUESTED_SECURITY_TOKEN_LN,
Constants.WST_PREFIX), rstrElem);
rstElem.addChild((OMElement)sct.getElement());
@@ -188,7 +190,7 @@
Element bstElem = encrKeyBuilder.getBinarySecurityTokenElement();
OMElement reqProofTok = env.getOMFactory().createOMElement(
- new QName(Constants.WST_NS, "RequestedProofToken",
+ new QName(Constants.WST_NS, Constants.REQUESTED_PROOF_TOKEN_LN,
Constants.WST_PREFIX), rstrElem);
if(bstElem != null) {
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/util/Axis2Util.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/util/Axis2Util.java?rev=389849&r1=389848&r2=389849&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/util/Axis2Util.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/util/Axis2Util.java Wed Mar 29 10:20:56 2006
@@ -17,6 +17,7 @@
package org.apache.axis2.security.util;
import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
import org.apache.axiom.soap.SOAP11Constants;
@@ -174,4 +175,19 @@
factory.setNamespaceAware(true);
return factory.newDocumentBuilder().parse(bais).getDocumentElement();
}
+
+ /**
+ * This will build a DOOM Element that is of the same <code>Document</code>
+ * @param factory
+ * @param element
+ * @return
+ * @throws Exception
+ */
+ public static OMElement toDOOM(OMFactory factory, OMElement element) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(factory, element.getXMLStreamReader());
+ OMElement elem = builder.getDocumentElement();
+ elem.build();
+ return elem;
+ }
+
}