You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by ru...@apache.org on 2005/09/24 14:54:37 UTC
svn commit: r291299 - in /webservices/axis2/trunk/java/modules: samples/
security/ security/src/META-INF/ security/src/org/apache/axis2/security/
security/src/org/apache/axis2/security/handler/
security/src/org/apache/axis2/security/util/
Author: ruchithf
Date: Sat Sep 24 05:53:58 2005
New Revision: 291299
URL: http://svn.apache.org/viewcvs?rev=291299&view=rev
Log:
Securty module updated to use the latest wss4j - this will fix the build but we still have some issues with the security module due to the ordering of the inflow handler in the client side :-(
Added:
webservices/axis2/trunk/java/modules/security/src/META-INF/client.module.xml
Modified:
webservices/axis2/trunk/java/modules/samples/maven.xml
webservices/axis2/trunk/java/modules/security/maven.xml
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/WSDoAllReceiver.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/WSDoAllSender.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSDoAllHandler.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/util/Axis2Util.java
Modified: webservices/axis2/trunk/java/modules/samples/maven.xml
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/samples/maven.xml?rev=291299&r1=291298&r2=291299&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/samples/maven.xml (original)
+++ webservices/axis2/trunk/java/modules/samples/maven.xml Sat Sep 24 05:53:58 2005
@@ -261,6 +261,8 @@
</ant:fileset>
</ant:move>
<ant:copy file="src/sample/security/META-INF/services.xml" tofile="target/security/META-INF/services.xml"/>
+ <ant:copy file="resources/security/sec.jks" tofile="target/security/sec.jks"/>
+ <ant:copy file="resources/security/sec.properties" tofile="target/security/sec.properties"/>
<jar destfile="target/security/SecureService.aar">
<fileset dir="target/security"></fileset>
</jar>
Modified: webservices/axis2/trunk/java/modules/security/maven.xml
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/maven.xml?rev=291299&r1=291298&r2=291299&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/maven.xml (original)
+++ webservices/axis2/trunk/java/modules/security/maven.xml Sat Sep 24 05:53:58 2005
@@ -29,12 +29,25 @@
<copy file="${maven.repo.local}/xml-security/jars/xmlsec-1.2.1.jar" todir="target/classes/lib"/>
<copy file="${maven.repo.local}/bouncycastle/jars/bcprov-jdk13-128.jar" todir="target/classes/lib"/>
<copy file="${maven.repo.local}/opensaml/jars/opensaml-1.0.1.jar" todir="target/classes/lib"/>
+ <copy file="${maven.repo.local}/wss4j/jars/wss4j-SNAPSHOT.jar" todir="target/classes/lib"/>
+ <copy file="${maven.repo.local}/jaxen/jars/jaxen-1.1-beta-7.jar" todir="target/classes/lib"/>
+ <copy file="${maven.repo.local}/xerces/jars/xmlParserAPIs-2.6.2.jar" todir="target/classes/lib"/>
+ <copy file="${maven.repo.local}/xerces/jars/xercesImpl-2.6.2.jar" todir="target/classes/lib"/>
+
<jar jarfile="target/security.mar" basedir="target/classes">
<include name="**/*"/>
</jar>
<copy file="target/security.mar" tofile="target/modules/security.mar"/>
+ <!-- Create the client specific security module -->
+ <copy file="src/META-INF/client.module.xml"
+ tofile="target/classes/META-INF/module.xml"/>
+
+ <jar jarfile="target/client.security.mar" basedir="target/classes">
+ <include name="**/*"/>
+ </jar>
+ <copy file="target/client.security.mar" tofile="target/modules/client.security.mar"/>
</postGoal>
<preGoal name="java:compile">
@@ -139,7 +152,7 @@
<copy file="interop/interop2.jks"
tofile="${class.dir}/interop2.jks" overwrite="yes"/>
- <jar jarfile="target/PingPort.aar" basedir="target/interop/classes">
+ <jar jarfile="target/PingPort.aar" basedir="target/interop/classes">
<include name="**/*"/>
</jar>
Added: webservices/axis2/trunk/java/modules/security/src/META-INF/client.module.xml
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/META-INF/client.module.xml?rev=291299&view=auto
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/META-INF/client.module.xml (added)
+++ webservices/axis2/trunk/java/modules/security/src/META-INF/client.module.xml Sat Sep 24 05:53:58 2005
@@ -0,0 +1,13 @@
+<module name="security">
+ <inflow>
+ <handler name="SecurityInHandler" class="org.apache.axis2.security.WSDoAllReceiver">
+ <order phase="PostDispatch" phaseLast="true"/>
+ </handler>
+ </inflow>
+
+ <outflow>
+ <handler name="SecurityOutHandler" class="org.apache.axis2.security.WSDoAllSender">
+ <order phase="MessageOut"/>
+ </handler>
+ </outflow>
+</module>
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/WSDoAllReceiver.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/WSDoAllReceiver.java?rev=291299&r1=291298&r2=291299&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/WSDoAllReceiver.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/WSDoAllReceiver.java Sat Sep 24 05:53:58 2005
@@ -24,6 +24,7 @@
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.context.OperationContext;
import org.apache.axis2.om.OMException;
import org.apache.axis2.security.handler.WSDoAllHandler;
import org.apache.axis2.security.handler.WSSHandlerConstants;
@@ -42,6 +43,7 @@
import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.message.token.Timestamp;
import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.wsdl.WSDLConstants;
import org.w3c.dom.Document;
public class WSDoAllReceiver extends WSDoAllHandler {
@@ -55,8 +57,16 @@
}
public void invoke(MessageContext msgContext) throws AxisFault {
- doDebug = log.isDebugEnabled();
+ boolean doDebug = log.isDebugEnabled();
+ //Copy the WSHandlerConstants.SEND_SIGV over to the new message
+ //context - if it exists
+ if(!msgContext.isServerSide()) {//To make sure this is a response message
+ OperationContext opCtx = msgContext.getOperationContext();
+ MessageContext outMsgCtx = opCtx.getMessageContext(WSDLConstants.MESSAGE_LABEL_OUT);
+ msgContext.setProperty(WSHandlerConstants.SEND_SIGV,outMsgCtx.getProperty(WSHandlerConstants.SEND_SIGV));
+ }
+
if (doDebug) {
log.debug("WSDoAllReceiver: enter invoke() ");
}
@@ -116,19 +126,16 @@
if ((doAction & (WSConstants.ENCR | WSConstants.UT)) != 0) {
cbHandler = getPasswordCB(reqData);
}
-
+
+// Setting the class loader
+ //Thread.currentThread().setContextClassLoader(msgContext.getServiceDescription().getClassLoader());
+
/*
* Get and check the Signature specific parameters first because
* they may be used for encryption too.
*/
- if ((doAction & WSConstants.SIGN) == WSConstants.SIGN) {
- decodeSignatureParameter2(reqData);
- }
-
- if ((doAction & WSConstants.ENCR) == WSConstants.ENCR) {
- decodeDecryptionParameter(reqData);
- }
+ doReceiverAction(doAction, reqData);
Vector wsResult = null;
try {
@@ -147,7 +154,10 @@
"WSDoAllReceiver: Request does not contain required Security header");
}
}
-
+
+ if (reqData.getWssConfig().isEnableSignatureConfirmation() && !msgContext.isServerSide()) {
+ checkSignatureConfirmation(reqData, wsResult);
+ }
//TODO: Copy the processed headers
@@ -265,28 +275,13 @@
}
}
-
/*
* now check the security actions: do they match, in right order?
*/
- int resultActions = wsResult.size();
- int size = actions.size();
- if (size != resultActions) {
- throw new AxisFault(
- "WSDoAllReceiver: security processing failed (actions number mismatch)");
- }
- String enforce = null;
- if ((enforce = (String) getOption(WSSHandlerConstants.ENFORCE_ACTION_ORDER)) == null) {
- enforce = (String) getProperty(msgContext, WSSHandlerConstants.ENFORCE_ACTION_ORDER);
- }
- if (enforce != null && (enforce.equalsIgnoreCase("yes") || enforce.equalsIgnoreCase("true"))) {
- for (int i = 0; i < size; i++) {
- if (((Integer) actions.get(i)).intValue() != ((WSSecurityEngineResult) wsResult
- .get(i)).getAction()) {
+ if (!checkReceiverResults(wsResult, actions)) {
throw new AxisFault(
"WSDoAllReceiver: security processing failed (actions mismatch)");
- }
- }
+
}
/*
* All ok up to this point. Now construct and setup the security
@@ -314,5 +309,6 @@
}
}
+
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/WSDoAllSender.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/WSDoAllSender.java?rev=291299&r1=291298&r2=291299&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/WSDoAllSender.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/WSDoAllSender.java Sat Sep 24 05:53:58 2005
@@ -47,7 +47,7 @@
* we can insert only the wsse:Security header into the OM-SOAPEnvelope and preserve the
* metadata of OM such as base64 MTOM optimization
*/
- private boolean preserveOriginalEnvelope = true;
+ private boolean preserveOriginalEnvelope = false;
public WSDoAllSender() {
super();
@@ -56,7 +56,8 @@
public void invoke(MessageContext msgContext) throws AxisFault {
- doDebug = log.isDebugEnabled();
+ boolean doDebug = log.isDebugEnabled();
+
if (doDebug) {
log.debug("WSDoAllSender: enter invoke()");
@@ -105,17 +106,6 @@
return;
}
- boolean mu = decodeMustUnderstand(reqData);
-
- secEngine.setPrecisionInMilliSeconds(decodeTimestampPrecision(reqData));
-
- String actor = null;
- if ((actor = (String) getOption(WSHandlerConstants.ACTOR)) == null) {
- actor = (String)
- getProperty(reqData.getMsgContext(), WSHandlerConstants.ACTOR);
- }
- reqData.setActor(actor);
-
/*
* For every action we need a username, so get this now. The
* username defined in the deployment descriptor takes precedence.
@@ -144,10 +134,6 @@
}
}
- if (doDebug) {
- log.debug("Action: " + doAction);
- log.debug("Actor: " + reqData.getActor() + ", mu: " + mu);
- }
/*
* Now get the SOAPEvelope from the message context and convert it into
* a Document
@@ -169,94 +155,12 @@
throw new AxisFault("WSDoAllReceiver: Error in converting to Document", wssEx);
}
}
-
- reqData.setSoapConstants(WSSecurityUtil.getSOAPConstants(doc
- .getDocumentElement()));
- /*
- * Here we have action, username, password, and actor,
- * mustUnderstand. Now get the action specific parameters.
- */
- if ((doAction & WSConstants.UT) == WSConstants.UT) {
- decodeUTParameter(reqData);
- }
- /*
- * Here we have action, username, password, and actor,
- * mustUnderstand. Now get the action specific parameters.
- */
- if ((doAction & WSConstants.UT_SIGN) == WSConstants.UT_SIGN) {
- decodeUTParameter(reqData);
- decodeSignatureParameter(reqData);
- }
- /*
- * Get and check the Signature specific parameters first because
- * they may be used for encryption too.
- */
- if ((doAction & WSConstants.SIGN) == WSConstants.SIGN) {
- reqData.setSigCrypto(loadSignatureCrypto(reqData));
- decodeSignatureParameter(reqData);
- }
- /*
- * If we need to handle signed SAML token then we need may of the
- * Signature parameters. The handle procedure loads the signature
- * crypto file on demand, thus don't do it here.
- */
- if ((doAction & WSConstants.ST_SIGNED) == WSConstants.ST_SIGNED) {
- decodeSignatureParameter(reqData);
- }
- /*
- * Set and check the encryption specific parameters, if necessary
- * take over signature parameters username and crypto instance.
- */
- if ((doAction & WSConstants.ENCR) == WSConstants.ENCR) {
- reqData.setEncCrypto(loadEncryptionCrypto(reqData));
- decodeEncryptionParameter(reqData);
- }
- /*
- * Here we have all necessary information to perform the requested
- * action(s).
- */
- for (int i = 0; i < actions.size(); i++) {
-
- int actionToDo = ((Integer) actions.get(i)).intValue();
- if (doDebug) {
- log.debug("Performing Action: " + actionToDo);
- }
-
- switch (actionToDo) {
- case WSConstants.UT:
- performUTAction(actionToDo, mu, doc, reqData);
- break;
+
- case WSConstants.ENCR:
- performENCRAction(actionToDo, mu, doc, reqData);
- this.preserveOriginalEnvelope = false;
- break;
-
- case WSConstants.SIGN:
- performSIGNAction(actionToDo, mu, doc, reqData);
- break;
-
- case WSConstants.ST_SIGNED:
- performST_SIGNAction(actionToDo, mu, doc, reqData);
- break;
-
- case WSConstants.ST_UNSIGNED:
- performSTAction(actionToDo, mu, doc, reqData);
- break;
-
- case WSConstants.TS:
- performTSAction(actionToDo, mu, doc, reqData);
- break;
-
- case WSConstants.UT_SIGN:
- performUT_SIGNAction(actionToDo, mu, doc, reqData);
- break;
-
- case WSConstants.NO_SERIALIZE:
- reqData.setNoSerialization(true);
- break;
- }
- }
+ //Setting the class loader
+ //Thread.currentThread().setContextClassLoader(msgContext.getServiceDescription().getClassLoader());
+
+ doSenderAction(doAction, doc, reqData, actions, !msgContext.isServerSide());
/*
* If required convert the resulting document into a message first.
@@ -277,6 +181,7 @@
doc);
} else {
SOAPEnvelope processedEnv = null;
+
if(preserveOriginalEnvelope) {
processedEnv = Axis2Util.getSOAPEnvelopeFromDocument(doc,reqData.getSoapConstants(), msgContext.getEnvelope());
} else {
@@ -332,7 +237,7 @@
msgContext.setProperty(WSSHandlerConstants.Out.REPETITON,new Integer(repetition));
msgContext.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY,outFlowSecurity);
/**
- * eserving the OM stuff doesn't work for the repeting case
+ * Preserving the OM stuff doesn't work for the repeting case
*/
this.preserveOriginalEnvelope = false;
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSDoAllHandler.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSDoAllHandler.java?rev=291299&r1=291298&r2=291299&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSDoAllHandler.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSDoAllHandler.java Sat Sep 24 05:53:58 2005
@@ -206,4 +206,8 @@
return value;
}
+
+ public void setProperty(Object msgContext, String key, Object value) {
+ ((MessageContext)msgContext).setProperty(key, value);
+ }
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/util/Axis2Util.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/util/Axis2Util.java?rev=291299&r1=291298&r2=291299&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/util/Axis2Util.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/util/Axis2Util.java Sat Sep 24 05:53:58 2005
@@ -16,13 +16,19 @@
package org.apache.axis2.security.util;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.stream.XMLStreamReader;
+
import org.apache.axis2.om.OMElement;
import org.apache.axis2.om.impl.OMOutputImpl;
import org.apache.axis2.om.impl.llom.builder.StAXOMBuilder;
import org.apache.axis2.soap.SOAPEnvelope;
import org.apache.axis2.soap.impl.llom.builder.StAXSOAPModelBuilder;
import org.apache.ws.security.SOAPConstants;
-import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.utils.XMLUtils;
@@ -30,12 +36,6 @@
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.stream.XMLInputFactory;
-import javax.xml.stream.XMLStreamReader;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-
/**
* Utility class for the Axis2-WSS4J Module
*/
@@ -118,7 +118,7 @@
SOAPConstants constants, SOAPEnvelope reqEnv) throws WSSecurityException {
//Get holdof the security header
- Element secElem = WSSecurityUtil.getSecurityHeader(WSSConfig.getDefaultWSConfig(), doc,null, constants);
+ Element secElem = WSSecurityUtil.getSecurityHeader(doc,null, constants);
//insert the header into the OM-SOAPEnvelope