You are viewing a plain text version of this content. The canonical link for it is here.
Posted to sandesha-dev@ws.apache.org by mc...@apache.org on 2007/11/23 12:45:16 UTC
svn commit: r597648 - in /webservices/sandesha/trunk/java/modules:
core/src/main/java/org/apache/sandesha2/handlers/
core/src/main/java/org/apache/sandesha2/msgprocessors/
core/src/main/java/org/apache/sandesha2/util/
tests/src/test/java/org/apache/san...
Author: mckierna
Date: Fri Nov 23 03:45:13 2007
New Revision: 597648
URL: http://svn.apache.org/viewvc?rev=597648&view=rev
Log:
RSP: some security refactoring to make checks easier
Modified:
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/handlers/SandeshaGlobalInHandler.java
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/AckRequestedProcessor.java
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/AcknowledgementProcessor.java
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/CloseSequenceProcessor.java
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/CreateSeqResponseMsgProcessor.java
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/MakeConnectionProcessor.java
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/SequenceProcessor.java
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/TerminateSeqMsgProcessor.java
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/TerminateSeqResponseMsgProcessor.java
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/util/SandeshaUtil.java
webservices/sandesha/trunk/java/modules/tests/src/test/java/org/apache/sandesha2/security/UnitTestSecurityManager.java
Modified: webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/handlers/SandeshaGlobalInHandler.java
URL: http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/handlers/SandeshaGlobalInHandler.java?rev=597648&r1=597647&r2=597648&view=diff
==============================================================================
--- webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/handlers/SandeshaGlobalInHandler.java (original)
+++ webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/handlers/SandeshaGlobalInHandler.java Fri Nov 23 03:45:13 2007
@@ -23,7 +23,6 @@
import javax.xml.namespace.QName;
-import org.apache.axiom.om.OMElement;
import org.apache.axiom.soap.SOAPBody;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axiom.soap.SOAPHeader;
@@ -43,8 +42,6 @@
import org.apache.sandesha2.client.SandeshaClientConstants;
import org.apache.sandesha2.i18n.SandeshaMessageHelper;
import org.apache.sandesha2.i18n.SandeshaMessageKeys;
-import org.apache.sandesha2.security.SecurityManager;
-import org.apache.sandesha2.security.SecurityToken;
import org.apache.sandesha2.storage.StorageManager;
import org.apache.sandesha2.storage.Transaction;
import org.apache.sandesha2.storage.beanmanagers.RMDBeanMgr;
@@ -177,24 +174,16 @@
RMDBeanMgr mgr = storageManager.getRMDBeanMgr();
RMDBean bean = mgr.retrieve(sequenceId);
- if(bean != null && bean.getSecurityTokenData() != null) {
- SecurityManager secManager = SandeshaUtil.getSecurityManager(rmMsgCtx.getConfigurationContext());
-
- QName seqName = new QName(rmMsgCtx.getRMNamespaceValue(), Sandesha2Constants.WSRM_COMMON.SEQUENCE);
-
- SOAPEnvelope envelope = rmMsgCtx.getSOAPEnvelope();
- OMElement body = envelope.getBody();
- OMElement seqHeader = envelope.getHeader().getFirstChildWithName(seqName);
-
- SecurityToken token = secManager.recoverSecurityToken(bean.getSecurityTokenData());
-
- secManager.checkProofOfPossession(token, seqHeader, rmMsgCtx.getMessageContext());
- secManager.checkProofOfPossession(token, body, rmMsgCtx.getMessageContext());
- }
-
MessageContext messageContext = rmMsgCtx.getMessageContext();
-
- if (bean != null) {
+
+ if(bean != null){
+
+ //first check the security credentials of the msg is necessary
+ SandeshaUtil.assertProofOfPossession(bean, messageContext, messageContext.getEnvelope().getBody());
+ SandeshaUtil.assertProofOfPossession(bean, messageContext,
+ messageContext.getEnvelope().getHeader().getFirstChildWithName(new QName(rmMsgCtx.getRMNamespaceValue(),
+ Sandesha2Constants.WSRM_COMMON.SEQUENCE)));
+
if (msgNo == 0) {
String message = SandeshaMessageHelper.getMessage(SandeshaMessageKeys.invalidMsgNumber, Long
@@ -224,16 +213,16 @@
//still allow this msg if we have no corresponding invoker bean for it and we are inOrder
if(SandeshaUtil.isInOrder(rmMsgCtx.getMessageContext()))
{
- InvokerBean finderBean = new InvokerBean();
- finderBean.setMsgNo(msgNo);
- finderBean.setSequenceID(sequenceId);
- List invokerBeanList = storageManager.getInvokerBeanMgr().find(finderBean);
- if((invokerBeanList==null || invokerBeanList.size()==0)
- && bean.getNextMsgNoToProcess()<=msgNo){
- isDuplicate = false;
- if (log.isDebugEnabled())
- log.debug("Allowing completed message on sequence " + sequenceId + ", msgNo " + msgNo);
- }
+ InvokerBean finderBean = new InvokerBean();
+ finderBean.setMsgNo(msgNo);
+ finderBean.setSequenceID(sequenceId);
+ List invokerBeanList = storageManager.getInvokerBeanMgr().find(finderBean);
+ if((invokerBeanList==null || invokerBeanList.size()==0)
+ && bean.getNextMsgNoToProcess()<=msgNo){
+ isDuplicate = false;
+ if (log.isDebugEnabled())
+ log.debug("Allowing completed message on sequence " + sequenceId + ", msgNo " + msgNo);
+ }
}
if(isDuplicate){
Modified: webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/AckRequestedProcessor.java
URL: http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/AckRequestedProcessor.java?rev=597648&r1=597647&r2=597648&view=diff
==============================================================================
--- webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/AckRequestedProcessor.java (original)
+++ webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/AckRequestedProcessor.java Fri Nov 23 03:45:13 2007
@@ -111,12 +111,10 @@
// Check that the sender of this AckRequest holds the correct token
RMDBean rmdBean = SandeshaUtil.getRMDBeanFromSequenceId(storageManager, sequenceId);
-
- if(rmdBean != null && rmdBean.getSecurityTokenData() != null) {
- SecurityManager secManager = SandeshaUtil.getSecurityManager(configurationContext);
- SecurityToken token = secManager.recoverSecurityToken(rmdBean.getSecurityTokenData());
-
- secManager.checkProofOfPossession(token, soapHeader, msgContext);
+
+ //check security credentials
+ if(rmdBean!=null){
+ SandeshaUtil.assertProofOfPossession(rmdBean, msgContext, soapHeader);
}
// Check that the sequence requested exists
Modified: webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/AcknowledgementProcessor.java
URL: http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/AcknowledgementProcessor.java?rev=597648&r1=597647&r2=597648&view=diff
==============================================================================
--- webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/AcknowledgementProcessor.java (original)
+++ webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/AcknowledgementProcessor.java Fri Nov 23 03:45:13 2007
@@ -121,12 +121,7 @@
// Check that the sender of this Ack holds the correct token
String internalSequenceId = rmsBean.getInternalSequenceID();
- if(rmsBean.getSecurityTokenData() != null) {
- SecurityManager secManager = SandeshaUtil.getSecurityManager(configCtx);
- SecurityToken token = secManager.recoverSecurityToken(rmsBean.getSecurityTokenData());
-
- secManager.checkProofOfPossession(token, soapHeader, msgCtx);
- }
+ SandeshaUtil.assertProofOfPossession(rmsBean, msgCtx, soapHeader);
if(log.isDebugEnabled()) log.debug("Got Ack for RM Sequence: " + outSequenceId + ", internalSeqId: " + internalSequenceId);
Iterator ackRangeIterator = sequenceAck.getAcknowledgementRanges().iterator();
Modified: webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/CloseSequenceProcessor.java
URL: http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/CloseSequenceProcessor.java?rev=597648&r1=597647&r2=597648&view=diff
==============================================================================
--- webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/CloseSequenceProcessor.java (original)
+++ webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/CloseSequenceProcessor.java Fri Nov 23 03:45:13 2007
@@ -75,14 +75,9 @@
.getAxisConfiguration());
RMDBean rmdBean = SandeshaUtil.getRMDBeanFromSequenceId(storageManager, sequenceId);
-
- // Check that the sender of this CloseSequence holds the correct token
- if(rmdBean != null && rmdBean.getSecurityTokenData() != null) {
- SecurityManager secManager = SandeshaUtil.getSecurityManager(msgCtx.getConfigurationContext());
- OMElement body = msgCtx.getEnvelope().getBody();
- SecurityToken token = secManager.recoverSecurityToken(rmdBean.getSecurityTokenData());
- secManager.checkProofOfPossession(token, body, msgCtx);
- }
+
+ //check the security credentials
+ SandeshaUtil.assertProofOfPossession(rmdBean, msgCtx, msgCtx.getEnvelope().getBody());
if (FaultManager.checkForUnknownSequence(rmMsgCtx, sequenceId, storageManager, false)) {
if (log.isDebugEnabled())
Modified: webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/CreateSeqResponseMsgProcessor.java
URL: http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/CreateSeqResponseMsgProcessor.java?rev=597648&r1=597647&r2=597648&view=diff
==============================================================================
--- webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/CreateSeqResponseMsgProcessor.java (original)
+++ webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/CreateSeqResponseMsgProcessor.java Fri Nov 23 03:45:13 2007
@@ -21,7 +21,6 @@
import java.util.Iterator;
-import org.apache.axiom.om.OMElement;
import org.apache.axis2.AxisFault;
import org.apache.axis2.addressing.EndpointReference;
import org.apache.axis2.addressing.RelatesTo;
@@ -37,8 +36,6 @@
import org.apache.sandesha2.i18n.SandeshaMessageHelper;
import org.apache.sandesha2.i18n.SandeshaMessageKeys;
import org.apache.sandesha2.policy.SandeshaPolicyBean;
-import org.apache.sandesha2.security.SecurityManager;
-import org.apache.sandesha2.security.SecurityToken;
import org.apache.sandesha2.storage.StorageManager;
import org.apache.sandesha2.storage.Transaction;
import org.apache.sandesha2.storage.beanmanagers.RMSBeanMgr;
@@ -113,14 +110,8 @@
}
// Check that the create sequence response message proves possession of the correct token
- String tokenData = rmsBean.getSecurityTokenData();
- if(tokenData != null) {
- SecurityManager secManager = SandeshaUtil.getSecurityManager(configCtx);
- MessageContext crtSeqResponseCtx = createSeqResponseRMMsgCtx.getMessageContext();
- OMElement body = crtSeqResponseCtx.getEnvelope().getBody();
- SecurityToken token = secManager.recoverSecurityToken(tokenData);
- secManager.checkProofOfPossession(token, body, crtSeqResponseCtx);
- }
+ MessageContext msgCtx = createSeqResponseRMMsgCtx.getMessageContext();
+ SandeshaUtil.assertProofOfPossession(rmsBean, msgCtx, msgCtx.getEnvelope().getBody());
String internalSequenceId = rmsBean.getInternalSequenceID();
if (internalSequenceId == null || "".equals(internalSequenceId)) {
Modified: webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/MakeConnectionProcessor.java
URL: http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/MakeConnectionProcessor.java?rev=597648&r1=597647&r2=597648&view=diff
==============================================================================
--- webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/MakeConnectionProcessor.java (original)
+++ webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/MakeConnectionProcessor.java Fri Nov 23 03:45:13 2007
@@ -21,6 +21,7 @@
import java.util.Collection;
import java.util.Iterator;
+import java.util.List;
import java.util.Random;
import org.apache.axis2.AxisFault;
@@ -39,10 +40,14 @@
import org.apache.sandesha2.SandeshaException;
import org.apache.sandesha2.i18n.SandeshaMessageHelper;
import org.apache.sandesha2.i18n.SandeshaMessageKeys;
+import org.apache.sandesha2.security.SecurityManager;
+import org.apache.sandesha2.security.SecurityToken;
import org.apache.sandesha2.storage.StorageManager;
import org.apache.sandesha2.storage.Transaction;
import org.apache.sandesha2.storage.beanmanagers.SenderBeanMgr;
+import org.apache.sandesha2.storage.beans.RMDBean;
import org.apache.sandesha2.storage.beans.RMSBean;
+import org.apache.sandesha2.storage.beans.RMSequenceBean;
import org.apache.sandesha2.storage.beans.SenderBean;
import org.apache.sandesha2.util.MsgInitializer;
import org.apache.sandesha2.util.SandeshaUtil;
@@ -72,24 +77,66 @@
if(log.isDebugEnabled()) log.debug("Enter: MakeConnectionProcessor::processInMessage " + rmMsgCtx.getSOAPEnvelope().getBody());
MakeConnection makeConnection = (MakeConnection) rmMsgCtx.getMakeConnection();
+
Address address = makeConnection.getAddress();
Identifier identifier = makeConnection.getIdentifier();
+ //some initial setup
ConfigurationContext configurationContext = rmMsgCtx.getConfigurationContext();
StorageManager storageManager = SandeshaUtil.getSandeshaStorageManager(configurationContext,configurationContext.getAxisConfiguration());
+ SecurityManager secManager = SandeshaUtil.getSecurityManager(configurationContext);
+ SecurityToken token = secManager.getSecurityToken(rmMsgCtx.getMessageContext());
+ //we want to find valid sender beans
+ SenderBean findSenderBean = new SenderBean();
+ if(token!=null){
+ if(log.isDebugEnabled()) log.debug("token found " + token);
+ //this means we have to scope our search for sender beans that belong to sequences that own the same token
+ String data = secManager.getTokenRecoveryData(token);
+ //first look for RMS beans
+ RMSBean finderRMS = new RMSBean();
+ finderRMS.setSecurityTokenData(data);
+ List possibleBeans = storageManager.getRMSBeanMgr().find(finderRMS);
+
+ //try looking for RMD beans too
+ RMDBean finderRMD = new RMDBean();
+ finderRMD.setSecurityTokenData(data);
+ List tempList = storageManager.getRMDBeanMgr().find(finderRMD);
+
+ //combine these two into one list
+ possibleBeans.addAll(tempList);
+
+ int size = possibleBeans.size();
+
+ if(size>0){
+ //select one at random: TODO better method?
+ Random random = new Random ();
+ int itemToPick = random.nextInt(size);
+ RMSequenceBean selectedSequence = (RMSequenceBean)possibleBeans.get(itemToPick);
+ findSenderBean.setSequenceID(selectedSequence.getSequenceID());
+ if(log.isDebugEnabled()) log.debug("sequence selected " + findSenderBean.getSequenceID());
+ }
+ else{
+ //we cannot match a RMD with the correct security credentials so we cannot process this msg under RSP
+ if(log.isDebugEnabled()) log.debug("Exit: MakeConnectionProcessor::processInMessage : no RM sequence bean with security credentials" );
+ //return false; //TODO put this in once tested live
+ }
+ }
+
+ //lookup a sender bean
SenderBeanMgr senderBeanMgr = storageManager.getSenderBeanMgr();
//selecting the set of SenderBeans that suit the given criteria.
- SenderBean findSenderBean = new SenderBean ();
findSenderBean.setSend(true);
findSenderBean.setTransportAvailable(false);
if (address!=null)
findSenderBean.setToAddress(address.getAddress());
- if (identifier!=null)
+ if (identifier!=null){
+ if(log.isDebugEnabled()) log.debug("identifier set, this violates RSP " + identifier);
findSenderBean.setSequenceID(identifier.getIdentifier());
+ }
// Set the time to send field to be now
findSenderBean.setTimeToSend(System.currentTimeMillis());
Modified: webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/SequenceProcessor.java
URL: http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/SequenceProcessor.java?rev=597648&r1=597647&r2=597648&view=diff
==============================================================================
--- webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/SequenceProcessor.java (original)
+++ webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/SequenceProcessor.java Fri Nov 23 03:45:13 2007
@@ -112,20 +112,11 @@
RMDBeanMgr mgr = storageManager.getRMDBeanMgr();
RMDBean bean = mgr.retrieve(sequenceId);
- if(bean != null && bean.getSecurityTokenData() != null) {
- SecurityManager secManager = SandeshaUtil.getSecurityManager(msgCtx.getConfigurationContext());
-
- QName seqName = new QName(rmMsgCtx.getRMNamespaceValue(), Sandesha2Constants.WSRM_COMMON.SEQUENCE);
-
- SOAPEnvelope envelope = msgCtx.getEnvelope();
- OMElement body = envelope.getBody();
- OMElement seqHeader = envelope.getHeader().getFirstChildWithName(seqName);
-
- SecurityToken token = secManager.recoverSecurityToken(bean.getSecurityTokenData());
-
- secManager.checkProofOfPossession(token, seqHeader, msgCtx);
- secManager.checkProofOfPossession(token, body, msgCtx);
- }
+ //check the security credentials
+ SandeshaUtil.assertProofOfPossession(bean, msgCtx, msgCtx.getEnvelope().getHeader().
+ getFirstChildWithName(new QName(rmMsgCtx.getRMNamespaceValue(), Sandesha2Constants.WSRM_COMMON.SEQUENCE)));
+ SandeshaUtil.assertProofOfPossession(bean, msgCtx, msgCtx.getEnvelope().getBody());
+
// Store the inbound sequence id, number and lastMessage onto the operation context
OperationContext opCtx = msgCtx.getOperationContext();
Modified: webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/TerminateSeqMsgProcessor.java
URL: http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/TerminateSeqMsgProcessor.java?rev=597648&r1=597647&r2=597648&view=diff
==============================================================================
--- webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/TerminateSeqMsgProcessor.java (original)
+++ webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/TerminateSeqMsgProcessor.java Fri Nov 23 03:45:13 2007
@@ -95,12 +95,10 @@
// Check that the sender of this TerminateSequence holds the correct token
RMDBean rmdBean = SandeshaUtil.getRMDBeanFromSequenceId(storageManager, sequenceId);
- if(rmdBean != null && rmdBean.getSecurityTokenData() != null) {
- SecurityManager secManager = SandeshaUtil.getSecurityManager(context);
- OMElement body = terminateSeqRMMsg.getSOAPEnvelope().getBody();
- SecurityToken token = secManager.recoverSecurityToken(rmdBean.getSecurityTokenData());
- secManager.checkProofOfPossession(token, body, terminateSeqRMMsg.getMessageContext());
- }
+
+ //check security credentials
+ SandeshaUtil.assertProofOfPossession(rmdBean, terminateSeqMsg,
+ terminateSeqMsg.getEnvelope().getBody());
if (FaultManager.checkForUnknownSequence(terminateSeqRMMsg, sequenceId, storageManager, false)) {
if (log.isDebugEnabled())
Modified: webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/TerminateSeqResponseMsgProcessor.java
URL: http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/TerminateSeqResponseMsgProcessor.java?rev=597648&r1=597647&r2=597648&view=diff
==============================================================================
--- webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/TerminateSeqResponseMsgProcessor.java (original)
+++ webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/TerminateSeqResponseMsgProcessor.java Fri Nov 23 03:45:13 2007
@@ -19,7 +19,6 @@
package org.apache.sandesha2.msgprocessors;
-import org.apache.axiom.om.OMElement;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.context.MessageContext;
@@ -28,8 +27,6 @@
import org.apache.sandesha2.RMMsgContext;
import org.apache.sandesha2.Sandesha2Constants;
import org.apache.sandesha2.polling.PollingManager;
-import org.apache.sandesha2.security.SecurityManager;
-import org.apache.sandesha2.security.SecurityToken;
import org.apache.sandesha2.storage.StorageManager;
import org.apache.sandesha2.storage.Transaction;
import org.apache.sandesha2.storage.beanmanagers.RMDBeanMgr;
@@ -60,14 +57,9 @@
String sequenceId = tsResponse.getIdentifier().getIdentifier();
RMSBean rmsBean = SandeshaUtil.getRMSBeanFromSequenceId(storageManager, sequenceId);
-
- // Check that the sender of this TerminateSequence holds the correct token
- if(rmsBean != null && rmsBean.getSecurityTokenData() != null) {
- SecurityManager secManager = SandeshaUtil.getSecurityManager(context);
- OMElement body = terminateResRMMsg.getSOAPEnvelope().getBody();
- SecurityToken token = secManager.recoverSecurityToken(rmsBean.getSecurityTokenData());
- secManager.checkProofOfPossession(token, body, msgContext);
- }
+
+ //check security credentials
+ SandeshaUtil.assertProofOfPossession(rmsBean, msgContext, msgContext.getEnvelope().getBody());
msgContext.setProperty(Sandesha2Constants.MessageContextProperties.INTERNAL_SEQUENCE_ID,rmsBean.getInternalSequenceID());
Modified: webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/util/SandeshaUtil.java
URL: http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/util/SandeshaUtil.java?rev=597648&r1=597647&r2=597648&view=diff
==============================================================================
--- webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/util/SandeshaUtil.java (original)
+++ webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/util/SandeshaUtil.java Fri Nov 23 03:45:13 2007
@@ -69,6 +69,7 @@
import org.apache.sandesha2.i18n.SandeshaMessageKeys;
import org.apache.sandesha2.policy.SandeshaPolicyBean;
import org.apache.sandesha2.security.SecurityManager;
+import org.apache.sandesha2.security.SecurityToken;
import org.apache.sandesha2.storage.StorageManager;
import org.apache.sandesha2.storage.beanmanagers.RMDBeanMgr;
import org.apache.sandesha2.storage.beanmanagers.RMSBeanMgr;
@@ -463,6 +464,25 @@
}
+ public static void assertProofOfPossession(RMSequenceBean bean, MessageContext context, OMElement elementToCheck)throws SandeshaException{
+ if (log.isDebugEnabled())
+ log.debug("Enter: SandeshaUtil::assertProofOfPossession :" + bean + ", " + context + ", " + elementToCheck);
+
+ String tokenData = null;
+ if(bean!=null){
+ tokenData = bean.getSecurityTokenData();
+ }
+ if(tokenData != null) {
+ if (log.isDebugEnabled()) log.debug("debug:" + tokenData);
+ SecurityManager secManager = SandeshaUtil.getSecurityManager(context.getConfigurationContext());
+ SecurityToken token = secManager.recoverSecurityToken(tokenData);
+ secManager.checkProofOfPossession(token, elementToCheck, context); //this will exception if there is no proof
+ }
+
+ if (log.isDebugEnabled())
+ log.debug("Exit: SandeshaUtil::assertProofOfPossession");
+ }
+
public static void copyConfiguredProperties (MessageContext fromMessage, MessageContext toMessage) throws AxisFault {
@@ -622,7 +642,6 @@
}
public static long getLastMessageNumber(String internalSequenceID, StorageManager storageManager)throws SandeshaException {
-
RMSBean rMSBean = getRMSBeanFromInternalSequenceId(storageManager, internalSequenceID);
long lastMessageNumber = 0;
if(rMSBean!=null){
@@ -835,10 +854,11 @@
Parameter classLoaderParam = config.getParameter(Sandesha2Constants.MODULE_CLASS_LOADER);
if(classLoaderParam != null) classLoader = (ClassLoader) classLoaderParam.getValue();
+
if (classLoader==null)
throw new SandeshaException (SandeshaMessageHelper.getMessage(SandeshaMessageKeys.classLoaderNotFound));
- Class c = classLoader.loadClass(className);
+ Class c = classLoader.loadClass(className);
Class configContextClass = context.getClass();
Constructor constructor = c.getConstructor(new Class[] { configContextClass });
@@ -850,6 +870,7 @@
}
return (SecurityManager) obj;
+
} catch (Exception e) {
String message = SandeshaMessageHelper.getMessage(SandeshaMessageKeys.cannotInitSecurityManager, e.toString());
throw new SandeshaException(message,e);
@@ -1120,6 +1141,11 @@
if (log.isDebugEnabled()) log.debug("Unreliable operation");
result = true;
}
+ else if(null != unreliableParam && "false".equals(unreliable)){
+ //a forced reliable message
+ if (log.isDebugEnabled()) log.debug("Forced reliable message context");
+ result = false;
+ }
}
}
Modified: webservices/sandesha/trunk/java/modules/tests/src/test/java/org/apache/sandesha2/security/UnitTestSecurityManager.java
URL: http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/modules/tests/src/test/java/org/apache/sandesha2/security/UnitTestSecurityManager.java?rev=597648&r1=597647&r2=597648&view=diff
==============================================================================
--- webservices/sandesha/trunk/java/modules/tests/src/test/java/org/apache/sandesha2/security/UnitTestSecurityManager.java (original)
+++ webservices/sandesha/trunk/java/modules/tests/src/test/java/org/apache/sandesha2/security/UnitTestSecurityManager.java Fri Nov 23 03:45:13 2007
@@ -41,7 +41,6 @@
private static Log log = LogFactory.getLog(UnitTestSecurityManager.class);
private static HashMap tokens = new HashMap();
- private static int id = 0;
private static String secNamespace = Sandesha2Constants.SPEC_2005_02.SEC_NS_URI;
private static QName unitTestHeader = new QName("http://unit.test.security", "tokenId");
@@ -58,7 +57,7 @@
{
log.debug("Enter: UnitTestSecurityManager::getSecurityToken(MessageContext)");
- UnitTestSecurityToken result = new UnitTestSecurityToken(id++);
+ UnitTestSecurityToken result = new UnitTestSecurityToken(1); //use the same token for all messages in unit test
tokens.put(getTokenRecoveryData(result), result);
log.debug("Exit: UnitTestSecurityManager::getSecurityToken " + result);
---------------------------------------------------------------------
To unsubscribe, e-mail: sandesha-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: sandesha-dev-help@ws.apache.org