You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-commits@axis.apache.org by bi...@apache.org on 2020/04/15 16:09:00 UTC

[axis-axis2-java-rampart] 06/14: Merge latest changes from trunk.

This is an automated email from the ASF dual-hosted git repository.

billblough pushed a commit to branch RAMPART-426
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git

commit e84f18b4b9f17dc746bb895776cf1919becd463e
Merge: ecaa028 c145a4c
Author: Andreas Veithen <ve...@apache.org>
AuthorDate: Sat Jan 28 23:39:27 2017 +0000

    Merge latest changes from trunk.

 modules/rampart-core/pom.xml                       |   5 +
 .../java/org/apache/rampart/RampartEngine.java     |  96 +++++-
 .../org/apache/rampart/builder/BindingBuilder.java |  98 +++++-
 .../rampart/builder/TransportBindingBuilder.java   |  80 +++++
 .../policy/builders/KerberosConfigBuilder.java     | 100 ++++++
 .../policy/builders/RampartConfigBuilder.java      |  11 +
 .../rampart/policy/model/KerberosConfig.java       | 361 +++++++++++++++++++++
 .../apache/rampart/policy/model/RampartConfig.java |  18 +
 .../java/org/apache/rampart/util/RampartUtil.java  |  61 ++++
 .../org.apache.neethi.builders.AssertionBuilder    |   3 +-
 .../resources/org/apache/rampart/errors.properties |   8 +
 .../policy/builders/KerberosConfigBuilderTest.java | 121 +++++++
 .../rampart/policy/builders/kerberosConfig.policy  |  22 ++
 modules/rampart-integration/pom.xml                |  90 ++++-
 .../apache/rampart/KerberosDelegationService.java  |  78 +++++
 .../KerberosDelegationServiceValidator.java        |  46 +++
 .../org/apache/rampart/RampartKerberosTest.java    | 296 +++++++++++++++++
 .../org/apache/rampart/util/KerberosServer.java    | 207 ++++++++++++
 .../rampart/util/KerberosTokenDecoderImpl.java     | 156 +++++++++
 .../src/test/resources/kerberos/alice.keytab       | Bin 0 -> 666 bytes
 .../src/test/resources/kerberos/bob.keytab         | Bin 0 -> 328 bytes
 .../src/test/resources/kerberos/jaas.conf          |  49 +++
 .../src/test/resources/kerberos/krb5.conf.template |   8 +
 .../src/test/resources/kerberos/readme             |   9 +
 .../src/test/resources/kerberos/users.ldif         |  60 ++++
 .../rampart/kerberos/KerberosDelegation.xml        |  86 +++++
 .../kerberos/KerberosOverTransportKeytab.xml       |  85 +++++
 .../rampart/kerberos/KerberosOverTransportPWCB.xml |  88 +++++
 modules/rampart-policy/pom.xml                     |  10 +
 .../java/org/apache/ws/secpolicy/Constants.java    |   4 +
 .../org/apache/ws/secpolicy/SP11Constants.java     |   9 +
 .../org/apache/ws/secpolicy/SP12Constants.java     |   9 +
 .../java/org/apache/ws/secpolicy/SPConstants.java  |   5 +-
 .../apache/ws/secpolicy/model/KerberosToken.java   | 152 +++++++++
 .../secpolicy11/builders/KerberosTokenBuilder.java |  84 +++++
 .../secpolicy12/builders/KerberosTokenBuilder.java |  84 +++++
 .../org.apache.neethi.builders.AssertionBuilder    |   4 +-
 .../apache/ws/secpolicy/KerberosPolicyTest.java    | 212 ++++++++++++
 .../src/test/resources/policy/kerberos-11.xml      |  16 +
 .../src/test/resources/policy/kerberos-12.xml      |  16 +
 .../src/test/resources/policy/kerberos-gss-11.xml  |  16 +
 .../src/test/resources/policy/kerberos-gss-12.xml  |  16 +
 .../resources/policy/kerberos-gss-keyref-11.xml    |  18 +
 .../resources/policy/kerberos-gss-keyref-12.xml    |  17 +
 .../test/resources/policy/kerberos-keyref-11.xml   |  17 +
 .../test/resources/policy/kerberos-keyref-12.xml   |  17 +
 pom.xml                                            |   9 +
 47 files changed, 2946 insertions(+), 11 deletions(-)

diff --cc modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
index f9dbbe7,66b5648..e43f2b6
--- a/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
@@@ -27,28 -27,28 +27,39 @@@ import org.apache.commons.logging.LogFa
  import org.apache.rahas.Token;
  import org.apache.rahas.TokenStorage;
  import org.apache.rampart.policy.RampartPolicyData;
++import org.apache.rampart.policy.model.KerberosConfig;
 +import org.apache.rampart.policy.model.RampartConfig;
  import org.apache.rampart.saml.SAMLAssertionHandler;
  import org.apache.rampart.saml.SAMLAssertionHandlerFactory;
  import org.apache.rampart.util.Axis2Util;
  import org.apache.rampart.util.RampartUtil;
 -import org.apache.rampart.policy.model.KerberosConfig;
 -import org.apache.rampart.policy.model.RampartConfig;
  import org.apache.ws.secpolicy.WSSPolicyException;
 -import org.apache.ws.secpolicy.model.UsernameToken;
+ import org.apache.ws.secpolicy.model.KerberosToken;
+ import org.apache.ws.secpolicy.model.SupportingToken;
 -import org.apache.ws.security.*;
 +import org.apache.ws.secpolicy.model.UsernameToken;
++import org.apache.ws.security.NamePasswordCallbackHandler;
 +import org.apache.ws.security.WSConstants;
++import org.apache.ws.security.WSPasswordCallback;
++import org.apache.ws.security.WSSConfig;
 +import org.apache.ws.security.WSSecurityEngine;
 +import org.apache.ws.security.WSSecurityEngineResult;
 +import org.apache.ws.security.WSSecurityException;
 +import org.apache.ws.security.WSUsernameTokenPrincipal;
  import org.apache.ws.security.components.crypto.Crypto;
+ import org.apache.ws.security.validate.KerberosTokenDecoder;
+ import org.apache.ws.security.validate.KerberosTokenValidator;
  
+ import javax.security.auth.callback.CallbackHandler;
+ import javax.security.auth.callback.UnsupportedCallbackException;
  import javax.xml.namespace.QName;
  
+ import java.io.IOException;
  import java.security.cert.X509Certificate;
 -import java.util.*;
 +import java.util.ArrayList;
 +import java.util.Collection;
 +import java.util.Iterator;
 +import java.util.List;
 +import java.util.Vector;
  
  public class RampartEngine {
  
@@@ -141,22 -223,8 +234,21 @@@
  		    }
  		}
  		
 -		String actorValue = secHeader.getAttributeValue(new QName(rmd
 -				.getSoapConstants().getEnvelopeURI(), "actor"));
 +		// get the configured 'actor' value and if it is NOT set
 +		// then fallback to the one in the security header
 +		String actorValue = null;
- 		RampartConfig rampartConfig = rpd.getRampartConfig();
 +		if(null != rampartConfig){
 +			actorValue = rampartConfig.getInboundActor();
 +		}
 +		
 +		if(null == actorValue){
 +		    String actorAttribute = WSConstants.ATTR_ACTOR;
 +		    if (WSConstants.URI_SOAP12_ENV.equals(rmd.getSoapConstants().getEnvelopeURI())) {
 +		        actorAttribute = WSConstants.ATTR_ROLE;
 +		    }
 +			
 +		    actorValue = secHeader.getAttributeValue(new QName(rmd.getSoapConstants().getEnvelopeURI(), actorAttribute));
 +		}
  
  		Crypto signatureCrypto = RampartUtil.getSignatureCrypto(rpd.getRampartConfig(), 
          		msgCtx.getAxisService().getClassLoader());
diff --cc modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
index a539641,bdad069..9bfcd2f
--- a/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
@@@ -157,10 -152,17 +159,20 @@@ public class RampartConfig implements A
      private String nonceLifeTime = Integer.toString(DEFAULT_NONCE_LIFE_TIME);
      
      private SSLConfig sslConfig;
 -    
++
+     private KerberosConfig kerberosConfig;
      
 +    private String inboundActor;
 +    private String outboundActor;
++    
+     public KerberosConfig getKerberosConfig() {
+         return kerberosConfig;
+     }
  
+     public void setKerberosConfig(KerberosConfig kerberosConfig) {
+         this.kerberosConfig = kerberosConfig;
+     }
+     
      /*To set timeStampStrict in WSSConfig through rampartConfig - default value is false*/
      private boolean timeStampStrict = false;