You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-commits@axis.apache.org by bi...@apache.org on 2020/04/15 16:09:00 UTC
[axis-axis2-java-rampart] 06/14: Merge latest changes from trunk.
This is an automated email from the ASF dual-hosted git repository.
billblough pushed a commit to branch RAMPART-426
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit e84f18b4b9f17dc746bb895776cf1919becd463e
Merge: ecaa028 c145a4c
Author: Andreas Veithen <ve...@apache.org>
AuthorDate: Sat Jan 28 23:39:27 2017 +0000
Merge latest changes from trunk.
modules/rampart-core/pom.xml | 5 +
.../java/org/apache/rampart/RampartEngine.java | 96 +++++-
.../org/apache/rampart/builder/BindingBuilder.java | 98 +++++-
.../rampart/builder/TransportBindingBuilder.java | 80 +++++
.../policy/builders/KerberosConfigBuilder.java | 100 ++++++
.../policy/builders/RampartConfigBuilder.java | 11 +
.../rampart/policy/model/KerberosConfig.java | 361 +++++++++++++++++++++
.../apache/rampart/policy/model/RampartConfig.java | 18 +
.../java/org/apache/rampart/util/RampartUtil.java | 61 ++++
.../org.apache.neethi.builders.AssertionBuilder | 3 +-
.../resources/org/apache/rampart/errors.properties | 8 +
.../policy/builders/KerberosConfigBuilderTest.java | 121 +++++++
.../rampart/policy/builders/kerberosConfig.policy | 22 ++
modules/rampart-integration/pom.xml | 90 ++++-
.../apache/rampart/KerberosDelegationService.java | 78 +++++
.../KerberosDelegationServiceValidator.java | 46 +++
.../org/apache/rampart/RampartKerberosTest.java | 296 +++++++++++++++++
.../org/apache/rampart/util/KerberosServer.java | 207 ++++++++++++
.../rampart/util/KerberosTokenDecoderImpl.java | 156 +++++++++
.../src/test/resources/kerberos/alice.keytab | Bin 0 -> 666 bytes
.../src/test/resources/kerberos/bob.keytab | Bin 0 -> 328 bytes
.../src/test/resources/kerberos/jaas.conf | 49 +++
.../src/test/resources/kerberos/krb5.conf.template | 8 +
.../src/test/resources/kerberos/readme | 9 +
.../src/test/resources/kerberos/users.ldif | 60 ++++
.../rampart/kerberos/KerberosDelegation.xml | 86 +++++
.../kerberos/KerberosOverTransportKeytab.xml | 85 +++++
.../rampart/kerberos/KerberosOverTransportPWCB.xml | 88 +++++
modules/rampart-policy/pom.xml | 10 +
.../java/org/apache/ws/secpolicy/Constants.java | 4 +
.../org/apache/ws/secpolicy/SP11Constants.java | 9 +
.../org/apache/ws/secpolicy/SP12Constants.java | 9 +
.../java/org/apache/ws/secpolicy/SPConstants.java | 5 +-
.../apache/ws/secpolicy/model/KerberosToken.java | 152 +++++++++
.../secpolicy11/builders/KerberosTokenBuilder.java | 84 +++++
.../secpolicy12/builders/KerberosTokenBuilder.java | 84 +++++
.../org.apache.neethi.builders.AssertionBuilder | 4 +-
.../apache/ws/secpolicy/KerberosPolicyTest.java | 212 ++++++++++++
.../src/test/resources/policy/kerberos-11.xml | 16 +
.../src/test/resources/policy/kerberos-12.xml | 16 +
.../src/test/resources/policy/kerberos-gss-11.xml | 16 +
.../src/test/resources/policy/kerberos-gss-12.xml | 16 +
.../resources/policy/kerberos-gss-keyref-11.xml | 18 +
.../resources/policy/kerberos-gss-keyref-12.xml | 17 +
.../test/resources/policy/kerberos-keyref-11.xml | 17 +
.../test/resources/policy/kerberos-keyref-12.xml | 17 +
pom.xml | 9 +
47 files changed, 2946 insertions(+), 11 deletions(-)
diff --cc modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
index f9dbbe7,66b5648..e43f2b6
--- a/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
@@@ -27,28 -27,28 +27,39 @@@ import org.apache.commons.logging.LogFa
import org.apache.rahas.Token;
import org.apache.rahas.TokenStorage;
import org.apache.rampart.policy.RampartPolicyData;
++import org.apache.rampart.policy.model.KerberosConfig;
+import org.apache.rampart.policy.model.RampartConfig;
import org.apache.rampart.saml.SAMLAssertionHandler;
import org.apache.rampart.saml.SAMLAssertionHandlerFactory;
import org.apache.rampart.util.Axis2Util;
import org.apache.rampart.util.RampartUtil;
-import org.apache.rampart.policy.model.KerberosConfig;
-import org.apache.rampart.policy.model.RampartConfig;
import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.secpolicy.model.UsernameToken;
+ import org.apache.ws.secpolicy.model.KerberosToken;
+ import org.apache.ws.secpolicy.model.SupportingToken;
-import org.apache.ws.security.*;
+import org.apache.ws.secpolicy.model.UsernameToken;
++import org.apache.ws.security.NamePasswordCallbackHandler;
+import org.apache.ws.security.WSConstants;
++import org.apache.ws.security.WSPasswordCallback;
++import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.WSSecurityEngine;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.WSUsernameTokenPrincipal;
import org.apache.ws.security.components.crypto.Crypto;
+ import org.apache.ws.security.validate.KerberosTokenDecoder;
+ import org.apache.ws.security.validate.KerberosTokenValidator;
+ import javax.security.auth.callback.CallbackHandler;
+ import javax.security.auth.callback.UnsupportedCallbackException;
import javax.xml.namespace.QName;
+ import java.io.IOException;
import java.security.cert.X509Certificate;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Vector;
public class RampartEngine {
@@@ -141,22 -223,8 +234,21 @@@
}
}
- String actorValue = secHeader.getAttributeValue(new QName(rmd
- .getSoapConstants().getEnvelopeURI(), "actor"));
+ // get the configured 'actor' value and if it is NOT set
+ // then fallback to the one in the security header
+ String actorValue = null;
- RampartConfig rampartConfig = rpd.getRampartConfig();
+ if(null != rampartConfig){
+ actorValue = rampartConfig.getInboundActor();
+ }
+
+ if(null == actorValue){
+ String actorAttribute = WSConstants.ATTR_ACTOR;
+ if (WSConstants.URI_SOAP12_ENV.equals(rmd.getSoapConstants().getEnvelopeURI())) {
+ actorAttribute = WSConstants.ATTR_ROLE;
+ }
+
+ actorValue = secHeader.getAttributeValue(new QName(rmd.getSoapConstants().getEnvelopeURI(), actorAttribute));
+ }
Crypto signatureCrypto = RampartUtil.getSignatureCrypto(rpd.getRampartConfig(),
msgCtx.getAxisService().getClassLoader());
diff --cc modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
index a539641,bdad069..9bfcd2f
--- a/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
@@@ -157,10 -152,17 +159,20 @@@ public class RampartConfig implements A
private String nonceLifeTime = Integer.toString(DEFAULT_NONCE_LIFE_TIME);
private SSLConfig sslConfig;
-
++
+ private KerberosConfig kerberosConfig;
+ private String inboundActor;
+ private String outboundActor;
++
+ public KerberosConfig getKerberosConfig() {
+ return kerberosConfig;
+ }
+ public void setKerberosConfig(KerberosConfig kerberosConfig) {
+ this.kerberosConfig = kerberosConfig;
+ }
+
/*To set timeStampStrict in WSSConfig through rampartConfig - default value is false*/
private boolean timeStampStrict = false;