You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2011/11/24 16:33:22 UTC
svn commit: r1205884 - in
/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j:
./ policyvalidators/
Author: coheigea
Date: Thu Nov 24 15:33:21 2011
New Revision: 1205884
URL: http://svn.apache.org/viewvc?rev=1205884&view=rev
Log:
Finished sec-pol refactoring.
Added:
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SupportingTokenPolicyValidator.java
Modified:
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java
Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=1205884&r1=1205883&r2=1205884&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java Thu Nov 24 15:33:21 2011
@@ -76,6 +76,7 @@ import org.apache.cxf.ws.security.wss4j.
import org.apache.cxf.ws.security.wss4j.policyvalidators.SignedEndorsingEncryptedTokenPolicyValidator;
import org.apache.cxf.ws.security.wss4j.policyvalidators.SignedEndorsingTokenPolicyValidator;
import org.apache.cxf.ws.security.wss4j.policyvalidators.SignedTokenPolicyValidator;
+import org.apache.cxf.ws.security.wss4j.policyvalidators.SupportingTokenPolicyValidator;
import org.apache.cxf.ws.security.wss4j.policyvalidators.SymmetricBindingPolicyValidator;
import org.apache.cxf.ws.security.wss4j.policyvalidators.TokenPolicyValidator;
import org.apache.cxf.ws.security.wss4j.policyvalidators.TransportBindingPolicyValidator;
@@ -88,6 +89,7 @@ import org.apache.ws.security.WSSecurity
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.message.token.Timestamp;
import org.apache.ws.security.util.WSSecurityUtil;
/**
@@ -462,7 +464,10 @@ public class PolicyBasedWSS4JInIntercept
}
if (check) {
- check = checkSupportingTokenCoverage(aim, msg, results, signedResults, utWithCallbacks);
+ check =
+ checkSupportingTokenCoverage(
+ aim, msg, results, signedResults, encryptResults, utWithCallbacks
+ );
}
// The supporting tokens are already validated
@@ -585,11 +590,10 @@ public class PolicyBasedWSS4JInIntercept
AssertionInfoMap aim,
SoapMessage msg,
List<WSSecurityEngineResult> results,
- List<WSSecurityEngineResult> signedResults,
+ List<WSSecurityEngineResult> signedResults,
+ List<WSSecurityEngineResult> encryptedResults,
boolean utWithCallbacks
) {
- boolean check = true;
-
List<WSSecurityEngineResult> utResults = new ArrayList<WSSecurityEngineResult>();
WSSecurityUtil.fetchAllActionResults(results, WSConstants.UT, utResults);
WSSecurityUtil.fetchAllActionResults(results, WSConstants.UT_NOPASSWORD, utResults);
@@ -598,37 +602,57 @@ public class PolicyBasedWSS4JInIntercept
WSSecurityUtil.fetchAllActionResults(results, WSConstants.ST_SIGNED, samlResults);
WSSecurityUtil.fetchAllActionResults(results, WSConstants.ST_UNSIGNED, samlResults);
- SignedTokenPolicyValidator suppValidator =
- new SignedTokenPolicyValidator(msg, results, signedResults);
- suppValidator.setValidateUsernameToken(utWithCallbacks);
- check &= suppValidator.validatePolicy(aim);
-
- EndorsingTokenPolicyValidator endorsingValidator =
- new EndorsingTokenPolicyValidator(msg, results, signedResults);
- check &= endorsingValidator.validatePolicy(aim);
-
- SignedEndorsingTokenPolicyValidator signedEdorsingValidator =
- new SignedEndorsingTokenPolicyValidator(msg, results, signedResults);
- check &= signedEdorsingValidator.validatePolicy(aim);
-
- SignedEncryptedTokenPolicyValidator signedEncryptedValidator =
- new SignedEncryptedTokenPolicyValidator(msg, results, signedResults);
- signedEncryptedValidator.setValidateUsernameToken(utWithCallbacks);
- check &= signedEncryptedValidator.validatePolicy(aim);
-
- EncryptedTokenPolicyValidator encryptedValidator =
- new EncryptedTokenPolicyValidator(msg, results, signedResults);
- encryptedValidator.setValidateUsernameToken(utWithCallbacks);
- check &= encryptedValidator.validatePolicy(aim);
-
- EndorsingEncryptedTokenPolicyValidator endorsingEncryptedValidator =
- new EndorsingEncryptedTokenPolicyValidator(msg, results, signedResults);
- endorsingEncryptedValidator.setValidateUsernameToken(utWithCallbacks);
- check &= endorsingEncryptedValidator.validatePolicy(aim);
-
- SignedEndorsingEncryptedTokenPolicyValidator signedEndorsingEncryptedValidator =
- new SignedEndorsingEncryptedTokenPolicyValidator(msg, results, signedResults);
- check &= signedEndorsingEncryptedValidator.validatePolicy(aim);
+ // Store the timestamp element
+ WSSecurityEngineResult tsResult = WSSecurityUtil.fetchActionResult(results, WSConstants.TS);
+ Element timestamp = null;
+ if (tsResult != null) {
+ Timestamp ts = (Timestamp)tsResult.get(WSSecurityEngineResult.TAG_TIMESTAMP);
+ timestamp = ts.getElement();
+ }
+
+ boolean check = true;
+
+ SupportingTokenPolicyValidator validator = new SignedTokenPolicyValidator();
+ validator.setUsernameTokenResults(utResults, utWithCallbacks);
+ validator.setSAMLTokenResults(samlResults);
+ validator.setTimestampElement(timestamp);
+ check &= validator.validatePolicy(aim, msg, results, signedResults, encryptedResults);
+
+ validator = new EndorsingTokenPolicyValidator();
+ validator.setUsernameTokenResults(utResults, utWithCallbacks);
+ validator.setSAMLTokenResults(samlResults);
+ validator.setTimestampElement(timestamp);
+ check &= validator.validatePolicy(aim, msg, results, signedResults, encryptedResults);
+
+ validator = new SignedEndorsingTokenPolicyValidator();
+ validator.setUsernameTokenResults(utResults, utWithCallbacks);
+ validator.setSAMLTokenResults(samlResults);
+ validator.setTimestampElement(timestamp);
+ check &= validator.validatePolicy(aim, msg, results, signedResults, encryptedResults);
+
+ validator = new SignedEncryptedTokenPolicyValidator();
+ validator.setUsernameTokenResults(utResults, utWithCallbacks);
+ validator.setSAMLTokenResults(samlResults);
+ validator.setTimestampElement(timestamp);
+ check &= validator.validatePolicy(aim, msg, results, signedResults, encryptedResults);
+
+ validator = new EncryptedTokenPolicyValidator();
+ validator.setUsernameTokenResults(utResults, utWithCallbacks);
+ validator.setSAMLTokenResults(samlResults);
+ validator.setTimestampElement(timestamp);
+ check &= validator.validatePolicy(aim, msg, results, signedResults, encryptedResults);
+
+ validator = new EndorsingEncryptedTokenPolicyValidator();
+ validator.setUsernameTokenResults(utResults, utWithCallbacks);
+ validator.setSAMLTokenResults(samlResults);
+ validator.setTimestampElement(timestamp);
+ check &= validator.validatePolicy(aim, msg, results, signedResults, encryptedResults);
+
+ validator = new SignedEndorsingEncryptedTokenPolicyValidator();
+ validator.setUsernameTokenResults(utResults, utWithCallbacks);
+ validator.setSAMLTokenResults(samlResults);
+ validator.setTimestampElement(timestamp);
+ check &= validator.validatePolicy(aim, msg, results, signedResults, encryptedResults);
return check;
}
Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java?rev=1205884&r1=1205883&r2=1205884&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java Thu Nov 24 15:33:21 2011
@@ -38,63 +38,68 @@ import org.apache.ws.security.WSSecurity
import org.apache.ws.security.message.token.BinarySecurity;
import org.apache.ws.security.message.token.KerberosSecurity;
import org.apache.ws.security.message.token.PKIPathSecurity;
-import org.apache.ws.security.message.token.Timestamp;
import org.apache.ws.security.message.token.X509Security;
import org.apache.ws.security.saml.SAMLKeyInfo;
import org.apache.ws.security.saml.ext.AssertionWrapper;
-import org.apache.ws.security.util.WSSecurityUtil;
/**
* A base class to use to validate various SupportingToken policies.
*/
-public abstract class AbstractSupportingTokenPolicyValidator extends AbstractTokenPolicyValidator {
+public abstract class AbstractSupportingTokenPolicyValidator
+ extends AbstractTokenPolicyValidator implements SupportingTokenPolicyValidator {
- protected Message message;
- protected List<WSSecurityEngineResult> results;
- protected List<WSSecurityEngineResult> signedResults;
- protected List<WSSecurityEngineResult> encryptedResults;
- protected boolean tls;
- protected boolean validateUsernameToken = true;
- protected Element timestamp;
+ private Message message;
+ private List<WSSecurityEngineResult> results;
+ private List<WSSecurityEngineResult> signedResults;
+ private List<WSSecurityEngineResult> encryptedResults;
+ private List<WSSecurityEngineResult> utResults;
+ private List<WSSecurityEngineResult> samlResults;
+ private boolean validateUsernameToken = true;
+ private Element timestamp;
private boolean signed;
private boolean encrypted;
private boolean derived;
private boolean endorsed;
- public AbstractSupportingTokenPolicyValidator(
- Message message,
- List<WSSecurityEngineResult> results,
- List<WSSecurityEngineResult> signedResults
+ /**
+ * Set the list of UsernameToken results
+ */
+ public void setUsernameTokenResults(
+ List<WSSecurityEngineResult> utResultsList,
+ boolean valUsernameToken
) {
- this.message = message;
+ utResults = utResultsList;
+ validateUsernameToken = valUsernameToken;
+ }
+
+ /**
+ * Set the list of SAMLToken results
+ */
+ public void setSAMLTokenResults(List<WSSecurityEngineResult> samlResultsList) {
+ samlResults = samlResultsList;
+ }
+
+ /**
+ * Set the Timestamp element
+ */
+ public void setTimestampElement(Element timestampElement) {
+ timestamp = timestampElement;
+ }
+
+ public void setMessage(Message msg) {
+ message = msg;
+ }
+
+ public void setResults(List<WSSecurityEngineResult> results) {
this.results = results;
+ }
+
+ public void setSignedResults(List<WSSecurityEngineResult> signedResults) {
this.signedResults = signedResults;
-
- // Store the timestamp element
- WSSecurityEngineResult tsResult = WSSecurityUtil.fetchActionResult(results, WSConstants.TS);
- if (tsResult != null) {
- Timestamp ts = (Timestamp)tsResult.get(WSSecurityEngineResult.TAG_TIMESTAMP);
- timestamp = ts.getElement();
- }
-
- // Store the encryption results
- encryptedResults = new ArrayList<WSSecurityEngineResult>();
- for (WSSecurityEngineResult result : results) {
- Integer actInt = (Integer)result.get(WSSecurityEngineResult.TAG_ACTION);
- if (actInt.intValue() == WSConstants.ENCR) {
- encryptedResults.add(result);
- }
- }
-
- // See whether TLS is in use or not
- TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);
- if (tlsInfo != null) {
- tls = true;
- }
}
- public void setValidateUsernameToken(boolean validateUsernameToken) {
- this.validateUsernameToken = validateUsernameToken;
+ public void setEncryptedResults(List<WSSecurityEngineResult> encryptedResults) {
+ this.encryptedResults = encryptedResults;
}
public void setSigned(boolean signed) {
@@ -120,18 +125,14 @@ public abstract class AbstractSupporting
if (!validateUsernameToken) {
return true;
}
- List<WSSecurityEngineResult> tokenResults = new ArrayList<WSSecurityEngineResult>();
- WSSecurityUtil.fetchAllActionResults(results, WSConstants.UT, tokenResults);
- WSSecurityUtil.fetchAllActionResults(results, WSConstants.UT_NOPASSWORD, tokenResults);
-
- if (tokenResults.isEmpty()) {
+ if (utResults.isEmpty()) {
return false;
}
- if (signed && !areTokensSigned(tokenResults)) {
+ if (signed && !areTokensSigned(utResults)) {
return false;
}
- if (encrypted && !areTokensEncrypted(tokenResults)) {
+ if (encrypted && !areTokensEncrypted(utResults)) {
return false;
}
return true;
@@ -142,21 +143,17 @@ public abstract class AbstractSupporting
* Process SAML Tokens. Only SignedSupportingTokens are currently enforced.
*/
protected boolean processSAMLTokens() {
- List<WSSecurityEngineResult> tokenResults = new ArrayList<WSSecurityEngineResult>();
- WSSecurityUtil.fetchAllActionResults(results, WSConstants.ST_SIGNED, tokenResults);
- WSSecurityUtil.fetchAllActionResults(results, WSConstants.ST_UNSIGNED, tokenResults);
-
- if (tokenResults.isEmpty()) {
+ if (samlResults.isEmpty()) {
return false;
}
- if (signed && !areTokensSigned(tokenResults)) {
+ if (signed && !areTokensSigned(samlResults)) {
return false;
}
- if (encrypted && !areTokensEncrypted(tokenResults)) {
+ if (encrypted && !areTokensEncrypted(samlResults)) {
return false;
}
- if (endorsed && !checkEndorsed(tokenResults)) {
+ if (endorsed && !checkEndorsed(samlResults)) {
return false;
}
return true;
@@ -336,13 +333,22 @@ public abstract class AbstractSupporting
return null;
}
+ private boolean isTLSInUse() {
+ // See whether TLS is in use or not
+ TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);
+ if (tlsInfo != null) {
+ return true;
+ }
+ return false;
+ }
+
/**
* Check the endorsing supporting token policy. If we're using the Transport Binding then
* check that the Timestamp is signed. Otherwise, check that the signature is signed.
* @return true if the endorsed supporting token policy is correct
*/
private boolean checkEndorsed(List<WSSecurityEngineResult> tokenResults) {
- if (tls) {
+ if (isTLSInUse()) {
return checkTimestampIsSigned(tokenResults);
}
return checkSignatureIsSigned(tokenResults);
@@ -353,13 +359,12 @@ public abstract class AbstractSupporting
* Return true if a list of tokens were signed, false otherwise.
*/
private boolean areTokensSigned(List<WSSecurityEngineResult> tokens) {
- if (tls) {
- return true;
- }
- for (WSSecurityEngineResult wser : tokens) {
- Element tokenElement = (Element)wser.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
- if (!isTokenSigned(tokenElement)) {
- return false;
+ if (!isTLSInUse()) {
+ for (WSSecurityEngineResult wser : tokens) {
+ Element tokenElement = (Element)wser.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
+ if (!isTokenSigned(tokenElement)) {
+ return false;
+ }
}
}
return true;
@@ -369,13 +374,12 @@ public abstract class AbstractSupporting
* Return true if a list of tokens were encrypted, false otherwise.
*/
private boolean areTokensEncrypted(List<WSSecurityEngineResult> tokens) {
- if (tls) {
- return true;
- }
- for (WSSecurityEngineResult wser : tokens) {
- Element tokenElement = (Element)wser.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
- if (!isTokenEncrypted(tokenElement)) {
- return false;
+ if (!isTLSInUse()) {
+ for (WSSecurityEngineResult wser : tokens) {
+ Element tokenElement = (Element)wser.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
+ if (!isTokenEncrypted(tokenElement)) {
+ return false;
+ }
}
}
return true;
Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java?rev=1205884&r1=1205883&r2=1205884&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java Thu Nov 24 15:33:21 2011
@@ -42,21 +42,26 @@ import org.apache.ws.security.WSSecurity
*/
public class EncryptedTokenPolicyValidator extends AbstractSupportingTokenPolicyValidator {
- public EncryptedTokenPolicyValidator(
- Message message,
- List<WSSecurityEngineResult> results,
- List<WSSecurityEngineResult> signedResults
- ) {
- super(message, results, signedResults);
+ public EncryptedTokenPolicyValidator() {
+ setEncrypted(true);
}
public boolean validatePolicy(
- AssertionInfoMap aim
+ AssertionInfoMap aim,
+ Message message,
+ List<WSSecurityEngineResult> results,
+ List<WSSecurityEngineResult> signedResults,
+ List<WSSecurityEngineResult> encryptedResults
) {
Collection<AssertionInfo> ais = aim.get(SP12Constants.ENCRYPTED_SUPPORTING_TOKENS);
if (ais == null || ais.isEmpty()) {
return true;
}
+
+ setMessage(message);
+ setResults(results);
+ setSignedResults(signedResults);
+ setEncryptedResults(encryptedResults);
for (AssertionInfo ai : ais) {
SupportingToken binding = (SupportingToken)ai.getAssertion();
@@ -64,8 +69,6 @@ public class EncryptedTokenPolicyValidat
continue;
}
ai.setAsserted(true);
- setSigned(false);
- setEncrypted(true);
List<Token> tokens = binding.getTokens();
for (Token token : tokens) {
Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java?rev=1205884&r1=1205883&r2=1205884&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java Thu Nov 24 15:33:21 2011
@@ -41,21 +41,27 @@ import org.apache.ws.security.WSSecurity
*/
public class EndorsingEncryptedTokenPolicyValidator extends AbstractSupportingTokenPolicyValidator {
- public EndorsingEncryptedTokenPolicyValidator(
- Message message,
- List<WSSecurityEngineResult> results,
- List<WSSecurityEngineResult> signedResults
- ) {
- super(message, results, signedResults);
+ public EndorsingEncryptedTokenPolicyValidator() {
+ setEndorsed(true);
+ setEncrypted(true);
}
public boolean validatePolicy(
- AssertionInfoMap aim
+ AssertionInfoMap aim,
+ Message message,
+ List<WSSecurityEngineResult> results,
+ List<WSSecurityEngineResult> signedResults,
+ List<WSSecurityEngineResult> encryptedResults
) {
Collection<AssertionInfo> ais = aim.get(SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
if (ais == null || ais.isEmpty()) {
return true;
}
+
+ setMessage(message);
+ setResults(results);
+ setSignedResults(signedResults);
+ setEncryptedResults(encryptedResults);
for (AssertionInfo ai : ais) {
SupportingToken binding = (SupportingToken)ai.getAssertion();
@@ -64,8 +70,6 @@ public class EndorsingEncryptedTokenPoli
continue;
}
ai.setAsserted(true);
- setEndorsed(true);
- setEncrypted(true);
List<Token> tokens = binding.getTokens();
for (Token token : tokens) {
Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java?rev=1205884&r1=1205883&r2=1205884&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java Thu Nov 24 15:33:21 2011
@@ -41,21 +41,27 @@ import org.apache.ws.security.WSSecurity
*/
public class EndorsingTokenPolicyValidator extends AbstractSupportingTokenPolicyValidator {
- public EndorsingTokenPolicyValidator(
- Message message,
- List<WSSecurityEngineResult> results,
- List<WSSecurityEngineResult> signedResults
- ) {
- super(message, results, signedResults);
+ public EndorsingTokenPolicyValidator() {
+ setEndorsed(true);
}
+
public boolean validatePolicy(
- AssertionInfoMap aim
+ AssertionInfoMap aim,
+ Message message,
+ List<WSSecurityEngineResult> results,
+ List<WSSecurityEngineResult> signedResults,
+ List<WSSecurityEngineResult> encryptedResults
) {
Collection<AssertionInfo> ais = aim.get(SP12Constants.ENDORSING_SUPPORTING_TOKENS);
if (ais == null || ais.isEmpty()) {
return true;
}
+
+ setMessage(message);
+ setResults(results);
+ setSignedResults(signedResults);
+ setEncryptedResults(encryptedResults);
for (AssertionInfo ai : ais) {
SupportingToken binding = (SupportingToken)ai.getAssertion();
@@ -63,7 +69,6 @@ public class EndorsingTokenPolicyValidat
continue;
}
ai.setAsserted(true);
- setEndorsed(true);
List<Token> tokens = binding.getTokens();
for (Token token : tokens) {
Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java?rev=1205884&r1=1205883&r2=1205884&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java Thu Nov 24 15:33:21 2011
@@ -42,30 +42,34 @@ import org.apache.ws.security.WSSecurity
*/
public class SignedEncryptedTokenPolicyValidator extends AbstractSupportingTokenPolicyValidator {
- public SignedEncryptedTokenPolicyValidator(
- Message message,
- List<WSSecurityEngineResult> results,
- List<WSSecurityEngineResult> signedResults
- ) {
- super(message, results, signedResults);
+ public SignedEncryptedTokenPolicyValidator() {
+ setSigned(true);
+ setEncrypted(true);
}
public boolean validatePolicy(
- AssertionInfoMap aim
+ AssertionInfoMap aim,
+ Message message,
+ List<WSSecurityEngineResult> results,
+ List<WSSecurityEngineResult> signedResults,
+ List<WSSecurityEngineResult> encryptedResults
) {
Collection<AssertionInfo> ais = aim.get(SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
if (ais == null || ais.isEmpty()) {
return true;
}
+ setMessage(message);
+ setResults(results);
+ setSignedResults(signedResults);
+ setEncryptedResults(encryptedResults);
+
for (AssertionInfo ai : ais) {
SupportingToken binding = (SupportingToken)ai.getAssertion();
if (SPConstants.SupportTokenType.SUPPORTING_TOKEN_SIGNED_ENCRYPTED != binding.getTokenType()) {
continue;
}
ai.setAsserted(true);
- setSigned(true);
- setEncrypted(true);
List<Token> tokens = binding.getTokens();
for (Token token : tokens) {
Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java?rev=1205884&r1=1205883&r2=1205884&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java Thu Nov 24 15:33:21 2011
@@ -40,22 +40,29 @@ import org.apache.ws.security.WSSecurity
*/
public class SignedEndorsingEncryptedTokenPolicyValidator extends AbstractSupportingTokenPolicyValidator {
- public SignedEndorsingEncryptedTokenPolicyValidator(
- Message message,
- List<WSSecurityEngineResult> results,
- List<WSSecurityEngineResult> signedResults
- ) {
- super(message, results, signedResults);
+ public SignedEndorsingEncryptedTokenPolicyValidator() {
+ setSigned(true);
+ setEndorsed(true);
+ setEncrypted(true);
}
public boolean validatePolicy(
- AssertionInfoMap aim
+ AssertionInfoMap aim,
+ Message message,
+ List<WSSecurityEngineResult> results,
+ List<WSSecurityEngineResult> signedResults,
+ List<WSSecurityEngineResult> encryptedResults
) {
Collection<AssertionInfo> ais = aim.get(SP12Constants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
if (ais == null || ais.isEmpty()) {
return true;
}
+ setMessage(message);
+ setResults(results);
+ setSignedResults(signedResults);
+ setEncryptedResults(encryptedResults);
+
for (AssertionInfo ai : ais) {
SupportingToken binding = (SupportingToken)ai.getAssertion();
if (SPConstants.SupportTokenType.SUPPORTING_TOKEN_SIGNED_ENDORSING_ENCRYPTED
@@ -63,9 +70,6 @@ public class SignedEndorsingEncryptedTok
continue;
}
ai.setAsserted(true);
- setSigned(true);
- setEndorsed(true);
- setEncrypted(true);
List<Token> tokens = binding.getTokens();
for (Token token : tokens) {
Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java?rev=1205884&r1=1205883&r2=1205884&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java Thu Nov 24 15:33:21 2011
@@ -40,21 +40,27 @@ import org.apache.ws.security.WSSecurity
*/
public class SignedEndorsingTokenPolicyValidator extends AbstractSupportingTokenPolicyValidator {
- public SignedEndorsingTokenPolicyValidator(
- Message message,
- List<WSSecurityEngineResult> results,
- List<WSSecurityEngineResult> signedResults
- ) {
- super(message, results, signedResults);
+ public SignedEndorsingTokenPolicyValidator() {
+ setSigned(true);
+ setEndorsed(true);
}
public boolean validatePolicy(
- AssertionInfoMap aim
+ AssertionInfoMap aim,
+ Message message,
+ List<WSSecurityEngineResult> results,
+ List<WSSecurityEngineResult> signedResults,
+ List<WSSecurityEngineResult> encryptedResults
) {
Collection<AssertionInfo> ais = aim.get(SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
if (ais == null || ais.isEmpty()) {
return true;
}
+
+ setMessage(message);
+ setResults(results);
+ setSignedResults(signedResults);
+ setEncryptedResults(encryptedResults);
for (AssertionInfo ai : ais) {
SupportingToken binding = (SupportingToken)ai.getAssertion();
@@ -62,8 +68,6 @@ public class SignedEndorsingTokenPolicyV
continue;
}
ai.setAsserted(true);
- setSigned(true);
- setEndorsed(true);
List<Token> tokens = binding.getTokens();
for (Token token : tokens) {
Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java?rev=1205884&r1=1205883&r2=1205884&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java Thu Nov 24 15:33:21 2011
@@ -42,29 +42,33 @@ import org.apache.ws.security.WSSecurity
*/
public class SignedTokenPolicyValidator extends AbstractSupportingTokenPolicyValidator {
- public SignedTokenPolicyValidator(
- Message message,
- List<WSSecurityEngineResult> results,
- List<WSSecurityEngineResult> signedResults
- ) {
- super(message, results, signedResults);
+ public SignedTokenPolicyValidator() {
+ setSigned(true);
}
public boolean validatePolicy(
- AssertionInfoMap aim
+ AssertionInfoMap aim,
+ Message message,
+ List<WSSecurityEngineResult> results,
+ List<WSSecurityEngineResult> signedResults,
+ List<WSSecurityEngineResult> encryptedResults
) {
Collection<AssertionInfo> ais = aim.get(SP12Constants.SIGNED_SUPPORTING_TOKENS);
if (ais == null || ais.isEmpty()) {
return true;
}
+ setMessage(message);
+ setResults(results);
+ setSignedResults(signedResults);
+ setEncryptedResults(encryptedResults);
+
for (AssertionInfo ai : ais) {
SupportingToken binding = (SupportingToken)ai.getAssertion();
if (SPConstants.SupportTokenType.SUPPORTING_TOKEN_SIGNED != binding.getTokenType()) {
continue;
}
ai.setAsserted(true);
- setSigned(true);
List<Token> tokens = binding.getTokens();
for (Token token : tokens) {
Added: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SupportingTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SupportingTokenPolicyValidator.java?rev=1205884&view=auto
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SupportingTokenPolicyValidator.java (added)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SupportingTokenPolicyValidator.java Thu Nov 24 15:33:21 2011
@@ -0,0 +1,60 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.wss4j.policyvalidators;
+
+import java.util.List;
+
+import org.w3c.dom.Element;
+
+import org.apache.cxf.message.Message;
+import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.ws.security.WSSecurityEngineResult;
+
+/**
+ * Validate a WS-SecurityPolicy corresponding to a SupportingToken.
+ */
+public interface SupportingTokenPolicyValidator {
+
+ /**
+ * Set the list of UsernameToken results
+ */
+ void setUsernameTokenResults(List<WSSecurityEngineResult> utResultsList, boolean valUsernameToken);
+
+ /**
+ * Set the list of SAMLToken results
+ */
+ void setSAMLTokenResults(List<WSSecurityEngineResult> samlResultsList);
+
+ /**
+ * Set the Timestamp element
+ */
+ void setTimestampElement(Element timestampElement);
+
+ /**
+ * Validate a particular policy from the AssertionInfoMap argument. Return true if the policy is valid.
+ */
+ boolean validatePolicy(
+ AssertionInfoMap aim,
+ Message message,
+ List<WSSecurityEngineResult> results,
+ List<WSSecurityEngineResult> signedResults,
+ List<WSSecurityEngineResult> encryptedResults
+ );
+}