You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2008/09/22 20:51:10 UTC
svn commit: r697942 [1/2] - in /cxf/trunk:
api/src/main/java/org/apache/cxf/service/model/
api/src/main/java/org/apache/cxf/ws/policy/
common/common/src/main/java/org/apache/cxf/helpers/
rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/ rt/ws/policy...
Author: dkulp
Date: Mon Sep 22 11:51:08 2008
New Revision: 697942
URL: http://svn.apache.org/viewvc?rev=697942&view=rev
Log:
Get parts of ws-secpolicy AsymBinding working (sign before encrypt is working, encrypt before sign is not)
Fixes problems with policy impl
Delay setting up interceptor chains and vocabs until actually needed.
Added:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java (with props)
Modified:
cxf/trunk/api/src/main/java/org/apache/cxf/service/model/BindingOperationInfo.java
cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/AssertionInfoMap.java
cxf/trunk/common/common/src/main/java/org/apache/cxf/helpers/DOMUtils.java
cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/ClientPolicyInInterceptor.java
cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/EffectivePolicyImpl.java
cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/EndpointPolicyImpl.java
cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyEngineImpl.java
cxf/trunk/rt/ws/policy/src/test/java/org/apache/cxf/ws/policy/EffectivePolicyImplTest.java
cxf/trunk/rt/ws/policy/src/test/java/org/apache/cxf/ws/policy/EndpointPolicyImplTest.java
cxf/trunk/rt/ws/policy/src/test/java/org/apache/cxf/ws/policy/PolicyEngineTest.java
cxf/trunk/rt/ws/policy/src/test/java/org/apache/cxf/ws/policy/PolicyInterceptorsTest.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SPConstants.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/AsymmetricBindingBuilder.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SymmetricBindingBuilder.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityInterceptorProvider.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AbstractSecurityAssertion.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AsymmetricBinding.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/EncryptionToken.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/InitiatorToken.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/ProtectionToken.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/RecipientToken.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SignatureToken.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SupportingToken.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SymmetricAsymmetricBindingBase.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SymmetricBinding.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TokenWrapper.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TransportToken.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl
cxf/trunk/testutils/src/main/java/org/apache/cxf/testutil/common/ServerLauncher.java
Modified: cxf/trunk/api/src/main/java/org/apache/cxf/service/model/BindingOperationInfo.java
URL: http://svn.apache.org/viewvc/cxf/trunk/api/src/main/java/org/apache/cxf/service/model/BindingOperationInfo.java?rev=697942&r1=697941&r2=697942&view=diff
==============================================================================
--- cxf/trunk/api/src/main/java/org/apache/cxf/service/model/BindingOperationInfo.java (original)
+++ cxf/trunk/api/src/main/java/org/apache/cxf/service/model/BindingOperationInfo.java Mon Sep 22 11:51:08 2008
@@ -45,7 +45,7 @@
public BindingOperationInfo() {
}
- BindingOperationInfo(BindingInfo bi, OperationInfo opinfo) {
+ public BindingOperationInfo(BindingInfo bi, OperationInfo opinfo) {
bindingInfo = bi;
opInfo = opinfo;
@@ -61,7 +61,7 @@
}
Collection<FaultInfo> of = opinfo.getFaults();
- if (!of.isEmpty()) {
+ if (of != null && !of.isEmpty()) {
faults = new ConcurrentHashMap<QName, BindingFaultInfo>(of.size());
for (FaultInfo fault : of) {
faults.put(fault.getFaultName(), new BindingFaultInfo(fault, this));
@@ -136,7 +136,7 @@
@Override
public String toString() {
return new StringBuilder().append("[BindingOperationInfo: ")
- .append(getName())
+ .append(getName() == null ? "" : getName())
.append("]").toString();
}
Modified: cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/AssertionInfoMap.java
URL: http://svn.apache.org/viewvc/cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/AssertionInfoMap.java?rev=697942&r1=697941&r2=697942&view=diff
==============================================================================
--- cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/AssertionInfoMap.java (original)
+++ cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/AssertionInfoMap.java Mon Sep 22 11:51:08 2008
@@ -50,7 +50,7 @@
putAssertionInfo(a);
}
}
-
+
private void putAssertionInfo(PolicyAssertion a) {
Policy p = a.getPolicy();
if (p != null) {
Modified: cxf/trunk/common/common/src/main/java/org/apache/cxf/helpers/DOMUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/common/common/src/main/java/org/apache/cxf/helpers/DOMUtils.java?rev=697942&r1=697941&r2=697942&view=diff
==============================================================================
--- cxf/trunk/common/common/src/main/java/org/apache/cxf/helpers/DOMUtils.java (original)
+++ cxf/trunk/common/common/src/main/java/org/apache/cxf/helpers/DOMUtils.java Mon Sep 22 11:51:08 2008
@@ -255,9 +255,11 @@
}
public static Element getFirstChildWithName(Element parent, String ns, String lp) {
Node n = parent.getFirstChild();
- while (n != null
- && !ns.equals(n.getNamespaceURI())
- && !lp.equals(n.getLocalName())) {
+ while (n != null) {
+ if (ns.equals(n.getNamespaceURI())
+ && lp.equals(n.getLocalName())) {
+ return (Element)n;
+ }
n = n.getNextSibling();
}
return (Element)n;
Modified: cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/ClientPolicyInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/ClientPolicyInInterceptor.java?rev=697942&r1=697941&r2=697942&view=diff
==============================================================================
--- cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/ClientPolicyInInterceptor.java (original)
+++ cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/ClientPolicyInInterceptor.java Mon Sep 22 11:51:08 2008
@@ -21,7 +21,6 @@
import java.util.Collection;
import java.util.List;
-import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.cxf.common.logging.LogUtils;
@@ -31,6 +30,7 @@
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.phase.Phase;
+import org.apache.cxf.service.model.BindingOperationInfo;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.transport.Conduit;
@@ -66,27 +66,38 @@
return;
}
- Conduit conduit = exchange.getConduit(msg);
+ BindingOperationInfo boi = exchange.get(BindingOperationInfo.class);
- // We do not know the underlying message type yet - so we pre-emptively add interceptors
- // that can deal with any resposes or faults returned to this client endpoint.
+ if (boi == null) {
+ Conduit conduit = exchange.getConduit(msg);
- EndpointPolicy ep = pe.getClientEndpointPolicy(ei, conduit);
-
- List<Interceptor> interceptors = ep.getInterceptors();
- for (Interceptor i : interceptors) {
- msg.getInterceptorChain().add(i);
- LOG.log(Level.FINE, "Added interceptor of type {0}", i.getClass().getSimpleName());
- }
-
- // insert assertions of endpoint's vocabulary into message
-
- Collection<PolicyAssertion> assertions = ep.getVocabulary();
- if (null != assertions) {
- msg.put(AssertionInfoMap.class, new AssertionInfoMap(assertions));
+ EndpointPolicy ep = pe.getClientEndpointPolicy(ei, conduit);
+
+ List<Interceptor> interceptors = ep.getInterceptors();
+ for (Interceptor i : interceptors) {
+ msg.getInterceptorChain().add(i);
+ }
+
+ // insert assertions of endpoint's vocabulary into message
+
+ Collection<PolicyAssertion> assertions = ep.getVocabulary();
+ if (null != assertions) {
+ msg.put(AssertionInfoMap.class, new AssertionInfoMap(assertions));
+ }
+ } else {
+ // We do not know the underlying message type yet - so we pre-emptively add interceptors
+ // that can deal with any resposes or faults returned to this client endpoint.
+
+ EffectivePolicy ep = pe.getEffectiveClientResponsePolicy(ei, boi);
+
+ List<Interceptor> interceptors = ep.getInterceptors();
+ for (Interceptor i : interceptors) {
+ msg.getInterceptorChain().add(i);
+ }
+ // insert assertions of endpoint's vocabulary into message
+ if (ep.getPolicy() != null) {
+ msg.put(AssertionInfoMap.class, new AssertionInfoMap(ep.getPolicy()));
+ }
}
-
- // if the conduit implements the Assertor interface,
-
}
}
Modified: cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/EffectivePolicyImpl.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/EffectivePolicyImpl.java?rev=697942&r1=697941&r2=697942&view=diff
==============================================================================
--- cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/EffectivePolicyImpl.java (original)
+++ cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/EffectivePolicyImpl.java Mon Sep 22 11:51:08 2008
@@ -72,7 +72,7 @@
void initialise(EndpointPolicyImpl epi, PolicyEngineImpl engine) {
policy = epi.getPolicy();
chosenAlternative = epi.getChosenAlternative();
- initialiseInterceptors(engine);
+ initialiseInterceptors(engine, false);
}
void initialise(EndpointInfo ei,
@@ -80,9 +80,17 @@
PolicyEngineImpl engine,
Assertor assertor,
boolean requestor) {
- initialisePolicy(ei, boi, engine, requestor);
+ initialisePolicy(ei, boi, engine, requestor, assertor);
chooseAlternative(engine, assertor);
- initialiseInterceptors(engine);
+ initialiseInterceptors(engine, false);
+ }
+ void initialise(EndpointInfo ei,
+ BindingOperationInfo boi,
+ PolicyEngineImpl engine,
+ boolean requestor) {
+ Assertor assertor = initialisePolicy(ei, boi, engine, requestor, null);
+ chooseAlternative(engine, assertor);
+ initialiseInterceptors(engine, requestor);
}
void initialise(EndpointInfo ei,
@@ -91,21 +99,28 @@
Assertor assertor) {
initialisePolicy(ei, bfi, engine);
chooseAlternative(engine, assertor);
- initialiseInterceptors(engine);
+ initialiseInterceptors(engine, false);
}
- void initialisePolicy(EndpointInfo ei,
+ Assertor initialisePolicy(EndpointInfo ei,
BindingOperationInfo boi,
PolicyEngineImpl engine,
- boolean requestor) {
+ boolean requestor,
+ Assertor assertor) {
+
if (boi.isUnwrapped()) {
boi = boi.getUnwrappedOperation();
}
BindingMessageInfo bmi = requestor ? boi.getInput() : boi.getOutput();
+ EndpointPolicy ep;
if (requestor) {
- policy = engine.getClientEndpointPolicy(ei, (Conduit)null).getPolicy();
+ ep = engine.getClientEndpointPolicy(ei, (Conduit)assertor);
} else {
- policy = engine.getServerEndpointPolicy(ei, (Destination)null).getPolicy();
+ ep = engine.getServerEndpointPolicy(ei, (Destination)assertor);
+ }
+ policy = ep.getPolicy();
+ if (ep instanceof EndpointPolicyImpl) {
+ assertor = ((EndpointPolicyImpl)ep).getAssertor();
}
policy = policy.merge(engine.getAggregatedOperationPolicy(boi));
@@ -113,6 +128,7 @@
policy = policy.merge(engine.getAggregatedMessagePolicy(bmi));
}
policy = (Policy)policy.normalize(true);
+ return assertor;
}
void initialisePolicy(EndpointInfo ei, BindingFaultInfo bfi, PolicyEngineImpl engine) {
@@ -135,13 +151,18 @@
}
void initialiseInterceptors(PolicyEngineImpl engine) {
- PolicyInterceptorProviderRegistry reg
- = engine.getBus().getExtension(PolicyInterceptorProviderRegistry.class);
- Set<Interceptor> out = new LinkedHashSet<Interceptor>();
- for (PolicyAssertion a : getChosenAlternative()) {
- initialiseInterceptors(reg, engine, out, a);
- }
- setInterceptors(new ArrayList<Interceptor>(out));
+ initialiseInterceptors(engine, false);
+ }
+ void initialiseInterceptors(PolicyEngineImpl engine, boolean useIn) {
+ if (engine.getBus() != null) {
+ PolicyInterceptorProviderRegistry reg
+ = engine.getBus().getExtension(PolicyInterceptorProviderRegistry.class);
+ Set<Interceptor> out = new LinkedHashSet<Interceptor>();
+ for (PolicyAssertion a : getChosenAlternative()) {
+ initialiseInterceptors(reg, engine, out, a, useIn);
+ }
+ setInterceptors(new ArrayList<Interceptor>(out));
+ }
}
@@ -160,16 +181,17 @@
void initialiseInterceptors(PolicyInterceptorProviderRegistry reg,
PolicyEngineImpl engine,
Set<Interceptor> out,
- PolicyAssertion a) {
+ PolicyAssertion a,
+ boolean usIn) {
QName qn = a.getName();
PolicyInterceptorProvider pp = reg.get(qn);
if (null != pp) {
- out.addAll(pp.getOutInterceptors());
+ out.addAll(usIn ? pp.getInInterceptors() : pp.getOutInterceptors());
}
Policy p = a.getPolicy();
if (p != null) {
for (PolicyAssertion a2 : getSupportedAlternatives(engine, p)) {
- initialiseInterceptors(reg, engine, out, a2);
+ initialiseInterceptors(reg, engine, out, a2, usIn);
}
}
}
Modified: cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/EndpointPolicyImpl.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/EndpointPolicyImpl.java?rev=697942&r1=697941&r2=697942&view=diff
==============================================================================
--- cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/EndpointPolicyImpl.java (original)
+++ cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/EndpointPolicyImpl.java Mon Sep 22 11:51:08 2008
@@ -36,6 +36,8 @@
import org.apache.cxf.service.model.BindingFaultInfo;
import org.apache.cxf.service.model.BindingOperationInfo;
import org.apache.cxf.service.model.EndpointInfo;
+import org.apache.cxf.transport.Conduit;
+import org.apache.cxf.transport.Destination;
import org.apache.neethi.ExactlyOne;
import org.apache.neethi.Policy;
@@ -48,6 +50,7 @@
private Policy policy;
private Collection<PolicyAssertion> chosenAlternative;
+
private Collection<PolicyAssertion> vocabulary;
private Collection<PolicyAssertion> faultVocabulary;
private List<Interceptor> interceptors;
@@ -76,6 +79,10 @@
return policy;
}
+ public Assertor getAssertor() {
+ return assertor;
+ }
+
public EndpointPolicy updatePolicy(Policy p) {
EndpointPolicyImpl epi = createEndpointPolicy();
Policy np = (Policy)p.normalize(true);
@@ -89,19 +96,31 @@
return chosenAlternative;
}
- public Collection<PolicyAssertion> getVocabulary() {
+ public synchronized Collection<PolicyAssertion> getVocabulary() {
+ if (vocabulary == null) {
+ initializeVocabulary();
+ }
return vocabulary;
}
- public Collection<PolicyAssertion> getFaultVocabulary() {
+ public synchronized Collection<PolicyAssertion> getFaultVocabulary() {
+ if (vocabulary == null) {
+ initializeVocabulary();
+ }
return faultVocabulary;
}
- public List<Interceptor> getInterceptors() {
+ public synchronized List<Interceptor> getInterceptors() {
+ if (interceptors == null) {
+ initializeInterceptors();
+ }
return interceptors;
}
- public List<Interceptor> getFaultInterceptors() {
+ public synchronized List<Interceptor> getFaultInterceptors() {
+ if (interceptors == null) {
+ initializeInterceptors();
+ }
return faultInterceptors;
}
@@ -113,8 +132,6 @@
void finalizeConfig() {
chooseAlternative();
- initializeVocabulary();
- initializeInterceptors();
}
void initializePolicy() {
@@ -157,7 +174,9 @@
}
// vocabulary of alternative chosen for endpoint
-
+ if (getChosenAlternative() == null) {
+ return;
+ }
for (PolicyAssertion a : getChosenAlternative()) {
if (a.isOptional()) {
continue;
@@ -170,25 +189,49 @@
// add assertions for specific inbound (in case of a server endpoint) or outbound
// (in case of a client endpoint) messages
-
for (BindingOperationInfo boi : ei.getBinding().getOperations()) {
- Policy p = engine.getAggregatedOperationPolicy(boi);
+ EffectivePolicy p = null;
+ if (this.requestor) {
+ p = engine.getEffectiveClientRequestPolicy(ei, boi,
+ (Conduit)assertor);
+ } else {
+ p = engine.getEffectiveServerRequestPolicy(ei, boi);
+ }
Collection<PolicyAssertion> c = engine.getAssertions(p, false);
- vocabulary.addAll(c);
- if (null != faultVocabulary) {
- faultVocabulary.addAll(c);
+ if (c != null) {
+ vocabulary.addAll(c);
+ if (null != faultVocabulary) {
+ faultVocabulary.addAll(c);
+ }
}
-
- if (!requestor) {
- p = engine.getAggregatedMessagePolicy(boi.getInput());
- vocabulary.addAll(engine.getAssertions(p, false));
- } else if (null != boi.getOutput()) {
- p = engine.getAggregatedMessagePolicy(boi.getOutput());
- vocabulary.addAll(engine.getAssertions(p, false));
-
- for (BindingFaultInfo bfi : boi.getFaults()) {
- p = engine.getAggregatedFaultPolicy(bfi);
- faultVocabulary.addAll(engine.getAssertions(p, false));
+ if (this.requestor) {
+ p = engine.getEffectiveClientResponsePolicy(ei, boi);
+ } else {
+ p = engine.getEffectiveServerResponsePolicy(ei, boi,
+ (Destination)assertor);
+ }
+ c = engine.getAssertions(p, false);
+ if (c != null) {
+ vocabulary.addAll(c);
+ if (null != faultVocabulary) {
+ faultVocabulary.addAll(c);
+ }
+ }
+ if (boi.getFaults() != null) {
+ for (BindingFaultInfo bfi : boi.getFaults()) {
+ if (this.requestor) {
+ p = engine.getEffectiveClientFaultPolicy(ei, bfi);
+ } else {
+ p = engine.getEffectiveServerFaultPolicy(ei, bfi,
+ (Destination)assertor);
+ }
+ c = engine.getAssertions(p, false);
+ if (c != null) {
+ vocabulary.addAll(c);
+ if (null != faultVocabulary) {
+ faultVocabulary.addAll(c);
+ }
+ }
}
}
}
@@ -223,6 +266,10 @@
}
void initializeInterceptors() {
+ if (engine == null || engine.getBus() == null
+ || engine.getBus().getExtension(PolicyInterceptorProviderRegistry.class) == null) {
+ return;
+ }
PolicyInterceptorProviderRegistry reg
= engine.getBus().getExtension(PolicyInterceptorProviderRegistry.class);
Modified: cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyEngineImpl.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyEngineImpl.java?rev=697942&r1=697941&r2=697942&view=diff
==============================================================================
--- cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyEngineImpl.java (original)
+++ cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyEngineImpl.java Mon Sep 22 11:51:08 2008
@@ -226,11 +226,12 @@
ei.setProperty(POLICY_INFO_ENDPOINT_SERVER, ep);
}
- public EffectivePolicy getEffectiveServerRequestPolicy(EndpointInfo ei, BindingOperationInfo boi) {
+ public EffectivePolicy getEffectiveServerRequestPolicy(EndpointInfo ei,
+ BindingOperationInfo boi) {
EffectivePolicy effectivePolicy = (EffectivePolicy)boi.getProperty(POLICY_INFO_REQUEST_SERVER);
if (null == effectivePolicy) {
EffectivePolicyImpl epi = createOutPolicyInfo();
- epi.initialisePolicy(ei, boi, this, false);
+ epi.initialise(ei, boi, this, false);
boi.setProperty(POLICY_INFO_REQUEST_SERVER, epi);
effectivePolicy = epi;
}
@@ -246,7 +247,7 @@
EffectivePolicy effectivePolicy = (EffectivePolicy)boi.getProperty(POLICY_INFO_RESPONSE_CLIENT);
if (null == effectivePolicy) {
EffectivePolicyImpl epi = createOutPolicyInfo();
- epi.initialisePolicy(ei, boi, this, true);
+ epi.initialise(ei, boi, this, true);
boi.setProperty(POLICY_INFO_RESPONSE_CLIENT, epi);
effectivePolicy = epi;
}
@@ -418,6 +419,23 @@
}
return assertions;
}
+ Collection<PolicyAssertion> getAssertions(EffectivePolicy pc, boolean includeOptional) {
+ if (pc == null || pc.getChosenAlternative() == null) {
+ return null;
+ }
+ Collection<PolicyAssertion> assertions = new ArrayList<PolicyAssertion>();
+ for (PolicyAssertion assertion : pc.getChosenAlternative()) {
+ if (Constants.TYPE_ASSERTION == assertion.getType()) {
+ PolicyAssertion a = assertion;
+ if (includeOptional || !a.isOptional()) {
+ assertions.add(a);
+ }
+ } else {
+ addAssertions(assertion, includeOptional, assertions);
+ }
+ }
+ return assertions;
+ }
void addAssertions(PolicyComponent pc, boolean includeOptional,
Collection<PolicyAssertion> assertions) {
Modified: cxf/trunk/rt/ws/policy/src/test/java/org/apache/cxf/ws/policy/EffectivePolicyImplTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/policy/src/test/java/org/apache/cxf/ws/policy/EffectivePolicyImplTest.java?rev=697942&r1=697941&r2=697942&view=diff
==============================================================================
--- cxf/trunk/rt/ws/policy/src/test/java/org/apache/cxf/ws/policy/EffectivePolicyImplTest.java (original)
+++ cxf/trunk/rt/ws/policy/src/test/java/org/apache/cxf/ws/policy/EffectivePolicyImplTest.java Mon Sep 22 11:51:08 2008
@@ -87,8 +87,8 @@
EasyMock.expect(endpointPolicy.getPolicy()).andReturn(p);
Collection<PolicyAssertion> chosenAlternative = new ArrayList<PolicyAssertion>();
EasyMock.expect(endpointPolicy.getChosenAlternative()).andReturn(chosenAlternative);
- PolicyEngineImpl pe = control.createMock(PolicyEngineImpl.class);
- effectivePolicy.initialiseInterceptors(pe);
+ PolicyEngineImpl pe = new PolicyEngineImpl();
+ effectivePolicy.initialiseInterceptors(pe, false);
EasyMock.expectLastCall();
control.replay();
effectivePolicy.initialise(endpointPolicy, pe);
@@ -98,8 +98,11 @@
@Test
public void testInitialise() throws NoSuchMethodException {
Method m1 = EffectivePolicyImpl.class.getDeclaredMethod("initialisePolicy",
- new Class[] {EndpointInfo.class, BindingOperationInfo.class, PolicyEngineImpl.class,
- boolean.class});
+ new Class[] {EndpointInfo.class,
+ BindingOperationInfo.class,
+ PolicyEngineImpl.class,
+ boolean.class,
+ Assertor.class});
Method m2 = EffectivePolicyImpl.class.getDeclaredMethod("chooseAlternative",
new Class[] {PolicyEngineImpl.class, Assertor.class});
Method m3 = EffectivePolicyImpl.class.getDeclaredMethod("initialiseInterceptors",
@@ -108,15 +111,15 @@
control.createMock(EffectivePolicyImpl.class, new Method[] {m1, m2, m3});
EndpointInfo ei = control.createMock(EndpointInfo.class);
BindingOperationInfo boi = control.createMock(BindingOperationInfo.class);
- PolicyEngineImpl pe = control.createMock(PolicyEngineImpl.class);
+ PolicyEngineImpl pe = new PolicyEngineImpl();
Assertor a = control.createMock(Assertor.class);
boolean requestor = true;
- effectivePolicy.initialisePolicy(ei, boi, pe, requestor);
- EasyMock.expectLastCall();
+ effectivePolicy.initialisePolicy(ei, boi, pe, requestor, a);
+ EasyMock.expectLastCall().andReturn(a);
effectivePolicy.chooseAlternative(pe, a);
EasyMock.expectLastCall();
- effectivePolicy.initialiseInterceptors(pe);
+ effectivePolicy.initialiseInterceptors(pe, false);
EasyMock.expectLastCall();
control.replay();
@@ -136,14 +139,14 @@
control.createMock(EffectivePolicyImpl.class, new Method[] {m1, m2, m3});
EndpointInfo ei = control.createMock(EndpointInfo.class);
BindingFaultInfo bfi = control.createMock(BindingFaultInfo.class);
- PolicyEngineImpl pe = control.createMock(PolicyEngineImpl.class);
+ PolicyEngineImpl pe = new PolicyEngineImpl();
Assertor a = control.createMock(Assertor.class);
effectivePolicy.initialisePolicy(ei, bfi, pe);
EasyMock.expectLastCall();
effectivePolicy.chooseAlternative(pe, a);
EasyMock.expectLastCall();
- effectivePolicy.initialiseInterceptors(pe);
+ effectivePolicy.initialiseInterceptors(pe, false);
EasyMock.expectLastCall();
control.replay();
@@ -191,7 +194,7 @@
control.replay();
EffectivePolicyImpl epi = new EffectivePolicyImpl();
- epi.initialisePolicy(ei, boi, engine, requestor);
+ epi.initialisePolicy(ei, boi, engine, requestor, null);
assertSame(merged, epi.getPolicy());
control.verify();
}
@@ -306,7 +309,7 @@
private void setupPolicyInterceptorProviderRegistry(PolicyEngineImpl engine,
PolicyInterceptorProviderRegistry reg) {
Bus bus = control.createMock(Bus.class);
- EasyMock.expect(engine.getBus()).andReturn(bus);
+ EasyMock.expect(engine.getBus()).andReturn(bus).anyTimes();
EasyMock.expect(bus.getExtension(PolicyInterceptorProviderRegistry.class)).andReturn(reg);
}
Modified: cxf/trunk/rt/ws/policy/src/test/java/org/apache/cxf/ws/policy/EndpointPolicyImplTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/policy/src/test/java/org/apache/cxf/ws/policy/EndpointPolicyImplTest.java?rev=697942&r1=697941&r2=697942&view=diff
==============================================================================
--- cxf/trunk/rt/ws/policy/src/test/java/org/apache/cxf/ws/policy/EndpointPolicyImplTest.java (original)
+++ cxf/trunk/rt/ws/policy/src/test/java/org/apache/cxf/ws/policy/EndpointPolicyImplTest.java Mon Sep 22 11:51:08 2008
@@ -23,7 +23,6 @@
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
-import java.util.Iterator;
import java.util.List;
import javax.xml.namespace.QName;
@@ -31,10 +30,6 @@
import org.apache.cxf.Bus;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.interceptor.Interceptor;
-import org.apache.cxf.service.model.BindingFaultInfo;
-import org.apache.cxf.service.model.BindingInfo;
-import org.apache.cxf.service.model.BindingMessageInfo;
-import org.apache.cxf.service.model.BindingOperationInfo;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.service.model.ServiceInfo;
import org.apache.neethi.All;
@@ -75,8 +70,6 @@
assertNull(epi.getChosenAlternative());
assertNull(epi.getInterceptors());
assertNull(epi.getFaultInterceptors());
- assertNull(epi.getVocabulary());
- assertNull(epi.getFaultVocabulary());
Policy p = control.createMock(Policy.class);
PolicyAssertion a = control.createMock(PolicyAssertion.class);
@@ -120,8 +113,6 @@
EasyMock.expectLastCall();
epi.chooseAlternative();
EasyMock.expectLastCall();
- epi.initializeInterceptors();
- EasyMock.expectLastCall();
control.replay();
epi.initialize();
@@ -183,97 +174,7 @@
control.verify();
}
- @Test
- public void testInitialiseVocabularyServer() {
- dotestInitializeVocabulary(false);
- }
-
- @Test
- public void testInitialiseVocabularyClient() {
- dotestInitializeVocabulary(true);
- }
-
- private void dotestInitializeVocabulary(boolean requestor) {
-
- EndpointInfo ei = control.createMock(EndpointInfo.class);
- PolicyEngineImpl engine = control.createMock(PolicyEngineImpl.class);
-
- EndpointPolicyImpl epi = new EndpointPolicyImpl(ei, engine, requestor, null);
- List<PolicyAssertion> alternative = new ArrayList<PolicyAssertion>();
- epi.setChosenAlternative(alternative);
- PolicyAssertion ea = control.createMock(PolicyAssertion.class);
- alternative.add(ea);
- EasyMock.expect(ea.isOptional()).andReturn(false);
- PolicyAssertion eaOpt = control.createMock(PolicyAssertion.class);
- alternative.add(eaOpt);
- EasyMock.expect(eaOpt.isOptional()).andReturn(true);
-
- BindingInfo bi = control.createMock(BindingInfo.class);
- EasyMock.expect(ei.getBinding()).andReturn(bi);
- BindingOperationInfo boi = control.createMock(BindingOperationInfo.class);
- EasyMock.expect(bi.getOperations()).andReturn(Collections.singletonList(boi));
-
- Policy op = control.createMock(Policy.class);
- EasyMock.expect(engine.getAggregatedOperationPolicy(boi)).andReturn(op);
- PolicyAssertion oa = control.createMock(PolicyAssertion.class);
- EasyMock.expect(engine.getAssertions(op, false)).andReturn(Collections.singletonList(oa));
- BindingMessageInfo bmi = control.createMock(BindingMessageInfo.class);
- if (requestor) {
- EasyMock.expect(boi.getOutput()).andReturn(bmi).times(2);
- } else {
- EasyMock.expect(boi.getInput()).andReturn(bmi);
- }
- Policy mp = control.createMock(Policy.class);
- EasyMock.expect(engine.getAggregatedMessagePolicy(bmi)).andReturn(mp);
- PolicyAssertion ma = control.createMock(PolicyAssertion.class);
- EasyMock.expect(engine.getAssertions(mp, false)).andReturn(Collections.singletonList(ma));
- PolicyAssertion fa = null;
- if (requestor) {
- BindingFaultInfo bfi = control.createMock(BindingFaultInfo.class);
- EasyMock.expect(boi.getFaults()).andReturn(Collections.singletonList(bfi));
- Policy fp = control.createMock(Policy.class);
- EasyMock.expect(engine.getAggregatedFaultPolicy(bfi)).andReturn(fp);
- fa = control.createMock(PolicyAssertion.class);
- EasyMock.expect(engine.getAssertions(fp, false)).andReturn(Collections.singletonList(fa));
- }
-
- control.replay();
- epi.initializeVocabulary();
- Collection<PolicyAssertion> expected = new ArrayList<PolicyAssertion>();
- expected.add(ea);
- expected.add(oa);
- expected.add(ma);
- verifyVocabulary(expected, epi.getVocabulary());
- if (requestor) {
- expected.remove(ma);
- expected.add(fa);
- verifyVocabulary(expected, epi.getFaultVocabulary());
- //
- } else {
- assertNull(epi.getFaultVocabulary());
- }
-
- control.verify();
- }
-
- private void verifyVocabulary(Collection<PolicyAssertion> expected,
- Collection<PolicyAssertion> actual) {
-
- assertEquals(expected.size(), actual.size());
- for (Iterator<PolicyAssertion> i = expected.iterator(); i.hasNext();) {
- PolicyAssertion e = i.next();
- Iterator<PolicyAssertion> j = actual.iterator();
- boolean eFound = false;
- while (j.hasNext()) {
- if (e == j.next()) {
- eFound = true;
- break;
- }
- }
- assertTrue("Expected assertion not found.", eFound);
- }
- }
-
+
@Test
public void testUpdatePolicy() {
@@ -378,8 +279,9 @@
private void setupPolicyInterceptorProviderRegistry(PolicyEngineImpl engine,
PolicyInterceptorProviderRegistry reg) {
Bus bus = control.createMock(Bus.class);
- EasyMock.expect(engine.getBus()).andReturn(bus);
- EasyMock.expect(bus.getExtension(PolicyInterceptorProviderRegistry.class)).andReturn(reg);
+ EasyMock.expect(engine.getBus()).andReturn(bus).anyTimes();
+ EasyMock.expect(bus.getExtension(PolicyInterceptorProviderRegistry.class))
+ .andReturn(reg).anyTimes();
}
Modified: cxf/trunk/rt/ws/policy/src/test/java/org/apache/cxf/ws/policy/PolicyEngineTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/policy/src/test/java/org/apache/cxf/ws/policy/PolicyEngineTest.java?rev=697942&r1=697941&r2=697942&view=diff
==============================================================================
--- cxf/trunk/rt/ws/policy/src/test/java/org/apache/cxf/ws/policy/PolicyEngineTest.java (original)
+++ cxf/trunk/rt/ws/policy/src/test/java/org/apache/cxf/ws/policy/PolicyEngineTest.java Mon Sep 22 11:51:08 2008
@@ -38,6 +38,7 @@
import org.apache.cxf.service.model.BindingMessageInfo;
import org.apache.cxf.service.model.BindingOperationInfo;
import org.apache.cxf.service.model.EndpointInfo;
+import org.apache.cxf.service.model.OperationInfo;
import org.apache.cxf.service.model.ServiceInfo;
import org.apache.cxf.transport.Conduit;
import org.apache.cxf.transport.Destination;
@@ -72,7 +73,8 @@
return ei;
}
private BindingOperationInfo createMockBindingOperationInfo() throws Exception {
- BindingOperationInfo boi = new BindingOperationInfo() {
+ OperationInfo info = new OperationInfo();
+ BindingOperationInfo boi = new BindingOperationInfo(null, info) {
public boolean isUnwrapped() {
return false;
}
@@ -206,7 +208,7 @@
BindingOperationInfo boi = createMockBindingOperationInfo();
EffectivePolicyImpl epi = control.createMock(EffectivePolicyImpl.class);
EasyMock.expect(engine.createOutPolicyInfo()).andReturn(epi);
- epi.initialisePolicy(ei, boi, engine, false);
+ epi.initialise(ei, boi, engine, false);
EasyMock.expectLastCall();
control.replay();
assertSame(epi, engine.getEffectiveServerRequestPolicy(ei, boi));
@@ -235,7 +237,7 @@
BindingOperationInfo boi = createMockBindingOperationInfo();
EffectivePolicyImpl epi = control.createMock(EffectivePolicyImpl.class);
EasyMock.expect(engine.createOutPolicyInfo()).andReturn(epi);
- epi.initialisePolicy(ei, boi, engine, true);
+ epi.initialise(ei, boi, engine, true);
EasyMock.expectLastCall();
control.replay();
assertSame(epi, engine.getEffectiveClientResponsePolicy(ei, boi));
Modified: cxf/trunk/rt/ws/policy/src/test/java/org/apache/cxf/ws/policy/PolicyInterceptorsTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/policy/src/test/java/org/apache/cxf/ws/policy/PolicyInterceptorsTest.java?rev=697942&r1=697941&r2=697942&view=diff
==============================================================================
--- cxf/trunk/rt/ws/policy/src/test/java/org/apache/cxf/ws/policy/PolicyInterceptorsTest.java (original)
+++ cxf/trunk/rt/ws/policy/src/test/java/org/apache/cxf/ws/policy/PolicyInterceptorsTest.java Mon Sep 22 11:51:08 2008
@@ -36,6 +36,7 @@
import org.apache.cxf.service.model.FaultInfo;
import org.apache.cxf.transport.Conduit;
import org.apache.cxf.transport.Destination;
+import org.apache.neethi.Policy;
import org.easymock.classextension.EasyMock;
import org.easymock.classextension.IMocksControl;
import org.junit.Assert;
@@ -109,19 +110,17 @@
doTestBasics(interceptor, true, false);
control.reset();
- setupMessage(true, true, false, false, true, true);
- EndpointPolicy endpointPolicy = control.createMock(EndpointPolicy.class);
- EasyMock.expect(pe.getClientEndpointPolicy(ei, conduit)).andReturn(endpointPolicy);
+ setupMessage(true, true, true, true, true, true);
+ EffectivePolicy effectivePolicy = control.createMock(EffectivePolicy.class);
+ EasyMock.expect(pe.getEffectiveClientResponsePolicy(ei, boi)).andReturn(effectivePolicy);
+ EasyMock.expect(effectivePolicy.getPolicy()).andReturn(new Policy()).times(2);
Interceptor i = control.createMock(Interceptor.class);
- EasyMock.expect(endpointPolicy.getInterceptors())
+ EasyMock.expect(effectivePolicy.getInterceptors())
.andReturn(CastUtils.cast(Collections.singletonList(i), Interceptor.class));
InterceptorChain ic = control.createMock(InterceptorChain.class);
EasyMock.expect(message.getInterceptorChain()).andReturn(ic);
ic.add(i);
EasyMock.expectLastCall();
- Collection<PolicyAssertion> assertions =
- CastUtils.cast(Collections.EMPTY_LIST, PolicyAssertion.class);
- EasyMock.expect(endpointPolicy.getVocabulary()).andReturn(assertions);
message.put(EasyMock.eq(AssertionInfoMap.class), EasyMock.isA(AssertionInfoMap.class));
EasyMock.expectLastCall();
control.replay();
@@ -360,7 +359,7 @@
if (isClient) {
conduit = control.createMock(Conduit.class);
- EasyMock.expect(exchange.getConduit(message)).andReturn(conduit);
+ EasyMock.expect(exchange.getConduit(message)).andReturn(conduit).anyTimes();
} else {
destination = control.createMock(Destination.class);
EasyMock.expect(exchange.getDestination()).andReturn(destination);
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=697942&r1=697941&r2=697942&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java Mon Sep 22 11:51:08 2008
@@ -27,6 +27,10 @@
public static final String PASSWORD = "ws-security.password";
public static final String CALLBACK_HANDLER = "ws-security.callback-handler";
+ public static final String SIGNATURE_PROPERTIES = "ws-security.signature.properties";
+ public static final String ENCRYPT_USERNAME = "ws-security.encryption.username";
+ public static final String ENCRYPT_PROPERTIES = "ws-security.encryption.properties";
+
private SecurityConstants() {
//utility class
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java?rev=697942&r1=697941&r2=697942&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java Mon Sep 22 11:51:08 2008
@@ -82,12 +82,6 @@
public static final QName INCLUDE_TIMESTAMP = new QName(SP12Constants.SP_NS,
SPConstants.INCLUDE_TIMESTAMP, SP12Constants.SP_PREFIX);
- public static final QName ENCRYPT_BEFORE_SIGNING = new QName(SP12Constants.SP_NS,
- SPConstants.ENCRYPT_BEFORE_SIGNING, SP12Constants.SP_PREFIX);
-
- public static final QName SIGN_BEFORE_ENCRYPTING = new QName(SP12Constants.SP_NS,
- SPConstants.SIGN_BEFORE_ENCRYPTING, SP12Constants.SP_PREFIX);
-
public static final QName ONLY_SIGN_ENTIRE_HEADERS_AND_BODY = new QName(SP12Constants.SP_NS,
SPConstants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY, SP12Constants.SP_PREFIX);
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SPConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SPConstants.java?rev=697942&r1=697941&r2=697942&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SPConstants.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SPConstants.java Mon Sep 22 11:51:08 2008
@@ -50,11 +50,15 @@
////////////////////////////////////////////////////////////////////////////////////////////////
+
+ public enum ProtectionOrder {
+ EncryptBeforeSigning,
+ SignBeforeEncrypting
+ };
/**
* Protection Order : EncryptBeforeSigning
*/
public static final String ENCRYPT_BEFORE_SIGNING = "EncryptBeforeSigning";
-
/**
* Protection Order : SignBeforeEncrypting
*/
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/AsymmetricBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/AsymmetricBindingBuilder.java?rev=697942&r1=697941&r2=697942&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/AsymmetricBindingBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/AsymmetricBindingBuilder.java Mon Sep 22 11:51:08 2008
@@ -88,7 +88,8 @@
assertion = (Assertion)iterator.next();
name = assertion.getName();
- if (!consts.getNamespace().equals(name.getNamespaceURI())) {
+ if (!consts.getNamespace().equals(name.getNamespaceURI())
+ && !SP12Constants.INSTANCE.getNamespace().equals(name.getNamespaceURI())) {
continue;
}
@@ -109,10 +110,10 @@
asymmetricBinding.setIncludeTimestamp(true);
} else if (SPConstants.ENCRYPT_BEFORE_SIGNING.equals(name.getLocalPart())) {
- asymmetricBinding.setProtectionOrder(SPConstants.ENCRYPT_BEFORE_SIGNING);
+ asymmetricBinding.setProtectionOrder(SPConstants.ProtectionOrder.EncryptBeforeSigning);
} else if (SPConstants.SIGN_BEFORE_ENCRYPTING.equals(name.getLocalPart())) {
- asymmetricBinding.setProtectionOrder(SPConstants.SIGN_BEFORE_ENCRYPTING);
+ asymmetricBinding.setProtectionOrder(SPConstants.ProtectionOrder.SignBeforeEncrypting);
} else if (SPConstants.ENCRYPT_SIGNATURE.equals(name.getLocalPart())) {
asymmetricBinding.setSignatureProtection(true);
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SymmetricBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SymmetricBindingBuilder.java?rev=697942&r1=697941&r2=697942&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SymmetricBindingBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SymmetricBindingBuilder.java Mon Sep 22 11:51:08 2008
@@ -101,10 +101,10 @@
symmetricBinding.setProtectionToken((ProtectionToken)assertion);
} else if (SPConstants.ENCRYPT_BEFORE_SIGNING.equals(name.getLocalPart())) {
- symmetricBinding.setProtectionOrder(SPConstants.ENCRYPT_BEFORE_SIGNING);
+ symmetricBinding.setProtectionOrder(SPConstants.ProtectionOrder.EncryptBeforeSigning);
} else if (SPConstants.SIGN_BEFORE_ENCRYPTING.equals(name.getLocalPart())) {
- symmetricBinding.setProtectionOrder(SPConstants.SIGN_BEFORE_ENCRYPTING);
+ symmetricBinding.setProtectionOrder(SPConstants.ProtectionOrder.SignBeforeEncrypting);
} else if (SPConstants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY.equals(name.getLocalPart())) {
symmetricBinding.setEntireHeadersAndBodySignatures(true);
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityInterceptorProvider.java?rev=697942&r1=697941&r2=697942&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityInterceptorProvider.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityInterceptorProvider.java Mon Sep 22 11:51:08 2008
@@ -37,32 +37,22 @@
private static final Collection<QName> ASSERTION_TYPES;
static {
ASSERTION_TYPES = new ArrayList<QName>();
- ASSERTION_TYPES.add(SP11Constants.LAYOUT);
- ASSERTION_TYPES.add(SP11Constants.INCLUDE_TIMESTAMP);
- ASSERTION_TYPES.add(SP11Constants.ALGORITHM_SUITE);
- ASSERTION_TYPES.add(SP11Constants.WSS10);
- ASSERTION_TYPES.add(SP11Constants.WSS11);
- ASSERTION_TYPES.add(SP11Constants.SIGNED_SUPPORTING_TOKENS);
- ASSERTION_TYPES.add(SP11Constants.USERNAME_TOKEN);
-
- ASSERTION_TYPES.add(SP12Constants.LAYOUT);
- ASSERTION_TYPES.add(SP12Constants.INCLUDE_TIMESTAMP);
- ASSERTION_TYPES.add(SP12Constants.ALGORITHM_SUITE);
- ASSERTION_TYPES.add(SP12Constants.WSS10);
- ASSERTION_TYPES.add(SP12Constants.WSS11);
- ASSERTION_TYPES.add(SP12Constants.SIGNED_SUPPORTING_TOKENS);
- ASSERTION_TYPES.add(SP12Constants.USERNAME_TOKEN);
ASSERTION_TYPES.add(SP11Constants.TRANSPORT_BINDING);
ASSERTION_TYPES.add(SP12Constants.TRANSPORT_BINDING);
+ ASSERTION_TYPES.add(SP11Constants.ASYMMETRIC_BINDING);
+ ASSERTION_TYPES.add(SP12Constants.ASYMMETRIC_BINDING);
+
+ ASSERTION_TYPES.add(SP11Constants.SYMMETRIC_BINDING);
+ ASSERTION_TYPES.add(SP12Constants.SYMMETRIC_BINDING);
}
public WSSecurityInterceptorProvider() {
super(ASSERTION_TYPES);
this.getOutInterceptors().add(new PolicyBasedWSS4JOutInterceptor());
this.getOutFaultInterceptors().add(new PolicyBasedWSS4JOutInterceptor());
- this.getInInterceptors().add(new WSS4JInInterceptor());
+ this.getInInterceptors().add(new WSS4JInInterceptor(true));
this.getInFaultInterceptors().add(new WSS4JInInterceptor());
}
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java?rev=697942&r1=697941&r2=697942&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java Mon Sep 22 11:51:08 2008
@@ -35,10 +35,27 @@
private static final Collection<QName> ASSERTION_TYPES;
static {
ASSERTION_TYPES = new ArrayList<QName>();
- //ASSERTION_TYPES.add(SP11Constants.TRANSPORT_BINDING);
- //ASSERTION_TYPES.add(SP12Constants.TRANSPORT_BINDING);
+ ASSERTION_TYPES.add(SP11Constants.LAYOUT);
+ ASSERTION_TYPES.add(SP11Constants.INCLUDE_TIMESTAMP);
+ ASSERTION_TYPES.add(SP11Constants.ALGORITHM_SUITE);
+ ASSERTION_TYPES.add(SP11Constants.WSS10);
+ ASSERTION_TYPES.add(SP11Constants.WSS11);
+ ASSERTION_TYPES.add(SP11Constants.SIGNED_SUPPORTING_TOKENS);
+ ASSERTION_TYPES.add(SP11Constants.USERNAME_TOKEN);
ASSERTION_TYPES.add(SP11Constants.TRANSPORT_TOKEN);
- ASSERTION_TYPES.add(SP12Constants.TRANSPORT_TOKEN);
+ ASSERTION_TYPES.add(SP11Constants.SIGNED_PARTS);
+ ASSERTION_TYPES.add(SP11Constants.ENCRYPTED_PARTS);
+
+ ASSERTION_TYPES.add(SP12Constants.LAYOUT);
+ ASSERTION_TYPES.add(SP12Constants.INCLUDE_TIMESTAMP);
+ ASSERTION_TYPES.add(SP12Constants.ALGORITHM_SUITE);
+ ASSERTION_TYPES.add(SP12Constants.WSS10);
+ ASSERTION_TYPES.add(SP12Constants.WSS11);
+ ASSERTION_TYPES.add(SP12Constants.SIGNED_SUPPORTING_TOKENS);
+ ASSERTION_TYPES.add(SP12Constants.USERNAME_TOKEN);
+ ASSERTION_TYPES.add(SP12Constants.TRANSPORT_TOKEN);
+ ASSERTION_TYPES.add(SP12Constants.SIGNED_PARTS);
+ ASSERTION_TYPES.add(SP12Constants.ENCRYPTED_PARTS);
}
public WSSecurityPolicyInterceptorProvider() {
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AbstractSecurityAssertion.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AbstractSecurityAssertion.java?rev=697942&r1=697941&r2=697942&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AbstractSecurityAssertion.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AbstractSecurityAssertion.java Mon Sep 22 11:51:08 2008
@@ -74,7 +74,7 @@
public boolean isAsserted(AssertionInfoMap aim) {
Collection<AssertionInfo> ail = aim.getAssertionInfo(getName());
for (AssertionInfo ai : ail) {
- if (ai.isAsserted() && ai.getAssertion().equal(this)) {
+ if (ai.isAsserted() && ai.getAssertion() == this) {
return true;
}
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AsymmetricBinding.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AsymmetricBinding.java?rev=697942&r1=697941&r2=697942&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AsymmetricBinding.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AsymmetricBinding.java Mon Sep 22 11:51:08 2008
@@ -23,6 +23,7 @@
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamWriter;
+import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion;
import org.apache.cxf.ws.security.policy.SP12Constants;
import org.apache.cxf.ws.security.policy.SPConstants;
import org.apache.neethi.All;
@@ -75,38 +76,47 @@
return SP12Constants.INSTANCE.getAsymmetricBinding();
}
public PolicyComponent normalize() {
-
- if (isNormalized()) {
- return this;
- }
-
- AlgorithmSuite algorithmSuite = getAlgorithmSuite();
-
- Policy policy = new Policy();
- ExactlyOne exactlyOne = new ExactlyOne();
-
- policy.addPolicyComponent(exactlyOne);
-
-
- All wrapper = new All();
- AsymmetricBinding asymmetricBinding = new AsymmetricBinding(constants);
-
+ return this;
+ }
+ public Policy getPolicy() {
+ Policy p = new Policy();
+ ExactlyOne ea = new ExactlyOne();
+ p.addPolicyComponent(ea);
+ All all = new All();
+
+ /*
asymmetricBinding.setAlgorithmSuite(algorithmSuite);
- asymmetricBinding.setEntireHeadersAndBodySignatures(isEntireHeadersAndBodySignatures());
- asymmetricBinding.setIncludeTimestamp(isIncludeTimestamp());
- asymmetricBinding.setInitiatorToken(getInitiatorToken());
- asymmetricBinding.setLayout(getLayout());
asymmetricBinding.setProtectionOrder(getProtectionOrder());
- asymmetricBinding.setRecipientToken(getRecipientToken());
asymmetricBinding.setSignatureProtection(isSignatureProtection());
asymmetricBinding.setSignedEndorsingSupportingTokens(getSignedEndorsingSupportingTokens());
asymmetricBinding.setTokenProtection(isTokenProtection());
-
- asymmetricBinding.setNormalized(true);
- wrapper.addPolicyComponent(wrapper);
-
- return policy;
-
+ */
+ if (getInitiatorToken() != null) {
+ all.addPolicyComponent(getInitiatorToken());
+ }
+ if (getRecipientToken() != null) {
+ all.addPolicyComponent(getRecipientToken());
+ }
+ /*
+ if (isEntireHeadersAndBodySignatures()) {
+ all.addPolicyComponent(new PrimitiveAssertion(SP12Constants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY));
+ }
+ */
+ if (isIncludeTimestamp()) {
+ all.addPolicyComponent(new PrimitiveAssertion(SP12Constants.INCLUDE_TIMESTAMP));
+ }
+ if (getLayout() != null) {
+ all.addPolicyComponent(getLayout());
+ }
+ ea.addPolicyComponent(all);
+ PolicyComponent pc = p.normalize(true);
+ if (pc instanceof Policy) {
+ return (Policy)pc;
+ } else {
+ p = new Policy();
+ p.addPolicyComponent(pc);
+ return p;
+ }
}
public void serialize(XMLStreamWriter writer) throws XMLStreamException {
@@ -173,9 +183,10 @@
// </sp:IncludeTimestamp>
}
- if (SPConstants.ENCRYPT_BEFORE_SIGNING.equals(getProtectionOrder())) {
+ if (SPConstants.ProtectionOrder.EncryptBeforeSigning.equals(getProtectionOrder())) {
// <sp:EncryptBeforeSign />
- writer.writeStartElement(prefix, SPConstants.ENCRYPT_BEFORE_SIGNING, namespaceURI);
+ writer.writeStartElement(prefix, SPConstants.ProtectionOrder.EncryptBeforeSigning.toString(),
+ namespaceURI);
writer.writeEndElement();
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/EncryptionToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/EncryptionToken.java?rev=697942&r1=697941&r2=697942&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/EncryptionToken.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/EncryptionToken.java Mon Sep 22 11:51:08 2008
@@ -39,6 +39,10 @@
public Token getEncryptionToken() {
return encryptionToken;
}
+ public Token getToken() {
+ return encryptionToken;
+ }
+
/**
* @param encryptionToken The encryptionToken to set.
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/InitiatorToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/InitiatorToken.java?rev=697942&r1=697941&r2=697942&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/InitiatorToken.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/InitiatorToken.java Mon Sep 22 11:51:08 2008
@@ -39,6 +39,10 @@
public Token getInitiatorToken() {
return initiatorToken;
}
+ public Token getToken() {
+ return initiatorToken;
+ }
+
/**
* @param initiatorToken The initiatorToken to set.
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/ProtectionToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/ProtectionToken.java?rev=697942&r1=697941&r2=697942&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/ProtectionToken.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/ProtectionToken.java Mon Sep 22 11:51:08 2008
@@ -40,6 +40,9 @@
public Token getProtectionToken() {
return protectionToken;
}
+ public Token getToken() {
+ return protectionToken;
+ }
/**
* @param protectionToken The protectionToken to set.
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/RecipientToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/RecipientToken.java?rev=697942&r1=697941&r2=697942&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/RecipientToken.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/RecipientToken.java Mon Sep 22 11:51:08 2008
@@ -27,7 +27,7 @@
public class RecipientToken extends AbstractSecurityAssertion implements TokenWrapper {
- private Token receipientToken;
+ private Token recipientToken;
public RecipientToken(SPConstants version) {
super(version);
@@ -36,15 +36,18 @@
/**
* @return Returns the receipientToken.
*/
- public Token getReceipientToken() {
- return receipientToken;
+ public Token getRecipientToken() {
+ return recipientToken;
+ }
+ public Token getToken() {
+ return recipientToken;
}
/**
* @param receipientToken The receipientToken to set.
*/
- public void setReceipientToken(Token receipientToken) {
- this.receipientToken = receipientToken;
+ public void setRecipientToken(Token recipientToken) {
+ this.recipientToken = recipientToken;
}
/*
@@ -52,7 +55,7 @@
* @see org.apache.ws.security.policy.TokenWrapper#setToken(org.apache.ws.security.policy.Token)
*/
public void setToken(Token tok) {
- this.setReceipientToken(tok);
+ this.setRecipientToken(tok);
}
public QName getRealName() {
@@ -85,7 +88,7 @@
writer.writeStartElement(pPrefix, SPConstants.POLICY.getLocalPart(), SPConstants.POLICY
.getNamespaceURI());
- Token token = getReceipientToken();
+ Token token = getRecipientToken();
if (token == null) {
throw new RuntimeException("RecipientToken doesn't contain any token assertions");
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SignatureToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SignatureToken.java?rev=697942&r1=697941&r2=697942&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SignatureToken.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SignatureToken.java Mon Sep 22 11:51:08 2008
@@ -39,6 +39,9 @@
public Token getSignatureToken() {
return signatureToken;
}
+ public Token getToken() {
+ return signatureToken;
+ }
/**
* @param signatureToken The signatureToken to set.
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SupportingToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SupportingToken.java?rev=697942&r1=697941&r2=697942&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SupportingToken.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SupportingToken.java Mon Sep 22 11:51:08 2008
@@ -167,6 +167,10 @@
public void setToken(Token tok) {
this.addToken(tok);
}
+ public Token getToken() {
+ return null;
+ }
+
public QName getRealName() {
QName ret = null;
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SymmetricAsymmetricBindingBase.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SymmetricAsymmetricBindingBase.java?rev=697942&r1=697941&r2=697942&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SymmetricAsymmetricBindingBase.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SymmetricAsymmetricBindingBase.java Mon Sep 22 11:51:08 2008
@@ -22,7 +22,7 @@
public abstract class SymmetricAsymmetricBindingBase extends Binding {
- private String protectionOrder = SPConstants.SIGN_BEFORE_ENCRYPTING;
+ private SPConstants.ProtectionOrder protectionOrder = SPConstants.ProtectionOrder.SignBeforeEncrypting;
private boolean signatureProtection;
@@ -51,21 +51,15 @@
/**
* @return Returns the protectionOrder.
*/
- public String getProtectionOrder() {
+ public SPConstants.ProtectionOrder getProtectionOrder() {
return protectionOrder;
}
/**
* @param protectionOrder The protectionOrder to set.
*/
- public void setProtectionOrder(String protectionOrder) {
- if (SPConstants.ENCRYPT_BEFORE_SIGNING.equals(protectionOrder)
- || SPConstants.SIGN_BEFORE_ENCRYPTING.equals(protectionOrder)) {
- this.protectionOrder = protectionOrder;
- } else {
- // throw new WSSPolicyException("Incorrect protection order value : "
- // + protectionOrder);
- }
+ public void setProtectionOrder(SPConstants.ProtectionOrder protectionOrder) {
+ this.protectionOrder = protectionOrder;
}
/**
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SymmetricBinding.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SymmetricBinding.java?rev=697942&r1=697941&r2=697942&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SymmetricBinding.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SymmetricBinding.java Mon Sep 22 11:51:08 2008
@@ -204,7 +204,7 @@
writer.writeEndElement();
}
- if (SPConstants.ENCRYPT_BEFORE_SIGNING.equals(getProtectionOrder())) {
+ if (SPConstants.ProtectionOrder.EncryptBeforeSigning == getProtectionOrder()) {
// <sp:EncryptBeforeSigning />
writer.writeStartElement(prefix, SPConstants.ENCRYPT_BEFORE_SIGNING, namespaceURI);
writer.writeEndElement();
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TokenWrapper.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TokenWrapper.java?rev=697942&r1=697941&r2=697942&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TokenWrapper.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TokenWrapper.java Mon Sep 22 11:51:08 2008
@@ -18,7 +18,12 @@
*/
package org.apache.cxf.ws.security.policy.model;
-public interface TokenWrapper {
+
+import org.apache.cxf.ws.policy.PolicyAssertion;
+
+public interface TokenWrapper extends PolicyAssertion {
void setToken(Token tok);
+ Token getToken();
+
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TransportToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TransportToken.java?rev=697942&r1=697941&r2=697942&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TransportToken.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TransportToken.java Mon Sep 22 11:51:08 2008
@@ -40,6 +40,9 @@
public Token getTransportToken() {
return transportToken;
}
+ public Token getToken() {
+ return transportToken;
+ }
public QName getRealName() {
return constants.getTransportToken();
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java?rev=697942&r1=697941&r2=697942&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java Mon Sep 22 11:51:08 2008
@@ -18,25 +18,34 @@
*/
package org.apache.cxf.ws.security.wss4j;
+import java.io.IOException;
import java.net.URI;
+import java.net.URL;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
+import java.util.Properties;
import java.util.Set;
import javax.xml.namespace.QName;
+import org.apache.cxf.Bus;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.interceptor.SoapInterceptor;
+import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.PhaseInterceptor;
+import org.apache.cxf.resource.ResourceManager;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.cxf.ws.policy.PolicyAssertion;
+import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.policy.SP12Constants;
import org.apache.cxf.ws.security.policy.SPConstants;
+import org.apache.cxf.ws.security.policy.model.AsymmetricBinding;
import org.apache.cxf.ws.security.policy.model.Layout;
import org.apache.cxf.ws.security.policy.model.SupportingToken;
import org.apache.cxf.ws.security.policy.model.Token;
@@ -154,6 +163,55 @@
org.apache.cxf.message.Message.REQUESTOR_ROLE));
}
+ protected void policyAsserted(AssertionInfoMap aim, PolicyAssertion assertion) {
+ Collection<AssertionInfo> ais;
+ ais = aim.get(assertion.getName());
+ if (ais != null) {
+ for (AssertionInfo ai : ais) {
+ if (ai.getAssertion() == assertion) {
+ ai.setAsserted(true);
+ }
+ }
+ }
+ }
+ protected void policyAsserted(AssertionInfoMap aim, QName qn) {
+ Collection<AssertionInfo> ais;
+ ais = aim.get(qn);
+ if (ais != null) {
+ for (AssertionInfo ai : ais) {
+ ai.setAsserted(true);
+ }
+ }
+ }
+ private static Properties getProps(Object o, SoapMessage message) {
+ Properties properties = null;
+ if (o instanceof Properties) {
+ properties = (Properties)o;
+ } else if (o instanceof String) {
+ ResourceManager rm = message.getExchange().get(Bus.class).getExtension(ResourceManager.class);
+ URL url = rm.resolveResource((String)o, URL.class);
+ try {
+ if (url == null) {
+ url = ClassLoaderUtils.getResource((String)o, AbstractWSS4JInterceptor.class);
+ }
+ if (url != null) {
+ properties = new Properties();
+ properties.load(url.openStream());
+ }
+ } catch (IOException e) {
+ properties = null;
+ }
+ } else if (o instanceof URL) {
+ properties = new Properties();
+ try {
+ properties.load(((URL)o).openStream());
+ } catch (IOException e) {
+ properties = null;
+ }
+ }
+
+ return properties;
+ }
protected void checkPolicies(SoapMessage message, RequestData data) {
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
@@ -188,6 +246,37 @@
ai.setAsserted(true);
}
}
+ ais = aim.get(SP12Constants.ASYMMETRIC_BINDING);
+ if (ais != null) {
+ for (AssertionInfo ai : ais) {
+ AsymmetricBinding abinding = (AsymmetricBinding)ai.getAssertion();
+ if (abinding.getProtectionOrder() == SPConstants.ProtectionOrder.EncryptBeforeSigning) {
+ action = "Encrypt Signature " + action;
+ } else {
+ action = "Signature Encrypt " + action;
+ }
+ Object s = message.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
+ Object e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
+ if (isRequestor(message)) {
+ message.put("SignaturePropRefId", "SigRefId");
+ message.put("SigRefId", getProps(e, message));
+ message.put("decryptionPropRefId", "DecRefId");
+ message.put("DecRefId", getProps(s, message));
+ } else {
+ message.put("SignaturePropRefId", "SigRefId");
+ message.put("SigRefId", getProps(s, message));
+ message.put("decryptionPropRefId", "DecRefId");
+ message.put("DecRefId", getProps(e, message));
+ }
+ ai.setAsserted(true);
+ policyAsserted(aim, abinding.getInitiatorToken());
+ policyAsserted(aim, abinding.getRecipientToken());
+ policyAsserted(aim, abinding.getInitiatorToken().getToken());
+ policyAsserted(aim, abinding.getRecipientToken().getToken());
+ policyAsserted(aim, SP12Constants.ENCRYPTED_PARTS);
+ policyAsserted(aim, SP12Constants.SIGNED_PARTS);
+ }
+ }
ais = aim.get(SP12Constants.SIGNED_SUPPORTING_TOKENS);
if (ais != null) {
for (AssertionInfo ai : ais) {
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java?rev=697942&r1=697941&r2=697942&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java Mon Sep 22 11:51:08 2008
@@ -33,7 +33,11 @@
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.policy.SP12Constants;
+import org.apache.cxf.ws.security.policy.model.AsymmetricBinding;
+import org.apache.cxf.ws.security.policy.model.Binding;
+import org.apache.cxf.ws.security.policy.model.SymmetricBinding;
import org.apache.cxf.ws.security.policy.model.TransportBinding;
+import org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler;
import org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler;
import org.apache.ws.security.message.WSSecHeader;
@@ -82,18 +86,40 @@
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
// extract Assertion information
if (aim != null) {
- TransportBinding transport = null;
+ Binding transport = null;
ais = aim.get(SP12Constants.TRANSPORT_BINDING);
if (ais != null) {
for (AssertionInfo ai : ais) {
- transport = (TransportBinding)ai.getAssertion();
+ transport = (Binding)ai.getAssertion();
+ ai.setAsserted(true);
+ }
+ }
+ ais = aim.get(SP12Constants.ASYMMETRIC_BINDING);
+ if (ais != null) {
+ for (AssertionInfo ai : ais) {
+ transport = (Binding)ai.getAssertion();
+ ai.setAsserted(true);
+ }
+ }
+ ais = aim.get(SP12Constants.SYMMETRIC_BINDING);
+ if (ais != null) {
+ for (AssertionInfo ai : ais) {
+ transport = (Binding)ai.getAssertion();
ai.setAsserted(true);
}
}
if (transport != null) {
- new TransportBindingHandler(transport, saaj, secHeader, aim, message).handleBinding();
+ if (transport instanceof TransportBinding) {
+ new TransportBindingHandler((TransportBinding)transport, saaj,
+ secHeader, aim, message).handleBinding();
+ } else if (transport instanceof SymmetricBinding) {
+ //TODO
+ } else {
+ new AsymmetricBindingHandler((AsymmetricBinding)transport, saaj,
+ secHeader, aim, message).handleBinding();
+ }
}
ais = aim.get(SP12Constants.WSS10);
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=697942&r1=697941&r2=697942&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java Mon Sep 22 11:51:08 2008
@@ -39,6 +39,7 @@
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.SoapVersion;
import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor;
+import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.common.i18n.Message;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.helpers.CastUtils;
@@ -76,6 +77,7 @@
WSS4JInInterceptor.class.getName()
+ "-Time");
private SAAJInInterceptor saajIn = new SAAJInInterceptor();
+ private boolean ignoreActions;
/**
*
@@ -88,6 +90,10 @@
setPhase(Phase.PRE_PROTOCOL);
getAfter().add(SAAJInInterceptor.class.getName());
}
+ public WSS4JInInterceptor(boolean ignore) {
+ this();
+ ignoreActions = ignore;
+ }
public WSS4JInInterceptor(Map<String, Object> properties) {
this();
@@ -99,6 +105,9 @@
}
}
+ public void setIgnoreActions(boolean i) {
+ ignoreActions = i;
+ }
private SOAPMessage getSOAPMessage(SoapMessage msg) {
SOAPMessage doc = msg.getContent(SOAPMessage.class);
if (doc == null) {
@@ -234,7 +243,7 @@
/*
* now check the security actions: do they match, in right order?
*/
- if (!checkReceiverResults(wsResult, actions)) {
+ if (!ignoreActions && !checkReceiverResults(wsResult, actions)) {
LOG.warning("Security processing failed (actions mismatch)");
throw new WSSecurityException(WSSecurityException.INVALID_SECURITY);
}
@@ -334,9 +343,18 @@
*/
CallbackHandler cbHandler = null;
if ((doAction & (WSConstants.ENCR | WSConstants.UT)) != 0) {
- cbHandler
- = (CallbackHandler)((SoapMessage)reqData.getMsgContext())
- .getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
+ Object o = ((SoapMessage)reqData.getMsgContext())
+ .getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
+ if (o instanceof String) {
+ try {
+ o = ClassLoaderUtils.loadClass((String)o, this.getClass()).newInstance();
+ } catch (Exception e) {
+ throw new WSSecurityException(e.getMessage(), e);
+ }
+ }
+ if (o instanceof CallbackHandler) {
+ cbHandler = (CallbackHandler)o;
+ }
if (cbHandler == null) {
cbHandler = getPasswordCB(reqData);
}