You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-commits@axis.apache.org by bi...@apache.org on 2020/04/15 16:08:22 UTC
[axis-axis2-java-rampart] 04/10: Merge changes up to r1052171 from
trunk.
This is an automated email from the ASF dual-hosted git repository.
billblough pushed a commit to branch RAMPART-289
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit f64557fda3f023bd2346f1aa7b241bf776f0bcf1
Author: Andreas Veithen <ve...@apache.org>
AuthorDate: Mon Jan 30 17:08:19 2017 +0000
Merge changes up to r1052171 from trunk.
---
modules/distribution/bin.xml | 17 +-
.../documentation/src/site/resources/css/site.css | 535 ++++++++++-----------
.../resources/images/apache-rampart-banner.jpg | Bin 14840 -> 27612 bytes
.../site/resources/images/apache-rampart-logo.jpg | Bin 4906 -> 10154 bytes
.../src/site/resources/images/axis.jpg | Bin 0 -> 13887 bytes
.../src/site/resources/images/axis.png | Bin 0 -> 13745 bytes
.../src/site/resources/images/breadcrumbs-bg.gif | Bin 0 -> 198 bytes
.../src/site/resources/images/h2-bg.gif | Bin 0 -> 202 bytes
.../src/site/resources/images/home-top.gif | Bin 0 -> 804 bytes
.../src/site/resources/images/leftcolumn-bg.gif | Bin 0 -> 523 bytes
.../src/site/resources/images/menu-back.gif | Bin 0 -> 827 bytes
.../src/site/resources/rampart-config.xsd | 27 +-
.../src/site/resources/samples/policy/sample01.xml | 2 +-
.../src/site/resources/samples/policy/sample05.xml | 2 +-
.../src/site/resources/samples/policy/sample06.xml | 2 +-
modules/documentation/src/site/site.xml | 61 ++-
modules/documentation/src/site/xdoc/download.xml | 124 +++--
.../src/site/xdoc/download/1.1/download.xml | 64 +--
.../src/site/xdoc/download/1.2/download.xml | 64 +--
.../src/site/xdoc/download/1.3/download.xml | 64 +--
.../src/site/xdoc/download/1.4/download.cgi | 6 +
.../src/site/xdoc/download/1.4/download.xml | 82 ++++
.../src/site/xdoc/download/1.5.1/download.cgi | 6 +
.../site/xdoc/download/{1.2 => 1.5.1}/download.xml | 235 +++++----
.../src/site/xdoc/download/1.5/download.cgi | 6 +
.../src/site/xdoc/download/1.5/download.xml | 82 ++++
.../src/site/xdoc/rampartconfig-guide.xml | 68 ++-
modules/documentation/src/site/xdoc/svn.xml | 8 +-
.../AbstractUniqueMessageAttributeCache.java | 61 +++
.../main/java/org/apache/rampart/NonceCache.java | 160 ++++++
.../rampart/PolicyBasedResultsValidator.java | 2 +-
.../src/main/java/org/apache/rampart/Rampart.java | 19 +-
.../java/org/apache/rampart/RampartEngine.java | 152 ++++--
.../org/apache/rampart/RampartMessageData.java | 13 +-
.../java/org/apache/rampart/ServiceNonceCache.java | 69 +++
.../rampart/UniqueMessageAttributeCache.java | 65 +++
.../rampart/builder/AsymmetricBindingBuilder.java | 10 +-
.../org/apache/rampart/builder/BindingBuilder.java | 30 +-
.../rampart/builder/TransportBindingBuilder.java | 2 +-
.../main/java/org/apache/rampart/errors.properties | 5 +-
.../apache/rampart/handler/RampartReceiver.java | 20 +-
.../org/apache/rampart/handler/WSDoAllSender.java | 2 +-
.../rampart/policy/RampartPolicyBuilder.java | 2 +
.../apache/rampart/policy/RampartPolicyData.java | 10 +
.../policy/builders/RampartConfigBuilder.java | 19 +
.../rampart/policy/model/OptimizePartsConfig.java | 1 +
.../apache/rampart/policy/model/RampartConfig.java | 28 ++
.../java/org/apache/rampart/util/Axis2Util.java | 8 +-
.../rampart/util/HandlerParameterDecoder.java | 2 +-
.../java/org/apache/rampart/util/RampartUtil.java | 82 +++-
modules/rampart-integration/pom.xml | 55 +--
.../apache/axis2/integration/UtilsTCPServer.java | 99 ----
.../test/java/org/apache/rampart/RampartTest.java | 2 +-
.../src/test/resources/conf/axis2.xml | 10 -
...service-policy-symm-binding-saml2-publicKey.xml | 2 +-
.../policy/service-policy-symm-binding-saml2.xml | 2 +-
.../rahas/policy/service-policy-symm-binding.xml | 2 +-
.../policy/service-policy-transport-binding.xml | 2 +-
.../rahas/policy/sts-policy-asymm-binding.xml | 2 +-
.../rahas/policy/sts-policy-symm-binding.xml | 2 +-
.../rahas/policy/sts-policy-transport-binding.xml | 2 +-
.../src/test/resources/rampart/policy/1.xml | 2 +-
.../src/test/resources/rampart/policy/10.xml | 4 +-
.../src/test/resources/rampart/policy/13.xml | 2 +-
.../src/test/resources/rampart/policy/14.xml | 2 +-
.../src/test/resources/rampart/policy/15.xml | 2 +-
.../src/test/resources/rampart/policy/17.xml | 2 +-
.../src/test/resources/rampart/policy/18.xml | 2 +-
.../src/test/resources/rampart/policy/19.xml | 2 +-
.../src/test/resources/rampart/policy/2.xml | 2 +-
.../src/test/resources/rampart/policy/20.xml | 2 +-
.../src/test/resources/rampart/policy/21.xml | 4 +-
.../src/test/resources/rampart/policy/22.xml | 2 +-
.../src/test/resources/rampart/policy/23.xml | 2 +-
.../src/test/resources/rampart/policy/24.xml | 2 +-
.../src/test/resources/rampart/policy/25.xml | 2 +-
.../src/test/resources/rampart/policy/26.xml | 2 +-
.../src/test/resources/rampart/policy/27.xml | 2 +-
.../src/test/resources/rampart/policy/28.xml | 2 +-
.../src/test/resources/rampart/policy/3.xml | 2 +-
.../resources/rampart/policy/{28.xml => 30.xml} | 29 +-
.../src/test/resources/rampart/policy/4.xml | 2 +-
.../src/test/resources/rampart/policy/5.xml | 2 +-
.../src/test/resources/rampart/policy/sc-1.xml | 2 +-
.../src/test/resources/rampart/policy/sc-3.xml | 4 +-
.../src/test/resources/rampart/services-1.xml | 2 +-
.../src/test/resources/rampart/services-10.xml | 2 +-
.../src/test/resources/rampart/services-13.xml | 2 +-
.../src/test/resources/rampart/services-14.xml | 2 +-
.../src/test/resources/rampart/services-15.xml | 2 +-
.../src/test/resources/rampart/services-17.xml | 2 +-
.../src/test/resources/rampart/services-18.xml | 2 +-
.../src/test/resources/rampart/services-19.xml | 2 +-
.../src/test/resources/rampart/services-2.xml | 2 +-
.../src/test/resources/rampart/services-20.xml | 2 +-
.../src/test/resources/rampart/services-21.xml | 2 +-
.../src/test/resources/rampart/services-22.xml | 2 +-
.../src/test/resources/rampart/services-23.xml | 2 +-
.../src/test/resources/rampart/services-24.xml | 2 +-
.../src/test/resources/rampart/services-25.xml | 2 +-
.../src/test/resources/rampart/services-26.xml | 2 +-
.../src/test/resources/rampart/services-27.xml | 2 +-
.../src/test/resources/rampart/services-28.xml | 2 +-
.../src/test/resources/rampart/services-3.xml | 2 +-
.../rampart/{services-25.xml => services-30.xml} | 43 +-
.../src/test/resources/rampart/services-4.xml | 2 +-
.../src/test/resources/rampart/services-5.xml | 2 +-
.../src/test/resources/rampart/services-sc-1.xml | 2 +-
.../src/test/resources/rampart/services-sc-3.xml | 2 +-
.../resources/security/complete.service.axis2.xml | 5 -
.../test/resources/security/s1.service.axis2.xml | 5 -
.../test/resources/security/s2.service.axis2.xml | 5 -
.../test/resources/security/s2a.service.axis2.xml | 5 -
.../test/resources/security/s3.service.axis2.xml | 5 -
.../test/resources/security/s4.service.axis2.xml | 5 -
.../test/resources/security/s5.service.axis2.xml | 5 -
.../test/resources/security/s6.service.axis2.xml | 5 -
.../test/resources/security/s7.service.axis2.xml | 5 -
.../test/resources/security/sST1.service.axis2.xml | 5 -
.../resources/security/secMtom.service.axis2.xml | 5 -
.../secpolicy/model/AbstractSecurityAssertion.java | 4 +-
.../secpolicy/model/SignedEncryptedElements.java | 6 +-
.../ws/secpolicy/model/SignedEncryptedParts.java | 10 +
.../ws/secpolicy/model/TransportBinding.java | 18 +
.../builders/EncryptedElementsBuilder.java | 4 +-
.../builders/EncryptedPartsBuilder.java | 4 +-
.../builders/SignedElementsBuilder.java | 4 +-
.../secpolicy11/builders/SignedPartsBuilder.java | 12 +-
.../builders/SupportingTokensBuilder.java | 4 +-
.../secpolicy11/builders/UsernameTokenBuilder.java | 4 +-
.../ws/secpolicy11/builders/X509TokenBuilder.java | 4 +-
.../builders/EncryptedElementsBuilder.java | 4 +-
.../builders/EncryptedPartsBuilder.java | 4 +-
.../builders/SignedElementsBuilder.java | 4 +-
.../secpolicy12/builders/SignedPartsBuilder.java | 10 +-
.../builders/SupportingTokensBuilder.java | 4 +-
.../builders/TransportBindingBuilder.java | 3 +
.../secpolicy12/builders/UsernameTokenBuilder.java | 4 +-
.../ws/secpolicy12/builders/X509TokenBuilder.java | 4 +-
modules/rampart-samples/README.txt | 4 +
modules/rampart-samples/keys/client.jks | Bin 4008 -> 4014 bytes
modules/rampart-samples/keys/service.jks | Bin 2675 -> 2683 bytes
modules/rampart-samples/keys/sts.jks | Bin 2677 -> 2683 bytes
modules/rampart-samples/policy/build.xml | 11 +
.../policy/sample-tomcat/policy.xml | 2 +-
.../policy/sample-tomcat/services.xml | 4 +-
modules/rampart-samples/policy/sample01/policy.xml | 2 +-
.../rampart-samples/policy/sample01/services.xml | 2 +-
modules/rampart-samples/policy/sample05/policy.xml | 2 +-
.../rampart-samples/policy/sample05/services.xml | 216 ++++-----
modules/rampart-samples/policy/sample06/policy.xml | 5 +-
.../rampart-samples/policy/sample06/services.xml | 255 +++++-----
.../samples/policy/sample06/MexService.java | 16 +
modules/rampart-samples/policy/sample08/README.txt | 8 +
.../policy/sample08/policy.xml} | 8 +-
.../policy/{sample05 => sample08}/services.xml | 318 +++++-------
.../rampart/samples/policy/sample08/Client.java | 94 ++++
.../samples/policy/sample08/PWCBHandler.java | 42 ++
.../samples/policy/sample08/SimpleService.java | 24 +
.../policy/sample08/sts_policy.xml} | 152 +++---
.../org/apache/rahas/SimpleTokenStoreTest.java | 71 ++-
.../org/apache/rampart/MessageBuilderTestBase.java | 37 +-
.../java/org/apache/rampart/NonceCacheTest.java | 75 +++
...rtEngineTest.java => PolicyAssertionsTest.java} | 66 +--
.../java/org/apache/rampart/RampartEngineTest.java | 84 +++-
.../test-resources/policy-asymm-binding.xml | 2 +-
.../test-resources/policy-symm-binding.xml | 2 +-
.../test-resources/policy-transport-binding.xml | 2 +-
.../policy/rampart-asymm-binding-1.xml | 2 +-
.../policy/rampart-asymm-binding-2-sig-dk.xml | 2 +-
.../policy/rampart-asymm-binding-3-dk.xml | 2 +-
.../policy/rampart-asymm-binding-4-dk-ebs.xml | 2 +-
.../policy/rampart-asymm-binding-5-ebs.xml | 2 +-
.../policy/rampart-asymm-required-elements-2.xml} | 56 ++-
.../policy/rampart-asymm-required-elements.xml} | 56 ++-
.../policy/rampart-symm-binding-1.xml | 2 +-
.../policy/rampart-symm-binding-2-dk.xml | 2 +-
.../policy/rampart-symm-binding-3-dk-es.xml | 2 +-
.../policy/rampart-symm-binding-4-ebs.xml | 2 +-
.../policy/rampart-symm-binding-5-dk-ebs.xml | 2 +-
.../policy/rampart-transport-binding-dk.xml | 2 +-
.../policy/rampart-transport-binding-no-bst.xml | 2 +-
.../policy/rampart-transport-binding.xml | 2 +-
.../java/org/apache/rahas/EncryptedKeyToken.java | 23 +
.../src/main/java/org/apache/rahas/RahasData.java | 9 +
.../java/org/apache/rahas/SimpleTokenStore.java | 7 +-
.../src/main/java/org/apache/rahas/Token.java | 301 +++++++++---
.../java/org/apache/rahas/client/STSClient.java | 143 +++++-
.../main/java/org/apache/rahas/errors.properties | 4 +-
.../org/apache/rahas/impl/SAML2TokenIssuer.java | 150 +++---
.../org/apache/rahas/impl/SAMLTokenIssuer.java | 10 +-
.../apache/rahas/impl/SAMLTokenIssuerConfig.java | 23 +-
.../org/apache/rahas/impl/util/SAML2Utils.java | 24 +-
pom.xml | 168 +++----
release-docs/ChangeLog.txt | 69 ++-
release-docs/NOTICE.txt | 15 +-
release-docs/README.txt | 48 +-
release-docs/release-notes.html | 34 +-
198 files changed, 3383 insertions(+), 2020 deletions(-)
diff --git a/modules/distribution/bin.xml b/modules/distribution/bin.xml
index b1a8a50..6e197ae 100644
--- a/modules/distribution/bin.xml
+++ b/modules/distribution/bin.xml
@@ -22,14 +22,15 @@
<include>org.apache.rampart:rampart-core:jar</include>
<include>org.apache.rampart:rampart-policy:jar</include>
<include>org.apache.rampart:rampart-trust:jar</include>
- <include>org.opensaml:opensaml:jar</include>
- <include>org.opensaml:xmltooling:jar</include>
- <include>joda-time:joda-time:jar</include>
- <include>org.slf4j:slf4j-api:jar</include>
- <include>org.slf4j:slf4j-jdk14:jar</include>
- <include>velocity:velocity:jar</include>
- <include>commons-collections:commons-collections:jar</include>
- <include>org.opensaml:openws:jar</include>
+ <include>org.opensaml:opensaml:jar</include>
+ <include>org.opensaml:xmltooling:jar</include>
+ <include>joda-time:joda-time:jar</include>
+ <include>org.slf4j:slf4j-api:jar</include>
+ <include>org.slf4j:slf4j-jdk14:jar</include>
+ <include>velocity:velocity:jar</include>
+ <include>commons-collections:commons-collections:jar</include>
+ <include>org.opensaml:openws:jar</include>
+ <include>commons-lang:commons-lang:jar</include>
</includes>
</dependencySet>
</dependencySets>
diff --git a/modules/documentation/src/site/resources/css/site.css b/modules/documentation/src/site/resources/css/site.css
index 9a3c9f9..5182c6e 100755
--- a/modules/documentation/src/site/resources/css/site.css
+++ b/modules/documentation/src/site/resources/css/site.css
@@ -1,297 +1,272 @@
-/* page general styles */
-body{
- padding:0px;
- margin:0px;
- width:1000px;
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+.img-title {
+ text-align: center
}
-a{
- color:#557f95;
- text-decoration:none;
+
+.img {
+ text-align: center
+}
+
+.special-td {
+ font-family: Arial;
+ font-size: 10pt;
+ font-weight: bold
}
-a:hover{
- color:#000000;
- text-decoration:underline;
+
+.special {
+ font-family: Arial;
+ font-weight: bold;
+ border-style: solid;
+ border-width: 1;
+ padding-left: 4;
+ padding-right: 4;
+ padding-top: 1;
+ padding-bottom: 1;
+ background-color: #C0C0C0;
+ font-size: 10pt
}
-body, td, tr, input,h1,h2,h3,h4,h5,h6,a{
- font: 12px Verdana, Arial, Helvetica, sans-serif;
- line-height:18px;
+
+.xml {
+ font-family: Arial;
+ font-size: 10pt;
+ color: #0000FF;
+ font-style: italic
}
-pre{
- overflow-x:auto;
+
+/*
+.code {
+ font-family: Courier New;
+ font-size: 10pt;
+ color: #800000
}
-h1 {
- color:#575757;
- font-size:24px;
- font-weight:bold;
- line-height:normal;
- margin:5px 0px;
- padding:2px;
-}
-}
-h2{
- padding:0px;
- margin:0px;
- font-size:14px;
- font-weight:bold;
- height:22px;
- background-color:#bcbcbc;
- text-indent:10px;
- color:#000000;
-}
-h3{
- padding:0px;
- margin:0px;
- font-weight:bold;
-}
-h4{
- font-weight:bold;
- color:#777777;
-}
-p{
- padding-top:5px;
- padding-bottom:5px;
- line-height:18px;
-}
-/* page styles */
-.page-padding{
- padding-left:10px;
- padding-right:10px;
-}
-.composite{
-/* Uncomment these lines to give a fixed width with centered positioning ....*/
- position:absolute;
- left:50%;
- width:980px;
- margin-left:-490px;
- border:solid 1px #83b0c0;
- margin-top:5px;
-}
-
-/* header styles */
+*/
+
+/*
+-----------------------------------------------------------------------
+Generic element styles
+----------------------------------------------------------------------- */
+body {
+ color: #111;
+ font-family: "Trebuchet MS", Verdana, sans-serif;
+ font-size: 1em;
+ padding: 5;
+ padding-bottom:0px;
+ border-width: 0;
+ outline-width: 0;
+ list-style-position: outside;
+ display: block;
+
+ margin: 0 auto; /* center, not in IE5 */
+ height: auto !important; /* real browsers */
+ height: 100%; /* IE6: treaded as min-height*/
+
+ min-height: 100%; /* real browsers */
+ width: 980px;
+ background-image: url(../images/home-top.gif);
+ background-position: left top;
+ background-repeat: repeat-x;
+}
+
+#breadcrumbs {
+ background-image: url(../images/menu-back.gif);
+ background-position: left top;
+ background-repeat: repeat-x;
+ border-bottom: solid 1px #d4d4d4;
+ height: 28px;
+ font-size: 0.8em;
+ background-color: transparent;
+ border: 1px solid #6895c2;
+}
+
#banner{
- background-image:url(../images/apache-rampart-banner-background.jpg);
- background-repeat:repeat-x;
- background-position:0px 0px;
- height:98px;
+ margin-top:10px;
+ padding-top:10px;
+ padding-bottom:10px;
}
#bannerLeft{
- background-image:url(../images/apache-rampart-logo.jpg);
- background-repeat:no-repeat;
- background-position:0px 0px;
- height:103px;
- text-align:right;
- padding-right:10px;
+ background-image: url(../images/apache-rampart-logo.jpg);
+ background-position: left top;
+ background-repeat: no-repeat;
+ text-indent:-1700px;/*We do this to hide the text. This needs to be updated to a beter solution.*/
+ width:204px;
+ height:56px;
display:block;
-}
-#breadcrumbs{
- position:absolute;
- top:70px;
- background-color:transparent;
- border-bottom:none;
- border-top:none;
- font-size:auto;
- margin:0pt;
- padding:0px;
+ float:left;
}
#bannerRight{
- background-image:url(../images/apache-rampart-banner.jpg);
- background-repeat:no-repeat;
- background-position:right 0px;
display:block;
- height:65px;
- position:absolute;
- right:0px;
- top:0px;
-}
-.xleft{
- color:#929292;
- right:200px;
- position:absolute;
-}
-.top-menu a{
- color:#000000;
- text-decoration:none;
-}
-.top-menu a:hover{
- text-decoration:underline;
-}
-.top-menu-gap{
- padding-left:30px;
-}
-
-/* content text */
-.content{
-
-}
-#leftColumn{
- width:179px;
- background-color:transparent;
- border:none;
- margin:10px 0px 0px 5px;
-}
-#navcolumn h5{
- text-indent:15px;
- height:23px;
- color:#ffffff;
- background-image:url(../images/apache-rampart-menu-top.jpg);
- background-repeat:no-repeat;
- background-position:left 0px;
-}
-#navcolumn{
- background-image:url(../images/apache-rampart-menu.jpg);
- background-repeat:no-repeat;
- background-position:0px 0px;
- background-color:#e5e5e5;
- border-bottom:solid 1px #b4b4b4;
- padding:0px 0px 0pt 0px;
- font-size:11px;
-}
-#navcolumn ul{
- padding:0px;
- margin:0px;
- list-style:none;
- padding-left:10px;
-}
-#navcolumn ul ul{
- margin-left:-10px;
-}
-#navcolumn li{
- margin-top:3px;
-}
-#navcolumn strong{
- font-weight:bold;
-}
-#navcolumn ul li a {
- text-indent:0px;
- font-size:12px;
- color:#224351;
-}
-#navcolumn li.expanded {
- background-image:url(../images/apache-rampart-menu-button.gif);
- background-repeat:no-repeat;
- background-position:0px 5px;
-}
-#navcolumn ul li ul li a{
- background-image:none;
- text-indent:0px;
- font-size:11px;
- color:#557f95;
- font-size:11px;
-}
-#bodyColumn{
- background-color:#F3F3F3;
- border:1px solid #B4B4B4;
- margin-right:10px;
- margin-left:194px;
- margin-top:10px;
- padding-left:10px;
-}
-.menu-bottom-left{
- background-image:url(../images/apache-rampart-menu-bottom.jpg);
- background-repeat:no-repeat;
- background-position:0px 0px;
- background-color:#e5e5e5;
- width:15px;
- height:13px;
- float:left;
-}
-.menu-bottom-right{
- background-color:#e5e5e5;
- border-bottom:solid 1px #b4b4b4;
- height:13px;
float:right;
- width:164px;
-}
-.content-back1{
- background-image:url(../images/apache-rampart-spliter.jpg);
- background-repeat:no-repeat;
- background-position:0px 0px;
-}
-.content-back2{
- background-image:url(../images/apache-rampart-content-back.jpg);
- background-repeat:repeat-y;
- background-position:0px 0px;
- background-color:#f3f3f3;
- border-bottom:solid 1px #b4b4b4;
- border-right:solid 1px #b4b4b4;
- margin-right:10px;
-}
-.content-display{
- margin-left:32px;
- padding-bottom:10px;
+ height:51px;
+ width:537px;
}
-.poweredBy{
- margin-left:30px;
- margin-top:5px;
+.xright, #bannerRight {
+ text-shadow: none;
}
-.footer{
- color:#929292;
- margin-top:10px;
- margin-left:10px;
-}
-.command {
- border: 1px dashed #3c78b5;
- text-align: left;
- background-color: #f0f0f0;
- padding: 3px;
- font-size: 11px;
- font-family: Courier;
- margin: 10px;
- line-height: 13px;
-}
-.consoleOutput {
- border: 1px dashed #3c78b5;
- font-size: 11px;
- font-family: Courier;
- margin: 10px;
- line-height: 13px;
- background-color: #f0f0f0;
- border-bottom: 1px dashed #3c78b5;
- padding: 3px;
- border-style: solid;
+
+#leftColumn {
+ border: none;
+ background-color: transparent;
+ margin: 1em 0 0 0;
}
-.info {
- border-style: solid;
- border-width: 1px;
- border-color: #090;
- background-color: #dfd;
- text-align:left;
- margin-top: 5px;
- margin-bottom: 5px;
-}
-.data-table{
- font-family:Verdana,Arial,Helvetica,sans-serif;
- font-size:11px;
- border:0px;
- margin:0px;
- border:solid 1px #cdcdcd;
-}
-.data-table th{
- background-color:#eeeeee;
- border-bottom:solid 1px #8d8d8d;
- padding-top:5px;
- padding-left:3px;
- text-align:left;
-}
-.data-table td{
- padding-top:4px;
- padding-left:3px;
- border-bottom:solid 1px #e1e1e1;
-}
-.download-pre {
- font-family:Verdana,Arial,Helvetica,sans-serif;
- font-size:11px;
- font-style:normal;
- margin:0;
- padding-bottom:3px;
- padding-top:3px;
-}
-
-.download-header-pre {
- font-family:Verdana,Arial,Helvetica,sans-serif;
- font-size:12px;
- font-weight:bold;
- margin:0;
- padding-top:3px;
- padding-bottom:3px;
+
+#navcolumn {
+ padding: 0;
+}
+
+#navcolumn h5 {
+ background-color: #e8f4ff;
+ border-left: solid 1px #ff2700;
+ border-bottom: none;
+ font-size: 0.9em;
+ padding: 5px;
+ color: #333333;
+ font-weight: normal;
+}
+
+#navcolumn li {
+ font-size: 0.9em;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+
+#bodyColumn {
+ margin-left: 190px;
+ margin-right: 0;
+}
+
+#contentBox {
+ color: #333333;
+}
+
+#contentBox p, #contentBox td, #contentBox li {
+ font-family: "Trebuchet MS", Verdana, sans-serif;
+ line-height: 1.5em;
+ font-size: 0.94em;
+}
+
+#contentBox p, #contentBox li {
+ text-align: justify;
+}
+
+a:link {
+ color: #039;
+}
+
+a:hover {
+ color: #03c;
+ text-decoration: none;
+}
+
+a.externalLink, a.externalLink:link, a.externalLink:visited, a.externalLink:active, a.externalLink:hover {
+ background: none;
+ padding: 0;
+}
+
+table.bodyTable th {
+ background-color: #6f8aa5;
+}
+
+table.bodyTable tr.a {
+ background-color: #d1dce7;
+}
+
+table.bodyTable tr.b {
+ background-color: #eceef1;
+}
+
+h1 {
+ color: #4f4f4f;
+ font-size: 2.5em;
+ font-weight: normal;
+}
+
+h2 {
+ color: #646b71;
+ font-size: 1.7em;
+ background-color: transparent;
+ border: none;
+ padding: 0;
+ font-weight: normal;
+}
+
+h3 {
+ color: #7d858d;
+ font-weight: bold;
+ font-size: 1.2em;
+ background-color: transparent;
+ border: none;
+ padding: 0;
+}
+
+h4 {
+ color: #333333;
+ font-size: 1em;
+ font-weight: bold;
+ background-color: transparent;
+ border: none;
+ padding: 0;
+}
+
+th {
+ background-color: #f5f5f5;
+ height: 20;
+ paddong: 0px;
+ spacing: 0px;
+}
+
+table {
+ margin: 0;
+ padding: 0;
+ border: solid 0 #dcdcdc;
+}
+
+.header {
+ height: 80px;
+ background-image: url( ../images/doc_header.jpg );
+ background-repeat: no-repeat;
+ background-attachment: scroll;
+ background-position: left top;
+}
+
+pre, div.source {
+ border: 1px dotted;
+ background-color: #e2ecf6;
+ padding: 0.8em;
+ margin: 0;
+ overflow: auto;
+ font-size: 0.9em;
+}
+
+/* Xdoc generates <div class="source"><pre>...</pre></div> for <source> elements.
+ Because we already apply styles to every <pre>, we need to suppress styles here. */
+div.source pre {
+ border: none;
+ background-color: transparent;
+ padding: none;
+}
+#footer{
+ background-color:#E9E9E9;
+ color:#828282;
+ left:0;
+ padding-top:10px;
+ text-indent:10px;
+ width:100%;
+ height:100px;
}
\ No newline at end of file
diff --git a/modules/documentation/src/site/resources/images/apache-rampart-banner.jpg b/modules/documentation/src/site/resources/images/apache-rampart-banner.jpg
index e3b3738..abcd2d1 100644
Binary files a/modules/documentation/src/site/resources/images/apache-rampart-banner.jpg and b/modules/documentation/src/site/resources/images/apache-rampart-banner.jpg differ
diff --git a/modules/documentation/src/site/resources/images/apache-rampart-logo.jpg b/modules/documentation/src/site/resources/images/apache-rampart-logo.jpg
index 7ebc608..5a1d638 100644
Binary files a/modules/documentation/src/site/resources/images/apache-rampart-logo.jpg and b/modules/documentation/src/site/resources/images/apache-rampart-logo.jpg differ
diff --git a/modules/documentation/src/site/resources/images/axis.jpg b/modules/documentation/src/site/resources/images/axis.jpg
new file mode 100644
index 0000000..73371d8
Binary files /dev/null and b/modules/documentation/src/site/resources/images/axis.jpg differ
diff --git a/modules/documentation/src/site/resources/images/axis.png b/modules/documentation/src/site/resources/images/axis.png
new file mode 100644
index 0000000..6d4161f
Binary files /dev/null and b/modules/documentation/src/site/resources/images/axis.png differ
diff --git a/modules/documentation/src/site/resources/images/breadcrumbs-bg.gif b/modules/documentation/src/site/resources/images/breadcrumbs-bg.gif
new file mode 100644
index 0000000..2d10304
Binary files /dev/null and b/modules/documentation/src/site/resources/images/breadcrumbs-bg.gif differ
diff --git a/modules/documentation/src/site/resources/images/h2-bg.gif b/modules/documentation/src/site/resources/images/h2-bg.gif
new file mode 100644
index 0000000..0ddb32e
Binary files /dev/null and b/modules/documentation/src/site/resources/images/h2-bg.gif differ
diff --git a/modules/documentation/src/site/resources/images/home-top.gif b/modules/documentation/src/site/resources/images/home-top.gif
new file mode 100644
index 0000000..4103c66
Binary files /dev/null and b/modules/documentation/src/site/resources/images/home-top.gif differ
diff --git a/modules/documentation/src/site/resources/images/leftcolumn-bg.gif b/modules/documentation/src/site/resources/images/leftcolumn-bg.gif
new file mode 100644
index 0000000..a2faa21
Binary files /dev/null and b/modules/documentation/src/site/resources/images/leftcolumn-bg.gif differ
diff --git a/modules/documentation/src/site/resources/images/menu-back.gif b/modules/documentation/src/site/resources/images/menu-back.gif
new file mode 100644
index 0000000..0bcccda
Binary files /dev/null and b/modules/documentation/src/site/resources/images/menu-back.gif differ
diff --git a/modules/documentation/src/site/resources/rampart-config.xsd b/modules/documentation/src/site/resources/rampart-config.xsd
index ed8dd06..c0e94d4 100644
--- a/modules/documentation/src/site/resources/rampart-config.xsd
+++ b/modules/documentation/src/site/resources/rampart-config.xsd
@@ -20,18 +20,29 @@
<xs:element name="timestampMaxSkew" type="xs:integer" minOccurs="0"/>
<xs:element name="tokenStoreClass" type="xs:string" minOccurs="0"/>
<xs:element name="optimizeParts" type="xs:string" minOccurs="0"/>
- <xs:element name="sslConfig" type="ssl" minOccurs="0"/>
+ <xs:element name="sslConfig" type="ramp:ssl" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:complexType name="crypto">
- <xs:annotation>
- <xs:documentation>http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/components/crypto/Crypto.html</xs:documentation>
- </xs:annotation>
- <xs:sequence maxOccurs="unbounded">
- <xs:element name="property" type="xs:string"/>
- </xs:sequence>
- <xs:attribute name="provider"/>
+ <xs:sequence maxOccurs="1">
+ <xs:element name="crypto">
+ <xs:complexType>
+ <xs:sequence maxOccurs="unbounded">
+ <xs:element name="property">
+ <xs:complexType>
+ <xs:simpleContent>
+ <xs:extension base="xs:string">
+ <xs:attribute name="name" type="xs:string" use="required"/>
+ </xs:extension>
+ </xs:simpleContent>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ <xs:attribute name="provider" type="xs:string" use="required"/>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
</xs:complexType>
<xs:complexType name="ssl">
<xs:sequence maxOccurs="unbounded">
diff --git a/modules/documentation/src/site/resources/samples/policy/sample01.xml b/modules/documentation/src/site/resources/samples/policy/sample01.xml
index c4df639..5a4190a 100644
--- a/modules/documentation/src/site/resources/samples/policy/sample01.xml
+++ b/modules/documentation/src/site/resources/samples/policy/sample01.xml
@@ -11,7 +11,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/documentation/src/site/resources/samples/policy/sample05.xml b/modules/documentation/src/site/resources/samples/policy/sample05.xml
index d16bca6..218d297 100644
--- a/modules/documentation/src/site/resources/samples/policy/sample05.xml
+++ b/modules/documentation/src/site/resources/samples/policy/sample05.xml
@@ -19,7 +19,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/documentation/src/site/resources/samples/policy/sample06.xml b/modules/documentation/src/site/resources/samples/policy/sample06.xml
index bccbfe6..04453b4 100644
--- a/modules/documentation/src/site/resources/samples/policy/sample06.xml
+++ b/modules/documentation/src/site/resources/samples/policy/sample06.xml
@@ -19,7 +19,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/documentation/src/site/site.xml b/modules/documentation/src/site/site.xml
index 3731d60..dce5c7d 100644
--- a/modules/documentation/src/site/site.xml
+++ b/modules/documentation/src/site/site.xml
@@ -40,41 +40,40 @@
<body>
<links>
- <item name="WebServices" href="http://ws.apache.org/"/>
- <item name="Axis2/Java" href="http://ws.apache.org/axis2" />
+ <item name="Apache Axis2/Java" href="http://axis.apache.org/axis2/java/core/" />
</links>
<menu name="Apache Rampart">
- <item name="Home" href="index.html" />
- <item name="Downloads">
- <item name="Releases" href="download.html"/>
- <item name="Source Code" href="source-repository.html"/>
- </item>
- <item name="Documentation">
- <item name="Getting Started" href="quick-start.html"/>
- <item name="Samples" href="samples.html"/>
- <item name="FAQ" href="http://wiki.apache.org/ws/FrontPage/Rampart/FAQ"/>
- <item name="Rampart Configuration" href="rampartconfig-guide.html"/>
- <item name="STS Configuration" href="setting-up-sts.html"/>
- <item name="Developer Guide" href="developer-guide.html"/>
- <item name="Build the Site" href="siteHowTo.html" />
- </item>
- <item name="Resources">
- <item name="Articles" href="articles.html" />
- <item name="Specifications" href="specifications.html"/>
- <item name="Online Javadocs" href="apidocs/index.html"/>
+ <item name="Home" href="index.html" />
+ <item name="Downloads">
+ <item name="Releases" href="download.html"/>
+ <item name="Source Code" href="svn.html"/>
</item>
- <item name="Project Information">
- <item name="Project Team" href="team-list.html" />
- <item name="Issue Tracking" href="http://issues.apache.org/jira/browse/Rampart" />
- <item name="Mailing Lists" href="mail-lists.html"/>
- <item name="Source Code"
- href="http://svn.apache.org/viewcvs.cgi/webservices/rampart/trunk/?root=Apache-SVN" />
- <item name="Dependencies" href="dependencies.html"/>
- <item name="License"
- href="http://www.apache.org/licenses/LICENSE-2.0.html" />
- </item>
- </menu>
+ </menu>
+ <menu name="Documentation">
+ <item name="Getting Started" href="quick-start.html"/>
+ <item name="Samples" href="samples.html"/>
+ <item name="FAQ" href="http://wiki.apache.org/ws/FrontPage/Rampart/FAQ"/>
+ <item name="Rampart Configuration" href="rampartconfig-guide.html"/>
+ <item name="STS Configuration" href="setting-up-sts.html"/>
+ <item name="Developer Guide" href="developer-guide.html"/>
+ <item name="Build the Site" href="siteHowTo.html" />
+ </menu>
+ <menu name="Resources">
+ <item name="Articles" href="articles.html" />
+ <item name="Specifications" href="specifications.html"/>
+ <item name="Online Javadocs" href="apidocs/index.html"/>
+ </menu>
+ <menu name="Project Information">
+ <item name="Project Team" href="team-list.html" />
+ <item name="Issue Tracking" href="http://issues.apache.org/jira/browse/Rampart" />
+ <item name="Mailing Lists" href="mail-lists.html"/>
+ <item name="Source Code"
+ href="http://svn.apache.org/viewvc/axis/axis2/java/rampart/" />
+ <item name="Dependencies" href="dependencies.html"/>
+ <item name="License"
+ href="http://www.apache.org/licenses/LICENSE-2.0.html" />
+ </menu>
</body>
</project>
diff --git a/modules/documentation/src/site/xdoc/download.xml b/modules/documentation/src/site/xdoc/download.xml
index 823016f..3ed1a48 100644
--- a/modules/documentation/src/site/xdoc/download.xml
+++ b/modules/documentation/src/site/xdoc/download.xml
@@ -19,63 +19,81 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
- <body>
- <h1>Download Apache Rampart module</h1>
- <h2>Apache Rampart Releases</h2>
- <p>This page provides links to the release versions of Apache Rampart Java.</p>
- <table border="1" style="border-collapse: collapse" width="93%" id="table1">
- <tbody>
- <tr>
- <th>Version</th>
- <th>Date</th>
- <th>Description</th>
- </tr>
- <tr>
+ <body>
+ <h1>Download Apache Rampart Module</h1>
+ <h2>Apache Rampart Releases</h2>
+ <p>This page provides links to the release versions of Apache Rampart Java.</p>
+ <table border="1" style="border-collapse: collapse" width="93%" id="table1">
+ <tbody>
+ <tr>
+ <th>Version</th>
+ <th>Date</th>
+ <th>Description</th>
+ </tr>
+ <tr>
+ <td>
+ <a href="download/1.5.1/download.cgi">
+ <strong>1.5.1</strong>
+ </a>
+ </td>
+ <td></td>
+ <td>1.5.1 Release (Mirrored)</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="download/1.5/download.cgi">
+ <strong>1.5</strong>
+ </a>
+ </td>
+ <td>01 Feb 2010</td>
+ <td>1.5 Release (Archived)</td>
+ </tr>
+ <tr>
<td>
<a href="download/1.4/download.cgi">
<strong>1.4</strong>
</a>
</td>
- <td></td>
- <td>1.4 Release (Mirrored)</td>
+ <td>12 Jun 2008</td>
+ <td>1.4 Release (Archived)</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="download/1.3/download.cgi">
+ <strong>1.3</strong>
+ </a>
+ </td>
+ <td>06 Sep 2007</td>
+ <td>1.3 Release (Archived)</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="download/1.2/download.cgi">
+ <strong>1.2</strong>
+ </a>
+ </td>
+ <td>02 Jun 2007</td>
+ <td>1.2 Release (Archived)</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="download/1.1/download.cgi">
+ <strong>1.1</strong>
+ </a>
+ </td>
+ <td>11 Dec 2006</td>
+ <td>1.1 Release (Archived)</td>
</tr>
- <tr>
- <td>
- <a href="download/1.3/download.cgi">
- <strong>1.3</strong>
- </a>
- </td>
- <td></td>
- <td>1.3 Release (Mirrored)</td>
- </tr>
- <tr>
- <td>
- <a href="download/1.2/download.cgi">
- <strong>1.2</strong>
- </a>
- </td>
- <td></td>
- <td>1.2 Release (Mirrored)</td>
- </tr>
- <tr>
- <td>
- <a href="download/1.1/download.cgi">
- <strong>1.1</strong>
- </a>
- </td>
- <td></td>
- <td>1.1 Release (Mirrored)</td>
- </tr>
- </tbody>
- </table>
- <p>
- <strong>Apache Rampart Distributions : <a href="http://people.apache.org/~ruchithf/rampart/SNAPSHOT">Nightly builds</a>
- </strong>
- </p>
- <p>
- <strong>Maven Repository: <a href="http://people.apache.org/repo/m2-ibiblio-rsync-repository/">Released Apache Rampart jars</a> | <a href="http://people.apache.org/repo/m2-snapshot-repository/">Nightly SNAPSHOT</a>
- <a href=""></a>
- </strong>
- </p>
- </body>
+ </tbody>
+ </table>
+ <p>
+ <strong>Apache Rampart Distributions : <a href="http://people.apache.org/~ruchithf/rampart/SNAPSHOT">Nightly builds</a>
+ </strong>
+ </p>
+ <p>
+ <strong>Maven Repository: <a href="http://people.apache.org/repo/m2-ibiblio-rsync-repository/">Released Apache Rampart jars</a> | <a href="http://people.apache.org/repo/m2-snapshot-repository/">Nightly SNAPSHOT</a>
+ <a href=""></a>
+ </strong>
+ </p>
+ </body>
</html>
diff --git a/modules/documentation/src/site/xdoc/download/1.1/download.xml b/modules/documentation/src/site/xdoc/download/1.1/download.xml
index 73113dc..b8ce317 100644
--- a/modules/documentation/src/site/xdoc/download/1.1/download.xml
+++ b/modules/documentation/src/site/xdoc/download/1.1/download.xml
@@ -51,75 +51,47 @@ urchinTracker();
Distribution</strong></td>
<td>This is the complete version of Apache Rampart and will contain samples
as well.</td>
-<td><a href="[preferred]/ws/rampart/1_1/rampart-1.1.zip" title=
-"[preferred]/ws/rampart/1_1/rampart-1.1.zip" onClick=
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1.zip" onClick=
"javascript:urchinTracker ('/downloads/rampart-1.1.zip');">zip</a>
-<a href="http://www.apache.org/dist/ws/rampart/1_1/rampart-1.1.zip.md5"
-title="http://www.apache.org/dist/ws/rampart/1_1/rampart-1.1.zip.md5">MD5</a>
-<a href="http://www.apache.org/dist/ws/rampart/1_1/rampart-1.1.zip.asc"
-title="http://www.apache.org/dist/ws/rampart/1_1/rampart-1.1.zip.asc">PGP</a></td>
+<a href="http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1.zip.md5"
+title="http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1.zip.md5">MD5</a>
+<a href="http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1.zip.asc"
+title="http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1.zip.asc">PGP</a></td>
</tr>
<tr>
<td><a name="src" id="src"></a> <strong>Source
Distribution</strong></td>
<td>This will contain the sources of Apache Rampart distribution.</td>
-<td><a href="[preferred]/ws/rampart/1_1/rampart-1.1-src.zip" title=
-"[preferred]/ws/rampart/1_1/rampart-1.1-src.zip" onClick=
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-src.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-src.zip" onClick=
"javascript:urchinTracker ('/downloads/rampart-1.1-src.zip');">zip</a>
<a href=
-"http://www.apache.org/dist/ws/rampart/1_1/rampart-1.1-src.zip.md5"
+"http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-src.zip.md5"
title=
-"http://www.apache.org/dist/ws/rampart/1_1/rampart-1.1-src.zip.md5">MD5</a>
+"http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-src.zip.md5">MD5</a>
<a href=
-"http://www.apache.org/dist/ws/rampart/1_1/rampart-1.1-src.zip.asc"
+"http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-src.zip.asc"
title=
-"http://www.apache.org/dist/ws/rampart/1_1/rampart-1.1-src.zip.asc">PGP</a></td>
+"http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-src.zip.asc">PGP</a></td>
</tr>
<tr>
<td><strong>Documents Distribution</strong></td>
<td>This will contain all the documentation in one package.</td>
-<td><a href="[preferred]/ws/rampart/1_1/rampart-1.1-docs.zip" title=
-"[preferred]/ws/rampart/1_1/rampart-1.1-docs.zip" onClick=
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-docs.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-docs.zip" onClick=
"javascript:urchinTracker ('/downloads/rampart-1.1-docs.zip');">zip</a>
<a href=
-"http://www.apache.org/dist/ws/rampart/1_1/rampart-1.1-docs.zip.md5"
+"http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-docs.zip.md5"
title=
-"http://www.apache.org/dist/ws/rampart/1_1/rampart-1.1-docs.zip.md5">MD5</a>
+"http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-docs.zip.md5">MD5</a>
<a href=
-"http://www.apache.org/dist/ws/rampart/1_1/rampart-1.1-docs.zip.asc"
+"http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-docs.zip.asc"
title=
-"http://www.apache.org/dist/ws/rampart/1_1/rampart-1.1-docs.zip.asc">PGP</a></td>
+"http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-docs.zip.asc">PGP</a></td>
</tr>
</tbody>
</table>
</div>
-<div align="left"><br />
-<p>[if-any logo] <a href="[link]"><img align="right" src="[logo]"
-border="0" /></a>[end] The currently selected mirror is
-<b>[preferred]</b>. If you encounter a problem with this mirror,
-please select another mirror. If all mirrors are failing, there are
-<i>backup</i> mirrors (at the end of the mirrors list) that should
-be available.</p>
-<form action="[location]" method="get" id="SelectMirror" name=
-"SelectMirror">Other mirrors: <select name="Preferred">
-<option value="[http]" selected="selected">[http]</option>
-<option value="[ftp]">[ftp]</option>
-<option value="[backup]">[backup] (backup)</option>
-</select> <input type="submit" value="Change" /></form>
-<p>You may also consult the <a href=
-"http://www.apache.org/mirrors/">complete list of mirrors</a>.</p>
-<p><strong>Note:</strong> when downloading from a mirror please
-check the <a href=
-"http://www.apache.org/dev/release-signing#md5">md5sum</a> and
-verify the <a href=
-"http://www.apache.org/dev/release-signing#openpgp">OpenPGP</a>
-compatible signature from the main Apache site. These can be
-downloaded by following the links above. This <a href=
-"http://www.apache.org/dist/ws/axis2/KEYS">KEYS</a> file contains
-the public keys that can be used for verifying signatures. It is
-recommended that (when possible)a <a href=
-"http://www.apache.org/dev/release-signing#web-of-trust">Web of
-trust</a> is used to confirm the identity of these keys.</p>
-</div>
</body>
</html>
diff --git a/modules/documentation/src/site/xdoc/download/1.2/download.xml b/modules/documentation/src/site/xdoc/download/1.2/download.xml
index 3919f15..70822ce 100644
--- a/modules/documentation/src/site/xdoc/download/1.2/download.xml
+++ b/modules/documentation/src/site/xdoc/download/1.2/download.xml
@@ -51,75 +51,47 @@ urchinTracker();
Distribution</strong></td>
<td>This is the complete version of Apache Rampart and will contain samples
as well.</td>
-<td><a href="[preferred]/ws/rampart/1_2/rampart-1.2.zip" title=
-"[preferred]/ws/rampart/1_2/rampart-1.2.zip" onClick=
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip" onClick=
"javascript:urchinTracker ('/downloads/rampart-1.2.zip');">zip</a>
-<a href="http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip.md5"
-title="http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip.md5">MD5</a>
-<a href="http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip.asc"
-title="http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip.asc">PGP</a></td>
+<a href="http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip.md5"
+title="http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip.md5">MD5</a>
+<a href="http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip.asc"
+title="http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip.asc">PGP</a></td>
</tr>
<tr>
<td><a name="src" id="src"></a> <strong>Source
Distribution</strong></td>
<td>This will contain the sources of Apache Rampart distribution.</td>
-<td><a href="[preferred]/ws/rampart/1_2/rampart-1.2-src.zip" title=
-"[preferred]/ws/rampart/1_2/rampart-1.2-src.zip" onClick=
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip" onClick=
"javascript:urchinTracker ('/downloads/rampart-1.2-src.zip');">zip</a>
<a href=
-"http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip.md5"
+"http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip.md5"
title=
-"http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip.md5">MD5</a>
+"http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip.md5">MD5</a>
<a href=
-"http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip.asc"
+"http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip.asc"
title=
-"http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip.asc">PGP</a></td>
+"http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip.asc">PGP</a></td>
</tr>
<tr>
<td><strong>Documents Distribution</strong></td>
<td>This will contain all the documentation in one package.</td>
-<td><a href="[preferred]/ws/rampart/1_2/rampart-1.2-docs.zip" title=
-"[preferred]/ws/rampart/1_2/rampart-1.2-docs.zip" onClick=
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip" onClick=
"javascript:urchinTracker ('/downloads/rampart-1.2-docs.zip');">zip</a>
<a href=
-"http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip.md5"
+"hhttp://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip.md5"
title=
-"http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip.md5">MD5</a>
+"http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip.md5">MD5</a>
<a href=
-"http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip.asc"
+"http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip.asc"
title=
-"http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip.asc">PGP</a></td>
+"http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip.asc">PGP</a></td>
</tr>
</tbody>
</table>
</div>
-<div align="left"><br />
-<p>[if-any logo] <a href="[link]"><img align="right" src="[logo]"
-border="0" /></a>[end] The currently selected mirror is
-<b>[preferred]</b>. If you encounter a problem with this mirror,
-please select another mirror. If all mirrors are failing, there are
-<i>backup</i> mirrors (at the end of the mirrors list) that should
-be available.</p>
-<form action="[location]" method="get" id="SelectMirror" name=
-"SelectMirror">Other mirrors: <select name="Preferred">
-<option value="[http]" selected="selected">[http]</option>
-<option value="[ftp]">[ftp]</option>
-<option value="[backup]">[backup] (backup)</option>
-</select> <input type="submit" value="Change" /></form>
-<p>You may also consult the <a href=
-"http://www.apache.org/mirrors/">complete list of mirrors</a>.</p>
-<p><strong>Note:</strong> when downloading from a mirror please
-check the <a href=
-"http://www.apache.org/dev/release-signing#md5">md5sum</a> and
-verify the <a href=
-"http://www.apache.org/dev/release-signing#openpgp">OpenPGP</a>
-compatible signature from the main Apache site. These can be
-downloaded by following the links above. This <a href=
-"http://www.apache.org/dist/ws/axis2/KEYS">KEYS</a> file contains
-the public keys that can be used for verifying signatures. It is
-recommended that (when possible)a <a href=
-"http://www.apache.org/dev/release-signing#web-of-trust">Web of
-trust</a> is used to confirm the identity of these keys.</p>
-</div>
</body>
</html>
diff --git a/modules/documentation/src/site/xdoc/download/1.3/download.xml b/modules/documentation/src/site/xdoc/download/1.3/download.xml
index b06fe22..50dde84 100644
--- a/modules/documentation/src/site/xdoc/download/1.3/download.xml
+++ b/modules/documentation/src/site/xdoc/download/1.3/download.xml
@@ -51,75 +51,47 @@ urchinTracker();
Distribution</strong></td>
<td>This is the complete version of Apache Rampart and will contain samples
as well.</td>
-<td><a href="[preferred]/ws/rampart/1_3/rampart-1.3.zip" title=
-"[preferred]/ws/rampart/1_3/rampart-1.3.zip" onClick=
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3.zip" onClick=
"javascript:urchinTracker ('/downloads/rampart-1.3.zip');">zip</a>
-<a href="http://www.apache.org/dist/ws/rampart/1_3/rampart-1.3.zip.md5"
-title="http://www.apache.org/dist/ws/rampart/1_3/rampart-1.3.zip.md5">MD5</a>
-<a href="http://www.apache.org/dist/ws/rampart/1_3/rampart-1.3.zip.asc"
-title="http://www.apache.org/dist/ws/rampart/1_3/rampart-1.3.zip.asc">PGP</a></td>
+<a href="http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3.zip.md5"
+title="http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3.zip.md5">MD5</a>
+<a href="http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3.zip.asc"
+title="http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3.zip.asc">PGP</a></td>
</tr>
<tr>
<td><a name="src" id="src"></a> <strong>Source
Distribution</strong></td>
<td>This will contain the sources of Apache Rampart distribution.</td>
-<td><a href="[preferred]/ws/rampart/1_3/rampart-1.3-src.zip" title=
-"[preferred]/ws/rampart/1_3/rampart-1.3-src.zip" onClick=
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-src.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-src.zip" onClick=
"javascript:urchinTracker ('/downloads/rampart-1.3-src.zip');">zip</a>
<a href=
-"http://www.apache.org/dist/ws/rampart/1_3/rampart-1.3-src.zip.md5"
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-src.zip.md5"
title=
-"http://www.apache.org/dist/ws/rampart/1_3/rampart-1.3-src.zip.md5">MD5</a>
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-src.zip.md5">MD5</a>
<a href=
-"http://www.apache.org/dist/ws/rampart/1_3/rampart-1.3-src.zip.asc"
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-src.zip.asc"
title=
-"http://www.apache.org/dist/ws/rampart/1_3/rampart-1.3-src.zip.asc">PGP</a></td>
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-src.zip.asc">PGP</a></td>
</tr>
<tr>
<td><strong>Documents Distribution</strong></td>
<td>This will contain all the documentation in one package.</td>
-<td><a href="[preferred]/ws/rampart/1_3/rampart-1.3-docs.zip" title=
-"[preferred]/ws/rampart/1_3/rampart-1.3-docs.zip" onClick=
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-docs.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-docs.zip" onClick=
"javascript:urchinTracker ('/downloads/rampart-1.3-docs.zip');">zip</a>
<a href=
-"http://www.apache.org/dist/ws/rampart/1_3/rampart-1.3-docs.zip.md5"
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-docs.zip.md5"
title=
-"http://www.apache.org/dist/ws/rampart/1_3/rampart-1.3-docs.zip.md5">MD5</a>
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-docs.zip.md5">MD5</a>
<a href=
-"http://www.apache.org/dist/ws/rampart/1_3/rampart-1.3-docs.zip.asc"
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-docs.zip.asc"
title=
-"http://www.apache.org/dist/ws/rampart/1_3/rampart-1.3-docs.zip.asc">PGP</a></td>
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-docs.zip.asc">PGP</a></td>
</tr>
</tbody>
</table>
</div>
-<div align="left"><br />
-<p>[if-any logo] <a href="[link]"><img align="right" src="[logo]"
-border="0" /></a>[end] The currently selected mirror is
-<b>[preferred]</b>. If you encounter a problem with this mirror,
-please select another mirror. If all mirrors are failing, there are
-<i>backup</i> mirrors (at the end of the mirrors list) that should
-be available.</p>
-<form action="[location]" method="get" id="SelectMirror" name=
-"SelectMirror">Other mirrors: <select name="Preferred">
-<option value="[http]" selected="selected">[http]</option>
-<option value="[ftp]">[ftp]</option>
-<option value="[backup]">[backup] (backup)</option>
-</select> <input type="submit" value="Change" /></form>
-<p>You may also consult the <a href=
-"http://www.apache.org/mirrors/">complete list of mirrors</a>.</p>
-<p><strong>Note:</strong> when downloading from a mirror please
-check the <a href=
-"http://www.apache.org/dev/release-signing#md5">md5sum</a> and
-verify the <a href=
-"http://www.apache.org/dev/release-signing#openpgp">OpenPGP</a>
-compatible signature from the main Apache site. These can be
-downloaded by following the links above. This <a href=
-"http://www.apache.org/dist/ws/axis2/KEYS">KEYS</a> file contains
-the public keys that can be used for verifying signatures. It is
-recommended that (when possible)a <a href=
-"http://www.apache.org/dev/release-signing#web-of-trust">Web of
-trust</a> is used to confirm the identity of these keys.</p>
-</div>
</body>
</html>
diff --git a/modules/documentation/src/site/xdoc/download/1.4/download.cgi b/modules/documentation/src/site/xdoc/download/1.4/download.cgi
new file mode 100644
index 0000000..8bdb438
--- /dev/null
+++ b/modules/documentation/src/site/xdoc/download/1.4/download.cgi
@@ -0,0 +1,6 @@
+#!/bin/sh
+# Wrapper script around mirrors.cgi script
+# (we must change to that directory in order for python to pick up the
+# python includes correctly)
+cd /www/www.apache.org/dyn/mirrors
+/www/www.apache.org/dyn/mirrors/mirrors.cgi $*
\ No newline at end of file
diff --git a/modules/documentation/src/site/xdoc/download/1.4/download.xml b/modules/documentation/src/site/xdoc/download/1.4/download.xml
new file mode 100644
index 0000000..ca564c0
--- /dev/null
+++ b/modules/documentation/src/site/xdoc/download/1.4/download.xml
@@ -0,0 +1,82 @@
+<!--
+~ Licensed to the Apache Software Foundation (ASF) under one
+~ or more contributor license agreements. See the NOTICE file
+~ distributed with this work for additional information
+~ regarding copyright ownership. The ASF licenses this file
+~ to you under the Apache License, Version 2.0 (the
+~ "License"); you may not use this file except in compliance
+~ with the License. You may obtain a copy of the License at
+~
+~ http://www.apache.org/licenses/LICENSE-2.0
+~
+~ Unless required by applicable law or agreed to in writing,
+~ software distributed under the License is distributed on an
+~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+~ KIND, either express or implied. See the License for the
+~ specific language governing permissions and limitations
+~ under the License.
+-->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta name="generator" content=
+"HTML Tidy for Windows (vers 14 June 2007), see www.w3.org" />
+<meta http-equiv="content-type" content="" />
+<title>Apache Rampart 1.4 Release</title>
+</head>
+<body>
+<!--Google Anayitcs tracking code-->
+<script type="text/javascript" src=
+"http://www.google-analytics.com/urchin.js">
+</script><script type="text/javascript">
+//<![CDATA[
+_uacct = "UA-1954378-3";
+urchinTracker();
+//]]>
+</script>
+<!--End of Google Anayitcs tracking code-->
+<h2>Apache Rampart 1.4 Release</h2>
+<div>
+<table border="1" cellpadding="1">
+<tbody>
+<tr>
+<th scope="col">Distribution Name</th>
+<th scope="col">Description</th>
+<!--<th scope="col">Items</th>-->
+<th scope="col">Download</th>
+</tr>
+<tr>
+<td><a name="std-bin" id="std-bin"></a><strong>Standard Binary
+Distribution</strong></td>
+<td>This is the complete version of Apache Rampart and will contain samples
+as well.</td>
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-bin.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-bin.zip" onClick=
+"javascript:urchinTracker ('/downloads/rampart-1.4.zip');">zip</a>
+<a href="http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-bin.zip.md5"
+title="http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-bin.zip.md5">MD5</a>
+<a href="http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-bin.zip.asc"
+title="http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-bin.zip.asc">PGP</a></td>
+</tr>
+<tr>
+<td><a name="src" id="src"></a> <strong>Source
+Distribution</strong></td>
+<td>This will contain the sources of Apache Rampart distribution.</td>
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-src.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-src.zip" onClick=
+"javascript:urchinTracker ('/downloads/rampart-dist-1.4-src.zip');">zip</a>
+<a href=
+"http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-src.zip.md5"
+title=
+"http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-src.zip.md5">MD5</a>
+<a href=
+"http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-src.zip.asc"
+title=
+"http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-src.zip.asc">PGP</a></td>
+</tr>
+</tbody>
+</table>
+</div>
+</body>
+</html>
diff --git a/modules/documentation/src/site/xdoc/download/1.5.1/download.cgi b/modules/documentation/src/site/xdoc/download/1.5.1/download.cgi
new file mode 100644
index 0000000..8bdb438
--- /dev/null
+++ b/modules/documentation/src/site/xdoc/download/1.5.1/download.cgi
@@ -0,0 +1,6 @@
+#!/bin/sh
+# Wrapper script around mirrors.cgi script
+# (we must change to that directory in order for python to pick up the
+# python includes correctly)
+cd /www/www.apache.org/dyn/mirrors
+/www/www.apache.org/dyn/mirrors/mirrors.cgi $*
\ No newline at end of file
diff --git a/modules/documentation/src/site/xdoc/download/1.2/download.xml b/modules/documentation/src/site/xdoc/download/1.5.1/download.xml
similarity index 65%
copy from modules/documentation/src/site/xdoc/download/1.2/download.xml
copy to modules/documentation/src/site/xdoc/download/1.5.1/download.xml
index 3919f15..aae2539 100644
--- a/modules/documentation/src/site/xdoc/download/1.2/download.xml
+++ b/modules/documentation/src/site/xdoc/download/1.5.1/download.xml
@@ -1,125 +1,110 @@
-<!--
-~ Licensed to the Apache Software Foundation (ASF) under one
-~ or more contributor license agreements. See the NOTICE file
-~ distributed with this work for additional information
-~ regarding copyright ownership. The ASF licenses this file
-~ to you under the Apache License, Version 2.0 (the
-~ "License"); you may not use this file except in compliance
-~ with the License. You may obtain a copy of the License at
-~
-~ http://www.apache.org/licenses/LICENSE-2.0
-~
-~ Unless required by applicable law or agreed to in writing,
-~ software distributed under the License is distributed on an
-~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-~ KIND, either express or implied. See the License for the
-~ specific language governing permissions and limitations
-~ under the License.
--->
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta name="generator" content=
-"HTML Tidy for Windows (vers 14 June 2007), see www.w3.org" />
-<meta http-equiv="content-type" content="" />
-<title>Apache Rampart 1.2 Release</title>
-</head>
-<body>
-<!--Google Anayitcs tracking code-->
-<script type="text/javascript" src=
-"http://www.google-analytics.com/urchin.js">
-</script><script type="text/javascript">
-//<![CDATA[
-_uacct = "UA-1954378-3";
-urchinTracker();
-//]]>
-</script>
-<!--End of Google Anayitcs tracking code-->
-<h2>Apache Rampart 1.2 Release</h2>
-<div>
-<table border="1" cellpadding="1">
-<tbody>
-<tr>
-<th scope="col">Distribution Name</th>
-<th scope="col">Description</th>
-<!--<th scope="col">Items</th>-->
-<th scope="col">Download</th>
-</tr>
-<tr>
-<td><a name="std-bin" id="std-bin"></a><strong>Standard Binary
-Distribution</strong></td>
-<td>This is the complete version of Apache Rampart and will contain samples
-as well.</td>
-<td><a href="[preferred]/ws/rampart/1_2/rampart-1.2.zip" title=
-"[preferred]/ws/rampart/1_2/rampart-1.2.zip" onClick=
-"javascript:urchinTracker ('/downloads/rampart-1.2.zip');">zip</a>
-<a href="http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip.md5"
-title="http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip.md5">MD5</a>
-<a href="http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip.asc"
-title="http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip.asc">PGP</a></td>
-</tr>
-<tr>
-<td><a name="src" id="src"></a> <strong>Source
-Distribution</strong></td>
-<td>This will contain the sources of Apache Rampart distribution.</td>
-<td><a href="[preferred]/ws/rampart/1_2/rampart-1.2-src.zip" title=
-"[preferred]/ws/rampart/1_2/rampart-1.2-src.zip" onClick=
-"javascript:urchinTracker ('/downloads/rampart-1.2-src.zip');">zip</a>
-<a href=
-"http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip.md5"
-title=
-"http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip.md5">MD5</a>
-<a href=
-"http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip.asc"
-title=
-"http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip.asc">PGP</a></td>
-</tr>
-<tr>
-<td><strong>Documents Distribution</strong></td>
-<td>This will contain all the documentation in one package.</td>
-<td><a href="[preferred]/ws/rampart/1_2/rampart-1.2-docs.zip" title=
-"[preferred]/ws/rampart/1_2/rampart-1.2-docs.zip" onClick=
-"javascript:urchinTracker ('/downloads/rampart-1.2-docs.zip');">zip</a>
-<a href=
-"http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip.md5"
-title=
-"http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip.md5">MD5</a>
-<a href=
-"http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip.asc"
-title=
-"http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip.asc">PGP</a></td>
-</tr>
-</tbody>
-</table>
-</div>
-<div align="left"><br />
-<p>[if-any logo] <a href="[link]"><img align="right" src="[logo]"
-border="0" /></a>[end] The currently selected mirror is
-<b>[preferred]</b>. If you encounter a problem with this mirror,
-please select another mirror. If all mirrors are failing, there are
-<i>backup</i> mirrors (at the end of the mirrors list) that should
-be available.</p>
-<form action="[location]" method="get" id="SelectMirror" name=
-"SelectMirror">Other mirrors: <select name="Preferred">
-<option value="[http]" selected="selected">[http]</option>
-<option value="[ftp]">[ftp]</option>
-<option value="[backup]">[backup] (backup)</option>
-</select> <input type="submit" value="Change" /></form>
-<p>You may also consult the <a href=
-"http://www.apache.org/mirrors/">complete list of mirrors</a>.</p>
-<p><strong>Note:</strong> when downloading from a mirror please
-check the <a href=
-"http://www.apache.org/dev/release-signing#md5">md5sum</a> and
-verify the <a href=
-"http://www.apache.org/dev/release-signing#openpgp">OpenPGP</a>
-compatible signature from the main Apache site. These can be
-downloaded by following the links above. This <a href=
-"http://www.apache.org/dist/ws/axis2/KEYS">KEYS</a> file contains
-the public keys that can be used for verifying signatures. It is
-recommended that (when possible)a <a href=
-"http://www.apache.org/dev/release-signing#web-of-trust">Web of
-trust</a> is used to confirm the identity of these keys.</p>
-</div>
-</body>
-</html>
+<!--
+~ Licensed to the Apache Software Foundation (ASF) under one
+~ or more contributor license agreements. See the NOTICE file
+~ distributed with this work for additional information
+~ regarding copyright ownership. The ASF licenses this file
+~ to you under the Apache License, Version 2.0 (the
+~ "License"); you may not use this file except in compliance
+~ with the License. You may obtain a copy of the License at
+~
+~ http://www.apache.org/licenses/LICENSE-2.0
+~
+~ Unless required by applicable law or agreed to in writing,
+~ software distributed under the License is distributed on an
+~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+~ KIND, either express or implied. See the License for the
+~ specific language governing permissions and limitations
+~ under the License.
+-->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta name="generator" content=
+"HTML Tidy for Windows (vers 14 June 2007), see www.w3.org" />
+<meta http-equiv="content-type" content="" />
+<title>Apache Rampart 1.5.1 Release</title>
+</head>
+<body>
+<!--Google Anayitcs tracking code-->
+<script type="text/javascript" src=
+"http://www.google-analytics.com/urchin.js">
+</script><script type="text/javascript">
+//<![CDATA[
+_uacct = "UA-1954378-3";
+urchinTracker();
+//]]>
+</script>
+<!--End of Google Anayitcs tracking code-->
+<h2>Apache Rampart 1.5.1 Release</h2>
+<div>
+<table border="1" cellpadding="1">
+<tbody>
+<tr>
+<th scope="col">Distribution Name</th>
+<th scope="col">Description</th>
+<!--<th scope="col">Items</th>-->
+<th scope="col">Download</th>
+</tr>
+<tr>
+<td><a name="std-bin" id="std-bin"></a><strong>Standard Binary
+Distribution</strong></td>
+<td>This is the complete version of Apache Rampart and will contain samples
+as well.</td>
+<td><a href="[preferred]/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip" title=
+ "[preferred]/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip" onClick=
+"javascript:urchinTracker ('/downloads/rampart-1.5.1.zip');">zip</a>
+<a href="http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip.md5"
+ title="http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip.md5">MD5</a>
+<a href="http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip.asc"
+ title="http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip.asc">PGP</a></td>
+</tr>
+<tr>
+<td><a name="src" id="src"></a> <strong>Source
+Distribution</strong></td>
+<td>This will contain the sources of Apache Rampart distribution.</td>
+<td><a href="[preferred]/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip" title=
+ "[preferred]/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip" onClick=
+"javascript:urchinTracker ('/downloads/rampart-1.5.1-src.zip');">zip</a>
+<a href=
+ "http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip.md5"
+title=
+"http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip.md5">MD5</a>
+<a href=
+ "http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip.asc"
+title=
+"http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip.asc">PGP</a></td>
+</tr>
+</tbody>
+</table>
+</div>
+<div align="left"><br />
+<p>[if-any logo] <a href="[link]"><img align="right" src="[logo]"
+border="0" /></a>[end] The currently selected mirror is
+<b>[preferred]</b>. If you encounter a problem with this mirror,
+please select another mirror. If all mirrors are failing, there are
+<i>backup</i> mirrors (at the end of the mirrors list) that should
+be available.</p>
+<form action="[location]" method="get" id="SelectMirror" name=
+"SelectMirror">Other mirrors: <select name="Preferred">
+<option value="[http]" selected="selected">[http]</option>
+<option value="[ftp]">[ftp]</option>
+<option value="[backup]">[backup] (backup)</option>
+</select> <input type="submit" value="Change" /></form>
+<p>You may also consult the <a href=
+"http://www.apache.org/mirrors/">complete list of mirrors</a>.</p>
+<p><strong>Note:</strong> when downloading from a mirror please
+check the <a href=
+"http://www.apache.org/dev/release-signing#md5">md5sum</a> and
+verify the <a href=
+"http://www.apache.org/dev/release-signing#openpgp">OpenPGP</a>
+compatible signature from the main Apache site. These can be
+downloaded by following the links above. This <a href=
+"http://www.apache.org/dist/ws/axis2/KEYS">KEYS</a> file contains
+the public keys that can be used for verifying signatures. It is
+recommended that (when possible)a <a href=
+"http://www.apache.org/dev/release-signing#web-of-trust">Web of
+trust</a> is used to confirm the identity of these keys.</p>
+</div>
+</body>
+</html>
diff --git a/modules/documentation/src/site/xdoc/download/1.5/download.cgi b/modules/documentation/src/site/xdoc/download/1.5/download.cgi
new file mode 100644
index 0000000..8bdb438
--- /dev/null
+++ b/modules/documentation/src/site/xdoc/download/1.5/download.cgi
@@ -0,0 +1,6 @@
+#!/bin/sh
+# Wrapper script around mirrors.cgi script
+# (we must change to that directory in order for python to pick up the
+# python includes correctly)
+cd /www/www.apache.org/dyn/mirrors
+/www/www.apache.org/dyn/mirrors/mirrors.cgi $*
\ No newline at end of file
diff --git a/modules/documentation/src/site/xdoc/download/1.5/download.xml b/modules/documentation/src/site/xdoc/download/1.5/download.xml
new file mode 100644
index 0000000..89f6c90
--- /dev/null
+++ b/modules/documentation/src/site/xdoc/download/1.5/download.xml
@@ -0,0 +1,82 @@
+<!--
+~ Licensed to the Apache Software Foundation (ASF) under one
+~ or more contributor license agreements. See the NOTICE file
+~ distributed with this work for additional information
+~ regarding copyright ownership. The ASF licenses this file
+~ to you under the Apache License, Version 2.0 (the
+~ "License"); you may not use this file except in compliance
+~ with the License. You may obtain a copy of the License at
+~
+~ http://www.apache.org/licenses/LICENSE-2.0
+~
+~ Unless required by applicable law or agreed to in writing,
+~ software distributed under the License is distributed on an
+~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+~ KIND, either express or implied. See the License for the
+~ specific language governing permissions and limitations
+~ under the License.
+-->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta name="generator" content=
+"HTML Tidy for Windows (vers 14 June 2007), see www.w3.org" />
+<meta http-equiv="content-type" content="" />
+<title>Apache Rampart 1.5 Release</title>
+</head>
+<body>
+<!--Google Anayitcs tracking code-->
+<script type="text/javascript" src=
+"http://www.google-analytics.com/urchin.js">
+</script><script type="text/javascript">
+//<![CDATA[
+_uacct = "UA-1954378-3";
+urchinTracker();
+//]]>
+</script>
+<!--End of Google Anayitcs tracking code-->
+<h2>Apache Rampart 1.5 Release</h2>
+<div>
+<table border="1" cellpadding="1">
+<tbody>
+<tr>
+<th scope="col">Distribution Name</th>
+<th scope="col">Description</th>
+<!--<th scope="col">Items</th>-->
+<th scope="col">Download</th>
+</tr>
+<tr>
+<td><a name="std-bin" id="std-bin"></a><strong>Standard Binary
+Distribution</strong></td>
+<td>This is the complete version of Apache Rampart and will contain samples
+as well.</td>
+<td><a href="http://archive.apache.org/dist/axis/axis2/java/rampart/1.5/rampart-dist-1.5-bin.zip" title=
+"http://archive.apache.org/dist/axis/axis2/java/rampart/1.5/rampart-dist-1.5-bin.zip" onClick=
+"javascript:urchinTracker ('/downloads/rampart-1.5.zip');">zip</a>
+<a href="http://archive.apache.org/dist/axis/axis2/java/rampart/1.5/rampart-dist-1.5-bin.zip.md5"
+title="http://archive.apache.org/dist/axis/axis2/java/rampart/1.5/rampart-dist-1.5-bin.zip.md5">MD5</a>
+<a href="http://archive.apache.org/dist/axis/axis2/java/rampart/1.5/rampart-dist-1.5-bin.zip.asc"
+title="http://archive.apache.org/dist/axis/axis2/java/rampart/1.5/rampart-dist-1.5-bin.zip.asc">PGP</a></td>
+</tr>
+<tr>
+<td><a name="src" id="src"></a> <strong>Source
+Distribution</strong></td>
+<td>This will contain the sources of Apache Rampart distribution.</td>
+<td><a href="http://archive.apache.org/dist/axis/axis2/java/rampart/1.5/rampart-dist-1.5-src.zip" title=
+"http://archive.apache.org/dist/axis/axis2/java/rampart/1.5/rampart-dist-1.5-src.zip" onClick=
+"javascript:urchinTracker ('/downloads/rampart-dist-1.5-src.zip');">zip</a>
+<a href=
+"http://archive.apache.org/dist/axis/axis2/java/rampart/1.5/rampart-dist-1.5-src.zip.md5"
+title=
+"http://archive.apache.org/dist/axis/axis2/java/rampart/1.5/rampart-dist-1.5-src.zip.md5">MD5</a>
+<a href=
+"http://archive.apache.org/dist/axis/axis2/java/rampart/1.5/rampart-dist-1.5-src.zip.asc"
+title=
+"http://archive.apache.org/dist/axis/axis2/java/rampart/1.5/rampart-dist-1.5-src.zip.asc">PGP</a></td>
+</tr>
+</tbody>
+</table>
+</div>
+</body>
+</html>
diff --git a/modules/documentation/src/site/xdoc/rampartconfig-guide.xml b/modules/documentation/src/site/xdoc/rampartconfig-guide.xml
index 3dccfb6..1536bae 100644
--- a/modules/documentation/src/site/xdoc/rampartconfig-guide.xml
+++ b/modules/documentation/src/site/xdoc/rampartconfig-guide.xml
@@ -43,14 +43,14 @@
</td></tr>
<tr class="b"><td>encryptionCypto</td><td>properties to needed perform signature, such as crypto
provider, keystore and its password</td><td>
-<pre>
+<pre>
<encryptionCypto>
....crypto element ......
</encryptionCypto>
</pre></td></tr>
<tr class="a"><td>decryptionCrypto</td><td>properties to needed perform signature, such as crypto
provider, keystore and its password</td><td>
-<pre>
+<pre>
<decryptionCrypto>
....crypto element ......
</decryptionCrypto></pre></td></tr>
@@ -67,10 +67,66 @@
the org.apache.ws.security.components.crypto.Crypto interface to provide the
crypto information required by WSS4J. The other properties defined are the
configuration properties used by the implementation class
-(org.apache.ws.security.components.crypto.Merlin).
+(org.apache.ws.security.components.crypto.Merlin).
<br></br>
-<a name="ref"></a><a name="references"></a></p>
-<a name="References"></a>
-<h3>References</h3>1. <a href="http://ws.apache.org/wss4j">Apache WSS4J -Home</a>
+ <a name="ref"></a>
+ <a name="references"></a>
+ </p>
+ <a name="References"></a>
+ <h3>Crypto Caching</h3>
+ <p>Enabling caching of crypto objects will improve the performance of security processing.
+ After
+ enabling crypto caching, the crypto objects will be read from a cache instead of
+ constructing them by reading the keystore files.
+ </p>
+ <p>To enable caching of Crypto objects, two attributes should be added to the crypto elements
+ of signatureCrypto/encryptionCrypto of RampartConfig.
+ </p>
+ <ol>
+ <li xmlns="http://www.w3.org/1999/xhtml" xml:space="preserve">
+ <b>cryptoKey</b> - <p>As the value of this attribute, specify the property of a Crypto
+ implementation which points to the location of the keystore. For example in
+ Merlin, the
+ property "org.apache.ws.security.crypto.merlin.file" is unique and its pointing to
+ the
+ location of the keystore. Absence of this attribute will not enable caching.</p>
+ </li>
+ <li xmlns="http://www.w3.org/1999/xhtml" xml:space="preserve">
+ <b>cacheRefreshInterval</b> - <p>This is the cache refresh interval specified in
+ milliseconds. Any
+ object that resides in the cache longer than this period will be considered as
+ expired.
+ Cache will not be refreshed if this attribute is not present in the configuration.
+ If you
+ do not want to refresh the cache, provide only the "cryptoKey" attribute.</p>
+ </li>
+ </ol>
+ <p>
+ A sample configuration is provided below. It uses the Merlin crypto implementation for
+ signing and encryption. Here, the value of the cryptoKey attribute is eqaul to
+ "org.apache.ws.security.crypto.merlin.file" and the cache refresh interval is 300000
+ milliseconds.
+ </p>
+ <pre xmlns="http://www.w3.org/1999/xhtml" xml:space="preserve">
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin" cryptoKey="org.apache.ws.security.crypto.merlin.file" cacheRefreshInterval="300000">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">servicePW</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin" cryptoKey="org.apache.ws.security.crypto.merlin.file" cacheRefreshInterval="300000>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </pre>
+ <br></br>
+ <h3>References</h3>1.
+ <a href="http://ws.apache.org/wss4j">Apache WSS4J -Home</a>
</body>
</html>
diff --git a/modules/documentation/src/site/xdoc/svn.xml b/modules/documentation/src/site/xdoc/svn.xml
index 21da0ff..7e0d679 100644
--- a/modules/documentation/src/site/xdoc/svn.xml
+++ b/modules/documentation/src/site/xdoc/svn.xml
@@ -55,13 +55,13 @@ Subversion repository, you must use one of the following URLs
depending on your level of access to the Rampart source code:</p>
<ul>
<li><b>If you are not a committer:</b> <a href=
-"http://svn.apache.org/repos/asf/webservices/rampart/trunk/java"
+"http://svn.apache.org/repos/asf/axis/axis2/java/rampart/trunk"
target=
-"_blank">http://svn.apache.org/repos/asf/webservices/rampart/trunk/java</a></li>
+"_blank">http://svn.apache.org/repos/asf/axis/axis2/java/rampart/trunk</a></li>
<li><b>If you are a committer:</b> <a href=
-"https://svn.apache.org/repos/asf/webservices/rampart/trunk/java"
+"https://svn.apache.org/repos/asf/axis/axis2/java/rampart/trunk"
target=
-"_blank">https://svn.apache.org/repos/asf/webservices/rampart/trunk/java</a></li>
+"_blank">https://svn.apache.org/repos/asf/axis/axis2/java/rampart/trunk</a></li>
</ul>
If you are a committer, make sure that you have selected an
svnpasswd. To do this, you must log into svn.apache.org. For more
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/AbstractUniqueMessageAttributeCache.java b/modules/rampart-core/src/main/java/org/apache/rampart/AbstractUniqueMessageAttributeCache.java
new file mode 100644
index 0000000..0cf3e3f
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/AbstractUniqueMessageAttributeCache.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rampart;
+
+/**
+ * An abstract class which implements UniqueMessageAttributeCache interface.
+ */
+public abstract class AbstractUniqueMessageAttributeCache implements UniqueMessageAttributeCache {
+
+ /**
+ * Maximum lift time of a cached value. If cached value exceeds this value it will be discarded.
+ */
+ private int maximumLifeTimeOfNonce = 60 * 5;
+
+ /**
+ * Default constructor.
+ */
+ public AbstractUniqueMessageAttributeCache()
+ {
+ }
+
+ /**
+ * Constructor with maximum life time as a parameter.
+ * @param maxTime Maximum life time in seconds.
+ */
+ public AbstractUniqueMessageAttributeCache(int maxTime)
+ {
+ maximumLifeTimeOfNonce = maxTime;
+ }
+
+ /**
+ * Sets the maximum life time of a message id.
+ * @param maxTime Maximum life time in seconds.
+ */
+ public void setMaximumLifeTimeOfAnAttribute(int maxTime)
+ {
+ maximumLifeTimeOfNonce = maxTime;
+ }
+
+ /**
+ * Gets the maximum life time of a message id.
+ * @return Gets message id life time in seconds.
+ */
+ public int getMaximumLifeTimeOfAnAttribute()
+ {
+ return maximumLifeTimeOfNonce;
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/NonceCache.java b/modules/rampart-core/src/main/java/org/apache/rampart/NonceCache.java
new file mode 100644
index 0000000..a0681fa
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/NonceCache.java
@@ -0,0 +1,160 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rampart;
+
+import java.util.*;
+import java.util.concurrent.locks.ReentrantLock;
+
+/**
+ * This is a basic implementation of UniqueMessageAttributeCache. In this implementation we will cache incomming
+ * nonce value for a period of time. The life time can be defined in the services.xml. If not defined
+ * the default value will be 5 minutes.
+ */
+public class NonceCache extends AbstractUniqueMessageAttributeCache {
+
+ class Nonce
+ {
+ String nonceValue;
+ String userName;
+
+ public Nonce(String nonce, String user)
+ {
+ this.nonceValue = nonce;
+ this.userName = user;
+ }
+
+ @Override
+ public boolean equals(Object another)
+ {
+ if (another == null){
+ return false;
+ }
+
+ if (another == this) {
+ return true;
+ }
+
+ if (!(another instanceof Nonce)){
+ return false;
+ }
+
+
+ Nonce otherNonce = (Nonce)another;
+ if (this.userName.equals(otherNonce.userName) && this.nonceValue.equals(otherNonce.nonceValue))
+ {
+ return true;
+ }
+ return false;
+ }
+
+ @Override
+ public int hashCode()
+ {
+ return (this.userName.hashCode() * 13 + this.nonceValue.hashCode() * 7);
+ }
+ }
+
+ private Map<Nonce, Calendar> mapIdNonce = new HashMap<Nonce, Calendar>();
+
+ private final ReentrantLock lock = new ReentrantLock();
+
+ public NonceCache()
+ {
+ super();
+ }
+
+ public NonceCache(int maxLifeTime)
+ {
+ super(maxLifeTime);
+ }
+
+ /**
+ * @inheritdoc
+ */
+ public void addToCache(String id, String userName) {
+
+ Nonce nonce = new Nonce(id, userName);
+ Calendar rightNow = Calendar.getInstance();
+
+ lock.lock();
+ try {
+ mapIdNonce.put(nonce, rightNow);
+ } finally {
+ lock.unlock();
+ }
+
+ }
+
+ /**
+ * @inheritdoc
+ */
+ public boolean valueExistsInCache(String id, String userName) {
+
+ lock.lock();
+
+ try {
+ clearStaleNonceIds();
+ } finally {
+ lock.unlock();
+ }
+
+ Nonce nonce = new Nonce(id, userName);
+ return mapIdNonce.containsKey(nonce);
+ }
+
+ /**
+ * @inheritdoc
+ */
+ public void clearCache() {
+
+ lock.lock();
+ try {
+ mapIdNonce.clear();
+ } finally {
+ lock.unlock();
+ }
+ }
+
+ /**
+ * This method will clear stale nonce ids from the map.
+ */
+ private void clearStaleNonceIds()
+ {
+ Calendar rightNow = Calendar.getInstance();
+
+ int maxLifeTime = getMaximumLifeTimeOfAnAttribute();
+
+ rightNow.add(Calendar.SECOND, -(maxLifeTime));
+ long timeBeforeMaxLifeTime = rightNow.getTimeInMillis();
+
+ Iterator iterator = mapIdNonce.entrySet().iterator();
+
+ while (iterator.hasNext()) {
+
+ Map.Entry pair = (Map.Entry)iterator.next();
+ Calendar itemDate = (Calendar)pair.getValue();
+
+ long itemAddedTime = itemDate.getTimeInMillis();
+
+ if (timeBeforeMaxLifeTime > itemAddedTime)
+ {
+ iterator.remove();
+ }
+ }
+
+
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java b/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
index a0d24c5..3f69f8e 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
@@ -495,7 +495,7 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
.get(WSSecurityEngineResult.TAG_ACTION);
int action = actInt.intValue();
if(WSConstants.SIGN == action || WSConstants.ENCR == action) {
- sigEncrActions.add(new Integer(action));
+ sigEncrActions.add(Integer.valueOf(action));
}
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/Rampart.java b/modules/rampart-core/src/main/java/org/apache/rampart/Rampart.java
index 87cac0e..72f2316 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/Rampart.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/Rampart.java
@@ -23,6 +23,9 @@ import org.apache.axis2.description.AxisModule;
import org.apache.axis2.modules.Module;
import org.apache.neethi.Assertion;
import org.apache.neethi.Policy;
+import org.apache.rampart.policy.model.RampartConfig;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SP12Constants;
public class Rampart implements Module /* , ModulePolicyExtension */ {
@@ -48,8 +51,18 @@ public class Rampart implements Module /* , ModulePolicyExtension */ {
}
public boolean canSupportAssertion(Assertion assertion) {
- //TODO doesn't we need to check whether policy is security policy or
- // RampartConfig assertion
- return true;
+ if(assertion == null) {
+ return false;
+ }
+
+ String ns = assertion.getName().getNamespaceURI();
+
+ // Rampart module can handle WS-SecurityPolicy 1.1 & 1.2 and RampartConfig assertions
+ if (SP11Constants.SP_NS.equals(ns) || SP12Constants.SP_NS.equals(ns) || RampartConfig.NS.equals(ns)) {
+ return true;
+ } else {
+ return false;
+ }
+
}
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java b/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
index 5e3e5b8..3d20bba 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
@@ -18,6 +18,8 @@ package org.apache.rampart;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.soap.*;
+import org.apache.axiom.soap.SOAP11Constants;
+import org.apache.axiom.soap.SOAP12Constants;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
import org.apache.commons.logging.Log;
@@ -30,10 +32,7 @@ import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.util.Axis2Util;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSecurityEngine;
-import org.apache.ws.security.WSSecurityEngineResult;
-import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.*;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.saml.SAMLKeyInfo;
import org.apache.ws.security.saml.SAMLUtil;
@@ -41,6 +40,7 @@ import org.opensaml.SAMLAssertion;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Subject;
import org.opensaml.saml2.core.SubjectConfirmationData;
+import org.opensaml.saml2.core.Conditions;
import javax.xml.namespace.QName;
import java.security.Principal;
@@ -53,7 +53,8 @@ import java.util.Vector;
public class RampartEngine {
private static Log log = LogFactory.getLog(RampartEngine.class);
- private static Log tlog = LogFactory.getLog(RampartConstants.TIME_LOG);
+ private static Log tlog = LogFactory.getLog(RampartConstants.TIME_LOG);
+ private static ServiceNonceCache serviceNonceCache = new ServiceNonceCache();
public Vector process(MessageContext msgCtx) throws WSSPolicyException,
RampartException, WSSecurityException, AxisFault {
@@ -182,10 +183,29 @@ public class RampartEngine {
final Assertion assertion = (Assertion) wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
String id = assertion.getID();
Subject subject = assertion.getSubject();
- SubjectConfirmationData scData = subject.getSubjectConfirmations()
- .get(0).getSubjectConfirmationData();
- Date dateOfCreation = scData.getNotBefore().toDate();
- Date dateOfExpiration = scData.getNotOnOrAfter().toDate();
+
+ Date dateOfCreation = null;
+ Date dateOfExpiration = null;
+
+ //Read the validity period from the 'Conditions' element, else read it from SC Data
+ if (assertion.getConditions() != null) {
+ Conditions conditions = assertion.getConditions();
+ if (conditions.getNotBefore() != null) {
+ dateOfCreation = conditions.getNotBefore().toDate();
+ }
+ if (conditions.getNotOnOrAfter() != null) {
+ dateOfExpiration = conditions.getNotOnOrAfter().toDate();
+ }
+ } else {
+ SubjectConfirmationData scData = subject.getSubjectConfirmations()
+ .get(0).getSubjectConfirmationData();
+ if (scData.getNotBefore() != null) {
+ dateOfCreation = scData.getNotBefore().toDate();
+ }
+ if (scData.getNotOnOrAfter() != null) {
+ dateOfExpiration = scData.getNotOnOrAfter().toDate();
+ }
+ }
// TODO : SAML2KeyInfo element needs to be moved to WSS4J.
SAML2KeyInfo saml2KeyInfo = SAML2Utils.
@@ -230,9 +250,42 @@ public class RampartEngine {
}
} else if (WSConstants.UT == actInt.intValue()) {
- String username = ((Principal) wser.get(WSSecurityEngineResult.TAG_PRINCIPAL))
- .getName();
+
+ WSUsernameTokenPrincipal userNameTokenPrincipal = (WSUsernameTokenPrincipal)wser.get(WSSecurityEngineResult.TAG_PRINCIPAL);
+
+ String username = userNameTokenPrincipal.getName();
msgCtx.setProperty(RampartMessageData.USERNAME, username);
+
+ if (userNameTokenPrincipal.getNonce() != null) {
+ // Check whether this is a replay attack. To verify that we need to check whether nonce value
+ // is a repeating one
+ int nonceLifeTimeInSeconds = 0;
+
+ if (rpd.getRampartConfig() != null) {
+
+ String stringLifeTime = rpd.getRampartConfig().getNonceLifeTime();
+
+ try {
+ nonceLifeTimeInSeconds = Integer.parseInt(stringLifeTime);
+
+ } catch (NumberFormatException e) {
+ log.error("Invalid value for nonceLifeTime in rampart configuration file.", e);
+ throw new RampartException(
+ "invalidNonceLifeTime", e);
+
+ }
+ }
+
+ String serviceEndpointName = msgCtx.getAxisService().getEndpointName();
+
+ boolean valueRepeating = serviceNonceCache.isNonceRepeatingForService(serviceEndpointName, username, userNameTokenPrincipal.getNonce());
+
+ if (valueRepeating){
+ throw new RampartException("repeatingNonceValue", new Object[]{ userNameTokenPrincipal.getNonce(), username} );
+ }
+
+ serviceNonceCache.addNonceForService(serviceEndpointName, username, userNameTokenPrincipal.getNonce(), nonceLifeTimeInSeconds);
+ }
} else if (WSConstants.SIGN == actInt.intValue()) {
X509Certificate cert = (X509Certificate) wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
msgCtx.setProperty(RampartMessageData.X509_CERT, cert);
@@ -274,46 +327,41 @@ public class RampartEngine {
private boolean isSecurityFault(RampartMessageData rmd) {
-
- SOAPEnvelope soapEnvelope = rmd.getMsgContext().getEnvelope();
-
- SOAPFault soapFault = soapEnvelope.getBody().getFault();
-
- // This is not a soap fault
- if (soapFault == null) {
- return false;
- }
-
- String soapVersionURI = rmd.getMsgContext().getEnvelope().getNamespace().getNamespaceURI();
-
- if (soapVersionURI.equals(SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI) ) {
-
- SOAPFaultCode faultCode = soapFault.getCode();
-
- // This is a fault processing the security header
- if (faultCode.getTextAsQName().getNamespaceURI().equals(WSConstants.WSSE_NS)) {
- return true;
- }
-
-
- } else if (soapVersionURI.equals(SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI)) {
-
- //TODO AXIOM API returns only one fault sub code, there can be many
- SOAPFaultSubCode faultSubCode = soapFault.getCode().getSubCode();
-
- if (faultSubCode != null) {
- SOAPFaultValue faultSubCodeValue = faultSubCode.getValue();
-
- // This is a fault processing the security header
- if (faultSubCodeValue != null &&
- faultSubCodeValue.getTextAsQName().getNamespaceURI().equals(WSConstants.WSSE_NS)) {
- return true;
- }
- }
-
- }
-
- return false;
- }
+ SOAPEnvelope soapEnvelope = rmd.getMsgContext().getEnvelope();
+ SOAPFault soapFault = soapEnvelope.getBody().getFault();
+
+ // This is not a soap fault
+ if (soapFault == null) {
+ return false;
+ }
+
+ String soapVersionURI = rmd.getMsgContext().getEnvelope().getNamespace().getNamespaceURI();
+ SOAPFaultCode faultCode = soapFault.getCode();
+ if(faultCode == null){
+ //If no fault code is given, then it can't be security fault
+ return false;
+ }
+
+ if (soapVersionURI.equals(SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI)) {
+ // This is a fault processing the security header
+ if (faultCode.getTextAsQName().getNamespaceURI().equals(WSConstants.WSSE_NS)) {
+ return true;
+ }
+ } else if (soapVersionURI.equals(SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI)) {
+ // TODO AXIOM API returns only one fault sub code, there can be many
+ SOAPFaultSubCode faultSubCode = faultCode.getSubCode();
+ if (faultSubCode != null) {
+ SOAPFaultValue faultSubCodeValue = faultSubCode.getValue();
+
+ // This is a fault processing the security header
+ if (faultSubCodeValue != null && faultSubCodeValue.getTextAsQName().
+ getNamespaceURI().equals(WSConstants.WSSE_NS)) {
+ return true;
+ }
+ }
+ }
+
+ return false;
+ }
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java b/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
index 6e1921b..1a1c4be 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
@@ -56,6 +56,7 @@ import org.apache.ws.security.util.WSSecurityUtil;
import org.opensaml.SAMLAssertion;
import org.w3c.dom.Document;
+import java.util.Date;
import java.util.List;
import java.util.Vector;
import java.util.ArrayList;
@@ -369,7 +370,9 @@ public class RampartMessageData {
// To handle scenarios where password type is not set by default.
this.config.setHandleCustomPasswordTypes(true);
- this.customClassLoader = msgCtx.getAxisService().getClassLoader();
+ if (axisService != null) {
+ this.customClassLoader = axisService.getClassLoader();
+ }
if(this.sender && this.policyData != null) {
this.secHeader = new WSSecHeader();
@@ -621,21 +624,19 @@ public class RampartMessageData {
return this.tokenStorage;
}
- TokenStorage storage = (TokenStorage) this.msgContext.getProperty(
+ TokenStorage storage = (TokenStorage) this.msgContext.getConfigurationContext().getProperty(
TokenStorage.TOKEN_STORAGE_KEY);
if (storage != null) {
this.tokenStorage = storage;
} else {
-
if (this.policyData.getRampartConfig() != null &&
this.policyData.getRampartConfig().getTokenStoreClass() != null) {
Class stClass = null;
String storageClass = this.policyData.getRampartConfig()
- .getTokenStoreClass();
+ .getTokenStoreClass();
try {
- stClass = Loader.loadClass(msgContext.getAxisService()
- .getClassLoader(), storageClass);
+ stClass = Loader.loadClass(this.customClassLoader, storageClass);
} catch (ClassNotFoundException e) {
throw new RampartException(
"WSHandler: cannot load token storage class: "
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/ServiceNonceCache.java b/modules/rampart-core/src/main/java/org/apache/rampart/ServiceNonceCache.java
new file mode 100644
index 0000000..ca8c08d
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/ServiceNonceCache.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rampart;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * This class holds nonce information per service.
+ */
+public class ServiceNonceCache {
+
+ private Map<String, UniqueMessageAttributeCache> mapServiceNonceCache = Collections.synchronizedMap(new HashMap<String, UniqueMessageAttributeCache>());
+
+ /**
+ * This method will add a nonce value for a given service.
+ * @param service The service url.
+ * @param userName Given user name.
+ * @param nonceValue Passed nonce value.
+ * @param nonceLifeTime Maximum life span of a nonce value.
+ */
+ public void addNonceForService(String service, String userName, String nonceValue, int nonceLifeTime) {
+
+ UniqueMessageAttributeCache nonceCache;
+ if (this.mapServiceNonceCache.containsKey(service)) {
+ nonceCache = this.mapServiceNonceCache.get(service);
+ } else {
+ nonceCache = new NonceCache(nonceLifeTime);
+ this.mapServiceNonceCache.put(service, nonceCache);
+ }
+
+ nonceCache.addToCache(nonceValue, userName);
+ }
+
+ /**
+ * This method will check whether the nonce value is repeating for the given service.
+ * @param service The service url.
+ * @param userName User name.
+ * @param nonceValue Nonce value.
+ * @return true if nonce value is repeating else false.
+ */
+ public boolean isNonceRepeatingForService(String service, String userName, String nonceValue){
+
+ if (this.mapServiceNonceCache.containsKey(service)) {
+
+ UniqueMessageAttributeCache nonceCache = this.mapServiceNonceCache.get(service);
+ return nonceCache.valueExistsInCache(nonceValue, userName);
+
+ }
+
+ return false;
+
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/UniqueMessageAttributeCache.java b/modules/rampart-core/src/main/java/org/apache/rampart/UniqueMessageAttributeCache.java
new file mode 100644
index 0000000..e5a5d8e
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/UniqueMessageAttributeCache.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rampart;
+
+/**
+ * An interface to cache nonce/sequence number values coming with messages.
+ * This mainly helps to prevent replay attacks. There are few different ways to handle replay attacks.
+ * 1. Cache nonce values.
+ * 2. Use a sequence number.
+ *
+ * "Web Services Security UsernameToken Profile 1.1 OASIS Standard Specification, 1 February 2006" specification only recommends
+ * to cache nonce for a period. But there can be other mechanisms like using sequence number.
+ * Therefore cache is implemented as an interface and later if we need to support sequence number scenario we can easily extend this.
+ * User: aj
+ * Date: Apr 30, 2010
+ * Time: 12:15:52 PM
+ * To change this template use File | Settings | File Templates.
+ */
+public interface UniqueMessageAttributeCache {
+
+ /**
+ * Sets the maximum life time of a message id.
+ * @param maxTime Maximum life time in seconds.
+ */
+ public void setMaximumLifeTimeOfAnAttribute(int maxTime);
+
+ /**
+ * Gets the maximum life time of a message id.
+ * @return Gets message id life time in seconds.
+ */
+ public int getMaximumLifeTimeOfAnAttribute();
+
+ /**
+ * Add value to a cache. Value can be sequence or nonce value.
+ * @param id - Nonce value or sequence number.
+ * @param userName - User name parameter value of the UserNameToken.
+ */
+ public void addToCache(String id, String userName);
+
+ /**
+ * Checks whether value already exists in the cache for a given user name.
+ * @param id - Nonce or sequence id value of the newly received message.
+ * @param userName - User name parameter value of the UserName token.
+ * @return Returns true if nonce or sequence id is already received for given user name. Else false.
+ */
+ public boolean valueExistsInCache(String id, String userName);
+
+ /**
+ * Clears all recorded nonce values/sequence numbers.
+ */
+ public void clearCache();
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
index 5c909b8..6c0caeb 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
@@ -175,7 +175,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
encr.setDocument(doc);
RampartUtil.setEncryptionUser(rmd, encr);
encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
- RampartUtil.setKeyIdentifierType(rpd,encr, encryptionToken);
+ RampartUtil.setKeyIdentifierType(rmd, encr, encryptionToken);
encr.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
encr.prepare(doc, RampartUtil.getEncryptionCrypto(config, rmd.getCustomClassLoader()));
@@ -528,7 +528,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
WSSecEncrypt encr = new WSSecEncrypt();
- RampartUtil.setKeyIdentifierType(rpd, encr, encrToken);
+ RampartUtil.setKeyIdentifierType(rmd, encr, encrToken);
encr.setWsConfig(rmd.getConfig());
@@ -616,7 +616,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
if (!(supportingSigToken instanceof X509Token)) {
return;
}
- supportingSig = this.getSignatureBuider(rmd, supportingSigToken,
+ supportingSig = this.getSignatureBuilder(rmd, supportingSigToken,
((X509Token) supportingSigToken).getUserCertAlias());
Element bstElem = supportingSig.getBinarySecurityTokenElement();
if (bstElem != null) {
@@ -719,7 +719,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
}
} else {
- sig = this.getSignatureBuider(rmd, sigToken);
+ sig = this.getSignatureBuilder(rmd, sigToken);
Element bstElem = sig.getBinarySecurityTokenElement();
if(bstElem != null) {
bstElem = RampartUtil.insertSiblingAfter(rmd, this
@@ -765,7 +765,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
WSSecEncrypt encr = new WSSecEncrypt();
- RampartUtil.setKeyIdentifierType(rpd, encr, encrToken);
+ RampartUtil.setKeyIdentifierType(rmd, encr, encrToken);
encr.setWsConfig(rmd.getConfig());
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
index cb8ab37..deba60b 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
@@ -218,7 +218,7 @@ public abstract class BindingBuilder {
WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
try {
- RampartUtil.setKeyIdentifierType(rpd, encrKey, token);
+ RampartUtil.setKeyIdentifierType(rmd, encrKey, token);
RampartUtil.setEncryptionUser(rmd, encrKey);
encrKey.setKeySize(rpd.getAlgorithmSuite().getMaximumSymmetricKeyLength());
encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
@@ -231,13 +231,27 @@ public abstract class BindingBuilder {
}
}
- protected WSSecSignature getSignatureBuider(RampartMessageData rmd, Token token)
- throws RampartException {
- return getSignatureBuider(rmd, token, null);
+ //Deprecated after 1.5 release
+ @Deprecated
+ protected WSSecSignature getSignatureBuider(RampartMessageData rmd,
+ Token token) throws RampartException {
+ return getSignatureBuilder(rmd, token, null);
}
-
+
+ //Deprecated after 1.5 release
+ @Deprecated
protected WSSecSignature getSignatureBuider(RampartMessageData rmd, Token token,
- String userCertAlias) throws RampartException {
+ String userCertAlias) throws RampartException {
+ return getSignatureBuilder(rmd, token, userCertAlias);
+ }
+
+ protected WSSecSignature getSignatureBuilder(RampartMessageData rmd,
+ Token token)throws RampartException {
+ return getSignatureBuilder(rmd, token, null);
+ }
+
+ protected WSSecSignature getSignatureBuilder(RampartMessageData rmd, Token token,
+ String userCertAlias) throws RampartException {
RampartPolicyData rpd = rmd.getPolicyData();
@@ -247,7 +261,7 @@ public abstract class BindingBuilder {
log.debug("Token inclusion: " + token.getInclusion());
- RampartUtil.setKeyIdentifierType(rpd, sig, token);
+ RampartUtil.setKeyIdentifierType(rmd, sig, token);
String user = null;
@@ -370,7 +384,7 @@ public abstract class BindingBuilder {
//We have to use a cert
//Prepare X509 signature
- WSSecSignature sig = this.getSignatureBuider(rmd, token);
+ WSSecSignature sig = this.getSignatureBuilder(rmd, token);
Element bstElem = sig.getBinarySecurityTokenElement();
if(bstElem != null) {
bstElem = RampartUtil.insertSiblingAfter(rmd,
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
index 6d10dd2..2bbfa6e 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
@@ -256,7 +256,7 @@ public class TransportBindingBuilder extends BindingBuilder {
} else {
try {
- WSSecSignature sig = this.getSignatureBuider(rmd, token);
+ WSSecSignature sig = this.getSignatureBuilder(rmd, token);
sig.appendBSTElementToHeader(rmd.getSecHeader());
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties b/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
index 04e7507..3c4cda5 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
@@ -95,4 +95,7 @@ signedElementNotSigned = Element must be signed : {0}
bodyNotSigned = Soap Body must be signed
unexprectedSignature = Unexpected signature
invalidTransport = Expected transport is "https" but incoming transport found : \"{0}\"
-requiredElementsMissing = Required Elements not found in the incoming message : {0}
\ No newline at end of file
+requiredElementsMissing = Required Elements not found in the incoming message : {0}
+repeatingNonceValue = Nonce value : {0}, already seen before for user name : {1}. Possibly this could be a replay attack.
+invalidNonceLifeTime = Invalid value for nonceLifeTime in rampart configuration file.
+invalidIssuerAddress = Invalid value for Issuer
\ No newline at end of file
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java
index 0a53077..9525fcf 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java
@@ -159,16 +159,30 @@ public class RampartReceiver implements Handler {
msgContext.setProperty(RampartConstants.SEC_FAULT, Boolean.TRUE);
String soapVersionURI = msgContext.getEnvelope().getNamespace().getNamespaceURI();
- QName invalidSecurity = new QName(WSConstants.INVALID_SECURITY.getNamespaceURI(),WSConstants.INVALID_SECURITY.getLocalPart(),"wsse");
+ QName faultCode = null;
+ /*
+ * Get the faultCode from the thrown WSSecurity exception, if there is one
+ */
+ if (e instanceof WSSecurityException)
+ {
+ faultCode = ((WSSecurityException)e).getFaultCode();
+ }
+ /*
+ * Otherwise default to InvalidSecurity
+ */
+ if (faultCode == null)
+ {
+ faultCode = new QName(WSConstants.INVALID_SECURITY.getNamespaceURI(),WSConstants.INVALID_SECURITY.getLocalPart(),"wsse");
+ }
if (soapVersionURI.equals(SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI) ) {
- throw new AxisFault(invalidSecurity,e.getMessage(),e);
+ throw new AxisFault(faultCode,e.getMessage(),e);
} else if (soapVersionURI.equals(SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI)) {
List subfaultCodes = new ArrayList();
- subfaultCodes.add(invalidSecurity);
+ subfaultCodes.add(faultCode);
throw new AxisFault(Constants.FAULT_SOAP12_SENDER,subfaultCodes,e.getMessage(),e);
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllSender.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllSender.java
index 3a9bf0f..a932aa9 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllSender.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllSender.java
@@ -257,7 +257,7 @@ public class WSDoAllSender extends WSDoAllHandler {
// of the same handler
repetition++;
msgContext.setProperty(WSSHandlerConstants.CURRENT_REPETITON,
- new Integer(repetition));
+ Integer.valueOf(repetition));
this.invoke(msgContext);
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java
index 2f3bb76..d0d061b 100755
--- a/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java
@@ -127,6 +127,7 @@ public class RampartPolicyBuilder {
private static void processTransportBinding(TransportBinding binding, RampartPolicyData rpd) {
binding(binding, rpd);
rpd.setTransportBinding(true);
+ rpd.setTokenProtection(binding.isTokenProtection());
TransportToken transportToken = binding.getTransportToken();
if ( transportToken != null ) {
rpd.setTransportToken(transportToken.getTransportToken());
@@ -233,6 +234,7 @@ public class RampartPolicyBuilder {
if (sep.isSignedParts()) {
rpd.setSignBody(sep.isBody());
rpd.setSignAttachments(sep.isAttachments());
+ rpd.setSignAllHeaders(sep.isSignAllHeaders());
rpd.setSignBodyOptional(sep.isOptional());
rpd.setSignAttachmentsOptional(sep.isOptional());
while (it.hasNext()) {
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java
index b65fd1e..48bc1f2 100755
--- a/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java
@@ -107,6 +107,8 @@ public class RampartPolicyData {
private boolean encryptAttachmentsOptional;
+ private boolean signAllHeaders;
+
private Vector signedParts = new Vector();
private Vector signedElements = new Vector();
@@ -926,6 +928,14 @@ public class RampartPolicyData {
public MTOMAssertion getMTOMAssertion(){
return mtomAssertion;
}
+
+ public boolean isSignAllHeaders() {
+ return signAllHeaders;
+ }
+
+ public void setSignAllHeaders(boolean signAllHeaders) {
+ this.signAllHeaders = signAllHeaders;
+ }
public boolean isMTOMSerialize(){
if(mtomAssertion == null){
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
index 08c6947..6d226c2 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
@@ -103,6 +103,13 @@ public class RampartConfigBuilder implements AssertionBuilder {
}
childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.DEC_CRYPTO_LN));
+ if (childElement != null) {
+ rampartConfig.setDecCryptoConfig((CryptoConfig) factory
+ .build(childElement.getFirstElement()));
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
RampartConfig.NS, RampartConfig.STS_CRYPTO_LN));
if (childElement != null) {
rampartConfig.setStsCryptoConfig((CryptoConfig) factory
@@ -126,6 +133,18 @@ public class RampartConfigBuilder implements AssertionBuilder {
if (childElement != null) {
rampartConfig.setTimestampMaxSkew(childElement.getText().trim());
}
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.NONCE_LIFE_TIME));
+ if (childElement != null) {
+ rampartConfig.setNonceLifeTime(childElement.getText().trim());
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.TOKEN_STORE_CLASS_LN));
+ if (childElement != null) {
+ rampartConfig.setTokenStoreClass(childElement.getText().trim());
+ }
childElement = element.getFirstChildWithName(new QName(
RampartConfig.NS, RampartConfig.OPTIMISE_PARTS));
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/OptimizePartsConfig.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/OptimizePartsConfig.java
index dd6128a..d3d19b9 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/OptimizePartsConfig.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/OptimizePartsConfig.java
@@ -100,6 +100,7 @@ public class OptimizePartsConfig implements Assertion{
while(ite.hasNext()){
String strPrefix = (String)ite.next();
String strURI = (String) namespaces.get(strPrefix);
+ writer.writeStartElement(RampartConfig.NS, NAMESPACE_LN);
writer.writeAttribute(URI_ATTR , strURI);
writer.writeAttribute(PREFIX_ATTR, strPrefix);
writer.writeEndElement();
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
index 8526108..45228b9 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
@@ -39,6 +39,7 @@ import javax.xml.stream.XMLStreamWriter;
* <ramp:timestampTTL>300</ramp:timestampTTL>
* <ramp:timestampMaxSkew>0</ramp:timestampMaxSkew>
* <ramp:tokenStoreClass>org.apache.rahas.StorageImpl</ramp:tokenStoreClass>
+ * <ramp:nonceLifeTime>org.apache.rahas.StorageImpl</ramp:nonceLifeTime>
*
* <ramp:signatureCrypto>
* <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
@@ -67,6 +68,8 @@ public class RampartConfig implements Assertion {
public static final int DEFAULT_TIMESTAMP_MAX_SKEW = 300;
+ public static final int DEFAULT_NONCE_LIFE_TIME = 60 * 5; // Default life time of a nonce is 5 minutes
+
public final static String NS = "http://ws.apache.org/rampart/policy";
public final static String PREFIX = "rampart";
@@ -102,6 +105,8 @@ public class RampartConfig implements Assertion {
public final static String TS_MAX_SKEW_LN = "timestampMaxSkew";
public final static String TOKEN_STORE_CLASS_LN = "tokenStoreClass";
+
+ public final static String NONCE_LIFE_TIME = "nonceLifeTime";
public final static String OPTIMISE_PARTS = "optimizeParts";
@@ -138,6 +143,8 @@ public class RampartConfig implements Assertion {
private OptimizePartsConfig optimizeParts;
private String tokenStoreClass;
+
+ private String nonceLifeTime = Integer.toString(DEFAULT_NONCE_LIFE_TIME);
private SSLConfig sslConfig;
@@ -165,6 +172,21 @@ public class RampartConfig implements Assertion {
this.tokenStoreClass = tokenStoreClass;
}
+ /**
+ * @return Returns the life time of a nonce in seconds.
+ */
+ public String getNonceLifeTime() {
+ return this.nonceLifeTime;
+ }
+
+ /**
+ * @param nonceLife
+ * The life time of a nonce to set (in seconds).
+ */
+ public void setNonceLifeTime(String nonceLife) {
+ this.nonceLifeTime = nonceLife;
+ }
+
public CryptoConfig getDecCryptoConfig() {
return decCryptoConfig;
}
@@ -327,6 +349,12 @@ public class RampartConfig implements Assertion {
writer.writeCharacters(getTokenStoreClass());
writer.writeEndElement();
}
+
+ if (getNonceLifeTime() != null) {
+ writer.writeStartElement(NS, NONCE_LIFE_TIME);
+ writer.writeCharacters(getNonceLifeTime());
+ writer.writeEndElement();
+ }
if (encrCryptoConfig != null) {
writer.writeStartElement(NS, ENCR_CRYPTO_LN);
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java b/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java
index 5082f14..8d686d4 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java
@@ -163,7 +163,13 @@ public class Axis2Util {
}
}
-
+ /**
+ * Builds a SOAPEnvelope from DOM Document.
+ * @param doc - The dom document that contains a SOAP message
+ * @param useDoom
+ * @return
+ * @throws WSSecurityException
+ */
public static SOAPEnvelope getSOAPEnvelopeFromDOMDocument(Document doc, boolean useDoom)
throws WSSecurityException {
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/util/HandlerParameterDecoder.java b/modules/rampart-core/src/main/java/org/apache/rampart/util/HandlerParameterDecoder.java
index 92a8f69..4deb569 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/util/HandlerParameterDecoder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/util/HandlerParameterDecoder.java
@@ -149,7 +149,7 @@ public class HandlerParameterDecoder {
}
msgCtx.setProperty(WSSHandlerConstants.SENDER_REPEAT_COUNT,
- new Integer(repetitionCount));
+ Integer.valueOf(repetitionCount));
}
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java b/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
index 1ad547a..6ce74fe 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
@@ -438,18 +438,18 @@ public class RampartUtil {
*/
public static String processIssuerAddress(OMElement issuerAddress)
throws RampartException {
- if(issuerAddress != null && issuerAddress.getText() != null &&
- !"".equals(issuerAddress.getText())) {
- return issuerAddress.getText().trim();
- } else {
- if(issuerAddress != null) {
- throw new RampartException("invalidIssuerAddress",
- new String[] { issuerAddress.toString() });
- } else {
- throw new RampartException("invalidIssuerAddress",
- new String[] { "Issuer address null" });
- }
+
+ if(issuerAddress == null){
+ throw new RampartException("invalidIssuerAddress",
+ new String[] { "Issuer address null" });
+ }
+
+ if(issuerAddress.getText() == null || "".equals(issuerAddress.getText())) {
+ throw new RampartException("invalidIssuerAddress",
+ new String[] { issuerAddress.toString() });
}
+
+ return issuerAddress.getText().trim();
}
/**
@@ -881,6 +881,19 @@ public class RampartUtil {
public static Vector getSignedParts(RampartMessageData rmd) {
RampartPolicyData rpd = rmd.getPolicyData();
SOAPEnvelope envelope = rmd.getMsgContext().getEnvelope();
+
+ //"signAllHeaders" indicates that all the headers should be signed.
+ if (rpd.isSignAllHeaders()) {
+ Iterator childHeaders = envelope.getHeader().getChildElements();
+ while (childHeaders.hasNext()) {
+ OMElement hb = (OMElement) childHeaders.next();
+ if (!(hb.getLocalName().equals(WSConstants.WSSE_LN)
+ && hb.getNamespace().getNamespaceURI().equals(WSConstants.WSSE_NS))) {
+ rpd.addSignedPart(hb.getNamespace().getNamespaceURI(),hb.getLocalName());
+ }
+ }
+ }
+
return getPartsAndElements(true, envelope, rpd.isSignBody()
&& !rpd.isSignBodyOptional(), rpd.getSignedParts(), rpd
.getSignedElements(), rpd.getDeclaredNamespaces());
@@ -1151,9 +1164,12 @@ public class RampartUtil {
* @return
*/
public static boolean checkRequiredElements(SOAPEnvelope envelope, HashMap decNamespaces, String expression ) {
+
+ // The XPath expression must be evaluated against the SOAP header
+ // http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.html#_Toc161826519
+ SOAPHeader header = envelope.getHeader();
-
- Set namespaces = findAllPrefixNamespaces(envelope, decNamespaces);
+ Set namespaces = findAllPrefixNamespaces(header, decNamespaces);
try {
XPath xp = new AXIOMXPath(expression);
@@ -1165,7 +1181,7 @@ public class RampartUtil {
xp.addNamespace(tmpNs.getPrefix(), tmpNs.getNamespaceURI());
}
- List selectedNodes = xp.selectNodes(envelope);
+ List selectedNodes = xp.selectNodes(header);
if (selectedNodes.size() == 0 ) {
return false;
@@ -1288,10 +1304,16 @@ public class RampartUtil {
* the WSS11 and WSS10 assertions
*/
- public static void setKeyIdentifierType(RampartPolicyData rpd, WSSecBase secBase,org.apache.ws.secpolicy.model.Token token) {
-
- if (token.getInclusion() == SPConstants.INCLUDE_TOKEN_NEVER) {
-
+ public static void setKeyIdentifierType(RampartMessageData rmd, WSSecBase secBase,org.apache.ws.secpolicy.model.Token token) {
+
+ // Use a reference rather than the binary security token if: the policy never allows the token to be
+ // included; or this is the recipient and the token should only be included in requests; or this is
+ // the initiator and the token should only be included in responses.
+ final boolean useReference = token.getInclusion() == SPConstants.INCLUDE_TOKEN_NEVER
+ || !rmd.isInitiator() && token.getInclusion() == SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT
+ || rmd.isInitiator() && token.getInclusion() == SPConstants.INCLUDE_TOEKN_ALWAYS_TO_INITIATOR;
+ if (useReference) {
+
boolean tokenTypeSet = false;
if(token instanceof X509Token) {
@@ -1310,6 +1332,7 @@ public class RampartUtil {
}
if (!tokenTypeSet) {
+ final RampartPolicyData rpd = rmd.getPolicyData();
Wss10 wss = rpd.getWss11();
if (wss == null) {
wss = rpd.getWss10();
@@ -1555,7 +1578,26 @@ public class RampartUtil {
if (supportingTokens != null && supportingTokens.getTokens().size() != 0) {
return true;
}
-
+
+ supportingTokens = rpd.getEncryptedSupportingTokens();
+ if (supportingTokens != null && supportingTokens.getTokens().size() != 0) {
+ return true;
+ }
+
+ supportingTokens = rpd.getSignedEncryptedSupportingTokens();
+ if (supportingTokens != null && supportingTokens.getTokens().size() != 0) {
+ return true;
+ }
+
+ supportingTokens = rpd.getEndorsingEncryptedSupportingTokens();
+ if (supportingTokens != null && supportingTokens.getTokens().size() != 0) {
+ return true;
+ }
+
+ supportingTokens = rpd.getSignedEndorsingEncryptedSupportingTokens();
+ if (supportingTokens != null && supportingTokens.getTokens().size() != 0) {
+ return true;
+ }
}
return false;
@@ -1731,4 +1773,4 @@ public class RampartUtil {
}
-}
\ No newline at end of file
+}
diff --git a/modules/rampart-integration/pom.xml b/modules/rampart-integration/pom.xml
index afeb297..2978090 100644
--- a/modules/rampart-integration/pom.xml
+++ b/modules/rampart-integration/pom.xml
@@ -48,7 +48,7 @@
<artifactItem>
<groupId>org.apache.axis2</groupId>
<artifactId>addressing</artifactId>
- <version>${addressing.mar.version}</version>
+ <version>${axis2.version}</version>
<type>mar</type>
<overWrite>true</overWrite>
<outputDirectory>target/artifacts</outputDirectory>
@@ -119,9 +119,9 @@
<phase>process-test-resources</phase>
<configuration>
<tasks>
- <property name="addressing.mar" value="addressing-${addressing.mar.version}.mar"/>
- <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
- tofile="target/test-classes/modules/addressing-${addressing.mar.version}.mar"/>
+ <property name="addressing.mar" value="addressing-${axis2.version}.mar"/>
+ <copy file="target/artifacts/addressing-${axis2.version}.mar"
+ tofile="target/test-classes/modules/addressing-${axis2.version}.mar"/>
<copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
tofile="target/test-classes/modules/rampart-${rampart.mar.version}.mar"/>
@@ -145,8 +145,8 @@
tofile="target/test-resources/rampart_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
<copy file="target/artifacts/rahas-${rahas.mar.version}.mar"
tofile="target/test-resources/rampart_client_repo/modules/rahas-${rahas.mar.version}.mar"/>
- <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
- tofile="target/test-resources/rampart_client_repo/modules/addressing-${addressing.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${axis2.version}.mar"
+ tofile="target/test-resources/rampart_client_repo/modules/addressing-${axis2.version}.mar"/>
<mkdir dir="target/test-resources/rampart_service_repo"/>
<mkdir dir="target/test-resources/rampart_service_repo/conf"/>
<mkdir dir="target/test-resources/rampart_service_repo/services"/>
@@ -155,8 +155,8 @@
tofile="target/test-resources/rampart_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
<copy file="target/artifacts/rahas-${rahas.mar.version}.mar"
tofile="target/test-resources/rampart_service_repo/modules/rahas-${rahas.mar.version}.mar"/>
- <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
- tofile="target/test-resources/rampart_service_repo/modules/addressing-${addressing.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${axis2.version}.mar"
+ tofile="target/test-resources/rampart_service_repo/modules/addressing-${axis2.version}.mar"/>
<!-- Service 1 -->
<copy overwrite="yes"
@@ -332,6 +332,12 @@
tofile="target/temp-ramp/META-INF/services.xml"/>
<jar jarfile="target/test-resources/rampart_service_repo/services/SecureService29.aar"
basedir="target/temp-ramp"/>
+ <!-- Service 30 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-30.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService30.aar"
+ basedir="target/temp-ramp"/>
<!-- Service SC-1 -->
@@ -386,8 +392,8 @@
<mkdir dir="target/test-resources/rahas_client_repo"/>
<mkdir dir="target/test-resources/rahas_client_repo/conf"/>
<mkdir dir="target/test-resources/rahas_client_repo/modules"/>
- <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
- tofile="target/test-resources/rahas_client_repo/modules/addressing-${addressing.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${axis2.version}.mar"
+ tofile="target/test-resources/rahas_client_repo/modules/addressing-${axis2.version}.mar"/>
<copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
tofile="target/test-resources/rahas_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
<!-- Rahas Test1: SAML Token test -->
@@ -399,8 +405,8 @@
tofile="target/test-resources/rahas_service_repo_1/modules/rampart-${rampart.mar.version}.mar"/>
<copy file="target/artifacts/rahas-${rahas.mar.version}.mar"
tofile="target/test-resources/rahas_service_repo_1/modules/rahas-${rahas.mar.version}.mar"/>
- <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
- tofile="target/test-resources/rahas_service_repo_1/modules/addressing-${addressing.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${axis2.version}.mar"
+ tofile="target/test-resources/rahas_service_repo_1/modules/addressing-${axis2.version}.mar"/>
<!-- copy the services.xml and create the aar -->
<copy overwrite="yes"
file="src/test/resources/rahas/s1-services.xml"
@@ -419,8 +425,8 @@
tofile="target/test-resources/rahas_service_repo_3/modules/rampart-${rampart.mar.version}.mar"/>
<copy file="target/artifacts/rahas-${rahas.mar.version}.mar"
tofile="target/test-resources/rahas_service_repo_3/modules/rahas-${rahas.mar.version}.mar"/>
- <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
- tofile="target/test-resources/rahas_service_repo_3/modules/addressing-${addressing.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${axis2.version}.mar"
+ tofile="target/test-resources/rahas_service_repo_3/modules/addressing-${axis2.version}.mar"/>
<!-- copy the services.xml and create the aar -->
<copy overwrite="yes"
file="src/test/resources/rahas/s3-services.xml"
@@ -435,8 +441,8 @@
<mkdir dir="target/test-resources/default_security_client_repo/modules"/>
<copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
tofile="target/test-resources/default_security_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
- <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
- tofile="target/test-resources/default_security_client_repo/modules/addressing-${addressing.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${axis2.version}.mar"
+ tofile="target/test-resources/default_security_client_repo/modules/addressing-${axis2.version}.mar"/>
<copy file="src/test/resources/conf/axis2.xml"
tofile="target/test-resources/default_security_client_repo/conf/axis2.xml"/>
<!--
@@ -450,8 +456,8 @@
tofile="target/test-resources/rahas_service_repo_5/modules/rampart-${rampart.mar.version}.mar"/>
<copy file="target/artifacts/rahas-${rahas.mar.version}.mar"
tofile="target/test-resources/rahas_service_repo_5/modules/rahas-${rahas.mar.version}.mar"/>
- <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
- tofile="target/test-resources/rahas_service_repo_5/modules/addressing-${addressing.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${axis2.version}.mar"
+ tofile="target/test-resources/rahas_service_repo_5/modules/addressing-${axis2.version}.mar"/>
<!-- copy the services.xml and create the aar -->
<copy overwrite="yes"
file="src/test/resources/rahas/s5-services.xml"
@@ -698,15 +704,15 @@
tofile="target/test-resources/complete_client_repo/conf/axis2.xml"/>
<copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
tofile="target/test-resources/complete_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
- <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
- tofile="target/test-resources/complete_client_repo/modules/addressing-${addressing.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${axis2.version}.mar"
+ tofile="target/test-resources/complete_client_repo/modules/addressing-${axis2.version}.mar"/>
<!-- Test with addressing and MTOMservice repository-->
<copy file="src/test/resources/security/complete.service.axis2.xml"
tofile="target/test-resources/complete_service_repo/conf/axis2.xml"/>
<copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
tofile="target/test-resources/complete_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
- <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
- tofile="target/test-resources/complete_service_repo/modules/addressing-${addressing.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${axis2.version}.mar"
+ tofile="target/test-resources/complete_service_repo/modules/addressing-${axis2.version}.mar"/>
<copy file="src/test/resources/security/complete.service.xml"
tofile="target/temp-interop/META-INF/services.xml"
overwrite="true"/>
@@ -765,11 +771,6 @@
</dependency>
<dependency>
<groupId>org.apache.axis2</groupId>
- <artifactId>axis2-transport-tcp</artifactId>
- <version>${axis2.transport.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.axis2</groupId>
<artifactId>axis2-transport-local</artifactId>
<version>${axis2.version}</version>
</dependency>
diff --git a/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilsTCPServer.java b/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilsTCPServer.java
deleted file mode 100644
index 3b70d20..0000000
--- a/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilsTCPServer.java
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * Copyright 2004,2005 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.axis2.integration;
-
-import org.apache.axis2.AxisFault;
-import org.apache.axis2.context.ConfigurationContext;
-import org.apache.axis2.context.ConfigurationContextFactory;
-import org.apache.axis2.context.ServiceGroupContext;
-import org.apache.axis2.description.AxisService;
-import org.apache.axis2.description.AxisServiceGroup;
-import org.apache.axis2.engine.ListenerManager;
-import org.apache.axis2.transport.tcp.TCPServer;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import javax.xml.namespace.QName;
-import java.io.File;
-
-public class UtilsTCPServer {
- private static int count = 0;
-
- private static TCPServer receiver;
-
- public static final int TESTING_PORT = 5555;
-
- public static final String FAILURE_MESSAGE = "Intentional Failure";
-
- private static final Log log = LogFactory.getLog(UtilsTCPServer.class);
-
- public static synchronized void deployService(AxisService service)
- throws AxisFault {
-
- receiver.getConfigurationContext().getAxisConfiguration().addService(service);
- ServiceGroupContext serviceGroupContext = new ServiceGroupContext(
- receiver.getConfigurationContext(), (AxisServiceGroup) service.getParent());
- }
-
- public static synchronized void unDeployService(QName service)
- throws AxisFault {
- receiver.getConfigurationContext().getAxisConfiguration().removeService(
- service.getLocalPart());
- }
-
- public static synchronized void start() throws Exception {
- if (count == 0) {
-
- // start tcp server
-
- File file = new File(org.apache.axis2.Constants.TESTING_REPOSITORY);
- System.out.println(file.getAbsoluteFile());
- if (!file.exists()) {
- throw new Exception("Repository directory does not exist");
- }
-
- ConfigurationContext er = ConfigurationContextFactory.createConfigurationContextFromFileSystem(file
- .getAbsolutePath(), file
- .getAbsolutePath() + "/conf/axis2.xml");
- try {
- Thread.sleep(1000);
- } catch (InterruptedException e1) {
- throw new AxisFault("Thread interuptted", e1);
- }
- receiver = new TCPServer(UtilServer.TESTING_PORT, er);
- receiver.start();
-
- }
- count++;
- }
-
- public static synchronized void stop() throws AxisFault {
- try {
- if (count == 1) {
- receiver.stop();
- count = 0;
- System.out.print("Server stopped .....");
- } else {
- count--;
- }
- } catch (AxisFault e) {
- log.error(e.getMessage(), e);
- }
- receiver.getConfigurationContext().terminate();
- }
-
-}
diff --git a/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java b/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
index d0c4c1e..8b0b84f 100644
--- a/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
+++ b/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
@@ -77,7 +77,7 @@ public class RampartTest extends TestCase {
"Unlimited Strength Jurisdiction Policy !!!");
}
- for (int i = 1; i <= 29; i++) { //<-The number of tests we have
+ for (int i = 1; i <= 30; i++) { //<-The number of tests we have
if(!basic256Supported && (i == 3 || i == 4 || i == 5)) {
//Skip the Basic256 tests
continue;
diff --git a/modules/rampart-integration/src/test/resources/conf/axis2.xml b/modules/rampart-integration/src/test/resources/conf/axis2.xml
index b6a2885..99e7671 100755
--- a/modules/rampart-integration/src/test/resources/conf/axis2.xml
+++ b/modules/rampart-integration/src/test/resources/conf/axis2.xml
@@ -138,20 +138,10 @@
<!--<parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>-->
<!--</transportReceiver>-->
- <transportReceiver name="tcp"
- class="org.apache.axis2.transport.tcp.TCPServer">
- <parameter name="port" locked="false">6060</parameter>
- <!--If you want to give your own host address for EPR generation-->
- <!--uncommet following paramter , and set as you required.-->
- <!--<parameter name="hostname" locked="false">tcp://myApp.com/ws</parameter>-->
- </transportReceiver>
-
<!-- ================================================= -->
<!-- Transport Outs -->
<!-- ================================================= -->
- <transportSender name="tcp"
- class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
<transportSender name="local"
class="org.apache.axis2.transport.local.LocalTransportSender"/>
<transportSender name="http"
diff --git a/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding-saml2-publicKey.xml b/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding-saml2-publicKey.xml
index 0366947..64e084f 100644
--- a/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding-saml2-publicKey.xml
+++ b/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding-saml2-publicKey.xml
@@ -20,7 +20,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding-saml2.xml b/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding-saml2.xml
index 451b415..0bdf5db 100644
--- a/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding-saml2.xml
+++ b/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding-saml2.xml
@@ -20,7 +20,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding.xml b/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding.xml
index ff9595d..6c78786 100644
--- a/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding.xml
+++ b/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding.xml
@@ -20,7 +20,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-transport-binding.xml b/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-transport-binding.xml
index 275cbec..5c3d37d 100644
--- a/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-transport-binding.xml
+++ b/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-transport-binding.xml
@@ -10,7 +10,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-asymm-binding.xml b/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-asymm-binding.xml
index 7827334..5bee490 100644
--- a/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-asymm-binding.xml
+++ b/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-asymm-binding.xml
@@ -23,7 +23,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-symm-binding.xml b/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-symm-binding.xml
index a539223..cbfb4bf 100644
--- a/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-symm-binding.xml
+++ b/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-symm-binding.xml
@@ -16,7 +16,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-transport-binding.xml b/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-transport-binding.xml
index 357b1ec..95f2e45 100644
--- a/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-transport-binding.xml
+++ b/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-transport-binding.xml
@@ -10,7 +10,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/1.xml b/modules/rampart-integration/src/test/resources/rampart/policy/1.xml
index 692f0e4..ca2a2eb 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/1.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/1.xml
@@ -10,7 +10,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/10.xml b/modules/rampart-integration/src/test/resources/rampart/policy/10.xml
index ddd0585..eb976ad 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/10.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/10.xml
@@ -1,4 +1,4 @@
-<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<!--No timestamp test-->
<wsp:ExactlyOne>
<wsp:All>
@@ -24,7 +24,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/13.xml b/modules/rampart-integration/src/test/resources/rampart/policy/13.xml
index 37c6c47..d8d4a2d 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/13.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/13.xml
@@ -10,7 +10,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/14.xml b/modules/rampart-integration/src/test/resources/rampart/policy/14.xml
index 9a9cc84..53585e4 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/14.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/14.xml
@@ -18,7 +18,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/15.xml b/modules/rampart-integration/src/test/resources/rampart/policy/15.xml
index 617b7f2..50437ee 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/15.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/15.xml
@@ -19,7 +19,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/17.xml b/modules/rampart-integration/src/test/resources/rampart/policy/17.xml
index ca24bae..7f861b5 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/17.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/17.xml
@@ -19,7 +19,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/18.xml b/modules/rampart-integration/src/test/resources/rampart/policy/18.xml
index 15ce2bf..119a14d 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/18.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/18.xml
@@ -19,7 +19,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/19.xml b/modules/rampart-integration/src/test/resources/rampart/policy/19.xml
index de7ce86..6fee9e9 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/19.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/19.xml
@@ -19,7 +19,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/2.xml b/modules/rampart-integration/src/test/resources/rampart/policy/2.xml
index a3bf1bb..2c62db3 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/2.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/2.xml
@@ -23,7 +23,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/20.xml b/modules/rampart-integration/src/test/resources/rampart/policy/20.xml
index 817fcff..45117be 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/20.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/20.xml
@@ -19,7 +19,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/21.xml b/modules/rampart-integration/src/test/resources/rampart/policy/21.xml
index f952cf7..e4c7e2a 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/21.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/21.xml
@@ -23,7 +23,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
@@ -46,7 +46,7 @@
</sp:SignedParts>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>not-used</ramp:user>
- <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
<ramp:rampartConfigCallbackClass>org.apache.rampart.RampartConfigUpdater</ramp:rampartConfigCallbackClass>
<ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/22.xml b/modules/rampart-integration/src/test/resources/rampart/policy/22.xml
index 70b4255..c4b3405 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/22.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/22.xml
@@ -20,7 +20,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/23.xml b/modules/rampart-integration/src/test/resources/rampart/policy/23.xml
index e4f7759..0e7f830 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/23.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/23.xml
@@ -20,7 +20,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/24.xml b/modules/rampart-integration/src/test/resources/rampart/policy/24.xml
index f0624d0..7fbe3ce 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/24.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/24.xml
@@ -20,7 +20,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/25.xml b/modules/rampart-integration/src/test/resources/rampart/policy/25.xml
index ca69e05..3a13a38 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/25.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/25.xml
@@ -20,7 +20,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/26.xml b/modules/rampart-integration/src/test/resources/rampart/policy/26.xml
index f42dcb3..d075ccf 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/26.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/26.xml
@@ -24,7 +24,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/27.xml b/modules/rampart-integration/src/test/resources/rampart/policy/27.xml
index 4acdc5e..4671f1c 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/27.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/27.xml
@@ -24,7 +24,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/28.xml b/modules/rampart-integration/src/test/resources/rampart/policy/28.xml
index a5fd12b..d403894 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/28.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/28.xml
@@ -28,7 +28,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/3.xml b/modules/rampart-integration/src/test/resources/rampart/policy/3.xml
index 651188d..897b4bc 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/3.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/3.xml
@@ -23,7 +23,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/28.xml b/modules/rampart-integration/src/test/resources/rampart/policy/30.xml
similarity index 84%
copy from modules/rampart-integration/src/test/resources/rampart/policy/28.xml
copy to modules/rampart-integration/src/test/resources/rampart/policy/30.xml
index a5fd12b..be544e6 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/28.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/30.xml
@@ -1,7 +1,8 @@
-<wsp:Policy wsu:Id="SigOnly"
+<wsp:Policy wsu:Id="RAMPART-218"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
- xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
- <!--No timestamp test-->
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
@@ -11,7 +12,7 @@
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
- <sp:WssX509V3Token10/>
+ <sp:WssX509PkiPathV1Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
@@ -21,14 +22,14 @@
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
- <sp:WssX509V3Token10/>
+ <sp:WssX509PkiPathV1Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:TripleDesRsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
@@ -36,22 +37,22 @@
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
- <sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:AsymmetricBinding>
- <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <wsp:Policy>
+ <sp:Wss10>
+ <sp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
- </wsp:Policy>
+ </sp:Policy>
</sp:Wss10>
- <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <sp:Body/>
- </sp:SignedParts>
+ <sp:EncryptedElements>
+ <sp:XPath xmlns:example1="http://example1.org/example1">//example1:Text</sp:XPath>
+ </sp:EncryptedElements>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>alice</ramp:user>
<ramp:encryptionUser>bob</ramp:encryptionUser>
<ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
<ramp:signatureCrypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
@@ -73,4 +74,4 @@
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
-</wsp:Policy>
+</wsp:Policy>
\ No newline at end of file
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/4.xml b/modules/rampart-integration/src/test/resources/rampart/policy/4.xml
index 4ad5d3b..1d63cc3 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/4.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/4.xml
@@ -23,7 +23,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/5.xml b/modules/rampart-integration/src/test/resources/rampart/policy/5.xml
index 368d94e..47778d8 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/5.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/5.xml
@@ -25,7 +25,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/sc-1.xml b/modules/rampart-integration/src/test/resources/rampart/policy/sc-1.xml
index 9739b9b..c9059e0 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/sc-1.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/sc-1.xml
@@ -68,7 +68,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/sc-3.xml b/modules/rampart-integration/src/test/resources/rampart/policy/sc-3.xml
index 34e4a04..0ce384c 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/sc-3.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/sc-3.xml
@@ -19,7 +19,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
@@ -43,7 +43,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-1.xml b/modules/rampart-integration/src/test/resources/rampart/services-1.xml
index 202210e..c46e922 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-1.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-1.xml
@@ -27,7 +27,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-10.xml b/modules/rampart-integration/src/test/resources/rampart/services-10.xml
index c47a7d4..8129d77 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-10.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-10.xml
@@ -40,7 +40,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-13.xml b/modules/rampart-integration/src/test/resources/rampart/services-13.xml
index 501dffe..711b72f 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-13.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-13.xml
@@ -27,7 +27,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-14.xml b/modules/rampart-integration/src/test/resources/rampart/services-14.xml
index da8cd05..9f2d30c 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-14.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-14.xml
@@ -35,7 +35,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-15.xml b/modules/rampart-integration/src/test/resources/rampart/services-15.xml
index 4b88584..7703394 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-15.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-15.xml
@@ -36,7 +36,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-17.xml b/modules/rampart-integration/src/test/resources/rampart/services-17.xml
index a786dea..886df59 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-17.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-17.xml
@@ -36,7 +36,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-18.xml b/modules/rampart-integration/src/test/resources/rampart/services-18.xml
index 3b5c1a5..beb5a72 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-18.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-18.xml
@@ -36,7 +36,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-19.xml b/modules/rampart-integration/src/test/resources/rampart/services-19.xml
index 39a31cb..2133099 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-19.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-19.xml
@@ -36,7 +36,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-2.xml b/modules/rampart-integration/src/test/resources/rampart/services-2.xml
index d6c6192..0b1f491 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-2.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-2.xml
@@ -44,7 +44,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-20.xml b/modules/rampart-integration/src/test/resources/rampart/services-20.xml
index 4913a3a..8b49810 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-20.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-20.xml
@@ -36,7 +36,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-21.xml b/modules/rampart-integration/src/test/resources/rampart/services-21.xml
index 95eb250..342283f 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-21.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-21.xml
@@ -40,7 +40,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-22.xml b/modules/rampart-integration/src/test/resources/rampart/services-22.xml
index 85c5589..15c28c5 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-22.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-22.xml
@@ -37,7 +37,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-23.xml b/modules/rampart-integration/src/test/resources/rampart/services-23.xml
index cbe5b3d..35baba2 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-23.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-23.xml
@@ -32,7 +32,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-24.xml b/modules/rampart-integration/src/test/resources/rampart/services-24.xml
index 6f2782c..a218b5d 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-24.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-24.xml
@@ -32,7 +32,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-25.xml b/modules/rampart-integration/src/test/resources/rampart/services-25.xml
index 4ef7556..afdcec1 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-25.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-25.xml
@@ -32,7 +32,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-26.xml b/modules/rampart-integration/src/test/resources/rampart/services-26.xml
index 34dd784..7dfe142 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-26.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-26.xml
@@ -40,7 +40,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-27.xml b/modules/rampart-integration/src/test/resources/rampart/services-27.xml
index 5224d6e..57eeed6 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-27.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-27.xml
@@ -40,7 +40,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-28.xml b/modules/rampart-integration/src/test/resources/rampart/services-28.xml
index 8ebd645..0d79cd8 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-28.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-28.xml
@@ -40,7 +40,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-3.xml b/modules/rampart-integration/src/test/resources/rampart/services-3.xml
index 7fc78a7..daeebce 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-3.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-3.xml
@@ -40,7 +40,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-25.xml b/modules/rampart-integration/src/test/resources/rampart/services-30.xml
similarity index 71%
copy from modules/rampart-integration/src/test/resources/rampart/services-25.xml
copy to modules/rampart-integration/src/test/resources/rampart/services-30.xml
index 4ef7556..ab9eb3a 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-25.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-30.xml
@@ -1,4 +1,4 @@
-<service name="SecureService25">
+<service name="SecureService30">
<module ref="addressing"/>
<module ref="rampart"/>
@@ -10,44 +10,53 @@
<actionMapping>urn:echo</actionMapping>
</operation>
- <wsp:Policy wsu:Id="SignedEncryptedElementsEncryptBeforeSigning"
+ <wsp:Policy wsu:Id="RAMPART-218"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:ExactlyOne>
<wsp:All>
- <sp:SymmetricBinding>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
- <sp:ProtectionToken>
+ <sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
- sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
- <sp:RequireThumbprintReference/>
- <sp:WssX509V3Token10/>
+ <sp:WssX509PkiPathV1Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
- </sp:ProtectionToken>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509PkiPathV1Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:TripleDesRsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
- <sp:Lax/>
+ <sp:Strict/>
</wsp:Policy>
</sp:Layout>
- <sp:EncryptBeforeSigning/>
- <sp:IncludeTimestamp/>
- <sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
- </sp:SymmetricBinding>
- <sp:SignedElements>
- <sp:XPath xmlns:example1="http://example1.org/example1">//example1:Text</sp:XPath>
- </sp:SignedElements>
+ </sp:AsymmetricBinding>
+ <sp:Wss10>
+ <sp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </sp:Policy>
+ </sp:Wss10>
<sp:EncryptedElements>
<sp:XPath xmlns:example1="http://example1.org/example1">//example1:Text</sp:XPath>
</sp:EncryptedElements>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-4.xml b/modules/rampart-integration/src/test/resources/rampart/services-4.xml
index 52a2845..3ed6c8a 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-4.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-4.xml
@@ -40,7 +40,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-5.xml b/modules/rampart-integration/src/test/resources/rampart/services-5.xml
index 0a6602c..e446be2 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-5.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-5.xml
@@ -42,7 +42,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-sc-1.xml b/modules/rampart-integration/src/test/resources/rampart/services-sc-1.xml
index e3e029c..caad629 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-sc-1.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-sc-1.xml
@@ -81,7 +81,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-sc-3.xml b/modules/rampart-integration/src/test/resources/rampart/services-sc-3.xml
index 24ea65d..f96e9c8 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-sc-3.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-sc-3.xml
@@ -32,7 +32,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/security/complete.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/complete.service.axis2.xml
index d120cca..61b81d8 100644
--- a/modules/rampart-integration/src/test/resources/security/complete.service.axis2.xml
+++ b/modules/rampart-integration/src/test/resources/security/complete.service.axis2.xml
@@ -32,15 +32,10 @@
<parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
</transportReceiver> -->
- <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
- <parameter name="port" locked="false">6060</parameter>
- </transportReceiver>
-
<!-- ================================================= -->
<!-- Transport Outs -->
<!-- ================================================= -->
- <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
<transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
<transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
<parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
diff --git a/modules/rampart-integration/src/test/resources/security/s1.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/s1.service.axis2.xml
index 8cdf406..916bc6f 100644
--- a/modules/rampart-integration/src/test/resources/security/s1.service.axis2.xml
+++ b/modules/rampart-integration/src/test/resources/security/s1.service.axis2.xml
@@ -23,15 +23,10 @@
<parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
</transportReceiver> -->
- <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
- <parameter name="port" locked="false">6060</parameter>
- </transportReceiver>
-
<!-- ================================================= -->
<!-- Transport Outs -->
<!-- ================================================= -->
- <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
<transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
<transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
<parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
diff --git a/modules/rampart-integration/src/test/resources/security/s2.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/s2.service.axis2.xml
index 4c1bcc5..469f5b4 100644
--- a/modules/rampart-integration/src/test/resources/security/s2.service.axis2.xml
+++ b/modules/rampart-integration/src/test/resources/security/s2.service.axis2.xml
@@ -23,15 +23,10 @@
<parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
</transportReceiver> -->
- <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
- <parameter name="port" locked="false">6060</parameter>
- </transportReceiver>
-
<!-- ================================================= -->
<!-- Transport Outs -->
<!-- ================================================= -->
- <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
<transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
<transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
<parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
diff --git a/modules/rampart-integration/src/test/resources/security/s2a.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/s2a.service.axis2.xml
index 1efb1e7..c8f179a 100644
--- a/modules/rampart-integration/src/test/resources/security/s2a.service.axis2.xml
+++ b/modules/rampart-integration/src/test/resources/security/s2a.service.axis2.xml
@@ -23,15 +23,10 @@
<parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
</transportReceiver> -->
- <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
- <parameter name="port" locked="false">6060</parameter>
- </transportReceiver>
-
<!-- ================================================= -->
<!-- Transport Outs -->
<!-- ================================================= -->
- <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
<transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
<transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
<parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
diff --git a/modules/rampart-integration/src/test/resources/security/s3.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/s3.service.axis2.xml
index 1bae128..f1673b7 100644
--- a/modules/rampart-integration/src/test/resources/security/s3.service.axis2.xml
+++ b/modules/rampart-integration/src/test/resources/security/s3.service.axis2.xml
@@ -23,15 +23,10 @@
<parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
</transportReceiver> -->
- <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
- <parameter name="port" locked="false">6060</parameter>
- </transportReceiver>
-
<!-- ================================================= -->
<!-- Transport Outs -->
<!-- ================================================= -->
- <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
<transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
<transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
<parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
diff --git a/modules/rampart-integration/src/test/resources/security/s4.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/s4.service.axis2.xml
index 3ef5bc8..0718a15 100644
--- a/modules/rampart-integration/src/test/resources/security/s4.service.axis2.xml
+++ b/modules/rampart-integration/src/test/resources/security/s4.service.axis2.xml
@@ -23,15 +23,10 @@
<parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
</transportReceiver> -->
- <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
- <parameter name="port" locked="false">6060</parameter>
- </transportReceiver>
-
<!-- ================================================= -->
<!-- Transport Outs -->
<!-- ================================================= -->
- <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
<transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
<transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
<parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
diff --git a/modules/rampart-integration/src/test/resources/security/s5.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/s5.service.axis2.xml
index 6021a79..c8b80f7 100644
--- a/modules/rampart-integration/src/test/resources/security/s5.service.axis2.xml
+++ b/modules/rampart-integration/src/test/resources/security/s5.service.axis2.xml
@@ -23,15 +23,10 @@
<parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
</transportReceiver> -->
- <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
- <parameter name="port" locked="false">6060</parameter>
- </transportReceiver>
-
<!-- ================================================= -->
<!-- Transport Outs -->
<!-- ================================================= -->
- <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
<transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
<transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
<parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
diff --git a/modules/rampart-integration/src/test/resources/security/s6.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/s6.service.axis2.xml
index 262036a..d9004cc 100644
--- a/modules/rampart-integration/src/test/resources/security/s6.service.axis2.xml
+++ b/modules/rampart-integration/src/test/resources/security/s6.service.axis2.xml
@@ -23,15 +23,10 @@
<parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
</transportReceiver> -->
- <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
- <parameter name="port" locked="false">6060</parameter>
- </transportReceiver>
-
<!-- ================================================= -->
<!-- Transport Outs -->
<!-- ================================================= -->
- <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
<transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
<transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
<parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
diff --git a/modules/rampart-integration/src/test/resources/security/s7.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/s7.service.axis2.xml
index 950dfdd..a3fe551 100644
--- a/modules/rampart-integration/src/test/resources/security/s7.service.axis2.xml
+++ b/modules/rampart-integration/src/test/resources/security/s7.service.axis2.xml
@@ -24,15 +24,10 @@
<parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
</transportReceiver> -->
- <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
- <parameter name="port" locked="false">6060</parameter>
- </transportReceiver>
-
<!-- ================================================= -->
<!-- Transport Outs -->
<!-- ================================================= -->
- <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
<transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
<transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
<parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
diff --git a/modules/rampart-integration/src/test/resources/security/sST1.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/sST1.service.axis2.xml
index 369de66..8ba9fa2 100644
--- a/modules/rampart-integration/src/test/resources/security/sST1.service.axis2.xml
+++ b/modules/rampart-integration/src/test/resources/security/sST1.service.axis2.xml
@@ -23,15 +23,10 @@
<parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
</transportReceiver> -->
- <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
- <parameter name="port" locked="false">6060</parameter>
- </transportReceiver>
-
<!-- ================================================= -->
<!-- Transport Outs -->
<!-- ================================================= -->
- <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
<transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
<transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
<parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
diff --git a/modules/rampart-integration/src/test/resources/security/secMtom.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/secMtom.service.axis2.xml
index 6e782d6..174846f 100644
--- a/modules/rampart-integration/src/test/resources/security/secMtom.service.axis2.xml
+++ b/modules/rampart-integration/src/test/resources/security/secMtom.service.axis2.xml
@@ -24,15 +24,10 @@
<parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
</transportReceiver> -->
- <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
- <parameter name="port" locked="false">6060</parameter>
- </transportReceiver>
-
<!-- ================================================= -->
<!-- Transport Outs -->
<!-- ================================================= -->
- <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
<transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
<transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
<parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSecurityAssertion.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSecurityAssertion.java
index 5c302f2..9ee66b2 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSecurityAssertion.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSecurityAssertion.java
@@ -25,7 +25,7 @@ public abstract class AbstractSecurityAssertion implements Assertion {
private boolean isOptional;
- private boolean normalized = false;
+ private boolean normalized = true;
protected int version;
@@ -50,7 +50,7 @@ public abstract class AbstractSecurityAssertion implements Assertion {
}
public boolean isNormalized() {
- return true;
+ return this.normalized;
}
public PolicyComponent normalize() {
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java
index 6daeb76..062ddcc 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java
@@ -122,9 +122,9 @@ public class SignedEncryptedElements extends AbstractSecurityAssertion {
Iterator<String> namespaces = declaredNamespaces.keySet().iterator();
while(namespaces.hasNext()) {
- prefix = (String) namespaces.next();
- namespaceURI = (String) declaredNamespaces.get(prefix);
- writer.writeNamespace(prefix,namespaceURI);
+ final String declaredPrefix = namespaces.next();
+ final String declaredNamespaceURI = (String) declaredNamespaces.get(declaredPrefix);
+ writer.writeNamespace(declaredPrefix,declaredNamespaceURI);
}
writer.writeCharacters(xpathExpression);
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedParts.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedParts.java
index 671bd3c..fc47d27 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedParts.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedParts.java
@@ -37,6 +37,16 @@ public class SignedEncryptedParts extends AbstractSecurityAssertion {
private ArrayList headers = new ArrayList();
private boolean signedParts;
+
+ private boolean signAllHeaders;
+
+ public boolean isSignAllHeaders() {
+ return signAllHeaders;
+ }
+
+ public void setSignAllHeaders(boolean signAllHeaders) {
+ this.signAllHeaders = signAllHeaders;
+ }
public SignedEncryptedParts(boolean signedParts, int version) {
this.signedParts = signedParts;
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportBinding.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportBinding.java
index ea1520b..123be97 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportBinding.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportBinding.java
@@ -37,9 +37,12 @@ public class TransportBinding extends Binding {
private TransportToken transportToken;
private List transportBindings;
+
+ private boolean tokenProtection;
public TransportBinding(int version) {
super(version);
+ this.tokenProtection = false;
}
/**
* @return Returns the transportToken.
@@ -55,6 +58,21 @@ public class TransportBinding extends Binding {
public void setTransportToken(TransportToken transportToken) {
this.transportToken = transportToken;
}
+
+ /**
+ * @return Returns the tokenProtection.
+ */
+ public boolean isTokenProtection() {
+ return tokenProtection;
+ }
+
+ /**
+ * @param tokenProtection The tokenProtection to set.
+ */
+ public void setTokenProtection(boolean tokenProtection) {
+ this.tokenProtection = tokenProtection;
+ }
+
public List getConfigurations() {
return transportBindings;
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/EncryptedElementsBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/EncryptedElementsBuilder.java
index d9134ee..1301a79 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/EncryptedElementsBuilder.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/EncryptedElementsBuilder.java
@@ -42,8 +42,8 @@ public class EncryptedElementsBuilder implements AssertionBuilder {
OMAttribute isOptional = element.getAttribute(Constants.Q_ELEM_OPTIONAL_ATTR);
if (isOptional != null) {
- signedEncryptedElements.setOptional((new Boolean(isOptional.getAttributeValue())
- .booleanValue()));
+ signedEncryptedElements.setOptional(Boolean.valueOf(isOptional.getAttributeValue())
+ .booleanValue());
}
for (Iterator iterator = element.getChildElements(); iterator.hasNext();) {
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/EncryptedPartsBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/EncryptedPartsBuilder.java
index 33d5f7c..63b69ff 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/EncryptedPartsBuilder.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/EncryptedPartsBuilder.java
@@ -52,8 +52,8 @@ public class EncryptedPartsBuilder implements AssertionBuilder {
OMAttribute isOptional = element
.getAttribute(Constants.Q_ELEM_OPTIONAL_ATTR);
if (isOptional != null) {
- signedEncryptedParts.setOptional((new Boolean(isOptional
- .getAttributeValue()).booleanValue()));
+ signedEncryptedParts.setOptional(Boolean.valueOf(isOptional
+ .getAttributeValue()).booleanValue());
}
return signedEncryptedParts;
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SignedElementsBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SignedElementsBuilder.java
index e426e64..185c8d1 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SignedElementsBuilder.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SignedElementsBuilder.java
@@ -43,8 +43,8 @@ public class SignedElementsBuilder implements AssertionBuilder {
OMAttribute isOptional = element.getAttribute(Constants.Q_ELEM_OPTIONAL_ATTR);
if (isOptional != null) {
- signedEncryptedElements.setOptional((new Boolean(isOptional.getAttributeValue())
- .booleanValue()));
+ signedEncryptedElements.setOptional(Boolean.valueOf(isOptional.getAttributeValue())
+ .booleanValue());
}
for (Iterator iterator = element.getChildElements(); iterator.hasNext();) {
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SignedPartsBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SignedPartsBuilder.java
index 36887be..77909c7 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SignedPartsBuilder.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SignedPartsBuilder.java
@@ -36,13 +36,19 @@ public class SignedPartsBuilder implements AssertionBuilder {
SignedEncryptedParts signedEncryptedParts = new SignedEncryptedParts(true, SPConstants.SP_V11);
OMAttribute isOptional = element.getAttribute(Constants.Q_ELEM_OPTIONAL_ATTR);
if (isOptional != null) {
- signedEncryptedParts.setOptional((new Boolean(isOptional.getAttributeValue())
- .booleanValue()));
+ signedEncryptedParts.setOptional(Boolean.valueOf(isOptional.getAttributeValue())
+ .booleanValue());
}
for (Iterator iterator = element.getChildElements(); iterator.hasNext();) {
processElement((OMElement) iterator.next(), signedEncryptedParts);
}
-
+
+ // Presense of <sp:SignedParts/> enforces the requirement for sign body and all the header blocks
+ if(!element.getChildren().hasNext()){
+ signedEncryptedParts.setBody(true);
+ signedEncryptedParts.setSignAllHeaders(true);
+ }
+
return signedEncryptedParts;
}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SupportingTokensBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SupportingTokensBuilder.java
index d75cbec..57e6b88 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SupportingTokensBuilder.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SupportingTokensBuilder.java
@@ -55,8 +55,8 @@ public class SupportingTokensBuilder implements AssertionBuilder {
OMAttribute isOptional = element.getAttribute(Constants.Q_ELEM_OPTIONAL_ATTR);
if (isOptional != null) {
- supportingToken.setOptional((new Boolean(isOptional.getAttributeValue())
- .booleanValue()));
+ supportingToken.setOptional(Boolean.valueOf(isOptional.getAttributeValue())
+ .booleanValue());
}
Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/UsernameTokenBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/UsernameTokenBuilder.java
index 9757343..084941d 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/UsernameTokenBuilder.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/UsernameTokenBuilder.java
@@ -47,8 +47,8 @@ public class UsernameTokenBuilder implements AssertionBuilder {
OMAttribute isOptional = element.getAttribute(Constants.Q_ELEM_OPTIONAL_ATTR);
if (isOptional != null) {
- usernameToken.setOptional((new Boolean(isOptional.getAttributeValue())
- .booleanValue()));
+ usernameToken.setOptional(Boolean.valueOf(isOptional.getAttributeValue())
+ .booleanValue());
}
OMElement policyElement = element.getFirstElement();
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/X509TokenBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/X509TokenBuilder.java
index d40e3d7..11b4b15 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/X509TokenBuilder.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/X509TokenBuilder.java
@@ -63,8 +63,8 @@ public class X509TokenBuilder implements AssertionBuilder {
OMAttribute isOptional = element.getAttribute(Constants.Q_ELEM_OPTIONAL_ATTR);
if (isOptional != null) {
- x509Token.setOptional((new Boolean(isOptional.getAttributeValue())
- .booleanValue()));
+ x509Token.setOptional(Boolean.valueOf(isOptional.getAttributeValue())
+ .booleanValue());
}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/EncryptedElementsBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/EncryptedElementsBuilder.java
index 388ab84..3c9c8e7 100755
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/EncryptedElementsBuilder.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/EncryptedElementsBuilder.java
@@ -47,8 +47,8 @@ public class EncryptedElementsBuilder implements AssertionBuilder {
OMAttribute isOptional = element
.getAttribute(Constants.Q_ELEM_OPTIONAL_ATTR);
if (isOptional != null) {
- signedEncryptedElements.setOptional((new Boolean(isOptional
- .getAttributeValue()).booleanValue()));
+ signedEncryptedElements.setOptional(Boolean.valueOf(isOptional
+ .getAttributeValue()).booleanValue());
}
return signedEncryptedElements;
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/EncryptedPartsBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/EncryptedPartsBuilder.java
index ced5446..f2ea9bc 100755
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/EncryptedPartsBuilder.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/EncryptedPartsBuilder.java
@@ -52,8 +52,8 @@ public class EncryptedPartsBuilder implements AssertionBuilder {
OMAttribute isOptional = element
.getAttribute(Constants.Q_ELEM_OPTIONAL_ATTR);
if (isOptional != null) {
- signedEncryptedParts.setOptional((new Boolean(isOptional
- .getAttributeValue()).booleanValue()));
+ signedEncryptedParts.setOptional(Boolean.valueOf(isOptional
+ .getAttributeValue()).booleanValue());
}
return signedEncryptedParts;
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SignedElementsBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SignedElementsBuilder.java
index 4ca3fd4..f08d6b0 100755
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SignedElementsBuilder.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SignedElementsBuilder.java
@@ -44,8 +44,8 @@ public class SignedElementsBuilder implements AssertionBuilder {
OMAttribute isOptional = element.getAttribute(Constants.Q_ELEM_OPTIONAL_ATTR);
if (isOptional != null) {
- signedEncryptedElements.setOptional((new Boolean(isOptional.getAttributeValue())
- .booleanValue()));
+ signedEncryptedElements.setOptional(Boolean.valueOf(isOptional.getAttributeValue())
+ .booleanValue());
}
for (Iterator iterator = element.getChildElements(); iterator.hasNext();) {
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SignedPartsBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SignedPartsBuilder.java
index af95efd..7db0a20 100755
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SignedPartsBuilder.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SignedPartsBuilder.java
@@ -41,9 +41,15 @@ public class SignedPartsBuilder implements AssertionBuilder {
OMAttribute isOptional = element.getAttribute(Constants.Q_ELEM_OPTIONAL_ATTR);
if (isOptional != null) {
- signedEncryptedParts.setOptional((new Boolean(isOptional.getAttributeValue())
- .booleanValue()));
+ signedEncryptedParts.setOptional(Boolean.valueOf(isOptional.getAttributeValue())
+ .booleanValue());
}
+
+ //presense of <sp:SignedParts/> enforces the requirement for sign body and all the header blocks
+ if(!element.getChildren().hasNext()){
+ signedEncryptedParts.setBody(true);
+ signedEncryptedParts.setSignAllHeaders(true);
+ }
return signedEncryptedParts;
}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SupportingTokensBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SupportingTokensBuilder.java
index b243761..b43b917 100755
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SupportingTokensBuilder.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SupportingTokensBuilder.java
@@ -71,8 +71,8 @@ public class SupportingTokensBuilder implements AssertionBuilder {
OMAttribute isOptional = element.getAttribute(Constants.Q_ELEM_OPTIONAL_ATTR);
if (isOptional != null) {
- supportingToken.setOptional((new Boolean(isOptional.getAttributeValue())
- .booleanValue()));
+ supportingToken.setOptional(Boolean.valueOf(isOptional.getAttributeValue())
+ .booleanValue());
}
Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/TransportBindingBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/TransportBindingBuilder.java
index c980616..aa40be7 100755
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/TransportBindingBuilder.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/TransportBindingBuilder.java
@@ -77,6 +77,9 @@ public class TransportBindingBuilder implements AssertionBuilder {
} else if (name.equals(SP12Constants.LAYOUT)) {
parent.setLayout((Layout) primitive);
+ } else if (name.equals(SP12Constants.PROTECT_TOKENS)) {
+ parent.setTokenProtection(true);
+
} else if (name.equals(SP12Constants.SIGNED_SUPPORTING_TOKENS)) {
parent.setSignedSupportingToken((SupportingToken) primitive);
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/UsernameTokenBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/UsernameTokenBuilder.java
index f8c1bed..b651a2c 100755
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/UsernameTokenBuilder.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/UsernameTokenBuilder.java
@@ -47,8 +47,8 @@ public class UsernameTokenBuilder implements AssertionBuilder {
OMAttribute isOptional = element.getAttribute(Constants.Q_ELEM_OPTIONAL_ATTR);
if (isOptional != null) {
- usernameToken.setOptional((new Boolean(isOptional.getAttributeValue())
- .booleanValue()));
+ usernameToken.setOptional(Boolean.valueOf(isOptional.getAttributeValue())
+ .booleanValue());
}
OMElement policyElement = element.getFirstElement();
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/X509TokenBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/X509TokenBuilder.java
index ec2ecf4..6f8b293 100755
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/X509TokenBuilder.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/X509TokenBuilder.java
@@ -62,8 +62,8 @@ public class X509TokenBuilder implements AssertionBuilder {
OMAttribute isOptional = element.getAttribute(Constants.Q_ELEM_OPTIONAL_ATTR);
if (isOptional != null) {
- x509Token.setOptional((new Boolean(isOptional.getAttributeValue())
- .booleanValue()));
+ x509Token.setOptional(Boolean.valueOf(isOptional.getAttributeValue())
+ .booleanValue());
}
if (policyElement != null) {
diff --git a/modules/rampart-samples/README.txt b/modules/rampart-samples/README.txt
index ce5e119..136798c 100644
--- a/modules/rampart-samples/README.txt
+++ b/modules/rampart-samples/README.txt
@@ -15,3 +15,7 @@ Please use Apache Ant with the build.xml file available here to copy all jars
and mars to required places.
- Please copy log4j.jar to AXIS2_HOME/lib directory before trying out samples.
+
+ - Please follow the instructions on endorsing the default JAXP implementation
+ available in README.txt of this distribution before invoking
+ Sample 08.(Issuing a SAML 2.0 Token)
diff --git a/modules/rampart-samples/keys/client.jks b/modules/rampart-samples/keys/client.jks
index 3b986ba..19c356d 100644
Binary files a/modules/rampart-samples/keys/client.jks and b/modules/rampart-samples/keys/client.jks differ
diff --git a/modules/rampart-samples/keys/service.jks b/modules/rampart-samples/keys/service.jks
index 71066d1..dec41cb 100644
Binary files a/modules/rampart-samples/keys/service.jks and b/modules/rampart-samples/keys/service.jks differ
diff --git a/modules/rampart-samples/keys/sts.jks b/modules/rampart-samples/keys/sts.jks
index 6327721..89bf663 100644
Binary files a/modules/rampart-samples/keys/sts.jks and b/modules/rampart-samples/keys/sts.jks differ
diff --git a/modules/rampart-samples/policy/build.xml b/modules/rampart-samples/policy/build.xml
index d4e6d35..24cb932 100644
--- a/modules/rampart-samples/policy/build.xml
+++ b/modules/rampart-samples/policy/build.xml
@@ -109,6 +109,17 @@
<create.and.run.client sample.number="07"/>
</target>
+ <!-- Sample Service 08 -->
+ <target name="service.08" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="08"/>
+ </target>
+
+ <!-- Sample Client 08 -->
+ <target name="client.08" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="08"/>
+ </target>
+
+
<target name="clean">
<delete dir="build" />
</target>
diff --git a/modules/rampart-samples/policy/sample-tomcat/policy.xml b/modules/rampart-samples/policy/sample-tomcat/policy.xml
index cd62aaf..8943afd 100644
--- a/modules/rampart-samples/policy/sample-tomcat/policy.xml
+++ b/modules/rampart-samples/policy/sample-tomcat/policy.xml
@@ -11,7 +11,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-samples/policy/sample-tomcat/services.xml b/modules/rampart-samples/policy/sample-tomcat/services.xml
index 8184637..c8be66c 100644
--- a/modules/rampart-samples/policy/sample-tomcat/services.xml
+++ b/modules/rampart-samples/policy/sample-tomcat/services.xml
@@ -37,7 +37,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
@@ -55,7 +55,7 @@
</sp:SignedSupportingTokens>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
- <ramp:passwordCallbackClass>org.apache.rampart.tomcat.sample.PWCBHandler</ramp:passwordCallbackClass>
+ <ramp:passwordCallbackClass>org.apache.rampart.tomcat.sample.PWCBHandler</ramp:passwordCallbackClass>
</ramp:RampartConfig>
</wsp:All>
diff --git a/modules/rampart-samples/policy/sample01/policy.xml b/modules/rampart-samples/policy/sample01/policy.xml
index 7e7209d..3381cd9 100644
--- a/modules/rampart-samples/policy/sample01/policy.xml
+++ b/modules/rampart-samples/policy/sample01/policy.xml
@@ -27,7 +27,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-samples/policy/sample01/services.xml b/modules/rampart-samples/policy/sample01/services.xml
index 24dad18..bd4eb39 100644
--- a/modules/rampart-samples/policy/sample01/services.xml
+++ b/modules/rampart-samples/policy/sample01/services.xml
@@ -37,7 +37,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-samples/policy/sample05/policy.xml b/modules/rampart-samples/policy/sample05/policy.xml
index 76c726e..1807e03 100755
--- a/modules/rampart-samples/policy/sample05/policy.xml
+++ b/modules/rampart-samples/policy/sample05/policy.xml
@@ -19,7 +19,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-samples/policy/sample05/services.xml b/modules/rampart-samples/policy/sample05/services.xml
index dd0f5af..e626e2c 100644
--- a/modules/rampart-samples/policy/sample05/services.xml
+++ b/modules/rampart-samples/policy/sample05/services.xml
@@ -16,11 +16,11 @@
! limitations under the License.
!-->
<!-- services.xml of Sample05 : WS Trust -->
-<serviceGroup>
+<serviceGroup>
<service name="STS">
<module ref="rampart" />
- <module ref="addressing" />
- <module ref="rahas" />
+ <module ref="addressing" />
+ <module ref="rahas" />
<parameter name="saml-issuer-config">
<saml-issuer-config>
<issuerName>SAMPLE_STS</issuerName>
@@ -53,7 +53,7 @@
Valid values are: EncryptedKey & BinarySecret
-->
<proofKeyType>BinarySecret</proofKeyType>
- <trusted-services>
+ <trusted-services>
<service alias="service">*</service>
</trusted-services>
</saml-issuer-config>
@@ -68,7 +68,7 @@
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
- <sp:RequireThumbprintReference/>
+ <sp:RequireThumbprintReference/>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
@@ -78,7 +78,7 @@
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
- <sp:RequireThumbprintReference/>
+ <sp:RequireThumbprintReference/>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
@@ -119,113 +119,113 @@
<ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
</ramp:crypto>
- </ramp:signatureCrypto>
-
+ </ramp:signatureCrypto>
+
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
- </wsp:Policy>
+ </wsp:Policy>
+
+</service>
+<service name="sample05">
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample05.SimpleService</parameter>
+
+ <module ref="rampart" />
+ <module ref="addressing" />
+
+ <wsp:Policy wsu:Id="SgnOnlyAnonymous"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <Issuer xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <Address xmlns="http://www.w3.org/2005/08/addressing">https://kirillgdev04/Security_Federation_SecurityTokenService_Indigo/Symmetric.svc/Scenario_1_IssuedTokenOverTransport_UsernameOverTransport</Address>
+ </Issuer>
+ <sp:RequestSecurityTokenTemplate>
+ <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
+ <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType>
+ <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize>
+ </sp:RequestSecurityTokenTemplate>
+ <wsp:Policy>
+ <sp:RequireInternalReference/>
+ </wsp:Policy>
+ </sp:IssuedToken>
+ </wsp:Policy>
+ </sp:SupportingTokens>
+ <sp:SignedParts>
+ <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>service</ramp:user>
+ <ramp:encryptionUser>client</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample05.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
+
-</service>
-<service name="sample05">
- <operation name="echo">
- <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
- </operation>
- <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample05.SimpleService</parameter>
-
- <module ref="rampart" />
- <module ref="addressing" />
-
- <wsp:Policy wsu:Id="SgnOnlyAnonymous"
- xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
- xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
- xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
- xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <wsp:ExactlyOne>
- <wsp:All>
- <sp:SymmetricBinding>
- <wsp:Policy>
- <sp:ProtectionToken>
- <wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
- <wsp:Policy>
- <sp:RequireThumbprintReference/>
- <sp:WssX509V3Token10/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:ProtectionToken>
- <sp:AlgorithmSuite>
- <wsp:Policy>
- <sp:Basic256/>
- </wsp:Policy>
- </sp:AlgorithmSuite>
- <sp:Layout>
- <wsp:Policy>
- <sp:Lax/>
- </wsp:Policy>
- </sp:Layout>
- <sp:IncludeTimestamp/>
- <sp:OnlySignEntireHeadersAndBody/>
- </wsp:Policy>
- </sp:SymmetricBinding>
- <sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <wsp:Policy>
- <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
- <Issuer xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <Address xmlns="http://www.w3.org/2005/08/addressing">https://kirillgdev04/Security_Federation_SecurityTokenService_Indigo/Symmetric.svc/Scenario_1_IssuedTokenOverTransport_UsernameOverTransport</Address>
- </Issuer>
- <sp:RequestSecurityTokenTemplate>
- <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
- <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType>
- <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize>
- </sp:RequestSecurityTokenTemplate>
- <wsp:Policy>
- <sp:RequireInternalReference/>
- </wsp:Policy>
- </sp:IssuedToken>
- </wsp:Policy>
- </sp:SupportingTokens>
- <sp:SignedParts>
- <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:Body/>
- </sp:SignedParts>
- <sp:Wss11>
- <wsp:Policy>
- <sp:MustSupportRefKeyIdentifier/>
- <sp:MustSupportRefIssuerSerial/>
- <sp:MustSupportRefThumbprint/>
- <sp:MustSupportRefEncryptedKey/>
- <sp:RequireSignatureConfirmation/>
- </wsp:Policy>
- </sp:Wss11>
- <sp:Trust10>
- <wsp:Policy>
- <sp:MustSupportIssuedTokens/>
- <sp:RequireClientEntropy/>
- <sp:RequireServerEntropy/>
- </wsp:Policy>
- </sp:Trust10>
- <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
- <ramp:user>service</ramp:user>
- <ramp:encryptionUser>client</ramp:encryptionUser>
- <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample05.PWCBHandler</ramp:passwordCallbackClass>
-
- <ramp:signatureCrypto>
- <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
- </ramp:crypto>
- </ramp:signatureCrypto>
- </ramp:RampartConfig>
- </wsp:All>
- </wsp:ExactlyOne>
-</wsp:Policy>
-
-
-</service>
+</service>
</serviceGroup>
diff --git a/modules/rampart-samples/policy/sample06/policy.xml b/modules/rampart-samples/policy/sample06/policy.xml
index 010098b..24728d8 100755
--- a/modules/rampart-samples/policy/sample06/policy.xml
+++ b/modules/rampart-samples/policy/sample06/policy.xml
@@ -19,7 +19,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
@@ -58,9 +58,6 @@
<sp:RequireInternalReference/>
</wsp:Policy>
</sp:IssuedToken>
- <sp:SignedParts>
- <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
- </sp:SignedParts>
</wsp:Policy>
</sp:SupportingTokens>
<sp:SignedParts>
diff --git a/modules/rampart-samples/policy/sample06/services.xml b/modules/rampart-samples/policy/sample06/services.xml
index 2f8501a..b86f1fb 100755
--- a/modules/rampart-samples/policy/sample06/services.xml
+++ b/modules/rampart-samples/policy/sample06/services.xml
@@ -16,11 +16,11 @@
! limitations under the License.
!-->
<!-- services.xml of Sample 06 : Trust sample with mex -->
-<serviceGroup>
+<serviceGroup>
<service name="STS">
<module ref="rampart" />
- <module ref="addressing" />
- <module ref="rahas" />
+ <module ref="addressing" />
+ <module ref="rahas" />
<parameter name="saml-issuer-config">
<saml-issuer-config>
<issuerName>SAMPLE_STS</issuerName>
@@ -54,7 +54,7 @@
-->
<proofKeyType>BinarySecret</proofKeyType>
<trusted-services>
- <!-- <service alias="sts">http://localhost:8090/axis2/services/sample06/</service> -->
+ <!-- <service alias="sts">http://localhost:8090/axis2/services/sample06/</service> -->
<service alias="sts">*</service>
</trusted-services>
</saml-issuer-config>
@@ -118,136 +118,133 @@
<ramp:property name="org.apache.ws.security.crypto.merlin.file">sts.jks</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
</ramp:crypto>
- </ramp:signatureCrypto>
-
+ </ramp:signatureCrypto>
+
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
- </wsp:Policy>
+ </wsp:Policy>
+
+
+</service>
+<service name="sample06">
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample06.SimpleService</parameter>
+
+ <module ref="rampart" />
+ <module ref="addressing" />
+
+ <wsp:Policy wsu:Id="SgnOnlyAnonymous"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <Issuer xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <Address xmlns="http://www.w3.org/2005/08/addressing">http://localhost:8090/axis2/services/STS</Address>
+ <Metadata xmlns="http://www.w3.org/2005/08/addressing">
+ <mex:Metadata
+ xmlns:mex="http://schemas.xmlsoap.org/ws/2004/09/mex"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <mex:MetadataSection Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex">
+ <mex:MetadataReference>
+ <Address
+ xmlns="http://www.w3.org/2005/08/addressing">http://localhost:8080/axis2/services/mex</Address>
+ </mex:MetadataReference>
+ </mex:MetadataSection>
+ </mex:Metadata>
+ </Metadata>
+ </Issuer>
+ <sp:RequestSecurityTokenTemplate>
+ <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
+ <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey</t:KeyType>
+ <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize>
+ </sp:RequestSecurityTokenTemplate>
+ <wsp:Policy>
+ <sp:RequireInternalReference/>
+ </wsp:Policy>
+ </sp:IssuedToken>
+ </wsp:Policy>
+ </sp:SupportingTokens>
+ <sp:SignedParts>
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>service</ramp:user>
+ <ramp:encryptionUser>client</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample06.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
+
+</service>
+<service name="mex">
+
+ <operation name="get">
+ <actionMapping>http://schemas.xmlsoap.org/ws/2004/09/mex/GetMetadata/Request</actionMapping>
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample06.MexService</parameter>
+ </service>
-</service>
-<service name="sample06">
- <operation name="echo">
- <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
- </operation>
- <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample06.SimpleService</parameter>
-
- <module ref="rampart" />
- <module ref="addressing" />
-
- <wsp:Policy wsu:Id="SgnOnlyAnonymous"
- xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
- xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
- xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
- xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <wsp:ExactlyOne>
- <wsp:All>
- <sp:SymmetricBinding>
- <wsp:Policy>
- <sp:ProtectionToken>
- <wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
- <wsp:Policy>
- <sp:RequireThumbprintReference/>
- <sp:WssX509V3Token10/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:ProtectionToken>
- <sp:AlgorithmSuite>
- <wsp:Policy>
- <sp:Basic256/>
- </wsp:Policy>
- </sp:AlgorithmSuite>
- <sp:Layout>
- <wsp:Policy>
- <sp:Lax/>
- </wsp:Policy>
- </sp:Layout>
- <sp:IncludeTimestamp/>
- <sp:OnlySignEntireHeadersAndBody/>
- </wsp:Policy>
- </sp:SymmetricBinding>
- <sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <wsp:Policy>
- <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
- <Issuer xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <Address xmlns="http://www.w3.org/2005/08/addressing">http://localhost:8090/axis2/services/STS</Address>
- <Metadata xmlns="http://www.w3.org/2005/08/addressing">
- <mex:Metadata
- xmlns:mex="http://schemas.xmlsoap.org/ws/2004/09/mex"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <mex:MetadataSection Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex">
- <mex:MetadataReference>
- <Address
- xmlns="http://www.w3.org/2005/08/addressing">http://localhost:8080/axis2/services/mex</Address>
- </mex:MetadataReference>
- </mex:MetadataSection>
- </mex:Metadata>
- </Metadata>
- </Issuer>
- <sp:RequestSecurityTokenTemplate>
- <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
- <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey</t:KeyType>
- <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize>
- </sp:RequestSecurityTokenTemplate>
- <wsp:Policy>
- <sp:RequireInternalReference/>
- </wsp:Policy>
- </sp:IssuedToken>
- <sp:SignedParts>
- <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
- </sp:SignedParts>
- </wsp:Policy>
- </sp:SupportingTokens>
- <sp:SignedParts>
- <sp:Body/>
- </sp:SignedParts>
- <sp:Wss11>
- <wsp:Policy>
- <sp:MustSupportRefKeyIdentifier/>
- <sp:MustSupportRefIssuerSerial/>
- <sp:MustSupportRefThumbprint/>
- <sp:MustSupportRefEncryptedKey/>
- <sp:RequireSignatureConfirmation/>
- </wsp:Policy>
- </sp:Wss11>
- <sp:Trust10>
- <wsp:Policy>
- <sp:MustSupportIssuedTokens/>
- <sp:RequireClientEntropy/>
- <sp:RequireServerEntropy/>
- </wsp:Policy>
- </sp:Trust10>
- <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
- <ramp:user>service</ramp:user>
- <ramp:encryptionUser>client</ramp:encryptionUser>
- <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample06.PWCBHandler</ramp:passwordCallbackClass>
-
- <ramp:signatureCrypto>
- <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
- </ramp:crypto>
- </ramp:signatureCrypto>
- </ramp:RampartConfig>
- </wsp:All>
- </wsp:ExactlyOne>
-</wsp:Policy>
-
-</service>
-<service name="mex">
-
- <operation name="get">
- <actionMapping>http://schemas.xmlsoap.org/ws/2004/09/mex/GetMetadata/Request</actionMapping>
- <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
- </operation>
- <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample06.MexService</parameter>
-
- </service>
-
</serviceGroup>
diff --git a/modules/rampart-samples/policy/sample06/src/org/apache/rampart/samples/policy/sample06/MexService.java b/modules/rampart-samples/policy/sample06/src/org/apache/rampart/samples/policy/sample06/MexService.java
index 47d2786..2b8a12f 100644
--- a/modules/rampart-samples/policy/sample06/src/org/apache/rampart/samples/policy/sample06/MexService.java
+++ b/modules/rampart-samples/policy/sample06/src/org/apache/rampart/samples/policy/sample06/MexService.java
@@ -1,3 +1,19 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
package org.apache.rampart.samples.policy.sample06;
import java.io.File;
diff --git a/modules/rampart-samples/policy/sample08/README.txt b/modules/rampart-samples/policy/sample08/README.txt
new file mode 100644
index 0000000..e0ea5ce
--- /dev/null
+++ b/modules/rampart-samples/policy/sample08/README.txt
@@ -0,0 +1,8 @@
+WS-Trust - RST - Resquest Security Token Service - Issuing a SAML 2.0 token - issuing a token
+
+When using this sample with the TCPMon to monitor the soap messages, you have to use the
+correct URL in the client code before build the sample 08.
+
+You have to endorse the default JAXP implementation of your JDK before invoking this sample.
+Please follow the instructions available in the README.txt of this distribution to endorse
+the default JAXP implementation.
diff --git a/modules/documentation/src/site/resources/samples/policy/sample05.xml b/modules/rampart-samples/policy/sample08/policy.xml
similarity index 93%
copy from modules/documentation/src/site/resources/samples/policy/sample05.xml
copy to modules/rampart-samples/policy/sample08/policy.xml
index d16bca6..f1a09da 100644
--- a/modules/documentation/src/site/resources/samples/policy/sample05.xml
+++ b/modules/rampart-samples/policy/sample08/policy.xml
@@ -38,7 +38,7 @@
<Address xmlns="http://www.w3.org/2005/08/addressing">http://localhost:8080/axis2/services/STS</Address>
</Issuer>
<sp:RequestSecurityTokenTemplate>
- <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</t:TokenType>
+ <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType>
<t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType>
<t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize>
</sp:RequestSecurityTokenTemplate>
@@ -46,12 +46,10 @@
<sp:RequireInternalReference/>
</wsp:Policy>
</sp:IssuedToken>
- <sp:SignedParts>
- <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
- </sp:SignedParts>
</wsp:Policy>
</sp:SupportingTokens>
<sp:SignedParts>
+ <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Body/>
</sp:SignedParts>
<sp:Wss11>
@@ -72,4 +70,4 @@
</sp:Trust10>
</wsp:All>
</wsp:ExactlyOne>
-</wsp:Policy>
\ No newline at end of file
+</wsp:Policy>
diff --git a/modules/rampart-samples/policy/sample05/services.xml b/modules/rampart-samples/policy/sample08/services.xml
similarity index 52%
copy from modules/rampart-samples/policy/sample05/services.xml
copy to modules/rampart-samples/policy/sample08/services.xml
index dd0f5af..68a93a1 100644
--- a/modules/rampart-samples/policy/sample05/services.xml
+++ b/modules/rampart-samples/policy/sample08/services.xml
@@ -1,218 +1,116 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- !
- ! Copyright 2006 The Apache Software Foundation.
- !
- ! Licensed under the Apache License, Version 2.0 (the "License");
- ! you may not use this file except in compliance with the License.
- ! You may obtain a copy of the License at
- !
- ! http://www.apache.org/licenses/LICENSE-2.0
- !
- ! Unless required by applicable law or agreed to in writing, software
- ! distributed under the License is distributed on an "AS IS" BASIS,
- ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ! See the License for the specific language governing permissions and
- ! limitations under the License.
- !-->
-<!-- services.xml of Sample05 : WS Trust -->
-<serviceGroup>
-<service name="STS">
- <module ref="rampart" />
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml for STS of Sample06 : WS Trust -->
+
+<service name="STS">
+ <module ref="rampart" />
<module ref="addressing" />
<module ref="rahas" />
- <parameter name="saml-issuer-config">
- <saml-issuer-config>
- <issuerName>SAMPLE_STS</issuerName>
- <issuerKeyAlias>service</issuerKeyAlias>
- <issuerKeyPassword>apache</issuerKeyPassword>
- <cryptoProperties>
- <crypto provider="org.apache.ws.security.components.crypto.Merlin">
- <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
- <property name="org.apache.ws.security.crypto.merlin.file">service.jks</property>
- <property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</property>
- </crypto>
- </cryptoProperties>
- <timeToLive>300000</timeToLive>
- <keySize>256</keySize>
- <addRequestedAttachedRef />
- <addRequestedUnattachedRef />
-
- <!--
- Key computation mechanism
- 1 - Use Request Entropy
- 2 - Provide Entropy
- 3 - Use Own Key
- -->
- <keyComputation>2</keyComputation>
-
- <!--
- proofKeyType element is valid only if the keyComputation is set to 3
- i.e. Use Own Key
-
- Valid values are: EncryptedKey & BinarySecret
- -->
- <proofKeyType>BinarySecret</proofKeyType>
+ <parameter name="saml-issuer-config">
+ <saml-issuer-config>
+ <issuerName>SAMPLE_STS</issuerName>
+ <issuerKeyAlias>service</issuerKeyAlias>
+ <issuerKeyPassword>apache</issuerKeyPassword>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">service.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</property>
+ </crypto>
+ </cryptoProperties>
+ <timeToLive>300000</timeToLive>
+ <keySize>256</keySize>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>2</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
<trusted-services>
- <service alias="service">*</service>
- </trusted-services>
- </saml-issuer-config>
- </parameter>
-
- <wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
- <wsp:ExactlyOne>
- <wsp:All>
- <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <wsp:Policy>
- <sp:InitiatorToken>
- <wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
- <wsp:Policy>
- <sp:RequireThumbprintReference/>
- <sp:WssX509V3Token10/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:InitiatorToken>
- <sp:RecipientToken>
- <wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
- <wsp:Policy>
- <sp:RequireThumbprintReference/>
- <sp:WssX509V3Token10/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:RecipientToken>
- <sp:AlgorithmSuite>
- <wsp:Policy>
- <sp:TripleDesRsa15/>
- </wsp:Policy>
- </sp:AlgorithmSuite>
- <sp:Layout>
- <wsp:Policy>
- <sp:Strict/>
- </wsp:Policy>
- </sp:Layout>
- <sp:IncludeTimestamp/>
- <sp:OnlySignEntireHeadersAndBody/>
- </wsp:Policy>
- </sp:AsymmetricBinding>
- <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <wsp:Policy>
- <sp:MustSupportRefKeyIdentifier/>
- <sp:MustSupportRefIssuerSerial/>
- </wsp:Policy>
- </sp:Wss10>
- <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <sp:Body/>
- </sp:SignedParts>
-
- <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
- <ramp:user>service</ramp:user>
- <ramp:encryptionUser>client</ramp:encryptionUser>
- <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample05.PWCBHandler</ramp:passwordCallbackClass>
-
- <ramp:signatureCrypto>
- <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
- </ramp:crypto>
- </ramp:signatureCrypto>
+ <service alias="service">*</service>
+ </trusted-services>
+ </saml-issuer-config>
+ </parameter>
-
- </ramp:RampartConfig>
-
- </wsp:All>
- </wsp:ExactlyOne>
- </wsp:Policy>
-
-
-</service>
-<service name="sample05">
- <operation name="echo">
- <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
- </operation>
- <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample05.SimpleService</parameter>
-
- <module ref="rampart" />
- <module ref="addressing" />
-
- <wsp:Policy wsu:Id="SgnOnlyAnonymous"
- xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
- xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
- xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
- xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <wsp:ExactlyOne>
- <wsp:All>
- <sp:SymmetricBinding>
- <wsp:Policy>
- <sp:ProtectionToken>
- <wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
- <wsp:Policy>
- <sp:RequireThumbprintReference/>
- <sp:WssX509V3Token10/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:ProtectionToken>
- <sp:AlgorithmSuite>
- <wsp:Policy>
- <sp:Basic256/>
- </wsp:Policy>
- </sp:AlgorithmSuite>
- <sp:Layout>
- <wsp:Policy>
- <sp:Lax/>
- </wsp:Policy>
- </sp:Layout>
- <sp:IncludeTimestamp/>
- <sp:OnlySignEntireHeadersAndBody/>
- </wsp:Policy>
- </sp:SymmetricBinding>
- <sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
- <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
- <Issuer xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <Address xmlns="http://www.w3.org/2005/08/addressing">https://kirillgdev04/Security_Federation_SecurityTokenService_Indigo/Symmetric.svc/Scenario_1_IssuedTokenOverTransport_UsernameOverTransport</Address>
- </Issuer>
- <sp:RequestSecurityTokenTemplate>
- <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
- <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType>
- <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize>
- </sp:RequestSecurityTokenTemplate>
+ <sp:InitiatorToken>
<wsp:Policy>
- <sp:RequireInternalReference/>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
</wsp:Policy>
- </sp:IssuedToken>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
</wsp:Policy>
- </sp:SupportingTokens>
- <sp:SignedParts>
- <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:Body/>
- </sp:SignedParts>
- <sp:Wss11>
- <wsp:Policy>
- <sp:MustSupportRefKeyIdentifier/>
- <sp:MustSupportRefIssuerSerial/>
- <sp:MustSupportRefThumbprint/>
- <sp:MustSupportRefEncryptedKey/>
- <sp:RequireSignatureConfirmation/>
- </wsp:Policy>
- </sp:Wss11>
- <sp:Trust10>
- <wsp:Policy>
- <sp:MustSupportIssuedTokens/>
- <sp:RequireClientEntropy/>
- <sp:RequireServerEntropy/>
- </wsp:Policy>
- </sp:Trust10>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>service</ramp:user>
<ramp:encryptionUser>client</ramp:encryptionUser>
- <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample05.PWCBHandler</ramp:passwordCallbackClass>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample08.PWCBHandler</ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
@@ -221,11 +119,9 @@
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
- </ramp:RampartConfig>
- </wsp:All>
- </wsp:ExactlyOne>
-</wsp:Policy>
-
-
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
</service>
-</serviceGroup>
+
diff --git a/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/Client.java b/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/Client.java
new file mode 100644
index 0000000..79822c2
--- /dev/null
+++ b/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/Client.java
@@ -0,0 +1,94 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample08;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axiom.soap.SOAP12Constants;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.Token;
+import org.apache.rahas.TokenStorage;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.rahas.client.STSClient;
+import org.apache.rampart.RampartMessageData;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.opensaml.XML;
+
+import javax.xml.namespace.QName;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 3) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path policy_xml_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], null);
+
+ STSClient stsClient = new STSClient(ctx);
+
+ stsClient.setRstTemplate(getRSTTemplate());
+ String action = TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE);
+ stsClient.setAction(action);
+
+ Token responseToken = stsClient.requestSecurityToken(loadPolicy("sample08/policy.xml"), "http://localhost:8080/axis2/services/STS", loadPolicy("sample08/sts_policy.xml"), null);
+
+ System.out.println("\n############################# Requested SAML 2.0 Token ###################################\n");
+ System.out.println(responseToken.getToken().toString());
+ System.out.println("\n##########################################################################################\n");
+
+
+ }
+
+ private static Policy loadPolicy(String xmlPath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
+ return PolicyEngine.getPolicy(builder.getDocumentElement());
+ }
+
+ private static OMElement getSAMLToken(OMElement resp) {
+ OMElement rst = resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ return elem;
+ }
+
+
+ private static OMElement getRSTTemplate() throws Exception {
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+ OMElement elem = fac.createOMElement(SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE);
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, elem).setText(RahasConstants.TOK_TYPE_SAML_20);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02, elem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, elem, 256);
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/PWCBHandler.java b/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/PWCBHandler.java
new file mode 100644
index 0000000..dd71409
--- /dev/null
+++ b/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/PWCBHandler.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample08;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/SimpleService.java b/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/SimpleService.java
new file mode 100644
index 0000000..57cdcc7
--- /dev/null
+++ b/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/SimpleService.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.rampart.samples.policy.sample08;
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/2.xml b/modules/rampart-samples/policy/sample08/sts_policy.xml
similarity index 65%
copy from modules/rampart-integration/src/test/resources/rampart/policy/2.xml
copy to modules/rampart-samples/policy/sample08/sts_policy.xml
index a3bf1bb..39d3974 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/2.xml
+++ b/modules/rampart-samples/policy/sample08/sts_policy.xml
@@ -1,69 +1,83 @@
-<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
- <wsp:ExactlyOne>
- <wsp:All>
- <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <wsp:Policy>
- <sp:InitiatorToken>
- <wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
- <wsp:Policy>
- <sp:WssX509V3Token10/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:InitiatorToken>
- <sp:RecipientToken>
- <wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
- <wsp:Policy>
- <sp:WssX509V3Token10/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:RecipientToken>
- <sp:AlgorithmSuite>
- <wsp:Policy>
- <sp:Basic256/>
- </wsp:Policy>
- </sp:AlgorithmSuite>
- <sp:Layout>
- <wsp:Policy>
- <sp:Strict/>
- </wsp:Policy>
- </sp:Layout>
- <sp:IncludeTimestamp/>
- <sp:OnlySignEntireHeadersAndBody/>
- </wsp:Policy>
- </sp:AsymmetricBinding>
- <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <wsp:Policy>
- <sp:MustSupportRefKeyIdentifier/>
- <sp:MustSupportRefIssuerSerial/>
- </wsp:Policy>
- </sp:Wss10>
- <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <sp:Body/>
- </sp:SignedParts>
- <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
- <ramp:user>alice</ramp:user>
- <ramp:encryptionUser>bob</ramp:encryptionUser>
- <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
-
- <ramp:signatureCrypto>
- <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
- </ramp:crypto>
- </ramp:signatureCrypto>
- <ramp:encryptionCypto>
- <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
- </ramp:crypto>
- </ramp:encryptionCypto>
- </ramp:RampartConfig>
- </wsp:All>
- </wsp:ExactlyOne>
-</wsp:Policy>
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>client</ramp:user>
+ <ramp:encryptionUser>service</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample08.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-tests/src/test/java/org/apache/rahas/SimpleTokenStoreTest.java b/modules/rampart-tests/src/test/java/org/apache/rahas/SimpleTokenStoreTest.java
index e824232..39494e5 100644
--- a/modules/rampart-tests/src/test/java/org/apache/rahas/SimpleTokenStoreTest.java
+++ b/modules/rampart-tests/src/test/java/org/apache/rahas/SimpleTokenStoreTest.java
@@ -16,11 +16,19 @@
package org.apache.rahas;
-import junit.framework.TestCase;
+import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
+import junit.framework.TestCase;
+
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
import java.util.Date;
public class SimpleTokenStoreTest extends TestCase {
@@ -30,8 +38,7 @@ public class SimpleTokenStoreTest extends TestCase {
try {
store.add(getTestToken("id-1"));
} catch (TrustException e) {
- fail("Adding a new token to an empty store should not fail, " +
- "message : " + e.getMessage());
+ fail("Adding a new token to an empty store should not fail, " + "message : " + e.getMessage());
}
Token token = null;
try {
@@ -40,8 +47,7 @@ public class SimpleTokenStoreTest extends TestCase {
fail("Adding an existing token must throw an exception");
} catch (TrustException e) {
assertEquals("Incorrect exception message",
- TrustException.getMessage("tokenAlreadyExists",
- new String[]{token.getId()}), e.getMessage());
+ TrustException.getMessage("tokenAlreadyExists", new String[]{token.getId()}), e.getMessage());
}
}
@@ -76,9 +82,8 @@ public class SimpleTokenStoreTest extends TestCase {
store.update(token1);
fail("An exception must be thrown at this point : noTokenToUpdate");
} catch (TrustException e) {
- assertEquals("Incorrect exception message", TrustException
- .getMessage("noTokenToUpdate", new String[]{token1
- .getId()}), e.getMessage());
+ assertEquals("Incorrect exception message",
+ TrustException.getMessage("noTokenToUpdate", new String[]{token1.getId()}), e.getMessage());
}
try {
store.add(token1);
@@ -133,11 +138,13 @@ public class SimpleTokenStoreTest extends TestCase {
}
}
- private Token getTestToken(String tokenId) throws TrustException {
+ private Token getTestToken(String tokenId)
+ throws TrustException {
return getTestToken(tokenId, new Date());
}
- private Token getTestToken(String tokenId, Date expiry) throws TrustException {
+ private Token getTestToken(String tokenId, Date expiry)
+ throws TrustException {
OMFactory factory = DOOMAbstractFactory.getOMFactory();
OMElement tokenEle = factory.createOMElement("testToken", "", "");
Token token = new Token(tokenId, tokenEle, new Date(), expiry);
@@ -147,4 +154,48 @@ public class SimpleTokenStoreTest extends TestCase {
token.setSecret("Top secret!".getBytes());
return token;
}
+
+ public void testSerialize()
+ throws Exception {
+ String fileName = "test.ser";
+
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns1 = factory.createOMNamespace("bar", "x");
+ OMElement elt11 = factory.createOMElement("foo1", ns1);
+
+ Token t = new Token("#1232122", elt11, new Date(), new Date());
+
+ SimpleTokenStore store = new SimpleTokenStore();
+ store.add(t);
+
+ FileOutputStream fos = null;
+ ObjectOutputStream out = null;
+
+ try {
+ fos = new FileOutputStream(fileName);
+ out = new ObjectOutputStream(fos);
+ out.writeObject(store);
+ } finally {
+ out.close();
+ }
+
+ SimpleTokenStore store2 = null;
+ FileInputStream fis = null;
+ ObjectInputStream in = null;
+ try {
+ fis = new FileInputStream(fileName);
+ in = new ObjectInputStream(fis);
+ store2 = (SimpleTokenStore)in.readObject();
+ in.close();
+ } catch (IOException ex) {
+ ex.printStackTrace();
+ } catch (ClassNotFoundException ex) {
+ ex.printStackTrace();
+ }
+
+ assertEquals(store.getToken("#1232122").getId(), store2.getToken("#1232122").getId());
+ assertEquals(store.getToken("#1232122").getCreated(), store2.getToken("#1232122").getCreated());
+
+ }
+
}
diff --git a/modules/rampart-tests/src/test/java/org/apache/rampart/MessageBuilderTestBase.java b/modules/rampart-tests/src/test/java/org/apache/rampart/MessageBuilderTestBase.java
index 0bc5d94..ba416da 100644
--- a/modules/rampart-tests/src/test/java/org/apache/rampart/MessageBuilderTestBase.java
+++ b/modules/rampart-tests/src/test/java/org/apache/rampart/MessageBuilderTestBase.java
@@ -19,6 +19,8 @@ package org.apache.rampart;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.soap.SOAP11Constants;
+import org.apache.axiom.soap.SOAP12Constants;
import org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder;
import org.apache.axis2.AxisFault;
import org.apache.axis2.client.Options;
@@ -63,8 +65,28 @@ public class MessageBuilderTestBase extends TestCase {
* @throws AxisFault
*/
protected MessageContext getMsgCtx() throws Exception {
+ return initMsgCtxFromMessage("test-resources/policy/soapmessage.xml");
+ }
+
+ /**
+ * Return a message context initialized with a SOAP 1.2 message.
+ *
+ * @throws XMLStreamException
+ * @throws FactoryConfigurationError
+ * @throws AxisFault
+ */
+ protected MessageContext getMsgCtx12() throws Exception {
+ return initMsgCtxFromMessage("test-resources/policy/soapmessage.xml");
+ }
+
+ /**
+ * @throws XMLStreamException
+ * @throws FactoryConfigurationError
+ * @throws AxisFault
+ */
+ private MessageContext initMsgCtxFromMessage(String messageResource) throws Exception {
MessageContext ctx = new MessageContext();
-
+
AxisConfiguration axisConfiguration = new AxisConfiguration();
AxisService axisService = new AxisService("TestService");
axisConfiguration.addService(axisService);
@@ -88,7 +110,7 @@ public class MessageBuilderTestBase extends TestCase {
XMLStreamReader reader =
XMLInputFactory.newInstance().
- createXMLStreamReader(new FileInputStream("test-resources/policy/soapmessage.xml"));
+ createXMLStreamReader(new FileInputStream(messageResource));
ctx.setEnvelope(new StAXSOAPModelBuilder(reader, null).getSOAPEnvelope());
return ctx;
}
@@ -121,4 +143,15 @@ public class MessageBuilderTestBase extends TestCase {
}
}
+ public String getContentTypeForEnvelope(SOAPEnvelope env) {
+ String contentType = SOAP11Constants.SOAP_11_CONTENT_TYPE; //default
+ if (SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI.equals(env.getNamespace().getNamespaceURI())) {
+ contentType = SOAP11Constants.SOAP_11_CONTENT_TYPE;
+ }
+ else if (SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI.equals(env.getNamespace().getNamespaceURI())) {
+ contentType = SOAP12Constants.SOAP_12_CONTENT_TYPE;
+ }
+ return contentType;
+ }
+
}
diff --git a/modules/rampart-tests/src/test/java/org/apache/rampart/NonceCacheTest.java b/modules/rampart-tests/src/test/java/org/apache/rampart/NonceCacheTest.java
new file mode 100644
index 0000000..3722b7f
--- /dev/null
+++ b/modules/rampart-tests/src/test/java/org/apache/rampart/NonceCacheTest.java
@@ -0,0 +1,75 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import junit.framework.TestCase;
+
+/**
+ * Created by IntelliJ IDEA.
+ * User: aj
+ * Date: Apr 30, 2010
+ * Time: 4:15:20 PM
+ * To change this template use File | Settings | File Templates.
+ */
+public class NonceCacheTest extends TestCase {
+
+ public NonceCacheTest(String name) {
+ super(name);
+ }
+
+ public void testAddToCache() throws Exception {
+
+ UniqueMessageAttributeCache cache = new NonceCache();
+
+ cache.addToCache("j8EqKYJ/CxOZfN8CySMm0g==", "apache");
+ cache.addToCache("j8EqKYJ/CxOdfN8CySMm0g==", "apache");
+ cache.addToCache("j8EqKYJ/CxOhfN8CySMm0g==", "apache");
+ }
+
+ public void testValueExistsInCache() throws Exception{
+
+ UniqueMessageAttributeCache cache = new NonceCache();
+
+ cache.addToCache("j8EqKYJ/CxOZfN8CySMm0g==", "apache");
+ cache.addToCache("j8EqKYJ/CxOdfN8CySMm0g==", "apache");
+ cache.addToCache("j8EqKYJ/CxOhfN8CySMm0g==", "apache");
+
+ boolean returnValue1 = cache.valueExistsInCache("j8EqKYJ/CxOZfN8CySMm0g==", "apache");
+ assertTrue("nonce - j8EqKYJ/CxOZfN8CySMm0g== and apache must exists in the cache", returnValue1);
+
+ boolean returnValue2 = cache.valueExistsInCache("p8EqKYJ/CxOZfN8CySMm0g==", "apache");
+ assertFalse("nonce - p8EqKYJ/CxOZfN8CySMm0g== and apache should not be in the cache", returnValue2);
+ }
+
+ public void testValueExpiration() throws Exception{
+
+ UniqueMessageAttributeCache cache = new NonceCache();
+
+ cache.addToCache("j8EqKYJ/CxOZfN8CySMm0g==", "apache");
+ cache.addToCache("j8EqKYJ/CxOdfN8CySMm0p==", "apache");
+ cache.addToCache("q8EqKYJ/CxOhfN8CySMm0g==", "apache");
+
+ cache.setMaximumLifeTimeOfAnAttribute(1);
+
+ boolean returnValue1 = cache.valueExistsInCache("j8EqKYJ/CxOZfN8CySMm0g==", "apache");
+ assertTrue("nonce - j8EqKYJ/CxOZfN8CySMm0g== and apache must exists in the cache", returnValue1);
+
+ Thread.sleep(2 * 1000);
+
+ returnValue1 = cache.valueExistsInCache("j8EqKYJ/CxOZfN8CySMm0g==", "apache");
+ assertFalse("nonce - j8EqKYJ/CxOZfN8CySMm0g== and apache must not exists in the cache", returnValue1);
+
+ }
+}
diff --git a/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java b/modules/rampart-tests/src/test/java/org/apache/rampart/PolicyAssertionsTest.java
similarity index 54%
copy from modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java
copy to modules/rampart-tests/src/test/java/org/apache/rampart/PolicyAssertionsTest.java
index 4f42405..5d5a8ed 100644
--- a/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java
+++ b/modules/rampart-tests/src/test/java/org/apache/rampart/PolicyAssertionsTest.java
@@ -1,61 +1,60 @@
-/*
- * Copyright 2004,2005 The Apache Software Foundation.
- *
+/*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
package org.apache.rampart;
-import java.io.ByteArrayInputStream;
-import java.util.Vector;
-
-import org.apache.axiom.om.OMElement;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axis2.builder.SOAPBuilder;
import org.apache.axis2.context.MessageContext;
-import org.apache.axis2.engine.AxisEngine;
import org.apache.neethi.Policy;
-import org.apache.rampart.util.Axis2Util;
-public class RampartEngineTest extends MessageBuilderTestBase {
+import java.io.ByteArrayInputStream;
+
+public class PolicyAssertionsTest extends MessageBuilderTestBase {
- public RampartEngineTest(String name) {
+ public PolicyAssertionsTest(String name) {
super(name);
}
- public void testEmptySOAPMessage() throws Exception {
+ public void testRequiredElementsValid() throws Exception {
- try {
- MessageContext ctx = getMsgCtx();
+ MessageContext ctx = getMsgCtx();
- String policyXml = "test-resources/policy/rampart-asymm-binding-6-3des-r15.xml";
- Policy policy = this.loadPolicy(policyXml);
+ String policyXml = "test-resources/policy/rampart-asymm-required-elements.xml";
+ Policy policy = loadPolicy(policyXml);
- ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ // Building the SOAP envelope from the OMElement
+ SOAPBuilder soapBuilder = new SOAPBuilder();
+ SOAPEnvelope env = ctx.getEnvelope();
+ ByteArrayInputStream inStream = new ByteArrayInputStream(env.toString().getBytes());
+ env = (SOAPEnvelope) soapBuilder.processDocument(inStream, "text/xml", ctx);
+ ctx.setEnvelope(env);
+
+ RampartEngine engine = new RampartEngine();
+ engine.process(ctx);
- RampartEngine engine = new RampartEngine();
- engine.process(ctx);
- } catch (RampartException e) {
- assertEquals("Expected rampart to complain about missing security header",
- "Missing wsse:Security header in request", e.getMessage());
- }
}
- public void testValidSOAPMessage() throws Exception {
+ public void testRequiredElementsInvalid() throws Exception {
MessageContext ctx = getMsgCtx();
- String policyXml = "test-resources/policy/rampart-asymm-binding-6-3des-r15.xml";
+ String policyXml = "test-resources/policy/rampart-asymm-required-elements-2.xml";
Policy policy = loadPolicy(policyXml);
ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
@@ -71,7 +70,14 @@ public class RampartEngineTest extends MessageBuilderTestBase {
ctx.setEnvelope(env);
RampartEngine engine = new RampartEngine();
- engine.process(ctx);
+
+ try {
+ engine.process(ctx);
+ fail(" This should have thrown RampartException: " +
+ "Required Elements not found in the incoming message : wsrm:Sequence");
+ } catch (RampartException expected) {
+ // Ignore intentionally as the test is supposed to throw an exception
+ }
}
}
diff --git a/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java b/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java
index 4f42405..f3ed510 100644
--- a/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java
+++ b/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java
@@ -18,14 +18,23 @@ package org.apache.rampart;
import java.io.ByteArrayInputStream;
import java.util.Vector;
+import java.util.ArrayList;
+import java.security.cert.X509Certificate;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axis2.builder.SOAPBuilder;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.engine.AxisEngine;
+import org.apache.axis2.namespace.Constants;
import org.apache.neethi.Policy;
import org.apache.rampart.util.Axis2Util;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.handler.WSHandlerConstants;
+
+import javax.xml.namespace.QName;
public class RampartEngineTest extends MessageBuilderTestBase {
@@ -45,9 +54,10 @@ public class RampartEngineTest extends MessageBuilderTestBase {
RampartEngine engine = new RampartEngine();
engine.process(ctx);
- } catch (RampartException e) {
+ }
+ catch (RampartException e) {
assertEquals("Expected rampart to complain about missing security header",
- "Missing wsse:Security header in request", e.getMessage());
+ "Missing wsse:Security header in request", e.getMessage());
}
}
@@ -64,14 +74,74 @@ public class RampartEngineTest extends MessageBuilderTestBase {
builder.build(ctx);
// Building the SOAP envelope from the OMElement
+ buildSOAPEnvelope(ctx);
+
+ RampartEngine engine = new RampartEngine();
+ Vector results = engine.process(ctx);
+
+ /*
+ The principle purpose of the test case is to verify that the above processes
+ without throwing an exception. However, perform a minimal amount of validation on the
+ results.
+ */
+ assertNotNull("RampartEngine returned null result", results);
+ //verify cert was stored
+ X509Certificate usedCert = null;
+ for (int i = 0; i < results.size(); i++) {
+ WSSecurityEngineResult wser = (WSSecurityEngineResult) results.get(i);
+ Integer action = (Integer) wser.get(WSSecurityEngineResult.TAG_ACTION);
+ if (action.intValue() == WSConstants.SIGN) {
+ //the result is for the signature, which contains the used certificate
+ usedCert = (X509Certificate) wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+ break;
+ }
+ }
+ assertNotNull("Result of processing did not include a certificate", usedCert);
+ }
+
+ public void testValidSOAP12Message() throws Exception {
+
+ MessageContext ctx = getMsgCtx12();
+
+ String policyXml = "test-resources/policy/rampart-asymm-binding-6-3des-r15.xml";
+ Policy policy = loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ // Building the SOAP envelope from the OMElement
+ buildSOAPEnvelope(ctx);
+
+ RampartEngine engine = new RampartEngine();
+ Vector results = engine.process(ctx);
+
+ /*
+ The principle purpose of the test case is to verify that the above processes
+ without throwing an exception. However, perform a minimal amount of validation on the
+ results.
+ */
+ assertNotNull("RampartEngine returned null result", results);
+ //verify cert was stored
+ X509Certificate usedCert = null;
+ for (int i = 0; i < results.size(); i++) {
+ WSSecurityEngineResult wser = (WSSecurityEngineResult) results.get(i);
+ Integer action = (Integer) wser.get(WSSecurityEngineResult.TAG_ACTION);
+ if (action.intValue() == WSConstants.SIGN) {
+ //the result is for the signature, which contains the used certificate
+ usedCert = (X509Certificate) wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+ break;
+ }
+ }
+ assertNotNull("Result of processing did not include a certificate", usedCert);
+ }
+
+ private void buildSOAPEnvelope(MessageContext ctx) throws Exception {
SOAPBuilder soapBuilder = new SOAPBuilder();
SOAPEnvelope env = ctx.getEnvelope();
ByteArrayInputStream inStream = new ByteArrayInputStream(env.toString().getBytes());
- env = (SOAPEnvelope) soapBuilder.processDocument(inStream, "text/xml", ctx);
+ env = (SOAPEnvelope) soapBuilder.processDocument(inStream, getContentTypeForEnvelope(env), ctx);
ctx.setEnvelope(env);
-
- RampartEngine engine = new RampartEngine();
- engine.process(ctx);
-
}
}
diff --git a/modules/rampart-tests/test-resources/policy-asymm-binding.xml b/modules/rampart-tests/test-resources/policy-asymm-binding.xml
index aae3ea5..b73a944 100644
--- a/modules/rampart-tests/test-resources/policy-asymm-binding.xml
+++ b/modules/rampart-tests/test-resources/policy-asymm-binding.xml
@@ -23,7 +23,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-tests/test-resources/policy-symm-binding.xml b/modules/rampart-tests/test-resources/policy-symm-binding.xml
index de8bd5b..36ce0e0 100644
--- a/modules/rampart-tests/test-resources/policy-symm-binding.xml
+++ b/modules/rampart-tests/test-resources/policy-symm-binding.xml
@@ -16,7 +16,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-tests/test-resources/policy-transport-binding.xml b/modules/rampart-tests/test-resources/policy-transport-binding.xml
index a74b444..c2bb0f6 100644
--- a/modules/rampart-tests/test-resources/policy-transport-binding.xml
+++ b/modules/rampart-tests/test-resources/policy-transport-binding.xml
@@ -10,7 +10,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-1.xml b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-1.xml
index 3930028..11eea3c 100644
--- a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-1.xml
+++ b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-1.xml
@@ -23,7 +23,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-2-sig-dk.xml b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-2-sig-dk.xml
index b2102da..f7c7384 100644
--- a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-2-sig-dk.xml
+++ b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-2-sig-dk.xml
@@ -24,7 +24,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-3-dk.xml b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-3-dk.xml
index 8d648b2..abb0712 100644
--- a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-3-dk.xml
+++ b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-3-dk.xml
@@ -25,7 +25,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml
index 55cbb13..50c796e 100644
--- a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml
+++ b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml
@@ -25,7 +25,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-5-ebs.xml b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-5-ebs.xml
index fd66030..f5f74e5 100644
--- a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-5-ebs.xml
+++ b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-5-ebs.xml
@@ -23,7 +23,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/28.xml b/modules/rampart-tests/test-resources/policy/rampart-asymm-required-elements-2.xml
similarity index 58%
copy from modules/rampart-integration/src/test/resources/rampart/policy/28.xml
copy to modules/rampart-tests/test-resources/policy/rampart-asymm-required-elements-2.xml
index a5fd12b..ea8b0a7 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/28.xml
+++ b/modules/rampart-tests/test-resources/policy/rampart-asymm-required-elements-2.xml
@@ -1,34 +1,25 @@
-<wsp:Policy wsu:Id="SigOnly"
+<wsp:Policy wsu:Id="policy2"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
- xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
- <!--No timestamp test-->
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl">
<wsp:ExactlyOne>
<wsp:All>
- <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
- <sp:InitiatorToken>
- <wsp:Policy>
- <sp:X509Token
- sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
- <wsp:Policy>
- <sp:WssX509V3Token10/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:InitiatorToken>
- <sp:RecipientToken>
+ <sp:ProtectionToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
+ <sp:RequireThumbprintReference/>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
- </sp:RecipientToken>
+ </sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
@@ -36,26 +27,43 @@
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
+ <sp:IncludeTimestamp/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
- </sp:AsymmetricBinding>
- <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ </sp:SymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
</wsp:Policy>
- </sp:Wss10>
+ </sp:Wss11>
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
+ <sp:Header Name="To" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="From" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="FaultTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="ReplyTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="MessageID" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="RelatesTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="Action" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
</sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:RequiredElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:XPath xmlns:wsrm="http://docs.oasis-open.org/ws-rx/wsrm/200702">wsrm:Sequence</sp:XPath>
+ </sp:RequiredElements>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>alice</ramp:user>
<ramp:encryptionUser>bob</ramp:encryptionUser>
- <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
<ramp:signatureCrypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks
</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
</ramp:property>
@@ -64,7 +72,7 @@
<ramp:encryptionCypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks
</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
</ramp:property>
@@ -73,4 +81,4 @@
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
-</wsp:Policy>
+</wsp:Policy>
\ No newline at end of file
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/28.xml b/modules/rampart-tests/test-resources/policy/rampart-asymm-required-elements.xml
similarity index 58%
copy from modules/rampart-integration/src/test/resources/rampart/policy/28.xml
copy to modules/rampart-tests/test-resources/policy/rampart-asymm-required-elements.xml
index a5fd12b..ee8d017 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/28.xml
+++ b/modules/rampart-tests/test-resources/policy/rampart-asymm-required-elements.xml
@@ -1,34 +1,25 @@
-<wsp:Policy wsu:Id="SigOnly"
+<wsp:Policy wsu:Id="policy2"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
- xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
- <!--No timestamp test-->
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl">
<wsp:ExactlyOne>
<wsp:All>
- <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
- <sp:InitiatorToken>
- <wsp:Policy>
- <sp:X509Token
- sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
- <wsp:Policy>
- <sp:WssX509V3Token10/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:InitiatorToken>
- <sp:RecipientToken>
+ <sp:ProtectionToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
+ <sp:RequireThumbprintReference/>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
- </sp:RecipientToken>
+ </sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
@@ -36,26 +27,43 @@
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
+ <sp:IncludeTimestamp/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
- </sp:AsymmetricBinding>
- <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ </sp:SymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
</wsp:Policy>
- </sp:Wss10>
+ </sp:Wss11>
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
+ <sp:Header Name="To" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="From" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="FaultTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="ReplyTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="MessageID" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="RelatesTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="Action" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
</sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:RequiredElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:XPath xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">wsa:To</sp:XPath>
+ </sp:RequiredElements>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>alice</ramp:user>
<ramp:encryptionUser>bob</ramp:encryptionUser>
- <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
<ramp:signatureCrypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks
</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
</ramp:property>
@@ -64,7 +72,7 @@
<ramp:encryptionCypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks
</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
</ramp:property>
@@ -73,4 +81,4 @@
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
-</wsp:Policy>
+</wsp:Policy>
\ No newline at end of file
diff --git a/modules/rampart-tests/test-resources/policy/rampart-symm-binding-1.xml b/modules/rampart-tests/test-resources/policy/rampart-symm-binding-1.xml
index e5fd9f7..c877e10 100644
--- a/modules/rampart-tests/test-resources/policy/rampart-symm-binding-1.xml
+++ b/modules/rampart-tests/test-resources/policy/rampart-symm-binding-1.xml
@@ -15,7 +15,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-symm-binding-2-dk.xml b/modules/rampart-tests/test-resources/policy/rampart-symm-binding-2-dk.xml
index 20300e7..8605d4e 100644
--- a/modules/rampart-tests/test-resources/policy/rampart-symm-binding-2-dk.xml
+++ b/modules/rampart-tests/test-resources/policy/rampart-symm-binding-2-dk.xml
@@ -16,7 +16,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-symm-binding-3-dk-es.xml b/modules/rampart-tests/test-resources/policy/rampart-symm-binding-3-dk-es.xml
index 92d2fd4..50593c3 100644
--- a/modules/rampart-tests/test-resources/policy/rampart-symm-binding-3-dk-es.xml
+++ b/modules/rampart-tests/test-resources/policy/rampart-symm-binding-3-dk-es.xml
@@ -16,7 +16,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-symm-binding-4-ebs.xml b/modules/rampart-tests/test-resources/policy/rampart-symm-binding-4-ebs.xml
index 3433513..19bd768 100644
--- a/modules/rampart-tests/test-resources/policy/rampart-symm-binding-4-ebs.xml
+++ b/modules/rampart-tests/test-resources/policy/rampart-symm-binding-4-ebs.xml
@@ -15,7 +15,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-symm-binding-5-dk-ebs.xml b/modules/rampart-tests/test-resources/policy/rampart-symm-binding-5-dk-ebs.xml
index bb3564b..a24e038 100644
--- a/modules/rampart-tests/test-resources/policy/rampart-symm-binding-5-dk-ebs.xml
+++ b/modules/rampart-tests/test-resources/policy/rampart-symm-binding-5-dk-ebs.xml
@@ -16,7 +16,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-transport-binding-dk.xml b/modules/rampart-tests/test-resources/policy/rampart-transport-binding-dk.xml
index f84ada7..23b6a66 100644
--- a/modules/rampart-tests/test-resources/policy/rampart-transport-binding-dk.xml
+++ b/modules/rampart-tests/test-resources/policy/rampart-transport-binding-dk.xml
@@ -10,7 +10,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-transport-binding-no-bst.xml b/modules/rampart-tests/test-resources/policy/rampart-transport-binding-no-bst.xml
index a9c407b..f3888cc 100644
--- a/modules/rampart-tests/test-resources/policy/rampart-transport-binding-no-bst.xml
+++ b/modules/rampart-tests/test-resources/policy/rampart-transport-binding-no-bst.xml
@@ -10,7 +10,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-transport-binding.xml b/modules/rampart-tests/test-resources/policy/rampart-transport-binding.xml
index 0ba03af..3a01731 100644
--- a/modules/rampart-tests/test-resources/policy/rampart-transport-binding.xml
+++ b/modules/rampart-tests/test-resources/policy/rampart-transport-binding.xml
@@ -10,7 +10,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/EncryptedKeyToken.java b/modules/rampart-trust/src/main/java/org/apache/rahas/EncryptedKeyToken.java
index aab11b6..c20abbb 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/EncryptedKeyToken.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/EncryptedKeyToken.java
@@ -16,6 +16,9 @@
package org.apache.rahas;
+import java.io.IOException;
+import java.io.ObjectInput;
+import java.io.ObjectOutput;
import java.util.Date;
import org.apache.axiom.om.OMElement;
@@ -35,6 +38,10 @@ public class EncryptedKeyToken extends Token {
* SHA1 value of the encrypted key
*/
private String sha;
+
+ public EncryptedKeyToken(){
+ super();
+ }
public EncryptedKeyToken (String id,Date created, Date expires) {
super(id,created,expires);
@@ -59,4 +66,20 @@ public class EncryptedKeyToken extends Token {
return sha;
}
+ public void writeExternal(ObjectOutput out)
+ throws IOException {
+
+ super.writeExternal(out);
+ out.writeObject(this.sha);
+ }
+
+ public void readExternal(ObjectInput in)
+ throws ClassNotFoundException, IOException {
+
+ super.readExternal(in);
+ this.sha = (String)in.readObject();
+
+ }
+
+
}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java b/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java
index 2457621..894a0da 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java
@@ -334,6 +334,8 @@ public class RahasData {
SecurityTokenReference str = new SecurityTokenReference((Element)elem);
if (str.containsReference()) {
tokenId = str.getReference().getURI();
+ } else if(str.containsKeyIdentifier()){
+ tokenId = str.getKeyIdentifierValue();
}
} catch (WSSecurityException e) {
throw new TrustException("errorExtractingTokenId",e);
@@ -358,6 +360,13 @@ public class RahasData {
SecurityTokenReference str = new SecurityTokenReference((Element)elem);
if (str.containsReference()) {
tokenId = str.getReference().getURI();
+ } else if(str.containsKeyIdentifier()){
+ tokenId = str.getKeyIdentifierValue();
+ }
+ if(tokenId == null){
+ if(str.containsKeyIdentifier()){
+ tokenId = str.getKeyIdentifierValue();
+ }
}
} catch (WSSecurityException e) {
throw new TrustException("errorExtractingTokenId",e);
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/SimpleTokenStore.java b/modules/rampart-trust/src/main/java/org/apache/rahas/SimpleTokenStore.java
index f56bcdc..7293bd5 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/SimpleTokenStore.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/SimpleTokenStore.java
@@ -21,6 +21,8 @@ import org.apache.ws.security.WSConstants;
import org.apache.ws.security.message.token.Reference;
import javax.xml.namespace.QName;
+
+import java.io.Serializable;
import java.util.*;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
@@ -29,7 +31,7 @@ import java.util.concurrent.locks.ReentrantReadWriteLock;
/**
* In-memory implementation of the token storage
*/
-public class SimpleTokenStore implements TokenStorage {
+public class SimpleTokenStore implements TokenStorage, Serializable {
protected Map tokens = new Hashtable();
@@ -185,8 +187,7 @@ public class SimpleTokenStore implements TokenStorage {
} finally {
readLock.unlock();
- }
-
+ }
return token;
}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java b/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java
index 019c3e2..8907d35 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java
@@ -18,164 +18,169 @@ package org.apache.rahas;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMException;
+import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.util.XmlSchemaDateFormat;
import javax.xml.namespace.QName;
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamReader;
+import java.io.ByteArrayInputStream;
+import java.io.Externalizable;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.ObjectInput;
+import java.io.ObjectOutput;
+import java.io.Reader;
+import java.io.StringReader;
+import java.io.UnsupportedEncodingException;
import java.text.DateFormat;
import java.text.ParseException;
import java.util.Date;
import java.util.Properties;
/**
- * This represents a security token which can have either one of 4 states.
- * <ul>
- * <li>ISSUED</li>
- * <li>EXPIRED</li>
- * <li>CACELLED</li>
- * <li>RENEWED</li>
- * </ul>
- * Also this holds the <code>OMElement</code>s representing the token in its
+ * This represents a security token which can have either one of 4 states. <ul> <li>ISSUED</li> <li>EXPIRED</li>
+ * <li>CACELLED</li> <li>RENEWED</li> </ul> Also this holds the <code>OMElement</code>s representing the token in its
* present state and the previous state.
- *
- * These tokens are stored using the storage mechanism provided via the
- * <code>TokenStorage</code> interface.
+ * <p/>
+ * These tokens are stored using the storage mechanism provided via the <code>TokenStorage</code> interface.
+ *
* @see org.apache.rahas.TokenStorage
*/
-public class Token {
-
+public class Token implements Externalizable {
+
+ private static Log log = LogFactory.getLog(Token.class);
+
public final static int ISSUED = 1;
+
public final static int EXPIRED = 2;
+
public final static int CANCELLED = 3;
+
public final static int RENEWED = 4;
-
+
/**
* Token identifier
*/
private String id;
-
+
/**
* Current state of the token
*/
private int state = -1;
-
+
/**
* The actual token in its current state
*/
private OMElement token;
-
+
/**
* The token in its previous state
*/
private OMElement previousToken;
-
+
/**
- * The RequestedAttachedReference element
- * NOTE : The oasis-200401-wss-soap-message-security-1.0 spec allows
- * an extensibility mechanism for wsse:SecurityTokenReference and
- * wsse:Reference. Hence we cannot limit to the
- * wsse:SecurityTokenReference\wsse:Reference case and only hold the URI and
- * the ValueType values.
+ * The RequestedAttachedReference element NOTE : The oasis-200401-wss-soap-message-security-1.0 spec allows an
+ * extensibility mechanism for wsse:SecurityTokenReference and wsse:Reference. Hence we cannot limit to the
+ * wsse:SecurityTokenReference\wsse:Reference case and only hold the URI and the ValueType values.
*/
private OMElement attachedReference;
-
+
/**
- * The RequestedUnattachedReference element
- * NOTE : The oasis-200401-wss-soap-message-security-1.0 spec allows
- * an extensibility mechanism for wsse:SecurityTokenRefence and
- * wsse:Reference. Hence we cannot limit to the
- * wsse:SecurityTokenReference\wsse:Reference case and only hold the URI and
- * the ValueType values.
+ * The RequestedUnattachedReference element NOTE : The oasis-200401-wss-soap-message-security-1.0 spec allows an
+ * extensibility mechanism for wsse:SecurityTokenRefence and wsse:Reference. Hence we cannot limit to the
+ * wsse:SecurityTokenReference\wsse:Reference case and only hold the URI and the ValueType values.
*/
private OMElement unattachedReference;
-
+
/**
* A bag to hold any other properties
*/
- private Properties properties;
+ private Properties properties;
/**
* A flag to assist the TokenStorage
*/
private boolean changed;
-
+
/**
* The secret associated with the Token
*/
private byte[] secret;
-
+
/**
* Created time
*/
private Date created;
-
+
/**
* Expiration time
*/
private Date expires;
-
+
/**
* Issuer end point address
*/
private String issuerAddress;
-
+
private String encrKeySha1Value;
-
+
+ public Token() {
+ }
+
public Token(String id, Date created, Date expires) {
- this.id = id;
- this.created = created;
- this.expires = expires;
+ this.id = id;
+ this.created = created;
+ this.expires = expires;
}
-
- public Token(String id,
- OMElement tokenElem,
- Date created,
- Date expires) throws TrustException {
+
+ public Token(String id, OMElement tokenElem, Date created, Date expires)
+ throws TrustException {
this.id = id;
- StAXOMBuilder stAXOMBuilder = new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(),
- tokenElem.getXMLStreamReader());
+ StAXOMBuilder stAXOMBuilder =
+ new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(), tokenElem.getXMLStreamReader());
stAXOMBuilder.setNamespaceURIInterning(true);
this.token = stAXOMBuilder.getDocumentElement();
this.created = created;
this.expires = expires;
}
- public Token(String id,
- OMElement tokenElem,
- OMElement lifetimeElem) throws TrustException {
+ public Token(String id, OMElement tokenElem, OMElement lifetimeElem)
+ throws TrustException {
this.id = id;
- StAXOMBuilder stAXOMBuilder = new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(),
- tokenElem.getXMLStreamReader());
+ StAXOMBuilder stAXOMBuilder =
+ new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(), tokenElem.getXMLStreamReader());
stAXOMBuilder.setNamespaceURIInterning(true);
this.token = stAXOMBuilder.getDocumentElement();
this.processLifeTime(lifetimeElem);
}
-
+
/**
* @param lifetimeElem
- * @throws TrustException
+ * @throws TrustException
*/
- private void processLifeTime(OMElement lifetimeElem) throws TrustException {
+ private void processLifeTime(OMElement lifetimeElem)
+ throws TrustException {
try {
DateFormat zulu = new XmlSchemaDateFormat();
OMElement createdElem =
- lifetimeElem.getFirstChildWithName(new QName(WSConstants.WSU_NS,
- WSConstants.CREATED_LN));
+ lifetimeElem.getFirstChildWithName(new QName(WSConstants.WSU_NS, WSConstants.CREATED_LN));
this.created = zulu.parse(createdElem.getText());
-
+
OMElement expiresElem =
- lifetimeElem.getFirstChildWithName(new QName(WSConstants.WSU_NS,
- WSConstants.EXPIRES_LN));
+ lifetimeElem.getFirstChildWithName(new QName(WSConstants.WSU_NS, WSConstants.EXPIRES_LN));
this.expires = zulu.parse(expiresElem.getText());
} catch (OMException e) {
- throw new TrustException("lifeTimeProcessingError",
- new String[]{lifetimeElem.toString()}, e);
+ throw new TrustException("lifeTimeProcessingError", new String[]{lifetimeElem.toString()}, e);
} catch (ParseException e) {
- throw new TrustException("lifeTimeProcessingError",
- new String[]{lifetimeElem.toString()}, e);
+ throw new TrustException("lifeTimeProcessingError", new String[]{lifetimeElem.toString()}, e);
}
}
@@ -192,7 +197,7 @@ public class Token {
public void setChanged(boolean chnaged) {
this.changed = chnaged;
}
-
+
/**
* @return Returns the properties.
*/
@@ -253,8 +258,8 @@ public class Token {
* @param presivousToken The presivousToken to set.
*/
public void setPreviousToken(OMElement presivousToken) {
- this.previousToken = new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(),
- presivousToken.getXMLStreamReader()).getDocumentElement();
+ this.previousToken = new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(), presivousToken.getXMLStreamReader())
+ .getDocumentElement();
}
/**
@@ -282,9 +287,9 @@ public class Token {
* @param attachedReference The attachedReference to set.
*/
public void setAttachedReference(OMElement attachedReference) {
- if(attachedReference != null) {
- this.attachedReference = new StAXOMBuilder(DOOMAbstractFactory
- .getOMFactory(), attachedReference.getXMLStreamReader())
+ if (attachedReference != null) {
+ this.attachedReference =
+ new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(), attachedReference.getXMLStreamReader())
.getDocumentElement();
}
}
@@ -300,9 +305,9 @@ public class Token {
* @param unattachedReference The unattachedReference to set.
*/
public void setUnattachedReference(OMElement unattachedReference) {
- if(unattachedReference != null) {
- this.unattachedReference = new StAXOMBuilder(DOOMAbstractFactory
- .getOMFactory(), unattachedReference.getXMLStreamReader())
+ if (unattachedReference != null) {
+ this.unattachedReference =
+ new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(), unattachedReference.getXMLStreamReader())
.getDocumentElement();
}
}
@@ -335,4 +340,150 @@ public class Token {
public void setIssuerAddress(String issuerAddress) {
this.issuerAddress = issuerAddress;
}
+
+ /**
+ * Implementing serialize logic according to our own protocol. We had to follow this, because
+ * OMElement class is not serializable. Making OMElement serializable will have an huge impact
+ * on other components. Therefore implementing serialization logic according to a manual
+ * protocol.
+ * @param out Stream which writes serialized bytes.
+ * @throws IOException If unable to serialize particular member.
+ */
+ public void writeExternal(ObjectOutput out)
+ throws IOException {
+
+ out.writeObject(this.id);
+
+ out.writeInt(this.state);
+
+ String stringElement = convertOMElementToString(this.token);
+ out.writeObject(stringElement);
+
+ stringElement = convertOMElementToString(this.previousToken);
+ out.writeObject(stringElement);
+
+ stringElement = convertOMElementToString(this.attachedReference);
+ out.writeObject(stringElement);
+
+ stringElement = convertOMElementToString(this.unattachedReference);
+ out.writeObject(stringElement);
+
+ out.writeObject(this.properties);
+
+ out.writeBoolean(this.changed);
+
+ int secretLength = 0;
+ if (null != this.secret) {
+ secretLength = this.secret.length;
+ }
+
+ // First write the length of secret
+ out.writeInt(secretLength);
+ if (0 != secretLength) {
+ out.write(this.secret);
+ }
+
+ out.writeObject(this.created);
+
+ out.writeObject(this.expires);
+
+ out.writeObject(this.issuerAddress);
+
+ out.writeObject(this.encrKeySha1Value);
+ }
+
+ /**
+ * Implementing de-serialization logic in accordance with the serialization logic.
+ * @param in Stream which used to read data.
+ * @throws IOException If unable to de-serialize particular data member.
+ * @throws ClassNotFoundException
+ */
+ public void readExternal(ObjectInput in)
+ throws IOException, ClassNotFoundException {
+
+ this.id = (String)in.readObject();
+
+ this.state = in.readInt();
+
+ String stringElement = (String)in.readObject();
+ this.token = convertStringToOMElement(stringElement);
+
+ stringElement = (String)in.readObject();
+ this.previousToken = convertStringToOMElement(stringElement);
+
+ stringElement = (String)in.readObject();
+ this.attachedReference = convertStringToOMElement(stringElement);
+
+ stringElement = (String)in.readObject();
+ this.unattachedReference = convertStringToOMElement(stringElement);
+
+ this.properties = (Properties)in.readObject();
+
+ this.changed = in.readBoolean();
+
+ // Read the length of the secret
+ int secretLength = in.readInt();
+
+ if (0 != secretLength) {
+ byte[] buffer = new byte[secretLength];
+ if (secretLength != in.read(buffer)) {
+ throw new IllegalStateException("Bytes read from the secret key is not equal to serialized length");
+ }
+ this.secret = buffer;
+ }else{
+ this.secret = null;
+ }
+
+ this.created = (Date)in.readObject();
+
+ this.expires = (Date)in.readObject();
+
+ this.issuerAddress = (String)in.readObject();
+
+ this.encrKeySha1Value = (String)in.readObject();
+ }
+
+ private String convertOMElementToString(OMElement element)
+ throws IOException {
+ String serializedToken = "";
+
+ if (null == element) {
+ return serializedToken;
+ }
+
+ try {
+ serializedToken = element.toStringWithConsume();
+ } catch (XMLStreamException e) {
+ throw new IOException("Could not serialize token OM element");
+ }
+
+ return serializedToken;
+ }
+
+ private OMElement convertStringToOMElement(String stringElement)
+ throws IOException {
+
+ if (null == stringElement || stringElement.trim().equals("")) {
+ return null;
+ }
+
+ try {
+ Reader in = new StringReader(stringElement);
+ XMLStreamReader parser = XMLInputFactory.newInstance().createXMLStreamReader(in);
+ StAXOMBuilder builder = new StAXOMBuilder(parser);
+ OMElement documentElement = builder.getDocumentElement();
+
+ XMLStreamReader llomReader = documentElement.getXMLStreamReader();
+ OMFactory doomFactory = DOOMAbstractFactory.getOMFactory();
+ StAXOMBuilder doomBuilder = new StAXOMBuilder(doomFactory, llomReader);
+ return doomBuilder.getDocumentElement();
+
+ } catch (XMLStreamException e) {
+ log.error("Cannot convert de-serialized string to OMElement. Could not create XML stream.", e);
+ // IOException only has a constructor supporting exception chaining starting with Java 1.6
+ IOException ex = new IOException("Cannot convert de-serialized string to OMElement. Could not create XML stream.");
+ ex.initCause(e);
+ throw ex;
+ }
+ }
}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java b/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
index 0817868..01ad8ad 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
@@ -17,10 +17,9 @@
package org.apache.rahas.client;
import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Vector;
+import java.util.*;
+import java.text.DateFormat;
+import java.text.ParseException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
@@ -29,6 +28,7 @@ import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMNode;
+import org.apache.axiom.om.OMException;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
import org.apache.axiom.om.util.Base64;
@@ -66,6 +66,7 @@ import org.apache.ws.security.conversation.dkalgo.P_SHA1;
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.processor.EncryptedKeyProcessor;
import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.ws.security.util.XmlSchemaDateFormat;
import org.w3c.dom.Element;
public class STSClient {
@@ -142,10 +143,14 @@ public class STSClient {
//Process the STS and service policy policy
this.processPolicy(issuerPolicy, servicePolicy);
- OMElement response = client.sendReceive(rstQn,
- createIssueRequest(requestType, appliesTo));
-
- return processIssueResponse(version, response, issuerAddress);
+ try {
+ OMElement response = client.sendReceive(rstQn,
+ createIssueRequest(requestType, appliesTo));
+
+ return processIssueResponse(version, response, issuerAddress);
+ } finally {
+ client.cleanupTransport();
+ }
} catch (AxisFault e) {
log.error("errorInObtainingToken", e);
throw new TrustException("errorInObtainingToken", new String[]{issuerAddress},e);
@@ -243,7 +248,120 @@ public class STSClient {
}
}
-
+
+ /**
+ * Renews the token referenced by the token id, updates the token store
+ * @param tokenId
+ * @param issuerAddress
+ * @param issuerPolicy
+ * @param store
+ * @return status
+ * @throws TrustException
+ */
+ public boolean renewToken(String tokenId,
+ String issuerAddress,
+ Policy issuerPolicy, TokenStorage store) throws TrustException {
+
+ try {
+ QName rstQn = new QName("requestSecurityToken");
+
+ ServiceClient client = getServiceClient(rstQn, issuerAddress);
+
+ client.getServiceContext().setProperty(RAMPART_POLICY, issuerPolicy);
+ client.getOptions().setSoapVersionURI(this.soapVersion);
+ if (this.addressingNs != null) {
+ client.getOptions().setProperty(AddressingConstants.WS_ADDRESSING_VERSION, this.addressingNs);
+ }
+ client.engageModule("addressing");
+ client.engageModule("rampart");
+
+ this.processPolicy(issuerPolicy, null);
+
+ String tokenType = RahasConstants.TOK_TYPE_SAML_10;
+
+ OMElement response = client.sendReceive(rstQn,
+ createRenewRequest(tokenType, tokenId));
+ store.update(processRenewResponse(version, response, store, tokenId));
+
+ return true;
+
+ } catch (AxisFault e) {
+ log.error("errorInRenewingToken", e);
+ throw new TrustException("errorInRenewingToken", new String[]{issuerAddress}, e);
+ }
+
+ }
+
+ /**
+ * Processes the response and update the token store
+ * @param version
+ * @param elem
+ * @param store
+ * @param id
+ * @return
+ * @throws TrustException
+ */
+ private Token processRenewResponse(int version, OMElement elem, TokenStorage store, String id) throws TrustException {
+ OMElement rstr = elem;
+ if (version == RahasConstants.VERSION_05_12) {
+ //The WS-SX result will be an RSTRC
+ rstr = elem.getFirstElement();
+ }
+ //get the corresponding WS-Trust NS
+ String ns = TrustUtil.getWSTNamespace(version);
+
+ //Get the RequestedAttachedReference
+ OMElement reqSecToken = rstr.getFirstChildWithName(new QName(
+ ns, RahasConstants.IssuanceBindingLocalNames.REQUESTED_SECURITY_TOKEN));
+
+ if (reqSecToken == null) {
+ throw new TrustException("reqestedSecTokMissing");
+ }
+
+ //Extract the life-time element
+ OMElement lifeTimeEle = rstr.getFirstChildWithName(new QName(
+ ns, RahasConstants.IssuanceBindingLocalNames.LIFETIME));
+
+ if (lifeTimeEle == null) {
+ throw new TrustException("lifeTimeElemMissing");
+ }
+
+ //update the existing token
+ OMElement tokenElem = reqSecToken.getFirstElement();
+ Token token = store.getToken(id);
+ token.setPreviousToken(token.getToken());
+ token.setToken(tokenElem);
+ token.setState(Token.RENEWED);
+ token.setExpires(extractExpiryDate(lifeTimeEle));
+
+ return token;
+ }
+
+ /**
+ * extracts the expiry date from the Lifetime element of the RSTR
+ * @param lifetimeElem
+ * @return
+ * @throws TrustException
+ */
+ private Date extractExpiryDate(OMElement lifetimeElem) throws TrustException {
+ try {
+ DateFormat zulu = new XmlSchemaDateFormat();
+
+ OMElement expiresElem =
+ lifetimeElem.getFirstChildWithName(new QName(WSConstants.WSU_NS,
+ WSConstants.EXPIRES_LN));
+ Date expires = zulu.parse(expiresElem.getText());
+ return expires;
+ } catch (OMException e) {
+ throw new TrustException("lifeTimeProcessingError",
+ new String[]{lifetimeElem.toString()}, e);
+ } catch (ParseException e) {
+ throw new TrustException("lifeTimeProcessingError",
+ new String[]{lifetimeElem.toString()}, e);
+ }
+ }
+
+
private ServiceClient getServiceClient(QName rstQn,
String issuerAddress) throws AxisFault {
AxisService axisService =
@@ -429,6 +547,11 @@ public class STSClient {
} else {
//Return wsu:Id of the token element
id = token.getAttributeValue(new QName(WSConstants.WSU_NS, "Id"));
+ if ( id == null )
+ {
+ // If we are dealing with a SAML Assetion, look for AssertionID.
+ id = token.getAttributeValue(new QName( "AssertionID"));
+ }
}
return id;
}
@@ -794,7 +917,7 @@ public class STSClient {
this.rstTemplate = rstTemplate;
}
- private class CBHandler implements CallbackHandler {
+ private static class CBHandler implements CallbackHandler {
private String passwd;
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties b/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties
index b092afa..b69ed71 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties
@@ -85,4 +85,6 @@ tokenNotFound = Token with ID \"{0}\" cannot be found
configurationIsNull = Configuration is null
errorInCancelingToken = Error occurred while trying to cancel token
-errorExtractingTokenId = Error occurred while extracting token id from the Security Token Reference
\ No newline at end of file
+errorExtractingTokenId = Error occurred while extracting token id from the Security Token Reference
+lifeTimeElemMissing = Lifetime element is missing in the RSTR
+lifeTimeElemMissing = Lifetime element is missing in the RSTR
\ No newline at end of file
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java
index c39f47a..e6f7b2c 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java
@@ -16,72 +16,72 @@
package org.apache.rahas.impl;
-import org.apache.rahas.*;
-import org.apache.rahas.TrustException;
-import org.apache.rahas.impl.util.SignKeyHolder;
-import org.apache.rahas.impl.util.SAMLAttributeCallback;
-import org.apache.rahas.impl.util.SAMLCallbackHandler;
-import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMNode;
-import org.apache.axiom.om.util.UUIDGenerator;
import org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl;
+import org.apache.axiom.om.util.UUIDGenerator;
+import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.description.Parameter;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.*;
+import org.apache.rahas.impl.util.SAMLAttributeCallback;
+import org.apache.rahas.impl.util.SAMLCallbackHandler;
+import org.apache.rahas.impl.util.SignKeyHolder;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.message.WSSecEncryptedKey;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.util.Base64;
+import org.apache.ws.security.util.Loader;
import org.apache.ws.security.util.XmlSchemaDateFormat;
-import org.apache.xml.security.utils.EncryptionConstants;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.signature.XMLSignature;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.opensaml.*;
+import org.apache.xml.security.utils.EncryptionConstants;
+import org.joda.time.DateTime;
import org.opensaml.Configuration;
-import org.opensaml.saml1.core.NameIdentifier;
-import org.opensaml.xml.*;
-import org.opensaml.xml.schema.impl.XSStringBuilder;
-import org.opensaml.xml.schema.XSString;
-import org.opensaml.xml.security.x509.X509Credential;
-import org.opensaml.xml.signature.*;
-import org.opensaml.xml.io.*;
-import org.opensaml.common.SAMLVersion;
+import org.opensaml.DefaultBootstrap;
+import org.opensaml.SAMLException;
import org.opensaml.common.SAMLObjectBuilder;
-import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.common.SAMLVersion;
+import org.opensaml.saml1.core.NameIdentifier;
+import org.opensaml.saml2.core.*;
import org.opensaml.saml2.core.impl.AssertionBuilder;
+import org.opensaml.saml2.core.impl.ConditionsBuilder;
import org.opensaml.saml2.core.impl.IssuerBuilder;
import org.opensaml.saml2.core.impl.NameIDBuilder;
-import org.opensaml.saml2.core.impl.SubjectBuilder;
-import org.opensaml.saml2.core.*;
-import org.opensaml.saml2.metadata.EntitiesDescriptor;
-import org.joda.time.DateTime;
+import org.opensaml.xml.ConfigurationException;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.XMLObjectBuilder;
+import org.opensaml.xml.XMLObjectBuilderFactory;
+import org.opensaml.xml.io.*;
+import org.opensaml.xml.schema.XSString;
+import org.opensaml.xml.schema.impl.XSStringBuilder;
+import org.opensaml.xml.signature.*;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import org.w3c.dom.Text;
import org.w3c.dom.Node;
+import org.w3c.dom.Text;
+import org.w3c.dom.bootstrap.DOMImplementationRegistry;
import org.w3c.dom.ls.DOMImplementationLS;
import org.w3c.dom.ls.LSOutput;
import org.w3c.dom.ls.LSSerializer;
-import org.w3c.dom.bootstrap.DOMImplementationRegistry;
import javax.xml.namespace.QName;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.DocumentBuilder;
-import java.util.Date;
-import java.util.List;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.security.cert.X509Certificate;
-import java.security.cert.CertificateEncodingException;
-import java.security.PrivateKey;
-import java.text.DateFormat;
-import java.io.InputStream;
+import javax.xml.parsers.DocumentBuilderFactory;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
+import java.security.PrivateKey;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.X509Certificate;
+import java.text.DateFormat;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Date;
+import java.util.List;
public class SAML2TokenIssuer implements TokenIssuer {
@@ -97,8 +97,24 @@ public class SAML2TokenIssuer implements TokenIssuer {
private boolean isSymmetricKeyBasedHoK = false;
- private Log log = LogFactory.getLog(SAML2TokenIssuer.class);
+ private static Log log = LogFactory.getLog(SAML2TokenIssuer.class);
+ static {
+ try {
+ // Set the "javax.xml.parsers.DocumentBuilderFactory" system property
+ // to the endorsed JAXP impl.
+ System.setProperty("javax.xml.parsers.DocumentBuilderFactory",
+ "org.apache.xerces.jaxp.DocumentBuilderFactoryImpl");
+ DefaultBootstrap.bootstrap();
+ } catch (ConfigurationException e) {
+ log.error("SAML2TokenIssuerBootstrapError", e);
+ throw new RuntimeException(e);
+ } finally {
+ // Unset the DOM impl to default
+ DocumentBuilderFactoryImpl.setDOOMRequired(false);
+ }
+ }
+
public SOAPEnvelope issue(RahasData data) throws TrustException {
MessageContext inMsgCtx = data.getInMessageContext();
@@ -158,14 +174,6 @@ public class SAML2TokenIssuer implements TokenIssuer {
keySize = (keySize == -1) ? config.keySize : keySize;
- // Set the "javax.xml.parsers.DocumentBuilderFactory" sys. property to the endorsed JAMP impl.
- String property = System.getProperty("javax.xml.parsers.DocumentBuilderFactory");
- System.setProperty("javax.xml.parsers.DocumentBuilderFactory", "org.apache.xerces.jaxp.DocumentBuilderFactoryImpl");
-
-
- //start building SAML 2.0 token
- DefaultBootstrap.bootstrap();
-
//Build the assertion
AssertionBuilder assertionBuilder = new AssertionBuilder();
Assertion assertion = assertionBuilder.buildObject();
@@ -191,6 +199,11 @@ public class SAML2TokenIssuer implements TokenIssuer {
Date creationTime = creationDate.toDate();
Date expirationTime = expirationDate.toDate();
+ Conditions conditions = new ConditionsBuilder().buildObject();
+ conditions.setNotBefore(creationDate);
+ conditions.setNotOnOrAfter(expirationDate);
+ assertion.setConditions(conditions);
+
// Create the subject
Subject subject = createSubject(config, doc, crypto, creationDate, expirationDate, data);
@@ -443,10 +456,9 @@ public class SAML2TokenIssuer implements TokenIssuer {
x509CertElem.appendChild(base64CertText);
Element x509DataElem = doc.createElementNS(WSConstants.SIG_NS,
"ds:X509Data");
- x509DataElem.appendChild(x509CertElem);
-
-
+
if (x509DataElem != null) {
+ x509DataElem.appendChild(x509CertElem);
keyInfoElem = doc.createElementNS(WSConstants.SIG_NS, "ds:KeyInfo");
((OMElement) x509DataElem).declareNamespace(
WSConstants.SIG_NS, WSConstants.SIG_PREFIX);
@@ -596,7 +608,7 @@ public class SAML2TokenIssuer implements TokenIssuer {
* @return
* @throws TrustException
*/
- public SignKeyHolder createSignKeyHolder(SAMLTokenIssuerConfig config, Crypto crypto) throws TrustException {
+ private SignKeyHolder createSignKeyHolder(SAMLTokenIssuerConfig config, Crypto crypto) throws TrustException {
SignKeyHolder signKeyHolder = new SignKeyHolder();
@@ -634,28 +646,52 @@ public class SAML2TokenIssuer implements TokenIssuer {
* @return
* @throws SAMLException
*/
- public AttributeStatement createAttributeStatement(RahasData data, SAMLTokenIssuerConfig config) throws SAMLException {
+ private AttributeStatement createAttributeStatement(RahasData data, SAMLTokenIssuerConfig config) throws SAMLException, TrustException {
XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
SAMLObjectBuilder<AttributeStatement> attrStmtBuilder =
(SAMLObjectBuilder<AttributeStatement>) builderFactory.getBuilder(AttributeStatement.DEFAULT_ELEMENT_NAME);
+ SAMLObjectBuilder<Attribute> attrBuilder =
+ (SAMLObjectBuilder<Attribute>) builderFactory.getBuilder(Attribute.DEFAULT_ELEMENT_NAME);
+
AttributeStatement attrstmt = attrStmtBuilder.buildObject();
Attribute[] attributes = null;
//Call the attribute callback handlers to get any attributes if exists
- if (config.getCallbackHander() != null) {
+ if (config.getCallbackHandler() != null) {
SAMLAttributeCallback cb = new SAMLAttributeCallback(data);
- SAMLCallbackHandler handler = config.getCallbackHander();
+ SAMLCallbackHandler handler = config.getCallbackHandler();
handler.handle(cb);
attributes = cb.getSAML2Attributes();
}
+ else if (config.getCallbackHandlerName() != null
+ && config.getCallbackHandlerName().trim().length() > 0) {
+ SAMLAttributeCallback cb = new SAMLAttributeCallback(data);
+ SAMLCallbackHandler handler = null;
+ MessageContext msgContext = data.getInMessageContext();
+ ClassLoader classLoader = msgContext.getAxisService().getClassLoader();
+ Class cbClass = null;
+ try {
+ cbClass = Loader.loadClass(classLoader, config.getCallbackHandlerName());
+ } catch (ClassNotFoundException e) {
+ throw new TrustException("cannotLoadPWCBClass", new String[]{config
+ .getCallbackHandlerName()}, e);
+ }
+ try {
+ handler = (SAMLCallbackHandler) cbClass.newInstance();
+ } catch (java.lang.Exception e) {
+ throw new TrustException("cannotCreatePWCBInstance", new String[]{config
+ .getCallbackHandlerName()}, e);
+ }
+ handler.handle(cb);
+ attributes = cb.getSAML2Attributes();
+ // else add the attribute with a default value
+ }
//else add the attribute with a default value
else {
- SAMLObjectBuilder<Attribute> attrBuilder =
- (SAMLObjectBuilder<Attribute>) builderFactory.getBuilder(Attribute.DEFAULT_ELEMENT_NAME);
Attribute attribute = attrBuilder.buildObject();
attribute.setName("Name");
attribute.setNameFormat("urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified");
@@ -685,7 +721,7 @@ public class SAML2TokenIssuer implements TokenIssuer {
* @param data
* @return
*/
- public AuthnStatement createAuthnStatement(RahasData data) {
+ private AuthnStatement createAuthnStatement(RahasData data) {
XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
MessageContext inMsgCtx = data.getInMessageContext();
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java
index df94336..d5aef05 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java
@@ -254,10 +254,10 @@ public class SAMLTokenIssuer implements TokenIssuer {
// In the case where the principal is a UT
if (principal instanceof WSUsernameTokenPrincipal) {
SAMLNameIdentifier nameId = null;
- if(config.getCallbackHander() != null){
+ if(config.getCallbackHandler() != null){
SAMLNameIdentifierCallback cb = new SAMLNameIdentifierCallback(data);
cb.setUserId(principal.getName());
- SAMLCallbackHandler callbackHandler = config.getCallbackHander();
+ SAMLCallbackHandler callbackHandler = config.getCallbackHandler();
callbackHandler.handle(cb);
nameId = cb.getNameId();
}else{
@@ -338,7 +338,7 @@ public class SAMLTokenIssuer implements TokenIssuer {
String subjectNameId = data.getPrincipal().getName();
SAMLNameIdentifier nameId = new SAMLNameIdentifier(
- subjectNameId, null, SAMLNameIdentifier.FORMAT_EMAIL);
+ subjectNameId, null, SAMLNameIdentifier.FORMAT_X509);
// Create the ds:KeyValue element with the ds:X509Data
X509Certificate clientCert = data.getClientCert();
@@ -432,9 +432,9 @@ public class SAMLTokenIssuer implements TokenIssuer {
SAMLAttribute[] attrs = null;
- if(config.getCallbackHander() != null){
+ if(config.getCallbackHandler() != null){
SAMLAttributeCallback cb = new SAMLAttributeCallback(data);
- SAMLCallbackHandler handler = config.getCallbackHander();
+ SAMLCallbackHandler handler = config.getCallbackHandler();
handler.handle(cb);
attrs = cb.getAttributes();
} else if (config.getCallbackHandlerName() != null
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
index c899fa7..7182a03 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
@@ -98,7 +98,7 @@ public class SAMLTokenIssuerConfig extends AbstractIssuerConfig {
protected String issuerName;
protected Map trustedServices = new HashMap();
protected String trustStorePropFile;
- protected SAMLCallbackHandler callbackHander;
+ protected SAMLCallbackHandler callbackHandler;
protected String callbackHandlerName;
/**
@@ -258,7 +258,7 @@ public class SAMLTokenIssuerConfig extends AbstractIssuerConfig {
try {
String value = attrElemet.getText();
Class handlerClass = Class.forName(value);
- this.callbackHander = (SAMLCallbackHandler)handlerClass.newInstance();
+ this.callbackHandler = (SAMLCallbackHandler)handlerClass.newInstance();
} catch (ClassNotFoundException e) {
log.debug("Error loading class" , e);
throw new TrustException("Error loading class" , e);
@@ -300,6 +300,9 @@ public class SAMLTokenIssuerConfig extends AbstractIssuerConfig {
OMElement callbackHandlerName = fac.createOMElement(ATTR_CALLBACK_HANDLER_NAME, configElem);
callbackHandlerName.setText(this.callbackHandlerName);
+ OMElement timeToLive = fac.createOMElement(TTL, configElem);
+ timeToLive.setText(String.valueOf(this.ttl));
+
configElem.addChild(this.cryptoPropertiesElement);
OMElement keySizeElem = fac.createOMElement(KEY_SIZE, configElem);
@@ -405,12 +408,22 @@ public class SAMLTokenIssuerConfig extends AbstractIssuerConfig {
return trustedServices;
}
+ @Deprecated
public SAMLCallbackHandler getCallbackHander() {
- return callbackHander;
+ return callbackHandler;
+ }
+
+ @Deprecated
+ public void setCallbackHander(SAMLCallbackHandler callbackHandler) {
+ this.callbackHandler = callbackHandler;
+ }
+
+ public SAMLCallbackHandler getCallbackHandler() {
+ return callbackHandler;
}
- public void setCallbackHander(SAMLCallbackHandler callbackHander) {
- this.callbackHander = callbackHander;
+ public void setCallbackHandler(SAMLCallbackHandler callbackHandler) {
+ this.callbackHandler = callbackHandler;
}
public String getCallbackHandlerName() {
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java
index d9d93da..3e46669 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java
@@ -55,6 +55,8 @@ import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.cert.X509Certificate;
+import java.util.Iterator;
+import java.util.List;
public class SAML2Utils {
@@ -194,14 +196,24 @@ public class SAML2Utils {
}
// Get the subject confirmation data, KeyInfoConfirmationDataType extends SubjectConfirmationData.
- KeyInfoConfirmationDataType scData = (KeyInfoConfirmationDataType) subjectConf.getSubjectConfirmationData();
+ SubjectConfirmationData scData = subjectConf.getSubjectConfirmationData();
+
if (scData == null) {
throw new WSSecurityException(WSSecurityException.FAILURE,
"invalidSAML2Token", new Object[]{"for Signature (no Subject Confirmation Data)"});
}
// Get the SAML specific XML representation of the keyInfo object
- XMLObject KIElem = scData.getKeyInfos() != null ? (XMLObject) scData.getKeyInfos().get(0) : null;
+ XMLObject KIElem = null;
+ List<XMLObject> scDataElements = scData.getOrderedChildren();
+ Iterator<XMLObject> iterator = scDataElements.iterator();
+ while (iterator.hasNext()) {
+ XMLObject xmlObj = iterator.next();
+ if (xmlObj instanceof org.opensaml.xml.signature.KeyInfo) {
+ KIElem = xmlObj;
+ break;
+ }
+ }
Element keyInfoElement;
@@ -259,8 +271,8 @@ public class SAML2Utils {
}
- // If an authn stmt is presentm then it has a public key.
- else if (authnStmt != null) {
+ // If an authn stmt is present then it has a public key.
+ if (authnStmt != null) {
X509Certificate[] certs = null;
try {
@@ -286,10 +298,6 @@ public class SAML2Utils {
new Object[]{"cannot get certificate (key holder)"}, e3);
}
- } else {
- throw new WSSecurityException(WSSecurityException.FAILURE,
- "invalidSAMLsecurity",
- new Object[]{"cannot get certificate or key "});
}
diff --git a/pom.xml b/pom.xml
index b4682f3..9ebbe78 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,6 +3,11 @@
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache</groupId>
+ <artifactId>apache</artifactId>
+ <version>7</version>
+ </parent>
<groupId>org.apache.rampart</groupId>
<artifactId>rampart-project</artifactId>
<packaging>pom</packaging>
@@ -31,10 +36,10 @@
<mailingLists>
<mailingList>
<name>Rampart Developers</name>
- <subscribe>rampart-dev-subscribe@ws.apache.org</subscribe>
- <unsubscribe>rampart-dev-unsubscribe@ws.apache.org</unsubscribe>
- <post>rampart-dev@ws.apache.org</post>
- <archive>http://mail-archives.apache.org/mod_mbox/ws-rampart-dev/</archive>
+ <subscribe>java-dev-subscribe@axis.apache.org</subscribe>
+ <unsubscribe>java-dev-unsubscribe@axis.apache.org</unsubscribe>
+ <post>java-dev@axis.apache.org</post>
+ <archive>http://mail-archives.apache.org/mod_mbox/axis-java-dev/</archive>
<otherArchives>
<otherArchive>http://markmail.org/search/list:org.apache.ws.rampart-dev</otherArchive>
</otherArchives>
@@ -65,61 +70,42 @@
<developer>
<name>Davanum Srinivas</name>
<id>dims</id>
- <email>dims AT wso2.com</email>
- <organization>WSO2</organization>
+ <email>dims AT apache.org</email>
+ <organization>IBM</organization>
</developer>
<developer>
<name>Nandana Mihindukulasooriya</name>
<id>nandana</id>
- <email>nandana AT wso2.com</email>
- <organization>WSO2</organization>
+ <email>nandana AT apache.org</email>
+ <organization></organization>
</developer>
</developers>
<scm>
<connection>
- scm:svn:https://svn.apache.org/repos/asf/webservices/rampart/trunk/java
+ scm:svn:https://svn.apache.org/repos/asf/axis/axis2/java/rampart/trunk
</connection>
<developerConnection>
- scm:svn:https://svn.apache.org/repos/asf/webservices/rampart/trunk/java
+ scm:svn:https://svn.apache.org/repos/asf/axis/axis2/java/rampart/trunk
</developerConnection>
- <url>https://svn.apache.org/repos/asf/webservices/rampart/trunk/java</url>
+ <url>https://svn.apache.org/repos/asf/axis/axis2/java/rampart/trunk</url>
</scm>
<repositories>
-
- <repository>
- <releases>
- <enabled>false</enabled>
- <updatePolicy>always</updatePolicy>
- <checksumPolicy>warn</checksumPolicy>
- </releases>
+
+ <repository>
+ <id>wso2-maven2-repository</id>
+ <name>WSO2 Maven2 Repository</name>
+ <url>http://dist.wso2.org/maven2</url>
<snapshots>
- <enabled>true</enabled>
- <updatePolicy>never</updatePolicy>
- <checksumPolicy>fail</checksumPolicy>
+ <enabled>false</enabled>
</snapshots>
- <id>apache-snapshots</id>
- <name>Apache Maven2 SNAPSHOTS</name>
- <url>http://people.apache.org/repo/m2-snapshot-repository</url>
- <layout>default</layout>
- </repository>
-
- <repository>
<releases>
<enabled>true</enabled>
- <updatePolicy>always</updatePolicy>
- <checksumPolicy>warn</checksumPolicy>
- </releases>
- <snapshots>
- <enabled>true</enabled>
<updatePolicy>never</updatePolicy>
- <checksumPolicy>warn</checksumPolicy>
- </snapshots>
- <id>apache-ws-zones2</id>
- <name>Apache ws.zones - 2</name>
- <url>http://ws.zones.apache.org/repository2</url>
+ <checksumPolicy>fail</checksumPolicy>
+ </releases>
</repository>
<repository>
@@ -194,7 +180,7 @@
<dependencies>
- <!-- Axis2 Dependencies -->
+ <!-- Axis2 and Axiom Dependencies -->
<dependency>
<groupId>org.apache.axis2</groupId>
<artifactId>axis2-kernel</artifactId>
@@ -216,15 +202,34 @@
<groupId>org.apache.axis2</groupId>
<artifactId>addressing</artifactId>
<type>mar</type>
- <version>${addressing.mar.version}</version>
+ <version>${axis2.version}</version>
<scope>compile</scope>
</dependency>
+ <dependency>
+ <groupId>org.apache.ws.commons.axiom</groupId>
+ <artifactId>axiom-dom</artifactId>
+ </dependency>
<!-- Other Rampart Dependencies -->
<dependency>
<groupId>org.apache.ws.security</groupId>
<artifactId>wss4j</artifactId>
<version>${wss4j.version}</version>
+ <exclusions>
+ <!-- We exclude xalan:xalan as a transitive dependency, but include
+ org.apache.xalan:xalan as a direct dependency. This avoids
+ conflicts with the dependencies of org.opensaml:opensaml
+ (which uses org.apache.xalan:xalan). -->
+ <exclusion>
+ <artifactId>xalan</artifactId>
+ <groupId>xalan</groupId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.xalan</groupId>
+ <artifactId>xalan</artifactId>
+ <version>2.7.1</version>
</dependency>
<dependency>
<groupId>org.apache.santuario</groupId>
@@ -234,18 +239,23 @@
<dependency>
<groupId>opensaml</groupId>
<artifactId>opensaml</artifactId>
- <version>1.1</version>
+ <version>1.1.406</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml</artifactId>
+ <version>2.2.3</version>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-jdk14</artifactId>
+ <version>1.5.2</version>
+ </dependency>
+ <dependency>
+ <groupId>commons-lang</groupId>
+ <artifactId>commons-lang</artifactId>
+ <version>2.3</version>
</dependency>
- <dependency>
- <groupId>org.opensaml</groupId>
- <artifactId>opensaml</artifactId>
- <version>2.2.3</version>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-jdk14</artifactId>
- <version>1.5.2</version>
- </dependency>
<dependency>
<groupId>log4j</groupId>
@@ -290,6 +300,27 @@
</dependencies>
+ <dependencyManagement>
+ <dependencies>
+ <!-- Since Rampart depends on DOOM, but axiom-dom is not a transitive
+ dependency, we need to manage the Axiom version. -->
+ <dependency>
+ <groupId>org.apache.ws.commons.axiom</groupId>
+ <artifactId>axiom-api</artifactId>
+ <version>${axiom.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.ws.commons.axiom</groupId>
+ <artifactId>axiom-impl</artifactId>
+ <version>${axiom.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.ws.commons.axiom</groupId>
+ <artifactId>axiom-dom</artifactId>
+ <version>${axiom.version}</version>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
<profiles>
<profile>
@@ -333,34 +364,6 @@
<module>modules/distribution</module>
</modules>
</profile>
-
- <profile>
- <id>axiom-managed</id>
- <activation>
- <property>
- <name>axiom.version</name>
- </property>
- </activation>
- <dependencyManagement>
- <dependencies>
- <dependency>
- <groupId>org.apache.ws.commons.axiom</groupId>
- <artifactId>axiom-api</artifactId>
- <version>${axiom.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.ws.commons.axiom</groupId>
- <artifactId>axiom-impl</artifactId>
- <version>${axiom.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.ws.commons.axiom</groupId>
- <artifactId>axiom-dom</artifactId>
- <version>${axiom.version}</version>
- </dependency>
- </dependencies>
- </dependencyManagement>
- </profile>
</profiles>
<modules>
@@ -379,11 +382,10 @@
<rampart.mar.version>SNAPSHOT</rampart.mar.version>
<rahas.mar.version>SNAPSHOT</rahas.mar.version>
- <axis2.version>SNAPSHOT</axis2.version>
- <axis2.transport.version>1.0-SNAPSHOT</axis2.transport.version>
- <addressing.mar.version>1.5</addressing.mar.version>
+ <axis2.version>1.5.3</axis2.version>
+ <axiom.version>1.2.10</axiom.version>
- <wss4j.version>1.5.8</wss4j.version>
+ <wss4j.version>1.5.10</wss4j.version>
<xmlsec.version>1.4.2</xmlsec.version>
<opensaml.version>1.1</opensaml.version>
diff --git a/release-docs/ChangeLog.txt b/release-docs/ChangeLog.txt
index 5d25017..d099558 100644
--- a/release-docs/ChangeLog.txt
+++ b/release-docs/ChangeLog.txt
@@ -1,8 +1,73 @@
This file contains a listing of all Jira issues that have been closed
for a given release.
-Release 1.5
-===========
+Release 1.5.1 - 23 Dec 2010
+===========================
+
+** Bug
+ * [RAMPART-316] - commons-lang jar is not available with Axis2 which breaks Sample-08
+ * [RAMPART-315] - Sample-06 is not working in the current trunk
+ * [RAMPART-181] - OptimizePartsConfig does not open namespace tag when serializing the assertion
+ * [RAMPART-186] - Password call back not copied over when the call back is set via a parameter to the axis Service (Secure conversation)
+ * [RAMPART-174] - Rampart module says true to all assertions when canSupportAssertion is called
+ * [RAMPART-202] - RampartEngine throws ClassCastException retrieving SOAPHeaderBlocks
+ * [RAMPART-212] - WSSecurityException: Error in converting SOAP Envelope to Document
+ * [RAMPART-314] - Rampart distribution does not contain OpenSAML 1.1 jars
+ * [RAMPART-198] - Rampart 1.4 assumes WSS10 or WSS11 to be present in the policy
+ * [RAMPART-273] - multiple rampart samples doesn't work
+ * [RAMPART-254] - Public getter/setter setCallbackHander/getCallbackHander mis-spelled [ hander --> handler] in SAMLTokenIssuerConfig
+ * [RAMPART-259] - SAML2TokenIssuer calls DefaultBootstrap.bootstrap() per every request and attribute call back handler not being called
+ * [RAMPART-277] - Rampart ignores token inclusion settings when using the asymmetric security binding
+ * [RAMPART-267] - div class="xleft" does not work
+ * [RAMPART-224] - Error in Rampart configuration schema
+ * [RAMPART-283] - sp:ProtectTokens Assertion Ignored w/ Transport Security Binding
+ * [RAMPART-288] - Supporting Tokens Not Encrypted When Protection Order is Sign Before Encrypting
+ * [RAMPART-300] - Rampart automaticaly tries to load an "Encryption user" if the security policy defines the use of a UsernameToken with a AsymmetricBinding
+ * [RAMPART-225] - SupportingToken UsernameToken is always encrypted
+ * [RAMPART-303] - Incorrect XML Passed to Digest Algorithm when XML Elements Belong to Empty Namespace
+ * [RAMPART-309] - Incorrect XML Passed to Digest Algorithm
+ * [RAMPART-116] - Policy Sample 04 on application scope fails with "Error in key derivation"
+ * [RAMPART-253] - TTL doesn't serialized in to saml-issuer-config from SAMLTokenIssuerConfig
+ * [RAMPART-270] - NPE in RampartMessageData
+ * [RAMPART-274] - renewing a sts token doesn't work
+ * [RAMPART-180] - Wrong NameIdentifier format
+ * [RAMPART-276] - SignedEncryptedElements can incorrectly set the namespace of child xpaths during serialization
+ * [RAMPART-293] - NPE in RampartMessageData prevents fault being returned to service consumer
+ * [RAMPART-308] - All security exceptions reported as wsse:InvalidSecurity
+ * [RAMPART-290] - NullPointerException in RampartEngine.isSecurityFault if the incoming fault message contains an invalid fault code element
+ * [RAMPART-311] - Error AxisFault: A required message part [body] is not signed.
+ * [RAMPART-239] - Axis2: Rampart module should not check the order of WS-Security header tags
+ * [RAMPART-119] - Invalid behavior when empty <sp:SignedParts/> element present in the policy
+ * [RAMPART-310] - Property 'invalidIssuerAddress' missing from error.properties
+ * [RAMPART-154] - org.apache.rahas.client.STSClient.org.apache.rahas.processIssueResponse fails if SamlAssertion is issued.
+ * [RAMPART-130] - MTOM with WS-Security
+ * [RAMPART-97 ] - interop(WSE3.0 + Rampart1.3) Signature varification failed,When request with Non-English Character
+ * [RAMPART-210] - samples/basic/sample11 does not exist in distro rampart-dist-1.4-bin.zip
+ * [RAMPART-22 ] - Exception handling in UsernameTokenProcessor.handleUsernameToken
+ * [RAMPART-111] - Rampart won't send certificate serial + issuer. Only either BinaryToken or Identity, but not always as it should
+ * [RAMPART-187] - Secure conversation clients do not work when the bootstrap policy requires Username Token
+ * [RAMPART-195] - Maven metadata are invalid in official repo preventing the use of rampart in offline mode
+ * [RAMPART-280] - renewToken() does not provide a mechanism to update the token in the token-store
+ * [RAMPART-6 ] - RAMPART : Incoming policy validation of KeyWrap Algorithm.
+ * [RAMPART-7 ] - RAMPART : Incoming policy validation of Bulk Encryption Algorithms.
+ * [RAMPART-266] - Rampart module fails validating signing certificate when security provider is Bouncy Castle
+ * [RAMPART-271] - Build failure in the rampart trunk
+ * [RAMPART-279] - NPE thrown when WS-Trust renew binding implementation
+ * [RAMPART-285] - Interoporability issues in SAML 2.0 implementation
+ * [RAMPART-306] - Rampart Configuration page of the web site should be updated with Crypto Caching configurations
+ * [RAMPART-307] - Spelling error in org.apache.rampart.builder.BindingBuilder - Method getSignatureBuider should be getSignatureBuilder
+ * [RAMPART-206] - RampartUtil.getToken() not setting parent properties on the STS service call resulting in HTTP 401 error
+
+** Improvement
+ * [RAMPART-313] - Improvements to the site axis.apache.org/axis2/java/rampart/
+ * [RAMPART-121] - Handling of KeyStores
+ * [RAMPART-25 ] - Abilty to dynamically set Encryption certificate on client
+ * [RAMPART-258] - A sample is required to demonstrate the SAML 2.0 Token issuing capability in Rampart
+ * [RAMPART-291] - Possible improvements to SAML2TokenIssuer
+ * [RAMPART-265] - Incorrect version references in Rampart 1.4
+
+Release 1.5 01 Feb 2010
+=======================
** Bug
* [RAMPART-189] - WS-Security rampart uses wrong token in service response
diff --git a/release-docs/NOTICE.txt b/release-docs/NOTICE.txt
index 77d3370..323c4b2 100644
--- a/release-docs/NOTICE.txt
+++ b/release-docs/NOTICE.txt
@@ -1,12 +1,9 @@
- =========================================================================
- == NOTICE file corresponding to the section 4 d of ==
- == the Apache License, Version 2.0, ==
- == in this case for the Apache Axis2 distribution. ==
- =========================================================================
+Apache Rampart
+Copyright 2010 The Apache Software Foundation
- This product includes software developed by
- The Apache Software Foundation (http://www.apache.org/).
+This product includes software developed by
+The Apache Software Foundation (http://www.apache.org/).
- Please read the different LICENSE files present in the lib directory of
- this distribution.
+Please read the different LICENSE files present in the lib directory of
+this distribution.
diff --git a/release-docs/README.txt b/release-docs/README.txt
index 36efbe0..20671f2 100644
--- a/release-docs/README.txt
+++ b/release-docs/README.txt
@@ -1,43 +1,43 @@
======================================================
-Apache Rampart-1.4 build (April 03, 2008)
+Apache Rampart-1.5.1 build (Dec 23, 2010)
-http://ws.apache.org/axis2/modules/rampart/
+http://axis.apache.org/axis2/java/rampart
------------------------------------------------------
-___________________
-Contents
-===================
+_______________________________
+Contents of Binary Distribution
+===============================
lib - This directory contains all the libraries required by rampart
in addition to the libraries available in the axis2 standard binary
release.
-rampart-1.4.mar - WS-Security and WS-SecureConversation support for Axis2
-rahas-1.4.mar - STS module - to be used to add STS operations to a service
+rampart-1.5.1.mar - WS-Security and WS-SecureConversation support for Axis2
+rahas-1.5.1.mar - STS module - to be used to add STS operations to a service
samples - This contains samples on using Apache Rampart and configuring
different components to carryout different WS-Sec* operations.
README.txt - This file
-build.xml - Setup file to copy all jars to required places
-
-____________
-Installation
-============
-
-Using Ant
----------
-Run ant script on extracted binary distribution and it will copy the required files to Axis2. You have to set the AXIS2_HOME system variable to point to your Axis2 binary distribution.
-
-Manual Installation
--------------------
-You can copy the required libraries and module files manually. You need copy all the libraries in the lib directory of Rampart binary distribution to Axis2 lib directory and all the module files to in the modules directory of Rampart binary distribution to Axis2 modules directory.
-
-Axis2 lib directory – AXIS2_HOME/lib (Standard binary distribution ) or axis2/WEB-INF/lib (WAR)
+build.xml - Setup file to copy all jars to required places
+____________
+Installation
+============
+
+Using Ant
+---------
+Run ant script on extracted binary distribution and it will copy the required files to Axis2. You have to set the AXIS2_HOME system variable to point to your Axis2 binary distribution.
+
+Manual Installation
+-------------------
+You can copy the required libraries and module files manually. You need copy all the libraries in the lib directory of Rampart binary distribution to Axis2 lib directory and all the module files to in the modules directory of Rampart binary distribution to Axis2 modules directory.
+
+Axis2 lib directory – AXIS2_HOME/lib (Standard binary distribution ) or axis2/WEB-INF/lib (WAR)
+
+Axis2 modules directory – AXIS2_HOME/repository/modules (Standard binary distribution ) or axis2/WEB-INF/modules (WAR)
-Axis2 modules directory – AXIS2_HOME/repository/modules (Standard binary distribution ) or axis2/WEB-INF/modules (WAR)
IMPORTANT:
Before you build rampart from source distribution, you need provision for
@@ -120,7 +120,7 @@ Any problem with this release can be reported to Rampart mailing list
or in the JIRA issue tracker.
Mailing list subscription:
- rampart-dev-subscribe@ws.apache.org
+ java-dev-subscribe@axis.apache.org
Jira:
http://issues.apache.org/jira/browse/RAMPART
diff --git a/release-docs/release-notes.html b/release-docs/release-notes.html
index f368304..ea5f07d 100644
--- a/release-docs/release-notes.html
+++ b/release-docs/release-notes.html
@@ -12,30 +12,30 @@
<body>
<h1>Apache Rampart Release Notes</h1>
-<p>This is the 1.2 release of Apache Rampart.</p>
+<p>This is the 1.5.1 release of Apache Rampart.</p>
-<p>Apache Rampart 1.2 is a toolkit that provides implementations of the WS-Sec*
-specifications for Apache Axis 1.2, based on Apache WSS4J 1.5.2 and
-the Apache AXIOM-DOOM 1.2.4 implementation.</p>
+<p>Apache Rampart 1.5.1 is a toolkit that provides implementations of the WS-Sec*
+specifications for Apache Axis2 1.5.1, based on Apache WSS4J 1.5.10 and
+the Apache AXIOM-DOOM 1.2.10 implementation.</p>
<b>What is in this release</b>
<p>There are two main Apache Axis2 modules provided with this release.</p>
<ul>
-<li>rampart-1.2.mar</li>
+<li>rampart-1.5.1.mar</li>
This provides support for WS-Security and WS-SecureConversation features.
-<li>rahas-1.2.mar</li>
+<li>rahas-1.5.1.mar</li>
This module provides the necessary components to enable SecurityTokenService
functionality on a service.
</ul>
-<p>Apache Rampart 1.2 uses a configuration model based on WS-Policy
+<p>Apache Rampart 1.5.1 uses a configuration model based on WS-Policy
and WS-Security Policy and it is important to note that Apache Rampart 1.0 style
configuration is also available even though being marked as deprecated.
</p>
-<p>Apache Rampart 1.2 can be successfully used with the next Apache Sandesha2
-release targeted towards Apache Axis2 1.2 to configure
+<p>Apache Rampart 1.5.1 can be successfully used with the next Apache Sandesha2 1.4
+release targeted towards Apache Axis2 1.5.4 to configure
WS-SecureConversation + WS-ReliableMessaging scenarios.</p>
<p>
The rampart module was successfully tested for interoperability with other
@@ -48,7 +48,9 @@ WS-Security implementations.</p>
<li>WS - Secure Conversation - February 2005</li>
<li>WS - Security Policy - 1.1 - July 2005</li>
<li>WS - Trust - February 2005</li>
-<li>WS - Trust - WS-SX spec - EXPERIMENTAL </li>
+<li>WS - Trust - WS-SX specification</li>
+<li>SAML Specification - 1.1 </li>
+<li>SAML Specification - 2.0 </li>
</ul>
@@ -58,17 +60,7 @@ WS-Security implementations.</p>
<p></p>
-<p>Apache Rampart team</p>
-
-<p></p>
-
-<p></p>
-
-<p></p>
-
-<p></p>
-
-<p></p>
+<p>Apache Rampart Team</p>
<p></p>
</body>