You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by jl...@apache.org on 2010/11/29 08:54:36 UTC
svn commit: r1040029 - in
/openejb/trunk/openejb3/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf:
ConfigureCxfSecurity.java WSSPassThroughInterceptor.java
Author: jlmonteiro
Date: Mon Nov 29 07:54:36 2010
New Revision: 1040029
URL: http://svn.apache.org/viewvc?rev=1040029&view=rev
Log:
OPENEJB-1405 WS Security mustUnderstand flag not treated when handlers are used
Added:
openejb/trunk/openejb3/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/WSSPassThroughInterceptor.java
Modified:
openejb/trunk/openejb3/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/ConfigureCxfSecurity.java
Modified: openejb/trunk/openejb3/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/ConfigureCxfSecurity.java
URL: http://svn.apache.org/viewvc/openejb/trunk/openejb3/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/ConfigureCxfSecurity.java?rev=1040029&r1=1040028&r2=1040029&view=diff
==============================================================================
--- openejb/trunk/openejb3/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/ConfigureCxfSecurity.java (original)
+++ openejb/trunk/openejb3/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/ConfigureCxfSecurity.java Mon Nov 29 07:54:36 2010
@@ -29,7 +29,7 @@ import org.apache.ws.security.handler.WS
/**
* Helper class to extract WSS4J properties from a set of properties. More over,
- * it configures In and Out interceptor to manage WS6Security.
+ * it configures In and Out interceptor to manage WS-Security.
*
*/
public class ConfigureCxfSecurity {
@@ -65,6 +65,10 @@ public class ConfigureCxfSecurity {
if (null != inProps && !inProps.isEmpty()) {
endpoint.getInInterceptors().add(new SAAJInInterceptor());
endpoint.getInInterceptors().add(new WSS4JInInterceptor(inProps));
+
+ // if WS Security is used with a JAX-WS handler (See EjbInterceptor), we have to deal with mustUnderstand flag
+ // in WS Security headers. So, let's add an interceptor
+ endpoint.getInInterceptors().add(new WSSPassThroughInterceptor());
}
if (null != outProps && !outProps.isEmpty()) {
Added: openejb/trunk/openejb3/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/WSSPassThroughInterceptor.java
URL: http://svn.apache.org/viewvc/openejb/trunk/openejb3/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/WSSPassThroughInterceptor.java?rev=1040029&view=auto
==============================================================================
--- openejb/trunk/openejb3/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/WSSPassThroughInterceptor.java (added)
+++ openejb/trunk/openejb3/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/WSSPassThroughInterceptor.java Mon Nov 29 07:54:36 2010
@@ -0,0 +1,65 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.openejb.server.cxf;
+
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor;
+import org.apache.cxf.phase.Phase;
+import org.apache.ws.security.WSConstants;
+
+import javax.xml.namespace.QName;
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * When using JAX-WS Handler, the {@link org.apache.openejb.server.cxf.ejb.EjbInterceptor}
+ * adds the {@link org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor}. OpenEJB now supports
+ * WS Security out of the box, so it must indicates WS Security headers have been treated. That is simply done
+ * using that fake interceptor.
+ *
+ * $Id$
+ */
+public class WSSPassThroughInterceptor extends AbstractSoapInterceptor {
+ private static final Set<QName> HEADERS = new HashSet<QName>();
+ static {
+ HEADERS.add(new QName(WSConstants.WSSE_NS, WSConstants.WSSE_LN));
+ HEADERS.add(new QName(WSConstants.WSSE11_NS, WSConstants.WSSE_LN));
+ HEADERS.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_DATA_LN));
+ }
+
+ public WSSPassThroughInterceptor() {
+ super(Phase.PRE_PROTOCOL);
+ }
+
+ public WSSPassThroughInterceptor(String phase) {
+ super(phase);
+ }
+
+ @Override
+ public Set<QName> getUnderstoodHeaders() {
+ return HEADERS;
+ }
+
+ public void handleMessage(SoapMessage soapMessage) {
+ // do nothing
+
+ // this interceptor simply returns all WS-Security headers in its getUnderstoodHeaders()
+ // method, so that CXF does not complain that they have not been "processed"
+ // this is useful if you only need to look at the non-encrypted XML
+ }
+
+}