You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by na...@apache.org on 2008/02/12 08:14:12 UTC
svn commit: r620714 - in
/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart:
RampartEngine.java RampartMessageData.java
handler/PostDispatchVerificationHandler.java
Author: nandana
Date: Mon Feb 11 23:14:10 2008
New Revision: 620714
URL: http://svn.apache.org/viewvc?rev=620714&view=rev
Log:
Fixing issue http://issues.apache.org/jira/browse/RAMPART-140.
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/handler/PostDispatchVerificationHandler.java
Modified: webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java?rev=620714&r1=620713&r2=620714&view=diff
==============================================================================
--- webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java (original)
+++ webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java Mon Feb 11 23:14:10 2008
@@ -71,10 +71,13 @@
RampartMessageData rmd = new RampartMessageData(msgCtx, false);
- //If there is no policy information or if the message is a security fault or no security
- // header required by the policy
RampartPolicyData rpd = rmd.getPolicyData();
- if(rpd == null || isSecurityFault(rmd) || !RampartUtil.isSecHeaderRequired(rmd)) {
+
+ msgCtx.setProperty(RampartMessageData.RAMPART_POLICY_DATA, rpd);
+
+ //If there is no policy information or if the message is a security fault or no security
+ // header required by the policy
+ if(rpd == null || isSecurityFault(rmd) || !RampartUtil.isSecHeaderRequired(rpd,rmd.isInitiator())) {
SOAPEnvelope env = Axis2Util.getSOAPEnvelopeFromDOMDocument(rmd.getDocument(), true);
//Convert back to llom since the inflow cannot use llom
@@ -154,39 +157,39 @@
t1 = System.currentTimeMillis();
}
- //Store symm tokens
- //Pick the first SAML token
- //TODO : This is a hack , MUST FIX
- //get the sec context id from the req msg ctx
-
- for (int j = 0; j < results.size(); j++) {
- WSSecurityEngineResult wser = (WSSecurityEngineResult) results.get(j);
- final Integer actInt =
- (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
- if(WSConstants.ST_UNSIGNED == actInt.intValue()) {
- final SAMLAssertion assertion =
- ((SAMLAssertion) wser
- .get(WSSecurityEngineResult.TAG_SAML_ASSERTION));
- String id = assertion.getId();
- Date created = assertion.getNotBefore();
- Date expires = assertion.getNotOnOrAfter();
- SAMLKeyInfo samlKi = SAMLUtil.getSAMLKeyInfo(assertion,
- signatureCrypto, tokenCallbackHandler);
- try {
- TokenStorage store = rmd.getTokenStorage();
- if(store.getToken(id) == null) {
- Token token = new Token(id, (OMElement)assertion.toDOM(), created, expires);
- token.setSecret(samlKi.getSecret());
- store.add(token);
+ //Store symm tokens
+ //Pick the first SAML token
+ //TODO : This is a hack , MUST FIX
+ //get the sec context id from the req msg ctx
+
+ for (int j = 0; j < results.size(); j++) {
+ WSSecurityEngineResult wser = (WSSecurityEngineResult) results.get(j);
+ final Integer actInt =
+ (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
+ if(WSConstants.ST_UNSIGNED == actInt.intValue()) {
+ final SAMLAssertion assertion =
+ ((SAMLAssertion) wser
+ .get(WSSecurityEngineResult.TAG_SAML_ASSERTION));
+ String id = assertion.getId();
+ Date created = assertion.getNotBefore();
+ Date expires = assertion.getNotOnOrAfter();
+ SAMLKeyInfo samlKi = SAMLUtil.getSAMLKeyInfo(assertion,
+ signatureCrypto, tokenCallbackHandler);
+ try {
+ TokenStorage store = rmd.getTokenStorage();
+ if(store.getToken(id) == null) {
+ Token token = new Token(id, (OMElement)assertion.toDOM(), created, expires);
+ token.setSecret(samlKi.getSecret());
+ store.add(token);
+ }
+ } catch (Exception e) {
+ throw new RampartException(
+ "errorInAddingTokenIntoStore", e);
+ }
+
}
- } catch (Exception e) {
- throw new RampartException(
- "errorInAddingTokenIntoStore", e);
+
}
-
- }
-
- }
SOAPEnvelope env = Axis2Util.getSOAPEnvelopeFromDOMDocument(rmd.getDocument(), true);
Modified: webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java?rev=620714&r1=620713&r2=620714&view=diff
==============================================================================
--- webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java (original)
+++ webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java Mon Feb 11 23:14:10 2008
@@ -63,6 +63,11 @@
public final static String KEY_RAMPART_POLICY = "rampartPolicy";
/**
+ * Key to hold the populated RampartPolicyData object
+ */
+ public final static String RAMPART_POLICY_DATA = "rampartPolicyData";
+
+ /**
* Key to hold the custom issued token identifier
*/
public final static String KEY_CUSTOM_ISSUED_TOKEN = "customIssuedToken";
@@ -72,7 +77,7 @@
*/
public final static String KEY_WST_VERSION = "wstVersion";
- private final String PARAM_CLIENT_SIDE = "CLIENT_SIDE";
+ public final static String PARAM_CLIENT_SIDE = "CLIENT_SIDE";
/**
* Key to hold the WS-SecConv version
Modified: webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/handler/PostDispatchVerificationHandler.java
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/handler/PostDispatchVerificationHandler.java?rev=620714&r1=620713&r2=620714&view=diff
==============================================================================
--- webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/handler/PostDispatchVerificationHandler.java (original)
+++ webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/handler/PostDispatchVerificationHandler.java Mon Feb 11 23:14:10 2008
@@ -26,8 +26,11 @@
import org.apache.neethi.Policy;
import org.apache.neethi.PolicyEngine;
import org.apache.rampart.RampartMessageData;
+import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.util.HandlerParameterDecoder;
+import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.model.Binding;
+import org.apache.ws.secpolicy.model.SupportingToken;
import org.apache.ws.security.handler.WSHandlerConstants;
import java.util.Iterator;
@@ -121,15 +124,40 @@
//Check for any *Binding assertion
if (assertion instanceof Binding) {
securityPolicyPresent = true;
+ break;
+ // There can be security policies containing only supporting tokens
+ } else if (assertion instanceof SupportingToken) {
+ securityPolicyPresent = true;
+ break;
}
}
}
-
- //Now check for security processing results if security policy is available
- if(securityPolicyPresent && msgContext.getProperty(WSHandlerConstants.RECV_RESULTS) == null) {
- throw new AxisFault("InvalidSecurity");
- }
+
+
+ if (securityPolicyPresent) {
+ RampartPolicyData rpd = (RampartPolicyData)msgContext.
+ getProperty(RampartMessageData.RAMPART_POLICY_DATA);
+ // Security policy data has not been populated at the time of verification
+ if (rpd == null ) {
+ throw new AxisFault("InvalidSecurity");
+ }
+
+ boolean isInitiator = false;
+ Parameter clientSideParam = msgContext.getAxisService().
+ getParameter(RampartMessageData.PARAM_CLIENT_SIDE);
+ if(clientSideParam != null) {
+ isInitiator = true;
+ }
+
+ //Now check for security processing results if security policy is available
+ if(RampartUtil.isSecHeaderRequired(rpd,isInitiator) &&
+ msgContext.getProperty(WSHandlerConstants.RECV_RESULTS) == null) {
+ throw new AxisFault("InvalidSecurity");
+ }
+
+ }
+
//Check for an empty security processing results when parameter based
//configuration is used
if(msgContext.getParameter(WSSHandlerConstants.INFLOW_SECURITY) != null ||