You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by we...@apache.org on 2004/06/03 16:59:15 UTC
cvs commit: ws-fx/wss4j/src/org/apache/ws/axis/security WSDoAllReceiver.java WSDoAllConstants.java package.html WSDoAllSender.java
werner 2004/06/03 07:59:15
Modified: wss4j/src/org/apache/ws/axis/security WSDoAllReceiver.java
WSDoAllConstants.java package.html
WSDoAllSender.java
Log:
Insert code to provide a configurable Time-to-live for SOAP
security Timestamp (expires).
Revision Changes Path
1.13 +21 -2 ws-fx/wss4j/src/org/apache/ws/axis/security/WSDoAllReceiver.java
Index: WSDoAllReceiver.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/axis/security/WSDoAllReceiver.java,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- WSDoAllReceiver.java 2 Jun 2004 19:35:43 -0000 1.12
+++ WSDoAllReceiver.java 3 Jun 2004 14:59:15 -0000 1.13
@@ -71,8 +71,7 @@
Crypto decCrypto = null;
String decPropFile = null;
- /* TODO: Make timeToLive (receiver) configurable in the config file */
- protected int timeToLive = 60; // Timestamp: time in seconds the receiver accepts between creation and reception
+ protected int timeToLive = 300; // Timestamp: time in seconds the receiver accepts between creation and reception
/**
* Axis calls invoke to handle a message.
@@ -263,6 +262,26 @@
Timestamp timestamp = actionResult.getTimestamp();
if (timestamp != null) {
+ String ttl = null;
+ if ((ttl =
+ (String) getOption(WSDoAllConstants.TTL_TIMESTAMP))
+ == null) {
+ ttl =
+ (String) msgContext.getProperty(
+ WSDoAllConstants.TTL_TIMESTAMP);
+ }
+ int ttl_i = 0;
+ if (ttl != null) {
+ try {
+ ttl_i = Integer.parseInt(ttl);
+ } catch (NumberFormatException e) {
+ ttl_i = timeToLive;
+ }
+ }
+ if (ttl_i <= 0) {
+ ttl_i = timeToLive;
+ }
+
if (!verifyTimestamp(timestamp, timeToLive)) {
throw new AxisFault("WSDoAllReceiver: The timestamp could not be validated");
}
1.10 +28 -27 ws-fx/wss4j/src/org/apache/ws/axis/security/WSDoAllConstants.java
Index: WSDoAllConstants.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/axis/security/WSDoAllConstants.java,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- WSDoAllConstants.java 2 Jun 2004 19:35:43 -0000 1.9
+++ WSDoAllConstants.java 3 Jun 2004 14:59:15 -0000 1.10
@@ -61,26 +61,22 @@
public static final String USERNAME_TOKEN = "UsernameToken";
/**
- * Perform a SAML Token identification only.
+ * Perform a SAML Token identification.
*/
public static final String SAML_TOKEN_UNSIGNED = "SAMLTokenUnsigned";
public static final String SAML_TOKEN_SIGNED = "SAMLTokenSigned";
/**
- * Perform a Signature only.
+ * Perform Signature.
* The signature specific parameters define how to sign, which keys
* to use, and so on
*/
public static final String SIGNATURE = "Signature";
/**
- * Perform Encryption only.
+ * Perform Encryption.
* The encryption specific parameters define how to encrypt, which keys
* to use, and so on.
- * <p/>
- * NOTE: the function encrypts the whole first child <code>Element</code>
- * of the SOAP body. Encryption does not yet support tag specific
- * encryption.
*/
public static final String ENCRYPT = "Encrypt";
@@ -99,7 +95,7 @@
* Axis message context with the property name <code>SND_SECURITY</code>.
* <p/>
* A chained handler can retrieve the SOAP message and process it. The
- * last handler in the chain must set the process SOAP message as
+ * last handler in the chain must set the processed SOAP message as
* current message in Axis message context.
*
*/
@@ -350,8 +346,10 @@
org.apache.ws.security.crypto.provider
org.apache.ws.security.crypto.merlin.file
org.apache.ws.security.crypto.merlin.keystore.type
+ org.apache.ws.security.crypto.merlin.keystore.provider
org.apache.ws.security.crypto.merlin.keystore.password
- org.apache.ws.security.crypto.merlin.keystore.pwcallback
+ org.apache.ws.security.crypto.merlin.keystore.alias
+ org.apache.ws.security.crypto.merlin.cert.provider
* </pre>
* The entries are:
* <ul>
@@ -359,11 +357,9 @@
* description above
* </li>
* <li><code>org.apache.ws.security.crypto.merlin.file</code>
- * The path to the keystore file. This file is <b>not</b> loaded with a
- * classloader, thus this is either an absolute or relative path into the
- * filesystem. A relative path is always relative to the current working
- * directory. The default <code>Merlin</code> implementation uses the
- * java <code>FileInputStream</code> to open the keystore.
+ * The path to the keystore file. At first the classloader tries to load
+ * this file, if this fails the implementations performs a file system
+ * lookup.
* </li>
* <li><code>org.apache.ws.security.crypto.merlin.keystore.type</code>
* The keystore type, for example <code>JKS</code> for the Java key store.
@@ -374,18 +370,6 @@
* The password to read the keystore. If this property is not set, then
* the <code>pwcallback</code>property must be defined.
* </li>
- * <li><code>org.apache.ws.security.crypto.merlin.keystore.pwcallback
- * </code>. Defines a class that implements the
- * {@link javax.security.auth.callback.CallbackHandler} interface.
- * <p/>
- * The callback function
- * {@link javax.security.auth.callback.CallbackHandler#handle(Callback[])}
- * of this class gets an array of
- * {@link org.apache.ws.security.WSPasswordCallback} objects. Only
- * the first entry of the array is used.
- * The object contains the the string "keystore" as identifier.
- * The callback handler must set the keystore's password before it returns.
- * </li>
* </ul>
* The application may set this parameter using the following method:
* <pre>
@@ -621,8 +605,25 @@
* <code>Content</code> mode
*/
public static final String ENCRYPTION_PARTS = "encryptionParts";
-
+
+ /**
+ * The name of the SAML Issuer factory property file.
+ * The classloader loads this file. Therefore it must be accessible
+ * via the classpath.
+ */
public static final String SAML_PROP_FILE = "samlPropFile";
+
+ /**
+ * Time-To-Live is the time difference between creation and expiry time in
+ * the WSS Timestamp.
+ * The time-to-live in seconds. After this time the SOAP request is
+ * invalid (at least the security data shall be treated this way).
+ * <p/>
+ * If this parameter is not defined, contains a value less or equal
+ * zero, or an illegal format the Axis driver uses a default TTL of
+ * 300 seconds (5 minutes).
+ */
+ public static final String TTL_TIMESTAMP ="timeToLive";
/**
* Define the parameter values to set the key identifier types. These are:
1.4 +21 -56 ws-fx/wss4j/src/org/apache/ws/axis/security/package.html
Index: package.html
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/axis/security/package.html,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- package.html 8 Mar 2004 16:05:06 -0000 1.3
+++ package.html 3 Jun 2004 14:59:15 -0000 1.4
@@ -9,58 +9,20 @@
@(#)Axis handler for WSS4J
/*
- * The Apache Software License, Version 1.1
+ * Copyright 2003-2004 The Apache Software Foundation.
*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
*
- * Copyright (c) 2001-2003 The Apache Software Foundation. All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- * if any, must include the following acknowledgment:
- * "This product includes software developed by the
- * Apache Software Foundation (http://www.apache.org/)."
- * Alternately, this acknowledgment may appear in the software itself,
- * if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Axis" and "Apache Software Foundation" must
- * not be used to endorse or promote products derived from this
- * software without prior written permission. For written
- * permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- * nor may "Apache" appear in their name, without prior written
- * permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation. For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
*/
-->
</head>
@@ -73,13 +35,13 @@
The WSS4J Axis handlers <code>WSDoAllSender</code> and <code>WSDoAllReceiver
</code> control the creation and consumption of secure SOAP requests.
The handlers work behind the scenes and are usually transparent to Web Service
-applications. The Axis deployment descriptor files (*.wsdd) can contain all
+(WS) applications. The Axis deployment descriptor files (*.wsdd) may contain all
necessary information to control the security processing.
<p/>
-A Web service application can also set properties to control the handlers
+A WS application may also set properties to control the handlers
and provide default values. If the deployment descriptor sets the same
-properties (parameter) then the deployment descriptor overwrites the application
-defined properties. Thus, deployment settings overwrites application settings
+property (parameter) then the deployment descriptor overwrites the application
+defined property. Thus, deployment settings overwrite application settings
to fulfill site specific requirements.
<h3>Prerequisties</h3>
@@ -88,12 +50,15 @@
project to handle XML Security according to XML Signature and XML Encryption.
<ul>
- <li><a href="http://sourceforge.net/projects/wss4j/">WSS4J</a></li>
+ <li><a href="http://ws.apache.org/ws-fx/wss4j/index.html">WSS4J</a></li>
<li><a href="http://xml.apache.org/security/index.html">XML Security</a></li>
</ul>
+The WSS4J Axis handlers require Axis V1.2 because of some problems in previous
+Axis versions. WSS4J CVS contains the latest Axis libraries.
+
<h3>Related Documentation</h3>
-The WSS specifications define a number of features and it is possible
+The OASIS WSS specifications define a number of features and it is possible
to combine them in several ways. The WSS4J Axis handlers already support
a large number of WSS features and their combinations.
<a href="http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss">
1.18 +20 -2 ws-fx/wss4j/src/org/apache/ws/axis/security/WSDoAllSender.java
Index: WSDoAllSender.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/axis/security/WSDoAllSender.java,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- WSDoAllSender.java 2 Jun 2004 19:35:43 -0000 1.17
+++ WSDoAllSender.java 3 Jun 2004 14:59:15 -0000 1.18
@@ -108,7 +108,6 @@
X509Certificate encCert = null;
- /* TODO: Make timeToLive (sender) configurable in the config file */
protected int timeToLive = 300; // Timestamp: time in seconds the receiver accepts between creation and reception
/**
@@ -534,10 +533,29 @@
}
private void performTSAction(int actionToDo, boolean mu, Document doc) throws AxisFault {
+ String ttl = null;
+ if ((ttl =
+ (String) getOption(WSDoAllConstants.TTL_TIMESTAMP))
+ == null) {
+ ttl =
+ (String) msgContext.getProperty(
+ WSDoAllConstants.TTL_TIMESTAMP);
+ }
+ int ttl_i = 0;
+ if (ttl != null) {
+ try {
+ ttl_i = Integer.parseInt(ttl);
+ } catch (NumberFormatException e) {
+ ttl_i = timeToLive;
+ }
+ }
+ if (ttl_i <= 0) {
+ ttl_i = timeToLive;
+ }
WSAddTimestamp timeStampBuilder =
new WSAddTimestamp(actor, mu);
// add the Timestamp to the SOAP Enevelope
- timeStampBuilder.build(doc, timeToLive);
+ timeStampBuilder.build(doc, ttl_i);
}
/**