You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by ru...@apache.org on 2006/04/26 16:39:23 UTC
svn commit: r397204 - in
/webservices/axis2/trunk/java/modules/security/src/org/apache:
axis2/security/ axis2/security/rahas/ ws/security/policy/
ws/security/policy/parser/ ws/security/policy/parser/processors/
Author: ruchithf
Date: Wed Apr 26 07:39:21 2006
New Revision: 397204
URL: http://svn.apache.org/viewcvs?rev=397204&view=rev
Log:
- supporting a simple transport binding with includeTimestamp policy only
- few modifications to the experimental policy processing code in the security module
Added:
webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/processors/TransportBindingProcessor.java
Modified:
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/SecurityModule.java
webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/STSRequester.java
webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/WSS4JConfigBuilder.java
webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/WSSPolicyProcessor.java
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/SecurityModule.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/SecurityModule.java?rev=397204&r1=397203&r2=397204&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/SecurityModule.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/SecurityModule.java Wed Apr 26 07:39:21 2006
@@ -22,6 +22,7 @@
import org.apache.axis2.description.AxisModule;
import org.apache.axis2.description.AxisOperation;
import org.apache.axis2.description.Parameter;
+import org.apache.axis2.engine.AxisConfiguration;
import org.apache.axis2.modules.Module;
import org.apache.axis2.security.handler.WSSHandlerConstants;
import org.apache.axis2.security.handler.config.InflowConfiguration;
@@ -65,7 +66,7 @@
}
}
- public void shutdown(ConfigurationContext configurationContext) throws AxisFault {
+ public void shutdown(AxisConfiguration axisSystem) throws AxisFault {
// Do nothing
}
@@ -74,8 +75,8 @@
OutflowConfiguration policyOutflowConfig,
AxisDescription axisDescription) throws AxisFault {
// merge inflow configuration
- Parameter inflowModuleParam = module
- .getParameter(WSSHandlerConstants.INFLOW_SECURITY);
+ Parameter inflowModuleParam = (module != null) ? module
+ .getParameter(WSSHandlerConstants.INFLOW_SECURITY): null;
InflowConfiguration moduleInflowConfig = HandlerParameterDecoder
.getInflowConfiguration(inflowModuleParam);
@@ -91,8 +92,8 @@
axisDescription.addParameter(finalInConf.getProperty());
// merge outflow configuration
- Parameter outfloModuleParam = module
- .getParameter(WSSHandlerConstants.OUTFLOW_SECURITY);
+ Parameter outfloModuleParam = (module != null) ? module
+ .getParameter(WSSHandlerConstants.OUTFLOW_SECURITY) : null;
OutflowConfiguration moduleOutflowConfig = HandlerParameterDecoder
.getOutflowConfiguration(outfloModuleParam);
Parameter outflowSecParam = axisDescription
@@ -154,4 +155,10 @@
}
return secondryConf;
}
+
+ /* (non-Javadoc)
+ * @see org.apache.axis2.modules.Module#shutdown(org.apache.axis2.context.ConfigurationContext)
+ */
+ public void shutdown(ConfigurationContext configurationContext) throws AxisFault {
+ }
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/STSRequester.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/STSRequester.java?rev=397204&r1=397203&r2=397204&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/STSRequester.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/rahas/STSRequester.java Wed Apr 26 07:39:21 2006
@@ -30,9 +30,12 @@
import org.apache.axis2.description.Parameter;
import org.apache.axis2.security.handler.WSSHandlerConstants;
import org.apache.axis2.security.trust.Constants;
+import org.apache.axis2.security.trust.TrustUtil;
import org.apache.axis2.security.trust.types.RequestSecurityTokenType;
import org.apache.axis2.security.util.Axis2Util;
+import org.apache.axis2.util.Base64;
import org.apache.axis2.util.StreamWrapper;
+import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Element;
import javax.xml.namespace.QName;
@@ -89,24 +92,23 @@
rstElem.build();
rstElem = (OMElement)rstElem.detach();
+ if(config.isProvideEntropy()) {
+ //TODO Option to get the nonce lenght and
+ //keysize from the the configuration
+
+ // Length of nonce in bytes
+ int nonceLength = 16;
-// if(config.isProvideEntropy()) {
-// //TODO Option to get the nonce lenght and
-// //keysize from the the configuration
-//
-// // Length of nonce in bytes
-// int nonceLength = 16;
-//
-// OMElement entropyElem = TrustUtil.createEntropyElement(rstElem);
-//
-// byte[] nonce = WSSecurityUtil.generateNonce(nonceLength);
-// OMElement elem = TrustUtil.createBinarySecretElement(entropyElem,
-// Constants.BIN_SEC_TYPE_NONCE);
-// elem.setText(Base64.encode(nonce));
-//
-// TrustUtil.createKeySizeElement(rstElem).setText(
-// Integer.toString(nonceLength * 8));
-// }
+ OMElement entropyElem = TrustUtil.createEntropyElement(rstElem);
+
+ byte[] nonce = WSSecurityUtil.generateNonce(nonceLength);
+ OMElement elem = TrustUtil.createBinarySecretElement(entropyElem,
+ Constants.BIN_SEC_TYPE_NONCE);
+ elem.setText(Base64.encode(nonce));
+
+ TrustUtil.createKeySizeElement(rstElem).setText(
+ Integer.toString(nonceLength * 8));
+ }
String str = rstElem.toString();
System.out.println(str);
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/WSS4JConfigBuilder.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/WSS4JConfigBuilder.java?rev=397204&r1=397203&r2=397204&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/WSS4JConfigBuilder.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/WSS4JConfigBuilder.java Wed Apr 26 07:39:21 2006
@@ -60,10 +60,17 @@
}
private static void finalizeConfig(WSS4JConfig config) throws WSSPolicyException{
+
+ config.getInflowConfiguration().setEnableSignatureConfirmation(false);
+ config.getOutflowConfiguration().setEnableSignatureConfirmation(false);
+
if(config.binding != null) {
if(config.binding instanceof TransportBinding) {
- //TODO TransportBinding
- throw new UnsupportedOperationException("TODO TransportBinding");
+ TransportBinding binding = (TransportBinding)config.binding;
+ if(binding.isIncludeTimestamp()) {
+ config.getInflowConfiguration().setActionItems("Timestamp");
+ config.getOutflowConfiguration().setActionItems("Timestamp");
+ }
} else {
//Handle common properties from SymmetricAsymmetricBindingBase
SymmetricAsymmetricBindingBase base = (SymmetricAsymmetricBindingBase) config.binding;
@@ -148,7 +155,8 @@
}
if(config.supportingToken != null) {
- if(config.supportingToken.getType() == Constants.SUPPORTING_TOKEN_SUPPORTING) {
+ if(config.supportingToken.getType() == Constants.SUPPORTING_TOKEN_SUPPORTING ||
+ config.supportingToken.getType() == Constants.SUPPORTING_TOKEN_SIGNED) {
ArrayList tokens = config.supportingToken.getTokens();
Iterator tokensIter = tokens.iterator();
while (tokensIter.hasNext()) {
@@ -158,7 +166,7 @@
if(items == null || items.length() == 0) {
config.getInflowConfiguration().setActionItems("UsernameToken");
} else {
- items += "UsernameToken";
+ items = "UsernameToken " + items;
config.getInflowConfiguration().setActionItems(items);
}
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/WSSPolicyProcessor.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/WSSPolicyProcessor.java?rev=397204&r1=397203&r2=397204&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/WSSPolicyProcessor.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/WSSPolicyProcessor.java Wed Apr 26 07:39:21 2006
@@ -37,6 +37,7 @@
import org.apache.ws.security.policy.parser.processors.SignedSupportingTokensProcessor;
import org.apache.ws.security.policy.parser.processors.SupportingTokensProcessor;
import org.apache.ws.security.policy.parser.processors.SymmetricBindingProcessor;
+import org.apache.ws.security.policy.parser.processors.TransportBindingProcessor;
import org.apache.ws.security.policy.parser.processors.Wss10Processor;
import org.apache.ws.security.policy.parser.processors.Wss11Processor;
@@ -97,6 +98,10 @@
spt.setProcessTokenMethod(new SymmetricBindingProcessor());
topLevel.setChildToken(spt);
+ spt = SecurityPolicy.transportBinding.copy();
+ spt.setProcessTokenMethod(new TransportBindingProcessor());
+ topLevel.setChildToken(spt);
+
spt = SecurityPolicy.wss10.copy();
spt.setProcessTokenMethod(new Wss10Processor());
topLevel.setChildToken(spt);
Added: webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/processors/TransportBindingProcessor.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/processors/TransportBindingProcessor.java?rev=397204&view=auto
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/processors/TransportBindingProcessor.java (added)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/processors/TransportBindingProcessor.java Wed Apr 26 07:39:21 2006
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.security.policy.parser.processors;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ws.security.policy.model.Binding;
+import org.apache.ws.security.policy.parser.SecurityPolicy;
+import org.apache.ws.security.policy.parser.SecurityPolicyToken;
+import org.apache.ws.security.policy.parser.SecurityProcessorContext;
+import org.apache.ws.security.processor.TimestampProcessor;
+
+public class TransportBindingProcessor {
+
+ private Log log = LogFactory.getLog(getClass());
+
+ private boolean initializedSymmetricBinding = false;
+
+ private void initializeTransportBinding(SecurityPolicyToken spt)
+ throws NoSuchMethodException {
+
+ SecurityPolicyToken tmpSpt = SecurityPolicy.includeTimestamp.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ }
+
+ public Object doTransportBinding(SecurityProcessorContext spc) {
+ log.debug("Processing "
+ + spc.readCurrentSecurityToken().getTokenName() + ": "
+ + SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ SecurityPolicyToken spt = spc.readCurrentSecurityToken();
+
+ switch (spc.getAction()) {
+
+ case SecurityProcessorContext.START:
+ if (!initializedSymmetricBinding) {
+ try {
+ initializeTransportBinding(spt);
+ initializedSymmetricBinding = true;
+ } catch (NoSuchMethodException e) {
+ log.error(e.getMessage(), e);
+ return new Boolean(false);
+ }
+ }
+ break;
+ case SecurityProcessorContext.COMMIT:
+ break;
+ case SecurityProcessorContext.ABORT:
+ break;
+ }
+ return new Boolean(true);
+ }
+
+ public Object doIncludeTimestamp(SecurityProcessorContext spc) {
+ log.debug("Processing "
+ + spc.readCurrentSecurityToken().getTokenName() + ": "
+ + SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ if(spc.getAction() == SecurityProcessorContext.START) {
+ ((Binding)spc.readCurrentPolicyEngineData()).setIncludeTimestamp(true);
+ }
+ return new Boolean(true);
+ }
+}