You are viewing a plain text version of this content. The canonical link for it is here.
Posted to axis-cvs@ws.apache.org by ru...@apache.org on 2006/09/09 13:31:43 UTC
svn commit: r441781 - in /webservices/axis2/trunk/java/modules:
rahas/test/org/apache/rahas/ security/src/org/apache/rampart/
security/src/org/apache/rampart/policy/
Author: ruchithf
Date: Sat Sep 9 04:31:42 2006
New Revision: 441781
URL: http://svn.apache.org/viewvc?view=rev&rev=441781
Log:
Updated MessageBuilder
- to get processed policy from the config context if available
- to move general token acquisition code into methods within MessageBuilder
Fixed SimpleTokenStoreTest
Modified:
webservices/axis2/trunk/java/modules/rahas/test/org/apache/rahas/SimpleTokenStoreTest.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartMessageData.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/RampartPolicyData.java
Modified: webservices/axis2/trunk/java/modules/rahas/test/org/apache/rahas/SimpleTokenStoreTest.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/test/org/apache/rahas/SimpleTokenStoreTest.java?view=diff&rev=441781&r1=441780&r2=441781
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/test/org/apache/rahas/SimpleTokenStoreTest.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/test/org/apache/rahas/SimpleTokenStoreTest.java Sat Sep 9 04:31:42 2006
@@ -101,8 +101,8 @@
Token token3 = getTestToken("id-3", new Date(System.currentTimeMillis() + 10000));
Token token4 = getTestToken("id-4", new Date(System.currentTimeMillis() + 10000));
Token token5 = getTestToken("id-5", new Date(System.currentTimeMillis() + 10000));
- Token token6 = getTestToken("id-6");
- Token token7 = getTestToken("id-7");
+ Token token6 = getTestToken("id-6", new Date(System.currentTimeMillis() + 10000));
+ Token token7 = getTestToken("id-7", new Date(System.currentTimeMillis() + 10000));
token1.setState(Token.ISSUED);
token2.setState(Token.ISSUED);
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java?view=diff&rev=441781&r1=441780&r2=441781
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java Sat Sep 9 04:31:42 2006
@@ -18,6 +18,7 @@
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl;
+import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.description.Parameter;
import org.apache.commons.logging.Log;
@@ -36,12 +37,11 @@
import org.apache.ws.secpolicy.WSSPolicyException;
import org.apache.ws.secpolicy.model.IssuedToken;
import org.apache.ws.secpolicy.model.SecureConversationToken;
+import org.apache.ws.secpolicy.model.SupportingToken;
import org.apache.ws.secpolicy.model.Token;
import org.apache.ws.security.SOAPConstants;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.conversation.ConversationConstants;
-import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.message.WSSecHeader;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
@@ -49,6 +49,8 @@
import javax.security.auth.callback.CallbackHandler;
import java.io.ByteArrayInputStream;
+import java.util.ArrayList;
+import java.util.Iterator;
import java.util.List;
public class MessageBuilder {
@@ -56,7 +58,7 @@
private static Log log = LogFactory.getLog(MessageBuilder.class);
public void build(MessageContext msgCtx) throws WSSPolicyException,
- RampartException, WSSecurityException {
+ RampartException, WSSecurityException, AxisFault {
DocumentBuilderFactoryImpl.setDOOMRequired(true);
@@ -71,9 +73,9 @@
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
-
+
RampartMessageData rmd = new RampartMessageData(msgCtx, doc);
-
+
Policy policy = null;
/*
* When creating the RampartMessageData instance we
@@ -84,24 +86,32 @@
if(msgCtx.isServerSide()) {
String policyXml = msgCtx.getEffectivePolicy().toString();
policy = PolicyEngine.getPolicy(new ByteArrayInputStream(policyXml.getBytes()));
+
} else {
Parameter param = msgCtx.getParameter(RampartMessageData.KEY_RAMPART_POLICY);
OMElement policyElem = param.getParameterElement().getFirstElement();
policy = PolicyEngine.getPolicy(policyElem);
}
+
+ //Set the policy in the config ctx
+ msgCtx.getConfigurationContext().setProperty(
+ RampartMessageData.getPolicyKey(msgCtx), policy);
+
+ //Set the service policy
+ rmd.setServicePolicy(policy);
}
-
- List it = (List)policy.getAlternatives().next();
+ List it = (List)rmd.getServicePolicy().getAlternatives().next();
RampartPolicyData policyData = RampartPolicyBuilder.build(it);
-
rmd.setPolicyData(policyData);
rmd.setSecHeader(secHeader);
processEnvelope(msgCtx, rmd);
}
+
+
private void processEnvelope(MessageContext msgCtx, RampartMessageData rmd)
throws RampartException, WSSecurityException {
@@ -118,7 +128,23 @@
}
- if(rpd.isSymmetricBinding()) {
+ initializeTokens(rmd);
+
+ //Nothing to do to handle the other bindings
+
+ }
+
+ /**
+ * Setup the required tokens
+ * @param rmd
+ * @param rpd
+ * @throws RampartException
+ */
+ private void initializeTokens(RampartMessageData rmd) throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ if(rpd.isSymmetricBinding() && !rmd.getMsgContext().isServerSide()) {
log.debug("Procesing symmentric binding: " +
"Setting up encryption token and signature token");
//Setting up encryption token and signature token
@@ -136,23 +162,9 @@
try {
- String action = TrustUtil.getActionValue(rmd
- .getWstVersion(),
- RahasConstants.RST_ACTON_ISSUE);
-
- // Get sts epr
- String issuerEprAddress = RampartUtil
- .processIssuerAddress(issuedToken
- .getIssuerEpr());
-
- OMElement rstTemplate = issuedToken.getRstTemplate();
-
- String id = this.getToken(rmd, rstTemplate,
- issuerEprAddress, action);
-
- log.debug("Issued token obtained: id=" + id);
-
+ String id = this.getIssuedToken(rmd, issuedToken);
rmd.setIssuedSignatureTokenId(id);
+
} catch (TrustException e) {
throw new RampartException(e.getMessage(), e);
}
@@ -173,28 +185,8 @@
try {
- String action = TrustUtil.getActionValue(
- rmd.getWstVersion(),
- RahasConstants.RST_ACTON_SCT);
-
- // Get sts epr
- String issuerEprAddress = RampartUtil
- .processIssuerAddress(secConvTok.getIssuerEpr());
-
- //Find SC version
- int conversationVersion = rmd.getSecConvVersion();
-
- OMElement rstTemplate = RampartUtil.createRSTTempalteForSCT(
- conversationVersion,
- rmd.getWstVersion());
-
- String id = this.getToken(rmd, rstTemplate,
- issuerEprAddress, action);
-
- log.debug("SecureConversationToken obtained: id=" + id);
-
+ String id = getSecConvToken(rmd, secConvTok);
rmd.setSecConvTokenId(id);
-
} catch (TrustException e) {
throw new RampartException(e.getMessage(), e);
@@ -225,44 +217,120 @@
try {
- String action = TrustUtil.getActionValue(rmd
- .getWstVersion(),
- RahasConstants.RST_ACTON_ISSUE);
-
- // Get sts epr
- String issuerEprAddress = RampartUtil
- .processIssuerAddress(issuedToken
- .getIssuerEpr());
-
- OMElement rstTemplate = issuedToken.getRstTemplate();
-
- String id = this.getToken(rmd, rstTemplate,
- issuerEprAddress, action);
-
- log.debug("Issued token obtained: id=" + id);
-
+ String id = this.getIssuedToken(rmd, issuedToken);
rmd.setIssuedEncryptionTokenId(id);
+
} catch (TrustException e) {
throw new RampartException(e.getMessage(), e);
}
-
-
}
}
-
- } else if(rpd.isTransportBinding()) {
- //TODO: Handle transport binding
-
+ }
+
+
+ //TODO : Support processing IssuedToken and SecConvToken assertoins
+ //in supporting tokens, right now we only support UsernameTokens and
+ //X.509 Tokens
+ }
+
+
+ /**
+ * Obtain a security context token.
+ * @param rmd
+ * @param secConvTok
+ * @return
+ * @throws TrustException
+ * @throws RampartException
+ */
+ private String getSecConvToken(RampartMessageData rmd, SecureConversationToken secConvTok) throws TrustException, RampartException {
+ String action = TrustUtil.getActionValue(
+ rmd.getWstVersion(),
+ RahasConstants.RST_ACTON_SCT);
+
+ // Get sts epr
+ String issuerEprAddress = RampartUtil
+ .processIssuerAddress(secConvTok.getIssuerEpr());
+
+ //Find SC version
+ int conversationVersion = rmd.getSecConvVersion();
+
+ OMElement rstTemplate = RampartUtil.createRSTTempalteForSCT(
+ conversationVersion,
+ rmd.getWstVersion());
+
+ //Check to see whether there's a specific issuer
+ Policy stsPolicy = null;
+ if(issuerEprAddress.equals(rmd.getMsgContext().getOptions().getTo().getAddress())) {
+ log.debug("Issuer address is the same as service " +
+ "address");
+ stsPolicy = rmd.getServicePolicy();
} else {
- //TODO Setup InitiatorToken and receipientToken
-
+ //Try boot strap policy
+ Policy bsPol = secConvTok.getBootstrapPolicy();
+ if(bsPol != null) {
+ log.debug("BootstrapPolicy found");
+ stsPolicy = bsPol;
+ } else {
+ //No bootstrap policy
+ //Use issuer policy specified in rampart config
+ log.debug("No bootstrap policy, using issuer" +
+ " policy specified in rampart config");
+ rmd.getPolicyData().getRampartConfig().getTokenIssuerPolicy();
+ }
}
+
+ String id = this.getToken(rmd, rstTemplate,
+ issuerEprAddress, action, stsPolicy);
+
+ log.debug("SecureConversationToken obtained: id=" + id);
+ return id;
+ }
+
+ /**
+ * Obtain an issued token.
+ * @param rmd
+ * @param issuedToken
+ * @return
+ * @throws TrustException
+ * @throws RampartException
+ */
+ private String getIssuedToken(RampartMessageData rmd,
+ IssuedToken issuedToken) throws TrustException, RampartException {
+
+ String action = TrustUtil.getActionValue(rmd.getWstVersion(),
+ RahasConstants.RST_ACTON_ISSUE);
+
+ // Get sts epr
+ String issuerEprAddress = RampartUtil.processIssuerAddress(issuedToken
+ .getIssuerEpr());
+
+ OMElement rstTemplate = issuedToken.getRstTemplate();
+
+ // Get STS policy
+ Policy stsPolicy = rmd.getPolicyData().getRampartConfig()
+ .getTokenIssuerPolicy();
+
+ String id = this.getToken(rmd, rstTemplate, issuerEprAddress, action,
+ stsPolicy);
+
+ log.debug("Issued token obtained: id=" + id);
+ return id;
}
+ /**
+ * Request a token.
+ * @param rmd
+ * @param rstTemplate
+ * @param issuerEpr
+ * @param action
+ * @param issuerPolicy
+ * @return
+ * @throws RampartException
+ */
private String getToken(RampartMessageData rmd, OMElement rstTemplate,
- String issuerEpr, String action) throws RampartException {
+ String issuerEpr, String action, Policy issuerPolicy) throws RampartException {
try {
@@ -282,10 +350,6 @@
// Get service policy
Policy servicePolicy = rmd.getServicePolicy();
- // Get STS policy
- Policy stsPolicy = rmd.getPolicyData()
- .getRampartConfig().getTokenIssuerPolicy();
-
// Get service epr
String servceEprAddress = rmd.getMsgContext()
.getOptions().getTo().getAddress();
@@ -299,7 +363,7 @@
org.apache.rahas.Token rst =
client.requestSecurityToken(servicePolicy,
issuerEpr,
- stsPolicy,
+ issuerPolicy,
reqType,
servceEprAddress);
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartMessageData.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartMessageData.java?view=diff&rev=441781&r1=441780&r2=441781
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartMessageData.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartMessageData.java Sat Sep 9 04:31:42 2006
@@ -117,10 +117,16 @@
this.secConvVersion = TrustUtil.getWSTVersion((String)msgCtx.getProperty(KEY_WSSC_VERSION));
}
+ //This is for a user to set policy in from the client
if(msgCtx.getProperty(KEY_RAMPART_POLICY) != null) {
this.servicePolicy = (Policy)msgCtx.getProperty(KEY_RAMPART_POLICY);
}
+ //If the policy is already available in the service, then use it
+ if(msgCtx.getParameter(KEY_RAMPART_POLICY) != null) {
+ this.servicePolicy = (Policy)msgCtx.getProperty(getPolicyKey(msgCtx));
+ }
+
} catch (TrustException e) {
throw new RampartException("errorInExtractingMsgProps", e);
}
@@ -339,6 +345,24 @@
*/
public Policy getServicePolicy() {
return servicePolicy;
+ }
+
+ /**
+ * @param servicePolicy The servicePolicy to set.
+ */
+ public void setServicePolicy(Policy servicePolicy) {
+ this.servicePolicy = servicePolicy;
+ }
+
+ /**
+ * @param msgCtx
+ * @return
+ */
+ public static String getPolicyKey(MessageContext msgCtx) {
+ return RampartMessageData.KEY_RAMPART_POLICY
+ + msgCtx.getAxisService().getName() + "{"
+ + msgCtx.getAxisOperation().getName().getNamespaceURI()
+ + "}" + msgCtx.getAxisOperation().getName().getLocalPart();
}
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/RampartPolicyData.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/RampartPolicyData.java?view=diff&rev=441781&r1=441780&r2=441781
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/RampartPolicyData.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/RampartPolicyData.java Sat Sep 9 04:31:42 2006
@@ -16,6 +16,7 @@
package org.apache.rampart.policy;
+import org.apache.rampart.RampartException;
import org.apache.rampart.policy.model.RampartConfig;
import org.apache.ws.secpolicy.Constants;
import org.apache.ws.secpolicy.WSSPolicyException;
@@ -28,6 +29,7 @@
import org.apache.ws.security.WSEncryptionPart;
import java.util.ArrayList;
+import java.util.HashMap;
public class RampartPolicyData {
@@ -90,13 +92,13 @@
/*
* Holds the supporting tokens elements
*/
- private SupportingToken supportingToken;
+ private SupportingToken supportingTokens;
- private SupportingToken signedSupportingToken;
+ private SupportingToken signedSupportingTokens;
- private SupportingToken endorsingSupportingToken;
+ private SupportingToken endorsingSupportingTokens;
- private SupportingToken signedEndorsingSupportingToken;
+ private SupportingToken signedEndorsingSupportingTokens;
private AlgorithmSuite algorithmSuite;
@@ -104,6 +106,11 @@
private Trust10 trust10;
+ private HashMap supportingTokensIdMap;
+ private HashMap signedSupportingTokensIdMap;
+ private HashMap endorsingSupportingTokensIdMap;
+ private HashMap signedEndorsingSupportingTokensIdMap;
+
/**
* @return Returns the symmetricBinding.
*/
@@ -335,18 +342,18 @@
signedParts.add(wep);
}
- public void setSupportingTokens(SupportingToken suppToken)
+ public void setSupportingTokens(SupportingToken suppTokens)
throws WSSPolicyException {
- int tokenType = suppToken.getType();
+ int tokenType = suppTokens.getType();
if (tokenType == Constants.SUPPORTING_TOKEN_SUPPORTING) {
- supportingToken = suppToken;
+ supportingTokens = suppTokens;
} else if (tokenType == Constants.SUPPORTING_TOKEN_SIGNED) {
- signedSupportingToken = suppToken;
+ signedSupportingTokens = suppTokens;
} else if (tokenType == Constants.SUPPORTING_TOKEN_ENDORSING) {
- endorsingSupportingToken = suppToken;
+ endorsingSupportingTokens = suppTokens;
} else if (tokenType == Constants.SUPPORTING_TOKEN_SIGNED_ENDORSING) {
- signedEndorsingSupportingToken = suppToken;
+ signedEndorsingSupportingTokens = suppTokens;
}
}
@@ -441,58 +448,51 @@
/**
* @return Returns the signedEndorsingSupportingToken.
*/
- public SupportingToken getSignedEndorsingSupportingToken() {
- return signedEndorsingSupportingToken;
+ public SupportingToken getSignedEndorsingSupportingTokens() {
+ return signedEndorsingSupportingTokens;
}
/**
* @param signedEndorsingSupportingToken The signedEndorsingSupportingToken to set.
*/
- public void setSignedEndorsingSupportingToken(
- SupportingToken signedEndorsingSupportingToken) {
- this.signedEndorsingSupportingToken = signedEndorsingSupportingToken;
+ public void setSignedEndorsingSupportingTokens(
+ SupportingToken signedEndorsingSupportingTokens) {
+ this.signedEndorsingSupportingTokens = signedEndorsingSupportingTokens;
}
/**
* @return Returns the signedSupportingToken.
*/
- public SupportingToken getSignedSupportingToken() {
- return signedSupportingToken;
+ public SupportingToken getSignedSupportingTokens() {
+ return signedSupportingTokens;
}
/**
* @param signedSupportingToken The signedSupportingToken to set.
*/
- public void setSignedSupportingToken(SupportingToken signedSupportingToken) {
- this.signedSupportingToken = signedSupportingToken;
+ public void setSignedSupportingTokens(SupportingToken signedSupportingTokens) {
+ this.signedSupportingTokens = signedSupportingTokens;
}
/**
* @return Returns the supportingToken.
*/
- public SupportingToken getSupportingToken() {
- return supportingToken;
- }
-
- /**
- * @param supportingToken The supportingToken to set.
- */
- public void setSupportingToken(SupportingToken supportingToken) {
- this.supportingToken = supportingToken;
+ public SupportingToken getSupportingTokens() {
+ return supportingTokens;
}
/**
* @param endorsingSupportingToken The endorsingSupportingToken to set.
*/
- public void setEndorsingSupportingToken(SupportingToken endorsingSupportingToken) {
- this.endorsingSupportingToken = endorsingSupportingToken;
+ public void setEndorsingSupportingTokens(SupportingToken endorsingSupportingTokens) {
+ this.endorsingSupportingTokens = endorsingSupportingTokens;
}
/**
* @return Returns the endorsingSupportingToken.
*/
- public SupportingToken getEndorsingSupportingToken() {
- return endorsingSupportingToken;
+ public SupportingToken getEndorsingSupportingTokens() {
+ return endorsingSupportingTokens;
}
/**
@@ -544,5 +544,83 @@
this.transportBinding = transportBinding;
}
+
+ /**
+ * Add the given token and id to the map.
+ * @param token
+ * @param id
+ */
+ public void setSupporttingtokenId(Token token, String id, int type) throws RampartException {
+
+ HashMap tokenMap = null;
+ switch (type) {
+ case Constants.SUPPORTING_TOKEN_SUPPORTING:
+ if(this.supportingTokensIdMap == null) {
+ this.supportingTokensIdMap = new HashMap();
+ }
+ tokenMap = this.supportingTokensIdMap;
+ break;
+
+ case Constants.SUPPORTING_TOKEN_SIGNED:
+ if(this.signedSupportingTokensIdMap == null) {
+ this.signedSupportingTokensIdMap = new HashMap();
+ }
+ tokenMap = this.signedSupportingTokensIdMap;
+ break;
+
+ case Constants.SUPPORTING_TOKEN_ENDORSING:
+ if(this.endorsingSupportingTokensIdMap == null) {
+ this.endorsingSupportingTokensIdMap = new HashMap();
+ }
+ tokenMap = this.endorsingSupportingTokensIdMap;
+ break;
+
+ case Constants.SUPPORTING_TOKEN_SIGNED_ENDORSING:
+ if(this.signedEndorsingSupportingTokensIdMap == null) {
+ this.signedEndorsingSupportingTokensIdMap = new HashMap();
+ }
+ tokenMap = this.signedEndorsingSupportingTokensIdMap;
+ break;
+
+ default:
+ throw new RampartException("invalidSupportingVersionType",
+ new String[] { Integer.toString(type) });
+ }
+
+ tokenMap.put(token, id);
+ }
+
+ public String getSupportingTokenID(Token token, int type)
+ throws RampartException {
+ switch (type) {
+ case Constants.SUPPORTING_TOKEN_SUPPORTING:
+ if(this.supportingTokensIdMap != null) {
+ return (String)this.supportingTokensIdMap.get(token);
+ }
+ return null;
+
+ case Constants.SUPPORTING_TOKEN_SIGNED:
+ if(this.signedSupportingTokensIdMap != null) {
+ return (String)this.signedSupportingTokensIdMap.get(token);
+ }
+ return null;
+
+ case Constants.SUPPORTING_TOKEN_ENDORSING:
+ if(this.endorsingSupportingTokensIdMap != null) {
+ return (String)this.endorsingSupportingTokensIdMap.get(token);
+ }
+ return null;
+
+ case Constants.SUPPORTING_TOKEN_SIGNED_ENDORSING:
+ if(this.signedEndorsingSupportingTokensIdMap == null) {
+ this.signedEndorsingSupportingTokensIdMap = new HashMap();
+ }
+ return null;
+
+ default:
+ throw new RampartException("invalidSupportingVersionType",
+ new String[] { Integer.toString(type) });
+ }
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org