You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2011/08/30 18:23:47 UTC
svn commit: r1163282 -
/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
Author: coheigea
Date: Tue Aug 30 16:23:47 2011
New Revision: 1163282
URL: http://svn.apache.org/viewvc?rev=1163282&view=rev
Log:
Use the existing Cancel policy (if it exists) for the STSClient cancel operation
- Return a boolean indicating whether the invocation was successful or not
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=1163282&r1=1163281&r2=1163282&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java Tue Aug 30 16:23:47 2011
@@ -903,49 +903,59 @@ public class STSClient implements Config
return tokens;
}
- public void cancelSecurityToken(SecurityToken token) throws Exception {
+ public boolean cancelSecurityToken(SecurityToken token) throws Exception {
createClient();
if (addressingNamespace == null) {
addressingNamespace = "http://www.w3.org/2005/08/addressing";
}
- Policy cancelPolicy = new Policy();
- ExactlyOne one = new ExactlyOne();
- cancelPolicy.addPolicyComponent(one);
- All all = new All();
- one.addPolicyComponent(all);
- PolicyBuilder pbuilder = bus.getExtension(PolicyBuilder.class);
- SymmetricBinding binding = new SymmetricBinding(pbuilder);
- all.addAssertion(binding);
- all.addAssertion(getAddressingAssertion());
- ProtectionToken ptoken = new ProtectionToken(pbuilder);
- binding.setProtectionToken(ptoken);
- binding.setIncludeTimestamp(true);
- binding.setEntireHeadersAndBodySignatures(true);
- binding.setTokenProtection(false);
- AlgorithmSuite suite = new AlgorithmSuite();
- binding.setAlgorithmSuite(suite);
- SecureConversationToken sct = new SecureConversationToken();
- sct.setOptional(true);
- ptoken.setToken(sct);
-
- SignedEncryptedParts parts = new SignedEncryptedParts(true);
- parts.setOptional(true);
- parts.setBody(true);
- parts.addHeader(new Header("To", addressingNamespace));
- parts.addHeader(new Header("From", addressingNamespace));
- parts.addHeader(new Header("FaultTo", addressingNamespace));
- parts.addHeader(new Header("ReplyTo", addressingNamespace));
- parts.addHeader(new Header("Action", addressingNamespace));
- parts.addHeader(new Header("MessageID", addressingNamespace));
- parts.addHeader(new Header("RelatesTo", addressingNamespace));
- all.addPolicyComponent(parts);
-
+ client.getRequestContext().clear();
client.getRequestContext().putAll(ctx);
- client.getRequestContext().put(PolicyConstants.POLICY_OVERRIDE, cancelPolicy);
client.getRequestContext().put(SecurityConstants.TOKEN, token);
+
BindingOperationInfo boi = findOperation("/RST/Cancel");
+ boolean attachTokenDirectly = true;
+ if (boi == null) {
+ attachTokenDirectly = false;
+ boi = findOperation("/RST/Issue");
+
+ Policy cancelPolicy = new Policy();
+ ExactlyOne one = new ExactlyOne();
+ cancelPolicy.addPolicyComponent(one);
+ All all = new All();
+ one.addPolicyComponent(all);
+ all.addAssertion(getAddressingAssertion());
+
+ PolicyBuilder pbuilder = bus.getExtension(PolicyBuilder.class);
+ SymmetricBinding binding = new SymmetricBinding(pbuilder);
+ all.addAssertion(binding);
+ all.addAssertion(getAddressingAssertion());
+ ProtectionToken ptoken = new ProtectionToken(pbuilder);
+ binding.setProtectionToken(ptoken);
+ binding.setIncludeTimestamp(true);
+ binding.setEntireHeadersAndBodySignatures(true);
+ binding.setTokenProtection(false);
+ AlgorithmSuite suite = new AlgorithmSuite();
+ binding.setAlgorithmSuite(suite);
+ SecureConversationToken sct = new SecureConversationToken();
+ sct.setOptional(true);
+ ptoken.setToken(sct);
+
+ SignedEncryptedParts parts = new SignedEncryptedParts(true);
+ parts.setOptional(true);
+ parts.setBody(true);
+ parts.addHeader(new Header("To", addressingNamespace));
+ parts.addHeader(new Header("From", addressingNamespace));
+ parts.addHeader(new Header("FaultTo", addressingNamespace));
+ parts.addHeader(new Header("ReplyTo", addressingNamespace));
+ parts.addHeader(new Header("Action", addressingNamespace));
+ parts.addHeader(new Header("MessageID", addressingNamespace));
+ parts.addHeader(new Header("RelatesTo", addressingNamespace));
+ all.addPolicyComponent(parts);
+
+ client.getRequestContext().put(PolicyConstants.POLICY_OVERRIDE, cancelPolicy);
+ }
if (isSecureConv) {
client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION,
@@ -955,7 +965,6 @@ public class STSClient implements Config
namespace + "/RST/Cancel");
}
-
W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
writer.writeStartElement("wst", "RequestSecurityToken", namespace);
writer.writeNamespace("wst", namespace);
@@ -964,9 +973,14 @@ public class STSClient implements Config
writer.writeEndElement();
writer.writeStartElement("wst", "CancelTarget", namespace);
- Element el = token.getUnattachedReference();
- if (el == null) {
- el = token.getAttachedReference();
+ Element el = null;
+ if (attachTokenDirectly) {
+ el = token.getToken();
+ } else {
+ el = token.getUnattachedReference();
+ if (el == null) {
+ el = token.getAttachedReference();
+ }
}
StaxUtils.copy(el, writer);
@@ -976,8 +990,10 @@ public class STSClient implements Config
try {
client.invoke(boi, new DOMSource(writer.getDocument().getDocumentElement()));
token.setState(SecurityToken.State.CANCELLED);
+ return true;
} catch (Exception ex) {
LOG.log(Level.WARNING, "Problem cancelling token", ex);
+ return false;
}
}