You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2009/03/11 21:07:39 UTC
svn commit: r752601 -
/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
Author: dkulp
Date: Wed Mar 11 20:07:39 2009
New Revision: 752601
URL: http://svn.apache.org/viewvc?rev=752601&view=rev
Log:
Work toward validate. The MS server is not responding at all to validate or cancel requests (hang) so I'm not sure if they are correct yet or not.
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=752601&r1=752600&r2=752601&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java Wed Mar 11 20:07:39 2009
@@ -420,6 +420,74 @@
String ns = "http://schemas.xmlsoap.org/ws/2004/08/addressing/policy";
return new PrimitiveAssertion(new QName(ns, "UsingAddressing"));
}
+ public boolean validateSecurityToken(SecurityToken tok) throws Exception {
+ return validateSecurityToken(tok,
+ namespace + "/RSTR/Status");
+ }
+ private boolean validateSecurityToken(SecurityToken tok, String string)
+ throws Exception {
+ createClient();
+
+ if (addressingNamespace == null) {
+ addressingNamespace = "http://www.w3.org/2005/08/addressing";
+ }
+
+ Policy validatePolicy = new Policy();
+ ExactlyOne one = new ExactlyOne();
+ validatePolicy.addPolicyComponent(one);
+ All all = new All();
+ SymmetricBinding binding = new SymmetricBinding();
+ all.addAssertion(binding);
+ one.addPolicyComponent(all);
+ all.addAssertion(getAddressingAssertion());
+ ProtectionToken ptoken = new ProtectionToken();
+ binding.setProtectionToken(ptoken);
+ binding.setIncludeTimestamp(true);
+ binding.setEntireHeadersAndBodySignatures(true);
+ binding.setTokenProtection(false);
+ AlgorithmSuite suite = new AlgorithmSuite();
+ binding.setAlgorithmSuite(suite);
+ SecureConversationToken sct = new SecureConversationToken();
+ sct.setOptional(true);
+ ptoken.setToken(sct);
+
+ SignedEncryptedParts parts = new SignedEncryptedParts(true);
+ parts.setBody(true);
+ parts.addHeader(new Header("To", addressingNamespace));
+ parts.addHeader(new Header("From", addressingNamespace));
+ parts.addHeader(new Header("FaultTo", addressingNamespace));
+ parts.addHeader(new Header("ReplyTo", addressingNamespace));
+ parts.addHeader(new Header("Action", addressingNamespace));
+ parts.addHeader(new Header("MessageID", addressingNamespace));
+ parts.addHeader(new Header("RelatesTo", addressingNamespace));
+ all.addPolicyComponent(parts);
+
+ client.getRequestContext().putAll(ctx);
+ client.getRequestContext().put(PolicyConstants.POLICY_OVERRIDE, validatePolicy);
+ client.getRequestContext().put(SecurityConstants.TOKEN, tok);
+ BindingOperationInfo boi = findOperation("/RST/Validate");
+
+ W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
+ writer.writeStartElement("wst", "RequestSecurityToken", namespace);
+ writer.writeStartElement("wst", "RequestType", namespace);
+ writer.writeCharacters(namespace + "/Validate");
+ writer.writeEndElement();
+
+ writer.writeStartElement("wst", "ValidateTarget", namespace);
+ Element el = tok.getUnattachedReference();
+ if (el == null) {
+ el = tok.getAttachedReference();
+ }
+ StaxUtils.copy(el, writer);
+
+ writer.writeEndElement();
+ writer.writeEndElement();
+
+ client.invoke(boi, new DOMSource(writer.getDocument().getDocumentElement()));
+
+ return false;
+ }
+
public void cancelSecurityToken(SecurityToken token) throws Exception {
createClient();