You are viewing a plain text version of this content. The canonical link for it is here.
Posted to axis-cvs@ws.apache.org by ru...@apache.org on 2006/01/24 10:14:27 UTC
svn commit: r371870 [2/4] - in
/webservices/axis2/trunk/java/modules/security: ./
src/org/apache/axis2/security/
src/org/apache/axis2/security/handler/config/ src/org/apache/ws/
src/org/apache/ws/security/ src/org/apache/ws/security/policy/ src/org/apa...
Added: webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/TokenWrapper.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/TokenWrapper.java?rev=371870&view=auto
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/TokenWrapper.java (added)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/TokenWrapper.java Tue Jan 24 01:13:40 2006
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.security.policy.model;
+
+import org.apache.ws.security.policy.WSSPolicyException;
+
+public interface TokenWrapper {
+
+ public void setToken(Token tok) throws WSSPolicyException;
+}
Added: webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/TransportBinding.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/TransportBinding.java?rev=371870&view=auto
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/TransportBinding.java (added)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/TransportBinding.java Tue Jan 24 01:13:40 2006
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.security.policy.model;
+
+public class TransportBinding extends Binding {
+
+ private Token transportToken;
+
+ /**
+ * @return Returns the transportToken.
+ */
+ public Token getTransportToken() {
+ return transportToken;
+ }
+
+ /**
+ * @param transportToken The transportToken to set.
+ */
+ public void setTransportToken(Token transportToken) {
+ this.transportToken = transportToken;
+ }
+
+}
Added: webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/UsernameToken.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/UsernameToken.java?rev=371870&view=auto
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/UsernameToken.java (added)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/UsernameToken.java Tue Jan 24 01:13:40 2006
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.security.policy.model;
+
+public class UsernameToken extends Token {
+
+ private boolean useUTProfile11;
+
+ /**
+ * @return Returns the useUTProfile11.
+ */
+ public boolean isUseUTProfile11() {
+ return useUTProfile11;
+ }
+
+ /**
+ * @param useUTProfile11 The useUTProfile11 to set.
+ */
+ public void setUseUTProfile11(boolean useUTProfile11) {
+ this.useUTProfile11 = useUTProfile11;
+ }
+
+
+}
Added: webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/Wss10.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/Wss10.java?rev=371870&view=auto
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/Wss10.java (added)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/Wss10.java Tue Jan 24 01:13:40 2006
@@ -0,0 +1,75 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.security.policy.model;
+
+public class Wss10 extends PolicyEngineData {
+
+ private boolean mustSupportRefKeyIdentifier;
+ private boolean MustSupportRefIssuerSerial;
+ private boolean MustSupportRefExternalURI;
+ private boolean MustSupportRefEmbeddedToken;
+
+ /**
+ * @return Returns the mustSupportRefEmbeddedToken.
+ */
+ public boolean isMustSupportRefEmbeddedToken() {
+ return MustSupportRefEmbeddedToken;
+ }
+ /**
+ * @param mustSupportRefEmbeddedToken The mustSupportRefEmbeddedToken to set.
+ */
+ public void setMustSupportRefEmbeddedToken(boolean mustSupportRefEmbeddedToken) {
+ MustSupportRefEmbeddedToken = mustSupportRefEmbeddedToken;
+ }
+ /**
+ * @return Returns the mustSupportRefExternalURI.
+ */
+ public boolean isMustSupportRefExternalURI() {
+ return MustSupportRefExternalURI;
+ }
+ /**
+ * @param mustSupportRefExternalURI The mustSupportRefExternalURI to set.
+ */
+ public void setMustSupportRefExternalURI(boolean mustSupportRefExternalURI) {
+ MustSupportRefExternalURI = mustSupportRefExternalURI;
+ }
+ /**
+ * @return Returns the mustSupportRefIssuerSerial.
+ */
+ public boolean isMustSupportRefIssuerSerial() {
+ return MustSupportRefIssuerSerial;
+ }
+ /**
+ * @param mustSupportRefIssuerSerial The mustSupportRefIssuerSerial to set.
+ */
+ public void setMustSupportRefIssuerSerial(boolean mustSupportRefIssuerSerial) {
+ MustSupportRefIssuerSerial = mustSupportRefIssuerSerial;
+ }
+ /**
+ * @return Returns the mustSupportRefKeyIdentifier.
+ */
+ public boolean isMustSupportRefKeyIdentifier() {
+ return mustSupportRefKeyIdentifier;
+ }
+ /**
+ * @param mustSupportRefKeyIdentifier The mustSupportRefKeyIdentifier to set.
+ */
+ public void setMustSupportRefKeyIdentifier(boolean mustSupportRefKeyIdentifier) {
+ this.mustSupportRefKeyIdentifier = mustSupportRefKeyIdentifier;
+ }
+
+}
Added: webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/Wss11.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/Wss11.java?rev=371870&view=auto
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/Wss11.java (added)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/Wss11.java Tue Jan 24 01:13:40 2006
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.security.policy.model;
+
+public class Wss11 extends Wss10 {
+
+ private boolean MustSupportRefThumbprint;
+ private boolean MustSupportRefEncryptedKey;
+ private boolean RequireSignatureConfirmation;
+
+ /**
+ * @return Returns the mustSupportRefEncryptedKey.
+ */
+ public boolean isMustSupportRefEncryptedKey() {
+ return MustSupportRefEncryptedKey;
+ }
+ /**
+ * @param mustSupportRefEncryptedKey The mustSupportRefEncryptedKey to set.
+ */
+ public void setMustSupportRefEncryptedKey(boolean mustSupportRefEncryptedKey) {
+ MustSupportRefEncryptedKey = mustSupportRefEncryptedKey;
+ }
+ /**
+ * @return Returns the mustSupportRefThumbprint.
+ */
+ public boolean isMustSupportRefThumbprint() {
+ return MustSupportRefThumbprint;
+ }
+ /**
+ * @param mustSupportRefThumbprint The mustSupportRefThumbprint to set.
+ */
+ public void setMustSupportRefThumbprint(boolean mustSupportRefThumbprint) {
+ MustSupportRefThumbprint = mustSupportRefThumbprint;
+ }
+ /**
+ * @return Returns the requireSignatureConfirmation.
+ */
+ public boolean isRequireSignatureConfirmation() {
+ return RequireSignatureConfirmation;
+ }
+ /**
+ * @param requireSignatureConfirmation The requireSignatureConfirmation to set.
+ */
+ public void setRequireSignatureConfirmation(boolean requireSignatureConfirmation) {
+ RequireSignatureConfirmation = requireSignatureConfirmation;
+ }
+
+
+}
Added: webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/X509Token.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/X509Token.java?rev=371870&view=auto
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/X509Token.java (added)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/X509Token.java Tue Jan 24 01:13:40 2006
@@ -0,0 +1,104 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.security.policy.model;
+
+public class X509Token extends Token {
+
+ private boolean requireKeyIdentifierReference;
+
+ private boolean requireIssuerSerialReference;
+
+ private boolean requireEmbeddedTokenReference;
+
+ private boolean requireThumbprintReference;
+
+ private String tokenVersionAndType;
+
+ /**
+ * @return Returns the requireEmbeddedTokenReference.
+ */
+ public boolean isRequireEmbeddedTokenReference() {
+ return requireEmbeddedTokenReference;
+ }
+
+ /**
+ * @param requireEmbeddedTokenReference The requireEmbeddedTokenReference to set.
+ */
+ public void setRequireEmbeddedTokenReference(
+ boolean requireEmbeddedTokenReference) {
+ this.requireEmbeddedTokenReference = requireEmbeddedTokenReference;
+ }
+
+ /**
+ * @return Returns the requireIssuerSerialReference.
+ */
+ public boolean isRequireIssuerSerialReference() {
+ return requireIssuerSerialReference;
+ }
+
+ /**
+ * @param requireIssuerSerialReference The requireIssuerSerialReference to set.
+ */
+ public void setRequireIssuerSerialReference(boolean requireIssuerSerialReference) {
+ this.requireIssuerSerialReference = requireIssuerSerialReference;
+ }
+
+ /**
+ * @return Returns the requireKeyIdentifierReference.
+ */
+ public boolean isRequireKeyIdentifierReference() {
+ return requireKeyIdentifierReference;
+ }
+
+ /**
+ * @param requireKeyIdentifierReference The requireKeyIdentifierReference to set.
+ */
+ public void setRequireKeyIdentifierReference(
+ boolean requireKeyIdentifierReference) {
+ this.requireKeyIdentifierReference = requireKeyIdentifierReference;
+ }
+
+ /**
+ * @return Returns the requireThumbprintReference.
+ */
+ public boolean isRequireThumbprintReference() {
+ return requireThumbprintReference;
+ }
+
+ /**
+ * @param requireThumbprintReference The requireThumbprintReference to set.
+ */
+ public void setRequireThumbprintReference(boolean requireThumbprintReference) {
+ this.requireThumbprintReference = requireThumbprintReference;
+ }
+
+ /**
+ * @return Returns the tokenVersionAndType.
+ */
+ public String getTokenVersionAndType() {
+ return tokenVersionAndType;
+ }
+
+ /**
+ * @param tokenVersionAndType The tokenVersionAndType to set.
+ */
+ public void setTokenVersionAndType(String tokenVersionAndType) {
+ this.tokenVersionAndType = tokenVersionAndType;
+ }
+
+
+}
Added: webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/SecurityPolicy.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/SecurityPolicy.java?rev=371870&view=auto
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/SecurityPolicy.java (added)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/SecurityPolicy.java Tue Jan 24 01:13:40 2006
@@ -0,0 +1,412 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.security.policy.parser;
+
+public class SecurityPolicy {
+
+ public static final SecurityPolicyToken signedParts = new SecurityPolicyToken("SignedParts",
+ SecurityPolicyToken.COMPLEX_TOKEN, null);
+
+ public static final SecurityPolicyToken header = new SecurityPolicyToken("Header",
+ SecurityPolicyToken.SIMPLE_TOKEN, new String[] { "Name",
+ "Namespace" });
+
+ public static final SecurityPolicyToken body = new SecurityPolicyToken("Body",
+ SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken signedElements = new SecurityPolicyToken(
+ "SignedElements", SecurityPolicyToken.COMPLEX_TOKEN,
+ new String[] { "XPathVersion" });
+
+ public static final SecurityPolicyToken xPath = new SecurityPolicyToken(
+ "XPath",
+ SecurityPolicyToken.SIMPLE_TOKEN | SecurityPolicyToken.WITH_CONTENT,
+ null);
+
+ public static final SecurityPolicyToken encryptedParts = new SecurityPolicyToken(
+ "EncryptedParts", SecurityPolicyToken.COMPLEX_TOKEN, null);
+
+ public static final SecurityPolicyToken encryptedElements = new SecurityPolicyToken(
+ "EncryptedElements", SecurityPolicyToken.COMPLEX_TOKEN,
+ new String[] { "XPathVersion" });
+
+ public static final SecurityPolicyToken requiredElements = new SecurityPolicyToken(
+ "RequiredElements", SecurityPolicyToken.COMPLEX_TOKEN,
+ new String[] { "XPathVersion" });
+
+ public static final SecurityPolicyToken usernameToken = new SecurityPolicyToken(
+ "UsernameToken", SecurityPolicyToken.COMPLEX_TOKEN,
+ new String[] { "IncludeToken" });
+
+ public static final SecurityPolicyToken wssUsernameToken10 = new SecurityPolicyToken(
+ "WssUsernameToken10", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken wssUsernameToken11 = new SecurityPolicyToken(
+ "WssUsernameToken11", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken issuedToken = new SecurityPolicyToken("IssuedToken",
+ SecurityPolicyToken.COMPLEX_TOKEN, new String[] { "IncludeToken" });
+
+ public static final SecurityPolicyToken issuer = new SecurityPolicyToken(
+ "Issuer",
+ SecurityPolicyToken.SIMPLE_TOKEN | SecurityPolicyToken.WITH_CONTENT,
+ null);
+
+ public static final SecurityPolicyToken requestSecurityTokenTemplate = new SecurityPolicyToken(
+ "RequestSecurityTokenTemplate", SecurityPolicyToken.COMPLEX_TOKEN
+ | SecurityPolicyToken.WITH_CONTENT,
+ new String[] { "TrustVersion" });
+
+ public static final SecurityPolicyToken requireDerivedKeys = new SecurityPolicyToken(
+ "RequireDerivedKeys", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken requireExternalReference = new SecurityPolicyToken(
+ "RequireExternalReference", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken requireInternalReference = new SecurityPolicyToken(
+ "RequireInternalReference", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken x509Token = new SecurityPolicyToken("X509Token",
+ SecurityPolicyToken.COMPLEX_TOKEN, new String[] { "IncludeToken" });
+
+ public static final SecurityPolicyToken requireKeyIdentifierReference = new SecurityPolicyToken(
+ "RequireKeyIdentifierReference", SecurityPolicyToken.SIMPLE_TOKEN,
+ null);
+
+ public static final SecurityPolicyToken requireIssuerSerialReference = new SecurityPolicyToken(
+ "RequireIssuerSerialReference", SecurityPolicyToken.SIMPLE_TOKEN,
+ null);
+
+ public static final SecurityPolicyToken requireEmbeddedTokenReference = new SecurityPolicyToken(
+ "RequireEmbeddedTokenReference", SecurityPolicyToken.SIMPLE_TOKEN,
+ null);
+
+ public static final SecurityPolicyToken requireThumbprintReference = new SecurityPolicyToken(
+ "RequireThumbprintReference", SecurityPolicyToken.SIMPLE_TOKEN,
+ null);
+
+ public static final SecurityPolicyToken wssX509V1Token10 = new SecurityPolicyToken(
+ "WssX509V1Token10", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken wssX509V3Token10 = new SecurityPolicyToken(
+ "WssX509V3Token10", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken wssX509Pkcs7Token10 = new SecurityPolicyToken(
+ "WssX509Pkcs7Token10", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken wssX509PkiPathV1Token10 = new SecurityPolicyToken(
+ "WssX509PkiPathV1Token10", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken wssX509V1Token11 = new SecurityPolicyToken(
+ "WssX509V1Token11", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken wssX509V3Token11 = new SecurityPolicyToken(
+ "WssX509V3Token11", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken wssX509Pkcs7Token11 = new SecurityPolicyToken(
+ "WssX509Pkcs7Token11", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken wssX509PkiPathV1Token11 = new SecurityPolicyToken(
+ "WssX509PkiPathV1Token11", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken kerberosToken = new SecurityPolicyToken(
+ "KerberosToken", SecurityPolicyToken.COMPLEX_TOKEN,
+ new String[] { "IncludeToken" });
+
+ // requireDerivedKeys already defined for issuedToken
+ // requireKeyIdentifierReference already defined for x509Token
+ public static final SecurityPolicyToken wssKerberosV5ApReqToken11 = new SecurityPolicyToken(
+ "WssKerberosV5ApReqToken11", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken wssGssKerberosV5ApReqToken11 = new SecurityPolicyToken(
+ "WssGssKerberosV5ApReqToken11", SecurityPolicyToken.SIMPLE_TOKEN,
+ null);
+
+ public static final SecurityPolicyToken spnegoContextToken = new SecurityPolicyToken(
+ "SpnegoContextToken", SecurityPolicyToken.COMPLEX_TOKEN,
+ new String[] { "IncludeToken" });
+
+ // issuer already defined for issuedToken
+ // requireDerivedKeys already defined for issuedToken
+
+ public static final SecurityPolicyToken securityContextToken = new SecurityPolicyToken(
+ "SecurityContextToken", SecurityPolicyToken.COMPLEX_TOKEN,
+ new String[] { "IncludeToken" });
+
+ // requireDerivedKeys already defined for issuedToken
+ public static final SecurityPolicyToken requireExternalUriReference = new SecurityPolicyToken(
+ "RequireExternalUriReference", SecurityPolicyToken.SIMPLE_TOKEN,
+ null);
+
+ public static final SecurityPolicyToken sc10SecurityContextToken = new SecurityPolicyToken(
+ "SC10SecurityContextToken", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken secureConversationToken = new SecurityPolicyToken(
+ "SecureConversationToken", SecurityPolicyToken.COMPLEX_TOKEN,
+ new String[] { "IncludeToken" });
+
+ // issuer already defined for issuedToken
+ // requireDerivedKeys already defined for issuedToken
+ // requireExternalUriReference is already defined for SecurityContextToken
+ // sc10SecurityContextToken is already defined for SecurityContextToken
+ public static final SecurityPolicyToken bootstrapPolicy = new SecurityPolicyToken(
+ "BootstrapPolicy", SecurityPolicyToken.COMPLEX_TOKEN, null);
+
+ public static final SecurityPolicyToken samlToken = new SecurityPolicyToken("SamlToken",
+ SecurityPolicyToken.COMPLEX_TOKEN, new String[] { "IncludeToken" });
+
+ // requireDerivedKeys already defined for issuedToken
+ // requireKeyIdentifierReference already defined for x509Token
+ public static final SecurityPolicyToken wssSamlV10Token10 = new SecurityPolicyToken(
+ "WssSamlV10Token10", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken wssSamlV11Token10 = new SecurityPolicyToken(
+ "WssSamlV11Token10", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken wssSamlV10Token11 = new SecurityPolicyToken(
+ "WssSamlV10Token11", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken wssSamlV11Token11 = new SecurityPolicyToken(
+ "WssSamlV11Token11", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken wssSamlV20Token11 = new SecurityPolicyToken(
+ "WssSamlV20Token11", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken relToken = new SecurityPolicyToken("RelToken",
+ SecurityPolicyToken.COMPLEX_TOKEN, new String[] { "IncludeToken" });
+
+ // requireDerivedKeys already defined for issuedToken
+ // requireKeyIdentifierReference already defined for x509Token
+ public static final SecurityPolicyToken wssRelV10Token10 = new SecurityPolicyToken(
+ "WssRelV10Token10", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken wssRelV20Token10 = new SecurityPolicyToken(
+ "WssRelV20Token10", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken wssRelV10Token11 = new SecurityPolicyToken(
+ "WssRelV10Token11", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken wssRelV20Token11 = new SecurityPolicyToken(
+ "WssRelV20Token11", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken httpsToken = new SecurityPolicyToken("HttpsToken",
+ SecurityPolicyToken.COMPLEX_TOKEN,
+ new String[] { "RequireClientCertificate" });
+
+ public static final SecurityPolicyToken algorithmSuite = new SecurityPolicyToken("AlgorithmSuite",
+ SecurityPolicyToken.COMPLEX_TOKEN, null);
+
+ public static final SecurityPolicyToken basic256 = new SecurityPolicyToken("Basic256",
+ SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken basic192 = new SecurityPolicyToken("Basic192",
+ SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken basic128 = new SecurityPolicyToken("Basic128",
+ SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken tripleDes = new SecurityPolicyToken("TripleDes",
+ SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken basic256Rsa15 = new SecurityPolicyToken(
+ "Basic256Rsa15", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken basic192Rsa15 = new SecurityPolicyToken(
+ "Basic192Rsa15", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken basic128Rsa15 = new SecurityPolicyToken(
+ "Basic128Rsa15", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken tripleDesRsa15 = new SecurityPolicyToken(
+ "TripleDesRsa15", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken basic256Sha256 = new SecurityPolicyToken(
+ "Basic256Sha256", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken basic192Sha256 = new SecurityPolicyToken(
+ "Basic192Sha256", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken basic128Sha256 = new SecurityPolicyToken(
+ "Basic128Sha256", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken tripleDesSha256 = new SecurityPolicyToken(
+ "TripleDesSha256", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken basic256Sha256Rsa15 = new SecurityPolicyToken(
+ "Basic256Sha256Rsa15", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken basic192Sha256Rsa15 = new SecurityPolicyToken(
+ "Basic192Sha256Rsa15", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken basic128Sha256Rsa15 = new SecurityPolicyToken(
+ "Basic128Sha256Rsa15", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken tripleDesSha256Rsa15 = new SecurityPolicyToken(
+ "TripleDesSha256Rsa15", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken inclusiveC14N = new SecurityPolicyToken(
+ "InclusiveC14N", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken soapNormalization10 = new SecurityPolicyToken(
+ "SoapNormalization10", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken strTransform10 = new SecurityPolicyToken(
+ "StrTransform10", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken xPath10 = new SecurityPolicyToken("XPath10",
+ SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken xPathFilter20 = new SecurityPolicyToken(
+ "XPathFilter20", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken layout = new SecurityPolicyToken("Layout",
+ SecurityPolicyToken.COMPLEX_TOKEN, null);
+
+ public static final SecurityPolicyToken strict = new SecurityPolicyToken("Strict",
+ SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken lax = new SecurityPolicyToken("Lax",
+ SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken laxTsFirst = new SecurityPolicyToken("LaxTsFirst",
+ SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken laxTsLast = new SecurityPolicyToken("LaxTsLast",
+ SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken transportBinding = new SecurityPolicyToken(
+ "TransportBinding", SecurityPolicyToken.COMPLEX_TOKEN, null);
+
+ public static final SecurityPolicyToken transportToken = new SecurityPolicyToken(
+ "TransportToken", SecurityPolicyToken.COMPLEX_TOKEN, null);
+
+ // algorithmSuite and layout see above
+ public static final SecurityPolicyToken includeTimestamp = new SecurityPolicyToken(
+ "IncludeTimestamp", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken symmetricBinding = new SecurityPolicyToken(
+ "SymmetricBinding", SecurityPolicyToken.COMPLEX_TOKEN, null);
+
+ public static final SecurityPolicyToken encryptionToken = new SecurityPolicyToken(
+ "EncryptionToken", SecurityPolicyToken.COMPLEX_TOKEN, null);
+
+ public static final SecurityPolicyToken signatureToken = new SecurityPolicyToken(
+ "SignatureToken", SecurityPolicyToken.COMPLEX_TOKEN, null);
+
+ public static final SecurityPolicyToken protectionToken = new SecurityPolicyToken(
+ "ProtectionToken", SecurityPolicyToken.COMPLEX_TOKEN, null);
+
+ // algorithmSuite and layout see above
+ // includeTimestamp already defined for transport binding
+ public static final SecurityPolicyToken encryptBeforeSigning = new SecurityPolicyToken(
+ "EncryptBeforeSigning", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken encryptSignature = new SecurityPolicyToken(
+ "EncryptSignature", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken protectTokens = new SecurityPolicyToken(
+ "ProtectTokens", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken onlySignEntireHeadersAndBody = new SecurityPolicyToken(
+ "OnlySignEntireHeadersAndBody", SecurityPolicyToken.SIMPLE_TOKEN,
+ null);
+
+ public static final SecurityPolicyToken asymmetricBinding = new SecurityPolicyToken(
+ "AsymmetricBinding", SecurityPolicyToken.COMPLEX_TOKEN, null);
+
+ public static final SecurityPolicyToken initiatorToken = new SecurityPolicyToken(
+ "InitiatorToken", SecurityPolicyToken.COMPLEX_TOKEN, null);
+
+ public static final SecurityPolicyToken recipientToken = new SecurityPolicyToken(
+ "RecipientToken", SecurityPolicyToken.COMPLEX_TOKEN, null);
+
+ // all other tokens for asymmetric already defined above
+
+ public static final SecurityPolicyToken supportingTokens = new SecurityPolicyToken(
+ "SupportingTokens", SecurityPolicyToken.COMPLEX_TOKEN, null);
+
+ public static final SecurityPolicyToken signedSupportingTokens = new SecurityPolicyToken(
+ "SignedSupportingTokens", SecurityPolicyToken.COMPLEX_TOKEN, null);
+
+ public static final SecurityPolicyToken endorsingSupportingTokens = new SecurityPolicyToken(
+ "EndorsingSupportingTokens", SecurityPolicyToken.COMPLEX_TOKEN,
+ null);
+
+ public static final SecurityPolicyToken signedEndorsingSupportingTokens = new SecurityPolicyToken(
+ "SignedEndorsingSupportingTokens",
+ SecurityPolicyToken.COMPLEX_TOKEN, null);
+
+ public static final SecurityPolicyToken wss10 = new SecurityPolicyToken("Wss10",
+ SecurityPolicyToken.COMPLEX_TOKEN, null);
+
+ public static final SecurityPolicyToken mustSupportRefKeyIdentifier = new SecurityPolicyToken(
+ "MustSupportRefKeyIdentifier", SecurityPolicyToken.SIMPLE_TOKEN,
+ null);
+
+ public static final SecurityPolicyToken mustSupportRefIssuerSerial = new SecurityPolicyToken(
+ "MustSupportRefIssuerSerial", SecurityPolicyToken.SIMPLE_TOKEN,
+ null);
+
+ public static final SecurityPolicyToken mustSupportRefExternalUri = new SecurityPolicyToken(
+ "MustSupportRefExternalURI", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken mustSupportRefEmbeddedToken = new SecurityPolicyToken(
+ "MustSupportRefEmbeddedToken", SecurityPolicyToken.SIMPLE_TOKEN,
+ null);
+
+ public static final SecurityPolicyToken wss11 = new SecurityPolicyToken("Wss11",
+ SecurityPolicyToken.COMPLEX_TOKEN, null);
+
+ // all from wss10
+ public static final SecurityPolicyToken mustSupportRefThumbprint = new SecurityPolicyToken(
+ "MustSupportRefThumbprint", SecurityPolicyToken.SIMPLE_TOKEN,
+ null);
+
+ public static final SecurityPolicyToken mustSupportRefEncryptedKey = new SecurityPolicyToken(
+ "MustSupportRefEncryptedKey", SecurityPolicyToken.SIMPLE_TOKEN,
+ null);
+
+ public static final SecurityPolicyToken requireSignatureConfirmation = new SecurityPolicyToken(
+ "RequireSignatureConfirmation", SecurityPolicyToken.SIMPLE_TOKEN,
+ null);
+
+ public static final SecurityPolicyToken trust10 = new SecurityPolicyToken("Trust10",
+ SecurityPolicyToken.COMPLEX_TOKEN, null);
+
+ public static final SecurityPolicyToken mustSupportClientChallenge = new SecurityPolicyToken(
+ "MustSupportClientChallenge", SecurityPolicyToken.SIMPLE_TOKEN,
+ null);
+
+ public static final SecurityPolicyToken mustSupportServerChallenge = new SecurityPolicyToken(
+ "MustSupportServerChallenge", SecurityPolicyToken.SIMPLE_TOKEN,
+ null);
+
+ public static final SecurityPolicyToken requireClientEntropy = new SecurityPolicyToken(
+ "RequireClientEntropy", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken requireServerEntropy = new SecurityPolicyToken(
+ "RequireServerEntropy", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final SecurityPolicyToken mustSupportIssuedTokens = new SecurityPolicyToken(
+ "MustSupportIssuedTokens", SecurityPolicyToken.SIMPLE_TOKEN, null);
+
+ public static final String includeNever = "http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";
+
+ public static final String includeOnce = "http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once";
+
+ public static final String includeAlways = "http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always";
+
+}
Added: webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/SecurityPolicyToken.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/SecurityPolicyToken.java?rev=371870&view=auto
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/SecurityPolicyToken.java (added)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/SecurityPolicyToken.java Tue Jan 24 01:13:40 2006
@@ -0,0 +1,239 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.security.policy.parser;
+
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.Iterator;
+
+public class SecurityPolicyToken {
+
+ /**
+ * The following values describe the type of the security token. A complex
+ * token starts a transaction because it contains nested tokens. A simple
+ * token does not contain nested tokens but stands allone an defines a
+ * simple assertion or property.
+ *
+ * If Content is set then this token contains additional text content, e.g.
+ * XPath expressions.
+ */
+ public static final int COMPLEX_TOKEN = 1;
+
+ public static final int SIMPLE_TOKEN = 2;
+
+ public static final int WITH_CONTENT = 100;
+
+ private String tokenName;
+
+ private int tokenType = 0;
+
+ // private boolean supported = false;
+
+ private String[] attributes = null;
+
+ private Object handler = null;
+
+ private Method processTokenMethod = null;
+
+ private ArrayList childTokens = null;
+
+ /**
+ * Create a SecurityPolicyToken data structure.
+ *
+ * @param token
+ * The name of the token, equals to to local name of the XML
+ * element
+ * @param type
+ * Type of the token. Either complex or simple. Can have a flag
+ * if the token containes some data.
+ * @param attribs
+ * The names of allowed attributes on this token
+ * @param h
+ * The handler object that implements the processing method. The
+ * name of a processing method is constructed by prepending a
+ * "do" to the token name
+ * @throws SecurityException
+ * @throws NoSuchMethodException
+ */
+ public SecurityPolicyToken(String token, int type, String[] attribs,
+ Object h) throws SecurityException, NoSuchMethodException {
+ this(token, type, attribs);
+
+ setProcessTokenMethod(h);
+ }
+
+ /**
+ * Create a SecurityPolicyToken data structure.
+ *
+ * @param token
+ * The name of the token, equals to to local name of the XML
+ * element
+ * @param type
+ * Type of the token. Either complex or simple. Can have a flag
+ * if the token containes some data.
+ * @param attribs
+ * The names of allowed attributes on this token processing
+ * method is constructed by prepending a "do" to the token name
+ */
+ public SecurityPolicyToken(String token, int type, String[] attribs) {
+ tokenName = token;
+ tokenType = type;
+ attributes = attribs;
+
+ if (tokenType == COMPLEX_TOKEN) {
+ childTokens = new ArrayList();
+ }
+ }
+
+ /**
+ * @return Returns the attributes.
+ */
+ public String[] getAttributes() {
+ return attributes;
+ }
+
+ /**
+ * Set the method which processes this security token.
+ *
+ * @param h
+ * The handler object that implements the processing method. The
+ * name of a processing method is constructed by prepending a
+ * "do" to the token name.
+ *
+ * @throws NoSuchMethodException
+ */
+ public void setProcessTokenMethod(Object h) throws NoSuchMethodException {
+
+ if (h == null) {
+ return;
+ }
+ handler = h;
+ Class handlerCls = h.getClass();
+ Class[] parameters = new Class[] { SecurityProcessorContext.class };
+
+ processTokenMethod = handlerCls.getDeclaredMethod("do" + tokenName,
+ parameters);
+ }
+
+ /**
+ * Invoke the processing method for this token.
+ *
+ * @param spc
+ * The SecurityProcessContext handed over to the processing
+ * method
+ * @return True if the token is processed successfully
+ * @throws IllegalArgumentException
+ * @throws IllegalAccessException
+ * @throws InvocationTargetException
+ */
+ public boolean invokeProcessTokenMethod(SecurityProcessorContext spc)
+ throws IllegalArgumentException, IllegalAccessException,
+ InvocationTargetException {
+
+ if (processTokenMethod == null) {
+ return false;
+ }
+ Object[] parameter = new Object[] { spc };
+ Object ret = processTokenMethod.invoke(handler, parameter);
+ Boolean bool;
+ if (ret instanceof Boolean) {
+ bool = (Boolean) ret;
+ return bool.booleanValue();
+ }
+ return false;
+ }
+
+ /**
+ * @return Returns the tokenName.
+ */
+ public String getTokenName() {
+ return tokenName;
+ }
+
+ /**
+ * Add a Child token to this complex token.
+ *
+ * @param spt
+ * The child token to add to this Complex token
+ */
+ public void setChildToken(SecurityPolicyToken spt) {
+ childTokens.add(spt);
+ }
+
+ /**
+ * Gets a named child token,
+ *
+ * @param sptName
+ * The token name to check for
+ * @return the SecurityPolicyToken if this token contains the named token as
+ * child token, null otherwise.
+ */
+ public SecurityPolicyToken getChildToken(String sptName) {
+ Iterator it = childTokens.iterator();
+ while (it.hasNext()) {
+ SecurityPolicyToken tmpSpt = (SecurityPolicyToken) it.next();
+ if (sptName.equals(tmpSpt.getTokenName())) {
+ return tmpSpt;
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Remove a named child token,
+ *
+ * @param sptName
+ * The token name to remove
+ */
+ public void removeChildToken(String sptName) {
+ Iterator it = childTokens.iterator();
+ while (it.hasNext()) {
+ SecurityPolicyToken tmpSpt = (SecurityPolicyToken) it.next();
+ if (sptName.equals(tmpSpt.getTokenName())) {
+ childTokens.remove(tmpSpt);
+ return;
+ }
+ }
+ }
+
+ /**
+ * Copy this SecurityPolicyToken and return the copy.
+ *
+ * Produce a copy of this SPT. The imutable fields (token name, token type,
+ * and attributes) are copied by reference. The child tokens are copied by
+ * value thus they can be modified. The handler object and the associated
+ * processing method are not copied and must be intialized.
+ *
+ * @return A new SecurityPolicyToken
+ */
+ public SecurityPolicyToken copy() {
+ SecurityPolicyToken spt = new SecurityPolicyToken(tokenName, tokenType,
+ attributes);
+ if (childTokens != null) {
+ Iterator it = childTokens.iterator();
+ while (it.hasNext()) {
+ SecurityPolicyToken tmpSpt = (SecurityPolicyToken) it.next();
+ spt.setChildToken(tmpSpt);
+ }
+ }
+ return spt;
+ }
+
+ public int getTokenType() {
+ return this.tokenType;
+ }
+}
Added: webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/SecurityProcessorContext.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/SecurityProcessorContext.java?rev=371870&view=auto
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/SecurityProcessorContext.java (added)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/SecurityProcessorContext.java Tue Jan 24 01:13:40 2006
@@ -0,0 +1,218 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.security.policy.parser;
+
+import java.util.ArrayList;
+
+import org.apache.ws.policy.PrimitiveAssertion;
+import org.apache.ws.security.policy.model.PolicyEngineData;
+import org.apache.ws.security.policy.model.RootPolicyEngineData;
+
+public class SecurityProcessorContext {
+
+ public static final int NONE = 0;
+ public static final int START = 1;
+ public static final int COMMIT = 2;
+ public static final int ABORT = 3;
+
+ public static final String[] ACTION_NAMES = new String[]{"NONE", "START", "COMMIT", "ABORT"};
+
+ private ArrayList tokenStack = new ArrayList();
+
+ private int tokenStackPointer = 0;
+
+ private PrimitiveAssertion assertion = null;
+
+ private ArrayList pedStack = new ArrayList();
+
+ private int pedStackPointer = 0;
+ private int action = NONE;
+
+ public SecurityProcessorContext() {
+ }
+
+ /**
+ * Gets the action to perform in the processing method.
+ *
+ * @return The action
+ */
+ public int getAction() {
+ return action;
+ }
+
+ /**
+ * Sets to action to perform in the processing method.
+ *
+ * @param act The actio to set. Either NONE, START, COMMIT, or ABORT
+ */
+ public void setAction(int act) {
+ this.action = act;
+ }
+ /**
+ * Get the current assertion that is being processed.
+ *
+ * This is always a PrimitiveAssertion.
+ *
+ * @return The current assertion.
+ */
+ public PrimitiveAssertion getAssertion() {
+ return assertion;
+ }
+
+ /**
+ * Set the current assertion that is being processed.
+ *
+ * This is always a primitive assertion.
+ *
+ * @param asrt The assertion to set
+ */
+ public void setAssertion(PrimitiveAssertion asrt) {
+ this.assertion = asrt;
+ }
+
+ /**
+ * Push a SecurityPolicyToken onto the token stack.
+ *
+ * The pushed token becomes the current token. The current token is the
+ * starting point for further parsing.
+ *
+ * @param spt
+ * The SecurityPolicyToken to push on the stack
+ */
+ public void pushSecurityToken(SecurityPolicyToken spt) {
+ tokenStack.add(tokenStackPointer, spt);
+ tokenStackPointer++;
+ }
+
+ /**
+ * Pop a SecurityPolicyToken from the token stack.
+ *
+ * If the stack contains at least one token the method pops the topmost
+ * token from the stack and returns it. If the stack is empty the method
+ * returns a <code>null</code>.
+ *
+ * @return The topmost SecurityPolicyToken or null if the stack is empty.
+ */
+ public SecurityPolicyToken popSecurityToken() {
+ if (tokenStackPointer > 0) {
+ tokenStackPointer--;
+ return (SecurityPolicyToken) tokenStack.get(tokenStackPointer);
+ } else {
+ return null;
+ }
+ }
+
+ /**
+ * Reads and returns the current SecurityPolicyToken.
+ *
+ * If the stack contains at least one token the method reads the topmost
+ * token from the stack and returns it. If the stack is empty the method
+ * returns a <code>null</code>. The method does not remove the token from
+ * the stack.
+ *
+ * @return The topmost SecurityPolicyToken or null if the stack is empty.
+ */
+ public SecurityPolicyToken readCurrentSecurityToken() {
+ if (tokenStackPointer > 0) {
+ return (SecurityPolicyToken) tokenStack.get(tokenStackPointer - 1);
+ } else {
+ return null;
+ }
+ }
+
+ /**
+ * Push a PolicyEngineData onto the PED stack.
+ *
+ * The pushed PED becomes the current PED. The current PED is the
+ * starting point for further processing.
+ *
+ * @param ped
+ * The PolicyEngineData to push on the stack
+ */
+ public void pushPolicyEngineData(PolicyEngineData ped) {
+ pedStack.add(pedStackPointer, ped);
+ pedStackPointer++;
+ }
+
+ /**
+ * Pop a PolicyEngineData from the PED stack.
+ *
+ * If the stack contains at least one PolicyEngineData the method pops the topmost
+ * PolicyEngineData from the stack and returns it. If the stack is empty the method
+ * returns a <code>null</code>.
+ *
+ * @return The topmost PolicyEngineData or null if the stack is empty.
+ */
+ public PolicyEngineData popPolicyEngineData() {
+ if (pedStackPointer > 0) {
+ pedStackPointer--;
+ return (PolicyEngineData) pedStack.get(pedStackPointer);
+ } else {
+ return null;
+ }
+ }
+
+ /**
+ * Reads and returns the current PolicyEngineData.
+ *
+ * If the stack contains at least one PolicyEngineData the method reads the topmost
+ * PolicyEngineData from the stack and returns it. If the stack is empty the method
+ * returns a <code>null</code>. The method does not remove the PolicyEngineData from
+ * the stack.
+ *
+ * @return The topmost PolicyEngineData or null if the stack is empty.
+ */
+ public PolicyEngineData readCurrentPolicyEngineData() {
+ if (pedStackPointer > 0) {
+ return (PolicyEngineData) pedStack.get(pedStackPointer - 1);
+ } else {
+ return null;
+ }
+ }
+
+ public PolicyEngineData readPreviousPolicyEngineData() {
+ if (pedStackPointer > 1) {
+ return (PolicyEngineData) pedStack.get(pedStackPointer - 2);
+ } else {
+ return null;
+ }
+ }
+
+
+ public PolicyEngineData commitPolicyEngineData() {
+ if (pedStackPointer > 2) {
+ pedStackPointer--;
+ PolicyEngineData ped = (PolicyEngineData) pedStack.get(pedStackPointer);
+ return ped;
+ } else if(pedStackPointer == 2) {
+ RootPolicyEngineData rootData = (RootPolicyEngineData)this.pedStack.get(0);
+ rootData.addTopLevelPED(readCurrentPolicyEngineData());
+ pedStackPointer--;
+ return (PolicyEngineData) pedStack.get(pedStackPointer);
+ } else {
+ return null;
+ }
+ }
+
+ /**
+ * @return Returns the pedStack.
+ */
+ public ArrayList getPedStack() {
+ return pedStack;
+ }
+
+
+}
Added: webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/WSSPolicyProcessor.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/WSSPolicyProcessor.java?rev=371870&view=auto
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/WSSPolicyProcessor.java (added)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/WSSPolicyProcessor.java Tue Jan 24 01:13:40 2006
@@ -0,0 +1,375 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.security.policy.parser;
+
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.lang.reflect.InvocationTargetException;
+import java.util.Iterator;
+import java.util.List;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ws.policy.AndCompositeAssertion;
+import org.apache.ws.policy.Assertion;
+import org.apache.ws.policy.Policy;
+import org.apache.ws.policy.PrimitiveAssertion;
+import org.apache.ws.policy.XorCompositeAssertion;
+import org.apache.ws.policy.util.PolicyFactory;
+import org.apache.ws.policy.util.PolicyReader;
+import org.apache.ws.security.policy.WSSPolicyException;
+import org.apache.ws.security.policy.model.PolicyEngineData;
+import org.apache.ws.security.policy.model.RootPolicyEngineData;
+import org.apache.ws.security.policy.parser.processors.AsymmetricBindingProcessor;
+import org.apache.ws.security.policy.parser.processors.EncryptedPartsElementsProcessor;
+import org.apache.ws.security.policy.parser.processors.SignedPartsElementsProcessor;
+import org.apache.ws.security.policy.parser.processors.SymmetricBindingProcessor;
+import org.apache.ws.security.policy.parser.processors.Wss10Processor;
+import org.apache.ws.security.policy.parser.processors.Wss11Processor;
+
+
+/**
+ * @author Werner Dittmann (werner@apache.org)
+ */
+
+public class WSSPolicyProcessor {
+
+ private static Log log = LogFactory.getLog(WSSPolicyProcessor.class);
+
+ FileInputStream fis = null;
+
+ PolicyReader prdr = null;
+
+ Policy merged = null;
+
+ SecurityPolicyToken topLevel = new SecurityPolicyToken("_TopLevel_",
+ SecurityPolicyToken.COMPLEX_TOKEN, null);
+
+ SecurityProcessorContext secProcessorContext = null;
+
+ boolean setup() throws NoSuchMethodException {
+ prdr = PolicyFactory.getPolicyReader(PolicyFactory.OM_POLICY_READER);
+
+ /*
+ * Initialize the top level security policy token.
+ */
+ SecurityPolicyToken spt = null;
+
+ SignedPartsElementsProcessor spep = new SignedPartsElementsProcessor();
+ spt = SecurityPolicy.signedParts.copy();
+ spt.setProcessTokenMethod(spep);
+ topLevel.setChildToken(spt);
+
+ spt = SecurityPolicy.signedElements.copy();
+ spt.setProcessTokenMethod(spep);
+ topLevel.setChildToken(spt);
+
+ EncryptedPartsElementsProcessor epep = new EncryptedPartsElementsProcessor();
+ spt = SecurityPolicy.encryptedParts.copy();
+ spt.setProcessTokenMethod(epep);
+ topLevel.setChildToken(spt);
+
+ spt = SecurityPolicy.encryptedElements.copy();
+ spt.setProcessTokenMethod(epep);
+ topLevel.setChildToken(spt);
+
+ spt = SecurityPolicy.asymmetricBinding.copy();
+ spt.setProcessTokenMethod(new AsymmetricBindingProcessor());
+ topLevel.setChildToken(spt);
+
+ spt = SecurityPolicy.symmetricBinding.copy();
+ spt.setProcessTokenMethod(new SymmetricBindingProcessor());
+ topLevel.setChildToken(spt);
+
+ spt = SecurityPolicy.wss10.copy();
+ spt.setProcessTokenMethod(new Wss10Processor());
+ topLevel.setChildToken(spt);
+
+ spt = SecurityPolicy.wss11.copy();
+ spt.setProcessTokenMethod(new Wss11Processor());
+ topLevel.setChildToken(spt);
+
+ /*
+ * Now get the initial PolicyEngineData, initialize it and put it onto
+ * the PED stack.
+ */
+ PolicyEngineData ped = new RootPolicyEngineData();
+ ped.initializeWithDefaults();
+
+ /*
+ * Now get a context and push the top level token onto the token stack.
+ * The top level token is a special token that acts as anchor to start
+ * parsing.
+ */
+ secProcessorContext = new SecurityProcessorContext();
+ secProcessorContext.pushSecurityToken(topLevel);
+ secProcessorContext.pushPolicyEngineData(ped);
+
+ return true;
+ }
+
+ void go(String[] args) {
+
+ merged = null;
+ for (int i = 0; i < args.length; i++) {
+ try {
+ fis = new FileInputStream(args[i]);
+ } catch (FileNotFoundException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+
+ Policy newPolicy = prdr.readPolicy(fis);
+ newPolicy = (Policy) newPolicy.normalize();
+
+ if (merged == null) {
+ merged = newPolicy;
+ } else {
+ merged = (Policy) merged.merge(newPolicy);
+ }
+ try {
+ fis.close();
+ } catch (IOException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+ if (processPolicy(merged)) {
+ log.debug("Security Policy sucessfully parsed");
+ } else {
+ log.debug("Security Policy not sucessfully parsed");
+ }
+ }
+
+ /**
+ * This method takes a normalized policy object, processes it and returns
+ * true if all assertion can be fulfilled.
+ *
+ * Each policy must be nromalized accordig to the WS Policy framework
+ * specification. Therefore a policy has one child (wsp:ExactlyOne) that is
+ * a XorCompositeAssertion. This child may contain one or more other terms
+ * (alternatives). To match the policy one of these terms (alternatives)
+ * must match. If none of the contained terms match this policy cannot be
+ * enforced.
+ *
+ * @param policy
+ * The policy to process
+ * @return True if this policy can be enforced by the policy enforcement
+ * implmentation
+ */
+ public boolean processPolicy(Policy policy) {
+
+ if (!policy.isNormalized()) {
+ throw new RuntimeException("Policy is not in normalized format");
+ }
+
+ XorCompositeAssertion xor = (XorCompositeAssertion) policy.getTerms()
+ .get(0);
+ List listOfPolicyAlternatives = xor.getTerms();
+
+ boolean success = false;
+ int numberOfAlternatives = listOfPolicyAlternatives.size();
+
+ for (int i = 0; !success && i < numberOfAlternatives; i++) {
+ AndCompositeAssertion aPolicyAlternative = (AndCompositeAssertion) listOfPolicyAlternatives
+ .get(i);
+
+ List listOfAssertions = aPolicyAlternative.getTerms();
+
+ Iterator iterator = listOfAssertions.iterator();
+ /*
+ * Loop over all assertions in this alternative. If all assertions
+ * can be fulfilled then we choose this alternative and signal a
+ * success.
+ */
+ boolean all = true;
+ while (all && iterator.hasNext()) {
+ Assertion assertion = (Assertion) iterator.next();
+
+ /*
+ * At this point we expect PrimitiveAssertions only.
+ */
+ if (!(assertion instanceof PrimitiveAssertion)) {
+ log.debug("Got a unexpected assertion type: "
+ + assertion.getClass().getName());
+ continue;
+ }
+ /*
+ * We need to pick only the primitive assertions which contain a
+ * WSSecurityPolicy policy assertion. For that we'll check the
+ * namespace of the primitive assertion
+ */
+ PrimitiveAssertion pa = (PrimitiveAssertion) assertion;
+ if (!(pa.getName().getNamespaceURI()
+ .equals("http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"))) {
+ log.debug("Got a unexpected assertion: "
+ + pa.getName().getLocalPart());
+ continue;
+ }
+ all = processPrimitiveAssertion((PrimitiveAssertion) assertion);
+ }
+ /*
+ * copy the status of assertion processing. If all is true then this
+ * alternative is "success"ful
+ */
+ success = all;
+ }
+ return success;
+ }
+
+ boolean processPrimitiveAssertion(PrimitiveAssertion pa) {
+ boolean commit = true;
+
+ commit = startPolicyTransaction(pa);
+
+ List terms = pa.getTerms();
+ if (commit && terms.size() > 0) {
+ for (int i = 0; commit && i < terms.size(); i++) {
+ Assertion assertion = (Assertion) pa.getTerms().get(i);
+ if (assertion instanceof Policy) {
+ commit = processPolicy((Policy) assertion);
+ } else if (assertion instanceof PrimitiveAssertion) {
+ commit = processPrimitiveAssertion((PrimitiveAssertion) assertion);
+ }
+ }
+ }
+ if (commit) {
+ commitPolicyTransaction(pa);
+ } else {
+ abortPolicyTransaction(pa);
+ }
+ return commit;
+ }
+
+ public boolean startPolicyTransaction(PrimitiveAssertion pa) {
+
+ String tokenName = pa.getName().getLocalPart();
+
+ SecurityPolicyToken spt = null;
+
+ /*
+ * Get the current security token from the context and check if the
+ * current token supports/contains this assertion as token. If yes set
+ * this token as current token (push onto stack), set the assertion into
+ * context and call the processing method for this token.
+ */
+ SecurityPolicyToken currentToken = secProcessorContext
+ .readCurrentSecurityToken();
+ if (currentToken == null) {
+ log.error("Internal error on token stack - No current token");
+ System.exit(1);
+ }
+ spt = currentToken.getChildToken(tokenName);
+ secProcessorContext.pushSecurityToken(spt);
+ secProcessorContext.setAssertion(pa);
+ secProcessorContext.setAction(SecurityProcessorContext.START);
+
+ boolean ret = false;
+
+ try {
+
+ if(spt.getTokenType() == SecurityPolicyToken.COMPLEX_TOKEN && secProcessorContext.getAction() == SecurityProcessorContext.START) {
+ secProcessorContext.pushPolicyEngineData(PolicyEngineData.copy(pa.getName()));
+ }
+
+ if (spt == null) {
+ log.debug("Security token: '" + tokenName
+ + "' unknown in context of '"
+ + currentToken.getTokenName());
+ return false;
+ }
+
+ ret = spt.invokeProcessTokenMethod(secProcessorContext);
+
+ } catch (IllegalArgumentException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (IllegalAccessException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (InvocationTargetException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (WSSPolicyException e) {
+ e.printStackTrace();
+ } finally {
+ secProcessorContext.setAction(SecurityProcessorContext.NONE);
+ }
+ return ret;
+ }
+
+ public void abortPolicyTransaction(PrimitiveAssertion pa) {
+ SecurityPolicyToken currentToken = secProcessorContext
+ .readCurrentSecurityToken();
+ if (currentToken == null) {
+ secProcessorContext.popSecurityToken();
+ log.debug("Abort transaction because of unknown token: '"
+ + pa.getName().getLocalPart() + "'");
+ return;
+ }
+ secProcessorContext.setAssertion(pa);
+ secProcessorContext.setAction(SecurityProcessorContext.ABORT);
+ try {
+ currentToken.invokeProcessTokenMethod(secProcessorContext);
+ } catch (IllegalArgumentException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (IllegalAccessException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (InvocationTargetException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } finally {
+ secProcessorContext.setAction(SecurityProcessorContext.NONE);
+ secProcessorContext.popSecurityToken();
+ secProcessorContext.popPolicyEngineData();
+
+ }
+ }
+
+ public void commitPolicyTransaction(PrimitiveAssertion pa) {
+ SecurityPolicyToken currentToken = secProcessorContext
+ .readCurrentSecurityToken();
+ if (currentToken == null) {
+ log.error("Internal error on token stack - Commiting an unknown token: "
+ + pa.getName().getLocalPart() + "'");
+ System.exit(1);
+ }
+ secProcessorContext.setAssertion(pa);
+ secProcessorContext.setAction(SecurityProcessorContext.COMMIT);
+ try {
+ currentToken.invokeProcessTokenMethod(secProcessorContext);
+ } catch (IllegalArgumentException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (IllegalAccessException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (InvocationTargetException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } finally {
+ secProcessorContext.setAction(SecurityProcessorContext.NONE);
+ secProcessorContext.popSecurityToken();
+ if(currentToken.getTokenType() == SecurityPolicyToken.COMPLEX_TOKEN) {
+ secProcessorContext.commitPolicyEngineData();
+ }
+ }
+ }
+}
Added: webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/package.html
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/package.html?rev=371870&view=auto
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/package.html (added)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/package.html Tue Jan 24 01:13:40 2006
@@ -0,0 +1,117 @@
+<!-- <!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+ -->
+<html>
+<head>
+ <title>Parser for Web Services Security Policy Language</title>
+<!--
+
+ @(#)Parser for Web Services Security Policy Language
+
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+</head>
+<body bgcolor="white">
+
+This parser shows how to use the generic Policy implementation to read, process,
+and decide on policies. The generic Policy implementation provides the framework
+to read, normalize, merge, and intersect policies. The generic implementation
+follows the specifications laid down in the document
+<a href="http://www-128.ibm.com/developerworks/webservices/library/specification/ws-polfram/">
+<i>Web Services Policy Framework</i></a>.
+<p/>
+The <i>Parser for Web Services Security Policy Language</i> uses the generic policy
+implementation to read, normalize, and merge Web Service Sercurity policy files. The
+parser then parses and processes the specific Web Services Security Policy assertions.
+The document <a href="http://www-128.ibm.com/developerworks/library/specification/ws-secpol/">
+<i>Web Services Security Policy Language</i></a> defines the specific Web Service
+Security Policy assertions.
+<p/>
+This is an example and the parser provides a skeleton for further development. Currently
+the processing methods of all assertions return <code>true</code>, that is every assertion
+is accepted.
+
+<h3>Prerequisties</h3>
+To be able to run the generic Policy implementation and the associated examples you
+need several additonal Jar files from the current Axis2 development because some
+examples use the StAX API and the OM XML datamodell implemented in Axis2. Currently
+you need
+
+<ul>
+ <li>Axis2-0.94.jar</li>
+ <li>axis2-wsdl-0.94.jar</li>
+ <li>axis2-common-0.94.jar</li>
+ <li>wsdl4j-1.5.1.jar</li>
+ <li>stax-api-1.0.jar</li>
+ <li>stax-1.1.2.jar</li>
+</ul>
+
+In addition you also need the ubiquitous log4j, junit and commons-logging jars. At least
+this is the enviroment I currently use. For the Axis2 files you may use the according
+*SNAPSHOT.jar files as well.
+
+<h3>How does it work</h3>
+The main class is <code>WSSpolicyProcessorFull</code>. At first it populates the top level
+token with all security policy tokens/assertions known at the top level. All
+tokens/assertions are pre-initialized in the <code>SecurityPolicy</code> class file. We always
+use copies of the pre-initialized token structures. During setup the parser initializes
+the top level tokens with the objects that contain the processing methods for the
+tokens.
+<p/>
+There are two types of security policy tokens: <i>simple</i> tokens and <i>complex</i> tokens.
+Simple tokens stand for themself and do not contains subtokens or assertions. Simple
+tokens switch on properties of define a specific behaviour. Complex token contain other
+tokens and assertions. At the top level we only have complex tokens (refer to the <code>
+setup</code> method).
+<p/>
+When the parser finds a security policy assertion (<code>PrimitiveAssertion</code>) it starts
+a policy transaction (<code>startPolicyTransaction</code>). The start policy transaction
+checks if the current token contains this assertion as a child assertin. If the parser finds the
+assertion it sets up the parser context and calls the assertion's processing function. The
+processing functions use the following naming pattern: use the token's name and prepend
+this name with the string <i>do</i>. For example: the processing method of the <i>X509Token</i>
+has the name <code>doX509Token</code>. Each processing function of a complex token
+initializes its child tokens on the first call of the processing function (lazy initialization).
+<p/>
+If all children of an assertion/token are processed the policy transaction is either committed or aborted
+depending on the outcome of the processing of the child tokens. During commit transaction
+the information gathered during the processing of the child tokens can be check, validated,
+and mixed with other data. These functions are not implemented in this example. If a transaction
+has to be aborted you can perform some cleanup.
+<p/>
+All policies are parsed recursively. If a policy containes alternatives the first alternative
+that matches or can be processed is chosen.
+
+<h3>Missing stuff</h3>
+As noted before this is an example and provides some ideas how to implement a security
+policy parser. Not all top level tokens are implemented as processors (all assertions/tokens are
+pre-initialized in SecurityPolicy). The following processors are currently missing:
+
+<ul>
+ <li>IssuedToken</li>
+ <li>KerberosToken</li>
+ <li>SpnegoContextToken</li>
+ <li>SecurityContextToken</li>
+ <li>SecureConversationToken</li>
+ <li>SamlTokenAssertion</li>
+ <li>RelTokenAssertion</li>
+</ul>
+
+<!-- Put @see and @since tags down here. -->
+@since Parser for Web Services Security Policy Language 1.0
+</body>
+</html>
Added: webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/processors/AlgorithmSuiteProcessor.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/processors/AlgorithmSuiteProcessor.java?rev=371870&view=auto
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/processors/AlgorithmSuiteProcessor.java (added)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/processors/AlgorithmSuiteProcessor.java Tue Jan 24 01:13:40 2006
@@ -0,0 +1,403 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.security.policy.parser.processors;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ws.policy.PrimitiveAssertion;
+import org.apache.ws.security.policy.Constants;
+import org.apache.ws.security.policy.WSSPolicyException;
+import org.apache.ws.security.policy.model.AlgorithmSuite;
+import org.apache.ws.security.policy.model.AlgorithmWrapper;
+import org.apache.ws.security.policy.parser.SecurityPolicy;
+import org.apache.ws.security.policy.parser.SecurityPolicyToken;
+import org.apache.ws.security.policy.parser.SecurityProcessorContext;
+
+
+/**
+ * @author Werner Dittmann (werner@apache.org)
+ *
+ */
+public class AlgorithmSuiteProcessor {
+
+ private Log log = LogFactory.getLog(getClass());
+
+ private boolean initializedAlgorithmSuite = false;
+
+ /**
+ * Intialize the AlgorithmSuite complex token.
+ *
+ * This method creates a copy of the AlgorithmSuite token and sets the
+ * handler object to the copy. Then it creates copies of the child tokens
+ * that are allowed for AlgorithmSuite. These tokens are:
+ *
+ * These copies are also initialized with the handler object and then set as
+ * child tokens of AlgorithmSuite.
+ *
+ * <p/> The handler object that must contain the methods
+ * <code>doAlgorithmSuite</code>.
+ *
+ * @param spt
+ * The token that will hold the child tokens.
+ * @throws NoSuchMethodException
+ */
+
+ private void initializeAlgorithmSuite(SecurityPolicyToken spt)
+ throws NoSuchMethodException {
+
+ SecurityPolicyToken tmpSpt;
+
+ tmpSpt = SecurityPolicy.basic256.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = SecurityPolicy.basic192.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = SecurityPolicy.basic128.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = SecurityPolicy.tripleDes.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = SecurityPolicy.basic256Rsa15.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = SecurityPolicy.basic192Rsa15.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = SecurityPolicy.basic128Rsa15.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = SecurityPolicy.tripleDesRsa15.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = SecurityPolicy.basic256Sha256.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = SecurityPolicy.basic192Sha256.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = SecurityPolicy.basic128Sha256.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = SecurityPolicy.tripleDesSha256.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = SecurityPolicy.basic256Sha256Rsa15.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = SecurityPolicy.basic192Sha256Rsa15.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = SecurityPolicy.basic128Sha256Rsa15.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = SecurityPolicy.tripleDesSha256Rsa15.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = SecurityPolicy.inclusiveC14N.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = SecurityPolicy.soapNormalization10.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = SecurityPolicy.strTransform10.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = SecurityPolicy.xPath10.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = SecurityPolicy.xPathFilter20.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+ }
+
+ public Object doAlgorithmSuite(SecurityProcessorContext spc) {
+ log.debug("Processing "
+ + spc.readCurrentSecurityToken().getTokenName() + ": "
+ + SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+
+ SecurityPolicyToken spt = spc.readCurrentSecurityToken();
+ switch (spc.getAction()) {
+
+ case SecurityProcessorContext.START:
+ if (!initializedAlgorithmSuite) {
+ try {
+ initializeAlgorithmSuite(spt);
+ initializedAlgorithmSuite = true;
+ } catch (NoSuchMethodException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ return new Boolean(false);
+ }
+ }
+ log.debug(spt.getTokenName());
+ PrimitiveAssertion pa = spc.getAssertion();
+ String text = pa.getStrValue();
+ if (text != null) {
+ text = text.trim();
+ log.debug("Value: '" + text.toString() + "'");
+ }
+ case SecurityProcessorContext.COMMIT:
+ break;
+ case SecurityProcessorContext.ABORT:
+ break;
+ }
+ return new Boolean(true);
+ }
+
+ public Object doBasic256(SecurityProcessorContext spc) {
+ log.debug("Processing "
+ + spc.readCurrentSecurityToken().getTokenName() + ": "
+ + SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ this.setAlgoGroup(spc);
+ return new Boolean(true);
+ }
+
+ public Object doBasic192(SecurityProcessorContext spc) {
+ log.debug("Processing "
+ + spc.readCurrentSecurityToken().getTokenName() + ": "
+ + SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ this.setAlgoGroup(spc);
+ return new Boolean(true);
+ }
+
+ public Object doBasic128(SecurityProcessorContext spc) {
+ log.debug("Processing "
+ + spc.readCurrentSecurityToken().getTokenName() + ": "
+ + SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ this.setAlgoGroup(spc);
+ return new Boolean(true);
+ }
+
+ public Object doTripleDes(SecurityProcessorContext spc) {
+ log.debug("Processing "
+ + spc.readCurrentSecurityToken().getTokenName() + ": "
+ + SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ this.setAlgoGroup(spc);
+ return new Boolean(true);
+ }
+
+ public Object doBasic256Rsa15(SecurityProcessorContext spc) {
+ log.debug("Processing "
+ + spc.readCurrentSecurityToken().getTokenName() + ": "
+ + SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ this.setAlgoGroup(spc);
+ return new Boolean(true);
+ }
+
+ public Object doBasic192Rsa15(SecurityProcessorContext spc) {
+ log.debug("Processing "
+ + spc.readCurrentSecurityToken().getTokenName() + ": "
+ + SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ this.setAlgoGroup(spc);
+ return new Boolean(true);
+ }
+
+ public Object doBasic128Rsa15(SecurityProcessorContext spc) {
+ log.debug("Processing "
+ + spc.readCurrentSecurityToken().getTokenName() + ": "
+ + SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ this.setAlgoGroup(spc);
+ return new Boolean(true);
+ }
+
+ public Object doTripleDesRsa15(SecurityProcessorContext spc) {
+ log.debug("Processing "
+ + spc.readCurrentSecurityToken().getTokenName() + ": "
+ + SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ this.setAlgoGroup(spc);
+ return new Boolean(true);
+ }
+
+ public Object doBasic256Sha256(SecurityProcessorContext spc) {
+ log.debug("Processing "
+ + spc.readCurrentSecurityToken().getTokenName() + ": "
+ + SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ this.setAlgoGroup(spc);
+ return new Boolean(true);
+ }
+
+ public Object doBasic192Sha256(SecurityProcessorContext spc) {
+ log.debug("Processing "
+ + spc.readCurrentSecurityToken().getTokenName() + ": "
+ + SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ this.setAlgoGroup(spc);
+ return new Boolean(true);
+ }
+
+ public Object doBasic128Sha256(SecurityProcessorContext spc) {
+ log.debug("Processing "
+ + spc.readCurrentSecurityToken().getTokenName() + ": "
+ + SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ this.setAlgoGroup(spc);
+ return new Boolean(true);
+ }
+
+ public Object doTripleDesSha256(SecurityProcessorContext spc) {
+ log.debug("Processing "
+ + spc.readCurrentSecurityToken().getTokenName() + ": "
+ + SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ this.setAlgoGroup(spc);
+ return new Boolean(true);
+ }
+
+ public Object doBasic256Sha256Rsa15(SecurityProcessorContext spc) {
+ log.debug("Processing "
+ + spc.readCurrentSecurityToken().getTokenName() + ": "
+ + SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ this.setAlgoGroup(spc);
+ return new Boolean(true);
+ }
+
+ public Object doBasic192Sha256Rsa15(SecurityProcessorContext spc) {
+ log.debug("Processing "
+ + spc.readCurrentSecurityToken().getTokenName() + ": "
+ + SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ this.setAlgoGroup(spc);
+ return new Boolean(true);
+ }
+
+ public Object doBasic128Sha256Rsa15(SecurityProcessorContext spc) {
+ log.debug("Processing "
+ + spc.readCurrentSecurityToken().getTokenName() + ": "
+ + SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ this.setAlgoGroup(spc);
+ return new Boolean(true);
+ }
+
+ public Object doTripleDesSha256Rsa15(SecurityProcessorContext spc) {
+ log.debug("Processing "
+ + spc.readCurrentSecurityToken().getTokenName() + ": "
+ + SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ this.setAlgoGroup(spc);
+ return new Boolean(true);
+ }
+
+ public Object doInclusiveC14N(SecurityProcessorContext spc) {
+ log.debug("Processing "
+ + spc.readCurrentSecurityToken().getTokenName() + ": "
+ + SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ AlgorithmSuite algoSuite = (AlgorithmSuite)spc.readCurrentPolicyEngineData();
+ if(spc.getAction() == SecurityProcessorContext.COMMIT) {
+ try {
+ algoSuite.setC14n(Constants.C14N);
+ } catch (WSSPolicyException e) {
+ // TODO Throw this out
+ e.printStackTrace();
+ }
+ }
+ return new Boolean(true);
+ }
+
+ public Object doSoapNormalization10(SecurityProcessorContext spc) {
+ log.debug("Processing "
+ + spc.readCurrentSecurityToken().getTokenName() + ": "
+ + SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ AlgorithmSuite algoSuite = (AlgorithmSuite)spc.readCurrentPolicyEngineData();
+ if(spc.getAction() == SecurityProcessorContext.COMMIT) {
+ try {
+ algoSuite.setSoapNormalization(Constants.SNT);
+ } catch (WSSPolicyException e) {
+ // TODO Throw this out
+ e.printStackTrace();
+ }
+ }
+ return new Boolean(true);
+ }
+
+ public Object doStrTransform10(SecurityProcessorContext spc) {
+ log.debug("Processing "
+ + spc.readCurrentSecurityToken().getTokenName() + ": "
+ + SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ AlgorithmSuite algoSuite = (AlgorithmSuite)spc.readCurrentPolicyEngineData();
+ if(spc.getAction() == SecurityProcessorContext.COMMIT) {
+ try {
+ algoSuite.setStrTransform(Constants.STRT10);
+ } catch (WSSPolicyException e) {
+ // TODO Throw this out
+ e.printStackTrace();
+ }
+ }
+ return new Boolean(true);
+ }
+
+ public Object doXPath10(SecurityProcessorContext spc) {
+ log.debug("Processing "
+ + spc.readCurrentSecurityToken().getTokenName() + ": "
+ + SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ AlgorithmSuite algoSuite = (AlgorithmSuite)spc.readCurrentPolicyEngineData();
+ if(spc.getAction() == SecurityProcessorContext.COMMIT) {
+ try {
+ algoSuite.setXPath(Constants.XPATH);
+ } catch (WSSPolicyException e) {
+ // TODO Throw this out
+ e.printStackTrace();
+ }
+ }
+ return new Boolean(true);
+ }
+
+ public Object doXPathFilter20(SecurityProcessorContext spc) {
+ log.debug("Processing "
+ + spc.readCurrentSecurityToken().getTokenName() + ": "
+ + SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ AlgorithmSuite algoSuite = (AlgorithmSuite)spc.readCurrentPolicyEngineData();
+ if(spc.getAction() == SecurityProcessorContext.COMMIT) {
+ try {
+ algoSuite.setXPath(Constants.XPATH20);
+ } catch (WSSPolicyException e) {
+ // TODO Throw this out
+ e.printStackTrace();
+ }
+ }
+ return new Boolean(true);
+ }
+
+ private void setAlgoGroup(SecurityProcessorContext spc) {
+ if(spc.getAction() == 2) {
+ try {
+ AlgorithmSuite algoSuite = (AlgorithmSuite)spc.readCurrentPolicyEngineData();
+ algoSuite.setAlgorithmSuite(spc.getAssertion().getName().getLocalPart());
+ ((AlgorithmWrapper)spc.readPreviousPolicyEngineData()).setAlgorithmSuite(algoSuite);
+ } catch (WSSPolicyException e) {
+ // TODO row this out
+ e.printStackTrace();
+ }
+ }
+ }
+
+}