You are viewing a plain text version of this content. The canonical link for it is here.
Posted to axis-cvs@ws.apache.org by ru...@apache.org on 2005/11/05 22:01:28 UTC

svn commit: r331033 - in /webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security: WSDoAllSender.java handler/WSSHandlerConstants.java handler/config/OutflowConfiguration.java util/MessageOptimizer.java

Author: ruchithf
Date: Sat Nov  5 13:01:25 2005
New Revision: 331033

URL: http://svn.apache.org/viewcvs?rev=331033&view=rev
Log:
1.) Enable preservation of the original env - this helps in securing MTOM scenarios
2.) Added support to handle multiple xpath expressions to select content to be optimized


Modified:
    webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/WSDoAllSender.java
    webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSSHandlerConstants.java
    webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/config/OutflowConfiguration.java
    webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/util/MessageOptimizer.java

Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/WSDoAllSender.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/WSDoAllSender.java?rev=331033&r1=331032&r2=331033&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/WSDoAllSender.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/WSDoAllSender.java Sat Nov  5 13:01:25 2005
@@ -190,6 +190,14 @@
             } else {
             	SOAPEnvelope processedEnv = null;
 
+    	        String preserve = null;
+                if ((preserve = (String) getOption(WSSHandlerConstants.PRESERVE_ORIGINAL_ENV)) == null) {
+                    preserve = (String) getProperty(msgContext, WSSHandlerConstants.PRESERVE_ORIGINAL_ENV);
+                }
+                if(preserve != null) {
+                	this.preserveOriginalEnvelope = "true".equalsIgnoreCase(preserve);
+                }
+                
             	if(preserveOriginalEnvelope) {
             		processedEnv = Axis2Util.getSOAPEnvelopeFromDocument(doc,reqData.getSoapConstants(), msgContext.getEnvelope());
                    // msgContext.getEnvelope().build();

Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSSHandlerConstants.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSSHandlerConstants.java?rev=331033&r1=331032&r2=331033&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSSHandlerConstants.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSSHandlerConstants.java Sat Nov  5 13:01:25 2005
@@ -54,6 +54,9 @@
 	 */
 	public static final String OPTIMIZE_PARTS = "optimizeParts";
 	
+	public static final String PRESERVE_ORIGINAL_ENV = "preserveOriginalEnvelope";
+	
+	
 	/*
 	 * These are useful in configuring using the OutflowConfiguration 
 	 * and InflowConfiguration 

Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/config/OutflowConfiguration.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/config/OutflowConfiguration.java?rev=331033&r1=331032&r2=331033&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/config/OutflowConfiguration.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/config/OutflowConfiguration.java Sat Nov  5 13:01:25 2005
@@ -490,4 +490,22 @@
 		return (String) this.actionList[this.currentAction]
 				.get(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION);
 	}
+	
+	/**
+	 * Sets whether signature confirmation should be enabled or not
+	 * @param embeddedKeyName
+	 */
+	public void setPreserveOriginalEnvelope(boolean value) {
+		this.actionList[this.currentAction].put(
+				WSSHandlerConstants.PRESERVE_ORIGINAL_ENV, value?"true":"false");
+	}
+	
+	/**
+	 * Returns whether signature confirmation should be enabled or not
+	 * @return
+	 */
+	public String getPreserveOriginalEnvelope() {
+		return (String) this.actionList[this.currentAction]
+				.get(WSSHandlerConstants.PRESERVE_ORIGINAL_ENV);
+	}
 }

Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/util/MessageOptimizer.java
URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/util/MessageOptimizer.java?rev=331033&r1=331032&r2=331033&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/util/MessageOptimizer.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/util/MessageOptimizer.java Sat Nov  5 13:01:25 2005
@@ -26,8 +26,11 @@
 import org.jaxen.SimpleNamespaceContext;
 import org.jaxen.XPath;
 
+import sun.security.krb5.internal.n;
+
 import java.util.Iterator;
 import java.util.List;
+import java.util.StringTokenizer;
 
 /**
  * Utility class to handle MTOM-Optimizing Base64 Text values
@@ -37,21 +40,28 @@
 	/**
 	 * Mark the requied Base64 text values as optimized
 	 * @param env
-	 * @param optimizeParts This is a set of xPath expressions 
-	 * (NOTE: Right now we support only one expression)
+	 * @param optimizeParts This is a set of xPath expressions
+	 *  
 	 * @throws WSSecurityException
 	 */
 	public static void optimize(SOAPEnvelope env, String optimizeParts) throws WSSecurityException {
+		String separater = "<>";
+		StringTokenizer tokenizer = new StringTokenizer(optimizeParts, separater);
 		
-		//Find binary content
-		List list = findElements(env,optimizeParts);
-		
-		Iterator cipherValueElements = list.iterator();
-		
-		while (cipherValueElements.hasNext()) {
-			OMElement element = (OMElement) cipherValueElements.next();
-			OMText text = (OMText)element.getFirstOMChild();
-			text.setOptimize(true);
+		while(tokenizer.hasMoreTokens()) {
+			
+			String xpathExpr = tokenizer.nextToken(); 
+			
+			//Find binary content
+			List list = findElements(env,xpathExpr);
+			
+			Iterator cipherValueElements = list.iterator();
+			
+			while (cipherValueElements.hasNext()) {
+				OMElement element = (OMElement) cipherValueElements.next();
+				OMText text = (OMText)element.getFirstOMChild();
+				text.setOptimize(true);
+			}
 		}
 	}