cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From egl...@apache.org
Subject svn commit: r517217 - in /incubator/cxf/trunk: api/src/main/java/org/apache/cxf/message/ api/src/main/java/org/apache/cxf/security/ api/src/main/java/org/apache/cxf/security/transport/ rt/transports/http/src/main/java/org/apache/cxf/transport/http/ rt/...
Date Mon, 12 Mar 2007 13:54:39 GMT
Author: eglynn
Date: Mon Mar 12 06:54:37 2007
New Revision: 517217

URL: http://svn.apache.org/viewvc?view=rev&rev=517217
Log:
Committing patch for CXF-445 on behalf of Fred Dushin, with some modifications.

Added:
    incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/StringMap.java   (with props)
    incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/StringMapImpl.java   (with
props)
    incubator/cxf/trunk/api/src/main/java/org/apache/cxf/security/
    incubator/cxf/trunk/api/src/main/java/org/apache/cxf/security/transport/
    incubator/cxf/trunk/api/src/main/java/org/apache/cxf/security/transport/TLSSessionInfo.java
  (with props)
Modified:
    incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/Exchange.java
    incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/ExchangeImpl.java
    incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/Message.java
    incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/MessageImpl.java
    incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/JettyHTTPDestination.java
    incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
    incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/ServletController.java
    incubator/cxf/trunk/rt/transports/http2/src/main/java/org/apache/cxf/transport/http/JettyHTTPDestination.java
    incubator/cxf/trunk/rt/transports/http2/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
    incubator/cxf/trunk/rt/transports/http2/src/main/java/org/apache/cxf/transport/servlet/ServletController.java
    incubator/cxf/trunk/rt/transports/http2/src/test/java/org/apache/cxf/transport/http/JettyHTTPDestinationTest.java

Modified: incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/Exchange.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/Exchange.java?view=diff&rev=517217&r1=517216&r2=517217
==============================================================================
--- incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/Exchange.java (original)
+++ incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/Exchange.java Mon Mar 12
06:54:37 2007
@@ -19,13 +19,11 @@
 
 package org.apache.cxf.message;
 
-import java.util.Map;
-
 import org.apache.cxf.transport.Conduit;
 import org.apache.cxf.transport.Destination;
 import org.apache.cxf.transport.Session;
 
-public interface Exchange extends Map<String, Object> {
+public interface Exchange extends StringMap {
     Message getInMessage();
     void setInMessage(Message m);
     
@@ -70,19 +68,4 @@
      * @param b true if the exchange is known to be a one-way exchange
      */
     void setOneWay(boolean b);
-    
-    /**
-     * Convenience method for storing/retrieving typed objects from the map.
-     * equivalent to:  (T)get(key.getName());
-     * @param key the key
-     * @return the value
-     */
-    <T> T get(Class<T> key);
-    /**
-     * Convenience method for storing/retrieving typed objects from the map.
-     * equivalent to:  put(key.getName(), value);
-     * @param key the key
-     * @param value the value
-     */
-    <T> void put(Class<T> key, T value);
 }

Modified: incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/ExchangeImpl.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/ExchangeImpl.java?view=diff&rev=517217&r1=517216&r2=517217
==============================================================================
--- incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/ExchangeImpl.java (original)
+++ incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/ExchangeImpl.java Mon Mar
12 06:54:37 2007
@@ -19,13 +19,11 @@
 
 package org.apache.cxf.message;
 
-import java.util.HashMap;
-
 import org.apache.cxf.transport.Conduit;
 import org.apache.cxf.transport.Destination;
 import org.apache.cxf.transport.Session;
 
-public class ExchangeImpl extends HashMap<String, Object> implements Exchange {
+public class ExchangeImpl extends StringMapImpl implements Exchange {
 
     private Destination destination;
     private Conduit conduit;
@@ -90,14 +88,6 @@
         if (null != m) {
             m.setExchange(this);
         }
-    }
-    
-    public <T> T get(Class<T> key) {
-        return key.cast(get(key.getName()));
-    }
-
-    public <T> void put(Class<T> key, T value) {
-        put(key.getName(), value);
     }
 
     public boolean isOneWay() {

Modified: incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/Message.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/Message.java?view=diff&rev=517217&r1=517216&r2=517217
==============================================================================
--- incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/Message.java (original)
+++ incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/Message.java Mon Mar 12 06:54:37
2007
@@ -20,14 +20,13 @@
 package org.apache.cxf.message;
 
 import java.util.Collection;
-import java.util.Map;
 import java.util.Set;
 
 import org.apache.cxf.interceptor.InterceptorChain;
 import org.apache.cxf.transport.Conduit;
 import org.apache.cxf.transport.Destination;
 
-public interface Message extends Map<String, Object> {
+public interface Message extends StringMap {
     
     String TRANSPORT = "org.apache.cxf.transport";    
     String REQUESTOR_ROLE = "org.apache.cxf.client";
@@ -110,21 +109,6 @@
      * @return the set of currently encapsulated content formats
      */
     Set<Class<?>> getContentFormats();
-    
-    /**
-     * Convenience method for storing/retrieving typed objects from the map.
-     * equivalent to:  (T)get(key.getName());
-     * @param key the key
-     * @return the value
-     */
-    <T> T get(Class<T> key);
-    /**
-     * Convenience method for storing/retrieving typed objects from the map.
-     * equivalent to:  put(key.getName(), value);
-     * @param key the key
-     * @param value the value
-     */
-    <T> void put(Class<T> key, T value);
     
     Object getContextualProperty(String key);   
 }

Modified: incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/MessageImpl.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/MessageImpl.java?view=diff&rev=517217&r1=517216&r2=517217
==============================================================================
--- incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/MessageImpl.java (original)
+++ incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/MessageImpl.java Mon Mar
12 06:54:37 2007
@@ -31,7 +31,7 @@
 import org.apache.cxf.transport.Conduit;
 import org.apache.cxf.transport.Destination;
 
-public class MessageImpl extends HashMap<String, Object> implements Message {
+public class MessageImpl extends StringMapImpl implements Message {
     private Collection<Attachment> attachments;
     private Conduit conduit;
     private Destination destination;
@@ -103,14 +103,6 @@
 
     public void setInterceptorChain(InterceptorChain ic) {
         this.interceptorChain = ic;
-    }
-    
-    public <T> T get(Class<T> key) {
-        return key.cast(get(key.getName()));
-    }
-
-    public <T> void put(Class<T> key, T value) {
-        put(key.getName(), value);
     }
 
     public Object getContextualProperty(String key) {

Added: incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/StringMap.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/StringMap.java?view=auto&rev=517217
==============================================================================
--- incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/StringMap.java (added)
+++ incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/StringMap.java Mon Mar 12
06:54:37 2007
@@ -0,0 +1,41 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.message;
+
+import java.util.Map;
+
+public interface StringMap extends Map<String, Object> {
+    
+    /**
+     * Convenience method for storing/retrieving typed objects from the map.
+     * equivalent to:  (T)get(key.getName());
+     * @param key the key
+     * @return the value
+     */
+    <T> T get(Class<T> key);
+    
+    /**
+     * Convenience method for storing/retrieving typed objects from the map.
+     * equivalent to:  put(key.getName(), value);
+     * @param key the key
+     * @param value the value
+     */
+    <T> void put(Class<T> key, T value);
+}

Propchange: incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/StringMap.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/StringMapImpl.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/StringMapImpl.java?view=auto&rev=517217
==============================================================================
--- incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/StringMapImpl.java (added)
+++ incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/StringMapImpl.java Mon Mar
12 06:54:37 2007
@@ -0,0 +1,35 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.message;
+
+import java.util.HashMap;
+
+public class StringMapImpl 
+    extends HashMap<String, Object> 
+    implements StringMap {
+    
+    public <T> T get(Class<T> key) {
+        return key.cast(get(key.getName()));
+    }
+
+    public <T> void put(Class<T> key, T value) {
+        put(key.getName(), value);
+    }
+}

Propchange: incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/StringMapImpl.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/cxf/trunk/api/src/main/java/org/apache/cxf/security/transport/TLSSessionInfo.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/api/src/main/java/org/apache/cxf/security/transport/TLSSessionInfo.java?view=auto&rev=517217
==============================================================================
--- incubator/cxf/trunk/api/src/main/java/org/apache/cxf/security/transport/TLSSessionInfo.java
(added)
+++ incubator/cxf/trunk/api/src/main/java/org/apache/cxf/security/transport/TLSSessionInfo.java
Mon Mar 12 06:54:37 2007
@@ -0,0 +1,96 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.security.transport;
+
+import java.security.cert.Certificate;
+import javax.net.ssl.SSLSession;
+
+/**
+ * An immutable struct that contains information about a negotiated
+ * TLS Session, including the (potentially negotiated) peer certificates
+ * as well as the currently effective TLS ciper suite.
+ */
+public class TLSSessionInfo {
+
+    private final SSLSession sslSession;
+    private final Certificate[] peerCertificates;
+    private final String cipherSuite;
+    
+    /**
+     * This constructor has the effect of calling
+     * TLSSessionInfo(null, suite)
+     */
+    public TLSSessionInfo(
+        final String suite
+    ) {
+        this(suite, null, null);
+    }
+    
+    /**
+     * @param       suite
+     *              The negotiated cipher suite
+     *              This parameter may not be null, by contract
+     *
+     * @param       session
+     *              The JSSE representation of the SSL Session
+     *              negotiated with the peer (optionally null, if
+     *              it is unavailable)
+     *
+     * @param       certs
+     *              the peer X.509 certificate chain (optinally null)
+     */
+    public TLSSessionInfo(
+        final String suite,
+        final SSLSession session,
+        final Certificate[] certs
+    ) {
+        assert suite != null;
+        cipherSuite = suite;
+        sslSession = session;
+        peerCertificates = certs;
+    }
+
+    /**
+     * @return      the negotiated cipher suite.  This attribute is
+     *              guaranteed to be non-null.
+     */
+    public final String getChipherSuite() {
+        return cipherSuite;
+    }
+
+    /**
+     * @return      the peer X.509 certificate chain, as negotiated
+     *              though the TLS handshake.  This attribute may be
+     *              null, for example, if the SSL peer has not been
+     *              authenticated.
+     */
+    public final Certificate[] getPeerCertificates() {
+        return peerCertificates;
+    }
+
+    /**
+     * @return      the negotiated SSL Session.  This attribute may be
+     *              null if it is unavailable from the underlying
+     *              transport.
+     */
+    public final SSLSession getSSLSession() {
+        return sslSession;
+    }
+}

Propchange: incubator/cxf/trunk/api/src/main/java/org/apache/cxf/security/transport/TLSSessionInfo.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/JettyHTTPDestination.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/JettyHTTPDestination.java?view=diff&rev=517217&r1=517216&r2=517217
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/JettyHTTPDestination.java
(original)
+++ incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/JettyHTTPDestination.java
Mon Mar 12 06:54:37 2007
@@ -43,6 +43,7 @@
 import org.apache.cxf.transport.AbstractDestination;
 import org.apache.cxf.transport.Conduit;
 import org.apache.cxf.transport.ConduitInitiator;
+import org.apache.cxf.transport.https.SSLUtils;
 import org.apache.cxf.transports.http.QueryHandler;
 import org.apache.cxf.transports.http.QueryHandlerRegistry;
 import org.mortbay.http.HttpRequest;
@@ -256,11 +257,11 @@
                 inMessage.put(Message.BASE_PATH, new URL(endpointInfo.getAddress()).getPath());
             }
             inMessage.put(Message.FIXED_PARAMETER_ORDER, isFixedParameterOrder());
-            inMessage.put(Message.ASYNC_POST_RESPONSE_DISPATCH, Boolean.TRUE); 
-            
+            inMessage.put(Message.ASYNC_POST_RESPONSE_DISPATCH, Boolean.TRUE);
             setHeaders(inMessage);
-
             inMessage.setDestination(this);
+            
+            SSLUtils.propogateSecureSession(req, inMessage);
 
             incomingObserver.onMessage(inMessage);
 

Modified: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java?view=diff&rev=517217&r1=517216&r2=517217
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
(original)
+++ incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
Mon Mar 12 06:54:37 2007
@@ -28,6 +28,7 @@
 import java.security.KeyManagementException;
 import java.security.KeyStore;
 import java.security.NoSuchAlgorithmException;
+import java.security.cert.Certificate;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
@@ -41,11 +42,19 @@
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLPeerUnverifiedException;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocket;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
+import javax.servlet.http.HttpServletRequest;
 
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.configuration.security.FiltersType;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.security.transport.TLSSessionInfo;
+import org.mortbay.http.HttpConnection;
+import org.mortbay.http.HttpRequest;
 
 /**
  * Holder for utility methods related to manipulating SSL settings, common
@@ -59,6 +68,7 @@
     private static final String DEFAULT_TRUST_STORE_TYPE = "JKS";
     private static final String DEFAULT_SECURE_SOCKET_PROTOCOL = "TLSv1";
     private static final String CERTIFICATE_FACTORY_TYPE = "X.509";
+    private static final String SERVLET_SSL_SESSION_ATTRIBUTE = "javax.net.ssl.session";
     
     private static final boolean DEFAULT_REQUIRE_CLIENT_AUTHENTICATION = false;
     private static final boolean DEFAULT_WANT_CLIENT_AUTHENTICATION = true;
@@ -522,6 +532,60 @@
         return wantClientAuthentication;
     }    
    
+    /**
+     * Propogate in the message a TLSSessionInfo instance representative  
+     * of the TLS-specific information in the HTTP request.
+     * 
+     * @param req the Jetty request
+     * @param message the Message
+     */
+    public static void propogateSecureSession(HttpRequest req,
+                                              Message message) {
+        final HttpConnection httpCon = req.getHttpConnection();
+        if (httpCon != null) {
+            final Object connection = httpCon.getConnection();
+            if (connection instanceof SSLSocket) {
+                final SSLSocket socket = (SSLSocket) connection;
+                final SSLSession session = socket.getSession();
+                Certificate[] certs = null;
+                try {
+                    certs = session.getPeerCertificates();
+                } catch (final SSLPeerUnverifiedException e) {
+                    // peer has not been verified
+                }
+                message.put(TLSSessionInfo.class,
+                            new TLSSessionInfo(session.getCipherSuite(),
+                                               session,
+                                               certs));
+            }
+        }
+    }
+
+    /**
+     * Propogate in the message a TLSSessionInfo instance representative  
+     * of the TLS-specific information in the HTTP request.
+     * 
+     * @param req the servlet request
+     * @param message the Message
+     */
+    public static void propogateSecureServletSession(HttpServletRequest request,
+                                                     Message message) {
+        SSLSession session = 
+            (SSLSession) request.getAttribute(SERVLET_SSL_SESSION_ATTRIBUTE);
+        if (session != null) {
+            Certificate[] certs = null;
+            try {
+                certs = session.getPeerCertificates();
+            } catch (final SSLPeerUnverifiedException e) {
+                // peer has not been verified
+            }
+            message.put(TLSSessionInfo.class,
+                        new TLSSessionInfo(session.getCipherSuite(),
+                                           session,
+                                           certs));
+        }
+    }
+    
     protected static void logUnSupportedPolicies(Object policy,
                                                  boolean client,
                                                  String[] unsupported,

Modified: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/ServletController.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/ServletController.java?view=diff&rev=517217&r1=517216&r2=517217
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/ServletController.java
(original)
+++ incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/ServletController.java
Mon Mar 12 06:54:37 2007
@@ -46,6 +46,7 @@
 import org.apache.cxf.service.model.EndpointInfo;
 import org.apache.cxf.tools.common.extensions.soap.SoapAddress;
 import org.apache.cxf.tools.util.SOAPBindingUtil;
+import org.apache.cxf.transport.https.SSLUtils;
 import org.apache.cxf.transports.http.QueryHandler;
 import org.apache.cxf.transports.http.QueryHandlerRegistry;
 import org.apache.cxf.wsdl11.ServiceWSDLBuilder;
@@ -168,7 +169,7 @@
             inMessage.put(Message.QUERY_STRING, request.getQueryString());
             inMessage.put(Message.CONTENT_TYPE, request.getContentType());
             inMessage.put(Message.ENCODING, request.getCharacterEncoding());
-            
+            SSLUtils.propogateSecureServletSession(request, inMessage);
             d.doMessage(inMessage);
         } catch (IOException e) {
             throw new ServletException(e);

Modified: incubator/cxf/trunk/rt/transports/http2/src/main/java/org/apache/cxf/transport/http/JettyHTTPDestination.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http2/src/main/java/org/apache/cxf/transport/http/JettyHTTPDestination.java?view=diff&rev=517217&r1=517216&r2=517217
==============================================================================
--- incubator/cxf/trunk/rt/transports/http2/src/main/java/org/apache/cxf/transport/http/JettyHTTPDestination.java
(original)
+++ incubator/cxf/trunk/rt/transports/http2/src/main/java/org/apache/cxf/transport/http/JettyHTTPDestination.java
Mon Mar 12 06:54:37 2007
@@ -36,6 +36,7 @@
 import org.apache.cxf.message.MessageImpl;
 import org.apache.cxf.service.model.EndpointInfo;
 import org.apache.cxf.transport.ConduitInitiator;
+import org.apache.cxf.transport.https.SSLUtils;
 import org.apache.cxf.transports.http.QueryHandler;
 import org.apache.cxf.transports.http.QueryHandlerRegistry;
 import org.mortbay.jetty.HttpConnection;
@@ -200,8 +201,9 @@
             inMessage.put(Message.ASYNC_POST_RESPONSE_DISPATCH, Boolean.TRUE); 
             
             setHeaders(inMessage);
-
             inMessage.setDestination(this);
+            
+            SSLUtils.propogateSecureSession(req, inMessage);
 
             incomingObserver.onMessage(inMessage);
 
@@ -212,6 +214,5 @@
                 LOG.fine("Finished servicing http request on thread: " + Thread.currentThread());
             }
         }
-    }   
-    
+    } 
 }

Modified: incubator/cxf/trunk/rt/transports/http2/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http2/src/main/java/org/apache/cxf/transport/https/SSLUtils.java?view=diff&rev=517217&r1=517216&r2=517217
==============================================================================
--- incubator/cxf/trunk/rt/transports/http2/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
(original)
+++ incubator/cxf/trunk/rt/transports/http2/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
Mon Mar 12 06:54:37 2007
@@ -26,6 +26,7 @@
 import java.io.IOException;
 import java.lang.reflect.Method;
 import java.security.KeyStore;
+import java.security.cert.Certificate;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.util.List;
@@ -34,10 +35,15 @@
 
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLPeerUnverifiedException;
+import javax.net.ssl.SSLSession;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
+import javax.servlet.http.HttpServletRequest;
 
 import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.security.transport.TLSSessionInfo;
 
 /**
  * Holder for utility methods related to manipulating SSL settings, common
@@ -51,10 +57,11 @@
     private static final String DEFAULT_TRUST_STORE_TYPE = "JKS";
     private static final String DEFAULT_SECURE_SOCKET_PROTOCOL = "TLSv1";
     private static final String CERTIFICATE_FACTORY_TYPE = "X.509";
-    
+    private static final String SERVLET_SSL_SESSION_ATTRIBUTE = "javax.net.ssl.session";
+
     private static final boolean DEFAULT_REQUIRE_CLIENT_AUTHENTICATION = false;
     private static final boolean DEFAULT_WANT_CLIENT_AUTHENTICATION = true;
-
+    
 
     private SSLUtils() {
     }    
@@ -423,6 +430,55 @@
         return wantClientAuthentication;
     }    
    
+    /**
+     * Propogate in the message a TLSSessionInfo instance representative  
+     * of the TLS-specific information in the HTTP request.
+     * 
+     * @param req the Jetty request
+     * @param message the Message
+     */
+    public static void propogateSecureSession(HttpServletRequest request,
+                                              Message message) {    
+        SSLSession session = 
+            (SSLSession) request.getAttribute("javax.net.ssl.session");
+        if (session != null) {
+            Certificate[] certs = null;
+            try {
+                certs = session.getPeerCertificates();
+            } catch (final SSLPeerUnverifiedException e) {
+                // peer has not been verified
+            }
+            message.put(TLSSessionInfo.class,
+                        new TLSSessionInfo(session.getCipherSuite(),
+                                           session,
+                                           certs));
+        }
+    }
+    
+    /**
+     * Propogate in the message a TLSSessionInfo instance representative  
+     * of the TLS-specific information in the HTTP request.
+     * 
+     * @param req the servlet request
+     * @param message the Message
+     */
+    public static void propogateSecureServletSession(HttpServletRequest request,
+                                                     Message message) {
+        SSLSession session = 
+            (SSLSession) request.getAttribute(SERVLET_SSL_SESSION_ATTRIBUTE);
+        if (session != null) {
+            Certificate[] certs = null;
+            try {
+                certs = session.getPeerCertificates();
+            } catch (final SSLPeerUnverifiedException e) {
+                // peer has not been verified
+            }
+            message.put(TLSSessionInfo.class,
+                        new TLSSessionInfo(session.getCipherSuite(),
+                                           session,
+                                           certs));
+        }
+    }
     
     protected static void logUnSupportedPolicies(Object policy,
                                                  boolean client,

Modified: incubator/cxf/trunk/rt/transports/http2/src/main/java/org/apache/cxf/transport/servlet/ServletController.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http2/src/main/java/org/apache/cxf/transport/servlet/ServletController.java?view=diff&rev=517217&r1=517216&r2=517217
==============================================================================
--- incubator/cxf/trunk/rt/transports/http2/src/main/java/org/apache/cxf/transport/servlet/ServletController.java
(original)
+++ incubator/cxf/trunk/rt/transports/http2/src/main/java/org/apache/cxf/transport/servlet/ServletController.java
Mon Mar 12 06:54:37 2007
@@ -47,6 +47,7 @@
 import org.apache.cxf.tools.common.extensions.soap.SoapAddress;
 import org.apache.cxf.tools.util.SOAPBindingUtil;
 import org.apache.cxf.transport.http.AbstractHTTPDestination;
+import org.apache.cxf.transport.https.SSLUtils;
 import org.apache.cxf.transports.http.QueryHandler;
 import org.apache.cxf.transports.http.QueryHandlerRegistry;
 import org.apache.cxf.wsdl11.ServiceWSDLBuilder;
@@ -166,7 +167,7 @@
             inMessage.put(Message.QUERY_STRING, request.getQueryString());
             inMessage.put(Message.CONTENT_TYPE, request.getContentType());
             inMessage.put(Message.ENCODING, request.getCharacterEncoding());
-            
+            SSLUtils.propogateSecureServletSession(request, inMessage);
             d.doMessage(inMessage);
         } catch (IOException e) {
             throw new ServletException(e);

Modified: incubator/cxf/trunk/rt/transports/http2/src/test/java/org/apache/cxf/transport/http/JettyHTTPDestinationTest.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http2/src/test/java/org/apache/cxf/transport/http/JettyHTTPDestinationTest.java?view=diff&rev=517217&r1=517216&r2=517217
==============================================================================
--- incubator/cxf/trunk/rt/transports/http2/src/test/java/org/apache/cxf/transport/http/JettyHTTPDestinationTest.java
(original)
+++ incubator/cxf/trunk/rt/transports/http2/src/test/java/org/apache/cxf/transport/http/JettyHTTPDestinationTest.java
Mon Mar 12 06:54:37 2007
@@ -44,6 +44,7 @@
 import org.apache.cxf.message.ExchangeImpl;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageImpl;
+import org.apache.cxf.security.transport.TLSSessionInfo;
 import org.apache.cxf.service.model.EndpointInfo;
 import org.apache.cxf.transport.Conduit;
 import org.apache.cxf.transport.ConduitInitiator;
@@ -399,6 +400,8 @@
                 response.flushBuffer();
                 EasyMock.expectLastCall();                
             }
+            request.getAttribute("javax.net.ssl.session");
+            EasyMock.expectLastCall().andReturn(null);
         }
         
         if (decoupled) {
@@ -458,6 +461,8 @@
         assertEquals("unexpected query",
                      inMessage.get(Message.QUERY_STRING),
                      "?name");
+        assertNull("unexpected query",
+                   inMessage.get(TLSSessionInfo.class));
         verifyRequestHeaders();      
         
        



Mime
View raw message