Return-Path: Delivered-To: apmail-incubator-cxf-commits-archive@locus.apache.org Received: (qmail 48977 invoked from network); 19 Mar 2007 05:18:14 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 19 Mar 2007 05:18:13 -0000 Received: (qmail 89645 invoked by uid 500); 19 Mar 2007 05:18:19 -0000 Delivered-To: apmail-incubator-cxf-commits-archive@incubator.apache.org Received: (qmail 89527 invoked by uid 500); 19 Mar 2007 05:18:19 -0000 Mailing-List: contact cxf-commits-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: cxf-dev@incubator.apache.org Delivered-To: mailing list cxf-commits@incubator.apache.org Received: (qmail 89479 invoked by uid 99); 19 Mar 2007 05:18:18 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 18 Mar 2007 22:18:18 -0700 X-ASF-Spam-Status: No, hits=-99.5 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 18 Mar 2007 22:18:07 -0700 Received: by eris.apache.org (Postfix, from userid 65534) id A90E41A9838; Sun, 18 Mar 2007 22:17:47 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r519845 [1/3] - in /incubator/cxf/trunk: api/src/main/java/org/apache/cxf/ws/ buildtools/src/main/resources/ rt/ rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/ rt/frontend/simple/src/main/java/org/apache/cxf/fronten... Date: Mon, 19 Mar 2007 05:17:46 -0000 To: cxf-commits@incubator.apache.org From: dandiep@apache.org X-Mailer: svnmailer-1.1.0 Message-Id: <20070319051747.A90E41A9838@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: dandiep Date: Sun Mar 18 22:17:43 2007 New Revision: 519845 URL: http://svn.apache.org/viewvc?view=rev&rev=519845 Log: o Add some basic WSS4J security interceptors which are capable of doing WS-Security processing. They still need a decent config mechanism... o Create an AbstractWSFeature class. The hope is that this can help WS-* features become easier to configure. I took the term from the JAX-WS 2.1 spec. I can't find a copy of the spec right now to see how they're going to overlap, so this might change in the future. The basic idea is we can create a spring config like this: And similarly for the Client side. o Committed the start of a WSS4JSecurityFeature class, but it's not near completion yet. o Change the checkstyle to allow Vector as WSS4J forces it upon us. Added: incubator/cxf/trunk/api/src/main/java/org/apache/cxf/ws/AbstractWSFeature.java (with props) incubator/cxf/trunk/rt/ws/security/ incubator/cxf/trunk/rt/ws/security/pom.xml (with props) incubator/cxf/trunk/rt/ws/security/src/ incubator/cxf/trunk/rt/ws/security/src/main/ incubator/cxf/trunk/rt/ws/security/src/main/java/ incubator/cxf/trunk/rt/ws/security/src/main/java/org/ incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/ incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/ incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/ incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/AbstractWSSecurityFeature.java (with props) incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/KeyStoreFactoryBean.java (with props) incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityInfo.java (with props) incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java (with props) incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/Messages.properties (with props) incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java (with props) incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java (with props) incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JSecurityFeature.java (with props) incubator/cxf/trunk/rt/ws/security/src/main/resources/ incubator/cxf/trunk/rt/ws/security/src/main/resources/META-INF/ incubator/cxf/trunk/rt/ws/security/src/main/resources/META-INF/NOTICE (with props) incubator/cxf/trunk/rt/ws/security/src/main/resources/META-INF/cxf/ incubator/cxf/trunk/rt/ws/security/src/main/resources/schemas/ incubator/cxf/trunk/rt/ws/security/src/main/resources/schemas/catalog.cat (with props) incubator/cxf/trunk/rt/ws/security/src/main/resources/schemas/ws-security-policy.xjb (with props) incubator/cxf/trunk/rt/ws/security/src/main/resources/schemas/ws-security-policy.xsd (with props) incubator/cxf/trunk/rt/ws/security/src/test/ incubator/cxf/trunk/rt/ws/security/src/test/java/ incubator/cxf/trunk/rt/ws/security/src/test/java/META-INF/ incubator/cxf/trunk/rt/ws/security/src/test/java/META-INF/cxf/ incubator/cxf/trunk/rt/ws/security/src/test/java/META-INF/cxf/client.properties (with props) incubator/cxf/trunk/rt/ws/security/src/test/java/META-INF/cxf/insecurity.properties (with props) incubator/cxf/trunk/rt/ws/security/src/test/java/META-INF/cxf/key.rsa (with props) incubator/cxf/trunk/rt/ws/security/src/test/java/META-INF/cxf/outsecurity.properties (with props) incubator/cxf/trunk/rt/ws/security/src/test/java/META-INF/cxf/privatestore.jks (with props) incubator/cxf/trunk/rt/ws/security/src/test/java/META-INF/cxf/publicstore.jks (with props) incubator/cxf/trunk/rt/ws/security/src/test/java/META-INF/cxf/request.xml (with props) incubator/cxf/trunk/rt/ws/security/src/test/java/META-INF/cxf/service_enc.xml (with props) incubator/cxf/trunk/rt/ws/security/src/test/java/META-INF/cxf/service_sgn.xml (with props) incubator/cxf/trunk/rt/ws/security/src/test/java/logging.properties (with props) incubator/cxf/trunk/rt/ws/security/src/test/java/org/ incubator/cxf/trunk/rt/ws/security/src/test/java/org/apache/ incubator/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ incubator/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/ incubator/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/ incubator/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/ incubator/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractSecurityTest.java (with props) incubator/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/Echo.java (with props) incubator/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/EchoImpl.java (with props) incubator/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/RoundTripTest.java (with props) incubator/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/TestPwdCallback.java (with props) incubator/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java (with props) incubator/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptorTest.java (with props) incubator/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/in_enc.xml (with props) incubator/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed.xml (with props) incubator/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_invalid.xml (with props) incubator/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/wsse-request-clean.xml (with props) Modified: incubator/cxf/trunk/buildtools/src/main/resources/cxf-checkstyle.xml incubator/cxf/trunk/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/MustUnderstandInterceptor.java incubator/cxf/trunk/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/AbstractEndpointFactory.java incubator/cxf/trunk/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/ClientFactoryBean.java incubator/cxf/trunk/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/ServerFactoryBean.java incubator/cxf/trunk/rt/pom.xml Added: incubator/cxf/trunk/api/src/main/java/org/apache/cxf/ws/AbstractWSFeature.java URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/api/src/main/java/org/apache/cxf/ws/AbstractWSFeature.java?view=auto&rev=519845 ============================================================================== --- incubator/cxf/trunk/api/src/main/java/org/apache/cxf/ws/AbstractWSFeature.java (added) +++ incubator/cxf/trunk/api/src/main/java/org/apache/cxf/ws/AbstractWSFeature.java Sun Mar 18 22:17:43 2007 @@ -0,0 +1,37 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.ws; + +import org.apache.cxf.Bus; +import org.apache.cxf.endpoint.Client; +import org.apache.cxf.endpoint.Server; + +public abstract class AbstractWSFeature { + public void initialize(Server server) { + + } + + public void initialize(Client client) { + + } + + public void initialize(Bus bus) { + + } +} Propchange: incubator/cxf/trunk/api/src/main/java/org/apache/cxf/ws/AbstractWSFeature.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: incubator/cxf/trunk/api/src/main/java/org/apache/cxf/ws/AbstractWSFeature.java ------------------------------------------------------------------------------ svn:executable = * Propchange: incubator/cxf/trunk/api/src/main/java/org/apache/cxf/ws/AbstractWSFeature.java ------------------------------------------------------------------------------ svn:keywords = Rev Date Modified: incubator/cxf/trunk/buildtools/src/main/resources/cxf-checkstyle.xml URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/buildtools/src/main/resources/cxf-checkstyle.xml?view=diff&rev=519845&r1=519844&r2=519845 ============================================================================== --- incubator/cxf/trunk/buildtools/src/main/resources/cxf-checkstyle.xml (original) +++ incubator/cxf/trunk/buildtools/src/main/resources/cxf-checkstyle.xml Sun Mar 18 22:17:43 2007 @@ -204,6 +204,7 @@ + Modified: incubator/cxf/trunk/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/MustUnderstandInterceptor.java URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/MustUnderstandInterceptor.java?view=diff&rev=519845&r1=519844&r2=519845 ============================================================================== --- incubator/cxf/trunk/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/MustUnderstandInterceptor.java (original) +++ incubator/cxf/trunk/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/MustUnderstandInterceptor.java Sun Mar 18 22:17:43 2007 @@ -86,8 +86,14 @@ for (Interceptor interceptorInstance : soapMessage.getInterceptorChain()) { if (interceptorInstance instanceof SoapInterceptor) { SoapInterceptor si = (SoapInterceptor) interceptorInstance; - serviceRoles.addAll(si.getRoles()); - mustUnderstandQNames.addAll(si.getUnderstoodHeaders()); + Set roles = si.getRoles(); + if (roles != null) { + serviceRoles.addAll(roles); + } + Set understoodHeaders = si.getUnderstoodHeaders(); + if (understoodHeaders != null) { + mustUnderstandQNames.addAll(understoodHeaders); + } } } } Modified: incubator/cxf/trunk/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/AbstractEndpointFactory.java URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/AbstractEndpointFactory.java?view=diff&rev=519845&r1=519844&r2=519845 ============================================================================== --- incubator/cxf/trunk/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/AbstractEndpointFactory.java (original) +++ incubator/cxf/trunk/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/AbstractEndpointFactory.java Sun Mar 18 22:17:43 2007 @@ -18,6 +18,7 @@ */ package org.apache.cxf.frontend; +import java.util.List; import java.util.Map; import javax.xml.namespace.QName; @@ -25,7 +26,6 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusException; import org.apache.cxf.BusFactory; -import org.apache.cxf.binding.soap.SoapBindingInfoFactoryBean; import org.apache.cxf.binding.soap.model.SoapBindingInfo; import org.apache.cxf.endpoint.Endpoint; import org.apache.cxf.endpoint.EndpointException; @@ -36,6 +36,7 @@ import org.apache.cxf.service.model.EndpointInfo; import org.apache.cxf.transport.DestinationFactory; import org.apache.cxf.transport.DestinationFactoryManager; +import org.apache.cxf.ws.AbstractWSFeature; import org.apache.cxf.wsdl11.WSDLEndpointFactory; public abstract class AbstractEndpointFactory { @@ -49,6 +50,7 @@ private ReflectionServiceFactoryBean serviceFactory; private QName endpointName; private Map properties; + private List features; protected Endpoint createEndpoint() throws BusException, EndpointException { Service service = serviceFactory.getService(); @@ -110,15 +112,16 @@ // Get the Service from the ServiceFactory if specified Service service = serviceFactory.getService(); - BindingInfo bindingInfo = createBindingInfo(); - service.getServiceInfo().addBinding(bindingInfo); // SOAP nonsense + BindingInfo bindingInfo = createBindingInfo(); if (bindingInfo instanceof SoapBindingInfo) { - ((SoapBindingInfoFactoryBean) getBindingFactory()).setTransportURI(transportId); + ((SoapBindingInfo) bindingInfo).setTransportURI(transportId); transportId = "http://schemas.xmlsoap.org/wsdl/soap/"; } + service.getServiceInfo().addBinding(bindingInfo); + setTransportId(transportId); if (destinationFactory == null) { @@ -130,7 +133,7 @@ ei.setName(endpointName); ei.setAddress(getAddress()); ei.setBinding(bindingInfo); - + if (destinationFactory instanceof WSDLEndpointFactory) { WSDLEndpointFactory we = (WSDLEndpointFactory) destinationFactory; @@ -236,4 +239,13 @@ public void setProperties(Map properties) { this.properties = properties; } + + public List getFeatures() { + return features; + } + + public void setFeatures(List features) { + this.features = features; + } + } Modified: incubator/cxf/trunk/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/ClientFactoryBean.java URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/ClientFactoryBean.java?view=diff&rev=519845&r1=519844&r2=519845 ============================================================================== --- incubator/cxf/trunk/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/ClientFactoryBean.java (original) +++ incubator/cxf/trunk/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/ClientFactoryBean.java Sun Mar 18 22:17:43 2007 @@ -26,6 +26,7 @@ import org.apache.cxf.endpoint.EndpointException; import org.apache.cxf.service.factory.ReflectionServiceFactoryBean; import org.apache.cxf.service.factory.ServiceConstructionException; +import org.apache.cxf.ws.AbstractWSFeature; public class ClientFactoryBean extends AbstractEndpointFactory { private Client client; @@ -47,9 +48,19 @@ throw new ServiceConstructionException(e); } + applyFeatures(); + return client; } + protected void applyFeatures() { + if (getFeatures() != null) { + for (AbstractWSFeature feature : getFeatures()) { + feature.initialize(client); + } + } + } + public Client getClient() { return client; } Modified: incubator/cxf/trunk/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/ServerFactoryBean.java URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/ServerFactoryBean.java?view=diff&rev=519845&r1=519844&r2=519845 ============================================================================== --- incubator/cxf/trunk/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/ServerFactoryBean.java (original) +++ incubator/cxf/trunk/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/ServerFactoryBean.java Sun Mar 18 22:17:43 2007 @@ -31,6 +31,7 @@ import org.apache.cxf.service.invoker.BeanInvoker; import org.apache.cxf.service.invoker.Invoker; import org.apache.cxf.transport.ChainInitiationObserver; +import org.apache.cxf.ws.AbstractWSFeature; /** * This class helps take a {@link org.apache.cxf.service.Service} and @@ -104,7 +105,17 @@ throw new ServiceConstructionException(e); } + applyFeatures(); + return server; + } + + protected void applyFeatures() { + if (getFeatures() != null) { + for (AbstractWSFeature feature : getFeatures()) { + feature.initialize(server); + } + } } protected Invoker createInvoker() { Modified: incubator/cxf/trunk/rt/pom.xml URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/pom.xml?view=diff&rev=519845&r1=519844&r2=519845 ============================================================================== --- incubator/cxf/trunk/rt/pom.xml (original) +++ incubator/cxf/trunk/rt/pom.xml Sun Mar 18 22:17:43 2007 @@ -45,6 +45,7 @@ ws/policy ws/addr ws/rm + ws/security management Added: incubator/cxf/trunk/rt/ws/security/pom.xml URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/ws/security/pom.xml?view=auto&rev=519845 ============================================================================== --- incubator/cxf/trunk/rt/ws/security/pom.xml (added) +++ incubator/cxf/trunk/rt/ws/security/pom.xml Sun Mar 18 22:17:43 2007 @@ -0,0 +1,197 @@ + + + 4.0.0 + cxf-rt-ws-security + jar + Apache CXF Runtime WS Security + http://cwiki.apache.org/CXF + + + org.apache.cxf + cxf-parent + 2.0-incubator-RC-SNAPSHOT + ../../../parent/pom.xml + + + + + + junit + junit + test + + + org.easymock + easymockclassextension + test + + + + org.apache.cxf + cxf-api + ${project.version} + + + org.apache.cxf + cxf-common-utilities + ${project.version} + + + + org.apache.cxf + cxf-rt-bindings-soap + ${project.version} + + + org.apache.cxf + cxf-rt-frontend-jaxws + ${project.version} + test + + + org.apache.cxf + cxf-rt-transports-local + ${project.version} + test + + + + org.apache.cxf + cxf-testutils + ${project.version} + test + + + + com.sun.xml.messaging.saaj + saaj-impl + + + + org.apache.geronimo.specs + geronimo-activation_1.1_spec + + + + xerces + xercesImpl + 2.7.1 + + + xml-apis + xml-apis + 1.0.b2 + + + xml-security + xmlsec + 1.3.0 + + + wss4j + wss4j + 1.5.1 + + + com.sun.xml.messaging.saaj + saaj-impl + + + xalan + xalan + 2.7.0 + + + + xfire + opensaml + 1.0.1 + + + org.codehaus.xfire + bcprov-jdk15 + 133 + + + + + + scm:svn:http://svn.apache.org/repos/asf/incubator/cxf/trunk/rt/ws/security + + + scm:svn:https://svn.apache.org/repos/asf/incubator/cxf/trunk/rt/ws/security + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Propchange: incubator/cxf/trunk/rt/ws/security/pom.xml ------------------------------------------------------------------------------ svn:eol-style = native Propchange: incubator/cxf/trunk/rt/ws/security/pom.xml ------------------------------------------------------------------------------ svn:keywords = Rev Date Propchange: incubator/cxf/trunk/rt/ws/security/pom.xml ------------------------------------------------------------------------------ svn:mime-type = text/xml Added: incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/AbstractWSSecurityFeature.java URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/AbstractWSSecurityFeature.java?view=auto&rev=519845 ============================================================================== --- incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/AbstractWSSecurityFeature.java (added) +++ incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/AbstractWSSecurityFeature.java Sun Mar 18 22:17:43 2007 @@ -0,0 +1,42 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.ws.security; + +import org.apache.cxf.ws.AbstractWSFeature; + +public class AbstractWSSecurityFeature extends AbstractWSFeature { + private SecurityInfo inFlow; + private SecurityInfo outFlow; + + public SecurityInfo getInFlow() { + return inFlow; + } + + public void setInFlow(SecurityInfo inFlow) { + this.inFlow = inFlow; + } + + public SecurityInfo getOutFlow() { + return outFlow; + } + + public void setOutFlow(SecurityInfo outFlow) { + this.outFlow = outFlow; + } +} Propchange: incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/AbstractWSSecurityFeature.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/AbstractWSSecurityFeature.java ------------------------------------------------------------------------------ svn:executable = * Propchange: incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/AbstractWSSecurityFeature.java ------------------------------------------------------------------------------ svn:keywords = Rev Date Added: incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/KeyStoreFactoryBean.java URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/KeyStoreFactoryBean.java?view=auto&rev=519845 ============================================================================== --- incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/KeyStoreFactoryBean.java (added) +++ incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/KeyStoreFactoryBean.java Sun Mar 18 22:17:43 2007 @@ -0,0 +1,23 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.ws.security; + +public class KeyStoreFactoryBean { + +} Propchange: incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/KeyStoreFactoryBean.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/KeyStoreFactoryBean.java ------------------------------------------------------------------------------ svn:executable = * Propchange: incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/KeyStoreFactoryBean.java ------------------------------------------------------------------------------ svn:keywords = Rev Date Added: incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityInfo.java URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityInfo.java?view=auto&rev=519845 ============================================================================== --- incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityInfo.java (added) +++ incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityInfo.java Sun Mar 18 22:17:43 2007 @@ -0,0 +1,77 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.ws.security; + +import java.security.KeyStore; + +public class SecurityInfo { + private boolean doUsernameToken; + private boolean doEncryption; + private boolean doSignature; + private boolean doTimestamp; + + private KeyStore keyStore; + private KeyStore trustStore; + private KeyStore symmetricStore; + + public boolean isDoEncryption() { + return doEncryption; + } + public void setDoEncryption(boolean doEncryption) { + this.doEncryption = doEncryption; + } + public boolean isDoSignature() { + return doSignature; + } + public void setDoSignature(boolean doSignature) { + this.doSignature = doSignature; + } + public boolean isDoTimestamp() { + return doTimestamp; + } + public void setDoTimestamp(boolean doTimestamp) { + this.doTimestamp = doTimestamp; + } + public boolean isDoUsernameToken() { + return doUsernameToken; + } + public void setDoUsernameToken(boolean doUsernameToken) { + this.doUsernameToken = doUsernameToken; + } + public KeyStore getKeyStore() { + return keyStore; + } + public void setKeyStore(KeyStore keyStore) { + this.keyStore = keyStore; + } + public KeyStore getSymmetricStore() { + return symmetricStore; + } + public void setSymmetricStore(KeyStore symmetricStore) { + this.symmetricStore = symmetricStore; + } + public KeyStore getTrustStore() { + return trustStore; + } + public void setTrustStore(KeyStore trustStore) { + this.trustStore = trustStore; + } + + +} Propchange: incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityInfo.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityInfo.java ------------------------------------------------------------------------------ svn:executable = * Propchange: incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityInfo.java ------------------------------------------------------------------------------ svn:keywords = Rev Date Added: incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java?view=auto&rev=519845 ============================================================================== --- incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java (added) +++ incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java Sun Mar 18 22:17:43 2007 @@ -0,0 +1,139 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.ws.security.wss4j; + +import java.net.URI; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Map; +import java.util.Set; + +import javax.xml.namespace.QName; + +import org.apache.cxf.binding.soap.SoapMessage; +import org.apache.cxf.binding.soap.interceptor.SoapInterceptor; +import org.apache.cxf.interceptor.Fault; +import org.apache.cxf.message.Message; +import org.apache.cxf.phase.PhaseInterceptor; +import org.apache.ws.security.WSConstants; +import org.apache.ws.security.handler.WSHandler; + +public abstract class AbstractWSS4JInterceptor extends WSHandler implements SoapInterceptor, + PhaseInterceptor { + + private static final Set HEADERS = new HashSet(); + static { + HEADERS.add(new QName(WSConstants.WSSE_NS, "Security")); + HEADERS.add(new QName(WSConstants.WSSE11_NS, "Security")); + HEADERS.add(new QName("http://www.w3.org/2001/04/xmlenc", "EncryptedData")); + } + + private Map properties = new HashMap(); + private Set before = new HashSet(); + private Set after = new HashSet(); + private String phase; + private String id; + + public AbstractWSS4JInterceptor() { + super(); + id = getClass().getName(); + } + + public Set getRoles() { + return null; + } + + public void handleFault(SoapMessage message) { + } + + public void postHandleMessage(SoapMessage message) throws Fault { + } + + public String getPhase() { + return phase; + } + + public void setPhase(String phase) { + this.phase = phase; + } + + public Object getOption(String key) { + return properties.get(key); + } + + public void setProperty(String key, String value) { + properties.put(key, value); + } + + public String getPassword(Object msgContext) { + return (String)((Message)msgContext).getContextualProperty("password"); + } + + public Object getProperty(Object msgContext, String key) { + Object obj = ((Message)msgContext).getContextualProperty(key); + if (obj == null) { + obj = getOption(key); + } + return obj; + } + + public void setPassword(Object msgContext, String password) { + ((Message)msgContext).put("password", password); + } + + public void setProperty(Object msgContext, String key, Object value) { + ((Message)msgContext).put(key, value); + } + + public String getId() { + return id; + } + + public void setId(String id) { + this.id = id; + } + + public Set getUnderstoodHeaders() { + return HEADERS; + } + + public Map getProperties() { + return properties; + } + + public void setProperties(Map properties) { + this.properties = properties; + } + + public Set getAfter() { + return after; + } + + public void setAfter(Set after) { + this.after = after; + } + + public Set getBefore() { + return before; + } + + public void setBefore(Set before) { + this.before = before; + } +} Propchange: incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java ------------------------------------------------------------------------------ svn:executable = * Propchange: incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java ------------------------------------------------------------------------------ svn:keywords = Rev Date Added: incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/Messages.properties URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/Messages.properties?view=auto&rev=519845 ============================================================================== --- incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/Messages.properties (added) +++ incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/Messages.properties Sun Mar 18 22:17:43 2007 @@ -0,0 +1,8 @@ +NO_SAAJ_DOC: No SOAPMessage DOM was found. Please enable the SAAJInInterceptor. +ACTION_MISMATCH: Security processing failed (actions mismatch) +INVALID_TIMESTAMP: The timestamp could not be validated. +UNTRUSTED_CERT: The certificate used for the signature is not trusted. +NO_SECURITY: Request does not contain required Security header. +SECURITY_FAILED: Security processing failed. +NO_ACTION: No security action was defined. +NO_USERNAME: Empty username for specified action. \ No newline at end of file Propchange: incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/Messages.properties ------------------------------------------------------------------------------ svn:eol-style = native Propchange: incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/Messages.properties ------------------------------------------------------------------------------ svn:executable = * Propchange: incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/Messages.properties ------------------------------------------------------------------------------ svn:keywords = Rev Date Propchange: incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/Messages.properties ------------------------------------------------------------------------------ svn:mime-type = text/plain Added: incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?view=auto&rev=519845 ============================================================================== --- incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java (added) +++ incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java Sun Mar 18 22:17:43 2007 @@ -0,0 +1,284 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.ws.security.wss4j; + +import java.security.cert.X509Certificate; +import java.util.Map; +import java.util.Vector; +import java.util.logging.Level; +import java.util.logging.Logger; + +import javax.security.auth.callback.CallbackHandler; +import javax.xml.soap.SOAPBody; +import javax.xml.soap.SOAPException; +import javax.xml.soap.SOAPMessage; +import javax.xml.stream.XMLStreamConstants; +import javax.xml.stream.XMLStreamException; +import javax.xml.stream.XMLStreamReader; +import javax.xml.transform.dom.DOMSource; + +import org.apache.cxf.binding.soap.SoapFault; +import org.apache.cxf.binding.soap.SoapMessage; +import org.apache.cxf.binding.soap.SoapVersion; +import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor; +import org.apache.cxf.common.i18n.Message; +import org.apache.cxf.interceptor.Fault; +import org.apache.cxf.phase.Phase; +import org.apache.cxf.staxutils.StaxUtils; +import org.apache.ws.security.WSConstants; +import org.apache.ws.security.WSSecurityEngineResult; +import org.apache.ws.security.WSSecurityException; +import org.apache.ws.security.handler.RequestData; +import org.apache.ws.security.handler.WSHandlerConstants; +import org.apache.ws.security.handler.WSHandlerResult; +import org.apache.ws.security.message.token.Timestamp; +import org.apache.ws.security.util.WSSecurityUtil; + +/** + * Performs WS-Security inbound actions. + * + * @author Tomasz Sztelak + */ +public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { + private static final Logger LOG = Logger.getLogger(WSS4JInInterceptor.class.getName()); + private static final Logger TIME_LOG = Logger.getLogger(WSS4JInInterceptor.class.getName() + "-Time"); + + public WSS4JInInterceptor() { + super(); + + setPhase(Phase.PRE_PROTOCOL); + getAfter().add(SAAJInInterceptor.class.getName()); + } + + public WSS4JInInterceptor(Map properties) { + this(); + setProperties(properties); + } + + @SuppressWarnings("unchecked") + public void handleMessage(SoapMessage msg) throws Fault { + boolean doDebug = LOG.isLoggable(Level.FINE); + boolean doTimeLog = TIME_LOG.isLoggable(Level.FINE); + + SoapVersion version = msg.getVersion(); + if (doDebug) { + LOG.fine("WSS4JInSecurityHandler: enter invoke()"); + } + + long t0 = 0; + long t1 = 0; + long t2 = 0; + long t3 = 0; + long t4 = 0; + + if (doTimeLog) { + t0 = System.currentTimeMillis(); + } + + RequestData reqData = new RequestData(); + /* + * The overall try, just to have a finally at the end to perform some + * housekeeping. + */ + try { + reqData.setMsgContext(msg); + + Vector actions = new Vector(); + String action = getAction(msg, version); + + int doAction = WSSecurityUtil.decodeAction(action, actions); + + String actor = (String)getOption(WSHandlerConstants.ACTOR); + + SOAPMessage doc = msg.getContent(SOAPMessage.class); + + if (doc == null) { + throw new SoapFault(new Message("NO_SAAJ_DOC", LOG), version.getReceiver()); + } + + CallbackHandler cbHandler = getCallback(reqData, doAction); + + /* + * Get and check the Signature specific parameters first because + * they may be used for encryption too. + */ + doReceiverAction(doAction, reqData); + + Vector wsResult = null; + if (doTimeLog) { + t1 = System.currentTimeMillis(); + } + + try { + wsResult = secEngine.processSecurityHeader(doc.getSOAPPart(), actor, cbHandler, reqData + .getSigCrypto(), reqData.getDecCrypto()); + } catch (WSSecurityException ex) { + LOG.log(Level.WARNING, "", ex); + throw new SoapFault(new Message("SECURITY_FAILED", LOG), ex, version.getSender()); + } + + if (doTimeLog) { + t2 = System.currentTimeMillis(); + } + + if (wsResult == null) { // no security header found + if (doAction == WSConstants.NO_SECURITY) { + return; + } else { + LOG.warning("Request does not contain required Security header"); + throw new SoapFault(new Message("NO_SECURITY", LOG), version.getSender()); + } + } + + if (reqData.getWssConfig().isEnableSignatureConfirmation()) { + checkSignatureConfirmation(reqData, wsResult); + } + + /* + * Now we can check the certificate used to sign the message. In the + * following implementation the certificate is only trusted if + * either it itself or the certificate of the issuer is installed in + * the keystore. Note: the method verifyTrust(X509Certificate) + * allows custom implementations with other validation algorithms + * for subclasses. + */ + + // Extract the signature action result from the action vector + WSSecurityEngineResult actionResult = WSSecurityUtil + .fetchActionResult(wsResult, WSConstants.SIGN); + + if (actionResult != null) { + X509Certificate returnCert = actionResult.getCertificate(); + + if (returnCert != null && !verifyTrust(returnCert, reqData)) { + LOG.warning("WThe certificate used for the signature is not trusted"); + throw new SoapFault(new Message("UNTRUSTED_CERT", LOG), version.getSender()); + } + } + + /* + * Perform further checks on the timestamp that was transmitted in + * the header. In the following implementation the timestamp is + * valid if it was created after (now-ttl), where ttl is set on + * server side, not by the client. Note: the method + * verifyTimestamp(Timestamp) allows custom implementations with + * other validation algorithms for subclasses. + */ + + // Extract the timestamp action result from the action vector + actionResult = WSSecurityUtil.fetchActionResult(wsResult, WSConstants.TS); + + if (actionResult != null) { + Timestamp timestamp = actionResult.getTimestamp(); + + if (timestamp != null && !verifyTimestamp(timestamp, decodeTimeToLive(reqData))) { + LOG.warning("The timestamp could not be validated"); + throw new SoapFault(new Message("INVALID_TIMESTAMP", LOG), version.getSender()); + } + } + + /* + * now check the security actions: do they match, in right order? + */ + if (!checkReceiverResults(wsResult, actions)) { + LOG.warning("Security processing failed (actions mismatch)"); + throw new SoapFault(new Message("ACTION_MISMATCH", LOG), version.getSender()); + + } + + doResults(msg, actor, doc, wsResult); + + if (doTimeLog) { + t4 = System.currentTimeMillis(); + TIME_LOG.fine("Receive request: total= " + (t4 - t0) + " request preparation= " + (t1 - t0) + + " request processing= " + (t2 - t1) + " request to CXF= " + (t3 - t2) + + " header, cert verify, timestamp= " + (t4 - t3) + "\n"); + } + + if (doDebug) { + LOG.fine("WSS4JInHandler: exit invoke()"); + } + + } catch (WSSecurityException e) { + LOG.log(Level.WARNING, "", e); + // TODO: what should we be doing? + } catch (XMLStreamException e) { + throw new SoapFault(new Message("STAX_EX", LOG), version.getSender()); + } catch (SOAPException e) { + throw new SoapFault(new Message("SAAJ_EX", LOG), version.getSender()); + } finally { + reqData.clear(); + reqData = null; + } + } + + @SuppressWarnings("unchecked") + private void doResults(SoapMessage msg, String actor, SOAPMessage doc, Vector wsResult) + throws SOAPException, XMLStreamException { + /* + * All ok up to this point. Now construct and setup the security result + * structure. The service may fetch this and check it. + */ + Vector results = (Vector)msg.get(WSHandlerConstants.RECV_RESULTS); + if (results == null) { + results = new Vector(); + msg.put(WSHandlerConstants.RECV_RESULTS, results); + } + WSHandlerResult rResult = new WSHandlerResult(actor, wsResult); + results.add(0, rResult); + + SOAPBody body = doc.getSOAPBody(); + + XMLStreamReader reader = StaxUtils.createXMLStreamReader(new DOMSource(body)); + // advance just past body + int evt = reader.next(); + int i = 0; + while (reader.hasNext() && i < 1 + && (evt != XMLStreamConstants.END_ELEMENT || evt != XMLStreamConstants.START_ELEMENT)) { + reader.next(); + i++; + } + + msg.setContent(XMLStreamReader.class, reader); + } + + private String getAction(SoapMessage msg, SoapVersion version) { + String action = (String)getOption(WSHandlerConstants.ACTION); + if (action == null) { + action = (String)msg.get(WSHandlerConstants.ACTION); + } + if (action == null) { + LOG.warning("No security action was defined!"); + throw new SoapFault("No securityaction was defined!", version.getReceiver()); + } + return action; + } + + private CallbackHandler getCallback(RequestData reqData, int doAction) throws WSSecurityException { + /* + * To check a UsernameToken or to decrypt an encrypted message we need a + * password. + */ + CallbackHandler cbHandler = null; + if ((doAction & (WSConstants.ENCR | WSConstants.UT)) != 0) { + cbHandler = getPasswordCB(reqData); + } + return cbHandler; + } +} Propchange: incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java ------------------------------------------------------------------------------ svn:executable = * Propchange: incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java ------------------------------------------------------------------------------ svn:keywords = Rev Date Added: incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java?view=auto&rev=519845 ============================================================================== --- incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java (added) +++ incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java Sun Mar 18 22:17:43 2007 @@ -0,0 +1,183 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.ws.security.wss4j; + +import java.util.Map; +import java.util.Vector; +import java.util.logging.Level; +import java.util.logging.Logger; + +import javax.xml.soap.SOAPMessage; + +import org.w3c.dom.Document; + +import org.apache.cxf.binding.soap.SoapFault; +import org.apache.cxf.binding.soap.SoapMessage; +import org.apache.cxf.binding.soap.SoapVersion; +import org.apache.cxf.common.i18n.Message; +import org.apache.cxf.interceptor.Fault; +import org.apache.cxf.phase.Phase; +import org.apache.ws.security.WSConstants; +import org.apache.ws.security.WSSecurityException; +import org.apache.ws.security.handler.RequestData; +import org.apache.ws.security.handler.WSHandlerConstants; +import org.apache.ws.security.util.WSSecurityUtil; + + +public class WSS4JOutInterceptor extends AbstractWSS4JInterceptor { + private static final Logger LOG = Logger.getLogger(WSS4JOutInterceptor.class.getName()); + private static final Logger TIME_LOG = Logger.getLogger(WSS4JOutInterceptor.class.getName() + "-Time"); + + public WSS4JOutInterceptor() { + super(); + + setPhase(Phase.POST_PROTOCOL); + } + + public WSS4JOutInterceptor(Map props) { + this(); + setProperties(props); + } + + public void handleMessage(SoapMessage mc) throws Fault { + boolean doDebug = LOG.isLoggable(Level.FINE); + boolean doTimeDebug = TIME_LOG.isLoggable(Level.FINE); + SoapVersion version = mc.getVersion(); + + long t0 = 0; + long t1 = 0; + long t2 = 0; + long t3 = 0; + + if (doTimeDebug) { + t0 = System.currentTimeMillis(); + } + + if (doDebug) { + LOG.fine("WSDoAllSender: enter invoke()"); + } + + RequestData reqData = new RequestData(); + + reqData.setMsgContext(mc); + /* + * The overall try, just to have a finally at the end to perform some + * housekeeping. + */ + try { + /* + * Get the action first. + */ + Vector actions = new Vector(); + String action = getString(WSHandlerConstants.ACTION, mc); + if (action == null) { + throw new SoapFault(new Message("NO_ACTION", LOG), version.getReceiver()); + } + + int doAction = WSSecurityUtil.decodeAction(action, actions); + if (doAction == WSConstants.NO_SECURITY) { + return; + } + + /* + * For every action we need a username, so get this now. The + * username defined in the deployment descriptor takes precedence. + */ + reqData.setUsername((String)getOption(WSHandlerConstants.USER)); + if (reqData.getUsername() == null || reqData.getUsername().equals("")) { + String username = (String)getProperty(reqData.getMsgContext(), WSHandlerConstants.USER); + if (username != null) { + reqData.setUsername(username); + } + } + + /* + * Now we perform some set-up for UsernameToken and Signature + * functions. No need to do it for encryption only. Check if + * username is available and then get a passowrd. + */ + if ((doAction & (WSConstants.SIGN | WSConstants.UT | WSConstants.UT_SIGN)) != 0 + && reqData.getUsername() == null || reqData.getUsername().equals("")) { + /* + * We need a username - if none throw an SoapFault. For + * encryption there is a specific parameter to get a username. + */ + throw new SoapFault(new Message("NO_USERNAME", LOG), version.getReceiver()); + } + if (doDebug) { + LOG.fine("Action: " + doAction); + LOG.fine("Actor: " + reqData.getActor()); + } + /* + * Now get the SOAP part from the request message and convert it + * into a Document. This forces CXF to serialize the SOAP request + * into FORM_STRING. This string is converted into a document. + * During the FORM_STRING serialization CXF performs multi-ref of + * complex data types (if requested), generates and inserts + * references for attachements and so on. The resulting Document + * MUST be the complete and final SOAP request as CXF would send it + * over the wire. Therefore this must shall be the last (or only) + * handler in a chain. Now we can perform our security operations on + * this request. + */ + SOAPMessage saaj = mc.getContent(SOAPMessage.class); + + if (saaj == null) { + LOG.warning("SAAJOutHandler must be enabled for WS-Security!"); + throw new SoapFault(new Message("NO_SAAJ_DOC", LOG), version.getReceiver()); + } + + Document doc = saaj.getSOAPPart(); + /** + * There is nothing to send...Usually happens when the provider + * needs to send a HTTP 202 message (with no content) + */ + if (mc == null) { + return; + } + + if (doTimeDebug) { + t1 = System.currentTimeMillis(); + } + + doSenderAction(doAction, doc, reqData, actions, !Boolean.TRUE + .equals(org.apache.cxf.message.Message.REQUESTOR_ROLE)); + + if (doTimeDebug) { + t2 = System.currentTimeMillis(); + } + + if (doTimeDebug) { + t3 = System.currentTimeMillis(); + TIME_LOG + .fine("Send request: total= " + (t3 - t0) + " request preparation= " + (t1 - t0) + + " request processing= " + (t2 - t1) + " request to CXF= " + (t3 - t2) + "\n"); + } + + if (doDebug) { + LOG.fine("WSDoAllSender: exit invoke()"); + } + } catch (WSSecurityException e) { + throw new SoapFault(new Message("SECURITY_FAILED", LOG), e, version.getSender()); + } finally { + reqData.clear(); + reqData = null; + } + } +} Propchange: incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java ------------------------------------------------------------------------------ svn:executable = * Propchange: incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java ------------------------------------------------------------------------------ svn:keywords = Rev Date Added: incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JSecurityFeature.java URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JSecurityFeature.java?view=auto&rev=519845 ============================================================================== --- incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JSecurityFeature.java (added) +++ incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JSecurityFeature.java Sun Mar 18 22:17:43 2007 @@ -0,0 +1,49 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.ws.security.wss4j; + +import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor; +import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor; +import org.apache.cxf.endpoint.Endpoint; +import org.apache.cxf.endpoint.Server; +import org.apache.cxf.interceptor.InterceptorProvider; +import org.apache.cxf.ws.security.AbstractWSSecurityFeature; + +public class WSS4JSecurityFeature extends AbstractWSSecurityFeature { + + @Override + public void initialize(Server service) { + Endpoint endpoint = service.getEndpoint(); + initialize(endpoint); + + } + + private void initialize(InterceptorProvider endpoint) { + endpoint.getInInterceptors().add(new SAAJInInterceptor()); + endpoint.getOutInterceptors().add(new SAAJOutInterceptor()); + + // TODO: Configure interceptors with properties + + WSS4JInInterceptor wsin = new WSS4JInInterceptor(); + endpoint.getInInterceptors().add(wsin); + + WSS4JOutInterceptor wsout = new WSS4JOutInterceptor(); + endpoint.getOutInterceptors().add(wsout); + } +} Propchange: incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JSecurityFeature.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JSecurityFeature.java ------------------------------------------------------------------------------ svn:executable = * Propchange: incubator/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JSecurityFeature.java ------------------------------------------------------------------------------ svn:keywords = Rev Date Added: incubator/cxf/trunk/rt/ws/security/src/main/resources/META-INF/NOTICE URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/ws/security/src/main/resources/META-INF/NOTICE?view=auto&rev=519845 ============================================================================== --- incubator/cxf/trunk/rt/ws/security/src/main/resources/META-INF/NOTICE (added) +++ incubator/cxf/trunk/rt/ws/security/src/main/resources/META-INF/NOTICE Sun Mar 18 22:17:43 2007 @@ -0,0 +1,71 @@ + ========================================================================= + == NOTICE file corresponding to the section 4 d of == + == the Apache License, Version 2.0, == + == in this case for the Apache CXF distribution. == + ========================================================================= + + This product includes software developed by + The Apache Software Foundation (http://www.apache.org/). + + This product also includes schemas and specification developed by: + - the W3C consortium (http://www.w3c.org) , + + This product also includes software developed by Spring Framework + Project (http://www.springframework.org) + + This product also includes XMLSchema developed at the apache + software foundation. The original software is available from + (http://www.apache.org/dyn/closer.cgi/ws/commons/XmlSchema) + + This product also includes Wsdl4j (The Web Services Description + Language for Java Toolkit) developed at Sourceforge. The original + software is available from (http://sourceforge.net/projects/wsdl4j) + + This product also inclues SAAJ (The SOAP with Attachments API for Java) + The original software is availabe from (http://saaj.dev.java.net/) + + This product also includes JavaMail api developed by Sun MicroSystems, Inc. + The original software is avaiable from (http://glassfish.dev.java.net/) + + This product also includes JSR 181 API developed by Java Community Process. + The original software is avaliable from (http://glassfish.dev.java.net/) + + This product also includes JSR 250 API developed by Java Community Process. + The original software is available from (http://glassfish.dev.java.net/) + + This product also includes Java API for XML Web Service developed by + Java Community Process and Sun MicroSystems, Inc. The original software + is available from (http://glassfish.dev.java.net/) + + This product also includes Java Architecture for XML Binding developed by Java + Community Process and Sun MicroSystems, Inc. The original software is + available from (http://jaxb.dev.java.net) + + This product also includes JavaBeans Activation Framework developed by + Java Community Process and Sun MicroSystems, Inc. The original software is + available from (http://jcp.org/aboutJava/communityprocess/mrel/jsr925/index.html + + This product also includes software developed by Mort Bay Consulting + Pty (http://jetty.mortbay.org) + + This product also includes software developed by Codehause + (http://woodstox.codehaus.org/) + + This product also includes WS-* schemas developed by International + Business Machines Corporation, Microsoft Corporation, BEA Systems, + TIBCO Software, SAP AG, Sonic Software, and VeriSign + (http://schemas.xmlsoap.org/wsdl/2003-02-11.xsd) + (http://schemas.xmlsoap.org/ws/2004/08/addressing/) + (http://schemas.xmlsoap.org/ws/2005/02/rm/wsrm.xsd) + (http://schemas.xmlsoap.org/ws/2004/09/policy/ws-policy.xsd) + + This Product also includes schemas developed by OASIS + (http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd) + (http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd) + + Java classes (source and binary) under org.apache.cxf.jaxws.javaee + are generated from schema available here: + (http://java.sun.com/xml/ns/javaee/javaee_5.xsd) + + Additional copyright notices and license terms applicable are + present in the licenses directory of this distribution. Propchange: incubator/cxf/trunk/rt/ws/security/src/main/resources/META-INF/NOTICE ------------------------------------------------------------------------------ svn:eol-style = native Propchange: incubator/cxf/trunk/rt/ws/security/src/main/resources/META-INF/NOTICE ------------------------------------------------------------------------------ svn:executable = * Propchange: incubator/cxf/trunk/rt/ws/security/src/main/resources/META-INF/NOTICE ------------------------------------------------------------------------------ svn:mime-type = text/plain Added: incubator/cxf/trunk/rt/ws/security/src/main/resources/schemas/catalog.cat URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/ws/security/src/main/resources/schemas/catalog.cat?view=auto&rev=519845 ============================================================================== --- incubator/cxf/trunk/rt/ws/security/src/main/resources/schemas/catalog.cat (added) +++ incubator/cxf/trunk/rt/ws/security/src/main/resources/schemas/catalog.cat Sun Mar 18 22:17:43 2007 @@ -0,0 +1,23 @@ + +-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +-- + + +SYSTEM "http://schemas.xmlsoap.org/ws/2004/08/addressing" "../../../../../../../common/schemas/src/main/resources/schemas/wsdl/addressing.xsd" + Propchange: incubator/cxf/trunk/rt/ws/security/src/main/resources/schemas/catalog.cat ------------------------------------------------------------------------------ svn:executable = * Added: incubator/cxf/trunk/rt/ws/security/src/main/resources/schemas/ws-security-policy.xjb URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/ws/security/src/main/resources/schemas/ws-security-policy.xjb?view=auto&rev=519845 ============================================================================== --- incubator/cxf/trunk/rt/ws/security/src/main/resources/schemas/ws-security-policy.xjb (added) +++ incubator/cxf/trunk/rt/ws/security/src/main/resources/schemas/ws-security-policy.xjb Sun Mar 18 22:17:43 2007 @@ -0,0 +1,31 @@ + + + + + + + + + + Propchange: incubator/cxf/trunk/rt/ws/security/src/main/resources/schemas/ws-security-policy.xjb ------------------------------------------------------------------------------ svn:executable = *