cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r726825 - in /cxf/trunk/rt: core/src/main/java/org/apache/cxf/interceptor/ transports/http/src/main/java/org/apache/cxf/transport/http/ ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/ ws/security/src/main/java/org/apac...
Date Mon, 15 Dec 2008 21:57:20 GMT
Author: dkulp
Date: Mon Dec 15 13:57:19 2008
New Revision: 726825

URL: http://svn.apache.org/viewvc?rev=726825&view=rev
Log:
Allow using a wsdl for the STSClient so policies can be pulled directly
Update logging to log the URL as well

Modified:
    cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingMessage.java
    cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingOutInterceptor.java
    cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/IssuedTokenBuilder.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java

Modified: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingMessage.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingMessage.java?rev=726825&r1=726824&r2=726825&view=diff
==============================================================================
--- cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingMessage.java (original)
+++ cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingMessage.java Mon Dec
15 13:57:19 2008
@@ -21,7 +21,7 @@
 public final class LoggingMessage {
 
     private final String heading;
-
+    private final StringBuilder address;
     private final StringBuilder encoding;
     private final StringBuilder header;
     private final StringBuilder message;
@@ -30,11 +30,15 @@
     public LoggingMessage(String h) {
         heading = h;
 
+        address = new StringBuilder();
         encoding = new StringBuilder();
         header = new StringBuilder();
         message = new StringBuilder();
         payload = new StringBuilder();
     }
+    public StringBuilder getAddress() {
+        return address;
+    }
 
     public StringBuilder getEncoding() {
         return encoding;
@@ -55,6 +59,10 @@
     public String toString() {
         StringBuilder buffer = new StringBuilder();
         buffer.append(heading);
+        if (address.length() > 0) {
+            buffer.append("\nAddress: ");
+            buffer.append(address);
+        }
         buffer.append("\nEncoding: ");
         buffer.append(encoding);
         buffer.append("\nHeaders: ");

Modified: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingOutInterceptor.java?rev=726825&r1=726824&r2=726825&view=diff
==============================================================================
--- cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingOutInterceptor.java
(original)
+++ cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingOutInterceptor.java
Mon Dec 15 13:57:19 2008
@@ -113,6 +113,10 @@
                 buffer.getEncoding().append(encoding);
             }            
             
+            String address = (String)message.get(Message.ENDPOINT_ADDRESS);
+            if (address != null) {
+                buffer.getAddress().append(address);
+            }
             Object headers = message.get(Message.PROTOCOL_HEADERS);
 
             if (headers != null) {

Modified: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java?rev=726825&r1=726824&r2=726825&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
(original)
+++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
Mon Dec 15 13:57:19 2008
@@ -680,9 +680,12 @@
         String queryString = (String)message.get(Message.QUERY_STRING);
         if (result == null) {
             if (pathInfo == null && queryString == null) {
-                return getURL();
+                URL url = getURL();
+                message.put(Message.ENDPOINT_ADDRESS, url.toString());
+                return url;
             }
             result = getURL().toString();
+            message.put(Message.ENDPOINT_ADDRESS, result);
         }
         
         // REVISIT: is this really correct?

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/IssuedTokenBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/IssuedTokenBuilder.java?rev=726825&r1=726824&r2=726825&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/IssuedTokenBuilder.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/IssuedTokenBuilder.java
Mon Dec 15 13:57:19 2008
@@ -124,11 +124,11 @@
             assertion = (Assertion)iterator.next();
             name = assertion.getName();
 
-            if (SP11Constants.REQUIRE_DERIVED_KEYS.equals(name)) {
+            if (SPConstants.REQUIRE_DERIVED_KEYS.equals(name.getLocalPart())) {
                 parent.setDerivedKeys(true);
-            } else if (SP11Constants.REQUIRE_EXTERNAL_REFERENCE.equals(name)) {
+            } else if (SPConstants.REQUIRE_EXTERNAL_REFERENCE.equals(name.getLocalPart()))
{
                 parent.setRequireExternalReference(true);
-            } else if (SP11Constants.REQUIRE_INTERNAL_REFERENCE.equals(name)) {
+            } else if (SPConstants.REQUIRE_INTERNAL_REFERENCE.equals(name.getLocalPart()))
{
                 parent.setRequireInternalReference(true);
             }
         }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=726825&r1=726824&r2=726825&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
Mon Dec 15 13:57:19 2008
@@ -64,14 +64,18 @@
 import org.apache.cxf.service.model.ServiceInfo;
 import org.apache.cxf.staxutils.StaxUtils;
 import org.apache.cxf.staxutils.W3CDOMStreamWriter;
+import org.apache.cxf.transport.Conduit;
 import org.apache.cxf.transport.ConduitInitiator;
 import org.apache.cxf.transport.ConduitInitiatorManager;
+import org.apache.cxf.ws.policy.EffectivePolicy;
 import org.apache.cxf.ws.policy.PolicyBuilder;
+import org.apache.cxf.ws.policy.PolicyEngine;
 import org.apache.cxf.ws.security.policy.model.AlgorithmSuite;
 import org.apache.cxf.ws.security.policy.model.Binding;
 import org.apache.cxf.ws.security.policy.model.Trust10;
 import org.apache.cxf.ws.security.policy.model.Trust13;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.wsdl11.WSDLServiceFactory;
 import org.apache.neethi.Policy;
 import org.apache.neethi.PolicyComponent;
 import org.apache.ws.security.WSConstants;
@@ -94,6 +98,11 @@
     String name = "default.sts-client";
     Client client;
     String location;
+    
+    String wsdlLocation;
+    QName serviceName;
+    QName endpointName;
+    
     Policy policy;
     String soapVersion = SoapBindingConstants.SOAP11_BINDING_ID;
     int keySize = 256;
@@ -175,64 +184,104 @@
         return ctx;
     }
     
+    public void setWsdlLocation(String wsdl) {
+        wsdlLocation = wsdl;
+    }
+    public void setServiceName(QName qn) {
+        serviceName = qn;
+    }
+    public void setServiceName(String qn) {
+        serviceName = QName.valueOf(qn);
+    }
+    public void setEndpointName(QName qn) {
+        endpointName = qn;
+    }
+    public void setEndpointName(String qn) {
+        endpointName = QName.valueOf(qn);
+    }
     private void createClient() throws BusException, EndpointException {
         if (client != null) {
             return;
         }
         bus.getExtension(Configurer.class).configureBean(name, this);
         
-        
-        Service service = null;
-        String ns = namespace + "/wsdl";
-        ServiceInfo si = new ServiceInfo();
-        
-        QName iName = new QName(ns, "SecurityTokenService");
-        si.setName(iName);
-        InterfaceInfo ii = new InterfaceInfo(si, iName);
-        OperationInfo oi = ii.addOperation(new QName(ns, "RequestSecurityToken"));
-        MessageInfo mii = oi.createMessage(new QName(ns, "RequestSecurityTokenMsg"), 
-                                           MessageInfo.Type.INPUT);
-        oi.setInput("RequestSecurityTokenMsg", mii);
-        MessagePartInfo mpi = mii.addMessagePart("request");
-        mpi.setElementQName(new QName(namespace, "RequestSecurityToken"));
-        
-        MessageInfo mio = oi.createMessage(new QName(ns, "RequestSecurityTokenResponseMsg"),

-                                           MessageInfo.Type.OUTPUT);
-        oi.setOutput("RequestSecurityTokenResponseMsg", mio);
-        mpi = mio.addMessagePart("response");
-        mpi.setElementQName(new QName(namespace, "RequestSecurityTokenResponse"));
-        
-        si.setInterface(ii);
-        service = new ServiceImpl(si);
-        
-        BindingFactoryManager bfm = bus.getExtension(BindingFactoryManager.class);
-        BindingFactory bindingFactory = bfm.getBindingFactory(soapVersion);
-        BindingInfo bi = bindingFactory.createBindingInfo(service, 
-                                                          soapVersion, null);
-        si.addBinding(bi);
-        ConduitInitiatorManager cim = bus.getExtension(ConduitInitiatorManager.class);
-        ConduitInitiator ci = cim.getConduitInitiatorForUri(location);
-        EndpointInfo ei = new EndpointInfo(si, ci.getTransportIds().get(0));
-        ei.setBinding(bi);
-        ei.setName(iName);
-        ei.setAddress(location);
-        si.addEndpoint(ei);
-        ei.addExtensor(policy);
-        
-        BindingOperationInfo boi = bi.getOperation(oi);
-        SoapOperationInfo soi = boi.getExtensor(SoapOperationInfo.class);
-        if (soi == null) {
-            soi = new SoapOperationInfo();
-            boi.addExtensor(soi);
+        if (wsdlLocation != null) {
+            WSDLServiceFactory factory = new WSDLServiceFactory(bus, wsdlLocation, serviceName);
+            SourceDataBinding dataBinding = new SourceDataBinding();
+            factory.setDataBinding(dataBinding);
+            Service service = factory.create();
+            service.setDataBinding(dataBinding);
+            EndpointInfo ei = service.getEndpointInfo(endpointName);
+            Endpoint endpoint = new EndpointImpl(bus, service, ei);
+            client = new ClientImpl(bus, endpoint);
+        } else {
+            Service service = null;
+            String ns = namespace + "/wsdl";
+            ServiceInfo si = new ServiceInfo();
+            
+            QName iName = new QName(ns, "SecurityTokenService");
+            si.setName(iName);
+            InterfaceInfo ii = new InterfaceInfo(si, iName);
+            OperationInfo oi = ii.addOperation(new QName(ns, "RequestSecurityToken"));
+            MessageInfo mii = oi.createMessage(new QName(ns, "RequestSecurityTokenMsg"),

+                                               MessageInfo.Type.INPUT);
+            oi.setInput("RequestSecurityTokenMsg", mii);
+            MessagePartInfo mpi = mii.addMessagePart("request");
+            mpi.setElementQName(new QName(namespace, "RequestSecurityToken"));
+            
+            MessageInfo mio = oi.createMessage(new QName(ns, "RequestSecurityTokenResponseMsg"),

+                                               MessageInfo.Type.OUTPUT);
+            oi.setOutput("RequestSecurityTokenResponseMsg", mio);
+            mpi = mio.addMessagePart("response");
+            mpi.setElementQName(new QName(namespace, "RequestSecurityTokenResponse"));
+            
+            si.setInterface(ii);
+            service = new ServiceImpl(si);
+            
+            BindingFactoryManager bfm = bus.getExtension(BindingFactoryManager.class);
+            BindingFactory bindingFactory = bfm.getBindingFactory(soapVersion);
+            BindingInfo bi = bindingFactory.createBindingInfo(service, 
+                                                              soapVersion, null);
+            si.addBinding(bi);
+            ConduitInitiatorManager cim = bus.getExtension(ConduitInitiatorManager.class);
+            ConduitInitiator ci = cim.getConduitInitiatorForUri(location);
+            EndpointInfo ei = new EndpointInfo(si, ci.getTransportIds().get(0));
+            ei.setBinding(bi);
+            ei.setName(iName);
+            ei.setAddress(location);
+            si.addEndpoint(ei);
+            ei.addExtensor(policy);
+            
+            BindingOperationInfo boi = bi.getOperation(oi);
+            SoapOperationInfo soi = boi.getExtensor(SoapOperationInfo.class);
+            if (soi == null) {
+                soi = new SoapOperationInfo();
+                boi.addExtensor(soi);
+            }
+            soi.setAction(namespace + "/RST/Issue");
+            
+    
+            service.setDataBinding(new SourceDataBinding());
+            Endpoint endpoint = new EndpointImpl(bus, service, ei);
+            
+            client = new ClientImpl(bus, endpoint);
+        }
+    }
+    private BindingOperationInfo findOperation(String suffix) {
+        BindingInfo bi = client.getEndpoint().getBinding().getBindingInfo();
+        for (BindingOperationInfo boi : bi.getOperations()) {
+            SoapOperationInfo soi = boi.getExtensor(SoapOperationInfo.class);
+            if (soi != null && soi.getAction() != null && soi.getAction().endsWith(suffix))
{
+                PolicyEngine pe = bus.getExtension(PolicyEngine.class);
+                Conduit conduit = client.getConduit();
+                EffectivePolicy effectivePolicy 
+                    = pe.getEffectiveClientRequestPolicy(client.getEndpoint().getEndpointInfo(),
+                                                         boi, conduit);
+                setPolicy(effectivePolicy.getPolicy());
+                return boi;
+            }
         }
-        soi.setAction(namespace + "/RST/Issue");
-        
-
-        service.setDataBinding(new SourceDataBinding());
-        Endpoint endpoint = new EndpointImpl(bus, service, ei);
-        
-        client = new ClientImpl(bus, endpoint);
-        
+        return null;
     }
 
     public SecurityToken requestSecurityToken() throws Exception {
@@ -240,18 +289,21 @@
     }
     public SecurityToken requestSecurityToken(String appliesTo) throws Exception {
         createClient();
+        BindingOperationInfo boi = findOperation("/RST/Issue");
+        
         client.getRequestContext().putAll(ctx);
         
         W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
         writer.writeStartElement(namespace, "RequestSecurityToken");
-        boolean wroteKeyType = false;
         boolean wroteKeySize = false;
+        String keyType = null;
         if (template != null) {
             Element tl = DOMUtils.getFirstElement(template);
             while (tl != null) {
                 StaxUtils.copy(tl, writer);
-                wroteKeyType |= "KeyType".equals(tl.getLocalName());
-                if ("KeySize".equals(tl.getLocalName())) {
+                if ("KeyType".equals(tl.getLocalName())) {
+                    keyType = DOMUtils.getContent(tl);
+                } else if ("KeySize".equals(tl.getLocalName())) {
                     wroteKeySize = true;
                     keySize = Integer.parseInt(DOMUtils.getContent(tl));
                 }
@@ -267,42 +319,47 @@
             //TODO: AppliesTo element? 
         }
         //TODO: Lifetime element?
-        if (!wroteKeyType) {
+        if (keyType == null) {
             writer.writeStartElement(namespace, "KeyType");
             //TODO: Set the KeyType?
             writer.writeCharacters(namespace + "/SymmetricKey");
             writer.writeEndElement();
+            keyType = namespace + "/SymmetricKey";
         }
-        if (!wroteKeySize) {
-            writer.writeStartElement(namespace, "KeySize");
-            writer.writeCharacters(Integer.toString(keySize));
-            writer.writeEndElement();
-        }
-        
         byte[] requestorEntropy = null;
-        if ((trust10 != null && trust10.isRequireClientEntropy())
-            || (trust13 != null && trust13.isRequireClientEntropy())) {
-            writer.writeStartElement(namespace, "Entropy");
-            writer.writeStartElement(namespace, "BinarySecret");
-            writer.writeAttribute("Type", namespace + "/Nounce");
-            requestorEntropy =
-                WSSecurityUtil.generateNonce(algorithmSuite.getMaximumSymmetricKeyLength()
/ 8);
-            writer.writeCharacters(Base64.encode(requestorEntropy));
-
-            writer.writeEndElement();
-            writer.writeEndElement();
-            writer.writeStartElement(namespace, "ComputedKeyAlgorithm");
-            writer.writeCharacters(namespace + "/CK/PSHA1");
-            writer.writeEndElement();
+        
+        if (keyType.endsWith("SymmetricKey")) {
+            if (!wroteKeySize) {
+                writer.writeStartElement(namespace, "KeySize");
+                writer.writeCharacters(Integer.toString(keySize));
+                writer.writeEndElement();
+            }
+        
+            if ((trust10 != null && trust10.isRequireClientEntropy())
+                || (trust13 != null && trust13.isRequireClientEntropy())) {
+                writer.writeStartElement(namespace, "Entropy");
+                writer.writeStartElement(namespace, "BinarySecret");
+                writer.writeAttribute("Type", namespace + "/Nounce");
+                requestorEntropy =
+                    WSSecurityUtil.generateNonce(algorithmSuite.getMaximumSymmetricKeyLength()
/ 8);
+                writer.writeCharacters(Base64.encode(requestorEntropy));
+    
+                writer.writeEndElement();
+                writer.writeEndElement();
+                writer.writeStartElement(namespace, "ComputedKeyAlgorithm");
+                writer.writeCharacters(namespace + "/CK/PSHA1");
+                writer.writeEndElement();
+            }
         }
         writer.writeEndElement();
         
-        Object obj[] = client.invoke("RequestSecurityToken",
+        Object obj[] = client.invoke(boi,
                                      new DOMSource(writer.getDocument().getDocumentElement()));
         
         return createSecurityToken((Document)((DOMSource)obj[0]).getNode(), requestorEntropy);
     }
 
+
     private SecurityToken createSecurityToken(Document document, byte[] requestorEntropy)

         throws WSSecurityException {
         

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=726825&r1=726824&r2=726825&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
Mon Dec 15 13:57:19 2008
@@ -47,6 +47,7 @@
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.conversation.ConversationConstants;
 import org.apache.ws.security.message.WSSecDKSign;
 import org.apache.ws.security.message.WSSecEncryptedKey;
 import org.apache.ws.security.message.WSSecHeader;
@@ -78,6 +79,19 @@
                     utBuilder.prepare(saaj.getSOAPPart());
                     utBuilder.appendToHeader(secHeader);
                 }
+            } else if (token instanceof IssuedToken) {
+                SecurityToken secTok = getSecurityToken();
+                
+                SPConstants.IncludeTokenType inclusion = token.getInclusion();
+                
+                if (inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS
+                    || ((inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT

+                        || inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE)

+                        && isRequestor())) {
+                  
+                    //Add the token
+                    addEncyptedKeyElement(cloneElement(secTok.getToken()));
+                }
             } else {
                 //REVISIT - not supported for signed.  Exception?
             }
@@ -135,29 +149,30 @@
                         addUsernameTokens(sgndSuppTokens);
                     }
                 }
+                
                 ais = aim.get(SP12Constants.ENDORSING_SUPPORTING_TOKENS);
                 if (ais != null) {
                     SupportingToken sgndSuppTokens = null;
                     for (AssertionInfo ai : ais) {
                         sgndSuppTokens = (SupportingToken)ai.getAssertion();
                         ai.setAsserted(true);
-                    }
+                    } 
+                    
                     if (sgndSuppTokens != null) {
-                        SignedEncryptedParts signdParts = sgndSuppTokens.getSignedParts();
-
                         for (Token token : sgndSuppTokens.getTokens()) {
                             if (token instanceof IssuedToken) {
-                                signatureValues.add(doIssuedTokenSignature(token, signdParts,

+                                signatureValues.add(doIssuedTokenSignature(token, null, 
                                                                            sgndSuppTokens));
                             } else if (token instanceof X509Token) {
-                                signatureValues.add(doX509TokenSignature(token, signdParts,

+                                signatureValues.add(doX509TokenSignature(token, null, 
                                                                          sgndSuppTokens));
                             } else if (token instanceof SecureConversationToken) {
                                 signatureValues.add(doSecureConversationSignature(token,
-                                                                                  signdParts));
+                                                                                  null));
                             }
                         }
                     }
+                    
                 }
                 
                 ais = aim.get(SP12Constants.SUPPORTING_TOKENS);
@@ -326,8 +341,10 @@
           
             //    Set the algo info
             dkSign.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
-            dkSign.setDerivedKeyLength(algorithmSuite.getSignatureDerivedKeyLength());
-          
+            dkSign.setDerivedKeyLength(algorithmSuite.getSignatureDerivedKeyLength() / 8);
+            if (token.getSPConstants() == SP12Constants.INSTANCE) {
+                dkSign.setWscVersion(ConversationConstants.VERSION_05_12);
+            }
             dkSign.prepare(doc, secHeader);
           
             addDerivedKeyElement(dkSign.getdktElement());



Mime
View raw message