cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r740882 - in /cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security: ./ policy/ policy/interceptors/ policy/model/ trust/ wss4j/ wss4j/policyhandlers/
Date Wed, 04 Feb 2009 21:00:20 GMT
Author: dkulp
Date: Wed Feb  4 21:00:19 2009
New Revision: 740882

URL: http://svn.apache.org/viewvc?rev=740882&view=rev
Log:
Make sure the Tokens (X509Token, IssuedToken, etc...) can participate in interceptor selection
Add the AppliesTo element to the RequestSecurityToken message when possible
Add IssuedToken interceptors to handle the configuration and retrieval of Trust tokens.  
No client side coding now required.  Just config.

Added:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
  (with props)
Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/EncryptionToken.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/InitiatorToken.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/ProtectionToken.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/RecipientToken.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SignatureToken.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SupportingToken.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TokenWrapper.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TransportToken.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=740882&r1=740881&r2=740882&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
Wed Feb  4 21:00:19 2009
@@ -36,9 +36,10 @@
     public static final String SIGNATURE_CRYPTO = "ws-security.signature.crypto";
     public static final String ENCRYPT_CRYPTO = "ws-security.encryption.crypto";
 
-    public static final String TRUST_TOKEN = "ws-security.trust.token";
-    public static final String TRUST_TOKEN_ID = "ws-security.trust.token.id";
+    public static final String TOKEN = "ws-security.token";
+    public static final String TOKEN_ID = "ws-security.token.id";
     
+    public static final String STS_CLIENT = "ws-security.sts.client";
 
     private SecurityConstants() {
         //utility class

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java?rev=740882&r1=740881&r2=740882&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
Wed Feb  4 21:00:19 2009
@@ -56,6 +56,7 @@
 import org.apache.cxf.ws.security.policy.builders.WSS11Builder;
 import org.apache.cxf.ws.security.policy.builders.X509TokenBuilder;
 import org.apache.cxf.ws.security.policy.interceptors.HttpsTokenInterceptorProvider;
+import org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider;
 import org.apache.cxf.ws.security.policy.interceptors.WSSecurityInterceptorProvider;
 import org.apache.cxf.ws.security.policy.interceptors.WSSecurityPolicyInterceptorProvider;
 
@@ -119,6 +120,7 @@
         reg.register(new WSSecurityPolicyInterceptorProvider());
         reg.register(new WSSecurityInterceptorProvider());
         reg.register(new HttpsTokenInterceptorProvider());
+        reg.register(new IssuedTokenInterceptorProvider());
     }
 
 }

Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java?rev=740882&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
(added)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
Wed Feb  4 21:00:19 2009
@@ -0,0 +1,193 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.policy.interceptors;
+
+import java.util.Arrays;
+import java.util.Collection;
+
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.endpoint.Endpoint;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.phase.AbstractPhaseInterceptor;
+import org.apache.cxf.phase.Phase;
+import org.apache.cxf.ws.addressing.AddressingProperties;
+import org.apache.cxf.ws.policy.AbstractPolicyInterceptorProvider;
+import org.apache.cxf.ws.policy.AssertionInfo;
+import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.policy.SP11Constants;
+import org.apache.cxf.ws.security.policy.SP12Constants;
+import org.apache.cxf.ws.security.policy.model.IssuedToken;
+import org.apache.cxf.ws.security.policy.model.Trust10;
+import org.apache.cxf.ws.security.policy.model.Trust13;
+import org.apache.cxf.ws.security.tokenstore.MemoryTokenStore;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.cxf.ws.security.trust.STSClient;
+
+/**
+ * 
+ */
+public class IssuedTokenInterceptorProvider extends AbstractPolicyInterceptorProvider {
+
+    public IssuedTokenInterceptorProvider() {
+        super(Arrays.asList(SP11Constants.ISSUED_TOKEN, SP12Constants.ISSUED_TOKEN));
+        this.getOutInterceptors().add(new IssuedTokenOutInterceptor());
+        this.getOutFaultInterceptors().add(new IssuedTokenOutInterceptor());
+        this.getInInterceptors().add(new IssuedTokenInInterceptor());
+        this.getInFaultInterceptors().add(new IssuedTokenInInterceptor());
+    }
+    
+    
+    static final TokenStore getTokenStore(Message message) {
+        TokenStore tokenStore = (TokenStore)message.getContextualProperty(TokenStore.class.getName());
+        if (tokenStore == null) {
+            tokenStore = new MemoryTokenStore();
+            message.getExchange().get(Endpoint.class).getEndpointInfo()
+                .setProperty(TokenStore.class.getName(), tokenStore);
+        }
+        return tokenStore;
+    }
+    static STSClient getClient(Message message) {
+        STSClient client = (STSClient)message
+            .getContextualProperty(SecurityConstants.STS_CLIENT);
+        if (client == null) {
+            client = new STSClient(message.getExchange().get(Bus.class));
+            client.setBeanName(message.getExchange().get(Endpoint.class)
+                               .getEndpointInfo().getName().toString() + ".sts-client");
+        }
+        return client;
+    }
+    static class IssuedTokenOutInterceptor extends AbstractPhaseInterceptor<Message>
{
+        public IssuedTokenOutInterceptor() {
+            super(Phase.PREPARE_SEND);
+        }
+        public void handleMessage(Message message) throws Fault {
+            AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+            // extract Assertion information
+            if (aim != null) {
+                Collection<AssertionInfo> ais = aim.get(SP12Constants.ISSUED_TOKEN);
+                if (ais == null || ais.isEmpty()) {
+                    return;
+                }
+                if (isRequestor(message)) {
+                    IssuedToken itok = (IssuedToken)ais.iterator().next().getAssertion();
+                    
+                    SecurityToken tok = (SecurityToken)message.getContextualProperty(SecurityConstants.TOKEN);
+                    if (tok == null) {
+                        String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
+                        if (tokId != null) {
+                            tok = getTokenStore(message).getToken(tokId);
+                        }
+                    }
+                    if (tok == null) {
+                        STSClient client = getClient(message);
+                        AddressingProperties maps =
+                            (AddressingProperties)message
+                                .get("javax.xml.ws.addressing.context.outbound");
+                        if (maps == null) {
+                            maps = (AddressingProperties)message
+                                .get("javax.xml.ws.addressing.context");
+                        }
+                        synchronized (client) {
+                            try {
+                                client.setTrust(getTrust10(aim));
+                                client.setTrust(getTrust13(aim));
+                                client.setTemplate(itok.getRstTemplate());
+                                if (maps == null) {
+                                    tok = client.requestSecurityToken();
+                                } else {
+                                    String s = message
+                                        .getContextualProperty(Message.ENDPOINT_ADDRESS).toString();
+                                    client.setAddressingNamespace(maps.getNamespaceURI());
+                                    tok = client.requestSecurityToken(s);
+                                }
+                            } catch (Exception e) {
+                                // TODO Auto-generated catch block
+                                e.printStackTrace();
+                            } finally {
+                                client.setTrust((Trust10)null);
+                                client.setTrust((Trust13)null);
+                                client.setTemplate(null);
+                                client.setAddressingNamespace(null);
+                            }
+                        }
+                    } else {
+                        //renew token?
+                    }
+                    if (tok != null) {
+                        for (AssertionInfo ai : ais) {
+                            ai.setAsserted(true);
+                        }
+                        message.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID,

+                                                                      tok.getId());
+                        getTokenStore(message).add(tok);
+                    }
+                } else {
+                    //server side should be checked on the way in
+                    for (AssertionInfo ai : ais) {
+                        ai.setAsserted(true);
+                    }                    
+                }
+            }
+        }
+        private Trust10 getTrust10(AssertionInfoMap aim) {
+            Collection<AssertionInfo> ais = aim.get(SP12Constants.TRUST_10);
+            if (ais == null || ais.isEmpty()) {
+                return null;
+            }
+            return (Trust10)ais.iterator().next().getAssertion();
+        }
+        private Trust13 getTrust13(AssertionInfoMap aim) {
+            Collection<AssertionInfo> ais = aim.get(SP12Constants.TRUST_13);
+            if (ais == null || ais.isEmpty()) {
+                return null;
+            }
+            return (Trust13)ais.iterator().next().getAssertion();
+        }
+    }
+    
+    static class IssuedTokenInInterceptor extends AbstractPhaseInterceptor<Message>
{
+        public IssuedTokenInInterceptor() {
+            super(Phase.PRE_PROTOCOL);
+        }
+
+        public void handleMessage(Message message) throws Fault {
+            AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+            // extract Assertion information
+            if (aim != null) {
+                Collection<AssertionInfo> ais = aim.get(SP12Constants.ISSUED_TOKEN);
+                if (ais == null) {
+                    return;
+                }
+                if (!isRequestor(message)) {
+                    //TODO
+                } else {
+                    //client side should be checked on the way out
+                    for (AssertionInfo ai : ais) {
+                        ai.setAsserted(true);
+                    }                    
+                }
+            }
+        }
+    }
+}

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java?rev=740882&r1=740881&r2=740882&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
Wed Feb  4 21:00:19 2009
@@ -25,7 +25,6 @@
 import javax.xml.namespace.QName;
 
 import org.apache.cxf.ws.policy.AbstractPolicyInterceptorProvider;
-import org.apache.cxf.ws.security.policy.SP11Constants;
 import org.apache.cxf.ws.security.policy.SP12Constants;
 
 /**
@@ -35,27 +34,16 @@
     private static final Collection<QName> ASSERTION_TYPES;
     static {
         ASSERTION_TYPES = new ArrayList<QName>();
-        ASSERTION_TYPES.add(SP11Constants.LAYOUT);
-        ASSERTION_TYPES.add(SP11Constants.INCLUDE_TIMESTAMP);
-        ASSERTION_TYPES.add(SP11Constants.ALGORITHM_SUITE);
-        ASSERTION_TYPES.add(SP11Constants.WSS10);
-        ASSERTION_TYPES.add(SP11Constants.WSS11);
-        ASSERTION_TYPES.add(SP11Constants.TRUST_10);
-        ASSERTION_TYPES.add(SP11Constants.USERNAME_TOKEN);
-        ASSERTION_TYPES.add(SP11Constants.TRANSPORT_TOKEN);
-        ASSERTION_TYPES.add(SP11Constants.SIGNED_PARTS);
-        ASSERTION_TYPES.add(SP11Constants.ENCRYPTED_PARTS);
-        ASSERTION_TYPES.add(SP11Constants.INSTANCE.getSupportingTokens());
-        ASSERTION_TYPES.add(SP11Constants.INSTANCE.getSignedSupportingTokens());
-        ASSERTION_TYPES.add(SP11Constants.INSTANCE.getEndorsingSupportingTokens());
-        ASSERTION_TYPES.add(SP11Constants.INSTANCE.getSignedEndorsingSupportingTokens());
-
         ASSERTION_TYPES.add(SP12Constants.LAYOUT);
         ASSERTION_TYPES.add(SP12Constants.INCLUDE_TIMESTAMP);
         ASSERTION_TYPES.add(SP12Constants.ALGORITHM_SUITE);
         ASSERTION_TYPES.add(SP12Constants.WSS10);
         ASSERTION_TYPES.add(SP12Constants.WSS11);
         ASSERTION_TYPES.add(SP12Constants.TRUST_13);
+        ASSERTION_TYPES.add(SP12Constants.PROTECTION_TOKEN);
+        ASSERTION_TYPES.add(SP12Constants.X509_TOKEN);
+        ASSERTION_TYPES.add(SP12Constants.ENCRYPTION_TOKEN);
+        ASSERTION_TYPES.add(SP12Constants.SIGNATURE_TOKEN);
         ASSERTION_TYPES.add(SP12Constants.USERNAME_TOKEN);
         ASSERTION_TYPES.add(SP12Constants.TRANSPORT_TOKEN);            
         ASSERTION_TYPES.add(SP12Constants.SIGNED_PARTS);

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/EncryptionToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/EncryptionToken.java?rev=740882&r1=740881&r2=740882&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/EncryptionToken.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/EncryptionToken.java
Wed Feb  4 21:00:19 2009
@@ -25,9 +25,7 @@
 import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.policy.SPConstants;
 
-public class EncryptionToken extends AbstractSecurityAssertion implements TokenWrapper {
-
-    private Token encryptionToken;
+public class EncryptionToken extends TokenWrapper {
 
     public EncryptionToken(SPConstants version) {
         super(version);
@@ -37,23 +35,16 @@
      * @return Returns the encryptionToken.
      */
     public Token getEncryptionToken() {
-        return encryptionToken;
-    }
-    public Token getToken() {
-        return encryptionToken;
+        return getToken();
     }
 
-
     /**
      * @param encryptionToken The encryptionToken to set.
      */
     public void setEncryptionToken(Token encryptionToken) {
-        this.encryptionToken = encryptionToken;
+        setToken(encryptionToken);
     }
 
-    public void setToken(Token tok) {
-        this.setEncryptionToken(tok);
-    }
 
     public QName getRealName() {
         return constants.getEncryptionToken();
@@ -106,11 +97,11 @@
             writer.writeNamespace(wspPrefix, wspNamespaceURI);
         }
 
-        if (encryptionToken == null) {
+        if (token == null) {
             throw new RuntimeException("EncryptionToken is not set");
         }
 
-        encryptionToken.serialize(writer);
+        token.serialize(writer);
 
         // </wsp:Policy>
         writer.writeEndElement();

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/InitiatorToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/InitiatorToken.java?rev=740882&r1=740881&r2=740882&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/InitiatorToken.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/InitiatorToken.java
Wed Feb  4 21:00:19 2009
@@ -25,9 +25,7 @@
 import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.policy.SPConstants;
 
-public class InitiatorToken extends AbstractSecurityAssertion implements TokenWrapper {
-
-    private Token initiatorToken;
+public class InitiatorToken extends TokenWrapper {
 
     public InitiatorToken(SPConstants version) {
         super(version);
@@ -37,10 +35,7 @@
      * @return Returns the initiatorToken.
      */
     public Token getInitiatorToken() {
-        return initiatorToken;
-    }
-    public Token getToken() {
-        return initiatorToken;
+        return getToken();
     }
 
 
@@ -48,11 +43,7 @@
      * @param initiatorToken The initiatorToken to set.
      */
     public void setInitiatorToken(Token initiatorToken) {
-        this.initiatorToken = initiatorToken;
-    }
-
-    public void setToken(Token tok) {
-        this.setInitiatorToken(tok);
+        setToken(initiatorToken);
     }
 
     public QName getRealName() {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/ProtectionToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/ProtectionToken.java?rev=740882&r1=740881&r2=740882&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/ProtectionToken.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/ProtectionToken.java
Wed Feb  4 21:00:19 2009
@@ -24,11 +24,8 @@
 
 import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.policy.SPConstants;
-import org.apache.neethi.PolicyComponent;
 
-public class ProtectionToken extends AbstractSecurityAssertion implements TokenWrapper {
-
-    private Token protectionToken;
+public class ProtectionToken extends TokenWrapper {
 
     public ProtectionToken(SPConstants version) {
         super(version);
@@ -38,22 +35,16 @@
      * @return Returns the protectionToken.
      */
     public Token getProtectionToken() {
-        return protectionToken;
-    }
-    public Token getToken() {
-        return protectionToken;
+        return getToken();
     }
 
     /**
      * @param protectionToken The protectionToken to set.
      */
     public void setProtectionToken(Token protectionToken) {
-        this.protectionToken = protectionToken;
+        setToken(protectionToken);
     }
 
-    public void setToken(Token tok) {
-        this.setProtectionToken(tok);
-    }
 
     public QName getRealName() {
         return constants.getProtectionToken();
@@ -62,14 +53,6 @@
         return SP12Constants.INSTANCE.getProtectionToken();
     }
 
-    public PolicyComponent normalize() {
-        /*
-         * ProtectionToken can not contain multiple values. Hence we consider it to always
be in the
-         * normalized format.
-         */
-        return this;
-    }
-
     public void serialize(XMLStreamWriter writer) throws XMLStreamException {
         String localname = getRealName().getLocalPart();
         String namespaceURI = getRealName().getNamespaceURI();
@@ -115,11 +98,11 @@
             writer.writeNamespace(wspPrefix, policyNamespaceURI);
         }
 
-        if (protectionToken == null) {
+        if (token == null) {
             throw new RuntimeException("ProtectionToken is not set");
         }
 
-        protectionToken.serialize(writer);
+        token.serialize(writer);
 
         // </wsp:Policy>
         writer.writeEndElement();

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/RecipientToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/RecipientToken.java?rev=740882&r1=740881&r2=740882&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/RecipientToken.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/RecipientToken.java
Wed Feb  4 21:00:19 2009
@@ -25,9 +25,7 @@
 import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.policy.SPConstants;
 
-public class RecipientToken extends AbstractSecurityAssertion implements TokenWrapper {
-
-    private Token recipientToken;
+public class RecipientToken extends  TokenWrapper {
 
     public RecipientToken(SPConstants version) {
         super(version);
@@ -37,26 +35,16 @@
      * @return Returns the receipientToken.
      */
     public Token getRecipientToken() {
-        return recipientToken;
-    }
-    public Token getToken() {
-        return recipientToken;
+        return getToken();
     }
 
     /**
      * @param receipientToken The receipientToken to set.
      */
     public void setRecipientToken(Token recipientToken) {
-        this.recipientToken = recipientToken;
+        setToken(recipientToken);
     }
 
-    /*
-     * (non-Javadoc)
-     * @see org.apache.ws.security.policy.TokenWrapper#setToken(org.apache.ws.security.policy.Token)
-     */
-    public void setToken(Token tok) {
-        this.setRecipientToken(tok);
-    }
 
     public QName getRealName() {
         return constants.getRecipientToken();

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SignatureToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SignatureToken.java?rev=740882&r1=740881&r2=740882&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SignatureToken.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SignatureToken.java
Wed Feb  4 21:00:19 2009
@@ -25,9 +25,7 @@
 import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.policy.SPConstants;
 
-public class SignatureToken extends AbstractSecurityAssertion implements TokenWrapper {
-
-    private Token signatureToken;
+public class SignatureToken extends TokenWrapper {
 
     public SignatureToken(SPConstants version) {
         super(version);
@@ -37,22 +35,15 @@
      * @return Returns the signatureToken.
      */
     public Token getSignatureToken() {
-        return signatureToken;
-    }
-    public Token getToken() {
-        return signatureToken;
+        return getToken();
     }
-
     /**
      * @param signatureToken The signatureToken to set.
      */
     public void setSignatureToken(Token signatureToken) {
-        this.signatureToken = signatureToken;
+        setToken(signatureToken);
     }
 
-    public void setToken(Token tok) {
-        this.setSignatureToken(tok);
-    }
 
     public QName getRealName() {
         return constants.getSignatureToken();
@@ -107,11 +98,11 @@
             writer.writeNamespace(wspPrefix, wspNamespaceURI);
         }
 
-        if (signatureToken == null) {
+        if (token == null) {
             throw new RuntimeException("EncryptionToken is not set");
         }
 
-        signatureToken.serialize(writer);
+        token.serialize(writer);
 
         // </wsp:Policy>
         writer.writeEndElement();

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SupportingToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SupportingToken.java?rev=740882&r1=740881&r2=740882&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SupportingToken.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SupportingToken.java
Wed Feb  4 21:00:19 2009
@@ -33,7 +33,7 @@
 import org.apache.neethi.Policy;
 import org.apache.neethi.PolicyComponent;
 
-public class SupportingToken extends AbstractSecurityAssertion implements AlgorithmWrapper,
TokenWrapper {
+public class SupportingToken extends TokenWrapper implements AlgorithmWrapper {
 
     /**
      * Type of SupportingToken
@@ -254,10 +254,6 @@
             || type == SPConstants.SupportTokenType.SUPPORTING_TOKEN_SIGNED_ENDORSING_ENCRYPTED;
     }
 
-    public PolicyComponent normalize() {
-        return this;
-    }
-
     public short getType() {
         return org.apache.neethi.Constants.TYPE_ASSERTION;
     }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TokenWrapper.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TokenWrapper.java?rev=740882&r1=740881&r2=740882&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TokenWrapper.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TokenWrapper.java
Wed Feb  4 21:00:19 2009
@@ -20,10 +20,48 @@
 
 
 import org.apache.cxf.ws.policy.PolicyAssertion;
+import org.apache.cxf.ws.security.policy.SPConstants;
+import org.apache.neethi.All;
+import org.apache.neethi.ExactlyOne;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyComponent;
 
-public interface TokenWrapper extends PolicyAssertion {
+public abstract class TokenWrapper extends AbstractSecurityAssertion implements PolicyAssertion
{
+    protected Token token;
 
-    void setToken(Token tok);
-    Token getToken();
+    public TokenWrapper(SPConstants version) {
+        super(version);
+    }
     
+    public void setToken(Token tok) {
+        token = tok;
+    }
+    public Token getToken() {
+        return token;
+    }
+    
+    public PolicyComponent normalize() {
+        return this;
+    }
+    
+    public Policy getPolicy() {
+        if (token != null) {
+            Policy p = new Policy();
+            ExactlyOne ea = new ExactlyOne();
+            p.addPolicyComponent(ea);
+            All all = new All();
+            all.addPolicyComponent(token);
+            ea.addPolicyComponent(all);
+            PolicyComponent pc = p.normalize(true);
+            if (pc instanceof Policy) {
+                return (Policy)pc;
+            } else {
+                p = new Policy();
+                p.addPolicyComponent(pc);
+                return p;
+            }
+        }
+        return null;
+    }
+
 }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TransportToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TransportToken.java?rev=740882&r1=740881&r2=740882&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TransportToken.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TransportToken.java
Wed Feb  4 21:00:19 2009
@@ -24,11 +24,8 @@
 
 import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.policy.SPConstants;
-import org.apache.neethi.PolicyComponent;
 
-public class TransportToken extends AbstractSecurityAssertion implements TokenWrapper {
-
-    private Token transportToken;
+public class TransportToken extends TokenWrapper {
 
     public TransportToken(SPConstants version) {
         super(version);
@@ -38,10 +35,7 @@
      * @return Returns the transportToken.
      */
     public Token getTransportToken() {
-        return transportToken;
-    }
-    public Token getToken() {
-        return transportToken;
+        return getToken();
     }
 
     public QName getRealName() {
@@ -51,14 +45,6 @@
         return SP12Constants.INSTANCE.getTransportToken();
     }
 
-    public boolean isOptional() {
-        return false;
-    }
-
-    public PolicyComponent normalize() {
-        return transportToken;
-    }
-    
     public short getType() {
         return org.apache.neethi.Constants.TYPE_ASSERTION;
     }
@@ -90,8 +76,8 @@
                                  SPConstants.POLICY.getNamespaceURI());
 
         // serialization of the token ..
-        if (transportToken != null) {
-            transportToken.serialize(writer);
+        if (token != null) {
+            token.serialize(writer);
         }
 
         // </wsp:Policy>
@@ -101,14 +87,4 @@
         // </sp:TransportToken>
     }
 
-    /*
-     * (non-Javadoc)
-     * @see
-     * org.apache.cxf.ws.security.policy.model.TokenWrapper#setToken(org.apache.cxf.ws.security.policy.model
-     * .Token)
-     */
-    public void setToken(Token tok) {
-        this.transportToken = tok;
-    }
-
 }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=740882&r1=740881&r2=740882&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
Wed Feb  4 21:00:19 2009
@@ -111,6 +111,7 @@
     Element template;
     AlgorithmSuite algorithmSuite;
     String namespace = "http://schemas.xmlsoap.org/ws/2005/02/trust";
+    String addressingNamespace;
     
     Map<String, Object> ctx = new HashMap<String, Object>();
 
@@ -161,6 +162,9 @@
             setSoap12();
         }
     }
+    public void setAddressingNamespace(String ad) {
+        addressingNamespace = ad;
+    }
     
     public void setTrust(Trust10 trust) {
         namespace = "http://schemas.xmlsoap.org/ws/2005/02/trust";
@@ -315,8 +319,14 @@
         writer.writeStartElement(namespace, "RequestType");
         writer.writeCharacters(namespace + "/Issue");
         writer.writeEndElement();
-        if (appliesTo != null) {
-            //TODO: AppliesTo element? 
+        if (appliesTo != null && addressingNamespace != null) {
+            writer.writeStartElement("http://schemas.xmlsoap.org/ws/2004/09/policy", "AppliesTo");
+            writer.writeStartElement(addressingNamespace, "EndpointReference");
+            writer.writeStartElement(addressingNamespace, "Address");
+            writer.writeCharacters(appliesTo);
+            writer.writeEndElement();
+            writer.writeEndElement();
+            writer.writeEndElement();
         }
         //TODO: Lifetime element?
         if (keyType == null) {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java?rev=740882&r1=740881&r2=740882&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
Wed Feb  4 21:00:19 2009
@@ -307,9 +307,18 @@
                     }
                 }
                 ai.setAsserted(true);
-                policyAsserted(aim, abinding.getEncryptionToken());
-                policyAsserted(aim, abinding.getSignatureToken());
-                policyAsserted(aim, abinding.getProtectionToken());
+                if (abinding.getEncryptionToken() != null) {
+                    policyAsserted(aim, abinding.getEncryptionToken());
+                    policyAsserted(aim, abinding.getEncryptionToken().getToken());
+                }
+                if (abinding.getSignatureToken() != null) {
+                    policyAsserted(aim, abinding.getSignatureToken());
+                    policyAsserted(aim, abinding.getSignatureToken().getToken());
+                }
+                if (abinding.getProtectionToken() != null) {
+                    policyAsserted(aim, abinding.getProtectionToken());
+                    policyAsserted(aim, abinding.getProtectionToken().getToken());
+                }
                 policyAsserted(aim, SP12Constants.ENCRYPTED_PARTS);
             }
         }
@@ -364,6 +373,7 @@
             }
             assertPolicy(aim, SP12Constants.LAYOUT);
             assertPolicy(aim, SP12Constants.TRANSPORT_BINDING);
+            assertPolicy(aim, SP12Constants.TRANSPORT_TOKEN);
             action = assertAsymetricBinding(aim, action, message);
             action = assertSymetricBinding(aim, action, message);
             

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=740882&r1=740881&r2=740882&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
Wed Feb  4 21:00:19 2009
@@ -425,9 +425,9 @@
     }
 
     protected SecurityToken getSecurityToken() {
-        SecurityToken st = (SecurityToken)message.getContextualProperty(SecurityConstants.TRUST_TOKEN);
+        SecurityToken st = (SecurityToken)message.getContextualProperty(SecurityConstants.TOKEN);
         if (st == null) {
-            String id = (String)message.getContextualProperty(SecurityConstants.TRUST_TOKEN_ID);
+            String id = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
             if (id != null) {
                 st = getTokenStore().getToken(id);
             }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=740882&r1=740881&r2=740882&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
Wed Feb  4 21:00:19 2009
@@ -104,6 +104,7 @@
         Collection<AssertionInfo> ais;
         WSSecTimestamp timestamp = createTimestamp();
         handleLayout(timestamp);
+        
         try {
             if (this.isRequestor()) {
                 Vector<byte[]> signatureValues = new Vector<byte[]>();



Mime
View raw message