cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r742662 - in /cxf/trunk: api/src/main/java/org/apache/cxf/ws/policy/ rt/core/src/main/java/org/apache/cxf/interceptor/ rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/ rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/ rt/ws/securit...
Date Mon, 09 Feb 2009 18:02:37 GMT
Author: dkulp
Date: Mon Feb  9 18:02:36 2009
New Revision: 742662

URL: http://svn.apache.org/viewvc?rev=742662&view=rev
Log:
Baby steps toward WS-SecureConversation

Added:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java
  (with props)
Modified:
    cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/AssertionInfoMap.java
    cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingInInterceptor.java
    cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingMessage.java
    cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingOutInterceptor.java
    cxf/trunk/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/ContextUtils.java
    cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyEngineImpl.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SymmetricBinding.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TokenWrapper.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java

Modified: cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/AssertionInfoMap.java
URL: http://svn.apache.org/viewvc/cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/AssertionInfoMap.java?rev=742662&r1=742661&r2=742662&view=diff
==============================================================================
--- cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/AssertionInfoMap.java (original)
+++ cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/AssertionInfoMap.java Mon Feb  9
18:02:36 2009
@@ -54,7 +54,9 @@
     private void putAssertionInfo(PolicyAssertion a) {
         Policy p = a.getPolicy();
         if (p != null) {
-            for (PolicyAssertion na : getAssertions(p)) {
+            List<PolicyAssertion> pcs = new ArrayList<PolicyAssertion>();
+            getAssertions(p, pcs);
+            for (PolicyAssertion na : pcs) {
                 putAssertionInfo(na);
             }
         }
@@ -142,17 +144,21 @@
             }
         }
     }
-    
     private static Collection<PolicyAssertion> getAssertions(PolicyOperator p) {
+        Collection<PolicyAssertion> assertions = new ArrayList<PolicyAssertion>();
+        getAssertions(p, assertions);
+        return assertions;
+    }
+    
+    private static void getAssertions(PolicyOperator p, Collection<PolicyAssertion>
assertions) {
         List<PolicyComponent> pcs = 
             CastUtils.cast(p.getPolicyComponents(), PolicyComponent.class);
-        if (pcs.size() == 0 || pcs.get(0) instanceof PolicyAssertion) {
-            return CastUtils.cast(pcs, PolicyAssertion.class);
-        }
-        Collection<PolicyAssertion> assertions = new ArrayList<PolicyAssertion>();
         for (PolicyComponent pc : pcs) {
-            assertions.addAll(getAssertions((PolicyOperator)pc));
+            if (pc instanceof PolicyAssertion) {
+                assertions.add((PolicyAssertion)pc);
+            } else {
+                getAssertions((PolicyOperator)pc, assertions);
+            }
         }
-        return assertions;   
     }
 }

Modified: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingInInterceptor.java?rev=742662&r1=742661&r2=742662&view=diff
==============================================================================
--- cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingInInterceptor.java (original)
+++ cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingInInterceptor.java Mon
Feb  9 18:02:36 2009
@@ -92,6 +92,10 @@
         if (encoding != null) {
             buffer.getEncoding().append(encoding);
         }
+        String ct = (String)message.get(Message.CONTENT_TYPE);
+        if (ct != null) {
+            buffer.getContentType().append(ct);
+        }
         Object headers = message.get(Message.PROTOCOL_HEADERS);
 
         if (headers != null) {

Modified: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingMessage.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingMessage.java?rev=742662&r1=742661&r2=742662&view=diff
==============================================================================
--- cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingMessage.java (original)
+++ cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingMessage.java Mon Feb
 9 18:02:36 2009
@@ -22,6 +22,7 @@
 
     private final String heading;
     private final StringBuilder address;
+    private final StringBuilder contentType;
     private final StringBuilder encoding;
     private final StringBuilder header;
     private final StringBuilder message;
@@ -30,6 +31,7 @@
     public LoggingMessage(String h) {
         heading = h;
 
+        contentType = new StringBuilder();
         address = new StringBuilder();
         encoding = new StringBuilder();
         header = new StringBuilder();
@@ -48,6 +50,10 @@
         return header;
     }
 
+    public StringBuilder getContentType() {
+        return contentType;
+    }
+
     public StringBuilder getMessage() {
         return message;
     }
@@ -65,6 +71,8 @@
         }
         buffer.append("\nEncoding: ");
         buffer.append(encoding);
+        buffer.append("\nContent-Type: ");
+        buffer.append(contentType);
         buffer.append("\nHeaders: ");
         buffer.append(header);
         buffer.append("\nMessages: ");

Modified: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingOutInterceptor.java?rev=742662&r1=742661&r2=742662&view=diff
==============================================================================
--- cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingOutInterceptor.java
(original)
+++ cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingOutInterceptor.java
Mon Feb  9 18:02:36 2009
@@ -117,8 +117,11 @@
             if (address != null) {
                 buffer.getAddress().append(address);
             }
+            String ct = (String)message.get(Message.CONTENT_TYPE);
+            if (ct != null) {
+                buffer.getContentType().append(ct);
+            }
             Object headers = message.get(Message.PROTOCOL_HEADERS);
-
             if (headers != null) {
                 buffer.getHeader().append(headers);
             }

Modified: cxf/trunk/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/ContextUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/ContextUtils.java?rev=742662&r1=742661&r2=742662&view=diff
==============================================================================
--- cxf/trunk/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/ContextUtils.java (original)
+++ cxf/trunk/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/ContextUtils.java Mon
Feb  9 18:02:36 2009
@@ -32,6 +32,7 @@
 import javax.xml.namespace.QName;
 
 import org.apache.cxf.Bus;
+import org.apache.cxf.binding.soap.SoapBindingConstants;
 import org.apache.cxf.binding.soap.model.SoapOperationInfo;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.TwoStageMap;
@@ -668,12 +669,15 @@
                 bindingOpInfo = bindingOpInfo.getUnwrappedOperation();
             }
             if (fault == null) {
-                SoapOperationInfo soi = 
-                    bindingOpInfo.getExtensor(SoapOperationInfo.class);
-                if (null != soi) {
-                    action = soi.getAction();
-                }
+                action = (String) message.get(SoapBindingConstants.SOAP_ACTION);
+                if (action == null) {
+                    SoapOperationInfo soi = 
+                        bindingOpInfo.getExtensor(SoapOperationInfo.class);
+                    if (null != soi) {
+                        action = soi.getAction();
+                    }
 
+                }
                 if (action == null || "".equals(action)) {
                     MessageInfo msgInfo = 
                         ContextUtils.isRequestor(message)

Modified: cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyEngineImpl.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyEngineImpl.java?rev=742662&r1=742661&r2=742662&view=diff
==============================================================================
--- cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyEngineImpl.java (original)
+++ cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyEngineImpl.java Mon
Feb  9 18:02:36 2009
@@ -20,11 +20,13 @@
 package org.apache.cxf.ws.policy;
 
 import java.util.*;
+import java.util.logging.Logger;
 
 import javax.annotation.PostConstruct;
 import javax.xml.namespace.QName;
 
 import org.apache.cxf.Bus;
+import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.extension.BusExtension;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.service.model.BindingFaultInfo;
@@ -46,6 +48,9 @@
  * 
  */
 public class PolicyEngineImpl implements PolicyEngine, BusExtension {
+    private static final Logger LOG = LogUtils.getL7dLogger(PolicyEngineImpl.class);
+    
+    
     private static final String POLICY_INFO_REQUEST_SERVER = "policy-engine-info-serve-request";
     private static final String POLICY_INFO_FAULT_SERVER = "policy-engine-info-serve-fault";
     private static final String POLICY_INFO_RESPONSE_SERVER = "policy-engine-info-serve-response";
@@ -504,6 +509,8 @@
             if (!(a.isOptional() 
                 || (null != pipr.get(a.getName())) 
                 || (null != assertor && assertor.canAssert(a.getName())))) {
+                
+                LOG.fine("Alternative " + a.getName() + " is not supported");
                 return false;
             }
         }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=742662&r1=742661&r2=742662&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
Mon Feb  9 18:02:36 2009
@@ -19,6 +19,11 @@
 
 package org.apache.cxf.ws.security;
 
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
 /**
  * 
  */
@@ -41,6 +46,18 @@
     
     public static final String STS_CLIENT = "ws-security.sts.client";
 
+    public static final Set<String> ALL_PROPERTIES;
+    
+    static {
+        Set<String> s = new HashSet<String>(Arrays.asList(new String[] {
+            USERNAME, PASSWORD, CALLBACK_HANDLER, 
+            SIGNATURE_USERNAME, SIGNATURE_PROPERTIES, SIGNATURE_CRYPTO,
+            ENCRYPT_USERNAME, ENCRYPT_PROPERTIES, ENCRYPT_CRYPTO,
+            TOKEN, TOKEN_ID, STS_CLIENT
+        }));
+        ALL_PROPERTIES = Collections.unmodifiableSet(s);
+    }
+    
     private SecurityConstants() {
         //utility class
     }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java?rev=742662&r1=742661&r2=742662&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
Mon Feb  9 18:02:36 2009
@@ -57,6 +57,7 @@
 import org.apache.cxf.ws.security.policy.builders.X509TokenBuilder;
 import org.apache.cxf.ws.security.policy.interceptors.HttpsTokenInterceptorProvider;
 import org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider;
+import org.apache.cxf.ws.security.policy.interceptors.SecureConversationTokenInterceptorProvider;
 import org.apache.cxf.ws.security.policy.interceptors.WSSecurityInterceptorProvider;
 import org.apache.cxf.ws.security.policy.interceptors.WSSecurityPolicyInterceptorProvider;
 
@@ -121,6 +122,7 @@
         reg.register(new WSSecurityInterceptorProvider());
         reg.register(new HttpsTokenInterceptorProvider());
         reg.register(new IssuedTokenInterceptorProvider());
+        reg.register(new SecureConversationTokenInterceptorProvider());
     }
 
 }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java?rev=742662&r1=742661&r2=742662&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
Mon Feb  9 18:02:36 2009
@@ -121,9 +121,10 @@
                                     client.setAddressingNamespace(maps.getNamespaceURI());
                                     tok = client.requestSecurityToken(s);
                                 }
+                            } catch (RuntimeException e) {
+                                throw e;
                             } catch (Exception e) {
-                                // TODO Auto-generated catch block
-                                e.printStackTrace();
+                                throw new Fault(e);
                             } finally {
                                 client.setTrust((Trust10)null);
                                 client.setTrust((Trust13)null);

Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java?rev=742662&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java
(added)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java
Mon Feb  9 18:02:36 2009
@@ -0,0 +1,253 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.policy.interceptors;
+
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Map;
+
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.binding.soap.Soap11;
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.endpoint.Endpoint;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.phase.AbstractPhaseInterceptor;
+import org.apache.cxf.phase.Phase;
+import org.apache.cxf.ws.addressing.AddressingProperties;
+import org.apache.cxf.ws.addressing.policy.MetadataConstants;
+import org.apache.cxf.ws.policy.AbstractPolicyInterceptorProvider;
+import org.apache.cxf.ws.policy.AssertionInfo;
+import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.cxf.ws.policy.PolicyAssertion;
+import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.policy.SP11Constants;
+import org.apache.cxf.ws.security.policy.SP12Constants;
+import org.apache.cxf.ws.security.policy.model.SecureConversationToken;
+import org.apache.cxf.ws.security.policy.model.Trust10;
+import org.apache.cxf.ws.security.policy.model.Trust13;
+import org.apache.cxf.ws.security.tokenstore.MemoryTokenStore;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.cxf.ws.security.trust.STSClient;
+import org.apache.neethi.All;
+import org.apache.neethi.ExactlyOne;
+import org.apache.neethi.Policy;
+
+/**
+ * 
+ */
+public class SecureConversationTokenInterceptorProvider extends AbstractPolicyInterceptorProvider
{
+
+    public SecureConversationTokenInterceptorProvider() {
+        super(Arrays.asList(SP11Constants.SECURE_CONVERSATION_TOKEN,
+                            SP12Constants.SECURE_CONVERSATION_TOKEN));
+        this.getOutInterceptors().add(new SecureConversationOutInterceptor());
+        this.getOutFaultInterceptors().add(new SecureConversationOutInterceptor());
+        this.getInInterceptors().add(new SecureConversationInInterceptor());
+        this.getInFaultInterceptors().add(new SecureConversationInInterceptor());
+    }
+    
+    
+    static final TokenStore getTokenStore(Message message) {
+        TokenStore tokenStore = (TokenStore)message.getContextualProperty(TokenStore.class.getName());
+        if (tokenStore == null) {
+            tokenStore = new MemoryTokenStore();
+            message.getExchange().get(Endpoint.class).getEndpointInfo()
+                .setProperty(TokenStore.class.getName(), tokenStore);
+        }
+        return tokenStore;
+    }
+    static STSClient getClient(Message message) {
+        STSClient client = (STSClient)message
+            .getContextualProperty(SecurityConstants.STS_CLIENT);
+        if (client == null) {
+            client = new STSClient(message.getExchange().get(Bus.class));
+            client.setBeanName(message.getExchange().get(Endpoint.class)
+                               .getEndpointInfo().getName().toString() + ".sct-client");
+        }
+        return client;
+    }
+    static class SecureConversationOutInterceptor extends AbstractPhaseInterceptor<SoapMessage>
{
+        public SecureConversationOutInterceptor() {
+            super(Phase.PREPARE_SEND);
+        }
+        public void handleMessage(SoapMessage message) throws Fault {
+            AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+            // extract Assertion information
+            if (aim != null) {
+                Collection<AssertionInfo> ais = aim.get(SP12Constants.SECURE_CONVERSATION_TOKEN);
+                if (ais == null || ais.isEmpty()) {
+                    return;
+                }
+                if (isRequestor(message)) {
+                    SecureConversationToken itok = (SecureConversationToken)ais.iterator()
+                        .next().getAssertion();
+                    
+                    SecurityToken tok = (SecurityToken)message.getContextualProperty(SecurityConstants.TOKEN);
+                    if (tok == null) {
+                        String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
+                        if (tokId != null) {
+                            tok = getTokenStore(message).getToken(tokId);
+                        }
+                    }
+                    if (tok == null) {
+                        STSClient client = getClient(message);
+                        AddressingProperties maps =
+                            (AddressingProperties)message
+                                .get("javax.xml.ws.addressing.context.outbound");
+                        if (maps == null) {
+                            maps = (AddressingProperties)message
+                                .get("javax.xml.ws.addressing.context");
+                        }
+                        synchronized (client) {
+                            try {
+                                client.setTrust(getTrust10(aim));
+                                client.setTrust(getTrust13(aim));
+                                Policy pol = itok.getBootstrapPolicy();
+                                if (maps != null) {
+                                    Policy p = new Policy();
+                                    ExactlyOne ea = new ExactlyOne();
+                                    p.addPolicyComponent(ea);
+                                    All all = new All();
+                                    all.addPolicyComponent(getAddressingPolicy(aim));
+                                    ea.addPolicyComponent(all);
+                                    pol = p.merge(pol);
+                                }
+                                
+                                client.setPolicy(pol);
+                                client.setSoap11(message.getVersion() == Soap11.getInstance());
+                                client.setSecureConv(true);
+                                String s = message
+                                    .getContextualProperty(Message.ENDPOINT_ADDRESS).toString();
+                                client.setLocation(s);
+                                
+                                Map<String, Object> ctx = client.getRequestContext();
+                                mapSecurityProps(message, ctx);
+                                if (maps == null) {
+                                    tok = client.requestSecurityToken();
+                                } else {
+                                    client.setAddressingNamespace(maps.getNamespaceURI());
+                                    tok = client.requestSecurityToken();
+                                }
+                            } catch (RuntimeException e) {
+                                throw e;
+                            } catch (Exception e) {
+                                throw new Fault(e);
+                            } finally {
+                                client.setTrust((Trust10)null);
+                                client.setTrust((Trust13)null);
+                                client.setTemplate(null);
+                                client.setLocation(null);
+                                client.setAddressingNamespace(null);
+                            }
+                        }
+                    } else {
+                        //renew token?
+                    }
+                    if (tok != null) {
+                        for (AssertionInfo ai : ais) {
+                            ai.setAsserted(true);
+                        }
+                        message.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID,

+                                                                      tok.getId());
+                        getTokenStore(message).add(tok);
+                    }
+                } else {
+                    //server side should be checked on the way in
+                    for (AssertionInfo ai : ais) {
+                        ai.setAsserted(true);
+                    }                    
+                }
+            }
+        }
+        
+        
+        private PolicyAssertion getAddressingPolicy(AssertionInfoMap aim) {
+            Collection<AssertionInfo> lst = aim.get(MetadataConstants.USING_ADDRESSING_2004_QNAME);
+            if (null != lst && !lst.isEmpty()) {
+                return lst.iterator().next().getAssertion();
+            }
+            lst = aim.get(MetadataConstants.USING_ADDRESSING_2005_QNAME);
+            if (null != lst && !lst.isEmpty()) {
+                return lst.iterator().next().getAssertion();
+            }
+            lst = aim.get(MetadataConstants.USING_ADDRESSING_2006_QNAME);
+            if (null != lst && !lst.isEmpty()) {
+                return lst.iterator().next().getAssertion();
+            }
+            return new PrimitiveAssertion(MetadataConstants.USING_ADDRESSING_2006_QNAME,

+                                          false);
+        }
+        private void mapSecurityProps(Message message, Map<String, Object> ctx) {
+            for (String s : SecurityConstants.ALL_PROPERTIES) {
+                Object v = message.getContextualProperty(s + ".sct");
+                if (v != null) {
+                    ctx.put(s, v);
+                }
+            }
+        }
+
+        private Trust10 getTrust10(AssertionInfoMap aim) {
+            Collection<AssertionInfo> ais = aim.get(SP12Constants.TRUST_10);
+            if (ais == null || ais.isEmpty()) {
+                ais = aim.get(SP11Constants.TRUST_10);
+            }
+            if (ais == null || ais.isEmpty()) {
+                return null;
+            }
+            return (Trust10)ais.iterator().next().getAssertion();
+        }
+        private Trust13 getTrust13(AssertionInfoMap aim) {
+            Collection<AssertionInfo> ais = aim.get(SP12Constants.TRUST_13);
+            if (ais == null || ais.isEmpty()) {
+                return null;
+            }
+            return (Trust13)ais.iterator().next().getAssertion();
+        }
+    }
+    
+    static class SecureConversationInInterceptor extends AbstractPhaseInterceptor<Message>
{
+        public SecureConversationInInterceptor() {
+            super(Phase.PRE_PROTOCOL);
+        }
+
+        public void handleMessage(Message message) throws Fault {
+            AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+            // extract Assertion information
+            if (aim != null) {
+                Collection<AssertionInfo> ais = aim.get(SP12Constants.SECURE_CONVERSATION_TOKEN);
+                if (ais == null) {
+                    return;
+                }
+                if (!isRequestor(message)) {
+                    //TODO
+                } else {
+                    //client side should be checked on the way out
+                    for (AssertionInfo ai : ais) {
+                        ai.setAsserted(true);
+                    }                    
+                }
+            }
+        }
+    }
+}

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java?rev=742662&r1=742661&r2=742662&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
Mon Feb  9 18:02:36 2009
@@ -25,6 +25,7 @@
 import javax.xml.namespace.QName;
 
 import org.apache.cxf.ws.policy.AbstractPolicyInterceptorProvider;
+import org.apache.cxf.ws.security.policy.SP11Constants;
 import org.apache.cxf.ws.security.policy.SP12Constants;
 
 /**
@@ -39,6 +40,7 @@
         ASSERTION_TYPES.add(SP12Constants.ALGORITHM_SUITE);
         ASSERTION_TYPES.add(SP12Constants.WSS10);
         ASSERTION_TYPES.add(SP12Constants.WSS11);
+        ASSERTION_TYPES.add(SP11Constants.TRUST_10);
         ASSERTION_TYPES.add(SP12Constants.TRUST_13);
         ASSERTION_TYPES.add(SP12Constants.PROTECTION_TOKEN);
         ASSERTION_TYPES.add(SP12Constants.X509_TOKEN);

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SymmetricBinding.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SymmetricBinding.java?rev=742662&r1=742661&r2=742662&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SymmetricBinding.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SymmetricBinding.java
Mon Feb  9 18:02:36 2009
@@ -102,7 +102,10 @@
         return SP12Constants.INSTANCE.getSymmetricBinding();
     }
     public PolicyComponent normalize() {
-        return this;
+        All all = new All();
+        all.addPolicyComponent(getPolicy().getFirstPolicyComponent());
+        all.addPolicyComponent(this);
+        return all;
     }
 
     public Policy getPolicy() {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TokenWrapper.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TokenWrapper.java?rev=742662&r1=742661&r2=742662&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TokenWrapper.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TokenWrapper.java
Mon Feb  9 18:02:36 2009
@@ -41,6 +41,12 @@
     }
     
     public PolicyComponent normalize() {
+        if (token != null) {
+            All all = new All();
+            all.addPolicyComponent(token.normalize());
+            all.addPolicyComponent(this);
+            return all;
+        }
         return this;
     }
     

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=742662&r1=742661&r2=742662&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
Mon Feb  9 18:02:36 2009
@@ -113,6 +113,8 @@
     String namespace = "http://schemas.xmlsoap.org/ws/2005/02/trust";
     String addressingNamespace;
     
+    boolean isSecureConv;
+    
     Map<String, Object> ctx = new HashMap<String, Object>();
 
     private CallbackHandler cbHandler;
@@ -167,13 +169,25 @@
     }
     
     public void setTrust(Trust10 trust) {
-        namespace = "http://schemas.xmlsoap.org/ws/2005/02/trust";
+        if (trust != null) {
+            namespace = "http://schemas.xmlsoap.org/ws/2005/02/trust";
+        }
         trust10 = trust;
     }
     public void setTrust(Trust13 trust) {
+        if (trust != null) {
+            namespace = "http://docs.oasis-open.org/ws-sx/ws-trust/200512";
+        }
         trust13 = trust;        
-        namespace = "http://docs.oasis-open.org/ws-sx/ws-trust/200512"; 
     }
+    public boolean isSecureConv() {
+        return isSecureConv;
+    }
+
+    public void setSecureConv(boolean secureConv) {
+        this.isSecureConv = secureConv;
+    }
+
     public void setAlgorithmSuite(AlgorithmSuite ag) {
         algorithmSuite = ag;
     }
@@ -296,6 +310,10 @@
         BindingOperationInfo boi = findOperation("/RST/Issue");
         
         client.getRequestContext().putAll(ctx);
+        if (isSecureConv) {
+            client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION,
+                                           namespace + "/RST/SCT");
+        }
         
         W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
         writer.writeStartElement(namespace, "RequestSecurityToken");
@@ -315,7 +333,12 @@
             }
         }
         
-        
+        if (isSecureConv && keyType == null) {
+            writer.writeStartElement(namespace, "TokenType");
+            writer.writeCharacters("http://schemas.xmlsoap.org/ws/2005/02/sc/sct");
+            writer.writeEndElement();
+            keyType = namespace + "/SymmetricKey";
+        }
         writer.writeStartElement(namespace, "RequestType");
         writer.writeCharacters(namespace + "/Issue");
         writer.writeEndElement();
@@ -329,13 +352,14 @@
             writer.writeEndElement();
         }
         //TODO: Lifetime element?
-        if (keyType == null) {
+        
+        if (keyType == null && !isSecureConv) {
             writer.writeStartElement(namespace, "KeyType");
-            //TODO: Set the KeyType?
             writer.writeCharacters(namespace + "/SymmetricKey");
             writer.writeEndElement();
             keyType = namespace + "/SymmetricKey";
         }
+        
         byte[] requestorEntropy = null;
         
         if (keyType.endsWith("SymmetricKey")) {
@@ -356,9 +380,11 @@
     
                 writer.writeEndElement();
                 writer.writeEndElement();
-                writer.writeStartElement(namespace, "ComputedKeyAlgorithm");
-                writer.writeCharacters(namespace + "/CK/PSHA1");
-                writer.writeEndElement();
+                if (!isSecureConv) {
+                    writer.writeStartElement(namespace, "ComputedKeyAlgorithm");
+                    writer.writeCharacters(namespace + "/CK/PSHA1");
+                    writer.writeEndElement();
+                }
             }
         } else if (keyType.endsWith("PublicKey")) {
             writer.writeStartElement(namespace, "UseKey");



Mime
View raw message