cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dval...@apache.org
Subject svn commit: r966762 - in /cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security: SecurityConstants.java policy/interceptors/IssuedTokenInterceptorProvider.java trust/STSClient.java trust/STSUtils.java
Date Thu, 22 Jul 2010 17:19:34 GMT
Author: dvaleri
Date: Thu Jul 22 17:19:34 2010
New Revision: 966762

URL: http://svn.apache.org/viewvc?rev=966762&view=rev
Log:
[CXF-2905] Added ability to send WS-T 1.4 ActAs element in RST.

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=966762&r1=966761&r2=966762&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
Thu Jul 22 17:19:34 2010
@@ -70,6 +70,8 @@ public final class SecurityConstants {
     public static final String STS_TOKEN_USERNAME = "ws-security.sts.token.username";
     
     public static final String STS_TOKEN_DO_CANCEL = "ws-security.sts.token.do.cancel";
+    
+    public static final String STS_TOKEN_ACT_AS = "ws-security.sts.token.act-as";
 
     public static final Set<String> ALL_PROPERTIES;
     
@@ -79,7 +81,8 @@ public final class SecurityConstants {
             SIGNATURE_USERNAME, SIGNATURE_PROPERTIES, SIGNATURE_CRYPTO,
             ENCRYPT_USERNAME, ENCRYPT_PROPERTIES, ENCRYPT_CRYPTO,
             TOKEN, TOKEN_ID, STS_CLIENT, STS_TOKEN_PROPERTIES, STS_TOKEN_CRYPTO,
-            STS_TOKEN_DO_CANCEL, TIMESTAMP_TTL, ALWAYS_ENCRYPT_UT
+            STS_TOKEN_DO_CANCEL, TIMESTAMP_TTL, ALWAYS_ENCRYPT_UT,
+            STS_TOKEN_ACT_AS
         }));
         ALL_PROPERTIES = Collections.unmodifiableSet(s);
     }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java?rev=966762&r1=966761&r2=966762&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
Thu Jul 22 17:19:34 2010
@@ -80,6 +80,10 @@ public class IssuedTokenInterceptorProvi
             client.setEndpointName(ep.getEndpointInfo().getName().toString() + ".sts-client");
             client.setBeanName(ep.getEndpointInfo().getName().toString() + ".sts-client");
         }
+        
+        // Transpose ActAs info from original request to the STS client.
+        client.setActAs(message.getContextualProperty(SecurityConstants.STS_TOKEN_ACT_AS));
+        
         return client;
     }
     static class IssuedTokenOutInterceptor extends AbstractPhaseInterceptor<Message>
{

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=966762&r1=966761&r2=966762&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
Thu Jul 22 17:19:34 2010
@@ -21,6 +21,7 @@ package org.apache.cxf.ws.security.trust
 
 import java.io.IOException;
 import java.io.InputStream;
+import java.io.StringReader;
 import java.net.URL;
 import java.security.PublicKey;
 import java.security.cert.X509Certificate;
@@ -140,6 +141,8 @@ public class STSClient implements Config
 
     boolean isSecureConv;
     int ttl = 300;
+    
+    Object actAs;
 
     Map<String, Object> ctx = new HashMap<String, Object>();
     
@@ -273,6 +276,11 @@ public class STSClient implements Config
     public void setEndpointQName(QName qn) {
         endpointName = qn;
     }
+    
+    public void setActAs(Object actAs) {
+        this.actAs = actAs;
+    }
+    
     public void setKeySize(int i) {
         keySize = i;
     }
@@ -456,6 +464,9 @@ public class STSClient implements Config
             StaxUtils.copy(el, writer);
             writer.writeEndElement();
         }
+        
+        addActAs(writer);
+        
         writer.writeEndElement();
 
         Object obj[] = client.invoke(boi, new DOMSource(writer.getDocument().getDocumentElement()));
@@ -703,6 +714,35 @@ public class STSClient implements Config
             writer.writeEndElement();
         }
     }
+    
+    private void addActAs(W3CDOMStreamWriter writer) throws Exception {
+        if (this.actAs != null) {
+            final boolean isString = this.actAs instanceof String;
+            final boolean isElement = this.actAs instanceof Element; 
+            if (isString || isElement) {
+                final Element actAsEl;
+                
+                if (isString) {
+                    final Document acAsDoc =
+                        DOMUtils.readXml(new StringReader((String) this.actAs));
+                    actAsEl = acAsDoc.getDocumentElement();
+                } else {
+                    actAsEl = (Element) this.actAs;
+                }
+                
+                writer.writeStartElement(STSUtils.WST_NS_08_02, "ActAs");
+                
+                // Unlikely to ever be otherwise, but still prudent to check.
+                if (actAsEl.getOwnerDocument() != writer.getDocument()) {
+                    writer.getDocument().adoptNode(actAsEl);
+                }
+                
+                writer.getCurrentNode().appendChild(actAsEl);
+                
+                writer.writeEndElement();
+            }
+        }
+    }
 
     private SecurityToken createSecurityToken(Element el, byte[] requestorEntropy)
         throws WSSecurityException {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java?rev=966762&r1=966761&r2=966762&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
Thu Jul 22 17:19:34 2010
@@ -49,8 +49,14 @@ import org.apache.neethi.Policy;
  */
 public final class STSUtils {
     public static final String WST_NS_05_02 = "http://schemas.xmlsoap.org/ws/2005/02/trust";
+    /**
+     * WS-T 1.3 Namespace
+     */
     public static final String WST_NS_05_12 = "http://docs.oasis-open.org/ws-sx/ws-trust/200512";
-
+    /**
+     * WS-T 1.4 Namespace.
+     */
+    public static final String WST_NS_08_02 = "http://docs.oasis-open.org/ws-sx/ws-trust/200802";
     public static final String SCT_NS_05_02 = "http://schemas.xmlsoap.org/ws/2005/02/sc";
     public static final String SCT_NS_05_12 
         = "http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512";



Mime
View raw message