cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r1080112 - in /cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security: ./ policy/interceptors/ trust/ wss4j/ wss4j/policyhandlers/
Date Thu, 10 Mar 2011 02:41:25 GMT
Author: dkulp
Date: Thu Mar 10 02:41:25 2011
New Revision: 1080112

URL: http://svn.apache.org/viewvc?rev=1080112&view=rev
Log:
Pass the WSSConfig object around better to avoid creating more
default WSSConfig objects when not needed.
Add a Validator that will call off to and STS to validate the incoming
tokens on the server side.

Added:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
  (with props)
Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/WSSecurityTokenHolder.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=1080112&r1=1080111&r2=1080112&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
Thu Mar 10 02:41:25 2011
@@ -32,6 +32,10 @@ public final class SecurityConstants {
     public static final String PASSWORD = "ws-security.password";
     public static final String VALIDATE_TOKEN = "ws-security.validate.token";
     public static final String USERNAME_TOKEN_VALIDATOR = "ws-security.ut.validator";
+    public static final String SAML1_TOKEN_VALIDATOR = "ws-security.saml1.validator";
+    public static final String SAML2_TOKEN_VALIDATOR = "ws-security.saml2.validator";
+    public static final String TIMESTAMP_TOKEN_VALIDATOR = "ws-security.timestamp.validator";
+    public static final String SIGNATURE_TOKEN_VALIDATOR = "ws-security.signature.validator";
     
     public static final String CALLBACK_HANDLER = "ws-security.callback-handler";
     
@@ -43,6 +47,7 @@ public final class SecurityConstants {
     
     public static final String SIGNATURE_CRYPTO = "ws-security.signature.crypto";
     public static final String ENCRYPT_CRYPTO = "ws-security.encryption.crypto";
+    
 
     public static final String TOKEN = "ws-security.token";
     public static final String TOKEN_ID = "ws-security.token.id";
@@ -85,7 +90,9 @@ public final class SecurityConstants {
             ENCRYPT_USERNAME, ENCRYPT_PROPERTIES, ENCRYPT_CRYPTO,
             TOKEN, TOKEN_ID, STS_CLIENT, STS_TOKEN_PROPERTIES, STS_TOKEN_CRYPTO,
             STS_TOKEN_DO_CANCEL, TIMESTAMP_TTL, ALWAYS_ENCRYPT_UT,
-            STS_TOKEN_ACT_AS, STS_TOKEN_USERNAME, STS_TOKEN_USE_CERT_FOR_KEYINFO
+            STS_TOKEN_ACT_AS, STS_TOKEN_USERNAME, STS_TOKEN_USE_CERT_FOR_KEYINFO,
+            SAML1_TOKEN_VALIDATOR, SAML2_TOKEN_VALIDATOR, TIMESTAMP_TOKEN_VALIDATOR,
+            SIGNATURE_TOKEN_VALIDATOR
         }));
         ALL_PROPERTIES = Collections.unmodifiableSet(s);
     }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java?rev=1080112&r1=1080111&r2=1080112&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
Thu Mar 10 02:41:25 2011
@@ -24,7 +24,6 @@ import java.util.Arrays;
 import java.util.Collection;
 import java.util.List;
 
-import org.apache.cxf.Bus;
 import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.interceptor.Fault;
@@ -45,6 +44,7 @@ import org.apache.cxf.ws.security.tokens
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.cxf.ws.security.trust.STSClient;
+import org.apache.cxf.ws.security.trust.STSUtils;
 import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor;
 import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor;
 import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
@@ -86,18 +86,7 @@ public class IssuedTokenInterceptorProvi
         }
         return tokenStore;
     }
-    static STSClient getClient(Message message) {
-        STSClient client = (STSClient)message
-            .getContextualProperty(SecurityConstants.STS_CLIENT);
-        if (client == null) {
-            client = new STSClient(message.getExchange().get(Bus.class));
-            Endpoint ep = message.getExchange().get(Endpoint.class);
-            client.setEndpointName(ep.getEndpointInfo().getName().toString() + ".sts-client");
-            client.setBeanName(ep.getEndpointInfo().getName().toString() + ".sts-client");
-        }
-        
-        return client;
-    }
+
     static class IssuedTokenOutInterceptor extends AbstractPhaseInterceptor<Message>
{
         public IssuedTokenOutInterceptor() {
             super(Phase.PREPARE_SEND);
@@ -121,7 +110,7 @@ public class IssuedTokenInterceptorProvi
                         }
                     }
                     if (tok == null) {
-                        STSClient client = getClient(message);
+                        STSClient client = STSUtils.getClient(message);
                         AddressingProperties maps =
                             (AddressingProperties)message
                                 .get("javax.xml.ws.addressing.context.outbound");

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java?rev=1080112&r1=1080111&r2=1080112&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
Thu Mar 10 02:41:25 2011
@@ -531,7 +531,7 @@ class SecureConversationInInterceptor ex
                 }
             }
 
-            STSClient client = SecureConversationTokenInterceptorProvider.getClient(m2);
+            STSClient client = STSUtils.getClient(m2);
             AddressingProperties maps =
                 (AddressingProperties)message
                     .get("javax.xml.ws.addressing.context.inbound");

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java?rev=1080112&r1=1080111&r2=1080112&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
Thu Mar 10 02:41:25 2011
@@ -38,6 +38,7 @@ import org.apache.cxf.ws.security.policy
 import org.apache.cxf.ws.security.policy.model.Trust13;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.trust.STSClient;
+import org.apache.cxf.ws.security.trust.STSUtils;
 import org.apache.ws.security.WSConstants;
 
 class SecureConversationOutInterceptor extends AbstractPhaseInterceptor<SoapMessage>
{
@@ -98,7 +99,7 @@ class SecureConversationOutInterceptor e
             return;
         }
         
-        STSClient client = SecureConversationTokenInterceptorProvider.getClient(message);
+        STSClient client = STSUtils.getClient(message);
         AddressingProperties maps =
             (AddressingProperties)message
                 .get("javax.xml.ws.addressing.context.outbound");
@@ -138,7 +139,7 @@ class SecureConversationOutInterceptor e
     private SecurityToken issueToken(SoapMessage message,
                                      AssertionInfoMap aim,
                                      SecureConversationToken itok) {
-        STSClient client = SecureConversationTokenInterceptorProvider.getClient(message);
+        STSClient client = STSUtils.getClient(message);
         AddressingProperties maps =
             (AddressingProperties)message
                 .get("javax.xml.ws.addressing.context.outbound");

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java?rev=1080112&r1=1080111&r2=1080112&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java
Thu Mar 10 02:41:25 2011
@@ -30,7 +30,6 @@ import javax.xml.stream.XMLStreamExcepti
 import org.w3c.dom.Element;
 
 
-import org.apache.cxf.Bus;
 import org.apache.cxf.binding.soap.Soap11;
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.common.logging.LogUtils;
@@ -223,17 +222,6 @@ public class SecureConversationTokenInte
             }
         }
     }
-    static STSClient getClient(Message message) {
-        STSClient client = (STSClient)message
-            .getContextualProperty(SecurityConstants.STS_CLIENT);
-        if (client == null) {
-            client = new STSClient(message.getExchange().get(Bus.class));
-            Endpoint ep = message.getExchange().get(Endpoint.class);
-            client.setEndpointName(ep.getEndpointInfo().getName().toString() + ".sct-client");
-            client.setBeanName(ep.getEndpointInfo().getName().toString() + ".sct-client");
-        }
-        return client;
-    }
     
     static byte[] writeProofToken(String prefix, 
                                           String namespace,

Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java?rev=1080112&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
(added)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
Thu Mar 10 02:41:25 2011
@@ -0,0 +1,66 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.trust;
+
+
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.validate.Credential;
+import org.apache.ws.security.validate.Validator;
+
+/**
+ * 
+ */
+public class STSTokenValidator implements Validator {
+    Validator delegate;
+    
+    public STSTokenValidator() {
+    }
+    public STSTokenValidator(Validator delegate) {
+        this.delegate = delegate;
+    }
+    
+    public Credential validate(Credential credential, RequestData data) throws WSSecurityException
{
+        if (delegate != null) {
+            credential = delegate.validate(credential, data);
+        }
+        SoapMessage m = (SoapMessage)data.getMsgContext();
+        SecurityToken token = new SecurityToken();
+        
+        try {
+            token.setToken(credential.getAssertion().getElement());
+            
+            STSClient c = STSUtils.getClient(m);
+            synchronized (c) {
+                System.setProperty("noprint", "true");
+                if (c.validateSecurityToken(token)) {
+                    return credential;
+                } 
+                System.clearProperty("noprint");
+            }
+        } catch (Exception e) {
+            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity",
null, e);
+        }
+        throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+    }
+
+}

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java?rev=1080112&r1=1080111&r2=1080112&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
Thu Mar 10 02:41:25 2011
@@ -30,6 +30,7 @@ import org.apache.cxf.databinding.source
 import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.endpoint.EndpointException;
 import org.apache.cxf.endpoint.EndpointImpl;
+import org.apache.cxf.message.Message;
 import org.apache.cxf.service.Service;
 import org.apache.cxf.service.ServiceImpl;
 import org.apache.cxf.service.model.BindingInfo;
@@ -42,6 +43,7 @@ import org.apache.cxf.service.model.Oper
 import org.apache.cxf.service.model.ServiceInfo;
 import org.apache.cxf.transport.ConduitInitiator;
 import org.apache.cxf.transport.ConduitInitiatorManager;
+import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.neethi.Policy;
 
 /**
@@ -78,6 +80,17 @@ public final class STSUtils {
         return TOKEN_TYPE_SCT_05_12;
     }
     
+    public static STSClient getClient(Message message) {
+        STSClient client = (STSClient)message
+            .getContextualProperty(SecurityConstants.STS_CLIENT);
+        if (client == null) {
+            client = new STSClient(message.getExchange().get(Bus.class));
+            Endpoint ep = message.getExchange().get(Endpoint.class);
+            client.setEndpointName(ep.getEndpointInfo().getName().toString() + ".sct-client");
+            client.setBeanName(ep.getEndpointInfo().getName().toString() + ".sct-client");
+        }
+        return client;
+    }
     
     public static Endpoint createSTSEndpoint(Bus bus, 
                                              String namespace,

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java?rev=1080112&r1=1080111&r2=1080112&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
Thu Mar 10 02:41:25 2011
@@ -48,6 +48,7 @@ import org.apache.cxf.ws.security.policy
 import org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler;
 import org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler;
 import org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler;
+import org.apache.ws.security.WSSConfig;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.message.WSSecHeader;
 
@@ -146,15 +147,19 @@ public class PolicyBasedWSS4JOutIntercep
                         //ignore
                     }
                     
-                    
+                    WSSConfig config = (WSSConfig)message.getContextualProperty(WSSConfig.class.getName());
+                    if (config == null) {
+                        config = WSSConfig.getNewInstance();
+                    }
+
                     if (transport instanceof TransportBinding) {
-                        new TransportBindingHandler((TransportBinding)transport, saaj,
+                        new TransportBindingHandler(config, (TransportBinding)transport,
saaj,
                                                     secHeader, aim, message).handleBinding();
                     } else if (transport instanceof SymmetricBinding) {
-                        new SymmetricBindingHandler((SymmetricBinding)transport, saaj,
+                        new SymmetricBindingHandler(config, (SymmetricBinding)transport,
saaj,
                                                      secHeader, aim, message).handleBinding();
                     } else {
-                        new AsymmetricBindingHandler((AsymmetricBinding)transport, saaj,
+                        new AsymmetricBindingHandler(config, (AsymmetricBinding)transport,
saaj,
                                                      secHeader, aim, message).handleBinding();
                     }
                     

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java?rev=1080112&r1=1080111&r2=1080112&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
Thu Mar 10 02:41:25 2011
@@ -304,11 +304,15 @@ public class UsernameTokenInterceptor ex
     }
     protected WSSecUsernameToken addUsernameToken(SoapMessage message, UsernameToken token)
{
         String userName = (String)message.getContextualProperty(SecurityConstants.USERNAME);
-        
+        WSSConfig wssConfig = (WSSConfig)message.getContextualProperty(WSSConfig.class.getName());
+        if (wssConfig == null) {
+            wssConfig = WSSConfig.getNewInstance();
+        }
+
         if (!StringUtils.isEmpty(userName)) {
             // If NoPassword property is set we don't need to set the password
             if (token.isNoPassword()) {
-                WSSecUsernameToken utBuilder = new WSSecUsernameToken();
+                WSSecUsernameToken utBuilder = new WSSecUsernameToken(wssConfig);
                 utBuilder.setUserInfo(userName, null);
                 utBuilder.setPasswordType(null);
                 return utBuilder;
@@ -321,7 +325,7 @@ public class UsernameTokenInterceptor ex
             
             if (!StringUtils.isEmpty(password)) {
                 //If the password is available then build the token
-                WSSecUsernameToken utBuilder = new WSSecUsernameToken();
+                WSSecUsernameToken utBuilder = new WSSecUsernameToken(wssConfig);
                 if (token.isHashPassword()) {
                     utBuilder.setPasswordType(WSConstants.PASSWORD_DIGEST);  
                 } else {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1080112&r1=1080111&r2=1080112&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
Thu Mar 10 02:41:25 2011
@@ -176,6 +176,8 @@ public class WSS4JInInterceptor extends 
         boolean utWithCallbacks = 
             MessageUtils.getContextualBoolean(msg, SecurityConstants.VALIDATE_TOKEN, true);
         
+        RequestData reqData = new CXFRequestData();
+
         WSSConfig config = (WSSConfig)msg.getContextualProperty(WSSConfig.class.getName());

         WSSecurityEngine engine;
         if (config != null) {
@@ -183,7 +185,12 @@ public class WSS4JInInterceptor extends 
             engine.setWssConfig(config);
         } else {
             engine = getSecurityEngine(utWithCallbacks);
+            if (engine == null) {
+                engine = new WSSecurityEngine();
+            }
+            config = engine.getWssConfig();
         }
+        reqData.setWssConfig(config);
         
         SOAPMessage doc = getSOAPMessage(msg);
         
@@ -204,8 +211,6 @@ public class WSS4JInInterceptor extends 
             t0 = System.currentTimeMillis();
         }
 
-        RequestData reqData = new RequestData();
-        reqData.setWssConfig(engine.getWssConfig());
         /*
          * The overall try, just to have a finally at the end to perform some
          * housekeeping.
@@ -566,7 +571,7 @@ public class WSS4JInInterceptor extends 
             return createSecurityEngine(profiles);
         }
         
-        return secEngine;
+        return null;
     }
 
     /**
@@ -624,4 +629,43 @@ public class WSS4JInInterceptor extends 
         return fault;
     }
     
+    
+    static class CXFRequestData extends RequestData {
+        public CXFRequestData() {
+        }
+
+        public Validator getValidator(QName qName) throws WSSecurityException {
+            String key = null;
+            if (WSSecurityEngine.SAML_TOKEN.equals(qName)) {
+                key = SecurityConstants.SAML1_TOKEN_VALIDATOR;
+            } else if (WSSecurityEngine.SAML2_TOKEN.equals(qName)) {
+                key = SecurityConstants.SAML2_TOKEN_VALIDATOR;
+            } else if (WSSecurityEngine.USERNAME_TOKEN.equals(qName)) {
+                key = SecurityConstants.USERNAME_TOKEN_VALIDATOR;
+            } else if (WSSecurityEngine.SIGNATURE.equals(qName)) {
+                key = SecurityConstants.SIGNATURE_TOKEN_VALIDATOR;
+            } else if (WSSecurityEngine.TIMESTAMP.equals(qName)) {
+                key = SecurityConstants.TIMESTAMP_TOKEN_VALIDATOR;
+            } 
+            if (key != null) {
+                Object o = ((SoapMessage)this.getMsgContext()).getContextualProperty(key);
+                try {
+                    if (o instanceof Validator) {
+                        return (Validator)o;
+                    } else if (o instanceof Class) {
+                        return (Validator)((Class)o).newInstance();
+                    } else if (o instanceof String) {
+                        return (Validator)ClassLoaderUtils.loadClass(o.toString(),
+                                                                     WSS4JInInterceptor.class)
+                                                                     .newInstance();
+                    }
+                } catch (RuntimeException t) {
+                    throw t;
+                } catch (Throwable t) {
+                    throw new WSSecurityException(t.getMessage(), t);
+                }
+            }
+            return super.getValidator(qName);
+        }
+    };
 }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1080112&r1=1080111&r2=1080112&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
Thu Mar 10 02:41:25 2011
@@ -99,6 +99,7 @@ import org.apache.neethi.Assertion;
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSEncryptionPart;
 import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.WSSConfig;
 import org.apache.ws.security.WSSecurityEngineResult;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.WSUsernameTokenPrincipal;
@@ -129,6 +130,7 @@ public abstract class AbstractBindingBui
     protected SPConstants.ProtectionOrder protectionOrder = 
         SPConstants.ProtectionOrder.SignBeforeEncrypting;
     
+    protected final WSSConfig wssConfig;
     protected SOAPMessage saaj;
     protected WSSecHeader secHeader;
     protected AssertionInfoMap aim;
@@ -152,11 +154,14 @@ public abstract class AbstractBindingBui
     Element bottomUpElement;
     Element topDownElement;
     
-    public AbstractBindingBuilder(Binding binding,
+    public AbstractBindingBuilder(
+                           WSSConfig config,
+                           Binding binding,
                            SOAPMessage saaj,
                            WSSecHeader secHeader,
                            AssertionInfoMap aim,
                            SoapMessage message) {
+        this.wssConfig = config;
         this.binding = binding;
         this.aim = aim;
         this.secHeader = secHeader;
@@ -369,7 +374,8 @@ public abstract class AbstractBindingBui
             if (ttl <= 0) {
                 ttl = 300;
             }
-            timestampEl = new WSSecTimestamp();
+            timestampEl = new WSSecTimestamp(wssConfig);
+            timestampEl.setWsConfig(wssConfig);
             timestampEl.setTimeToLive(ttl);
             timestampEl.prepare(saaj.getSOAPPart());
             for (AssertionInfo ai : ais) {
@@ -482,9 +488,9 @@ public abstract class AbstractBindingBui
         
                 if (secToken.getX509Certificate() == null) {   
                     //Add the extracted token
-                    ret.put(token, new WSSecurityTokenHolder(secToken));
+                    ret.put(token, new WSSecurityTokenHolder(wssConfig, secToken));
                 } else {
-                    WSSecSignature sig = new WSSecSignature();                    
+                    WSSecSignature sig = new WSSecSignature(wssConfig);                 
  
                     sig.setX509Certificate(secToken.getX509Certificate());
                     sig.setCustomTokenId(secToken.getId());
                     sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
@@ -618,7 +624,7 @@ public abstract class AbstractBindingBui
         if (!StringUtils.isEmpty(userName)) {
             // If NoPassword property is set we don't need to set the password
             if (token.isNoPassword()) {
-                WSSecUsernameToken utBuilder = new WSSecUsernameToken();
+                WSSecUsernameToken utBuilder = new WSSecUsernameToken(wssConfig);
                 utBuilder.setUserInfo(userName, null);
                 utBuilder.setPasswordType(null);
                 info.setAsserted(true);
@@ -632,7 +638,7 @@ public abstract class AbstractBindingBui
             
             if (!StringUtils.isEmpty(password)) {
                 //If the password is available then build the token
-                WSSecUsernameToken utBuilder = new WSSecUsernameToken();
+                WSSecUsernameToken utBuilder = new WSSecUsernameToken(wssConfig);
                 if (token.isHashPassword()) {
                     utBuilder.setPasswordType(WSConstants.PASSWORD_DIGEST);  
                 } else {
@@ -1035,7 +1041,7 @@ public abstract class AbstractBindingBui
     
     protected WSSecEncryptedKey getEncryptedKeyBuilder(TokenWrapper wrapper, 
                                                        Token token) throws WSSecurityException
{
-        WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
+        WSSecEncryptedKey encrKey = new WSSecEncryptedKey(wssConfig);
         Crypto crypto = getEncryptionCrypto(wrapper);
         message.getExchange().put(SecurityConstants.ENCRYPT_CRYPTO, crypto);
         setKeyIdentifierType(encrKey, wrapper, token);
@@ -1289,7 +1295,7 @@ public abstract class AbstractBindingBui
     protected WSSecSignature getSignatureBuilder(
         TokenWrapper wrapper, Token token, boolean attached, boolean endorse
     ) {
-        WSSecSignature sig = new WSSecSignature();
+        WSSecSignature sig = new WSSecSignature(wssConfig);
         checkForX509PkiPath(sig, token);
         if (token instanceof IssuedToken) {
             policyAsserted(token);
@@ -1368,7 +1374,7 @@ public abstract class AbstractBindingBui
         sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature());
         sig.setDigestAlgo(binding.getAlgorithmSuite().getDigest());
         sig.setSigCanonicalization(binding.getAlgorithmSuite().getInclusiveC14n());
-        
+        sig.setWsConfig(wssConfig);
         try {
             sig.prepare(saaj.getSOAPPart(), crypto, secHeader);
         } catch (WSSecurityException e) {
@@ -1435,7 +1441,7 @@ public abstract class AbstractBindingBui
         throws WSSecurityException, ConversationException {
         
         Document doc = saaj.getSOAPPart();
-        WSSecDKSign dkSign = new WSSecDKSign();  
+        WSSecDKSign dkSign = new WSSecDKSign(wssConfig);  
         
         //Check whether it is security policy 1.2 and use the secure conversation accordingly
         if (SP12Constants.INSTANCE == policyToken.getSPConstants()) {
@@ -1518,7 +1524,7 @@ public abstract class AbstractBindingBui
         throws WSSecurityException, ConversationException {
         
         Document doc = saaj.getSOAPPart();
-        WSSecSignature sig = new WSSecSignature();
+        WSSecSignature sig = new WSSecSignature(wssConfig);
         // If a EncryptedKeyToken is used, set the correct value type to
         // be used in the wsse:Reference in ds:KeyInfo
         if (policyToken instanceof X509Token) {
@@ -1676,7 +1682,7 @@ public abstract class AbstractBindingBui
         }
         
         // prepare a SignatureConfirmation token
-        WSSecSignatureConfirmation wsc = new WSSecSignatureConfirmation();
+        WSSecSignatureConfirmation wsc = new WSSecSignatureConfirmation(wssConfig);
         if (signatureActions.size() > 0) {
             for (WSSecurityEngineResult wsr : signatureActions) {
                 byte[] sigVal = (byte[]) wsr.get(WSSecurityEngineResult.TAG_SIGNATURE_VALUE);

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java?rev=1080112&r1=1080111&r2=1080112&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
Thu Mar 10 02:41:25 2011
@@ -48,6 +48,7 @@ import org.apache.cxf.ws.security.policy
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSSConfig;
 import org.apache.ws.security.WSSecurityEngineResult;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.components.crypto.Crypto;
@@ -75,12 +76,13 @@ public class AsymmetricBindingHandler ex
     private String encryptedKeyId;
     private byte[] encryptedKeyValue;
     
-    public AsymmetricBindingHandler(AsymmetricBinding binding,
+    public AsymmetricBindingHandler(WSSConfig config,
+                                    AsymmetricBinding binding,
                                     SOAPMessage saaj,
                                     WSSecHeader secHeader,
                                     AssertionInfoMap aim,
                                     SoapMessage message) {
-        super(binding, saaj, secHeader, aim, message);
+        super(config, binding, saaj, secHeader, aim, message);
         this.abinding = binding;
         protectionOrder = binding.getProtectionOrder();
     }
@@ -320,7 +322,7 @@ public class AsymmetricBindingHandler ex
             AlgorithmSuite algorithmSuite = abinding.getAlgorithmSuite();
             if (encrToken.isDerivedKeys()) {
                 try {
-                    WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();
+                    WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(wssConfig);
                     
                     if (encrKey == null) {
                         setupEncryptedKey(recToken, encrToken);
@@ -343,7 +345,7 @@ public class AsymmetricBindingHandler ex
                 }
             } else {
                 try {
-                    WSSecEncrypt encr = new WSSecEncrypt();
+                    WSSecEncrypt encr = new WSSecEncrypt(wssConfig);
                     
                     encr.setDocument(saaj.getSOAPPart());
                     Crypto crypto = getEncryptionCrypto(recToken);
@@ -362,7 +364,6 @@ public class AsymmetricBindingHandler ex
                     }
                     encr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
                     encr.setKeyEncAlgo(algorithmSuite.getAsymmetricKeyWrap());
-                    
                     encr.prepare(saaj.getSOAPPart(), crypto);
                     
                     if (encr.getBSTTokenId() != null) {
@@ -425,7 +426,7 @@ public class AsymmetricBindingHandler ex
             // Set up the encrypted key to use
             setupEncryptedKey(wrapper, sigToken);
             
-            WSSecDKSign dkSign = new WSSecDKSign();
+            WSSecDKSign dkSign = new WSSecDKSign(wssConfig);
             dkSign.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
 
             // Set the algo info

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=1080112&r1=1080111&r2=1080112&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
Thu Mar 10 02:41:25 2011
@@ -49,6 +49,7 @@ import org.apache.cxf.ws.security.tokens
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSSConfig;
 import org.apache.ws.security.WSSecurityEngineResult;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.components.crypto.Crypto;
@@ -75,12 +76,13 @@ public class SymmetricBindingHandler ext
     SymmetricBinding sbinding;
     TokenStore tokenStore;
     
-    public SymmetricBindingHandler(SymmetricBinding binding,
+    public SymmetricBindingHandler(WSSConfig config, 
+                                   SymmetricBinding binding,
                                     SOAPMessage saaj,
                                     WSSecHeader secHeader,
                                     AssertionInfoMap aim,
                                     SoapMessage message) {
-        super(binding, saaj, secHeader, aim, message);
+        super(config, binding, saaj, secHeader, aim, message);
         this.sbinding = binding;
         tokenStore = getTokenStore();
         protectionOrder = binding.getProtectionOrder();
@@ -392,7 +394,7 @@ public class SymmetricBindingHandler ext
                                           List<WSEncryptionPart> encrParts,
                                           boolean atEnd) {
         try {
-            WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();
+            WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(wssConfig);
             if (recToken.getToken().getSPConstants() == SP12Constants.INSTANCE) {
                 dkEncr.setWscVersion(ConversationConstants.VERSION_05_12);
             }
@@ -478,7 +480,7 @@ public class SymmetricBindingHandler ext
                                            attached, encrParts, atEnd);
             } else {
                 try {
-                    WSSecEncrypt encr = new WSSecEncrypt();
+                    WSSecEncrypt encr = new WSSecEncrypt(wssConfig);
                     String encrTokId = encrTok.getId();
                     if (attached) {
                         encrTokId = encrTok.getWsuId();
@@ -558,7 +560,7 @@ public class SymmetricBindingHandler ext
                                SecurityToken tok,
                                boolean included) throws WSSecurityException {
         Document doc = saaj.getSOAPPart();
-        WSSecDKSign dkSign = new WSSecDKSign();
+        WSSecDKSign dkSign = new WSSecDKSign(wssConfig);
         if (policyTokenWrapper.getToken().getSPConstants() == SP12Constants.INSTANCE) {
             dkSign.setWscVersion(ConversationConstants.VERSION_05_12);
         }
@@ -659,7 +661,8 @@ public class SymmetricBindingHandler ext
         if (policyToken.isDerivedKeys()) {
             return doSignatureDK(sigs, policyTokenWrapper, policyToken, tok, included);
         } else {
-            WSSecSignature sig = new WSSecSignature();
+            WSSecSignature sig = new WSSecSignature(wssConfig);
+            sig.setWsConfig(wssConfig);
             // If a EncryptedKeyToken is used, set the correct value type to
             // be used in the wsse:Reference in ds:KeyInfo
             int type = included ? WSConstants.CUSTOM_SYMM_SIGNING 

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=1080112&r1=1080111&r2=1080112&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
Thu Mar 10 02:41:25 2011
@@ -54,6 +54,7 @@ import org.apache.cxf.ws.security.tokens
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSEncryptionPart;
 import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.WSSConfig;
 import org.apache.ws.security.components.crypto.Crypto;
 import org.apache.ws.security.conversation.ConversationConstants;
 import org.apache.ws.security.message.WSSecDKSign;
@@ -69,12 +70,13 @@ import org.apache.ws.security.message.WS
 public class TransportBindingHandler extends AbstractBindingBuilder {
     TransportBinding tbinding;
     
-    public TransportBindingHandler(TransportBinding binding,
+    public TransportBindingHandler(WSSConfig config,
+                                   TransportBinding binding,
                                     SOAPMessage saaj,
                                     WSSecHeader secHeader,
                                     AssertionInfoMap aim,
                                     SoapMessage message) {
-        super(binding, saaj, secHeader, aim, message);
+        super(config, binding, saaj, secHeader, aim, message);
         this.tbinding = binding;
     }
     
@@ -277,7 +279,7 @@ public class TransportBindingHandler ext
             }
             encrKey.appendToHeader(secHeader);
             
-            WSSecDKSign dkSig = new WSSecDKSign();
+            WSSecDKSign dkSig = new WSSecDKSign(wssConfig);
             
             dkSig.setSigCanonicalization(binding.getAlgorithmSuite().getInclusiveC14n());
             dkSig.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature());
@@ -385,7 +387,7 @@ public class TransportBindingHandler ext
         AlgorithmSuite algorithmSuite = tbinding.getAlgorithmSuite();
         if (token.isDerivedKeys()) {
             //Do Signature with derived keys
-            WSSecDKSign dkSign = new WSSecDKSign();
+            WSSecDKSign dkSign = new WSSecDKSign(wssConfig);
           
             //Setting the AttachedReference or the UnattachedReference according to the flag
             Element ref;
@@ -419,7 +421,7 @@ public class TransportBindingHandler ext
           
             return dkSign.getSignatureValue();
         } else {
-            WSSecSignature sig = new WSSecSignature();
+            WSSecSignature sig = new WSSecSignature(wssConfig);
             if (secTok.getTokenType() == null) {
                 sig.setCustomTokenId(secTok.getId());
                 // TODO Add support for SAML2 here

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/WSSecurityTokenHolder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/WSSecurityTokenHolder.java?rev=1080112&r1=1080111&r2=1080112&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/WSSecurityTokenHolder.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/WSSecurityTokenHolder.java
Thu Mar 10 02:41:25 2011
@@ -20,6 +20,7 @@
 package org.apache.cxf.ws.security.wss4j.policyhandlers;
 
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.ws.security.WSSConfig;
 import org.apache.ws.security.message.WSSecBase;
 
 /**
@@ -28,8 +29,8 @@ import org.apache.ws.security.message.WS
 public class WSSecurityTokenHolder extends WSSecBase {
     SecurityToken token;
     
-    public WSSecurityTokenHolder(SecurityToken t) {
-        super();
+    public WSSecurityTokenHolder(WSSConfig config, SecurityToken t) {
+        super(config);
         token = t;
     }
     



Mime
View raw message