cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1205884 - in /cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j: ./ policyvalidators/
Date Thu, 24 Nov 2011 15:33:22 GMT
Author: coheigea
Date: Thu Nov 24 15:33:21 2011
New Revision: 1205884

URL: http://svn.apache.org/viewvc?rev=1205884&view=rev
Log:
Finished sec-pol refactoring.

Added:
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SupportingTokenPolicyValidator.java
Modified:
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=1205884&r1=1205883&r2=1205884&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
Thu Nov 24 15:33:21 2011
@@ -76,6 +76,7 @@ import org.apache.cxf.ws.security.wss4j.
 import org.apache.cxf.ws.security.wss4j.policyvalidators.SignedEndorsingEncryptedTokenPolicyValidator;
 import org.apache.cxf.ws.security.wss4j.policyvalidators.SignedEndorsingTokenPolicyValidator;
 import org.apache.cxf.ws.security.wss4j.policyvalidators.SignedTokenPolicyValidator;
+import org.apache.cxf.ws.security.wss4j.policyvalidators.SupportingTokenPolicyValidator;
 import org.apache.cxf.ws.security.wss4j.policyvalidators.SymmetricBindingPolicyValidator;
 import org.apache.cxf.ws.security.wss4j.policyvalidators.TokenPolicyValidator;
 import org.apache.cxf.ws.security.wss4j.policyvalidators.TransportBindingPolicyValidator;
@@ -88,6 +89,7 @@ import org.apache.ws.security.WSSecurity
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.handler.RequestData;
 import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.message.token.Timestamp;
 import org.apache.ws.security.util.WSSecurityUtil;
 
 /**
@@ -462,7 +464,10 @@ public class PolicyBasedWSS4JInIntercept
         }
 
         if (check) {
-            check = checkSupportingTokenCoverage(aim, msg, results, signedResults, utWithCallbacks);
+            check = 
+                checkSupportingTokenCoverage(
+                    aim, msg, results, signedResults, encryptResults, utWithCallbacks
+                );
         }
         
         // The supporting tokens are already validated
@@ -585,11 +590,10 @@ public class PolicyBasedWSS4JInIntercept
         AssertionInfoMap aim,
         SoapMessage msg,
         List<WSSecurityEngineResult> results, 
-        List<WSSecurityEngineResult> signedResults, 
+        List<WSSecurityEngineResult> signedResults,
+        List<WSSecurityEngineResult> encryptedResults,
         boolean utWithCallbacks
     ) {
-        boolean check = true;
-        
         List<WSSecurityEngineResult> utResults = new ArrayList<WSSecurityEngineResult>();
         WSSecurityUtil.fetchAllActionResults(results, WSConstants.UT, utResults);
         WSSecurityUtil.fetchAllActionResults(results, WSConstants.UT_NOPASSWORD, utResults);
@@ -598,37 +602,57 @@ public class PolicyBasedWSS4JInIntercept
         WSSecurityUtil.fetchAllActionResults(results, WSConstants.ST_SIGNED, samlResults);
         WSSecurityUtil.fetchAllActionResults(results, WSConstants.ST_UNSIGNED, samlResults);
         
-        SignedTokenPolicyValidator suppValidator = 
-            new SignedTokenPolicyValidator(msg, results, signedResults);
-        suppValidator.setValidateUsernameToken(utWithCallbacks);
-        check &= suppValidator.validatePolicy(aim);
-
-        EndorsingTokenPolicyValidator endorsingValidator = 
-            new EndorsingTokenPolicyValidator(msg, results, signedResults);
-        check &= endorsingValidator.validatePolicy(aim);
-
-        SignedEndorsingTokenPolicyValidator signedEdorsingValidator = 
-            new SignedEndorsingTokenPolicyValidator(msg, results, signedResults);
-        check &= signedEdorsingValidator.validatePolicy(aim);
-
-        SignedEncryptedTokenPolicyValidator signedEncryptedValidator = 
-            new SignedEncryptedTokenPolicyValidator(msg, results, signedResults);
-        signedEncryptedValidator.setValidateUsernameToken(utWithCallbacks);
-        check &= signedEncryptedValidator.validatePolicy(aim);
-
-        EncryptedTokenPolicyValidator encryptedValidator = 
-            new EncryptedTokenPolicyValidator(msg, results, signedResults);
-        encryptedValidator.setValidateUsernameToken(utWithCallbacks);
-        check &= encryptedValidator.validatePolicy(aim);
-
-        EndorsingEncryptedTokenPolicyValidator endorsingEncryptedValidator = 
-            new EndorsingEncryptedTokenPolicyValidator(msg, results, signedResults);
-        endorsingEncryptedValidator.setValidateUsernameToken(utWithCallbacks);
-        check &= endorsingEncryptedValidator.validatePolicy(aim);
-
-        SignedEndorsingEncryptedTokenPolicyValidator signedEndorsingEncryptedValidator =

-            new SignedEndorsingEncryptedTokenPolicyValidator(msg, results, signedResults);
-        check &= signedEndorsingEncryptedValidator.validatePolicy(aim);
+        // Store the timestamp element
+        WSSecurityEngineResult tsResult = WSSecurityUtil.fetchActionResult(results, WSConstants.TS);
+        Element timestamp = null;
+        if (tsResult != null) {
+            Timestamp ts = (Timestamp)tsResult.get(WSSecurityEngineResult.TAG_TIMESTAMP);
+            timestamp = ts.getElement();
+        }
+        
+        boolean check = true;
+        
+        SupportingTokenPolicyValidator validator = new SignedTokenPolicyValidator();
+        validator.setUsernameTokenResults(utResults, utWithCallbacks);
+        validator.setSAMLTokenResults(samlResults);
+        validator.setTimestampElement(timestamp);
+        check &= validator.validatePolicy(aim, msg, results, signedResults, encryptedResults);
+
+        validator = new EndorsingTokenPolicyValidator();
+        validator.setUsernameTokenResults(utResults, utWithCallbacks);
+        validator.setSAMLTokenResults(samlResults);
+        validator.setTimestampElement(timestamp);
+        check &= validator.validatePolicy(aim, msg, results, signedResults, encryptedResults);
+
+        validator = new SignedEndorsingTokenPolicyValidator();
+        validator.setUsernameTokenResults(utResults, utWithCallbacks);
+        validator.setSAMLTokenResults(samlResults);
+        validator.setTimestampElement(timestamp);
+        check &= validator.validatePolicy(aim, msg, results, signedResults, encryptedResults);
+
+        validator = new SignedEncryptedTokenPolicyValidator();
+        validator.setUsernameTokenResults(utResults, utWithCallbacks);
+        validator.setSAMLTokenResults(samlResults);
+        validator.setTimestampElement(timestamp);
+        check &= validator.validatePolicy(aim, msg, results, signedResults, encryptedResults);
+
+        validator = new EncryptedTokenPolicyValidator();
+        validator.setUsernameTokenResults(utResults, utWithCallbacks);
+        validator.setSAMLTokenResults(samlResults);
+        validator.setTimestampElement(timestamp);
+        check &= validator.validatePolicy(aim, msg, results, signedResults, encryptedResults);
+
+        validator = new EndorsingEncryptedTokenPolicyValidator();
+        validator.setUsernameTokenResults(utResults, utWithCallbacks);
+        validator.setSAMLTokenResults(samlResults);
+        validator.setTimestampElement(timestamp);
+        check &= validator.validatePolicy(aim, msg, results, signedResults, encryptedResults);
+
+        validator = new SignedEndorsingEncryptedTokenPolicyValidator();
+        validator.setUsernameTokenResults(utResults, utWithCallbacks);
+        validator.setSAMLTokenResults(samlResults);
+        validator.setTimestampElement(timestamp);
+        check &= validator.validatePolicy(aim, msg, results, signedResults, encryptedResults);
         
         return check;
     }

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java?rev=1205884&r1=1205883&r2=1205884&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
Thu Nov 24 15:33:21 2011
@@ -38,63 +38,68 @@ import org.apache.ws.security.WSSecurity
 import org.apache.ws.security.message.token.BinarySecurity;
 import org.apache.ws.security.message.token.KerberosSecurity;
 import org.apache.ws.security.message.token.PKIPathSecurity;
-import org.apache.ws.security.message.token.Timestamp;
 import org.apache.ws.security.message.token.X509Security;
 import org.apache.ws.security.saml.SAMLKeyInfo;
 import org.apache.ws.security.saml.ext.AssertionWrapper;
-import org.apache.ws.security.util.WSSecurityUtil;
 
 /**
  * A base class to use to validate various SupportingToken policies.
  */
-public abstract class AbstractSupportingTokenPolicyValidator extends AbstractTokenPolicyValidator
{
+public abstract class AbstractSupportingTokenPolicyValidator 
+    extends AbstractTokenPolicyValidator implements SupportingTokenPolicyValidator {
     
-    protected Message message;
-    protected List<WSSecurityEngineResult> results;
-    protected List<WSSecurityEngineResult> signedResults;
-    protected List<WSSecurityEngineResult> encryptedResults;
-    protected boolean tls;
-    protected boolean validateUsernameToken = true;
-    protected Element timestamp;
+    private Message message;
+    private List<WSSecurityEngineResult> results;
+    private List<WSSecurityEngineResult> signedResults;
+    private List<WSSecurityEngineResult> encryptedResults;
+    private List<WSSecurityEngineResult> utResults;
+    private List<WSSecurityEngineResult> samlResults;
+    private boolean validateUsernameToken = true;
+    private Element timestamp;
     private boolean signed;
     private boolean encrypted;
     private boolean derived;
     private boolean endorsed;
 
-    public AbstractSupportingTokenPolicyValidator(
-        Message message,
-        List<WSSecurityEngineResult> results,
-        List<WSSecurityEngineResult> signedResults
+    /**
+     * Set the list of UsernameToken results
+     */
+    public void setUsernameTokenResults(
+        List<WSSecurityEngineResult> utResultsList,
+        boolean valUsernameToken
     ) {
-        this.message = message;
+        utResults = utResultsList;
+        validateUsernameToken = valUsernameToken;
+    }
+    
+    /**
+     * Set the list of SAMLToken results
+     */
+    public void setSAMLTokenResults(List<WSSecurityEngineResult> samlResultsList) {
+        samlResults = samlResultsList;
+    }
+    
+    /**
+     * Set the Timestamp element
+     */
+    public void setTimestampElement(Element timestampElement) {
+        timestamp = timestampElement;
+    }
+    
+    public void setMessage(Message msg) {
+        message = msg;
+    }
+    
+    public void setResults(List<WSSecurityEngineResult> results) {
         this.results = results;
+    }
+    
+    public void setSignedResults(List<WSSecurityEngineResult> signedResults) {
         this.signedResults = signedResults;
-        
-        // Store the timestamp element
-        WSSecurityEngineResult tsResult = WSSecurityUtil.fetchActionResult(results, WSConstants.TS);
-        if (tsResult != null) {
-            Timestamp ts = (Timestamp)tsResult.get(WSSecurityEngineResult.TAG_TIMESTAMP);
-            timestamp = ts.getElement();
-        }
-        
-        // Store the encryption results
-        encryptedResults = new ArrayList<WSSecurityEngineResult>();
-        for (WSSecurityEngineResult result : results) {
-            Integer actInt = (Integer)result.get(WSSecurityEngineResult.TAG_ACTION);
-            if (actInt.intValue() == WSConstants.ENCR) {
-                encryptedResults.add(result);
-            }
-        }
-        
-        // See whether TLS is in use or not
-        TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);
-        if (tlsInfo != null) {
-            tls = true;
-        }
     }
     
-    public void setValidateUsernameToken(boolean validateUsernameToken) {
-        this.validateUsernameToken = validateUsernameToken;
+    public void setEncryptedResults(List<WSSecurityEngineResult> encryptedResults)
{
+        this.encryptedResults = encryptedResults;
     }
     
     public void setSigned(boolean signed) {
@@ -120,18 +125,14 @@ public abstract class AbstractSupporting
         if (!validateUsernameToken) {
             return true;
         }
-        List<WSSecurityEngineResult> tokenResults = new ArrayList<WSSecurityEngineResult>();
-        WSSecurityUtil.fetchAllActionResults(results, WSConstants.UT, tokenResults);
-        WSSecurityUtil.fetchAllActionResults(results, WSConstants.UT_NOPASSWORD, tokenResults);
-        
-        if (tokenResults.isEmpty()) {
+        if (utResults.isEmpty()) {
             return false;
         }
         
-        if (signed && !areTokensSigned(tokenResults)) {
+        if (signed && !areTokensSigned(utResults)) {
             return false;
         }
-        if (encrypted && !areTokensEncrypted(tokenResults)) {
+        if (encrypted && !areTokensEncrypted(utResults)) {
             return false;
         }
         return true;
@@ -142,21 +143,17 @@ public abstract class AbstractSupporting
      * Process SAML Tokens. Only SignedSupportingTokens are currently enforced.
      */
     protected boolean processSAMLTokens() {
-        List<WSSecurityEngineResult> tokenResults = new ArrayList<WSSecurityEngineResult>();
-        WSSecurityUtil.fetchAllActionResults(results, WSConstants.ST_SIGNED, tokenResults);
-        WSSecurityUtil.fetchAllActionResults(results, WSConstants.ST_UNSIGNED, tokenResults);
-        
-        if (tokenResults.isEmpty()) {
+        if (samlResults.isEmpty()) {
             return false;
         }
         
-        if (signed && !areTokensSigned(tokenResults)) {
+        if (signed && !areTokensSigned(samlResults)) {
             return false;
         }
-        if (encrypted && !areTokensEncrypted(tokenResults)) {
+        if (encrypted && !areTokensEncrypted(samlResults)) {
             return false;
         }
-        if (endorsed && !checkEndorsed(tokenResults)) {
+        if (endorsed && !checkEndorsed(samlResults)) {
             return false;
         }
         return true;
@@ -336,13 +333,22 @@ public abstract class AbstractSupporting
         return null;
     }
     
+    private boolean isTLSInUse() {
+        // See whether TLS is in use or not
+        TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);
+        if (tlsInfo != null) {
+            return true;
+        }
+        return false;
+    }
+    
     /**
      * Check the endorsing supporting token policy. If we're using the Transport Binding
then
      * check that the Timestamp is signed. Otherwise, check that the signature is signed.
      * @return true if the endorsed supporting token policy is correct
      */
     private boolean checkEndorsed(List<WSSecurityEngineResult> tokenResults) {
-        if (tls) {
+        if (isTLSInUse()) {
             return checkTimestampIsSigned(tokenResults);
         }
         return checkSignatureIsSigned(tokenResults);
@@ -353,13 +359,12 @@ public abstract class AbstractSupporting
      * Return true if a list of tokens were signed, false otherwise.
      */
     private boolean areTokensSigned(List<WSSecurityEngineResult> tokens) {
-        if (tls) {
-            return true;
-        }
-        for (WSSecurityEngineResult wser : tokens) {
-            Element tokenElement = (Element)wser.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
-            if (!isTokenSigned(tokenElement)) {
-                return false;
+        if (!isTLSInUse()) {
+            for (WSSecurityEngineResult wser : tokens) {
+                Element tokenElement = (Element)wser.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
+                if (!isTokenSigned(tokenElement)) {
+                    return false;
+                }
             }
         }
         return true;
@@ -369,13 +374,12 @@ public abstract class AbstractSupporting
      * Return true if a list of tokens were encrypted, false otherwise.
      */
     private boolean areTokensEncrypted(List<WSSecurityEngineResult> tokens) {
-        if (tls) {
-            return true;
-        }
-        for (WSSecurityEngineResult wser : tokens) {
-            Element tokenElement = (Element)wser.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
-            if (!isTokenEncrypted(tokenElement)) {
-                return false;
+        if (!isTLSInUse()) {
+            for (WSSecurityEngineResult wser : tokens) {
+                Element tokenElement = (Element)wser.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
+                if (!isTokenEncrypted(tokenElement)) {
+                    return false;
+                }
             }
         }
         return true;

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java?rev=1205884&r1=1205883&r2=1205884&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java
Thu Nov 24 15:33:21 2011
@@ -42,21 +42,26 @@ import org.apache.ws.security.WSSecurity
  */
 public class EncryptedTokenPolicyValidator extends AbstractSupportingTokenPolicyValidator
{
     
-    public EncryptedTokenPolicyValidator(
-        Message message,
-        List<WSSecurityEngineResult> results,
-        List<WSSecurityEngineResult> signedResults
-    ) {
-        super(message, results, signedResults);
+    public EncryptedTokenPolicyValidator() {
+        setEncrypted(true);
     }
     
     public boolean validatePolicy(
-        AssertionInfoMap aim
+        AssertionInfoMap aim, 
+        Message message,
+        List<WSSecurityEngineResult> results,
+        List<WSSecurityEngineResult> signedResults,
+        List<WSSecurityEngineResult> encryptedResults
     ) {
         Collection<AssertionInfo> ais = aim.get(SP12Constants.ENCRYPTED_SUPPORTING_TOKENS);
         if (ais == null || ais.isEmpty()) {                       
             return true;
         }
+        
+        setMessage(message);
+        setResults(results);
+        setSignedResults(signedResults);
+        setEncryptedResults(encryptedResults);
 
         for (AssertionInfo ai : ais) {
             SupportingToken binding = (SupportingToken)ai.getAssertion();
@@ -64,8 +69,6 @@ public class EncryptedTokenPolicyValidat
                 continue;
             }
             ai.setAsserted(true);
-            setSigned(false);
-            setEncrypted(true);
 
             List<Token> tokens = binding.getTokens();
             for (Token token : tokens) {

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java?rev=1205884&r1=1205883&r2=1205884&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java
Thu Nov 24 15:33:21 2011
@@ -41,21 +41,27 @@ import org.apache.ws.security.WSSecurity
  */
 public class EndorsingEncryptedTokenPolicyValidator extends AbstractSupportingTokenPolicyValidator
{
     
-    public EndorsingEncryptedTokenPolicyValidator(
-        Message message,
-        List<WSSecurityEngineResult> results,
-        List<WSSecurityEngineResult> signedResults
-    ) {
-        super(message, results, signedResults);
+    public EndorsingEncryptedTokenPolicyValidator() {
+        setEndorsed(true);
+        setEncrypted(true);
     }
     
     public boolean validatePolicy(
-        AssertionInfoMap aim
+        AssertionInfoMap aim, 
+        Message message,
+        List<WSSecurityEngineResult> results,
+        List<WSSecurityEngineResult> signedResults,
+        List<WSSecurityEngineResult> encryptedResults
     ) {
         Collection<AssertionInfo> ais = aim.get(SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
         if (ais == null || ais.isEmpty()) {                       
             return true;
         }
+        
+        setMessage(message);
+        setResults(results);
+        setSignedResults(signedResults);
+        setEncryptedResults(encryptedResults);
 
         for (AssertionInfo ai : ais) {
             SupportingToken binding = (SupportingToken)ai.getAssertion();
@@ -64,8 +70,6 @@ public class EndorsingEncryptedTokenPoli
                 continue;
             }
             ai.setAsserted(true);
-            setEndorsed(true);
-            setEncrypted(true);
 
             List<Token> tokens = binding.getTokens();
             for (Token token : tokens) {

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java?rev=1205884&r1=1205883&r2=1205884&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java
Thu Nov 24 15:33:21 2011
@@ -41,21 +41,27 @@ import org.apache.ws.security.WSSecurity
  */
 public class EndorsingTokenPolicyValidator extends AbstractSupportingTokenPolicyValidator
{
     
-    public EndorsingTokenPolicyValidator(
-        Message message,
-        List<WSSecurityEngineResult> results,
-        List<WSSecurityEngineResult> signedResults
-    ) {
-        super(message, results, signedResults);
+    public EndorsingTokenPolicyValidator() {
+        setEndorsed(true);
     }
     
+    
     public boolean validatePolicy(
-        AssertionInfoMap aim
+        AssertionInfoMap aim, 
+        Message message,
+        List<WSSecurityEngineResult> results,
+        List<WSSecurityEngineResult> signedResults,
+        List<WSSecurityEngineResult> encryptedResults
     ) {
         Collection<AssertionInfo> ais = aim.get(SP12Constants.ENDORSING_SUPPORTING_TOKENS);
         if (ais == null || ais.isEmpty()) {                       
             return true;
         }
+        
+        setMessage(message);
+        setResults(results);
+        setSignedResults(signedResults);
+        setEncryptedResults(encryptedResults);
 
         for (AssertionInfo ai : ais) {
             SupportingToken binding = (SupportingToken)ai.getAssertion();
@@ -63,7 +69,6 @@ public class EndorsingTokenPolicyValidat
                 continue;
             }
             ai.setAsserted(true);
-            setEndorsed(true);
 
             List<Token> tokens = binding.getTokens();
             for (Token token : tokens) {

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java?rev=1205884&r1=1205883&r2=1205884&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java
Thu Nov 24 15:33:21 2011
@@ -42,30 +42,34 @@ import org.apache.ws.security.WSSecurity
  */
 public class SignedEncryptedTokenPolicyValidator extends AbstractSupportingTokenPolicyValidator
{
     
-    public SignedEncryptedTokenPolicyValidator(
-        Message message,
-        List<WSSecurityEngineResult> results,
-        List<WSSecurityEngineResult> signedResults
-    ) {
-        super(message, results, signedResults);
+    public SignedEncryptedTokenPolicyValidator() {
+        setSigned(true);
+        setEncrypted(true);
     }
     
     public boolean validatePolicy(
-        AssertionInfoMap aim
+        AssertionInfoMap aim, 
+        Message message,
+        List<WSSecurityEngineResult> results,
+        List<WSSecurityEngineResult> signedResults,
+        List<WSSecurityEngineResult> encryptedResults
     ) {
         Collection<AssertionInfo> ais = aim.get(SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
         if (ais == null || ais.isEmpty()) {                       
             return true;
         }
 
+        setMessage(message);
+        setResults(results);
+        setSignedResults(signedResults);
+        setEncryptedResults(encryptedResults);
+        
         for (AssertionInfo ai : ais) {
             SupportingToken binding = (SupportingToken)ai.getAssertion();
             if (SPConstants.SupportTokenType.SUPPORTING_TOKEN_SIGNED_ENCRYPTED != binding.getTokenType())
{
                 continue;
             }
             ai.setAsserted(true);
-            setSigned(true);
-            setEncrypted(true);
 
             List<Token> tokens = binding.getTokens();
             for (Token token : tokens) {

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java?rev=1205884&r1=1205883&r2=1205884&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java
Thu Nov 24 15:33:21 2011
@@ -40,22 +40,29 @@ import org.apache.ws.security.WSSecurity
  */
 public class SignedEndorsingEncryptedTokenPolicyValidator extends AbstractSupportingTokenPolicyValidator
{
     
-    public SignedEndorsingEncryptedTokenPolicyValidator(
-        Message message,
-        List<WSSecurityEngineResult> results,
-        List<WSSecurityEngineResult> signedResults
-    ) {
-        super(message, results, signedResults);
+    public SignedEndorsingEncryptedTokenPolicyValidator() {
+        setSigned(true);
+        setEndorsed(true);
+        setEncrypted(true);
     }
     
     public boolean validatePolicy(
-        AssertionInfoMap aim
+        AssertionInfoMap aim, 
+        Message message,
+        List<WSSecurityEngineResult> results,
+        List<WSSecurityEngineResult> signedResults,
+        List<WSSecurityEngineResult> encryptedResults
     ) {
         Collection<AssertionInfo> ais = aim.get(SP12Constants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
         if (ais == null || ais.isEmpty()) {                       
             return true;
         }
 
+        setMessage(message);
+        setResults(results);
+        setSignedResults(signedResults);
+        setEncryptedResults(encryptedResults);
+        
         for (AssertionInfo ai : ais) {
             SupportingToken binding = (SupportingToken)ai.getAssertion();
             if (SPConstants.SupportTokenType.SUPPORTING_TOKEN_SIGNED_ENDORSING_ENCRYPTED

@@ -63,9 +70,6 @@ public class SignedEndorsingEncryptedTok
                 continue;
             }
             ai.setAsserted(true);
-            setSigned(true);
-            setEndorsed(true);
-            setEncrypted(true);
 
             List<Token> tokens = binding.getTokens();
             for (Token token : tokens) {

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java?rev=1205884&r1=1205883&r2=1205884&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java
Thu Nov 24 15:33:21 2011
@@ -40,21 +40,27 @@ import org.apache.ws.security.WSSecurity
  */
 public class SignedEndorsingTokenPolicyValidator extends AbstractSupportingTokenPolicyValidator
{
     
-    public SignedEndorsingTokenPolicyValidator(
-        Message message,
-        List<WSSecurityEngineResult> results,
-        List<WSSecurityEngineResult> signedResults
-    ) {
-        super(message, results, signedResults);
+    public SignedEndorsingTokenPolicyValidator() {
+        setSigned(true);
+        setEndorsed(true);
     }
     
     public boolean validatePolicy(
-        AssertionInfoMap aim
+        AssertionInfoMap aim, 
+        Message message,
+        List<WSSecurityEngineResult> results,
+        List<WSSecurityEngineResult> signedResults,
+        List<WSSecurityEngineResult> encryptedResults
     ) {
         Collection<AssertionInfo> ais = aim.get(SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
         if (ais == null || ais.isEmpty()) {                       
             return true;
         }
+        
+        setMessage(message);
+        setResults(results);
+        setSignedResults(signedResults);
+        setEncryptedResults(encryptedResults);
 
         for (AssertionInfo ai : ais) {
             SupportingToken binding = (SupportingToken)ai.getAssertion();
@@ -62,8 +68,6 @@ public class SignedEndorsingTokenPolicyV
                 continue;
             }
             ai.setAsserted(true);
-            setSigned(true);
-            setEndorsed(true);
 
             List<Token> tokens = binding.getTokens();
             for (Token token : tokens) {

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java?rev=1205884&r1=1205883&r2=1205884&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java
Thu Nov 24 15:33:21 2011
@@ -42,29 +42,33 @@ import org.apache.ws.security.WSSecurity
  */
 public class SignedTokenPolicyValidator extends AbstractSupportingTokenPolicyValidator {
     
-    public SignedTokenPolicyValidator(
-        Message message,
-        List<WSSecurityEngineResult> results,
-        List<WSSecurityEngineResult> signedResults
-    ) {
-        super(message, results, signedResults);
+    public SignedTokenPolicyValidator() {
+        setSigned(true);
     }
     
     public boolean validatePolicy(
-        AssertionInfoMap aim
+        AssertionInfoMap aim, 
+        Message message,
+        List<WSSecurityEngineResult> results,
+        List<WSSecurityEngineResult> signedResults,
+        List<WSSecurityEngineResult> encryptedResults
     ) {
         Collection<AssertionInfo> ais = aim.get(SP12Constants.SIGNED_SUPPORTING_TOKENS);
         if (ais == null || ais.isEmpty()) {                       
             return true;
         }
         
+        setMessage(message);
+        setResults(results);
+        setSignedResults(signedResults);
+        setEncryptedResults(encryptedResults);
+        
         for (AssertionInfo ai : ais) {
             SupportingToken binding = (SupportingToken)ai.getAssertion();
             if (SPConstants.SupportTokenType.SUPPORTING_TOKEN_SIGNED != binding.getTokenType())
{
                 continue;
             }
             ai.setAsserted(true);
-            setSigned(true);
             
             List<Token> tokens = binding.getTokens();
             for (Token token : tokens) {

Added: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SupportingTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SupportingTokenPolicyValidator.java?rev=1205884&view=auto
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SupportingTokenPolicyValidator.java
(added)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SupportingTokenPolicyValidator.java
Thu Nov 24 15:33:21 2011
@@ -0,0 +1,60 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.wss4j.policyvalidators;
+
+import java.util.List;
+
+import org.w3c.dom.Element;
+
+import org.apache.cxf.message.Message;
+import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.ws.security.WSSecurityEngineResult;
+
+/**
+ * Validate a WS-SecurityPolicy corresponding to a SupportingToken.
+ */
+public interface SupportingTokenPolicyValidator {
+    
+    /**
+     * Set the list of UsernameToken results
+     */
+    void setUsernameTokenResults(List<WSSecurityEngineResult> utResultsList, boolean
valUsernameToken);
+    
+    /**
+     * Set the list of SAMLToken results
+     */
+    void setSAMLTokenResults(List<WSSecurityEngineResult> samlResultsList);
+    
+    /**
+     * Set the Timestamp element
+     */
+    void setTimestampElement(Element timestampElement);
+    
+    /**
+     * Validate a particular policy from the AssertionInfoMap argument. Return true if the
policy is valid.
+     */
+    boolean validatePolicy(
+        AssertionInfoMap aim, 
+        Message message,
+        List<WSSecurityEngineResult> results,
+        List<WSSecurityEngineResult> signedResults,
+        List<WSSecurityEngineResult> encryptedResults
+    );
+}



Mime
View raw message