cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1393374 - in /cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j: AbstractWSS4JInterceptor.java PolicyBasedWSS4JInInterceptor.java WSS4JInInterceptor.java
Date Wed, 03 Oct 2012 09:36:40 GMT
Author: coheigea
Date: Wed Oct  3 09:36:40 2012
New Revision: 1393374

URL: http://svn.apache.org/viewvc?rev=1393374&view=rev
Log:
Merged revisions 1393360 via  git cherry-pick from
https://svn.apache.org/repos/asf/cxf/trunk

........
  r1393360 | coheigea | 2012-10-03 10:11:01 +0100 (Wed, 03 Oct 2012) | 3 lines

  [CXF-4539] - WS-Security inbound performance regression
   - Fix confirmed by Alessio.

........


Conflicts:

	rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java

Modified:
    cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
    cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
    cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java

Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java?rev=1393374&r1=1393373&r2=1393374&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
(original)
+++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
Wed Oct  3 09:36:40 2012
@@ -22,11 +22,11 @@ import java.io.InputStream;
 import java.net.URI;
 import java.net.URL;
 import java.util.Collection;
-import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Properties;
 import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
 
 import javax.xml.namespace.QName;
 
@@ -58,7 +58,8 @@ public abstract class AbstractWSS4JInter
         HEADERS.add(new QName(WSConstants.ENC_NS, "EncryptedData"));
     }
 
-    private Map<String, Object> properties = new HashMap<String, Object>();
+    private Map<String, Object> properties = new ConcurrentHashMap<String, Object>();
+    private Map<String, Crypto> cryptoMap = new ConcurrentHashMap<String, Crypto>();
     private Set<String> before = new HashSet<String>();
     private Set<String> after = new HashSet<String>();
     private String phase;
@@ -216,5 +217,49 @@ public abstract class AbstractWSS4JInter
             }
         }
     }
+    
+    // TODO Remove once we pick up WSS4J 1.6.8
+    @Override
+    protected Crypto loadCrypto(
+        String cryptoPropertyFile,
+        String cryptoPropertyRefId,
+        RequestData requestData
+    ) throws WSSecurityException {
+        Object mc = requestData.getMsgContext();
+        Crypto crypto = null;
+        
+        //
+        // Try the Property Ref Id first
+        //
+        String refId = getString(cryptoPropertyRefId, mc);
+        if (refId != null) {
+            crypto = cryptoMap.get(refId);
+            if (crypto == null) {
+                Object obj = getProperty(mc, refId);
+                if (obj instanceof Properties) {
+                    crypto = CryptoFactory.getInstance((Properties)obj);
+                    cryptoMap.put(refId, crypto);
+                } else if (obj instanceof Crypto) {
+                    crypto = (Crypto)obj;
+                    cryptoMap.put(refId, crypto);
+                }
+            }
+        }
+        
+        //
+        // Now try loading the properties file
+        //
+        if (crypto == null) {
+            String propFile = getString(cryptoPropertyFile, mc);
+            if (propFile != null) {
+                crypto = cryptoMap.get(propFile);
+                if (crypto == null) {
+                    crypto = loadCryptoFromPropertiesFile(propFile, requestData);
+                    cryptoMap.put(propFile, crypto);
+                }
+            } 
+        }
+        return crypto;
+    }
 
 }

Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=1393374&r1=1393373&r2=1393374&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
(original)
+++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
Wed Oct  3 09:36:40 2012
@@ -28,7 +28,6 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Properties;
-import java.util.concurrent.ConcurrentHashMap;
 import java.util.logging.Logger;
 
 import javax.xml.namespace.QName;
@@ -91,6 +90,7 @@ import org.apache.ws.security.WSDataRef;
 import org.apache.ws.security.WSSecurityEngineResult;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
 import org.apache.ws.security.handler.RequestData;
 import org.apache.ws.security.handler.WSHandlerConstants;
 import org.apache.ws.security.message.token.Timestamp;
@@ -100,7 +100,6 @@ import org.apache.ws.security.util.WSSec
  * 
  */
 public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor {
-    public static final String PROPERTIES_CACHE = "ws-security.properties.cache";
     public static final PolicyBasedWSS4JInInterceptor INSTANCE 
         = new PolicyBasedWSS4JInInterceptor();
     private static final Logger LOG = LogUtils.getL7dLogger(PolicyBasedWSS4JInInterceptor.class);
@@ -112,24 +111,8 @@ public class PolicyBasedWSS4JInIntercept
         super(true);
     }
     
-    protected static Map<Object, Properties> getPropertiesCache(SoapMessage message)
{
-        EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
-        synchronized (info) {
-            Map<Object, Properties> o = 
-                CastUtils.cast((Map<?, ?>)message.getContextualProperty(PROPERTIES_CACHE));
-            if (o == null) {
-                o = new ConcurrentHashMap<Object, Properties>();
-                info.setProperty(PROPERTIES_CACHE, o);
-            }
-            return o;
-        }
-    }
-
     private static Properties getProps(Object o, String propsKey, URL propsURL, SoapMessage
message) {
-        Properties properties = getPropertiesCache(message).get(propsKey);
-        if (properties != null) {
-            return properties;
-        }
+        Properties properties = null;
         if (o instanceof Properties) {
             properties = (Properties)o;
         } else if (propsURL != null) {
@@ -143,9 +126,6 @@ public class PolicyBasedWSS4JInIntercept
             }
         }
         
-        if (properties != null) {
-            getPropertiesCache(message).put(propsKey, properties);
-        }
         return properties;
     }
     
@@ -210,7 +190,7 @@ public class PolicyBasedWSS4JInIntercept
 
     private String checkAsymmetricBinding(
         AssertionInfoMap aim, String action, SoapMessage message
-    ) {
+    ) throws WSSecurityException {
         Collection<AssertionInfo> ais = aim.get(SP12Constants.ASYMMETRIC_BINDING);
         if (ais == null || ais.isEmpty()) {
             return action;
@@ -227,34 +207,25 @@ public class PolicyBasedWSS4JInIntercept
             e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
         }
         
-        if (s != null) {
-            URL propsURL = getPropertiesFileURL(s, message);
-            String propsKey = s.toString();
-            if (propsURL != null) {
-                propsKey = propsURL.getPath();
-            }
-            message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + propsKey);
-            if (s instanceof Crypto) {
-                message.put("RefId-" + propsKey, (Crypto)s);
-            } else {
-                message.put("RefId-" + propsKey, getProps(s, propsKey, propsURL, message));
-            }
-            if (e == null) {
-                e = s;
-            }
+        Crypto encrCrypto = getEncryptionCrypto(e, message);
+        Crypto signCrypto = null;
+        if (e != null && e.equals(s)) {
+            signCrypto = encrCrypto;
+        } else {
+            signCrypto = getSignatureCrypto(s, message);
         }
-        if (e != null) {
-            URL propsURL = getPropertiesFileURL(e, message);
-            String propsKey = e.toString();
-            if (propsURL != null) {
-                propsKey = propsURL.getPath();
-            }
-            message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + propsKey);
-            if (e instanceof Crypto) {
-                message.put("RefId-" + propsKey, (Crypto)e);
-            } else {
-                message.put("RefId-" + propsKey, getProps(e, propsKey, propsURL, message));
-            }
+        
+        if (signCrypto != null) {
+            message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
+            message.put("RefId-" + signCrypto.hashCode(), signCrypto);
+        }
+        
+        if (encrCrypto != null) {
+            message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + encrCrypto.hashCode());
+            message.put("RefId-" + encrCrypto.hashCode(), (Crypto)encrCrypto);
+        } else if (signCrypto != null) {
+            message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
+            message.put("RefId-" + signCrypto.hashCode(), (Crypto)signCrypto);
         }
      
         return action;
@@ -262,7 +233,7 @@ public class PolicyBasedWSS4JInIntercept
     
     private String checkTransportBinding(
         AssertionInfoMap aim, String action, SoapMessage message
-    ) {
+    ) throws WSSecurityException {
         Collection<AssertionInfo> ais = aim.get(SP12Constants.TRANSPORT_BINDING);
         if (ais == null || ais.isEmpty()) {
             return action;
@@ -279,34 +250,25 @@ public class PolicyBasedWSS4JInIntercept
             e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
         }
         
-        if (s != null) {
-            URL propsURL = getPropertiesFileURL(s, message);
-            String propsKey = s.toString();
-            if (propsURL != null) {
-                propsKey = propsURL.getPath();
-            }
-            message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + propsKey);
-            if (s instanceof Crypto) {
-                message.put("RefId-" + propsKey, (Crypto)s);
-            } else {
-                message.put("RefId-" + propsKey, getProps(s, propsKey, propsURL, message));
-            }
-            if (e == null) {
-                e = s;
-            }
+        Crypto encrCrypto = getEncryptionCrypto(e, message);
+        Crypto signCrypto = null;
+        if (e != null && e.equals(s)) {
+            signCrypto = encrCrypto;
+        } else {
+            signCrypto = getSignatureCrypto(s, message);
         }
-        if (e != null) {
-            URL propsURL = getPropertiesFileURL(e, message);
-            String propsKey = e.toString();
-            if (propsURL != null) {
-                propsKey = propsURL.getPath();
-            }
-            message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + propsKey);
-            if (e instanceof Crypto) {
-                message.put("RefId-" + propsKey, (Crypto)e);
-            } else {
-                message.put("RefId-" + propsKey, getProps(e, propsKey, propsURL, message));
-            }
+        
+        if (signCrypto != null) {
+            message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
+            message.put("RefId-" + signCrypto.hashCode(), signCrypto);
+        }
+        
+        if (encrCrypto != null) {
+            message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + encrCrypto.hashCode());
+            message.put("RefId-" + encrCrypto.hashCode(), (Crypto)encrCrypto);
+        } else if (signCrypto != null) {
+            message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
+            message.put("RefId-" + signCrypto.hashCode(), (Crypto)signCrypto);
         }
 
         return action;
@@ -314,7 +276,7 @@ public class PolicyBasedWSS4JInIntercept
     
     private String checkSymmetricBinding(
         AssertionInfoMap aim, String action, SoapMessage message
-    ) {
+    ) throws WSSecurityException {
         Collection<AssertionInfo> ais = aim.get(SP12Constants.SYMMETRIC_BINDING);
         if (ais == null || ais.isEmpty()) {
             return action;
@@ -331,71 +293,97 @@ public class PolicyBasedWSS4JInIntercept
             e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
         }
         
-        if (e != null && s == null) {
-            s = e;
-        } else if (s != null && e == null) {
-            e = s;
+        Crypto encrCrypto = getEncryptionCrypto(e, message);
+        Crypto signCrypto = null;
+        if (e != null && e.equals(s)) {
+            signCrypto = encrCrypto;
+        } else {
+            signCrypto = getSignatureCrypto(s, message);
         }
         
         if (isRequestor(message)) {
-            if (e != null) {
-                URL propsURL = getPropertiesFileURL(e, message);
-                String propsKey = e.toString();
-                if (propsURL != null) {
-                    propsKey = propsURL.getPath();
-                }
-                message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + propsKey);
-                if (e instanceof Crypto) {
-                    message.put("RefId-" + propsKey, (Crypto)e);
-                } else {
-                    message.put("RefId-" + propsKey, getProps(e, propsKey, propsURL, message));
-                }
+            Crypto crypto = encrCrypto;
+            if (crypto == null) {
+                crypto = signCrypto;
+            }
+            if (crypto != null) {
+                message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + crypto.hashCode());
+                message.put("RefId-" + crypto.hashCode(), crypto);
             }
-            if (s != null) {
-                URL propsURL = getPropertiesFileURL(s, message);
-                String propsKey = s.toString();
-                if (propsURL != null) {
-                    propsKey = propsURL.getPath();
-                }
-                message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + propsKey);
-                if (s instanceof Crypto) {
-                    message.put("RefId-" + propsKey, (Crypto)s);
-                } else {
-                    message.put("RefId-" + propsKey, getProps(s, propsKey, propsURL, message));
-                }
+            
+            crypto = signCrypto;
+            if (crypto == null) {
+                crypto = encrCrypto;
+            }
+            if (crypto != null) {
+                message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + crypto.hashCode());
+                message.put("RefId-" + crypto.hashCode(), crypto);
             }
         } else {
-            if (s != null) {
-                URL propsURL = getPropertiesFileURL(s, message);
-                String propsKey = s.toString();
-                if (propsURL != null) {
-                    propsKey = propsURL.getPath();
-                }
-                message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + propsKey);
-                if (s instanceof Crypto) {
-                    message.put("RefId-" + propsKey, (Crypto)s);
-                } else {
-                    message.put("RefId-" + propsKey, getProps(s, propsKey, propsURL, message));
-                }
+            Crypto crypto = signCrypto;
+            if (crypto == null) {
+                crypto = encrCrypto;
+            }
+            if (crypto != null) {
+                message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + crypto.hashCode());
+                message.put("RefId-" + crypto.hashCode(), crypto);
             }
-            if (e != null) {
-                URL propsURL = getPropertiesFileURL(e, message);
-                String propsKey = e.toString();
-                if (propsURL != null) {
-                    propsKey = propsURL.getPath();
-                }
-                message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + propsKey);
-                if (e instanceof Crypto) {
-                    message.put("RefId-" + propsKey, (Crypto)e);
-                } else {
-                    message.put("RefId-" + propsKey, getProps(e, propsKey, propsURL, message));
-                }
+            
+            crypto = encrCrypto;
+            if (crypto == null) {
+                crypto = signCrypto;
+            }
+            if (crypto != null) {
+                message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + crypto.hashCode());
+                message.put("RefId-" + crypto.hashCode(), crypto);
             }
         }
         
         return action;
     }
     
+    private Crypto getEncryptionCrypto(Object e, SoapMessage message) throws WSSecurityException
{
+        Crypto encrCrypto = null;
+        if (e instanceof Crypto) {
+            encrCrypto = (Crypto)e;
+        } else if (e != null) {
+            URL propsURL = getPropertiesFileURL(e, message);
+            String propsKey = e.toString();
+            if (propsURL != null) {
+                propsKey = propsURL.getPath();
+            }
+            Properties props = getProps(e, propsKey, propsURL, message);
+            encrCrypto = CryptoFactory.getInstance(props);
+            
+            EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
+            synchronized (info) {
+                info.setProperty(SecurityConstants.ENCRYPT_CRYPTO, encrCrypto);
+            }
+        }
+        return encrCrypto;
+    }
+    
+    private Crypto getSignatureCrypto(Object s, SoapMessage message) throws WSSecurityException
{
+        Crypto signCrypto = null;
+        if (s instanceof Crypto) {
+            signCrypto = (Crypto)s;
+        } else if (s != null) {
+            URL propsURL = getPropertiesFileURL(s, message);
+            String propsKey = s.toString();
+            if (propsURL != null) {
+                propsKey = propsURL.getPath();
+            }
+            Properties props = getProps(s, propsKey, propsURL, message);
+            signCrypto = CryptoFactory.getInstance(props);
+            
+            EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
+            synchronized (info) {
+                info.setProperty(SecurityConstants.SIGNATURE_CRYPTO, signCrypto);
+            }
+        }
+        return signCrypto;
+    }
+    
     private boolean assertXPathTokens(AssertionInfoMap aim, 
                                    QName name, 
                                    Collection<WSDataRef> refs,
@@ -482,7 +470,7 @@ public class PolicyBasedWSS4JInIntercept
         return true;
     }
     
-    protected void computeAction(SoapMessage message, RequestData data) {
+    protected void computeAction(SoapMessage message, RequestData data) throws WSSecurityException
{
         String action = getString(WSHandlerConstants.ACTION, message);
         if (action == null) {
             action = "";

Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1393374&r1=1393373&r2=1393374&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
(original)
+++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
Wed Oct  3 09:36:40 2012
@@ -423,7 +423,7 @@ public class WSS4JInInterceptor extends 
      * @param msg
      * @param reqData
      */
-    protected void computeAction(SoapMessage msg, RequestData reqData) {
+    protected void computeAction(SoapMessage msg, RequestData reqData) throws WSSecurityException
{
         //
         // Try to get Crypto Provider from message context properties. 
         // It gives a possibility to use external Crypto Provider 



Mime
View raw message