cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1483800 - in /cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security: policy/interceptors/ wss4j/
Date Fri, 17 May 2013 13:49:14 GMT
Author: coheigea
Date: Fri May 17 13:49:13 2013
New Revision: 1483800

URL: http://svn.apache.org/r1483800
Log:
Added an OutInterceptor for streaming WS-SecurityPolicy

Added:
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
      - copied, changed from r1483714, cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
Modified:
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityInterceptorProvider.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityInterceptorProvider.java?rev=1483800&r1=1483799&r2=1483800&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityInterceptorProvider.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityInterceptorProvider.java
Fri May 17 13:49:13 2013
@@ -28,6 +28,7 @@ import org.apache.cxf.ws.policy.Abstract
 import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor;
 import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor;
 import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JStaxInInterceptor;
+import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JStaxOutInterceptor;
 import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
 
@@ -56,6 +57,8 @@ public class WSSecurityInterceptorProvid
         this.getInInterceptors().add(PolicyBasedWSS4JInInterceptor.INSTANCE);
         this.getInFaultInterceptors().add(PolicyBasedWSS4JInInterceptor.INSTANCE);
         
+        this.getOutInterceptors().add(PolicyBasedWSS4JStaxOutInterceptor.INSTANCE);
+        this.getOutFaultInterceptors().add(PolicyBasedWSS4JStaxOutInterceptor.INSTANCE);
         this.getInInterceptors().add(PolicyBasedWSS4JStaxInInterceptor.INSTANCE);
         this.getInFaultInterceptors().add(PolicyBasedWSS4JStaxInInterceptor.INSTANCE);
     }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java?rev=1483800&r1=1483799&r2=1483800&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
Fri May 17 13:49:13 2013
@@ -29,6 +29,7 @@ import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.logging.Logger;
 
+import javax.security.auth.callback.CallbackHandler;
 import javax.xml.namespace.QName;
 
 import org.apache.cxf.binding.soap.SoapMessage;
@@ -149,6 +150,26 @@ public abstract class AbstractWSS4JStaxI
             }
         }
     }
+    
+    protected void configureCallbackHandler(SoapMessage soapMessage) throws WSSecurityException
{
+        Object o = soapMessage.getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
+        if (o instanceof String) {
+            try {
+                o = ClassLoaderUtils.loadClass((String)o, this.getClass()).newInstance();
+            } catch (Exception e) {
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
+            }
+        }            
+        if (o instanceof CallbackHandler) {
+            Map<String, Object> config = getProperties();
+            
+            if (securityProperties != null) {
+                securityProperties.setCallbackHandler((CallbackHandler)o);
+            } else {
+                config.put(ConfigurationConstants.PW_CALLBACK_REF, (CallbackHandler)o);
+            }
+        }
+    }
 
     public Set<URI> getRoles() {
         return null;

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java?rev=1483800&r1=1483799&r2=1483800&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
Fri May 17 13:49:13 2013
@@ -37,6 +37,7 @@ import org.apache.cxf.binding.soap.saaj.
 import org.apache.cxf.common.i18n.Message;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.phase.AbstractPhaseInterceptor;
 import org.apache.cxf.phase.Phase;
 import org.apache.cxf.phase.PhaseInterceptor;
@@ -77,11 +78,15 @@ public class PolicyBasedWSS4JOutIntercep
 
 
     public void handleMessage(SoapMessage mc) throws Fault {
-        if (mc.getContent(SOAPMessage.class) == null) {
-            saajOut.handleMessage(mc);
+        boolean enableStax = 
+            MessageUtils.isTrue(mc.getContextualProperty(SecurityConstants.ENABLE_STREAMING_SECURITY));
+        if (!enableStax) {
+            if (mc.getContent(SOAPMessage.class) == null) {
+                saajOut.handleMessage(mc);
+            }
+            mc.put(SECURITY_PROCESSED, Boolean.TRUE);
+            mc.getInterceptorChain().add(ending);
         }
-        mc.put(SECURITY_PROCESSED, Boolean.TRUE);
-        mc.getInterceptorChain().add(ending);
     }    
     public void handleFault(SoapMessage message) {
         saajOut.handleFault(message);

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java?rev=1483800&r1=1483799&r2=1483800&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
Fri May 17 13:49:13 2013
@@ -373,7 +373,7 @@ public class PolicyBasedWSS4JStaxInInter
                      bindingOperationInfos.iterator(); bindingOperationInfoIterator.hasNext();)
{
             BindingOperationInfo bindingOperationInfo = bindingOperationInfoIterator.next();
             QName operationName = bindingOperationInfo.getName();
-
+            
             // todo: I'm not sure what the effectivePolicy exactly contains,
             // a) only the operation policy,
             // or b) all policies for the service,
@@ -382,6 +382,10 @@ public class PolicyBasedWSS4JStaxInInter
             EffectivePolicy policy = 
                 (EffectivePolicy)bindingOperationInfo.getProperty("policy-engine-info-serve-request");
             //PolicyEngineImpl.POLICY_INFO_REQUEST_SERVER);
+            if (MessageUtils.isRequestor(msg)) {
+                policy = 
+                    (EffectivePolicy)bindingOperationInfo.getProperty("policy-engine-info-client-response");
+            }
             SoapOperationInfo soapOperationInfo = bindingOperationInfo.getExtensor(SoapOperationInfo.class);
 
             String soapNS;

Copied: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
(from r1483714, cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java)
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java?p2=cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java&p1=cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java&r1=1483714&r2=1483800&rev=1483800&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
Fri May 17 13:49:13 2013
@@ -22,14 +22,11 @@ package org.apache.cxf.ws.security.wss4j
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.URL;
-import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
-import java.util.Iterator;
-import java.util.LinkedList;
-import java.util.List;
+import java.util.Map;
 import java.util.Properties;
 import java.util.logging.Logger;
 
@@ -37,45 +34,39 @@ import javax.xml.namespace.QName;
 
 import org.apache.cxf.Bus;
 import org.apache.cxf.binding.soap.SoapMessage;
-import org.apache.cxf.binding.soap.model.SoapBindingInfo;
-import org.apache.cxf.binding.soap.model.SoapOperationInfo;
 import org.apache.cxf.common.classloader.ClassLoaderUtils;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.resource.ResourceManager;
-import org.apache.cxf.service.model.BindingInfo;
-import org.apache.cxf.service.model.BindingOperationInfo;
 import org.apache.cxf.service.model.EndpointInfo;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
-import org.apache.cxf.ws.policy.EffectivePolicy;
 import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.wss4j.common.ConfigurationConstants;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.CryptoFactory;
 import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.handler.WSHandlerConstants;
 import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.SPConstants;
-import org.apache.wss4j.policy.WSSPolicyException;
-import org.apache.wss4j.policy.stax.OperationPolicy;
-import org.apache.wss4j.policy.stax.PolicyEnforcer;
-import org.apache.wss4j.policy.stax.PolicyInputProcessor;
-import org.apache.wss4j.stax.ext.WSSSecurityProperties;
-import org.apache.xml.security.stax.securityEvent.SecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SecurityEventListener;
+import org.apache.wss4j.policy.SPConstants.IncludeTokenType;
+import org.apache.wss4j.policy.model.AbstractBinding;
+import org.apache.wss4j.policy.model.UsernameToken;
+import org.apache.wss4j.policy.model.UsernameToken.PasswordType;
 
 /**
  * 
  */
-public class PolicyBasedWSS4JStaxInInterceptor extends WSS4JStaxInInterceptor {
-    public static final PolicyBasedWSS4JStaxInInterceptor INSTANCE 
-        = new PolicyBasedWSS4JStaxInInterceptor();
-    private static final Logger LOG = LogUtils.getL7dLogger(PolicyBasedWSS4JStaxInInterceptor.class);
+public class PolicyBasedWSS4JStaxOutInterceptor extends WSS4JStaxOutInterceptor {
+    public static final PolicyBasedWSS4JStaxOutInterceptor INSTANCE 
+        = new PolicyBasedWSS4JStaxOutInterceptor();
+    private static final Logger LOG = LogUtils.getL7dLogger(PolicyBasedWSS4JStaxOutInterceptor.class);
 
-    public PolicyBasedWSS4JStaxInInterceptor() {
+    public PolicyBasedWSS4JStaxOutInterceptor() {
         super(new HashMap<String, Object>());
     }
     
@@ -84,8 +75,8 @@ public class PolicyBasedWSS4JStaxInInter
         boolean enableStax = 
             MessageUtils.isTrue(msg.getContextualProperty(SecurityConstants.ENABLE_STREAMING_SECURITY));
         if (aim != null && enableStax) {
+            getProperties().clear();
             super.handleMessage(msg);
-            msg.getInterceptorChain().add(new PolicyStaxActionInInterceptor());
         }
     }
     
@@ -177,15 +168,15 @@ public class PolicyBasedWSS4JStaxInInter
         }
         
         if (signCrypto != null) {
-            message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
+            message.put(WSHandlerConstants.ENC_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
             message.put("RefId-" + signCrypto.hashCode(), signCrypto);
         }
         
         if (encrCrypto != null) {
-            message.put(WSHandlerConstants.SIG_VER_PROP_REF_ID, "RefId-" + encrCrypto.hashCode());
+            message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + encrCrypto.hashCode());
             message.put("RefId-" + encrCrypto.hashCode(), (Crypto)encrCrypto);
         } else if (signCrypto != null) {
-            message.put(WSHandlerConstants.SIG_VER_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
+            message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
             message.put("RefId-" + signCrypto.hashCode(), (Crypto)signCrypto);
         }
     }
@@ -217,15 +208,15 @@ public class PolicyBasedWSS4JStaxInInter
         }
         
         if (signCrypto != null) {
-            message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
+            message.put(WSHandlerConstants.ENC_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
             message.put("RefId-" + signCrypto.hashCode(), signCrypto);
         }
         
         if (encrCrypto != null) {
-            message.put(WSHandlerConstants.SIG_VER_PROP_REF_ID, "RefId-" + encrCrypto.hashCode());
+            message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + encrCrypto.hashCode());
             message.put("RefId-" + encrCrypto.hashCode(), (Crypto)encrCrypto);
         } else if (signCrypto != null) {
-            message.put(WSHandlerConstants.SIG_VER_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
+            message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
             message.put("RefId-" + signCrypto.hashCode(), (Crypto)signCrypto);
         }
     }
@@ -262,7 +253,7 @@ public class PolicyBasedWSS4JStaxInInter
                 crypto = signCrypto;
             }
             if (crypto != null) {
-                message.put(WSHandlerConstants.SIG_VER_PROP_REF_ID, "RefId-" + crypto.hashCode());
+                message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + crypto.hashCode());
                 message.put("RefId-" + crypto.hashCode(), crypto);
             }
             
@@ -271,7 +262,7 @@ public class PolicyBasedWSS4JStaxInInter
                 crypto = encrCrypto;
             }
             if (crypto != null) {
-                message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + crypto.hashCode());
+                message.put(WSHandlerConstants.ENC_PROP_REF_ID, "RefId-" + crypto.hashCode());
                 message.put("RefId-" + crypto.hashCode(), crypto);
             }
         } else {
@@ -280,7 +271,7 @@ public class PolicyBasedWSS4JStaxInInter
                 crypto = encrCrypto;
             }
             if (crypto != null) {
-                message.put(WSHandlerConstants.SIG_VER_PROP_REF_ID, "RefId-" + crypto.hashCode());
+                message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + crypto.hashCode());
                 message.put("RefId-" + crypto.hashCode(), crypto);
             }
             
@@ -289,7 +280,7 @@ public class PolicyBasedWSS4JStaxInInter
                 crypto = signCrypto;
             }
             if (crypto != null) {
-                message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + crypto.hashCode());
+                message.put(WSHandlerConstants.ENC_PROP_REF_ID, "RefId-" + crypto.hashCode());
                 message.put("RefId-" + crypto.hashCode(), crypto);
             }
         }
@@ -341,6 +332,13 @@ public class PolicyBasedWSS4JStaxInInter
         return signCrypto;
     }
     
+    private void configureActions(
+        AssertionInfoMap aim, SoapMessage message
+    ) throws WSSecurityException {
+        configureUsernameToken(aim, message);
+        configureTimestamp(aim, message);
+    }
+    
     @Override
     protected void configureProperties(SoapMessage msg) throws WSSecurityException {
         AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
@@ -348,76 +346,110 @@ public class PolicyBasedWSS4JStaxInInter
         checkSymmetricBinding(aim, msg);
         checkTransportBinding(aim, msg);
         
+        configureActions(aim, msg);
+        
         super.configureProperties(msg);
     }
     
-    @Override
-    protected SecurityEventListener configureSecurityEventListener(
-        SoapMessage msg, WSSSecurityProperties securityProperties
-    ) throws WSSPolicyException {
-        Endpoint endoint = msg.getExchange().get(Endpoint.class);
-        
-        PolicyEnforcer policyEnforcer = createPolicyEnforcer(endoint.getEndpointInfo(), msg);
-        securityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, securityProperties));
+    private void configureUsernameToken(
+        AssertionInfoMap aim, SoapMessage message
+    ) throws WSSecurityException {
+        Map<String, Object> config = getProperties();
+                                  
+        Collection<AssertionInfo> ais = 
+            getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN);
+        if (ais != null && ais.size() > 0) {
+            UsernameToken usernameToken = (UsernameToken)ais.iterator().next().getAssertion();
+            IncludeTokenType includeToken = usernameToken.getIncludeTokenType();
+            if (!isTokenRequired(includeToken, message)) {
+                return;
+            }
+            
+            // Action
+            if (config.containsKey(ConfigurationConstants.ACTION)) {
+                String action = (String)config.get(ConfigurationConstants.ACTION);
+                config.put(ConfigurationConstants.ACTION, 
+                           action + " " + ConfigurationConstants.USERNAME_TOKEN);
+            } else {
+                config.put(ConfigurationConstants.ACTION, 
+                           ConfigurationConstants.USERNAME_TOKEN);
+            }
 
-        return policyEnforcer;
+            // Password Type
+            PasswordType passwordType = usernameToken.getPasswordType();
+            if (passwordType == PasswordType.HashPassword) {
+                config.put(ConfigurationConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST);
+            } else if (passwordType == PasswordType.NoPassword) {
+                config.put(ConfigurationConstants.PASSWORD_TYPE, WSConstants.PW_NONE);
+            } else {
+                config.put(ConfigurationConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
+            }
+            
+            // Nonce + Created
+            if (usernameToken.isNonce()) {
+                config.put(ConfigurationConstants.ADD_USERNAMETOKEN_NONCE, "true");
+            }
+            if (usernameToken.isCreated()) {
+                config.put(ConfigurationConstants.ADD_USERNAMETOKEN_CREATED, "true");
+            }
+        }
     }
     
-    private PolicyEnforcer createPolicyEnforcer(
-        EndpointInfo endpointInfo, SoapMessage msg
-    ) throws WSSPolicyException {
-
-        List<OperationPolicy> operationPolicies = new ArrayList<OperationPolicy>();
-        Collection<BindingOperationInfo> bindingOperationInfos = endpointInfo.getBinding().getOperations();
-        for (Iterator<BindingOperationInfo> bindingOperationInfoIterator =
-                     bindingOperationInfos.iterator(); bindingOperationInfoIterator.hasNext();)
{
-            BindingOperationInfo bindingOperationInfo = bindingOperationInfoIterator.next();
-            QName operationName = bindingOperationInfo.getName();
-
-            // todo: I'm not sure what the effectivePolicy exactly contains,
-            // a) only the operation policy,
-            // or b) all policies for the service,
-            // or c) all policies which applies for the current operation.
-            // c) is that what we need for stax.
-            EffectivePolicy policy = 
-                (EffectivePolicy)bindingOperationInfo.getProperty("policy-engine-info-serve-request");
-            //PolicyEngineImpl.POLICY_INFO_REQUEST_SERVER);
-            SoapOperationInfo soapOperationInfo = bindingOperationInfo.getExtensor(SoapOperationInfo.class);
-
-            String soapNS;
-            BindingInfo bindingInfo = bindingOperationInfo.getBinding();
-            if (bindingInfo instanceof SoapBindingInfo) {
-                soapNS = ((SoapBindingInfo)bindingInfo).getSoapVersion().getNamespace();
+    private void configureTimestamp(
+        AssertionInfoMap aim, SoapMessage message
+    ) throws WSSecurityException {
+        Map<String, Object> config = getProperties();
+        
+        AbstractBinding binding = getBinding(aim);
+        if (binding != null && binding.isIncludeTimestamp()) {
+            // Action
+            if (config.containsKey(ConfigurationConstants.ACTION)) {
+                String action = (String)config.get(ConfigurationConstants.ACTION);
+                config.put(ConfigurationConstants.ACTION, 
+                           action + " " + ConfigurationConstants.TIMESTAMP);
             } else {
-                //no idea what todo here...
-                //most probably throw an exception:
-                throw new IllegalArgumentException("BindingInfo is not an instance of SoapBindingInfo");
+                config.put(ConfigurationConstants.ACTION, 
+                           ConfigurationConstants.TIMESTAMP);
             }
+        }
+    }
 
-            //todo: I think its a bug that we handover only the localPart of the operation.

-            // Needs to be fixed in ws-security-policy-stax
-            OperationPolicy operationPolicy = new OperationPolicy(operationName.getLocalPart());
-            operationPolicy.setPolicy(policy.getPolicy());
-            operationPolicy.setOperationAction(soapOperationInfo.getAction());
-            operationPolicy.setSoapMessageVersionNamespace(soapNS);
-            
-            operationPolicies.add(operationPolicy);
+    private AbstractBinding getBinding(
+        AssertionInfoMap aim
+    ) throws WSSecurityException {
+        Collection<AssertionInfo> ais = 
+            getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
+        if (ais != null && ais.size() > 0) {
+            return (AbstractBinding)ais.iterator().next().getAssertion();
         }
         
-        final List<SecurityEvent> incomingSecurityEventList = new LinkedList<SecurityEvent>();
-        // TODO Soap Action
-        PolicyEnforcer securityEventListener = new PolicyEnforcer(operationPolicies, "")
{
-            @Override
-            public void registerSecurityEvent(SecurityEvent securityEvent) throws WSSecurityException
{
-                incomingSecurityEventList.add(securityEvent);
-                super.registerSecurityEvent(securityEvent);
-            }
-        };
+        ais = getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
+        if (ais != null && ais.size() > 0) {
+            return (AbstractBinding)ais.iterator().next().getAssertion();
+        }
         
-        msg.getExchange().put(SecurityEvent.class.getName() + ".in", incomingSecurityEventList);
-        msg.put(SecurityEvent.class.getName() + ".in", incomingSecurityEventList);
+        ais = getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
+        if (ais != null && ais.size() > 0) {
+            return (AbstractBinding)ais.iterator().next().getAssertion();
+        }
         
-        return securityEventListener;
+        return null;
     }
     
+    private boolean isTokenRequired(IncludeTokenType includeToken, SoapMessage soapMessage)
{
+        if (includeToken == IncludeTokenType.INCLUDE_TOKEN_NEVER) {
+            return false;
+        } else if (includeToken == IncludeTokenType.INCLUDE_TOKEN_ALWAYS) {
+            return true;
+        } else {
+            boolean initiator = MessageUtils.isRequestor(soapMessage);
+            if (initiator && (includeToken == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT
+                || includeToken == IncludeTokenType.INCLUDE_TOKEN_ONCE)) {
+                return true;
+            } else if (!initiator && includeToken == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR)
{
+                return true;
+            }
+            return false;
+        }
+    }
 }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java?rev=1483800&r1=1483799&r2=1483800&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
Fri May 17 13:49:13 2013
@@ -24,7 +24,6 @@ import java.util.List;
 import java.util.Map;
 import java.util.logging.Logger;
 
-import javax.security.auth.callback.CallbackHandler;
 import javax.xml.stream.XMLStreamException;
 import javax.xml.stream.XMLStreamReader;
 
@@ -229,27 +228,6 @@ public class WSS4JStaxInInterceptor exte
         }
     }
     
-    private void configureCallbackHandler(SoapMessage soapMessage) throws WSSecurityException
{
-        Object o = soapMessage.getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
-        if (o instanceof String) {
-            try {
-                o = ClassLoaderUtils.loadClass((String)o, this.getClass()).newInstance();
-            } catch (Exception e) {
-                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
-            }
-        }            
-        if (o instanceof CallbackHandler) {
-            WSSSecurityProperties securityProperties = getSecurityProperties();
-            Map<String, Object> config = getProperties();
-            
-            if (securityProperties != null) {
-                securityProperties.setCallbackHandler((CallbackHandler)o);
-            } else {
-                config.put(ConfigurationConstants.PW_CALLBACK_REF, (CallbackHandler)o);
-            }
-        }
-    }
-
     /**
      * Create a SoapFault from a WSSecurityException, following the SOAP Message Security
      * 1.1 specification, chapter 12 "Error Handling".

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java?rev=1483800&r1=1483799&r2=1483800&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
Fri May 17 13:49:13 2013
@@ -19,7 +19,7 @@
 package org.apache.cxf.ws.security.wss4j;
 
 import java.io.OutputStream;
-import java.util.ArrayList;
+import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
 
@@ -36,9 +36,11 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.phase.AbstractPhaseInterceptor;
 import org.apache.cxf.phase.Phase;
+import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.wss4j.common.ConfigurationConstants;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.policy.WSSPolicyException;
 import org.apache.wss4j.stax.ConfigurationConverter;
 import org.apache.wss4j.stax.WSSec;
 import org.apache.wss4j.stax.ext.OutboundWSSec;
@@ -61,7 +63,7 @@ public class WSS4JStaxOutInterceptor ext
     
     private boolean mtomEnabled;
     
-    public WSS4JStaxOutInterceptor(WSSSecurityProperties securityProperties) throws WSSecurityException
{
+    public WSS4JStaxOutInterceptor(WSSSecurityProperties securityProperties) {
         super();
         setPhase(Phase.PRE_STREAM);
         getBefore().add(StaxOutInterceptor.class.getName());
@@ -70,7 +72,7 @@ public class WSS4JStaxOutInterceptor ext
         setSecurityProperties(securityProperties);
     }
 
-    public WSS4JStaxOutInterceptor(Map<String, Object> props) throws WSSecurityException
{
+    public WSS4JStaxOutInterceptor(Map<String, Object> props) {
         super(props);
         setPhase(Phase.PRE_STREAM);
         getBefore().add(StaxOutInterceptor.class.getName());
@@ -107,15 +109,6 @@ public class WSS4JStaxOutInterceptor ext
         OutputStream os = mc.getContent(OutputStream.class);
         String encoding = getEncoding(mc);
 
-        final List<SecurityEvent> outgoingSecurityEventList = new ArrayList<SecurityEvent>();
-        SecurityEventListener securityEventListener = new SecurityEventListener() {
-            @Override
-            public void registerSecurityEvent(SecurityEvent securityEvent) throws WSSecurityException
{
-                outgoingSecurityEventList.add(securityEvent);
-            }
-        };
-        mc.getExchange().put(SecurityEvent.class.getName() + ".out", outgoingSecurityEventList);
-
         XMLStreamWriter newXMLStreamWriter;
         try {
             @SuppressWarnings("unchecked")
@@ -124,21 +117,28 @@ public class WSS4JStaxOutInterceptor ext
             
             translateProperties(mc);
             configureProperties(mc);
+            configureCallbackHandler(mc);
             
             OutboundWSSec outboundWSSec = null;
+            WSSSecurityProperties secProps = null;
             if (getSecurityProperties() != null) {
-                outboundWSSec = WSSec.getOutboundWSSec(getSecurityProperties());
+                secProps = getSecurityProperties();
             } else {
-                WSSSecurityProperties convertedProperties = 
-                    ConfigurationConverter.convert(getProperties());
-                outboundWSSec = WSSec.getOutboundWSSec(convertedProperties);
+                secProps = ConfigurationConverter.convert(getProperties());
             }
             
+            SecurityEventListener securityEventListener = 
+                configureSecurityEventListener(mc, secProps);
+            
+            outboundWSSec = WSSec.getOutboundWSSec(secProps);
+            
             newXMLStreamWriter = 
                 outboundWSSec.processOutMessage(os, encoding, requestSecurityEvents, securityEventListener);
             mc.setContent(XMLStreamWriter.class, newXMLStreamWriter);
         } catch (WSSecurityException e) {
             throw new Fault(e);
+        } catch (WSSPolicyException e) {
+            throw new Fault(e);
         }
 
         mc.put(AbstractOutDatabindingInterceptor.DISABLE_OUTPUTSTREAM_OPTIMIZATION, Boolean.TRUE);
@@ -159,11 +159,40 @@ public class WSS4JStaxOutInterceptor ext
         
     }
     
-    private void configureProperties(SoapMessage msg) throws WSSecurityException {
+    protected SecurityEventListener configureSecurityEventListener(
+        SoapMessage msg, WSSSecurityProperties securityProperties
+    ) throws WSSPolicyException {
+        final List<SecurityEvent> outgoingSecurityEventList = new LinkedList<SecurityEvent>();
+        SecurityEventListener securityEventListener = new SecurityEventListener() {
+            @Override
+            public void registerSecurityEvent(SecurityEvent securityEvent) throws WSSecurityException
{
+                outgoingSecurityEventList.add(securityEvent);
+            }
+        };
+        msg.getExchange().put(SecurityEvent.class.getName() + ".out", outgoingSecurityEventList);
+        msg.put(SecurityEvent.class.getName() + ".out", outgoingSecurityEventList);
+
+        return securityEventListener;
+    }
+    
+    protected void configureProperties(SoapMessage msg) throws WSSecurityException {
         Map<String, Object> config = getProperties();
         
         // Crypto loading only applies for Map
         if (config != null) {
+            String user = (String)msg.getContextualProperty(SecurityConstants.USERNAME);
+            if (user != null) {
+                config.put(ConfigurationConstants.USER, user);
+            }
+            String sigUser = (String)msg.getContextualProperty(SecurityConstants.SIGNATURE_USERNAME);
+            if (sigUser != null) {
+                config.put(ConfigurationConstants.SIGNATURE_USER, sigUser);
+            }
+            String encUser = (String)msg.getContextualProperty(SecurityConstants.ENCRYPT_USERNAME);
+            if (encUser != null) {
+                config.put(ConfigurationConstants.ENCRYPTION_USER, encUser);
+            }
+            
             Crypto sigCrypto = 
                 loadCrypto(
                     msg,



Mime
View raw message