Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id A8078D948 for ; Thu, 16 May 2013 20:20:28 +0000 (UTC) Received: (qmail 27807 invoked by uid 500); 16 May 2013 20:20:28 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 27755 invoked by uid 500); 16 May 2013 20:20:28 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 27747 invoked by uid 99); 16 May 2013 20:20:28 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 16 May 2013 20:20:28 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 16 May 2013 20:20:24 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id F23E823889E3; Thu, 16 May 2013 20:20:02 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1483544 [2/2] - in /cxf/trunk/services/sts: sts-core/ sts-core/src/main/java/org/apache/cxf/sts/event/ sts-core/src/main/java/org/apache/cxf/sts/operation/ sts-war/ sts-war/src/main/resources/ sts-war/src/main/webapp/WEB-INF/ Date: Thu, 16 May 2013 20:20:01 -0000 To: commits@cxf.apache.org From: owulff@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20130516202002.F23E823889E3@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenValidateOperation.java URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenValidateOperation.java?rev=1483544&r1=1483543&r2=1483544&view=diff ============================================================================== --- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenValidateOperation.java (original) +++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenValidateOperation.java Thu May 16 20:20:00 2013 @@ -31,6 +31,8 @@ import org.apache.cxf.sts.QNameConstants import org.apache.cxf.sts.RealmParser; import org.apache.cxf.sts.STSConstants; import org.apache.cxf.sts.claims.RequestClaimCollection; +import org.apache.cxf.sts.event.STSValidateFailureEvent; +import org.apache.cxf.sts.event.STSValidateSuccessEvent; import org.apache.cxf.sts.request.ReceivedToken; import org.apache.cxf.sts.request.ReceivedToken.STATE; import org.apache.cxf.sts.request.RequestParser; @@ -39,6 +41,7 @@ import org.apache.cxf.sts.token.provider import org.apache.cxf.sts.token.provider.TokenProviderParameters; import org.apache.cxf.sts.token.provider.TokenProviderResponse; import org.apache.cxf.sts.token.provider.TokenReference; +import org.apache.cxf.sts.token.validator.TokenValidatorParameters; import org.apache.cxf.sts.token.validator.TokenValidatorResponse; import org.apache.cxf.ws.security.sts.provider.STSException; import org.apache.cxf.ws.security.sts.provider.model.LifetimeType; @@ -49,6 +52,7 @@ import org.apache.cxf.ws.security.sts.pr import org.apache.cxf.ws.security.sts.provider.model.StatusType; import org.apache.cxf.ws.security.sts.provider.operation.ValidateOperation; import org.apache.ws.security.WSSecurityException; +import org.springframework.context.ApplicationEvent; /** * An implementation of the ValidateOperation interface. @@ -61,101 +65,128 @@ public class TokenValidateOperation exte RequestSecurityTokenType request, WebServiceContext context ) { - RequestParser requestParser = parseRequest(request, context); + long start = System.currentTimeMillis(); + TokenValidatorParameters validatorParameters = new TokenValidatorParameters(); - TokenRequirements tokenRequirements = requestParser.getTokenRequirements(); - - ReceivedToken validateTarget = tokenRequirements.getValidateTarget(); - if (validateTarget == null || validateTarget.getToken() == null) { - throw new STSException("No element presented for validation", STSException.INVALID_REQUEST); - } - if (tokenRequirements.getTokenType() == null) { - tokenRequirements.setTokenType(STSConstants.STATUS); - LOG.fine( - "Received TokenType is null, falling back to default token type: " - + STSConstants.STATUS - ); - } - - // Get the realm of the request - String realm = null; - if (stsProperties.getRealmParser() != null) { - RealmParser realmParser = stsProperties.getRealmParser(); - realm = realmParser.parseRealm(context); - } - - TokenValidatorResponse tokenResponse = validateReceivedToken( - context, realm, tokenRequirements, validateTarget); - - if (tokenResponse == null) { - LOG.fine("No Token Validator has been found that can handle this token"); - tokenResponse = new TokenValidatorResponse(); - validateTarget.setState(STATE.INVALID); - tokenResponse.setToken(validateTarget); - } - - // - // Create a new token (if requested) - // - TokenProviderResponse tokenProviderResponse = null; - String tokenType = tokenRequirements.getTokenType(); - if (tokenResponse.getToken().getState() == STATE.VALID - && !STSConstants.STATUS.equals(tokenType)) { - TokenProviderParameters providerParameters = - createTokenProviderParameters(requestParser, context); - - processValidToken(providerParameters, validateTarget, tokenResponse); - - // Check if the requested claims can be handled by the configured claim handlers - RequestClaimCollection requestedClaims = providerParameters.getRequestedPrimaryClaims(); - checkClaimsSupport(requestedClaims); - requestedClaims = providerParameters.getRequestedSecondaryClaims(); - checkClaimsSupport(requestedClaims); - providerParameters.setClaimsManager(claimsManager); - - Map additionalProperties = tokenResponse.getAdditionalProperties(); - if (additionalProperties != null) { - providerParameters.setAdditionalProperties(additionalProperties); - } - realm = providerParameters.getRealm(); - for (TokenProvider tokenProvider : tokenProviders) { - boolean canHandle = false; - if (realm == null) { - canHandle = tokenProvider.canHandleToken(tokenType); - } else { - canHandle = tokenProvider.canHandleToken(tokenType, realm); + try { + RequestParser requestParser = parseRequest(request, context); + + TokenRequirements tokenRequirements = requestParser.getTokenRequirements(); + + validatorParameters.setStsProperties(stsProperties); + validatorParameters.setPrincipal(context.getUserPrincipal()); + validatorParameters.setWebServiceContext(context); + validatorParameters.setTokenStore(getTokenStore()); + + //validatorParameters.setKeyRequirements(keyRequirements); + validatorParameters.setTokenRequirements(tokenRequirements); + + ReceivedToken validateTarget = tokenRequirements.getValidateTarget(); + if (validateTarget == null || validateTarget.getToken() == null) { + throw new STSException("No element presented for validation", STSException.INVALID_REQUEST); + } + validatorParameters.setToken(validateTarget); + + if (tokenRequirements.getTokenType() == null) { + tokenRequirements.setTokenType(STSConstants.STATUS); + LOG.fine( + "Received TokenType is null, falling back to default token type: " + + STSConstants.STATUS + ); + } + + // Get the realm of the request + String realm = null; + if (stsProperties.getRealmParser() != null) { + RealmParser realmParser = stsProperties.getRealmParser(); + realm = realmParser.parseRealm(context); + } + validatorParameters.setRealm(realm); + + TokenValidatorResponse tokenResponse = validateReceivedToken( + context, realm, tokenRequirements, validateTarget); + + if (tokenResponse == null) { + LOG.fine("No Token Validator has been found that can handle this token"); + tokenResponse = new TokenValidatorResponse(); + validateTarget.setState(STATE.INVALID); + tokenResponse.setToken(validateTarget); + } + + // + // Create a new token (if requested) + // + TokenProviderResponse tokenProviderResponse = null; + String tokenType = tokenRequirements.getTokenType(); + if (tokenResponse.getToken().getState() == STATE.VALID + && !STSConstants.STATUS.equals(tokenType)) { + TokenProviderParameters providerParameters = + createTokenProviderParameters(requestParser, context); + + processValidToken(providerParameters, validateTarget, tokenResponse); + + // Check if the requested claims can be handled by the configured claim handlers + RequestClaimCollection requestedClaims = providerParameters.getRequestedPrimaryClaims(); + checkClaimsSupport(requestedClaims); + requestedClaims = providerParameters.getRequestedSecondaryClaims(); + checkClaimsSupport(requestedClaims); + providerParameters.setClaimsManager(claimsManager); + + Map additionalProperties = tokenResponse.getAdditionalProperties(); + if (additionalProperties != null) { + providerParameters.setAdditionalProperties(additionalProperties); } - if (canHandle) { - try { - tokenProviderResponse = tokenProvider.createToken(providerParameters); - } catch (STSException ex) { - LOG.log(Level.WARNING, "", ex); - throw ex; - } catch (RuntimeException ex) { - LOG.log(Level.WARNING, "", ex); - throw new STSException( - "Error in providing a token", ex, STSException.REQUEST_FAILED - ); + realm = providerParameters.getRealm(); + for (TokenProvider tokenProvider : tokenProviders) { + boolean canHandle = false; + if (realm == null) { + canHandle = tokenProvider.canHandleToken(tokenType); + } else { + canHandle = tokenProvider.canHandleToken(tokenType, realm); } - break; + if (canHandle) { + try { + tokenProviderResponse = tokenProvider.createToken(providerParameters); + } catch (STSException ex) { + LOG.log(Level.WARNING, "", ex); + throw ex; + } catch (RuntimeException ex) { + LOG.log(Level.WARNING, "", ex); + throw new STSException( + "Error in providing a token", ex, STSException.REQUEST_FAILED + ); + } + break; + } + } + if (tokenProviderResponse == null || tokenProviderResponse.getToken() == null) { + LOG.fine("No Token Provider has been found that can handle this token"); + throw new STSException( + "No token provider found for requested token type: " + tokenType, + STSException.REQUEST_FAILED + ); } } - if (tokenProviderResponse == null || tokenProviderResponse.getToken() == null) { - LOG.fine("No Token Provider has been found that can handle this token"); - throw new STSException( - "No token provider found for requested token type: " + tokenType, - STSException.REQUEST_FAILED - ); + + // prepare response + try { + RequestSecurityTokenResponseType response = + createResponse(tokenResponse, tokenProviderResponse, tokenRequirements); + ApplicationEvent event = new STSValidateSuccessEvent(validatorParameters, + System.currentTimeMillis() - start); + publishEvent(event); + return response; + } catch (Throwable ex) { + LOG.log(Level.WARNING, "", ex); + throw new STSException("Error in creating the response", ex, STSException.REQUEST_FAILED); } - } - - // prepare response - try { - return createResponse(tokenResponse, tokenProviderResponse, tokenRequirements); - } catch (Throwable ex) { - LOG.log(Level.WARNING, "", ex); - throw new STSException("Error in creating the response", ex, STSException.REQUEST_FAILED); - } + + } catch (RuntimeException ex) { + ApplicationEvent event = new STSValidateFailureEvent(validatorParameters, + System.currentTimeMillis() - start, ex); + publishEvent(event); + throw ex; + } } private RequestSecurityTokenResponseType createResponse( Modified: cxf/trunk/services/sts/sts-war/pom.xml URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-war/pom.xml?rev=1483544&r1=1483543&r2=1483544&view=diff ============================================================================== --- cxf/trunk/services/sts/sts-war/pom.xml (original) +++ cxf/trunk/services/sts/sts-war/pom.xml Thu May 16 20:20:00 2013 @@ -53,10 +53,10 @@ org.slf4j - slf4j-jdk14 + slf4j-log4j12 + ${cxf.slf4j.version} runtime - net.sf.ehcache ehcache-core Modified: cxf/trunk/services/sts/sts-war/src/main/resources/log4j.properties URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-war/src/main/resources/log4j.properties?rev=1483544&r1=1483543&r2=1483544&view=diff ============================================================================== --- cxf/trunk/services/sts/sts-war/src/main/resources/log4j.properties (original) +++ cxf/trunk/services/sts/sts-war/src/main/resources/log4j.properties Thu May 16 20:20:00 2013 @@ -1,36 +1,24 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -# Set root category priority to INFO and its only appender to CONSOLE. -log4j.rootCategory=FATAL, CONSOLE -#log4j.rootCategory=DEBUG, CONSOLE +log4j.rootLogger=INFO, CONSOLE, LOGFILE +log4j.logger.org.apache.cxf.sts.event.LoggerListener=DEBUG, AUDIT # CONSOLE is set to be a ConsoleAppender using a PatternLayout. log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender -log4j.appender.CONSOLE.Threshold=DEBUG +log4j.appender.CONSOLE.Threshold=INFO log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout -log4j.appender.CONSOLE.layout.ConversionPattern=- %m%n +log4j.appender.CONSOLE.layout.ConversionPattern=%d [%t] %-5p %c %x - %m%n # LOGFILE is set to be a File appender using a PatternLayout. log4j.appender.LOGFILE=org.apache.log4j.FileAppender -log4j.appender.LOGFILE.File=target/wss4j.log -log4j.appender.LOGFILE.Append=false -log4j.appender.LOGFILE.Threshold=DEBUG +log4j.appender.LOGFILE.File=${catalina.base}/logs/sts.log +log4j.appender.LOGFILE.Append=true +log4j.appender.LOGFILE.Threshold=INFO log4j.appender.LOGFILE.layout=org.apache.log4j.PatternLayout -log4j.appender.LOGFILE.layout.ConversionPattern=%-4r [%t] %-5p %c %x - %m%n +log4j.appender.LOGFILE.layout.ConversionPattern=%d [%t] %-5p %c %x - %m%n + +# LOGFILE is set to be a File appender using a PatternLayout. +log4j.appender.AUDIT=org.apache.log4j.FileAppender +log4j.appender.AUDIT.File=${catalina.base}/logs/audit.log +log4j.appender.AUDIT.Append=true +log4j.appender.AUDIT.Threshold=DEBUG +log4j.appender.AUDIT.layout=org.apache.log4j.PatternLayout +log4j.appender.AUDIT.layout.ConversionPattern=%m%n \ No newline at end of file Added: cxf/trunk/services/sts/sts-war/src/main/resources/org.apache.cxf.Logger URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-war/src/main/resources/org.apache.cxf.Logger?rev=1483544&view=auto ============================================================================== --- cxf/trunk/services/sts/sts-war/src/main/resources/org.apache.cxf.Logger (added) +++ cxf/trunk/services/sts/sts-war/src/main/resources/org.apache.cxf.Logger Thu May 16 20:20:00 2013 @@ -0,0 +1 @@ +org.apache.cxf.common.logging.Log4jLogger \ No newline at end of file Modified: cxf/trunk/services/sts/sts-war/src/main/webapp/WEB-INF/cxf-transport.xml URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-war/src/main/webapp/WEB-INF/cxf-transport.xml?rev=1483544&r1=1483543&r2=1483544&view=diff ============================================================================== --- cxf/trunk/services/sts/sts-war/src/main/webapp/WEB-INF/cxf-transport.xml (original) +++ cxf/trunk/services/sts/sts-war/src/main/webapp/WEB-INF/cxf-transport.xml Thu May 16 20:20:00 2013 @@ -38,6 +38,8 @@ + +