cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1533096 - in /cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security: policy/interceptors/ wss4j/ wss4j/policyhandlers/
Date Thu, 17 Oct 2013 14:53:42 GMT
Author: coheigea
Date: Thu Oct 17 14:53:41 2013
New Revision: 1533096

URL: http://svn.apache.org/r1533096
Log:
Some fixes to allow streaming SecureConversation for the inbound server case

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java?rev=1533096&r1=1533095&r2=1533096&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
Thu Oct 17 14:53:41 2013
@@ -225,6 +225,7 @@ abstract class STSInvoker implements Inv
             ref.setValueType(refValueType);
         }
         SecurityTokenReference str = new SecurityTokenReference(writer.getDocument());
+        str.addWSSENamespace();
         str.setReference(ref);
 
         writer.getCurrentNode().appendChild(str.getElement());

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java?rev=1533096&r1=1533095&r2=1533096&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
Thu Oct 17 14:53:41 2013
@@ -28,9 +28,9 @@ import java.util.logging.Logger;
 import javax.xml.namespace.QName;
 
 import org.w3c.dom.Element;
-
 import org.apache.cxf.binding.soap.SoapBindingConstants;
 import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.binding.soap.interceptor.SoapActionInInterceptor;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.helpers.DOMUtils;
@@ -52,6 +52,7 @@ import org.apache.cxf.ws.security.trust.
 import org.apache.cxf.ws.security.trust.STSClient;
 import org.apache.cxf.ws.security.trust.STSUtils;
 import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
+import org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor;
 import org.apache.neethi.All;
 import org.apache.neethi.Assertion;
 import org.apache.neethi.ExactlyOne;
@@ -73,8 +74,8 @@ class SecureConversationInInterceptor ex
 
     
     public SecureConversationInInterceptor() {
-        super(Phase.PRE_PROTOCOL);
-        getBefore().add(WSS4JInInterceptor.class.getName());
+        super(Phase.PRE_STREAM);
+        getBefore().add(WSS4JStaxInInterceptor.class.getName());
     }
     private AbstractBinding getBinding(AssertionInfoMap aim) {
         Collection<AssertionInfo> ais = 
@@ -116,6 +117,9 @@ class SecureConversationInInterceptor ex
                 return;
             }
             String s = (String)message.get(SoapBindingConstants.SOAP_ACTION);
+            if (s == null) {
+                s = SoapActionInInterceptor.getSoapAction(message);
+            }
             String addNs = null;
             AddressingProperties inProps = (AddressingProperties)message
                 .getContextualProperty(JAXWSAConstants.SERVER_ADDRESSING_PROPERTIES_INBOUND);

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java?rev=1533096&r1=1533095&r2=1533096&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
Thu Oct 17 14:53:41 2013
@@ -164,8 +164,11 @@ public final class WSS4JUtils {
         org.apache.xml.security.stax.securityToken.SecurityToken securityToken,
         Message message
     ) throws XMLSecurityException {
-        if (securityToken != null 
-            && getTokenStore(message).getToken(securityToken.getId()) == null) {
+        if (securityToken == null) {
+            return null;
+        }
+        SecurityToken existingToken = getTokenStore(message).getToken(securityToken.getId());
+        if (existingToken == null) {
             Date created = new Date();
             Date expires = new Date();
             expires.setTime(created.getTime() + 300000);
@@ -182,6 +185,9 @@ public final class WSS4JUtils {
                     cachedTok.setTokenType(WSSConstants.NS_SAML11_TOKEN_PROFILE_TYPE);
                 } else if (securityToken.getTokenType() == WSSecurityTokenConstants.Saml20Token)
{
                     cachedTok.setTokenType(WSSConstants.NS_SAML20_TOKEN_PROFILE_TYPE);
+                } else if (securityToken.getTokenType() == WSSecurityTokenConstants.SecureConversationToken
+                    || securityToken.getTokenType() == WSSecurityTokenConstants.SecurityContextToken)
{
+                    cachedTok.setTokenType(WSSConstants.NS_WSC_05_02);
                 }
             }
 
@@ -199,7 +205,7 @@ public final class WSS4JUtils {
 
             return cachedTok.getId();
         }
-        return null;
+        return existingToken.getId();
 
     }
 

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java?rev=1533096&r1=1533095&r2=1533096&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
Thu Oct 17 14:53:41 2013
@@ -102,6 +102,9 @@ import org.apache.xml.security.exception
 import org.apache.xml.security.stax.ext.SecurePart;
 import org.apache.xml.security.stax.ext.SecurePart.Modifier;
 import org.apache.xml.security.stax.impl.securityToken.GenericOutboundSecurityToken;
+import org.apache.xml.security.stax.securityEvent.SecurityEvent;
+import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
+import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
 import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
 import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;
 import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
@@ -1190,4 +1193,21 @@ public abstract class AbstractStaxBindin
         }
         return null;
     }
+    
+    protected org.apache.xml.security.stax.securityToken.SecurityToken 
+    findInboundSecurityToken(SecurityEventConstants.Event event) throws XMLSecurityException
{
+        @SuppressWarnings("unchecked")
+        final List<SecurityEvent> incomingEventList = 
+            (List<SecurityEvent>) message.getExchange().get(SecurityEvent.class.getName()
+ ".in");
+        if (incomingEventList != null) {
+            for (SecurityEvent incomingEvent : incomingEventList) {
+                if (event == incomingEvent.getSecurityEventType()) {
+                    org.apache.xml.security.stax.securityToken.SecurityToken token = 
+                        ((TokenSecurityEvent<?>)incomingEvent).getSecurityToken();
+                    return token;
+                }
+            }
+        }
+        return null;
+    }
 }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java?rev=1533096&r1=1533095&r2=1533096&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
Thu Oct 17 14:53:41 2013
@@ -59,7 +59,6 @@ import org.apache.wss4j.policy.model.Sym
 import org.apache.wss4j.policy.model.UsernameToken;
 import org.apache.wss4j.policy.model.X509Token;
 import org.apache.wss4j.stax.ext.WSSConstants;
-import org.apache.wss4j.stax.securityEvent.SamlTokenSecurityEvent;
 import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
 import org.apache.xml.security.algorithms.JCEMapper;
 import org.apache.xml.security.exceptions.XMLSecurityException;
@@ -155,7 +154,7 @@ public class StaxSymmetricBindingHandler
                 addIssuedToken((IssuedToken)encryptionToken, tok, false, true);
                 if (tok == null && !isRequestor()) {
                     org.apache.xml.security.stax.securityToken.SecurityToken securityToken
= 
-                        findIssuedToken();
+                        findInboundSecurityToken(WSSecurityEventConstants.SamlToken);
                     tokenId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken,
message);
                 }
             } else if (encryptionToken instanceof SecureConversationToken
@@ -171,6 +170,10 @@ public class StaxSymmetricBindingHandler
                     } else {
                         config.put(ConfigurationConstants.ACTION, actionToPerform);
                     }
+                } else if (tok == null && !isRequestor()) {
+                    org.apache.xml.security.stax.securityToken.SecurityToken securityToken
= 
+                        findInboundSecurityToken(WSSecurityEventConstants.SecurityContextToken);
+                    tokenId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken,
message);
                 }
             } else if (encryptionToken instanceof X509Token) {
                 if (isRequestor()) {
@@ -272,7 +275,7 @@ public class StaxSymmetricBindingHandler
                     addIssuedToken((IssuedToken)sigToken, sigTok, false, true);
                     if (sigTok == null && !isRequestor()) {
                         org.apache.xml.security.stax.securityToken.SecurityToken securityToken
= 
-                            findIssuedToken();
+                            findInboundSecurityToken(WSSecurityEventConstants.SamlToken);
                         sigTokId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken,
message);
                     }
                 } else if (sigToken instanceof SecureConversationToken
@@ -288,6 +291,10 @@ public class StaxSymmetricBindingHandler
                         } else {
                             config.put(ConfigurationConstants.ACTION, actionToPerform);
                         }
+                    } else if (sigTok == null && !isRequestor()) {
+                        org.apache.xml.security.stax.securityToken.SecurityToken securityToken
= 
+                            findInboundSecurityToken(WSSecurityEventConstants.SecurityContextToken);
+                        sigTokId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken,
message);
                     }
                 } else if (sigToken instanceof X509Token) {
                     if (isRequestor()) {
@@ -396,11 +403,12 @@ public class StaxSymmetricBindingHandler
                 AlgorithmSuiteType algSuiteType = sbinding.getAlgorithmSuite().getAlgorithmSuiteType();
                 config.put(ConfigurationConstants.DERIVED_ENCRYPTION_KEY_LENGTH,
                            "" + algSuiteType.getEncryptionDerivedKeyLength() / 8);
-                if (recToken.getVersion() == SPConstants.SPVersion.SP12) {
-                    config.put(ConfigurationConstants.USE_2005_12_NAMESPACE, "true");
-                }
             }
 
+            if (recToken.getVersion() == SPConstants.SPVersion.SP12) {
+                config.put(ConfigurationConstants.USE_2005_12_NAMESPACE, "true");
+            }
+            
             if (config.containsKey(ConfigurationConstants.ACTION)) {
                 String action = (String)config.get(ConfigurationConstants.ACTION);
                 config.put(ConfigurationConstants.ACTION, action + " " + actionToPerform);
@@ -477,9 +485,10 @@ public class StaxSymmetricBindingHandler
             AlgorithmSuiteType algSuiteType = sbinding.getAlgorithmSuite().getAlgorithmSuiteType();
             config.put(ConfigurationConstants.DERIVED_SIGNATURE_KEY_LENGTH,
                        "" + algSuiteType.getSignatureDerivedKeyLength() / 8);
-            if (policyToken.getVersion() == SPConstants.SPVersion.SP12) {
-                config.put(ConfigurationConstants.USE_2005_12_NAMESPACE, "true");
-            }
+        }
+        
+        if (policyToken.getVersion() == SPConstants.SPVersion.SP12) {
+            config.put(ConfigurationConstants.USE_2005_12_NAMESPACE, "true");
         }
         
         if (config.containsKey(ConfigurationConstants.ACTION)) {
@@ -602,23 +611,6 @@ public class StaxSymmetricBindingHandler
         return null;
     }
     
-    private org.apache.xml.security.stax.securityToken.SecurityToken 
-    findIssuedToken() throws XMLSecurityException {
-        @SuppressWarnings("unchecked")
-        final List<SecurityEvent> incomingEventList = 
-            (List<SecurityEvent>) message.getExchange().get(SecurityEvent.class.getName()
+ ".in");
-        if (incomingEventList != null) {
-            for (SecurityEvent incomingEvent : incomingEventList) {
-                if (WSSecurityEventConstants.SamlToken == incomingEvent.getSecurityEventType())
{
-                    org.apache.xml.security.stax.securityToken.SecurityToken token = 
-                        ((SamlTokenSecurityEvent)incomingEvent).getSecurityToken();
-                    return token;
-                }
-            }
-        }
-        return null;
-    }
-    
     private KeyGenerator getKeyGenerator(String symEncAlgo) throws WSSecurityException {
         try {
             //

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=1533096&r1=1533095&r2=1533096&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
Thu Oct 17 14:53:41 2013
@@ -558,7 +558,8 @@ public class SymmetricBindingHandler ext
                     encr.setEncryptSymmKey(false);
                     encr.setSymmetricEncAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryption());
                     
-                    if (encrToken instanceof IssuedToken || encrToken instanceof SpnegoContextToken)
{
+                    if (encrToken instanceof IssuedToken || encrToken instanceof SpnegoContextToken
+                        || encrToken instanceof SecureConversationToken) {
                         //Setting the AttachedReference or the UnattachedReference according
to the flag
                         Element ref;
                         if (attached) {



Mime
View raw message