cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/2] git commit: Some changes to storing tokens on the outbound streaming security code
Date Tue, 15 Apr 2014 14:51:03 GMT
Some changes to storing tokens on the outbound streaming security code


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1f5a2ffd
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1f5a2ffd
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1f5a2ffd

Branch: refs/heads/master
Commit: 1f5a2ffd40913b8463463ef53c9efcfbae3678c4
Parents: 7bbe6d0
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Apr 15 15:50:20 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Apr 15 15:50:20 2014 +0100

----------------------------------------------------------------------
 .../PolicyBasedWSS4JStaxOutInterceptor.java     | 20 ++++++-----
 .../security/wss4j/WSS4JStaxOutInterceptor.java | 22 +++---------
 .../AbstractStaxBindingHandler.java             | 37 ++++++++++++--------
 .../StaxAsymmetricBindingHandler.java           | 12 +++----
 .../StaxSymmetricBindingHandler.java            |  8 ++---
 .../StaxTransportBindingHandler.java            |  8 ++---
 6 files changed, 49 insertions(+), 58 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/1f5a2ffd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
index e15cffe..5530e38 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
@@ -20,7 +20,6 @@
 package org.apache.cxf.ws.security.wss4j;
 
 import java.util.Collection;
-import java.util.Map;
 
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.interceptor.Fault;
@@ -39,8 +38,7 @@ import org.apache.wss4j.policy.model.AsymmetricBinding;
 import org.apache.wss4j.policy.model.SymmetricBinding;
 import org.apache.wss4j.policy.model.TransportBinding;
 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
-import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
-import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
+import org.apache.xml.security.stax.ext.OutboundSecurityContext;
 
 /**
  * 
@@ -193,7 +191,7 @@ public class PolicyBasedWSS4JStaxOutInterceptor extends WSS4JStaxOutInterceptor
     
     @Override
     protected void configureProperties(
-        SoapMessage msg, Map<String, SecurityTokenProvider<OutboundSecurityToken>>
outboundTokens,
+        SoapMessage msg, OutboundSecurityContext outboundSecurityContext,
         WSSSecurityProperties securityProperties
     ) throws WSSecurityException {
         AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
@@ -216,20 +214,24 @@ public class PolicyBasedWSS4JStaxOutInterceptor extends WSS4JStaxOutInterceptor
             checkTransportBinding(aim, msg, securityProperties);
         }
         
-        super.configureProperties(msg, outboundTokens, securityProperties);
+        super.configureProperties(msg, outboundSecurityContext, securityProperties);
         
         if (!transAis.isEmpty()) {
             TransportBinding binding = (TransportBinding)transAis.iterator().next().getAssertion();
-            new StaxTransportBindingHandler(securityProperties, msg, binding, outboundTokens).handleBinding();
+            new StaxTransportBindingHandler(
+                securityProperties, msg, binding, outboundSecurityContext).handleBinding();
         } else if (!asymAis.isEmpty()) {
             AsymmetricBinding binding = (AsymmetricBinding)asymAis.iterator().next().getAssertion();
-            new StaxAsymmetricBindingHandler(securityProperties, msg, binding, outboundTokens).handleBinding();
+            new StaxAsymmetricBindingHandler(
+                securityProperties, msg, binding, outboundSecurityContext).handleBinding();
         } else if (!symAis.isEmpty()) {
             SymmetricBinding binding = (SymmetricBinding)symAis.iterator().next().getAssertion();
-            new StaxSymmetricBindingHandler(securityProperties, msg, binding, outboundTokens).handleBinding();
+            new StaxSymmetricBindingHandler(
+                securityProperties, msg, binding, outboundSecurityContext).handleBinding();
         } else {
             // Fall back to Transport Binding
-            new StaxTransportBindingHandler(securityProperties, msg, null, outboundTokens).handleBinding();
+            new StaxTransportBindingHandler(
+                securityProperties, msg, null, outboundSecurityContext).handleBinding();
         }
         
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/1f5a2ffd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
index a092170..bb825e1 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
@@ -19,7 +19,6 @@
 package org.apache.cxf.ws.security.wss4j;
 
 import java.io.OutputStream;
-import java.util.HashMap;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
@@ -49,12 +48,11 @@ import org.apache.wss4j.stax.ext.OutboundWSSec;
 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
 import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
 import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.stax.ext.OutboundSecurityContext;
 import org.apache.xml.security.stax.impl.OutboundSecurityContextImpl;
 import org.apache.xml.security.stax.securityEvent.SecurityEvent;
 import org.apache.xml.security.stax.securityEvent.SecurityEventListener;
 import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
-import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
-import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
 
 public class WSS4JStaxOutInterceptor extends AbstractWSS4JStaxInterceptor {
     
@@ -132,9 +130,9 @@ public class WSS4JStaxOutInterceptor extends AbstractWSS4JStaxInterceptor
{
             WSSSecurityProperties secProps = createSecurityProperties();
             translateProperties(mc, secProps);
             configureCallbackHandler(mc, secProps);
-            Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens
= 
-                new HashMap<String, SecurityTokenProvider<OutboundSecurityToken>>();
-            configureProperties(mc, outboundTokens, secProps);
+            
+            final OutboundSecurityContext outboundSecurityContext = new OutboundSecurityContextImpl();
+            configureProperties(mc, outboundSecurityContext, secProps);
             if (secProps.getActions() == null || secProps.getActions().size() == 0) {
                 // If no actions configured then return
                 return;
@@ -155,19 +153,9 @@ public class WSS4JStaxOutInterceptor extends AbstractWSS4JStaxInterceptor
{
             final List<SecurityEvent> requestSecurityEvents = 
                 (List<SecurityEvent>) mc.getExchange().get(SecurityEvent.class.getName()
+ ".in");
             
-            final OutboundSecurityContextImpl outboundSecurityContext = new OutboundSecurityContextImpl();
             outboundSecurityContext.putList(SecurityEvent.class, requestSecurityEvents);
             outboundSecurityContext.addSecurityEventListener(securityEventListener);
             
-            // Save Tokens on the security context
-            if (!outboundTokens.isEmpty()) {
-                for (String key : outboundTokens.keySet()) {
-                    SecurityTokenProvider<OutboundSecurityToken> provider = outboundTokens.get(key);
-                    outboundSecurityContext.registerSecurityTokenProvider(provider.getId(),
provider);
-                    outboundSecurityContext.put(key, provider.getId());
-                }
-            }
-            
             newXMLStreamWriter = outboundWSSec.processOutMessage(os, encoding, outboundSecurityContext);
             mc.setContent(XMLStreamWriter.class, newXMLStreamWriter);
         } catch (WSSecurityException e) {
@@ -216,7 +204,7 @@ public class WSS4JStaxOutInterceptor extends AbstractWSS4JStaxInterceptor
{
     }
     
     protected void configureProperties(
-        SoapMessage msg, Map<String, SecurityTokenProvider<OutboundSecurityToken>>
outboundTokens,
+        SoapMessage msg, OutboundSecurityContext outboundSecurityContext,
         WSSSecurityProperties securityProperties
     ) throws WSSecurityException {
         Map<String, Object> config = getProperties();

http://git-wip-us.apache.org/repos/asf/cxf/blob/1f5a2ffd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
index fad34e1..14e20be 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
@@ -93,6 +93,7 @@ import org.apache.wss4j.stax.impl.securityToken.KerberosClientSecurityToken;
 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
 import org.apache.xml.security.algorithms.JCEMapper;
 import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.stax.ext.OutboundSecurityContext;
 import org.apache.xml.security.stax.ext.SecurePart;
 import org.apache.xml.security.stax.ext.SecurePart.Modifier;
 import org.apache.xml.security.stax.impl.securityToken.GenericOutboundSecurityToken;
@@ -116,7 +117,7 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa
     protected Map<AbstractToken, SecurePart> endSuppTokMap;
     protected Map<AbstractToken, SecurePart> sgndEndEncSuppTokMap;
     protected Map<AbstractToken, SecurePart> sgndEndSuppTokMap;
-    protected Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens;
+    protected final OutboundSecurityContext outboundSecurityContext;
     
     private final WSSSecurityProperties properties;
     private AbstractBinding binding;
@@ -125,12 +126,12 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa
         WSSSecurityProperties properties, 
         SoapMessage msg,
         AbstractBinding binding,
-        Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens
+        OutboundSecurityContext outboundSecurityContext
     ) {
         super(msg);
         this.properties = properties;
         this.binding = binding;
-        this.outboundTokens = outboundTokens;
+        this.outboundSecurityContext = outboundSecurityContext;
     }
 
     protected SecurePart addUsernameToken(UsernameToken usernameToken) {
@@ -240,15 +241,18 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa
                     return wss4jToken.getId();
                 }
             };
-        outboundTokens.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_KERBEROS, 
-                           kerberosSecurityTokenProvider);
+        outboundSecurityContext.registerSecurityTokenProvider(
+                kerberosSecurityTokenProvider.getId(), kerberosSecurityTokenProvider);
+        outboundSecurityContext.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_KERBEROS, 
+                kerberosSecurityTokenProvider.getId());
+        
         if (encrypting) {
-            outboundTokens.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION, 
-                               kerberosSecurityTokenProvider);
+            outboundSecurityContext.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION,

+                    kerberosSecurityTokenProvider.getId());
         }
         if (endorsing) {
-            outboundTokens.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE, 
-                               kerberosSecurityTokenProvider);
+            outboundSecurityContext.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE,

+                    kerberosSecurityTokenProvider.getId());
         }
         
         // Action
@@ -452,12 +456,15 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa
                 
             };
         encryptedKeySecurityToken.setSha1Identifier(tok.getSHA1());
-        outboundTokens.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION, 
-                           encryptedKeySecurityTokenProvider);
-        outboundTokens.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE, 
-                           encryptedKeySecurityTokenProvider);
-        outboundTokens.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_CUSTOM_TOKEN, 
-                           encryptedKeySecurityTokenProvider);
+        
+        outboundSecurityContext.registerSecurityTokenProvider(
+                encryptedKeySecurityTokenProvider.getId(), encryptedKeySecurityTokenProvider);
+        outboundSecurityContext.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION, 
+                encryptedKeySecurityTokenProvider.getId());
+        outboundSecurityContext.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE, 
+                encryptedKeySecurityTokenProvider.getId());
+        outboundSecurityContext.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_CUSTOM_TOKEN,

+                encryptedKeySecurityTokenProvider.getId());
     }
     
     protected void configureTimestamp(AssertionInfoMap aim) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/1f5a2ffd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
index 30839bd..d830058 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
@@ -21,7 +21,6 @@ package org.apache.cxf.ws.security.wss4j.policyhandlers;
 
 import java.util.ArrayList;
 import java.util.List;
-import java.util.Map;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
@@ -54,10 +53,9 @@ import org.apache.wss4j.policy.model.X509Token;
 import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
+import org.apache.xml.security.stax.ext.OutboundSecurityContext;
 import org.apache.xml.security.stax.ext.SecurePart;
 import org.apache.xml.security.stax.ext.SecurePart.Modifier;
-import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
-import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
 
 /**
  * 
@@ -73,9 +71,9 @@ public class StaxAsymmetricBindingHandler extends AbstractStaxBindingHandler
{
         WSSSecurityProperties properties, 
         SoapMessage msg,
         AsymmetricBinding abinding,
-        Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens
+        OutboundSecurityContext outboundSecurityContext
     ) {
-        super(properties, msg, abinding, outboundTokens);
+        super(properties, msg, abinding, outboundSecurityContext);
         this.message = msg;
         this.abinding = abinding;
     }
@@ -129,7 +127,7 @@ public class StaxAsymmetricBindingHandler extends AbstractStaxBindingHandler
{
                     
                     if (sigTok != null) {
                         storeSecurityToken(initiatorToken, sigTok);
-                        outboundTokens.remove(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION);

+                        outboundSecurityContext.remove(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION);

                     }
                     
                     // Set up CallbackHandler which wraps the configured Handler
@@ -256,7 +254,7 @@ public class StaxAsymmetricBindingHandler extends AbstractStaxBindingHandler
{
                     
                     if (sigTok != null) {
                         storeSecurityToken(initiatorToken, sigTok);
-                        outboundTokens.remove(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION);

+                        outboundSecurityContext.remove(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION);

                     }
                     
                     // Set up CallbackHandler which wraps the configured Handler

http://git-wip-us.apache.org/repos/asf/cxf/blob/1f5a2ffd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
index a101d21..98c7141 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
@@ -23,7 +23,6 @@ import java.security.NoSuchAlgorithmException;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;
-import java.util.Map;
 
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
@@ -63,13 +62,12 @@ import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
 import org.apache.xml.security.algorithms.JCEMapper;
 import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.stax.ext.OutboundSecurityContext;
 import org.apache.xml.security.stax.ext.SecurePart;
 import org.apache.xml.security.stax.ext.SecurePart.Modifier;
 import org.apache.xml.security.stax.impl.util.IDGenerator;
 import org.apache.xml.security.stax.securityEvent.AbstractSecuredElementSecurityEvent;
 import org.apache.xml.security.stax.securityEvent.SecurityEvent;
-import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
-import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
 
 /**
  * 
@@ -83,9 +81,9 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler
{
         WSSSecurityProperties properties, 
         SoapMessage msg,
         SymmetricBinding sbinding,
-        Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens
+        OutboundSecurityContext outboundSecurityContext
     ) {
-        super(properties, msg, sbinding, outboundTokens);
+        super(properties, msg, sbinding, outboundSecurityContext);
         this.message = msg;
         this.sbinding = sbinding;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/1f5a2ffd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
index 41698ff..f932698 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
@@ -21,7 +21,6 @@ package org.apache.cxf.ws.security.wss4j.policyhandlers;
 
 import java.util.Collection;
 import java.util.List;
-import java.util.Map;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
@@ -61,10 +60,9 @@ import org.apache.wss4j.policy.model.XPath;
 import org.apache.wss4j.policy.stax.PolicyUtils;
 import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
+import org.apache.xml.security.stax.ext.OutboundSecurityContext;
 import org.apache.xml.security.stax.ext.SecurePart;
 import org.apache.xml.security.stax.ext.SecurePart.Modifier;
-import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
-import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
 
 /**
  * 
@@ -78,9 +76,9 @@ public class StaxTransportBindingHandler extends AbstractStaxBindingHandler
{
         WSSSecurityProperties properties, 
         SoapMessage msg,
         TransportBinding tbinding,
-        Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens
+        OutboundSecurityContext outboundSecurityContext
     ) {
-        super(properties, msg, tbinding, outboundTokens);
+        super(properties, msg, tbinding, outboundSecurityContext);
         this.tbinding = tbinding;
     }
     


Mime
View raw message