cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject git commit: Upgrading to WSS4J 2.0.2-SNAPSHOT + picking up new policy assertion code
Date Wed, 16 Jul 2014 15:35:31 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 14ce0adf1 -> 4cb5fa951


Upgrading to WSS4J 2.0.2-SNAPSHOT + picking up new policy assertion code


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4cb5fa95
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4cb5fa95
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4cb5fa95

Branch: refs/heads/master
Commit: 4cb5fa951bde2f4f2e115cacc1d83bd1aea18150
Parents: 14ce0ad
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Jul 16 16:34:52 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Jul 16 16:35:23 2014 +0100

----------------------------------------------------------------------
 parent/pom.xml                                  |   2 +-
 .../KerberosTokenInterceptorProvider.java       |   2 -
 .../PolicyBasedWSS4JStaxInInterceptor.java      |   5 +-
 .../wss4j/PolicyStaxActionInInterceptor.java    | 142 -------------------
 .../ws/security/wss4j/WSS4JPolicyAsserter.java  |  83 +++++++++++
 5 files changed, 87 insertions(+), 147 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/4cb5fa95/parent/pom.xml
----------------------------------------------------------------------
diff --git a/parent/pom.xml b/parent/pom.xml
index 2b8c8b6..d0bb3aa 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -157,7 +157,7 @@
         <cxf.woodstox.core.version>4.4.0</cxf.woodstox.core.version>
         <cxf.woodstox.stax2-api.version>3.1.4</cxf.woodstox.stax2-api.version>
         <cxf.wsdl4j.version>1.6.3</cxf.wsdl4j.version>
-        <cxf.wss4j.version>2.0.1</cxf.wss4j.version>
+        <cxf.wss4j.version>2.0.2-SNAPSHOT</cxf.wss4j.version>
         <cxf.xerces.version>2.11.0</cxf.xerces.version>
         <cxf.xmlbeans.version>2.6.0</cxf.xmlbeans.version>
         <cxf.xmlschema.version>2.1.0</cxf.xmlschema.version>

http://git-wip-us.apache.org/repos/asf/cxf/blob/4cb5fa95/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
index 128aa52..1907276 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
@@ -49,7 +49,6 @@ import org.apache.cxf.ws.security.wss4j.KerberosTokenInterceptor;
 import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor;
 import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JStaxInInterceptor;
 import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JStaxOutInterceptor;
-import org.apache.cxf.ws.security.wss4j.PolicyStaxActionInInterceptor;
 import org.apache.cxf.ws.security.wss4j.StaxSecurityContextInInterceptor;
 import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
 import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
@@ -242,7 +241,6 @@ public class KerberosTokenInterceptorProvider extends AbstractPolicyInterceptorP
         
         public KerberosTokenStaxInInterceptor() {
             super(Phase.PRE_PROTOCOL);
-            addAfter(PolicyStaxActionInInterceptor.class.getName());
             getBefore().add(StaxSecurityContextInInterceptor.class.getName());
         }
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/4cb5fa95/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
index 770e2bd..1a4dfe1 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
@@ -75,7 +75,6 @@ public class PolicyBasedWSS4JStaxInInterceptor extends WSS4JStaxInInterceptor
{
             MessageUtils.isTrue(msg.getContextualProperty(SecurityConstants.ENABLE_STREAMING_SECURITY));
         if (aim != null && enableStax) {
             super.handleMessage(msg);
-            msg.getInterceptorChain().add(new PolicyStaxActionInInterceptor());
         }
     }
     
@@ -422,7 +421,9 @@ public class PolicyBasedWSS4JStaxInInterceptor extends WSS4JStaxInInterceptor
{
         if (attachments != null && !attachments.isEmpty()) {
             attachmentCount = attachments.size();
         }
-        return new PolicyEnforcer(operationPolicies, soapAction, isRequestor(msg), actor,
attachmentCount);
+        return new PolicyEnforcer(operationPolicies, soapAction, isRequestor(msg), 
+                                  actor, attachmentCount,
+                                  new WSS4JPolicyAsserter(msg.get(AssertionInfoMap.class)));
     }
     
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/4cb5fa95/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyStaxActionInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyStaxActionInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyStaxActionInInterceptor.java
deleted file mode 100644
index e896980..0000000
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyStaxActionInInterceptor.java
+++ /dev/null
@@ -1,142 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.ws.security.wss4j;
-
-import java.util.Collection;
-import java.util.List;
-import java.util.Map;
-import java.util.logging.Logger;
-
-import javax.xml.namespace.QName;
-
-import org.apache.cxf.binding.soap.SoapMessage;
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.interceptor.Fault;
-import org.apache.cxf.message.MessageUtils;
-import org.apache.cxf.phase.AbstractPhaseInterceptor;
-import org.apache.cxf.phase.Phase;
-import org.apache.cxf.ws.policy.AssertionInfo;
-import org.apache.cxf.ws.policy.AssertionInfoMap;
-import org.apache.wss4j.policy.SP11Constants;
-import org.apache.wss4j.policy.SP12Constants;
-import org.apache.wss4j.policy.SP13Constants;
-import org.apache.wss4j.policy.SPConstants;
-import org.apache.wss4j.policy.model.AlgorithmSuite;
-import org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType;
-import org.apache.wss4j.stax.securityEvent.OperationSecurityEvent;
-import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
-import org.apache.xml.security.stax.securityEvent.SecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SecurityEventConstants.Event;
-
-/**
- * This interceptor marks the CXF AssertionInfos as asserted. WSS4J 2.0 (StAX) takes care
of all
- * policy validation, so we are just asserting the appropriate AssertionInfo objects in CXF
to 
- * make sure that policy validation passes.
- */
-public class PolicyStaxActionInInterceptor extends AbstractPhaseInterceptor<SoapMessage>
{
-    
-    private static final Logger LOG = 
-        LogUtils.getL7dLogger(PolicyStaxActionInInterceptor.class);
-    
-    public PolicyStaxActionInInterceptor() {
-        super(Phase.PRE_PROTOCOL);
-        this.getBefore().add(StaxSecurityContextInInterceptor.class.getName());
-    }
-
-    @Override
-    public void handleMessage(SoapMessage soapMessage) throws Fault {
-        
-        AssertionInfoMap aim = soapMessage.get(AssertionInfoMap.class);
-        @SuppressWarnings("unchecked")
-        final List<SecurityEvent> incomingSecurityEventList = 
-            (List<SecurityEvent>)soapMessage.get(SecurityEvent.class.getName() + ".in");
-        if (aim == null || incomingSecurityEventList == null) {
-            return;
-        }
-        
-        // First check for a SOAP Fault with no security header if we are the client
-        // In this case don't blanket assert security policies
-        if (MessageUtils.isRequestor(soapMessage)
-            && incomingSecurityEventList.contains(WSSecurityEventConstants.NoSecurity))
{
-            OperationSecurityEvent securityEvent = 
-                (OperationSecurityEvent)findEvent(
-                    WSSecurityEventConstants.Operation, incomingSecurityEventList
-                );
-            if (securityEvent != null 
-                && soapMessage.getVersion().getFault().equals(securityEvent.getOperation()))
{
-                LOG.warning("Request does not contain Security header, but it's a fault.");
-                return;
-            }
-        }
-        
-        assertAllSecurityAssertions(aim);
-    }
-    
-    private SecurityEvent findEvent(Event event, List<SecurityEvent> incomingSecurityEventList)
{
-        for (SecurityEvent incomingEvent : incomingSecurityEventList) {
-            if (event == incomingEvent.getSecurityEventType()) {
-                return incomingEvent;
-            }
-        }
-        return null;
-    }
-    
-    private void assertAllSecurityAssertions(AssertionInfoMap aim) {
-        for (Map.Entry<QName, Collection<AssertionInfo>> entry : aim.entrySet())
{
-            String namespace = entry.getKey().getNamespaceURI();
-            if (SP11Constants.SP_NS.equals(namespace) || SP12Constants.SP_NS.equals(namespace)
-                || SP13Constants.SP_NS.equals(namespace)) {
-                Collection<AssertionInfo> ais = entry.getValue();
-                if (ais != null && !ais.isEmpty()) {
-                    if (SPConstants.ALGORITHM_SUITE.equals(entry.getKey().getLocalPart()))
{
-                        assertAlgorithmSuites(ais, aim);
-                    } else {
-                        for (AssertionInfo ai : ais) {
-                            ai.setAsserted(true);
-                        }
-                    }
-                }
-            }
-        }
-    }
-    
-    // Handle these separately for custom AlgorithmSuites
-    private void assertAlgorithmSuites(
-        Collection<AssertionInfo> ais, AssertionInfoMap aim
-    ) {
-        for (AssertionInfo ai : ais) {
-            ai.setAsserted(true);
-            AlgorithmSuite algorithmSuite = (AlgorithmSuite)ai.getAssertion();
-       
-            AlgorithmSuiteType algorithmSuiteType = algorithmSuite.getAlgorithmSuiteType();
-            String namespace = algorithmSuiteType.getNamespace();
-            if (namespace != null && !namespace.equals(algorithmSuite.getName().getNamespaceURI()))
{
-                Collection<AssertionInfo> algAis = 
-                    aim.get(new QName(namespace, algorithmSuiteType.getName()));
-                if (algAis != null && !algAis.isEmpty()) {
-                    for (AssertionInfo algAi : algAis) {
-                        algAi.setAsserted(true);
-                    }
-                }
-            }
-        }
-    }
-
-
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/4cb5fa95/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JPolicyAsserter.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JPolicyAsserter.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JPolicyAsserter.java
new file mode 100644
index 0000000..b5619a0
--- /dev/null
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JPolicyAsserter.java
@@ -0,0 +1,83 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.ws.security.wss4j;
+
+import java.util.Collection;
+
+import javax.xml.namespace.QName;
+
+import org.apache.cxf.ws.policy.AssertionInfo;
+import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.neethi.Assertion;
+import org.apache.wss4j.policy.stax.PolicyAsserter;
+
+/**
+ * Assert policies in CXF that are asserted in the WSS4J policy stax module
+ */
+public class WSS4JPolicyAsserter implements PolicyAsserter {
+    
+    private AssertionInfoMap aim;
+    
+    public WSS4JPolicyAsserter(AssertionInfoMap aim) {
+        this.aim = aim;
+    }
+
+    public void assertPolicy(Assertion assertion) {
+        Collection<AssertionInfo> ais = aim.getAssertionInfo(assertion.getName());
+        if (ais != null && !ais.isEmpty()) {
+            for (AssertionInfo ai : ais) {
+                if (ai.getAssertion() == assertion) {
+                    ai.setAsserted(true);
+                }
+            }
+        }
+    }
+    
+    public void assertPolicy(QName qName) {
+        Collection<AssertionInfo> ais = aim.getAssertionInfo(qName);
+        if (ais != null && !ais.isEmpty()) {
+            for (AssertionInfo ai : ais) {
+                ai.setAsserted(true);
+            }
+        }
+    }
+
+    @Override
+    public void unassertPolicy(Assertion assertion, String reason) {
+        Collection<AssertionInfo> ais = aim.getAssertionInfo(assertion.getName());
+        if (ais != null && !ais.isEmpty()) {
+            for (AssertionInfo ai : ais) {
+                if (ai.getAssertion() == assertion) {
+                    ai.setNotAsserted(reason);
+                }
+            }
+        }
+    }
+
+    @Override
+    public void unassertPolicy(QName qName, String reason) {
+        Collection<AssertionInfo> ais = aim.getAssertionInfo(qName);
+        if (ais != null && !ais.isEmpty()) {
+            for (AssertionInfo ai : ais) {
+                ai.setNotAsserted(reason);
+            }
+        }
+    }
+    
+}


Mime
View raw message