Return-Path: Delivered-To: apmail-ws-axis-cvs-archive@www.apache.org Received: (qmail 59338 invoked from network); 27 Apr 2006 19:22:49 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 27 Apr 2006 19:22:49 -0000 Received: (qmail 520 invoked by uid 500); 27 Apr 2006 19:22:38 -0000 Delivered-To: apmail-ws-axis-cvs-archive@ws.apache.org Received: (qmail 419 invoked by uid 500); 27 Apr 2006 19:22:37 -0000 Mailing-List: contact axis-cvs-help@ws.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list axis-cvs@ws.apache.org Received: (qmail 392 invoked by uid 500); 27 Apr 2006 19:22:37 -0000 Delivered-To: apmail-ws-axis2-cvs@ws.apache.org Received: (qmail 322 invoked by uid 99); 27 Apr 2006 19:22:36 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 Apr 2006 12:22:36 -0700 X-ASF-Spam-Status: No, hits=-9.4 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [209.237.227.194] (HELO minotaur.apache.org) (209.237.227.194) by apache.org (qpsmtpd/0.29) with SMTP; Thu, 27 Apr 2006 12:22:32 -0700 Received: (qmail 59112 invoked by uid 65534); 27 Apr 2006 19:22:12 -0000 Message-ID: <20060427192212.59110.qmail@minotaur.apache.org> Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r397616 - in /webservices/axis2/trunk/java/modules/security/src/org/apache: axis2/security/ axis2/security/handler/ axis2/security/util/ ws/security/policy/ Date: Thu, 27 Apr 2006 19:22:11 -0000 To: axis2-cvs@ws.apache.org From: hemapani@apache.org X-Mailer: svnmailer-1.0.8 X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Author: hemapani Date: Thu Apr 27 12:22:08 2006 New Revision: 397616 URL: http://svn.apache.org/viewcvs?rev=397616&view=rev Log: create both client and server security config and load write one Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/SecurityModule.java webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSSHandlerConstants.java webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/util/HandlerParameterDecoder.java webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/WSS4JConfigBuilder.java Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/SecurityModule.java URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/SecurityModule.java?rev=397616&r1=397615&r2=397616&view=diff ============================================================================== --- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/SecurityModule.java (original) +++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/SecurityModule.java Thu Apr 27 12:22:08 2006 @@ -34,131 +34,154 @@ import org.apache.ws.security.policy.parser.WSSPolicyProcessor; public class SecurityModule implements Module { - private AxisModule module; + private AxisModule module; + + public void init(ConfigurationContext configContext, AxisModule module) + throws AxisFault { + this.module = module; + } + + public void engageNotify(AxisDescription axisDescription) throws AxisFault { + Policy policy = axisDescription.getPolicyInclude().getEffectivePolicy(); + if (axisDescription instanceof AxisOperation && policy != null) { + try { + WSSPolicyProcessor wssPolicyProcessor = new WSSPolicyProcessor(); + wssPolicyProcessor.setup(); + wssPolicyProcessor.processPolicy(policy); + + //create server side config + WSS4JConfig serverConfig = WSS4JConfigBuilder + .build(wssPolicyProcessor.getRootPED() + .getTopLevelPEDs()); + + InflowConfiguration policyInflowConfig = serverConfig + .getInflowConfiguration(); + + Parameter infp = calcuateCurrentInflowConfiguration(policyInflowConfig,axisDescription).getProperty(); + infp.setName(WSSHandlerConstants.INFLOW_SECURITY_SERVER); + axisDescription.addParameter(infp); + + OutflowConfiguration policyOutflowConfig = serverConfig.getOutflowConfiguration(); + Parameter outfp = calcuateCurrentOutflowConfiguration(policyOutflowConfig,axisDescription).getProperty(); + outfp.setName(WSSHandlerConstants.OUTFLOW_SECURITY_SERVER); + axisDescription.addParameter(outfp); + + + //create client side config + wssPolicyProcessor = new WSSPolicyProcessor(); + wssPolicyProcessor.setup(); + wssPolicyProcessor.processPolicy(policy); + + WSS4JConfig clientConfig = WSS4JConfigBuilder + .build(wssPolicyProcessor.getRootPED() + .getTopLevelPEDs(),false); + + policyInflowConfig = clientConfig.getInflowConfiguration(); + + infp = calcuateCurrentInflowConfiguration(policyInflowConfig,axisDescription).getProperty(); + infp.setName(WSSHandlerConstants.INFLOW_SECURITY_CLIENT); + axisDescription.addParameter(infp); + + policyOutflowConfig = clientConfig.getOutflowConfiguration(); + outfp = calcuateCurrentOutflowConfiguration(policyOutflowConfig,axisDescription).getProperty(); + outfp.setName(WSSHandlerConstants.OUTFLOW_SECURITY_CLIENT); + axisDescription.addParameter(outfp); + } catch (Exception e) { + throw new AxisFault(e.getMessage(), e); + } + } + } - public void init(ConfigurationContext configContext, AxisModule module) - throws AxisFault { - this.module = module; - } - - public void engageNotify(AxisDescription axisDescription) throws AxisFault { - Policy policy = axisDescription.getPolicyInclude().getEffectivePolicy(); - if (axisDescription instanceof AxisOperation && policy != null) { - try { - WSSPolicyProcessor wssPolicyProcessor = new WSSPolicyProcessor(); - wssPolicyProcessor.setup(); - wssPolicyProcessor.processPolicy(policy); - - WSS4JConfig config = WSS4JConfigBuilder - .build(wssPolicyProcessor.getRootPED() - .getTopLevelPEDs()); - - InflowConfiguration policyInflowConfig = config - .getInflowConfiguration(); - OutflowConfiguration policyOutflowConfig = config - .getOutflowConfiguration(); - - calcuateCurrentConfiguration(policyInflowConfig, - policyOutflowConfig, axisDescription); - } catch (Exception e) { - throw new AxisFault(e.getMessage(), e); - } - } - } - - public void shutdown(AxisConfiguration axisSystem) throws AxisFault { - // Do nothing - } - - private void calcuateCurrentConfiguration( - InflowConfiguration policyInflowConfig, - OutflowConfiguration policyOutflowConfig, - AxisDescription axisDescription) throws AxisFault { - // merge inflow configuration - Parameter inflowModuleParam = (module != null) ? module - .getParameter(WSSHandlerConstants.INFLOW_SECURITY): null; - InflowConfiguration moduleInflowConfig = HandlerParameterDecoder - .getInflowConfiguration(inflowModuleParam); - - Parameter inflowSecParam = axisDescription - .getParameter(WSSHandlerConstants.INFLOW_SECURITY); - InflowConfiguration staticInflowConfig = HandlerParameterDecoder - .getInflowConfiguration(inflowSecParam); - - InflowConfiguration mergedInConf = mergeInflowConfiguration( - staticInflowConfig, moduleInflowConfig); - InflowConfiguration finalInConf = mergeInflowConfiguration(mergedInConf,policyInflowConfig); - - axisDescription.addParameter(finalInConf.getProperty()); - - // merge outflow configuration - Parameter outfloModuleParam = (module != null) ? module - .getParameter(WSSHandlerConstants.OUTFLOW_SECURITY) : null; - OutflowConfiguration moduleOutflowConfig = HandlerParameterDecoder - .getOutflowConfiguration(outfloModuleParam); - Parameter outflowSecParam = axisDescription - .getParameter(WSSHandlerConstants.OUTFLOW_SECURITY); - OutflowConfiguration staticOutflowConfig = HandlerParameterDecoder - .getOutflowConfiguration(outflowSecParam); - - OutflowConfiguration mergedOutFlowConf = mergeOutflowConfiguration( - staticOutflowConfig, moduleOutflowConfig); - OutflowConfiguration finalOutFlowConf = mergeOutflowConfiguration(mergedOutFlowConf,policyOutflowConfig); - axisDescription.addParameter(finalOutFlowConf.getProperty()); - } - - // overide secondry configuration with primry configuration - private OutflowConfiguration mergeOutflowConfiguration( - OutflowConfiguration primaryConfig, - OutflowConfiguration secondryConf) { - if (secondryConf == null && primaryConfig != null) { - return primaryConfig; - } else if (primaryConfig == null && secondryConf != null) { - return secondryConf; - } else if (primaryConfig == null && secondryConf == null) { - return null; - } - - secondryConf.setPasswordCallbackClass(primaryConfig - .getPasswordCallbackClass()); - secondryConf.setSignaturePropFile(primaryConfig.getSignaturePropFile()); - secondryConf.setEncryptionPropFile(primaryConfig - .getEncryptionPropFile()); - secondryConf.setEmbeddedKeyCallbackClass(primaryConfig - .getEmbeddedKeyCallbackClass()); - secondryConf.setUser(primaryConfig.getUser()); - secondryConf.setEncryptionUser(primaryConfig.getEncryptionUser()); - return secondryConf; - } - - // overide secondry configuration with primry configuration - private InflowConfiguration mergeInflowConfiguration( - InflowConfiguration primaryConfig, InflowConfiguration secondryConf) { - if (secondryConf == null && primaryConfig != null) { - return primaryConfig; - } else if (primaryConfig == null && secondryConf != null) { - return secondryConf; - } else if (primaryConfig == null && secondryConf == null) { - return null; - } - - secondryConf.setPasswordCallbackClass(primaryConfig - .getPasswordCallbackClass()); - secondryConf.setDecryptionPropFile(primaryConfig - .getDecryptionPropFile()); - secondryConf.setSignaturePropFile(primaryConfig.getSignaturePropFile()); - String enableSignatureConfirmation = primaryConfig.getEnableSignatureConfirmation(); - if (enableSignatureConfirmation != null) { - secondryConf.setEnableSignatureConfirmation("1" - .equals(enableSignatureConfirmation) - || "true".equals(enableSignatureConfirmation)); - } - return secondryConf; - } - - /* (non-Javadoc) - * @see org.apache.axis2.modules.Module#shutdown(org.apache.axis2.context.ConfigurationContext) - */ public void shutdown(ConfigurationContext configurationContext) throws AxisFault { + // Do nothing + } + + private InflowConfiguration calcuateCurrentInflowConfiguration( + InflowConfiguration policyInflowConfig, + AxisDescription axisDescription) throws AxisFault { + // merge inflow configuration + Parameter inflowModuleParam = module + .getParameter(WSSHandlerConstants.INFLOW_SECURITY); + InflowConfiguration moduleInflowConfig = HandlerParameterDecoder + .getInflowConfiguration(inflowModuleParam); + + Parameter inflowSecParam = axisDescription + .getParameter(WSSHandlerConstants.INFLOW_SECURITY); + InflowConfiguration staticInflowConfig = HandlerParameterDecoder + .getInflowConfiguration(inflowSecParam); + + InflowConfiguration mergedInConf = mergeInflowConfiguration( + staticInflowConfig, moduleInflowConfig); + InflowConfiguration finalInConf = mergeInflowConfiguration(mergedInConf,policyInflowConfig); + return finalInConf; + } + + private OutflowConfiguration calcuateCurrentOutflowConfiguration( + OutflowConfiguration policyOutflowConfig, + AxisDescription axisDescription) throws AxisFault { + // merge outflow configuration + Parameter outfloModuleParam = module + .getParameter(WSSHandlerConstants.OUTFLOW_SECURITY); + OutflowConfiguration moduleOutflowConfig = HandlerParameterDecoder + .getOutflowConfiguration(outfloModuleParam); + Parameter outflowSecParam = axisDescription + .getParameter(WSSHandlerConstants.OUTFLOW_SECURITY); + OutflowConfiguration staticOutflowConfig = HandlerParameterDecoder + .getOutflowConfiguration(outflowSecParam); + + OutflowConfiguration mergedOutFlowConf = mergeOutflowConfiguration( + staticOutflowConfig, moduleOutflowConfig); + OutflowConfiguration finalOutFlowConf = mergeOutflowConfiguration(mergedOutFlowConf,policyOutflowConfig); + return finalOutFlowConf; + } + + + + + + // overide secondry configuration with primry configuration + private OutflowConfiguration mergeOutflowConfiguration( + OutflowConfiguration primaryConfig, + OutflowConfiguration secondryConf) { + if (secondryConf == null && primaryConfig != null) { + return primaryConfig; + } else if (primaryConfig == null && secondryConf != null) { + return secondryConf; + } else if (primaryConfig == null && secondryConf == null) { + return null; + } + + secondryConf.setPasswordCallbackClass(primaryConfig + .getPasswordCallbackClass()); + secondryConf.setSignaturePropFile(primaryConfig.getSignaturePropFile()); + secondryConf.setEncryptionPropFile(primaryConfig + .getEncryptionPropFile()); + secondryConf.setEmbeddedKeyCallbackClass(primaryConfig + .getEmbeddedKeyCallbackClass()); + secondryConf.setUser(primaryConfig.getUser()); + secondryConf.setEncryptionUser(primaryConfig.getEncryptionUser()); + return secondryConf; + } + + // overide secondry configuration with primry configuration + private InflowConfiguration mergeInflowConfiguration( + InflowConfiguration primaryConfig, InflowConfiguration secondryConf) { + if (secondryConf == null && primaryConfig != null) { + return primaryConfig; + } else if (primaryConfig == null && secondryConf != null) { + return secondryConf; + } else if (primaryConfig == null && secondryConf == null) { + return null; + } + + secondryConf.setPasswordCallbackClass(primaryConfig + .getPasswordCallbackClass()); + secondryConf.setDecryptionPropFile(primaryConfig + .getDecryptionPropFile()); + secondryConf.setSignaturePropFile(primaryConfig.getSignaturePropFile()); + if(primaryConfig.getEnableSignatureConfirmation() != null && "false".equals(primaryConfig.getEnableSignatureConfirmation())){ + secondryConf.setEnableSignatureConfirmation(false); + } + return secondryConf; } } Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSSHandlerConstants.java URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSSHandlerConstants.java?rev=397616&r1=397615&r2=397616&view=diff ============================================================================== --- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSSHandlerConstants.java (original) +++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSSHandlerConstants.java Thu Apr 27 12:22:08 2006 @@ -26,15 +26,21 @@ */ public final static String SECURITY_MODULE_NAME = "security"; - /** + /** * Inflow security parameter */ public static final String INFLOW_SECURITY = "InflowSecurity"; + + public static final String INFLOW_SECURITY_SERVER = "InflowSecurity-server"; + public static final String INFLOW_SECURITY_CLIENT = "InflowSecurity-client"; /** * Outflow security parameter */ public static final String OUTFLOW_SECURITY = "OutflowSecurity"; + + public static final String OUTFLOW_SECURITY_SERVER = "OutflowSecurity-server"; + public static final String OUTFLOW_SECURITY_CLIENT = "OutflowSecurity-client"; public static final String ACTION = "action"; Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/util/HandlerParameterDecoder.java URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/util/HandlerParameterDecoder.java?rev=397616&r1=397615&r2=397616&view=diff ============================================================================== --- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/util/HandlerParameterDecoder.java (original) +++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/util/HandlerParameterDecoder.java Thu Apr 27 12:22:08 2006 @@ -47,12 +47,25 @@ */ public static void processParameters(MessageContext msgCtx, boolean inflow) throws Exception { - - //TODO: check whether policy is available + Parameter inFlowSecParam; + Parameter outFlowSecParam; + + if(msgCtx.isServerSide()){ + inFlowSecParam = (Parameter)msgCtx.getParameter(WSSHandlerConstants.INFLOW_SECURITY_SERVER); + outFlowSecParam = (Parameter)msgCtx.getParameter(WSSHandlerConstants.OUTFLOW_SECURITY_SERVER); + }else{ + inFlowSecParam = (Parameter)msgCtx.getParameter(WSSHandlerConstants.INFLOW_SECURITY_CLIENT); + outFlowSecParam = (Parameter)msgCtx.getParameter(WSSHandlerConstants.OUTFLOW_SECURITY_CLIENT); + } - Parameter inFlowSecParam = (Parameter)msgCtx.getProperty(WSSHandlerConstants.INFLOW_SECURITY); - - Parameter outFlowSecParam = (Parameter)msgCtx.getProperty(WSSHandlerConstants.OUTFLOW_SECURITY); + //TODO: check whether policy is available + if(inFlowSecParam == null){ + inFlowSecParam = (Parameter)msgCtx.getProperty(WSSHandlerConstants.INFLOW_SECURITY); + } + + if(outFlowSecParam == null){ + outFlowSecParam = (Parameter)msgCtx.getProperty(WSSHandlerConstants.OUTFLOW_SECURITY); + } //If the configs are not availabale in the file if(inFlowSecParam == null) { Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/WSS4JConfigBuilder.java URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/WSS4JConfigBuilder.java?rev=397616&r1=397615&r2=397616&view=diff ============================================================================== --- webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/WSS4JConfigBuilder.java (original) +++ webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/WSS4JConfigBuilder.java Thu Apr 27 12:22:08 2006 @@ -35,8 +35,11 @@ import java.util.Iterator; public class WSS4JConfigBuilder { - - public static WSS4JConfig build(ArrayList topLevelPeds) throws WSSPolicyException { + public static WSS4JConfig build(ArrayList topLevelPeds) throws WSSPolicyException { + return build(topLevelPeds,true); + } + + public static WSS4JConfig build(ArrayList topLevelPeds,boolean serverSide) throws WSSPolicyException { Iterator topLevelPEDIterator = topLevelPeds.iterator(); WSS4JConfig config = new WSS4JConfig(); while (topLevelPEDIterator.hasNext()) { @@ -55,11 +58,11 @@ //Unrecognized token } } - finalizeConfig(config); + finalizeConfig(config,serverSide); return config; } - private static void finalizeConfig(WSS4JConfig config) throws WSSPolicyException{ + private static void finalizeConfig(WSS4JConfig config,boolean serverSide) throws WSSPolicyException{ config.getInflowConfiguration().setEnableSignatureConfirmation(false); config.getOutflowConfiguration().setEnableSignatureConfirmation(false); @@ -133,26 +136,45 @@ } - if(config.binding instanceof AsymmetricBinding) { - AsymmetricBinding asymmetricBinding = (AsymmetricBinding) config.binding; - Token recipientToken = asymmetricBinding.getRecipientToken() - .getReceipientToken(); - String initiatorInclusion = recipientToken.getInclusion(); - if (initiatorInclusion - .equals(Constants.INCLUDE_ALWAYS_TO_RECIPIENT) - || initiatorInclusion.equals(Constants.INCLUDE_ALWAYS)) { - config.getOutflowConfiguration().setSignatureKeyIdentifier( - WSSHandlerConstants.BST_DIRECT_REFERENCE); - } else { - if(recipientToken instanceof X509Token) { + if(config.binding instanceof AsymmetricBinding) { + if(serverSide){ + AsymmetricBinding asymmetricBinding = (AsymmetricBinding) config.binding; + Token recipientToken = asymmetricBinding.getRecipientToken() + .getReceipientToken(); + String initiatorInclusion = recipientToken.getInclusion(); + if (initiatorInclusion + .equals(Constants.INCLUDE_ALWAYS_TO_RECIPIENT) + || initiatorInclusion.equals(Constants.INCLUDE_ALWAYS)) { config.getOutflowConfiguration().setSignatureKeyIdentifier( - WSSHandlerConstants.SKI_KEY_IDENTIFIER); + WSSHandlerConstants.BST_DIRECT_REFERENCE); + } else { + if(recipientToken instanceof X509Token) { + config.getOutflowConfiguration().setSignatureKeyIdentifier( + WSSHandlerConstants.SKI_KEY_IDENTIFIER); + } + } + }else{ + AsymmetricBinding asymmetricBinding = (AsymmetricBinding) config.binding; + Token initiatorToken = asymmetricBinding.getInitiatorToken().getInitiatorToken(); + String initiatorInclusion = initiatorToken.getInclusion(); + if (initiatorInclusion + .equals(Constants.INCLUDE_ALWAYS_TO_RECIPIENT) + || initiatorInclusion.equals(Constants.INCLUDE_ALWAYS)) { + config.getOutflowConfiguration().setSignatureKeyIdentifier( + WSSHandlerConstants.BST_DIRECT_REFERENCE); + } else { + if(initiatorToken instanceof X509Token) { + config.getOutflowConfiguration().setSignatureKeyIdentifier( + WSSHandlerConstants.SKI_KEY_IDENTIFIER); + } } } } else { //TODO Handle symmetric binding } } + + if(config.supportingToken != null) { if(config.supportingToken.getType() == Constants.SUPPORTING_TOKEN_SUPPORTING ||