ws-sandesha-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mckie...@apache.org
Subject svn commit: r597648 - in /webservices/sandesha/trunk/java/modules: core/src/main/java/org/apache/sandesha2/handlers/ core/src/main/java/org/apache/sandesha2/msgprocessors/ core/src/main/java/org/apache/sandesha2/util/ tests/src/test/java/org/apache/san...
Date Fri, 23 Nov 2007 11:45:16 GMT
Author: mckierna
Date: Fri Nov 23 03:45:13 2007
New Revision: 597648

URL: http://svn.apache.org/viewvc?rev=597648&view=rev
Log:
RSP: some security refactoring to make checks easier

Modified:
    webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/handlers/SandeshaGlobalInHandler.java
    webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/AckRequestedProcessor.java
    webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/AcknowledgementProcessor.java
    webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/CloseSequenceProcessor.java
    webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/CreateSeqResponseMsgProcessor.java
    webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/MakeConnectionProcessor.java
    webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/SequenceProcessor.java
    webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/TerminateSeqMsgProcessor.java
    webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/TerminateSeqResponseMsgProcessor.java
    webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/util/SandeshaUtil.java
    webservices/sandesha/trunk/java/modules/tests/src/test/java/org/apache/sandesha2/security/UnitTestSecurityManager.java

Modified: webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/handlers/SandeshaGlobalInHandler.java
URL: http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/handlers/SandeshaGlobalInHandler.java?rev=597648&r1=597647&r2=597648&view=diff
==============================================================================
--- webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/handlers/SandeshaGlobalInHandler.java
(original)
+++ webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/handlers/SandeshaGlobalInHandler.java
Fri Nov 23 03:45:13 2007
@@ -23,7 +23,6 @@
 
 import javax.xml.namespace.QName;
 
-import org.apache.axiom.om.OMElement;
 import org.apache.axiom.soap.SOAPBody;
 import org.apache.axiom.soap.SOAPEnvelope;
 import org.apache.axiom.soap.SOAPHeader;
@@ -43,8 +42,6 @@
 import org.apache.sandesha2.client.SandeshaClientConstants;
 import org.apache.sandesha2.i18n.SandeshaMessageHelper;
 import org.apache.sandesha2.i18n.SandeshaMessageKeys;
-import org.apache.sandesha2.security.SecurityManager;
-import org.apache.sandesha2.security.SecurityToken;
 import org.apache.sandesha2.storage.StorageManager;
 import org.apache.sandesha2.storage.Transaction;
 import org.apache.sandesha2.storage.beanmanagers.RMDBeanMgr;
@@ -177,24 +174,16 @@
       RMDBeanMgr mgr = storageManager.getRMDBeanMgr();
       RMDBean bean = mgr.retrieve(sequenceId);
       
-      if(bean != null && bean.getSecurityTokenData() != null) {
-        SecurityManager secManager = SandeshaUtil.getSecurityManager(rmMsgCtx.getConfigurationContext());
-        
-        QName seqName = new QName(rmMsgCtx.getRMNamespaceValue(), Sandesha2Constants.WSRM_COMMON.SEQUENCE);
-        
-        SOAPEnvelope envelope = rmMsgCtx.getSOAPEnvelope();
-        OMElement body = envelope.getBody();
-        OMElement seqHeader = envelope.getHeader().getFirstChildWithName(seqName);
-        
-        SecurityToken token = secManager.recoverSecurityToken(bean.getSecurityTokenData());
-        
-        secManager.checkProofOfPossession(token, seqHeader, rmMsgCtx.getMessageContext());
-        secManager.checkProofOfPossession(token, body, rmMsgCtx.getMessageContext());
-      }
-      
       MessageContext messageContext = rmMsgCtx.getMessageContext();
-    
-      if (bean != null) {
+      
+      if(bean != null){
+    	  
+    	  //first check the security credentials of the msg is necessary
+    	  SandeshaUtil.assertProofOfPossession(bean, messageContext, messageContext.getEnvelope().getBody());
+    	  SandeshaUtil.assertProofOfPossession(bean, messageContext, 
+    			  messageContext.getEnvelope().getHeader().getFirstChildWithName(new QName(rmMsgCtx.getRMNamespaceValue(),

+    					  Sandesha2Constants.WSRM_COMMON.SEQUENCE)));
+
         
         if (msgNo == 0) {
           String message = SandeshaMessageHelper.getMessage(SandeshaMessageKeys.invalidMsgNumber,
Long
@@ -224,16 +213,16 @@
         	//still allow this msg if we have no corresponding invoker bean for it and we are
inOrder
         	if(SandeshaUtil.isInOrder(rmMsgCtx.getMessageContext()))
         	{
-          	InvokerBean finderBean = new InvokerBean();
-          	finderBean.setMsgNo(msgNo);
-          	finderBean.setSequenceID(sequenceId);
-          	List invokerBeanList = storageManager.getInvokerBeanMgr().find(finderBean);
-          	if((invokerBeanList==null || invokerBeanList.size()==0) 
-          			&& bean.getNextMsgNoToProcess()<=msgNo){
-          		isDuplicate = false;
-              if (log.isDebugEnabled())
-                log.debug("Allowing completed message on sequence " + sequenceId + ", msgNo
" + msgNo);
-          	}
+	          	InvokerBean finderBean = new InvokerBean();
+	          	finderBean.setMsgNo(msgNo);
+	          	finderBean.setSequenceID(sequenceId);
+	          	List invokerBeanList = storageManager.getInvokerBeanMgr().find(finderBean);
+	          	if((invokerBeanList==null || invokerBeanList.size()==0) 
+	          			&& bean.getNextMsgNoToProcess()<=msgNo){
+	          		isDuplicate = false;
+	              if (log.isDebugEnabled())
+	                log.debug("Allowing completed message on sequence " + sequenceId + ", msgNo
" + msgNo);
+	          	}
         	}
         	
         	if(isDuplicate){

Modified: webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/AckRequestedProcessor.java
URL: http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/AckRequestedProcessor.java?rev=597648&r1=597647&r2=597648&view=diff
==============================================================================
--- webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/AckRequestedProcessor.java
(original)
+++ webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/AckRequestedProcessor.java
Fri Nov 23 03:45:13 2007
@@ -111,12 +111,10 @@
 		
 		// Check that the sender of this AckRequest holds the correct token
 		RMDBean rmdBean = SandeshaUtil.getRMDBeanFromSequenceId(storageManager, sequenceId);
-
-		if(rmdBean != null && rmdBean.getSecurityTokenData() != null) {
-			SecurityManager secManager = SandeshaUtil.getSecurityManager(configurationContext);
-			SecurityToken token = secManager.recoverSecurityToken(rmdBean.getSecurityTokenData());
-			
-			secManager.checkProofOfPossession(token, soapHeader, msgContext);
+		
+		//check security credentials
+		if(rmdBean!=null){
+			SandeshaUtil.assertProofOfPossession(rmdBean, msgContext, soapHeader);
 		}
 
 		// Check that the sequence requested exists

Modified: webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/AcknowledgementProcessor.java
URL: http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/AcknowledgementProcessor.java?rev=597648&r1=597647&r2=597648&view=diff
==============================================================================
--- webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/AcknowledgementProcessor.java
(original)
+++ webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/AcknowledgementProcessor.java
Fri Nov 23 03:45:13 2007
@@ -121,12 +121,7 @@
 
 		// Check that the sender of this Ack holds the correct token
 		String internalSequenceId = rmsBean.getInternalSequenceID();
-		if(rmsBean.getSecurityTokenData() != null) {
-			SecurityManager secManager = SandeshaUtil.getSecurityManager(configCtx);
-			SecurityToken token = secManager.recoverSecurityToken(rmsBean.getSecurityTokenData());
-			
-			secManager.checkProofOfPossession(token, soapHeader, msgCtx);
-		}
+		SandeshaUtil.assertProofOfPossession(rmsBean, msgCtx, soapHeader);
 		
 		if(log.isDebugEnabled()) log.debug("Got Ack for RM Sequence: " + outSequenceId + ", internalSeqId:
" + internalSequenceId);
 		Iterator ackRangeIterator = sequenceAck.getAcknowledgementRanges().iterator();

Modified: webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/CloseSequenceProcessor.java
URL: http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/CloseSequenceProcessor.java?rev=597648&r1=597647&r2=597648&view=diff
==============================================================================
--- webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/CloseSequenceProcessor.java
(original)
+++ webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/CloseSequenceProcessor.java
Fri Nov 23 03:45:13 2007
@@ -75,14 +75,9 @@
 				.getAxisConfiguration());
 
 		RMDBean rmdBean = SandeshaUtil.getRMDBeanFromSequenceId(storageManager, sequenceId);
-
-		// Check that the sender of this CloseSequence holds the correct token
-		if(rmdBean != null && rmdBean.getSecurityTokenData() != null) {
-			SecurityManager secManager = SandeshaUtil.getSecurityManager(msgCtx.getConfigurationContext());
-			OMElement body = msgCtx.getEnvelope().getBody();
-			SecurityToken token = secManager.recoverSecurityToken(rmdBean.getSecurityTokenData());
-			secManager.checkProofOfPossession(token, body, msgCtx);
-		}
+		
+		//check the security credentials
+		SandeshaUtil.assertProofOfPossession(rmdBean, msgCtx, msgCtx.getEnvelope().getBody());
 
 		if (FaultManager.checkForUnknownSequence(rmMsgCtx, sequenceId, storageManager, false))
{
 			if (log.isDebugEnabled())

Modified: webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/CreateSeqResponseMsgProcessor.java
URL: http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/CreateSeqResponseMsgProcessor.java?rev=597648&r1=597647&r2=597648&view=diff
==============================================================================
--- webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/CreateSeqResponseMsgProcessor.java
(original)
+++ webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/CreateSeqResponseMsgProcessor.java
Fri Nov 23 03:45:13 2007
@@ -21,7 +21,6 @@
 
 import java.util.Iterator;
 
-import org.apache.axiom.om.OMElement;
 import org.apache.axis2.AxisFault;
 import org.apache.axis2.addressing.EndpointReference;
 import org.apache.axis2.addressing.RelatesTo;
@@ -37,8 +36,6 @@
 import org.apache.sandesha2.i18n.SandeshaMessageHelper;
 import org.apache.sandesha2.i18n.SandeshaMessageKeys;
 import org.apache.sandesha2.policy.SandeshaPolicyBean;
-import org.apache.sandesha2.security.SecurityManager;
-import org.apache.sandesha2.security.SecurityToken;
 import org.apache.sandesha2.storage.StorageManager;
 import org.apache.sandesha2.storage.Transaction;
 import org.apache.sandesha2.storage.beanmanagers.RMSBeanMgr;
@@ -113,14 +110,8 @@
 		}
 
 		// Check that the create sequence response message proves possession of the correct token
-		String tokenData = rmsBean.getSecurityTokenData();
-		if(tokenData != null) {
-			SecurityManager secManager = SandeshaUtil.getSecurityManager(configCtx);
-			MessageContext crtSeqResponseCtx = createSeqResponseRMMsgCtx.getMessageContext();
-			OMElement body = crtSeqResponseCtx.getEnvelope().getBody();
-			SecurityToken token = secManager.recoverSecurityToken(tokenData);
-			secManager.checkProofOfPossession(token, body, crtSeqResponseCtx);
-		}
+		MessageContext msgCtx = createSeqResponseRMMsgCtx.getMessageContext();
+		SandeshaUtil.assertProofOfPossession(rmsBean, msgCtx, msgCtx.getEnvelope().getBody());
 
 		String internalSequenceId = rmsBean.getInternalSequenceID();
 		if (internalSequenceId == null || "".equals(internalSequenceId)) {

Modified: webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/MakeConnectionProcessor.java
URL: http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/MakeConnectionProcessor.java?rev=597648&r1=597647&r2=597648&view=diff
==============================================================================
--- webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/MakeConnectionProcessor.java
(original)
+++ webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/MakeConnectionProcessor.java
Fri Nov 23 03:45:13 2007
@@ -21,6 +21,7 @@
 
 import java.util.Collection;
 import java.util.Iterator;
+import java.util.List;
 import java.util.Random;
 
 import org.apache.axis2.AxisFault;
@@ -39,10 +40,14 @@
 import org.apache.sandesha2.SandeshaException;
 import org.apache.sandesha2.i18n.SandeshaMessageHelper;
 import org.apache.sandesha2.i18n.SandeshaMessageKeys;
+import org.apache.sandesha2.security.SecurityManager;
+import org.apache.sandesha2.security.SecurityToken;
 import org.apache.sandesha2.storage.StorageManager;
 import org.apache.sandesha2.storage.Transaction;
 import org.apache.sandesha2.storage.beanmanagers.SenderBeanMgr;
+import org.apache.sandesha2.storage.beans.RMDBean;
 import org.apache.sandesha2.storage.beans.RMSBean;
+import org.apache.sandesha2.storage.beans.RMSequenceBean;
 import org.apache.sandesha2.storage.beans.SenderBean;
 import org.apache.sandesha2.util.MsgInitializer;
 import org.apache.sandesha2.util.SandeshaUtil;
@@ -72,24 +77,66 @@
 		if(log.isDebugEnabled()) log.debug("Enter: MakeConnectionProcessor::processInMessage "
+ rmMsgCtx.getSOAPEnvelope().getBody());
 
 		MakeConnection makeConnection = (MakeConnection) rmMsgCtx.getMakeConnection();
+		
 		Address address = makeConnection.getAddress();
 		Identifier identifier = makeConnection.getIdentifier();
 		
+		//some initial setup
 		ConfigurationContext configurationContext = rmMsgCtx.getConfigurationContext();
 		StorageManager storageManager = SandeshaUtil.getSandeshaStorageManager(configurationContext,configurationContext.getAxisConfiguration());
+		SecurityManager secManager = SandeshaUtil.getSecurityManager(configurationContext);
+		SecurityToken token = secManager.getSecurityToken(rmMsgCtx.getMessageContext());
 		
+		//we want to find valid sender beans
+		SenderBean findSenderBean = new SenderBean();
+		if(token!=null){
+			if(log.isDebugEnabled()) log.debug("token found " + token);
+			//this means we have to scope our search for sender beans that belong to sequences that
own the same token
+			String data = secManager.getTokenRecoveryData(token);
+			//first look for RMS beans
+			RMSBean finderRMS = new RMSBean();
+			finderRMS.setSecurityTokenData(data);
+			List possibleBeans = storageManager.getRMSBeanMgr().find(finderRMS);
+			
+			//try looking for RMD beans too
+			RMDBean finderRMD = new RMDBean();
+			finderRMD.setSecurityTokenData(data);
+			List tempList = storageManager.getRMDBeanMgr().find(finderRMD);
+			
+			//combine these two into one list
+			possibleBeans.addAll(tempList);
+			
+			int size = possibleBeans.size();
+			
+			if(size>0){
+				//select one at random: TODO better method?
+				Random random = new Random ();
+				int itemToPick = random.nextInt(size);
+				RMSequenceBean selectedSequence = (RMSequenceBean)possibleBeans.get(itemToPick);
+				findSenderBean.setSequenceID(selectedSequence.getSequenceID());
+				if(log.isDebugEnabled()) log.debug("sequence selected " + findSenderBean.getSequenceID());
+			}
+			else{
+				//we cannot match a RMD with the correct security credentials so we cannot process this
msg under RSP
+				if(log.isDebugEnabled()) log.debug("Exit: MakeConnectionProcessor::processInMessage :
no RM sequence bean with security credentials" );
+				//return false; //TODO put this in once tested live
+			}
+		}
+			
+		//lookup a sender bean
 		SenderBeanMgr senderBeanMgr = storageManager.getSenderBeanMgr();
 		
 		//selecting the set of SenderBeans that suit the given criteria.
-		SenderBean findSenderBean = new SenderBean ();
 		findSenderBean.setSend(true);
 		findSenderBean.setTransportAvailable(false);
 		
 		if (address!=null)
 			findSenderBean.setToAddress(address.getAddress());
 		
-		if (identifier!=null)
+		if (identifier!=null){
+			if(log.isDebugEnabled()) log.debug("identifier set, this violates RSP " + identifier);
 			findSenderBean.setSequenceID(identifier.getIdentifier());
+		}
 		
 		// Set the time to send field to be now
 		findSenderBean.setTimeToSend(System.currentTimeMillis());

Modified: webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/SequenceProcessor.java
URL: http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/SequenceProcessor.java?rev=597648&r1=597647&r2=597648&view=diff
==============================================================================
--- webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/SequenceProcessor.java
(original)
+++ webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/SequenceProcessor.java
Fri Nov 23 03:45:13 2007
@@ -112,20 +112,11 @@
 		RMDBeanMgr mgr = storageManager.getRMDBeanMgr();
 		RMDBean bean = mgr.retrieve(sequenceId);
 		
-		if(bean != null && bean.getSecurityTokenData() != null) {
-			SecurityManager secManager = SandeshaUtil.getSecurityManager(msgCtx.getConfigurationContext());
-			
-			QName seqName = new QName(rmMsgCtx.getRMNamespaceValue(), Sandesha2Constants.WSRM_COMMON.SEQUENCE);
-			
-			SOAPEnvelope envelope = msgCtx.getEnvelope();
-			OMElement body = envelope.getBody();
-			OMElement seqHeader = envelope.getHeader().getFirstChildWithName(seqName);
-			
-			SecurityToken token = secManager.recoverSecurityToken(bean.getSecurityTokenData());
-			
-			secManager.checkProofOfPossession(token, seqHeader, msgCtx);
-			secManager.checkProofOfPossession(token, body, msgCtx);
-		}
+		//check the security credentials
+		SandeshaUtil.assertProofOfPossession(bean, msgCtx, msgCtx.getEnvelope().getHeader().
+				getFirstChildWithName(new QName(rmMsgCtx.getRMNamespaceValue(), Sandesha2Constants.WSRM_COMMON.SEQUENCE)));
+		SandeshaUtil.assertProofOfPossession(bean, msgCtx, msgCtx.getEnvelope().getBody());
+		
 		
 		// Store the inbound sequence id, number and lastMessage onto the operation context
 		OperationContext opCtx = msgCtx.getOperationContext();

Modified: webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/TerminateSeqMsgProcessor.java
URL: http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/TerminateSeqMsgProcessor.java?rev=597648&r1=597647&r2=597648&view=diff
==============================================================================
--- webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/TerminateSeqMsgProcessor.java
(original)
+++ webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/TerminateSeqMsgProcessor.java
Fri Nov 23 03:45:13 2007
@@ -95,12 +95,10 @@
 		
 		// Check that the sender of this TerminateSequence holds the correct token
 		RMDBean rmdBean = SandeshaUtil.getRMDBeanFromSequenceId(storageManager, sequenceId);
-		if(rmdBean != null && rmdBean.getSecurityTokenData() != null) {
-			SecurityManager secManager = SandeshaUtil.getSecurityManager(context);
-			OMElement body = terminateSeqRMMsg.getSOAPEnvelope().getBody();
-			SecurityToken token = secManager.recoverSecurityToken(rmdBean.getSecurityTokenData());
-			secManager.checkProofOfPossession(token, body, terminateSeqRMMsg.getMessageContext());
-		}
+		
+		//check security credentials
+		SandeshaUtil.assertProofOfPossession(rmdBean, terminateSeqMsg, 
+				terminateSeqMsg.getEnvelope().getBody());
 
 		if (FaultManager.checkForUnknownSequence(terminateSeqRMMsg, sequenceId, storageManager,
false)) {
 			if (log.isDebugEnabled())

Modified: webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/TerminateSeqResponseMsgProcessor.java
URL: http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/TerminateSeqResponseMsgProcessor.java?rev=597648&r1=597647&r2=597648&view=diff
==============================================================================
--- webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/TerminateSeqResponseMsgProcessor.java
(original)
+++ webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/TerminateSeqResponseMsgProcessor.java
Fri Nov 23 03:45:13 2007
@@ -19,7 +19,6 @@
 
 package org.apache.sandesha2.msgprocessors;
 
-import org.apache.axiom.om.OMElement;
 import org.apache.axis2.AxisFault;
 import org.apache.axis2.context.ConfigurationContext;
 import org.apache.axis2.context.MessageContext;
@@ -28,8 +27,6 @@
 import org.apache.sandesha2.RMMsgContext;
 import org.apache.sandesha2.Sandesha2Constants;
 import org.apache.sandesha2.polling.PollingManager;
-import org.apache.sandesha2.security.SecurityManager;
-import org.apache.sandesha2.security.SecurityToken;
 import org.apache.sandesha2.storage.StorageManager;
 import org.apache.sandesha2.storage.Transaction;
 import org.apache.sandesha2.storage.beanmanagers.RMDBeanMgr;
@@ -60,14 +57,9 @@
 		
 		String sequenceId = tsResponse.getIdentifier().getIdentifier();
 		RMSBean rmsBean = SandeshaUtil.getRMSBeanFromSequenceId(storageManager, sequenceId);
-
-		// Check that the sender of this TerminateSequence holds the correct token
-		if(rmsBean != null && rmsBean.getSecurityTokenData() != null) {
-			SecurityManager secManager = SandeshaUtil.getSecurityManager(context);
-			OMElement body = terminateResRMMsg.getSOAPEnvelope().getBody();
-			SecurityToken token = secManager.recoverSecurityToken(rmsBean.getSecurityTokenData());
-			secManager.checkProofOfPossession(token, body, msgContext);
-		}
+		
+		//check security credentials
+		SandeshaUtil.assertProofOfPossession(rmsBean, msgContext, msgContext.getEnvelope().getBody());
 
 		msgContext.setProperty(Sandesha2Constants.MessageContextProperties.INTERNAL_SEQUENCE_ID,rmsBean.getInternalSequenceID());
 

Modified: webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/util/SandeshaUtil.java
URL: http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/util/SandeshaUtil.java?rev=597648&r1=597647&r2=597648&view=diff
==============================================================================
--- webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/util/SandeshaUtil.java
(original)
+++ webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/util/SandeshaUtil.java
Fri Nov 23 03:45:13 2007
@@ -69,6 +69,7 @@
 import org.apache.sandesha2.i18n.SandeshaMessageKeys;
 import org.apache.sandesha2.policy.SandeshaPolicyBean;
 import org.apache.sandesha2.security.SecurityManager;
+import org.apache.sandesha2.security.SecurityToken;
 import org.apache.sandesha2.storage.StorageManager;
 import org.apache.sandesha2.storage.beanmanagers.RMDBeanMgr;
 import org.apache.sandesha2.storage.beanmanagers.RMSBeanMgr;
@@ -463,6 +464,25 @@
 
 	}
 	
+	public static void assertProofOfPossession(RMSequenceBean bean, MessageContext context,
OMElement elementToCheck)throws SandeshaException{
+		if (log.isDebugEnabled()) 
+			log.debug("Enter: SandeshaUtil::assertProofOfPossession :" + bean + ", " + context + ",
" + elementToCheck);
+		
+		String tokenData = null;
+		if(bean!=null){
+			tokenData = bean.getSecurityTokenData();
+		}
+		if(tokenData != null) {
+			if (log.isDebugEnabled()) log.debug("debug:" + tokenData);
+			SecurityManager secManager = SandeshaUtil.getSecurityManager(context.getConfigurationContext());
+			SecurityToken token = secManager.recoverSecurityToken(tokenData);
+			secManager.checkProofOfPossession(token, elementToCheck, context); //this will exception
if there is no proof
+		}
+		
+		if (log.isDebugEnabled())
+			log.debug("Exit: SandeshaUtil::assertProofOfPossession");
+	}
+	
 
 	public static void copyConfiguredProperties (MessageContext fromMessage, MessageContext
toMessage) throws AxisFault {
 
@@ -622,7 +642,6 @@
   }
 	
 	public static long getLastMessageNumber(String internalSequenceID, StorageManager storageManager)throws
SandeshaException {
-		
 		RMSBean rMSBean = getRMSBeanFromInternalSequenceId(storageManager, internalSequenceID);
 		long lastMessageNumber = 0;
 		if(rMSBean!=null){
@@ -835,10 +854,11 @@
 			Parameter classLoaderParam = config.getParameter(Sandesha2Constants.MODULE_CLASS_LOADER);
 			if(classLoaderParam != null) classLoader = (ClassLoader) classLoaderParam.getValue();

 
+			
 		  if (classLoader==null)
 	    	throw new SandeshaException (SandeshaMessageHelper.getMessage(SandeshaMessageKeys.classLoaderNotFound));
 		    
-		  Class c = classLoader.loadClass(className);
+		  	Class c = classLoader.loadClass(className);		  
 			Class configContextClass = context.getClass();
 			
 			Constructor constructor = c.getConstructor(new Class[] { configContextClass });
@@ -850,6 +870,7 @@
 			}
 			return (SecurityManager) obj;
 			
+			
 		} catch (Exception e) {
 			String message = SandeshaMessageHelper.getMessage(SandeshaMessageKeys.cannotInitSecurityManager,
e.toString());
 			throw new SandeshaException(message,e);
@@ -1120,6 +1141,11 @@
 					if (log.isDebugEnabled()) log.debug("Unreliable operation");
 					result = true;
 				}
+				else if(null != unreliableParam && "false".equals(unreliable)){
+					//a forced reliable message
+					if (log.isDebugEnabled()) log.debug("Forced reliable message context");
+					result = false;
+				}	
 			}
 		}
 		

Modified: webservices/sandesha/trunk/java/modules/tests/src/test/java/org/apache/sandesha2/security/UnitTestSecurityManager.java
URL: http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/modules/tests/src/test/java/org/apache/sandesha2/security/UnitTestSecurityManager.java?rev=597648&r1=597647&r2=597648&view=diff
==============================================================================
--- webservices/sandesha/trunk/java/modules/tests/src/test/java/org/apache/sandesha2/security/UnitTestSecurityManager.java
(original)
+++ webservices/sandesha/trunk/java/modules/tests/src/test/java/org/apache/sandesha2/security/UnitTestSecurityManager.java
Fri Nov 23 03:45:13 2007
@@ -41,7 +41,6 @@
 	private static Log log = LogFactory.getLog(UnitTestSecurityManager.class);
 
 	private static HashMap tokens = new HashMap();
-	private static int id = 0;
 	private static String secNamespace = Sandesha2Constants.SPEC_2005_02.SEC_NS_URI;
 	private static QName unitTestHeader = new QName("http://unit.test.security", "tokenId");
 	
@@ -58,7 +57,7 @@
 	{
 		log.debug("Enter: UnitTestSecurityManager::getSecurityToken(MessageContext)");
 
-		UnitTestSecurityToken result = new UnitTestSecurityToken(id++);
+		UnitTestSecurityToken result = new UnitTestSecurityToken(1); //use the same token for all
messages in unit test
 		tokens.put(getTokenRecoveryData(result), result);
 
 		log.debug("Exit: UnitTestSecurityManager::getSecurityToken " + result);



---------------------------------------------------------------------
To unsubscribe, e-mail: sandesha-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: sandesha-dev-help@ws.apache.org


Mime
View raw message