ws-wss4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r788027 - in /webservices/wss4j/branches/1_5_x-fixes: src/org/apache/ws/security/ src/org/apache/ws/security/handler/ src/org/apache/ws/security/message/token/ src/org/apache/ws/security/processor/ test/wssec/
Date Wed, 24 Jun 2009 14:03:58 GMT
Author: coheigea
Date: Wed Jun 24 14:03:58 2009
New Revision: 788027

URL: http://svn.apache.org/viewvc?rev=788027&view=rev
Log:
[WSS-199] - Backported from trunk.

Added:
    webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityWSS199.java
      - copied, changed from r787976, webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS199.java
Modified:
    webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSConfig.java
    webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java
    webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandlerConstants.java
    webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/token/UsernameToken.java
    webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/UsernameTokenProcessor.java
    webservices/wss4j/branches/1_5_x-fixes/test/wssec/PackageTests.java

Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSConfig.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSConfig.java?rev=788027&r1=788026&r2=788027&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSConfig.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSConfig.java Wed Jun
24 14:03:58 2009
@@ -196,6 +196,14 @@
      */
     protected boolean handleCustomPasswordTypes = false;
     
+    /**
+     * This variable controls whether (wsse) namespace qualified password types are
+     * accepted when processing UsernameTokens.
+     * 
+     * By default this is set to false.
+     */
+    protected boolean allowNamespaceQualifiedPasswordTypes = false;
+    
     
     /**
      * The default wsu:Id allocator is a simple "start at 1 and increment up"
@@ -383,7 +391,22 @@
     public boolean getHandleCustomPasswordTypes() {
         return handleCustomPasswordTypes;
     }
-
+    
+    /**
+     * @param allowNamespaceQualifiedTypes
+     * whether (wsse) namespace qualified password types are accepted or not
+     */
+    public void setAllowNamespaceQualifiedPasswordTypes(boolean allowNamespaceQualifiedTypes)
{
+        allowNamespaceQualifiedPasswordTypes = allowNamespaceQualifiedTypes;
+    }
+    
+    /**
+     * @return whether (wsse) namespace qualified password types are accepted or not
+     */
+    public boolean getAllowNamespaceQualifiedPasswordTypes() {
+        return allowNamespaceQualifiedPasswordTypes;
+    }
+    
     /**
      * @return Returns if we shall throw an exception on expired request
      *         semantic

Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java?rev=788027&r1=788026&r2=788027&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java
(original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java
Wed Jun 24 14:03:58 2009
@@ -258,6 +258,9 @@
         );
         wssConfig.setTimeStampStrict(decodeTimestampStrict(reqData));
         wssConfig.setHandleCustomPasswordTypes(decodeCustomPasswordTypes(reqData));
+        wssConfig.setAllowNamespaceQualifiedPasswordTypes(
+            decodeNamespaceQualifiedPasswordTypes(reqData)
+        );
         reqData.setWssConfig(wssConfig);
 
         if ((doAction & WSConstants.SIGN) == WSConstants.SIGN) {
@@ -728,6 +731,28 @@
             "WSHandler: illegal handleCustomPasswordTypes parameter"
         );
     }
+    
+    protected boolean decodeNamespaceQualifiedPasswordTypes(RequestData reqData) 
+        throws WSSecurityException {
+        String value = getString(
+            WSHandlerConstants.ALLOW_NAMESPACE_QUALIFIED_PASSWORD_TYPES,
+            reqData.getMsgContext()
+        );
+    
+        if (value == null) {
+            return false;
+        }
+        if ("0".equals(value) || "false".equals(value)) {
+            return false;
+        } 
+        if ("1".equals(value) || "true".equals(value)) {
+            return true;
+        }
+    
+        throw new WSSecurityException(
+            "WSHandler: illegal allowNamespaceQualifiedPasswordTypes parameter"
+        );
+    }
 
     protected boolean decodeTimestampStrict(RequestData reqData) 
         throws WSSecurityException {

Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandlerConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandlerConstants.java?rev=788027&r1=788026&r2=788027&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandlerConstants.java
(original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandlerConstants.java
Wed Jun 24 14:03:58 2009
@@ -496,6 +496,15 @@
      * reject custom token types in the callback handler.
      */
     public static final String HANDLE_CUSTOM_PASSWORD_TYPES = "handleCustomPasswordTypes";
+    
+    /**
+     * This variable controls whether (wsse) namespace qualified password types are
+     * accepted when processing UsernameTokens.
+     * 
+     * By default this is set to false.
+     */
+    public static final String ALLOW_NAMESPACE_QUALIFIED_PASSWORD_TYPES 
+        = "allowNamespaceQualifiedPasswordTypes";
 
     /**
      * Parameter to generate additional elements in <code>UsernameToken</code>.

Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/token/UsernameToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/token/UsernameToken.java?rev=788027&r1=788026&r2=788027&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/token/UsernameToken.java
(original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/token/UsernameToken.java
Wed Jun 24 14:03:58 2009
@@ -71,7 +71,7 @@
     protected String passwordType = null;
     protected boolean hashed = true;
     private String rawPassword;        // enhancement by Alberto Coletti
-
+    
     static {
         try {
             random = WSSecurityUtil.resolveSecureRandom();
@@ -81,7 +81,7 @@
             }
         }
     }
-
+    
     /**
      * Constructs a <code>UsernameToken</code> object and parses the
      * <code>wsse:UsernameToken</code> element to initialize it.
@@ -91,6 +91,23 @@
      * @throws WSSecurityException
      */
     public UsernameToken(Element elem) throws WSSecurityException {
+        this (elem, false);
+    }
+
+    /**
+     * Constructs a <code>UsernameToken</code> object and parses the
+     * <code>wsse:UsernameToken</code> element to initialize it.
+     * 
+     * @param elem the <code>wsse:UsernameToken</code> element that contains
+     *             the UsernameToken data
+     * @param allowNamespaceQualifiedPasswordTypes whether to allow (wsse)
+     *        namespace qualified password types or not (for interop with WCF)
+     * @throws WSSecurityException
+     */
+    public UsernameToken(
+        Element elem, 
+        boolean allowNamespaceQualifiedPasswordTypes
+    ) throws WSSecurityException {
         element = elem;
         QName el = new QName(element.getNamespaceURI(), element.getLocalName());
         if (!el.equals(TOKEN)) {
@@ -147,9 +164,26 @@
             }
             return;
         }
-        if (elementPassword != null 
-            && elementPassword.hasAttribute(WSConstants.PASSWORD_TYPE_ATTR)) {
-            passwordType = elementPassword.getAttribute(WSConstants.PASSWORD_TYPE_ATTR);
+        if (elementPassword != null) {
+            if (elementPassword.hasAttribute(WSConstants.PASSWORD_TYPE_ATTR)) {
+                passwordType = elementPassword.getAttribute(WSConstants.PASSWORD_TYPE_ATTR);
+            } else if (elementPassword.hasAttributeNS(
+                WSConstants.WSSE_NS, WSConstants.PASSWORD_TYPE_ATTR)
+            ) {
+                if (allowNamespaceQualifiedPasswordTypes) {
+                    passwordType = 
+                        elementPassword.getAttributeNS(
+                            WSConstants.WSSE_NS, WSConstants.PASSWORD_TYPE_ATTR
+                        );
+                } else {
+                    throw new WSSecurityException(
+                        WSSecurityException.INVALID_SECURITY_TOKEN,
+                        "badTokenType01", 
+                        new Object[] {el}
+                    );
+                }
+            }
+            
         }
         if (passwordType != null
             && passwordType.equals(WSConstants.PASSWORD_DIGEST)) {

Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/UsernameTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/UsernameTokenProcessor.java?rev=788027&r1=788026&r2=788027&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/UsernameTokenProcessor.java
(original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/UsernameTokenProcessor.java
Wed Jun 24 14:03:58 2009
@@ -43,6 +43,7 @@
     private String utId;
     private UsernameToken ut;
     private boolean handleCustomPasswordTypes;
+    private boolean allowNamespaceQualifiedPasswordTypes;
     
     public void handleToken(Element elem, Crypto crypto, Crypto decCrypto, CallbackHandler
cb, 
         WSDocInfo wsDocInfo, Vector returnResults, WSSConfig wsc) throws WSSecurityException
{
@@ -50,6 +51,7 @@
             log.debug("Found UsernameToken list element");
         }
         handleCustomPasswordTypes = wsc.getHandleCustomPasswordTypes();
+        allowNamespaceQualifiedPasswordTypes = wsc.getAllowNamespaceQualifiedPasswordTypes();
         
         Principal lastPrincipalFound = handleUsernameToken((Element) elem, cb);
         returnResults.add(
@@ -86,7 +88,7 @@
         //
         // Parse the UsernameToken element
         //
-        ut = new UsernameToken(token);
+        ut = new UsernameToken(token, allowNamespaceQualifiedPasswordTypes);
         String user = ut.getName();
         String password = ut.getPassword();
         String nonce = ut.getNonce();

Modified: webservices/wss4j/branches/1_5_x-fixes/test/wssec/PackageTests.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/test/wssec/PackageTests.java?rev=788027&r1=788026&r2=788027&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/test/wssec/PackageTests.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/test/wssec/PackageTests.java Wed Jun 24 14:03:58
2009
@@ -88,6 +88,7 @@
         suite.addTestSuite(TestWSSecurityResultsOrder.class);
         suite.addTestSuite(TestWSSecurityWSS178.class);
         suite.addTestSuite(TestWSSecurityWSS194.class);
+        suite.addTestSuite(TestWSSecurityWSS199.class);
         
         return suite;
     }

Copied: webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityWSS199.java (from
r787976, webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS199.java)
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityWSS199.java?p2=webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityWSS199.java&p1=webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS199.java&r1=787976&r2=788027&rev=788027&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS199.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityWSS199.java Wed Jun 24
14:03:58 2009
@@ -148,12 +148,12 @@
             if (callbacks[i] instanceof WSPasswordCallback) {
                 WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
                 assertEquals(pc.getPasswordType(), WSConstants.PASSWORD_TEXT);
-                if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN
-                    && "wernerd".equals(pc.getIdentifier())) {
-                    pc.setPassword("verySecret");
-                } else if (
-                    pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN
-                ) {
+                if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+                    if (!"wernerd".equals(pc.getIdentifier())
+                          && !"verySecret".equals(pc.getPassword())) {
+                        throw new IOException("Authentication failed");
+                    }
+                } else {
                     throw new IOException("Authentication failed");
                 }
             } else {



---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org


Mime
View raw message