[jboss-svn-commits] JBL Code SVN: r30441 - in labs/jbossesb/branches/JBESB_4_7_CP/product: rosetta/src/org/jboss/internal/soa/esb/webservice and 6 other directories.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Wed Dec 2 18:20:44 EST 2009
Author: beve
Date: 2009-12-02 18:20:43 -0500 (Wed, 02 Dec 2009)
New Revision: 30441
Added:
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ExtractionException.java
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityTokenExtractor.java
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SoapConstants.java
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SoapExtractionUtil.java
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/UsernameTokenExtractor.java
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityTokenExtractorUnitTest.java
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityTokenUnitTest.java
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/SOAPExtractorUtilUnitTest.java
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/UsernameTokenExtractorUnitTest.java
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/soap-security-header-1.0-example.xml
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/soap-security-header-1.1-example.xml
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/soap-security-header-2002-1.0-example.xml
Removed:
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/WSSecurityInfoExtractor.java
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/smooks-saml-template.xml
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/smooks-saml.xml
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/smooks-ws-security-template.xml
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/smooks-ws-security.xml
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityTokenTest.java
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/WSSecurityInfoExtractorUnitTest.java
Modified:
labs/jbossesb/branches/JBESB_4_7_CP/product/.classpath
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/internal/soa/esb/webservice/BaseWebService.java
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/listeners/gateway/JBossRemotingGatewayListener.java
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/listeners/gateway/http/HttpMessageComposer.java
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ExtractorUtil.java
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/SecurityInfoExtractor.java
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityToken.java
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SOAPExtractorUtil.java
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SamlAssertionExtractor.java
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SamlSoapAssertionExtractor.java
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/WSSecuritySoapExtractor.java
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/SamlAssertionExtractorUnitTest.java
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/SamlSoapAssertionExtractorUnitTest.java
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/WSSecuritySoapExtractorUnitTest.java
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/WSTestUtil.java
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/soap-keys-example.xml
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/soap-saml-example.xml
labs/jbossesb/branches/JBESB_4_7_CP/product/samples/quickstarts/security_saml/soap-request.xml
Log:
Work for https://jira.jboss.org/jira/browse/JBESB-3016 "Performance: Refactor SecurityInfoExtractors to use StaX instead of Smooks (SAX)"
Modified: labs/jbossesb/branches/JBESB_4_7_CP/product/.classpath
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/.classpath 2009-12-02 22:13:38 UTC (rev 30440)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/.classpath 2009-12-02 23:20:43 UTC (rev 30441)
@@ -166,5 +166,8 @@
<classpathentry kind="var" path="ESB_ROOT/testlib/junit-4.1.jar"/>
<classpathentry kind="var" path="ESB_ROOT/testlib/mockejb.jar"/>
<classpathentry kind="var" path="ESB_ROOT/testlib/mockito-all-1.8.0.jar"/>
+ <classpathentry kind="lib" path="build/lib/juddi-core-3.0.0.jar"/>
+ <classpathentry kind="lib" path="build/lib/juddi-client-3.0.0.jar"/>
+ <classpathentry kind="lib" path="build/lib/jaxb-xjc-2.1.4.jar"/>
<classpathentry kind="output" path="bin"/>
</classpath>
Modified: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/internal/soa/esb/webservice/BaseWebService.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/internal/soa/esb/webservice/BaseWebService.java 2009-12-02 22:13:38 UTC (rev 30440)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/internal/soa/esb/webservice/BaseWebService.java 2009-12-02 23:20:43 UTC (rev 30441)
@@ -27,7 +27,9 @@
import java.io.StringWriter;
import java.util.ArrayList;
import java.util.Iterator;
+import java.util.LinkedHashSet;
import java.util.List;
+import java.util.Set;
import javax.xml.namespace.QName;
import javax.xml.soap.Detail;
@@ -60,6 +62,7 @@
import org.jboss.soa.esb.message.format.MessageFactory;
import org.jboss.soa.esb.services.security.SecurityServiceException;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
+import org.jboss.soa.esb.services.security.auth.ExtractionException;
import org.jboss.soa.esb.services.security.auth.ExtractorUtil;
import org.jboss.soa.esb.services.security.auth.SecurityInfoExtractor;
import org.jboss.soa.esb.services.security.auth.ws.SamlSoapAssertionExtractor;
@@ -85,8 +88,12 @@
private static final String ADDRESSING_NAMESPACE = ADDRESSING_BUILDER.getNamespaceURI() ;
private static final QName ADDRESSING_REPLY = new QName(ADDRESSING_NAMESPACE, "Reply") ;
- private static final SecurityInfoExtractor<SOAPMessage> wsseExtractor = new WSSecuritySoapExtractor();
- private static final SecurityInfoExtractor<SOAPMessage> samlExtractor = new SamlSoapAssertionExtractor();
+ private static final Set<SecurityInfoExtractor<SOAPMessage>> extractors = new LinkedHashSet<SecurityInfoExtractor<SOAPMessage>>();
+ static
+ {
+ extractors.add(new WSSecuritySoapExtractor());
+ extractors.add(new SamlSoapAssertionExtractor());
+ }
protected final ServiceInvoker serviceInvoker ;
protected final MessagePayloadProxy requestProxy ;
@@ -151,7 +158,6 @@
// Extract security info from SOAPMessage.
AuthenticationRequest authRequest = extractSecurityDetails(request, esbReq);
-
ExtractorUtil.addAuthRequestToMessage(authRequest, esbReq);
final Message esbRes = deliverMessage(esbReq) ;
@@ -252,14 +258,13 @@
protected AuthenticationRequest extractSecurityDetails(SOAPMessage request, Message esbReq) throws SecurityServiceException
{
- AuthenticationRequest authRequest = wsseExtractor.extractSecurityInfo(request);
- if (authRequest == null)
+ try
{
- return samlExtractor.extractSecurityInfo(request);
+ return ExtractorUtil.extract(request, extractors);
}
- else
+ catch (final ExtractionException e)
{
- return authRequest;
+ throw new SecurityServiceException(e.getMessage(), e);
}
}
Modified: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/listeners/gateway/JBossRemotingGatewayListener.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/listeners/gateway/JBossRemotingGatewayListener.java 2009-12-02 22:13:38 UTC (rev 30440)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/listeners/gateway/JBossRemotingGatewayListener.java 2009-12-02 23:20:43 UTC (rev 30441)
@@ -52,9 +52,12 @@
import org.jboss.soa.esb.services.registry.RegistryFactory;
import org.jboss.soa.esb.services.security.SecurityServiceException;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
+import org.jboss.soa.esb.services.security.auth.ExtractionException;
import org.jboss.soa.esb.services.security.auth.ExtractorUtil;
+import org.jboss.soa.esb.services.security.auth.SecurityInfoExtractor;
import org.jboss.soa.esb.services.security.auth.http.JbrHttpSecurityInfoExtractor;
-import org.jboss.soa.esb.services.security.auth.ws.WSSecurityInfoExtractor;
+import org.jboss.soa.esb.services.security.auth.ws.BinarySecurityTokenExtractor;
+import org.jboss.soa.esb.services.security.auth.ws.UsernameTokenExtractor;
import org.jboss.soa.esb.util.ClassUtil;
import javax.management.MBeanServer;
@@ -556,8 +559,7 @@
private MessagePayloadProxy payloadProxy;
private JbrHttpSecurityInfoExtractor jbrHttpSecurityExtractor = new JbrHttpSecurityInfoExtractor();
-
- private WSSecurityInfoExtractor wsSecurityExtractor = new WSSecurityInfoExtractor();
+ private final Set<SecurityInfoExtractor<String>> extractors = new LinkedHashSet<SecurityInfoExtractor<String>>();
@Override
public void setConfiguration(ConfigTree config) {
@@ -567,6 +569,10 @@
new String[] {ActionUtils.POST_ACTION_DATA});
// Allow null to be set on as the message payload...
payloadProxy.setNullSetPayloadHandling(NullPayloadHandling.LOG);
+
+ final String securityNS = config.getAttribute("securityNS", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
+ extractors.add(new UsernameTokenExtractor(securityNS));
+ extractors.add(new BinarySecurityTokenExtractor(securityNS));
}
@Override
@@ -592,7 +598,15 @@
// Extract any ws security information that may exist
Object payload = invocationRequest.getParameter();
if ( authRequest == null && payload instanceof String) {
- authRequest = wsSecurityExtractor.extractSecurityInfo((String) payload);
+
+ try
+ {
+ authRequest = ExtractorUtil.extract((String)payload, extractors);
+ }
+ catch (ExtractionException e)
+ {
+ throw new MessageDeliverException(e.getMessage(), e);
+ }
}
try {
Modified: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/listeners/gateway/http/HttpMessageComposer.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/listeners/gateway/http/HttpMessageComposer.java 2009-12-02 22:13:38 UTC (rev 30440)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/listeners/gateway/http/HttpMessageComposer.java 2009-12-02 23:20:43 UTC (rev 30441)
@@ -21,27 +21,39 @@
import java.io.IOException;
import java.io.UnsupportedEncodingException;
-import java.util.*;
import java.nio.charset.Charset;
+import java.util.Arrays;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.LinkedHashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.jboss.internal.soa.esb.util.StreamUtils;
+import org.jboss.soa.esb.helpers.ConfigTree;
+import org.jboss.soa.esb.http.HttpContentTypeUtil;
+import org.jboss.soa.esb.http.HttpHeader;
+import org.jboss.soa.esb.http.HttpRequest;
import org.jboss.soa.esb.http.HttpResponse;
-import org.jboss.soa.esb.http.*;
-import org.jboss.soa.esb.http.HttpRequest;
-import org.jboss.soa.esb.helpers.ConfigTree;
+import org.jboss.soa.esb.listeners.ListenerTagNames;
import org.jboss.soa.esb.listeners.message.AbstractMessageComposer;
import org.jboss.soa.esb.listeners.message.MessageDeliverException;
-import org.jboss.soa.esb.listeners.ListenerTagNames;
import org.jboss.soa.esb.message.Message;
import org.jboss.soa.esb.message.MessagePayloadProxy;
import org.jboss.soa.esb.message.MessagePayloadProxy.NullPayloadHandling;
-import org.jboss.soa.esb.services.security.auth.ws.WSSecurityInfoExtractor;
+import org.jboss.soa.esb.services.security.PublicCryptoUtil;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
-import org.jboss.soa.esb.services.security.PublicCryptoUtil;
+import org.jboss.soa.esb.services.security.auth.ExtractionException;
+import org.jboss.soa.esb.services.security.auth.ExtractorUtil;
+import org.jboss.soa.esb.services.security.auth.SecurityInfoExtractor;
+import org.jboss.soa.esb.services.security.auth.ws.BinarySecurityTokenExtractor;
+import org.jboss.soa.esb.services.security.auth.ws.UsernameTokenExtractor;
/**
* Http Message Composer.
@@ -71,7 +83,7 @@
private String payloadAs;
- private WSSecurityInfoExtractor wsSecurityExtractor = new WSSecurityInfoExtractor();
+ private final Set<SecurityInfoExtractor<String>> extractors = new LinkedHashSet<SecurityInfoExtractor<String>>();
private static Set<String> responseHeaderFilterset;
static {
@@ -89,6 +101,10 @@
payloadProxy = new MessagePayloadProxy(config);
payloadProxy.setNullSetPayloadHandling(NullPayloadHandling.LOG);
payloadAs = config.getAttribute("payloadAs");
+
+ final String securityNS = config.getAttribute("securityNS", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
+ extractors.add(new UsernameTokenExtractor(securityNS));
+ extractors.add(new BinarySecurityTokenExtractor(securityNS));
}
protected MessagePayloadProxy getPayloadProxy() {
@@ -127,7 +143,13 @@
payloadProxy.setPayload(message, payload);
// In case it's a SOAP message, we need to check for WS-S info...
- AuthenticationRequest authRequest = wsSecurityExtractor.extractSecurityInfo(payload);
+ AuthenticationRequest authRequest = null;
+ try {
+ authRequest = ExtractorUtil.extract(payload, extractors);
+ } catch (final ExtractionException e) {
+ throw new MessageDeliverException(e.getMessage(), e);
+ }
+
if(authRequest != null) {
PublicCryptoUtil.INSTANCE.addAuthRequestToMessage(authRequest, message);
}
Copied: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ExtractionException.java (from rev 30431, labs/jbossesb/workspace/performance/perf2/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ExtractionException.java)
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ExtractionException.java (rev 0)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ExtractionException.java 2009-12-02 23:20:43 UTC (rev 30441)
@@ -0,0 +1,53 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security.auth;
+
+/**
+ * Excpetion that can be thrown to indicate that an exception has
+ * occurred while trying to extract security information.
+ *
+ * @author <a href="mailto:dbevenius at jboss.com">Daniel Bevenius</a>
+ *
+ */
+public class ExtractionException extends Exception
+{
+ private static final long serialVersionUID = -8463456717402100297L;
+
+ public ExtractionException()
+ {
+ super();
+ }
+
+ public ExtractionException(String message, Throwable cause)
+ {
+ super(message, cause);
+ }
+
+ public ExtractionException(String message)
+ {
+ super(message);
+ }
+
+ public ExtractionException(Throwable cause)
+ {
+ super(cause);
+ }
+}
Modified: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ExtractorUtil.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ExtractorUtil.java 2009-12-02 22:13:38 UTC (rev 30440)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ExtractorUtil.java 2009-12-02 23:20:43 UTC (rev 30441)
@@ -21,6 +21,7 @@
package org.jboss.soa.esb.services.security.auth;
import java.io.Serializable;
+import java.util.Set;
import org.jboss.soa.esb.message.Message;
import org.jboss.soa.esb.services.security.PublicCryptoUtil;
@@ -28,27 +29,60 @@
import org.jboss.soa.esb.services.security.SecurityServiceException;
/**
- * Util class for operations common to security extractors
+ * Util class for operations common to security extractors.
+ * <p/>
*
* @author <a href="mailto:dbevenius at jboss.com">Daniel Bevenius</a>
- *
+ *
*/
public final class ExtractorUtil
{
private ExtractorUtil()
{
}
-
+
+ /**
+ * This method will try to extract security information from the passed-in payload of type T.
+ * The extractors will iterated over and given the chance to extract, the first one that is successful
+ * will have the {@link AuthenticationRequest} that it populated returned.
+ *
+ * @param <T> The type of the payload.
+ * @param payload The payload that will be of type T
+ * @param extractors The extractors to extract security information from.
+ * @return {@link AuthenticationRequest} A populated AuthenticationReqeust or null if no security information was extracted.
+ * @throws ExtractionException
+ */
+ public static <T> AuthenticationRequest extract(final T payload, final Set<SecurityInfoExtractor<T>> extractors) throws ExtractionException
+ {
+ for (SecurityInfoExtractor<T> extractor : extractors)
+ {
+ final AuthenticationRequest authRequest = extractor.extractSecurityInfo(payload);
+ if (authRequest != null)
+ {
+ return authRequest;
+ }
+ }
+
+ return null;
+ }
+
+ /**
+ * This method will add the passed-in {@link AuthenticationRequest} to the Message context.
+ *
+ * @param authRequest The AuthenticationRequest to add to the Message context
+ * @param message The ESB Message object instance.
+ * @throws SecurityServiceException
+ */
public static void addAuthRequestToMessage(final AuthenticationRequest authRequest, final Message message) throws SecurityServiceException
{
- if (authRequest != null)
+ if (authRequest != null)
{
- byte[] encrypted = PublicCryptoUtil.INSTANCE.encrypt((Serializable) authRequest);
- if (encrypted != null)
+ final byte[] encrypted = PublicCryptoUtil.INSTANCE.encrypt((Serializable) authRequest);
+ if (encrypted != null)
{
message.getContext().setContext(SecurityService.AUTH_REQUEST, encrypted);
- }
- else
+ }
+ else
{
throw new SecurityServiceException("No public keystore has been configured which means that the authentication request cannot be encrypted. Please configure jbossesb-properties.xml with a publickey store.");
}
Modified: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/SecurityInfoExtractor.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/SecurityInfoExtractor.java 2009-12-02 22:13:38 UTC (rev 30440)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/SecurityInfoExtractor.java 2009-12-02 23:20:43 UTC (rev 30441)
@@ -26,7 +26,7 @@
*
* @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
*
- * @param <T>
+ * @param <T> The type that this extractor can handle.
*/
public interface SecurityInfoExtractor<T>
{
@@ -37,5 +37,5 @@
* @param t - the type from which security information is to be extracted
* @return - and instance of {@link AuthenticationRequest}
*/
- AuthenticationRequest extractSecurityInfo( final T t );
+ AuthenticationRequest extractSecurityInfo( final T t ) throws ExtractionException;
}
\ No newline at end of file
Modified: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityToken.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityToken.java 2009-12-02 22:13:38 UTC (rev 30440)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityToken.java 2009-12-02 23:20:43 UTC (rev 30441)
@@ -21,7 +21,6 @@
package org.jboss.soa.esb.services.security.auth.ws;
import java.io.ByteArrayInputStream;
-import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
Copied: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityTokenExtractor.java (from rev 30431, labs/jbossesb/workspace/performance/perf2/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityTokenExtractor.java)
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityTokenExtractor.java (rev 0)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityTokenExtractor.java 2009-12-02 23:20:43 UTC (rev 30441)
@@ -0,0 +1,205 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security.auth.ws;
+
+import static org.jboss.soa.esb.services.security.auth.ws.SoapExtractionUtil.isEndOfHeader;
+import static org.jboss.soa.esb.services.security.auth.ws.SoapExtractionUtil.isStartOfBody;
+import static org.jboss.soa.esb.services.security.auth.ws.SoapExtractionUtil.isStartOfHeader;
+
+import java.io.StringReader;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLEventReader;
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.events.Characters;
+import javax.xml.stream.events.EndElement;
+import javax.xml.stream.events.StartElement;
+import javax.xml.stream.events.XMLEvent;
+
+import org.apache.log4j.Logger;
+import org.jboss.internal.soa.esb.assertion.AssertArgument;
+import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
+import org.jboss.soa.esb.services.security.auth.AuthenticationRequestImpl;
+import org.jboss.soa.esb.services.security.auth.ExtractionException;
+import org.jboss.soa.esb.services.security.auth.SecurityInfoExtractor;
+
+/**
+ * This SecurityInfoExtractor implementation will extract data from a
+ * BinarySecurityToken if one exist in the xml String passed to this instances
+ * extractSecurityInfo method.
+ *
+ * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
+ */
+public class BinarySecurityTokenExtractor implements SecurityInfoExtractor<String>
+{
+ private static final XMLInputFactory XML_INPUT_FACTORY = getXmlInputFactory();
+
+ private Logger log = Logger.getLogger(BinarySecurityTokenExtractor.class);
+
+ /**
+ * The QName for the BinarySecurityToken element.
+ */
+ private QName binarySecurityTokenQName;
+
+ /**
+ * The QName for the EncodingType attribute.
+ */
+ private QName encodingTypeQName = new QName("EncodingType");
+
+ /**
+ * The QName for the ValueType attribute.
+ */
+ private QName valueTypeQName = new QName("ValueType");
+
+ /**
+ * Creates a instance and uses the passed-in security namespace (NS) as the
+ * namesspace for the BinarySecurityToken.
+ *
+ * @param securityNS
+ * The namespace for the BinarySecurityToken element.
+ */
+ public BinarySecurityTokenExtractor(final String securityNS)
+ {
+ AssertArgument.isNotNullAndNotEmpty(securityNS, "securityNS");
+
+ binarySecurityTokenQName = new QName(securityNS, "BinarySecurityToken");
+ }
+
+ /**
+ * Will extract the data from a BinarySecurityToken element from the
+ * passed-in SOAP message String. The extracted BinarySecurityToken keyj will be
+ * attached to the AuthenticationRequest as a credential.
+ *
+ * @param soap
+ * The String containing the SOAP message xml.
+ * @return {@link AuthenticationRequest} The ESB AuthenticationRequest with
+ * a credential of the content of the BinarySecurityToken, or null if the SOAP
+ * String did not contain a BinarySecurityHeader.
+ */
+ public AuthenticationRequest extractSecurityInfo(final String soap) throws ExtractionException
+ {
+ if (soap == null || !soap.startsWith("<"))
+ return null;
+
+ final BinarySecurityToken binarySecurityToken = extractBinarySecurityToken(soap);
+ if (binarySecurityToken == null)
+ return null;
+
+ final Set<Object> credentials = new HashSet<Object>();
+ credentials.add(binarySecurityToken.getKey());
+ return new AuthenticationRequestImpl.Builder(null, credentials).build();
+ }
+
+ private BinarySecurityToken extractBinarySecurityToken(final String soap) throws ExtractionException
+ {
+ XMLEventReader xmlReader = null;
+ try
+ {
+ xmlReader = XML_INPUT_FACTORY.createXMLEventReader(new StringReader(soap));
+
+ while (xmlReader.hasNext())
+ {
+ XMLEvent xmlEvent = xmlReader.nextEvent();
+ if (isStartOfHeader(xmlEvent))
+ {
+ while (xmlReader.hasNext())
+ {
+ xmlEvent = xmlReader.nextEvent();
+ if (isStartOfBinarySecurityToken(xmlEvent))
+ {
+ final StartElement bstElement = (StartElement) xmlEvent;
+ BinarySecurityToken bst = new BinarySecurityToken();
+ bst.setEncodingType(bstElement.getAttributeByName(encodingTypeQName).getValue());
+ bst.setValueType(bstElement.getAttributeByName(valueTypeQName).getValue());
+
+ final StringBuilder data = new StringBuilder();
+ while (xmlReader.hasNext())
+ {
+ final XMLEvent nextEvent = xmlReader.nextEvent();
+ if (nextEvent.isCharacters())
+ {
+ Characters characters = nextEvent.asCharacters();
+ data.append(characters.getData());
+ }
+
+ if (isEndOfBinarySecurityToken(nextEvent))
+ {
+ bst.setKey(data.toString());
+ return bst;
+ }
+ }
+ }
+ if (isEndOfHeader(xmlEvent))
+ return null;
+ }
+ }
+
+ if (isStartOfBody(xmlEvent))
+ return null;
+ }
+ }
+ catch (final XMLStreamException e)
+ {
+ throw new ExtractionException(e.getMessage(), e);
+ }
+ finally
+ {
+ close(xmlReader);
+ }
+
+ return null;
+ }
+
+ private boolean isStartOfBinarySecurityToken(final XMLEvent event)
+ {
+ return event.isStartElement() && ((StartElement) event).getName().equals(binarySecurityTokenQName);
+ }
+
+ private boolean isEndOfBinarySecurityToken(final XMLEvent event)
+ {
+ return event.isEndElement() && ((EndElement) event).getName().equals(binarySecurityTokenQName);
+ }
+
+ private static XMLInputFactory getXmlInputFactory()
+ {
+ final XMLInputFactory factory = XMLInputFactory.newInstance();
+ // set any properies here if required before returning.
+ return factory;
+ }
+
+ private void close(final XMLEventReader reader)
+ {
+ if (reader != null)
+ {
+ try
+ {
+ reader.close();
+ }
+ catch (final XMLStreamException ignore)
+ {
+ log.error("XMLStreamException caught while trying to close the XMLEventReader", ignore);
+ }
+ }
+ }
+}
Modified: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SOAPExtractorUtil.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SOAPExtractorUtil.java 2009-12-02 22:13:38 UTC (rev 30440)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SOAPExtractorUtil.java 2009-12-02 23:20:43 UTC (rev 30441)
@@ -20,63 +20,64 @@
*/
package org.jboss.soa.esb.services.security.auth.ws;
+import static org.jboss.soa.esb.services.security.auth.ws.SoapConstants.*;
import java.util.Iterator;
-import javax.xml.soap.Name;
import javax.xml.soap.SOAPEnvelope;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPHeaderElement;
/**
+ * Util class containing methods to help extract SOAP Security Headers
*
* @author <a href="mailto:dbevenius at jboss.com">Daniel Bevenius</a>
*
*/
public final class SOAPExtractorUtil
{
- /**
- * Security element localname
- */
- public static final String WSSE_LN = "Security";
+ private SOAPExtractorUtil()
+ {
+ }
/**
- * SOAP Message Security 1.0 NameSpace URL
+ * Deprecated, please use {@link #extractSecurityHeader(SOAPEnvelope)} instead.
*/
- public static final String WSSE_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
- public static final String WSSE_NS2 = "http://schemas.xmlsoap.org/ws/2002/04/secext";
+ @Deprecated
+ public static SOAPHeaderElement getSecurityHeader( final SOAPEnvelope env ) throws SOAPException
+ {
+ return extractSecurityHeader(env);
+ }
/**
- * SOAP Message Security 1.1 NameSpace URL
+ * Will return the SOAP Security header from the passed in SOAPEnvelope if one exists.
+ *
+ * @param env The SOAPEnvelope
+ * @return SOAPHeaderElement The SOAP Security Header if one exists.
+ * @throws SOAPException
*/
- public static final String WSSE11_NS = "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
-
- private SOAPExtractorUtil()
+ public static SOAPHeaderElement extractSecurityHeader( final SOAPEnvelope env ) throws SOAPException
{
- }
-
- public static SOAPHeaderElement getSecurityHeader( final SOAPEnvelope env ) throws SOAPException
- {
+ if (env == null)
+ return null;
+
final SOAPHeader soapHeader = env.getHeader();
- if ( soapHeader == null)
+ if (soapHeader == null)
return null;
- Iterator<?> headerElements = soapHeader.examineAllHeaderElements();
- while ( headerElements.hasNext() )
- {
- final SOAPHeaderElement header = (SOAPHeaderElement) headerElements.next();
- final Name name = header.getElementName();
-
- if (name.getLocalName().equalsIgnoreCase(WSSE_LN))
- {
- String nsURI = name.getURI();
- if (nsURI.equalsIgnoreCase(WSSE_NS) || nsURI.equalsIgnoreCase(WSSE_NS2) || nsURI.equalsIgnoreCase(WSSE11_NS))
- {
- return header;
- }
- }
- }
+ Iterator<?> headerElements = soapHeader.getChildElements(WSSE_QNAME);
+ if (headerElements.hasNext())
+ return (SOAPHeaderElement) headerElements.next();
+
+ headerElements = soapHeader.getChildElements(WSSE_2_QNAME);
+ if (headerElements.hasNext())
+ return (SOAPHeaderElement) headerElements.next();
+
+ headerElements = soapHeader.getChildElements(WSSE_11_QNAME);
+ if (headerElements.hasNext())
+ return (SOAPHeaderElement) headerElements.next();
+
return null;
}
-
+
}
Modified: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SamlAssertionExtractor.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SamlAssertionExtractor.java 2009-12-02 22:13:38 UTC (rev 30440)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SamlAssertionExtractor.java 2009-12-02 23:20:43 UTC (rev 30441)
@@ -20,131 +20,165 @@
*/
package org.jboss.soa.esb.services.security.auth.ws;
-import java.io.IOException;
-import java.io.InputStream;
+import static org.jboss.soa.esb.services.security.auth.ws.SoapExtractionUtil.*;
import java.io.StringReader;
+import java.io.StringWriter;
import java.util.Collections;
import java.util.Set;
-import javax.xml.transform.stream.StreamSource;
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLEventReader;
+import javax.xml.stream.XMLEventWriter;
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.stream.XMLOutputFactory;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.events.EndElement;
+import javax.xml.stream.events.StartElement;
+import javax.xml.stream.events.XMLEvent;
-import org.picketlink.identity.federation.core.wstrust.SamlCredential;
-import org.jboss.soa.esb.lifecycle.LifecycleResourceException;
+import org.jboss.internal.soa.esb.assertion.AssertArgument;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequestImpl;
import org.jboss.soa.esb.services.security.auth.SecurityInfoExtractor;
-import org.jboss.soa.esb.smooks.resource.SmooksResource;
-import org.jboss.soa.esb.util.ClassUtil;
-import org.milyn.Smooks;
-import org.milyn.container.ExecutionContext;
-import org.milyn.delivery.DOMModel;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.xml.sax.SAXException;
+import org.picketlink.identity.federation.core.wstrust.SamlCredential;
-
/**
- * Extracts SAML Assertions from a SOAP Message. </p>
+ * Extracts SAML Assertions from a String containing a SOAP Message.</p>
*
* @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
- *
*/
public class SamlAssertionExtractor implements SecurityInfoExtractor<String>
{
+ private static final XMLInputFactory XML_INPUT_FACTORY = getXmlInputFactory();
+ private static final XMLOutputFactory XML_OUTPUT_FACTORY = getXmlOutputFactory();
+
+ private final QName assertionQName;
+
/**
- * Smooks configuration file which specified the extraction
+ * Constructs an instance setting its assertion namespace to
+ * "urn:oasis:names:tc:SAML:2.0:assertion".
*/
- private static final String SMOOK_CONFIG_FILE = "smooks-saml.xml";
-
- /**
- * Smooks instance the will perform the extraction
- */
- private Smooks smooks;
-
- /**
- * Creates an instance using the default Smooks config file.
- */
public SamlAssertionExtractor()
{
- createSmooks(SMOOK_CONFIG_FILE);
+ this("urn:oasis:names:tc:SAML:2.0:assertion");
}
-
+
/**
- * Creates an instance of Smooks using the passed in config file.
+ * Constructs an instance setting its assertion namespace to
+ * value of the passed in namespace argument.
*
- * @param configFile
- * - the Smooks config file to use.
+ * @param namespace The namespace for the assertion.
*/
- public SamlAssertionExtractor(final String configFile)
+ public SamlAssertionExtractor(final String namespace)
{
- createSmooks(configFile);
- }
-
- public Node extractSamlAssertion(final String soap) throws IOException
- {
- if (soap == null || !soap.startsWith("<"))
- {
- return null;
- }
+ AssertArgument.isNotNullAndNotEmpty(namespace, "namespace");
- final ExecutionContext execContext = smooks.createExecutionContext();
- smooks.filterSource(execContext, new StreamSource(new StringReader(soap)));
-
- final DOMModel nodeModel = DOMModel.getModel(execContext);
- return nodeModel.getModels().get("Assertion");
+ assertionQName = new QName(namespace, "Assertion");
}
-
+
+ /**
+ * Will extract a SAML security token from the passed in SOAP message.
+ *
+ * @param soap The SOAP message.
+ * @return {@link AuthenticationRequest} A AuthenticationRequest containing a SamlCredential, or null if no SAML token was present.
+ */
public AuthenticationRequest extractSecurityInfo(final String soap)
{
if (soap == null || !soap.startsWith("<"))
- {
return null;
- }
- Node samlToken;
+ String samlToken;
try
{
samlToken = extractSamlAssertion(soap);
}
- catch (final IOException e)
+ catch (final XMLStreamException e)
{
throw new SecurityException("Could not extract saml token info from :" + soap, e);
}
if (samlToken != null)
{
- Set credential = Collections.singleton(new SamlCredential((Element)samlToken));
- return new AuthenticationRequestImpl.Builder(null, credential).build();
+ Set<Object> credential = Collections.<Object>singleton(new SamlCredential(samlToken));
+ return new AuthenticationRequestImpl.Builder(null, credential).build();
}
- else
- {
- return null;
- }
+
+ return null;
}
- private void createSmooks(final String configFile)
+ /**
+ * Extracts a SAML security assertion element from a SOAP message.
+ *
+ * @param soap The SOAP message.
+ * @return The extracted security assertion element as a String or null if none existed.
+ * @throws XMLStreamException
+ */
+ public String extractSamlAssertion(final String soap) throws XMLStreamException
{
- final InputStream is = ClassUtil.getResourceAsStream(configFile, getClass());
- if (is == null)
+ if (soap == null || !soap.startsWith("<"))
+ return null;
+
+ final XMLEventReader xmlReader = XML_INPUT_FACTORY.createXMLEventReader(new StringReader(soap));
+ final StringWriter stringWriter = new StringWriter();
+ final XMLEventWriter xmlWriter = XML_OUTPUT_FACTORY.createXMLEventWriter(stringWriter);
+
+ while(xmlReader.hasNext())
{
- throw new IllegalArgumentException("Failed to located configuration file resource: " + configFile);
+ XMLEvent event = xmlReader.nextEvent();
+ if (isStartOfHeader(event))
+ {
+ while (xmlReader.hasNext())
+ {
+ event = xmlReader.nextEvent();
+ if (isStartOfAssertion(event))
+ {
+ xmlWriter.add(event);
+ while (xmlReader.hasNext())
+ {
+ XMLEvent nextEvent = xmlReader.nextEvent();
+ xmlWriter.add(nextEvent);
+ if (isEndOfAssertion(nextEvent))
+ {
+ xmlWriter.flush();
+ return stringWriter.toString();
+ }
+ }
+ }
+
+ if (isEndOfHeader(event))
+ return null;
+ }
+ }
+
+ if (isStartOfBody(event))
+ return null;
}
- try
- {
- this.smooks = SmooksResource.createSmooksResource(is);
- }
- catch (final LifecycleResourceException lre)
- {
- throw new IllegalStateException("Could not parse " + configFile, lre);
- }
- catch (final SAXException e)
- {
- throw new IllegalStateException("Could not parse " + configFile, e);
- }
- catch (final IOException e)
- {
- throw new IllegalStateException("Could not parse " + configFile, e);
- }
+
+ return null;
}
+
+ private boolean isStartOfAssertion(final XMLEvent event)
+ {
+ return event.isStartElement() && ((StartElement)event).getName().equals(assertionQName);
+ }
+
+ private boolean isEndOfAssertion(final XMLEvent event)
+ {
+ return event.isEndElement() && ((EndElement)event).getName().equals(assertionQName);
+ }
+
+ private static XMLOutputFactory getXmlOutputFactory()
+ {
+ final XMLOutputFactory factory = XMLOutputFactory.newInstance();
+ // set any properies here if required before returning.
+ return factory;
+ }
+ private static XMLInputFactory getXmlInputFactory()
+ {
+ final XMLInputFactory factory = XMLInputFactory.newInstance();
+ // set any properies here if required before returning.
+ return factory;
+ }
+
}
Modified: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SamlSoapAssertionExtractor.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SamlSoapAssertionExtractor.java 2009-12-02 22:13:38 UTC (rev 30440)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SamlSoapAssertionExtractor.java 2009-12-02 23:20:43 UTC (rev 30441)
@@ -39,7 +39,8 @@
/**
- * Extracts SAML Assertions from a SOAPMessage. </p>
+ * Extracts SAML Assertions from a SOAPMessage.
+ * </p>
*
* @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
*
@@ -48,6 +49,12 @@
{
private Logger log = Logger.getLogger(SamlSoapAssertionExtractor.class);
+ /**
+ * Will extract a SAML security token from the passed in SOAP Message instance.
+ *
+ * @param soap The SOAP message.
+ * @return {@link AuthenticationRequest} A AuthenticationRequest containing a SamlCredential, or null if no SAML token was present.
+ */
public AuthenticationRequest extractSecurityInfo(final SOAPMessage soap)
{
if ( soap == null )
@@ -60,7 +67,7 @@
try
{
- final SOAPHeaderElement securityHeader = SOAPExtractorUtil.getSecurityHeader( soap.getSOAPPart().getEnvelope() );
+ final SOAPHeaderElement securityHeader = SOAPExtractorUtil.extractSecurityHeader( soap.getSOAPPart().getEnvelope() );
if ( securityHeader == null )
{
return null;
Copied: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SoapConstants.java (from rev 30431, labs/jbossesb/workspace/performance/perf2/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SoapConstants.java)
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SoapConstants.java (rev 0)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SoapConstants.java 2009-12-02 23:20:43 UTC (rev 30441)
@@ -0,0 +1,66 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security.auth.ws;
+
+import javax.xml.namespace.QName;
+
+/**
+ * Holds constants for SOAP related elements.
+ *
+ * @author <a href="mailto:dbevenius at jboss.com">Daniel Bevenius</a>
+ */
+public final class SoapConstants
+{
+ /**
+ * QName for SOAP Header element.
+ */
+ public static final QName SOAP_HEADER_QNAME = new QName("http://schemas.xmlsoap.org/soap/envelope/", "Header");
+
+ /**
+ * QName for SOAP Body element.
+ */
+ public static final QName SOAP_BODY_QNAME = new QName("http://schemas.xmlsoap.org/soap/envelope/", "Body");
+
+ /**
+ * Local name for Security header element.
+ */
+ public static final String WSSE_LN = "Security";
+
+ /**
+ * SOAP Message Security 1.0 NameSpace URL
+ */
+ public static final String WSSE_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
+ public static final String WSSE_NS2 = "http://schemas.xmlsoap.org/ws/2002/04/secext";
+
+ /**
+ * SOAP Message Security 1.1 NameSpace URL
+ */
+ public static final String WSSE11_NS = "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
+
+ public static final QName WSSE_QNAME = new QName(WSSE_NS, WSSE_LN);
+ public static final QName WSSE_2_QNAME = new QName(WSSE_NS2, WSSE_LN);
+ public static final QName WSSE_11_QNAME = new QName(WSSE11_NS, WSSE_LN);
+
+ private SoapConstants()
+ {
+ }
+
+}
Copied: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SoapExtractionUtil.java (from rev 30431, labs/jbossesb/workspace/performance/perf2/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SoapExtractionUtil.java)
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SoapExtractionUtil.java (rev 0)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/SoapExtractionUtil.java 2009-12-02 23:20:43 UTC (rev 30441)
@@ -0,0 +1,56 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security.auth.ws;
+import static org.jboss.soa.esb.services.security.auth.ws.SoapConstants.SOAP_HEADER_QNAME;
+import static org.jboss.soa.esb.services.security.auth.ws.SoapConstants.SOAP_BODY_QNAME;
+
+import javax.xml.stream.events.EndElement;
+import javax.xml.stream.events.StartElement;
+import javax.xml.stream.events.XMLEvent;
+
+/**
+ * Util class for operations common to extractors that deal with soap xml messages.
+ * <p/>
+ *
+ * @author <a href="mailto:dbevenius at jboss.com">Daniel Bevenius</a>
+ *
+ */
+public final class SoapExtractionUtil
+{
+ private SoapExtractionUtil()
+ {
+ }
+
+ public static boolean isStartOfHeader(final XMLEvent event)
+ {
+ return event.isStartElement() && ((StartElement)event).getName().equals(SOAP_HEADER_QNAME);
+ }
+
+ public static boolean isEndOfHeader(final XMLEvent event)
+ {
+ return event.isEndElement() && ((EndElement)event).getName().equals(SOAP_HEADER_QNAME);
+ }
+
+ public static boolean isStartOfBody(final XMLEvent event)
+ {
+ return event.isStartElement() && ((StartElement)event).getName().equals(SOAP_BODY_QNAME);
+ }
+}
Copied: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/UsernameTokenExtractor.java (from rev 30431, labs/jbossesb/workspace/performance/perf2/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/UsernameTokenExtractor.java)
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/UsernameTokenExtractor.java (rev 0)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/UsernameTokenExtractor.java 2009-12-02 23:20:43 UTC (rev 30441)
@@ -0,0 +1,210 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security.auth.ws;
+
+import static org.jboss.soa.esb.services.security.auth.ws.SoapExtractionUtil.isEndOfHeader;
+import static org.jboss.soa.esb.services.security.auth.ws.SoapExtractionUtil.isStartOfBody;
+import static org.jboss.soa.esb.services.security.auth.ws.SoapExtractionUtil.isStartOfHeader;
+import java.io.StringReader;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLEventReader;
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.events.Characters;
+import javax.xml.stream.events.EndElement;
+import javax.xml.stream.events.StartElement;
+import javax.xml.stream.events.XMLEvent;
+
+import org.apache.log4j.Logger;
+import org.jboss.internal.soa.esb.assertion.AssertArgument;
+import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
+import org.jboss.soa.esb.services.security.auth.AuthenticationRequestImpl;
+import org.jboss.soa.esb.services.security.auth.ExtractionException;
+import org.jboss.soa.esb.services.security.auth.SecurityInfoExtractor;
+import org.jboss.soa.esb.services.security.principals.User;
+
+/**
+ * WSSecurityInfoExtractor extracts security related information from a SOAP
+ * security header.
+ * </p>
+ * If the security element contains a 'UsernameToken' element this will be extraced into
+ * a principal with the username and a credential being the password represented as a character array.
+ * </p>
+ *
+ * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
+ *
+ */
+public class UsernameTokenExtractor implements SecurityInfoExtractor<String>
+{
+ private Logger log = Logger.getLogger(UsernameTokenExtractor.class);
+
+ private static final XMLInputFactory XML_INPUT_FACTORY = getXmlInputFactory();
+
+ private final QName usernameTokenQName;
+ private final QName usernameQName;
+ private final QName passwordQName;
+
+ public UsernameTokenExtractor(final String securityNS)
+ {
+ AssertArgument.isNotNullAndNotEmpty(securityNS, "securityNS");
+
+ usernameTokenQName = new QName(securityNS, "UsernameToken");
+ usernameQName = new QName(securityNS, "Username");
+ passwordQName = new QName(securityNS, "Password");
+ }
+
+ /**
+ * Extracts UsernameToken element is one exists and creates a Principal with
+ * the username and sets a Credential using the password. The type of the
+ * Credential is a character array.
+ * <p/>
+ * If the SOAP message contains a BinarySecurityToken this will be extracted
+ * and added as a Credential.
+ *
+ * @param soap the soap message represented as a String
+ * @return {@link AuthenticationRequest}
+ */
+ public AuthenticationRequest extractSecurityInfo(final String soap) throws ExtractionException
+ {
+ if (soap == null || !soap.startsWith("<"))
+ return null;
+
+ XMLEventReader xmlReader = null;
+ User user = null;
+ Set<Object> credentials = new HashSet<Object>();
+ try
+ {
+ xmlReader = XML_INPUT_FACTORY.createXMLEventReader(new StringReader(soap));
+
+ while (xmlReader.hasNext())
+ {
+ XMLEvent xmlEvent = xmlReader.nextEvent();
+ if (isStartOfHeader(xmlEvent))
+ {
+ while (xmlReader.hasNext())
+ {
+ xmlEvent = xmlReader.nextEvent();
+ if (isStartOfUsernameToken(xmlEvent))
+ {
+ while (xmlReader.hasNext())
+ {
+ xmlEvent = xmlReader.nextEvent();
+ if (isStartOfUsername(xmlEvent))
+ {
+ XMLEvent username = xmlReader.nextEvent();
+ if (username.isCharacters())
+ {
+ // username is a required element.
+ user = new User(((Characters) username).getData());
+ }
+ }
+
+ if (isStartOfPassword(xmlEvent))
+ {
+ final XMLEvent password = xmlReader.nextEvent();
+ if (password.isCharacters())
+ {
+ final Characters characters = (Characters) password;
+ final String data = characters.getData();
+ // Password is an optional element
+ if (data != null)
+ credentials.add(characters.getData());
+ }
+ }
+ if (isEndOfUsernameToken(xmlEvent))
+ {
+ if (credentials.isEmpty())
+ {
+ return null;
+ }
+ return new AuthenticationRequestImpl.Builder(user, credentials).build();
+ }
+ }
+ }
+ if (isEndOfHeader(xmlEvent))
+ {
+ return null;
+ }
+ }
+ }
+
+ if (isStartOfBody(xmlEvent))
+ return null;
+ }
+ }
+ catch (XMLStreamException e)
+ {
+ throw new ExtractionException(e.getMessage(), e);
+ }
+ finally
+ {
+ close(xmlReader);
+ }
+
+ return null;
+ }
+
+ private boolean isStartOfUsername(final XMLEvent event)
+ {
+ return event.isStartElement() && ((StartElement) event).getName().equals(usernameQName);
+ }
+
+ private boolean isStartOfPassword(final XMLEvent event)
+ {
+ return event.isStartElement() && ((StartElement) event).getName().equals(passwordQName);
+ }
+
+ private boolean isStartOfUsernameToken(final XMLEvent event)
+ {
+ return event.isStartElement() && ((StartElement) event).getName().equals(usernameTokenQName);
+ }
+
+ private boolean isEndOfUsernameToken(final XMLEvent event)
+ {
+ return event.isEndElement() && ((EndElement) event).getName().equals(usernameTokenQName);
+ }
+
+ private static XMLInputFactory getXmlInputFactory()
+ {
+ final XMLInputFactory factory = XMLInputFactory.newInstance();
+ // set any properies here if required before returning.
+ return factory;
+ }
+
+ private void close(final XMLEventReader reader)
+ {
+ if (reader != null)
+ {
+ try
+ {
+ reader.close();
+ }
+ catch (final XMLStreamException ignore)
+ {
+ log.error("XMLStreamException caught while trying to close the XMLEventReader", ignore);
+ }
+ }
+ }
+
+}
Deleted: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/WSSecurityInfoExtractor.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/WSSecurityInfoExtractor.java 2009-12-02 22:13:38 UTC (rev 30440)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/WSSecurityInfoExtractor.java 2009-12-02 23:20:43 UTC (rev 30441)
@@ -1,148 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.soa.esb.services.security.auth.ws;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.StringReader;
-import java.util.HashSet;
-import java.util.Set;
-
-import javax.xml.transform.stream.StreamSource;
-
-import org.jboss.soa.esb.lifecycle.LifecycleResourceException;
-import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
-import org.jboss.soa.esb.services.security.auth.AuthenticationRequestImpl;
-import org.jboss.soa.esb.services.security.auth.SecurityInfoExtractor;
-import org.jboss.soa.esb.services.security.principals.User;
-import org.jboss.soa.esb.smooks.resource.SmooksResource;
-import org.jboss.soa.esb.util.ClassUtil;
-import org.milyn.Smooks;
-import org.milyn.payload.JavaResult;
-import org.xml.sax.SAXException;
-
-/**
- * WSSecurityInfoExtractor extracts security related information from
- * a SOAP security header.
- * </p>
- * If the security element contains a 'UsernameToken' element this will be
- * extraced into a principal with the username and a credential being the
- * password represented as a character array.
- *
- *
- * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
- *
- */
-public class WSSecurityInfoExtractor implements SecurityInfoExtractor<String>
-{
- /**
- * Smooks configuration file which specified the extraction
- */
- private static final String SMOOK_CONFIG_FILE = "smooks-ws-security.xml";
- /**
- * Smooks instance the will perform the extraction
- */
- private Smooks smooks;
-
- /**
- * Creates an instance using the default Smooks config file.
- */
- public WSSecurityInfoExtractor()
- {
- createSmooks( SMOOK_CONFIG_FILE );
- }
-
- /**
- * Creates an instance of Smooks using the passed in config file.
- *
- * @param configFile - the Smooks config file to use.
- */
- public WSSecurityInfoExtractor(final String configFile)
- {
- createSmooks(configFile);
- }
-
- /**
- * Extracts UsernameToken element is one exists and creates a Principal with the
- * username and sets a Credential using the password. The type of the Credential is a character array.
- * <p/>
- * If the SOAP message contains a BinarySecurityToken this will be extracted and added as a Credential.
- *
- * @param soap - the soap message represented as a String
- * @return {@link AuthenticationRequest}
- */
- public AuthenticationRequest extractSecurityInfo(final String soap)
- {
- if ( soap == null || !soap.startsWith("<") )
- {
- return null;
- }
-
- final JavaResult javaResult = new JavaResult();
- smooks.filterSource(new StreamSource(new StringReader(soap)), javaResult);
-
- UsernameToken token = (UsernameToken) javaResult.getBean("userNameToken");
- User user = null;
- Set<Object> credentials = new HashSet<Object>();
- if (token != null)
- {
- user = new User(token.getUserName());
- credentials.add(token.getPassword());
- }
-
- BinarySecurityToken binaryToken = (BinarySecurityToken) javaResult.getBean("binarySecurityToken");
- if (binaryToken != null)
- {
- credentials.add(binaryToken.getKey());
- }
- if (credentials.isEmpty())
- {
- return null;
- }
- return new AuthenticationRequestImpl.Builder(user, credentials ).build();
- }
-
- private void createSmooks(final String configFile)
- {
- final InputStream is = ClassUtil.getResourceAsStream(configFile, getClass()) ;
- if (is == null)
- {
- throw new IllegalArgumentException("Failed to located configuration file resource: " + configFile) ;
- }
- try
- {
- this.smooks = SmooksResource.createSmooksResource(is);
- }
- catch (final LifecycleResourceException lre)
- {
- throw new IllegalStateException("Could not parse " + configFile, lre);
- }
- catch (final SAXException e)
- {
- throw new IllegalStateException("Could not parse " + configFile, e);
- }
- catch (final IOException e)
- {
- throw new IllegalStateException("Could not parse " + configFile, e);
- }
- }
-
-}
Modified: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/WSSecuritySoapExtractor.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/WSSecuritySoapExtractor.java 2009-12-02 22:13:38 UTC (rev 30440)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/WSSecuritySoapExtractor.java 2009-12-02 23:20:43 UTC (rev 30441)
@@ -86,7 +86,7 @@
try
{
- final SOAPHeaderElement securityHeader = SOAPExtractorUtil.getSecurityHeader( soap.getSOAPPart().getEnvelope() );
+ final SOAPHeaderElement securityHeader = SOAPExtractorUtil.extractSecurityHeader( soap.getSOAPPart().getEnvelope() );
if ( securityHeader == null )
{
return null;
@@ -124,8 +124,8 @@
// build the AuthenticationRequest.
if (user != null || !credentials.isEmpty())
return new AuthenticationRequestImpl.Builder(user, credentials ).build();
- else
- return null;
+
+ return null;
}
catch (final SOAPException e)
{
Deleted: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/smooks-saml-template.xml
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/smooks-saml-template.xml 2009-12-02 22:13:38 UTC (rev 30440)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/smooks-saml-template.xml 2009-12-02 23:20:43 UTC (rev 30441)
@@ -1,12 +0,0 @@
-<?xml version="1.0"?>
-<smooks-resource-list xmlns="http://www.milyn.org/xsd/smooks-1.1.xsd">
-
- <params>
- <param name="stream.filter.type">SAX</param>
- </params>
-
- <resource-config selector="/Envelope/Header/Security/Assertion" selector-namespace="@saml-namespace@">
- <resource>org.milyn.delivery.DomModelCreator</resource>
- </resource-config>
-
-</smooks-resource-list>
Deleted: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/smooks-saml.xml
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/smooks-saml.xml 2009-12-02 22:13:38 UTC (rev 30440)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/smooks-saml.xml 2009-12-02 23:20:43 UTC (rev 30441)
@@ -1,8 +0,0 @@
-<?xml version="1.0"?>
-<smooks-resource-list xmlns="http://www.milyn.org/xsd/smooks-1.1.xsd">
-
- <import file="/org/jboss/soa/esb/services/security/auth/ws/smooks-saml-template.xml">
- <param name="saml-namespace">urn:oasis:names:tc:SAML:2.0:assertion</param>
- </import>
-
-</smooks-resource-list>
Deleted: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/smooks-ws-security-template.xml
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/smooks-ws-security-template.xml 2009-12-02 22:13:38 UTC (rev 30440)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/smooks-ws-security-template.xml 2009-12-02 23:20:43 UTC (rev 30441)
@@ -1,19 +0,0 @@
-<?xml version="1.0"?>
-<smooks-resource-list xmlns="http://www.milyn.org/xsd/smooks-1.1.xsd" xmlns:jb="http://www.milyn.org/xsd/smooks/javabean-1.2.xsd">
-
- <jb:bean beanId="userNameToken" class="org.jboss.soa.esb.services.security.auth.ws.UsernameToken"
- createOnElement="/Envelope/Header/Security/UsernameToken"
- createOnElementNS="@security-namespace@">
- <jb:value property="userName" data="Username" dataNS="@security-namespace@" default=""/>
- <jb:value property="password" data="Password" dataNS="@security-namespace@"/>
- </jb:bean>
-
- <jb:bean beanId="binarySecurityToken" class="org.jboss.soa.esb.services.security.auth.ws.BinarySecurityToken"
- createOnElement="/Envelope/Header/Security/BinarySecurityToken"
- createOnElementNS="@security-namespace@">
- <jb:value property="encodingType" data="BinarySecurityToken/@EncodingType" dataNS="@security-namespace@"/>
- <jb:value property="valueType" data="BinarySecurityToken/@ValueType" dataNS="@security-namespace@"/>
- <jb:value property="key" data="BinarySecurityToken" dataNS="@security-namespace@"/>
- </jb:bean>
-
-</smooks-resource-list>
Deleted: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/smooks-ws-security.xml
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/smooks-ws-security.xml 2009-12-02 22:13:38 UTC (rev 30440)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/smooks-ws-security.xml 2009-12-02 23:20:43 UTC (rev 30441)
@@ -1,17 +0,0 @@
-<?xml version="1.0"?>
-<smooks-resource-list xmlns="http://www.milyn.org/xsd/smooks-1.1.xsd">
-
- <params>
- <param name="stream.filter.type">SAX</param>
- <param name="default.serialization.on">false</param>
- </params>
-
- <import file="/org/jboss/soa/esb/services/security/auth/ws/smooks-ws-security-template.xml">
- <param name="security-namespace">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd</param>
- </import>
-
- <import file="/org/jboss/soa/esb/services/security/auth/ws/smooks-ws-security-template.xml">
- <param name="security-namespace">http://schemas.xmlsoap.org/ws/2002/04/secext</param>
- </import>
-
-</smooks-resource-list>
Copied: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityTokenExtractorUnitTest.java (from rev 30431, labs/jbossesb/workspace/performance/perf2/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityTokenExtractorUnitTest.java)
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityTokenExtractorUnitTest.java (rev 0)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityTokenExtractorUnitTest.java 2009-12-02 23:20:43 UTC (rev 30441)
@@ -0,0 +1,142 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security.auth.ws;
+
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static java.util.concurrent.TimeUnit.NANOSECONDS;
+
+import java.io.InputStream;
+
+import junit.framework.JUnit4TestAdapter;
+
+import org.jboss.internal.soa.esb.util.StreamUtils;
+import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
+import org.jboss.soa.esb.util.ClassUtil;
+import org.junit.Before;
+import org.junit.Ignore;
+import org.junit.Test;
+
+
+/**
+ * Unit test for {@link UsernameTokenExtractor}
+ * <p/>
+ *
+ * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
+ *
+ */
+public class BinarySecurityTokenExtractorUnitTest
+{
+ private BinarySecurityTokenExtractor extractor;
+
+ /**
+ * Intentionally ignored. Takes some time to run and is indended to be run maually.
+ */
+ @Test
+ @Ignore
+ public void performance() throws Exception
+ {
+ final String soap = createKeySoapString("soap-keys-example.xml");
+ AuthenticationRequest authRequest = null;
+
+ // warm up
+ for (int i = 0; i < 50000; i++)
+ {
+ authRequest = extractor.extractSecurityInfo(soap);
+ }
+
+ final int iterations = 1000000;
+ final long start = System.nanoTime();
+ for (int i = 0; i < iterations; i++)
+ {
+ authRequest = extractor.extractSecurityInfo(soap);
+ }
+ final long duration = System.nanoTime() - start;
+ System.out.println(iterations + " took : " + NANOSECONDS.toSeconds(duration) + "s");
+
+ assertNotNull(authRequest);
+ assertTrue( authRequest.getCredentials().size() > 0 );
+ Object cert = authRequest.getCredentials().iterator().next();
+ assertTrue( cert instanceof java.security.cert.X509Certificate);
+ }
+
+ @Test
+ public void extractKeySecurityInfo() throws Exception
+ {
+ final String soap = createKeySoapString("soap-keys-example.xml");
+ final AuthenticationRequest authRequest = extractor.extractSecurityInfo(soap);
+ assertNotNull(authRequest);
+ assertTrue( authRequest.getCredentials().size() > 0 );
+ final Object cert = authRequest.getCredentials().iterator().next();
+ assertTrue( cert instanceof java.security.cert.X509Certificate);
+ }
+
+ @Test
+ public void extractKeySecurityInfo2() throws Exception
+ {
+ final String soap = createKeySoapString("soap-keys-example2.xml");
+ final AuthenticationRequest authRequest = extractor.extractSecurityInfo(soap);
+ assertNotNull(authRequest);
+ assertTrue( authRequest.getCredentials().size() > 0 );
+ final Object cert = authRequest.getCredentials().iterator().next();
+ assertTrue( cert instanceof java.security.cert.X509Certificate);
+ }
+
+ @Test
+ public void extractKeySecurityInfoUsingStringInput() throws Exception
+ {
+ final String soap = "some payload";
+ final AuthenticationRequest authRequest = extractor.extractSecurityInfo(soap);
+ assertNull(authRequest);
+ }
+
+ @Test
+ public void extractKeySecurityInfoUsingNullInput() throws Exception
+ {
+ final String soap = null;
+ final AuthenticationRequest authRequest = extractor.extractSecurityInfo(soap);
+ assertNull(authRequest);
+ }
+
+ private String createKeySoapString(final String filename) throws Exception
+ {
+ return getStringFromFile(filename);
+ }
+
+ private String getStringFromFile(final String fileName ) throws Exception
+ {
+ final InputStream inputStream = ClassUtil.getResourceAsStream(fileName, getClass() );
+ return new String(StreamUtils.readStream(inputStream));
+ }
+
+ @Before
+ public void createInstance()
+ {
+ extractor = new BinarySecurityTokenExtractor("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
+ }
+
+ public static junit.framework.Test suite()
+ {
+ return new JUnit4TestAdapter(BinarySecurityTokenExtractorUnitTest.class);
+ }
+
+}
Deleted: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityTokenTest.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityTokenTest.java 2009-12-02 22:13:38 UTC (rev 30440)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityTokenTest.java 2009-12-02 23:20:43 UTC (rev 30441)
@@ -1,123 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.soa.esb.services.security.auth.ws;
-
-import static org.junit.Assert.*;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.cert.Certificate;
-
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.jboss.internal.soa.esb.util.StreamUtils;
-import org.jboss.soa.esb.ConfigurationException;
-import org.jboss.soa.esb.util.ClassUtil;
-import org.junit.Test;
-import org.xml.sax.SAXException;
-
-import junit.framework.JUnit4TestAdapter;
-
-/**
- * Unittest for {@link BinarySecurityToken}
- *
- * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
- *
- */
-public class BinarySecurityTokenTest
-{
- private String expectedEncoding = "Base64Binary";
- private String expectedValueType = "X509v3";
- private BinarySecurityToken token = new BinarySecurityToken();
-
- @Test
- public void setEncodingTypeWithNSPrefix()
- {
- token.setEncodingType("wsse:" + expectedEncoding);
- assertEquals( expectedEncoding, token.getEncodingType() );
- }
-
- @Test
- public void setEncodingTypeWithNSPrefix2()
- {
- token.setEncodingType("d:" + expectedEncoding);
- assertEquals( expectedEncoding, token.getEncodingType() );
- }
-
- @Test
- public void setEncodingTypeWithoutNSPrefix()
- {
- token.setEncodingType(expectedEncoding);
- assertEquals( expectedEncoding, token.getEncodingType() );
- }
-
- @Test
- public void setEncodingTypeFullPath()
- {
- String url = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
- token.setEncodingType(url);
- assertEquals( expectedEncoding, token.getEncodingType() );
- }
-
- @Test
- public void setValueType()
- {
- String url = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
- token.setValueType(url);
- assertEquals( expectedValueType, token.getValueType() );
- }
-
- @Test
- public void setEncodingType()
- {
- token.setEncodingType(expectedEncoding);
- assertEquals( expectedEncoding, token.getEncodingType() );
- }
-
- @Test
- public void setEncodingTypeNull()
- {
- token.setEncodingType(null);
- assertNull(token.getEncodingType());
- }
-
- @Test
- public void setKey() throws ConfigurationException, SAXException, IOException, ParserConfigurationException
- {
- token.setEncodingType(expectedEncoding);
- token.setValueType(expectedValueType);
- token.setKey(getExampleCert());
- Certificate key = token.getKey();
- assertNotNull(key);
- }
-
- private String getExampleCert() throws SAXException, IOException, ParserConfigurationException, ConfigurationException
- {
- InputStream inputStream = ClassUtil.getResourceAsStream("cert-example.xml", getClass() );
- return new String(StreamUtils.readStream(inputStream));
- }
-
- public static junit.framework.Test suite()
- {
- return new JUnit4TestAdapter(BinarySecurityTokenTest.class);
- }
-
-}
Copied: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityTokenUnitTest.java (from rev 30431, labs/jbossesb/workspace/performance/perf2/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityTokenUnitTest.java)
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityTokenUnitTest.java (rev 0)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/BinarySecurityTokenUnitTest.java 2009-12-02 23:20:43 UTC (rev 30441)
@@ -0,0 +1,120 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security.auth.ws;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+
+import java.io.InputStream;
+import java.security.cert.Certificate;
+
+import junit.framework.JUnit4TestAdapter;
+
+import org.jboss.internal.soa.esb.util.StreamUtils;
+import org.jboss.soa.esb.util.ClassUtil;
+import org.junit.Test;
+
+/**
+ * Unittest for {@link BinarySecurityToken}
+ *
+ * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
+ *
+ */
+public class BinarySecurityTokenUnitTest
+{
+ private String expectedEncoding = "Base64Binary";
+ private String expectedValueType = "X509v3";
+ private BinarySecurityToken token = new BinarySecurityToken();
+
+ @Test
+ public void setEncodingTypeWithNSPrefix()
+ {
+ token.setEncodingType("wsse:" + expectedEncoding);
+ assertEquals( expectedEncoding, token.getEncodingType() );
+ }
+
+ @Test
+ public void setEncodingTypeWithNSPrefix2()
+ {
+ token.setEncodingType("d:" + expectedEncoding);
+ assertEquals( expectedEncoding, token.getEncodingType() );
+ }
+
+ @Test
+ public void setEncodingTypeWithoutNSPrefix()
+ {
+ token.setEncodingType(expectedEncoding);
+ assertEquals( expectedEncoding, token.getEncodingType() );
+ }
+
+ @Test
+ public void setEncodingTypeFullPath()
+ {
+ String url = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
+ token.setEncodingType(url);
+ assertEquals( expectedEncoding, token.getEncodingType() );
+ }
+
+ @Test
+ public void setValueType()
+ {
+ String url = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
+ token.setValueType(url);
+ assertEquals( expectedValueType, token.getValueType() );
+ }
+
+ @Test
+ public void setEncodingType()
+ {
+ token.setEncodingType(expectedEncoding);
+ assertEquals( expectedEncoding, token.getEncodingType() );
+ }
+
+ @Test
+ public void setEncodingTypeNull()
+ {
+ token.setEncodingType(null);
+ assertNull(token.getEncodingType());
+ }
+
+ @Test
+ public void setKey() throws Exception
+ {
+ token.setEncodingType(expectedEncoding);
+ token.setValueType(expectedValueType);
+ token.setKey(getExampleCert());
+ Certificate key = token.getKey();
+ assertNotNull(key);
+ }
+
+ private String getExampleCert() throws Exception
+ {
+ InputStream inputStream = ClassUtil.getResourceAsStream("cert-example.xml", getClass() );
+ return new String(StreamUtils.readStream(inputStream));
+ }
+
+ public static junit.framework.Test suite()
+ {
+ return new JUnit4TestAdapter(BinarySecurityTokenUnitTest.class);
+ }
+
+}
Copied: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/SOAPExtractorUtilUnitTest.java (from rev 30431, labs/jbossesb/workspace/performance/perf2/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/SOAPExtractorUtilUnitTest.java)
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/SOAPExtractorUtilUnitTest.java (rev 0)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/SOAPExtractorUtilUnitTest.java 2009-12-02 23:20:43 UTC (rev 30441)
@@ -0,0 +1,92 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security.auth.ws;
+
+import static org.jboss.soa.esb.services.security.auth.ws.WSTestUtil.*;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+import javax.xml.soap.SOAPHeaderElement;
+import javax.xml.soap.SOAPMessage;
+
+import junit.framework.JUnit4TestAdapter;
+
+import org.junit.Test;
+
+/**
+ * Unit test for {@link SOAPExtractorUtil}.
+ *
+ * @author <a href="mailto:dbevenius at jboss.com">Daniel Bevenius</a>
+ *
+ */
+public class SOAPExtractorUtilUnitTest
+{
+ @Test
+ public void getSecurityHeaderNullEnvelope() throws Exception
+ {
+ SOAPHeaderElement securityHeader = SOAPExtractorUtil.extractSecurityHeader(null);
+ assertNull(securityHeader);
+ }
+
+ @Test
+ public void shouldExtract10From2002SecurityHeader() throws Exception
+ {
+ final SOAPMessage soapMessage = createMessage("soap-security-header-2002-1.0-example.xml", getClass());
+ SOAPHeaderElement securityHeader = SOAPExtractorUtil.extractSecurityHeader(soapMessage.getSOAPPart().getEnvelope());
+
+ assertSecurityNS(securityHeader, SoapConstants.WSSE_2_QNAME);
+ }
+
+ @Test
+ public void shouldExtract10SecurityHeader() throws Exception
+ {
+ final SOAPMessage soapMessage = createMessage("soap-security-header-1.0-example.xml", getClass());
+ SOAPHeaderElement securityHeader = SOAPExtractorUtil.extractSecurityHeader(soapMessage.getSOAPPart().getEnvelope());
+
+ assertSecurityNS(securityHeader, SoapConstants.WSSE_QNAME);
+ }
+
+ @Test
+ public void shouldExtractVersion11SecurityHeader() throws Exception
+ {
+ final SOAPMessage soapMessage = createMessage("soap-security-header-1.1-example.xml", getClass());
+ SOAPHeaderElement securityHeader = SOAPExtractorUtil.extractSecurityHeader(soapMessage.getSOAPPart().getEnvelope());
+
+ assertSecurityNS(securityHeader, SoapConstants.WSSE_11_QNAME);
+ }
+
+ private void assertSecurityNS(final SOAPHeaderElement securityHeader, final QName qname)
+ {
+ assertEquals(qname.getNamespaceURI(), securityHeader.getNamespaceURI());
+ final Iterator<?> assertionElement = securityHeader.getChildElements(new QName("urn:oasis:names:tc:SAML:2.0:assertion", "Assertion", "saml"));
+ assertTrue(assertionElement.hasNext());
+ }
+
+ public static junit.framework.Test suite()
+ {
+ return new JUnit4TestAdapter(SOAPExtractorUtilUnitTest.class);
+ }
+
+}
Modified: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/SamlAssertionExtractorUnitTest.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/SamlAssertionExtractorUnitTest.java 2009-12-02 22:13:38 UTC (rev 30440)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/SamlAssertionExtractorUnitTest.java 2009-12-02 23:20:43 UTC (rev 30441)
@@ -20,21 +20,20 @@
*/
package org.jboss.soa.esb.services.security.auth.ws;
+import static java.util.concurrent.TimeUnit.NANOSECONDS;
import static org.junit.Assert.assertEquals;
-import java.io.IOException;
import java.io.InputStream;
-import javax.xml.parsers.ParserConfigurationException;
-
import junit.framework.JUnit4TestAdapter;
import org.jboss.internal.soa.esb.util.StreamUtils;
-import org.jboss.soa.esb.ConfigurationException;
+import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
import org.jboss.soa.esb.util.ClassUtil;
+import org.junit.Ignore;
import org.junit.Test;
-import org.w3c.dom.Node;
-import org.xml.sax.SAXException;
+import org.picketlink.identity.federation.core.wstrust.SamlCredential;
+import org.w3c.dom.Element;
/**
* Unit test for {@link SamlAssertionExtractor}.
@@ -44,16 +43,45 @@
*/
public class SamlAssertionExtractorUnitTest
{
+ /**
+ * Intentionally ignored. Takes some time to run and is indended to be run maually.
+ */
@Test
+ @Ignore
+ public void performance() throws Exception
+ {
+ final SamlAssertionExtractor extractor = new SamlAssertionExtractor();
+ final String soap = readFile("soap-saml-example.xml");
+ @SuppressWarnings("unused")
+ AuthenticationRequest authRequest = null;
+
+ // warm up
+ for (int i = 0; i < 5000; i++)
+ {
+ authRequest = extractor.extractSecurityInfo(soap);
+ }
+
+ final int iterations = 1000000;
+ final long start = System.nanoTime();
+ for (int i = 0; i < iterations; i++)
+ {
+ authRequest = extractor.extractSecurityInfo(soap);
+ }
+ final long duration = System.nanoTime() - start;
+ System.out.println(iterations + " took : " + NANOSECONDS.toSeconds(duration) + "s");
+ }
+
+ @Test
public void extractAssertionFromSOAPString() throws Exception
{
final SamlAssertionExtractor extractor = new SamlAssertionExtractor();
- final Node samlAssertion = extractor.extractSamlAssertion(readFile("soap-saml-example.xml"));
+ final String samlAssertion = extractor.extractSamlAssertion(readFile("soap-saml-example.xml"));
+ Element assertionElement = SamlCredential.assertionToElement(samlAssertion);
- assertEquals("saml:Assertion", samlAssertion.getNodeName());
+ assertEquals("saml:Assertion", assertionElement.getNodeName());
}
- private String readFile(final String fileName) throws SAXException, IOException, ParserConfigurationException, ConfigurationException
+ private String readFile(final String fileName) throws Exception
{
InputStream inputStream = ClassUtil.getResourceAsStream(fileName, getClass());
return new String(StreamUtils.readStream(inputStream));
Modified: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/SamlSoapAssertionExtractorUnitTest.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/SamlSoapAssertionExtractorUnitTest.java 2009-12-02 22:13:38 UTC (rev 30440)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/SamlSoapAssertionExtractorUnitTest.java 2009-12-02 23:20:43 UTC (rev 30441)
@@ -25,24 +25,20 @@
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
-import java.io.IOException;
import java.io.InputStream;
import java.util.Set;
-import javax.xml.parsers.ParserConfigurationException;
import javax.xml.soap.SOAPMessage;
-import org.picketlink.identity.federation.core.wstrust.SamlCredential;
+import junit.framework.JUnit4TestAdapter;
+
import org.jboss.internal.soa.esb.util.StreamUtils;
import org.jboss.internal.soa.esb.util.XMLHelper;
-import org.jboss.soa.esb.ConfigurationException;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
import org.jboss.soa.esb.util.ClassUtil;
import org.junit.Test;
-import org.xml.sax.SAXException;
+import org.picketlink.identity.federation.core.wstrust.SamlCredential;
-import junit.framework.JUnit4TestAdapter;
-
/**
* Unit test for {@link SamlSoapAssertionExtractor}.
*
@@ -71,7 +67,7 @@
assertTrue(XMLHelper.compareXMLContent(expectedAssertion, actualAssertion));
}
- private String readFile(final String fileName) throws SAXException, IOException, ParserConfigurationException, ConfigurationException
+ private String readFile(final String fileName) throws Exception
{
InputStream inputStream = ClassUtil.getResourceAsStream(fileName, getClass());
return new String(StreamUtils.readStream(inputStream));
Copied: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/UsernameTokenExtractorUnitTest.java (from rev 30431, labs/jbossesb/workspace/performance/perf2/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/UsernameTokenExtractorUnitTest.java)
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/UsernameTokenExtractorUnitTest.java (rev 0)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/UsernameTokenExtractorUnitTest.java 2009-12-02 23:20:43 UTC (rev 30441)
@@ -0,0 +1,121 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security.auth.ws;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static java.util.concurrent.TimeUnit.NANOSECONDS;
+
+import java.io.InputStream;
+
+import junit.framework.JUnit4TestAdapter;
+
+import org.jboss.internal.soa.esb.util.StreamUtils;
+import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
+import org.jboss.soa.esb.util.ClassUtil;
+import org.junit.Before;
+import org.junit.Ignore;
+import org.junit.Test;
+
+
+/**
+ * Unit test for {@link UsernameTokenExtractor}
+ * <p/>
+ *
+ * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
+ *
+ */
+public class UsernameTokenExtractorUnitTest
+{
+ private UsernameTokenExtractor extractor;
+
+ /**
+ * Intentionally ignored. Takes some time to run and is indended to be run maually.
+ */
+ @Test
+ public void performanceExtractSecurityInfo() throws Exception
+ {
+ final UsernameTokenExtractor extractor = new UsernameTokenExtractor("http://schemas.xmlsoap.org/ws/2002/04/secext");
+ final String soap = createUserPassSoapString("soap-userpass-example.xml");
+ AuthenticationRequest authRequest = null;
+
+ // warm up
+ for (int i = 0; i < 5000; i++)
+ {
+ authRequest = extractor.extractSecurityInfo(soap);
+ }
+
+ int iterations = 1000000;
+ long start = System.nanoTime();
+ for (int i = 0; i < iterations; i++)
+ {
+ authRequest = extractor.extractSecurityInfo(soap);
+ }
+ long duration = System.nanoTime() - start;
+ System.out.println(iterations + " took : " + NANOSECONDS.toSeconds(duration) + " s");
+
+ assertNotNull(authRequest);
+ assertEquals( "Clark", authRequest.getPrincipal().getName());
+ }
+
+ @Test
+ public void extractSecurityInfo() throws Exception
+ {
+ UsernameTokenExtractor extractor = new UsernameTokenExtractor("http://schemas.xmlsoap.org/ws/2002/04/secext");
+ String soap = createUserPassSoapString("soap-userpass-example.xml");
+ AuthenticationRequest authRequest = extractor.extractSecurityInfo(soap);
+
+ assertNotNull(authRequest);
+ assertEquals( "Clark", authRequest.getPrincipal().getName());
+ }
+
+ @Test
+ public void processEmptyHeaderWithUserNameElementInBody() throws Exception
+ {
+ String soap = createUserPassSoapString("soap-userpass-example2.xml");
+ AuthenticationRequest authRequest = extractor.extractSecurityInfo(soap);
+ assertNull(authRequest);
+ }
+
+ private String createUserPassSoapString(final String filename) throws Exception
+ {
+ return getStringFromFile(filename);
+ }
+
+ private String getStringFromFile(final String fileName ) throws Exception
+ {
+ InputStream inputStream = ClassUtil.getResourceAsStream(fileName, getClass() );
+ return new String(StreamUtils.readStream(inputStream));
+ }
+
+ @Before
+ public void createInstance()
+ {
+ extractor = new UsernameTokenExtractor("http://schemas.xmlsoap.org/ws/2002/04/secext");
+ }
+
+ public static junit.framework.Test suite()
+ {
+ return new JUnit4TestAdapter(UsernameTokenExtractorUnitTest.class);
+ }
+
+}
Deleted: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/WSSecurityInfoExtractorUnitTest.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/WSSecurityInfoExtractorUnitTest.java 2009-12-02 22:13:38 UTC (rev 30440)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/WSSecurityInfoExtractorUnitTest.java 2009-12-02 23:20:43 UTC (rev 30441)
@@ -1,137 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.soa.esb.services.security.auth.ws;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertNull;
-import static org.junit.Assert.assertTrue;
-
-import java.io.IOException;
-import java.io.InputStream;
-
-import javax.xml.parsers.ParserConfigurationException;
-
-import junit.framework.JUnit4TestAdapter;
-
-import org.jboss.internal.soa.esb.util.StreamUtils;
-import org.jboss.soa.esb.ConfigurationException;
-import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
-import org.jboss.soa.esb.util.ClassUtil;
-import org.junit.Before;
-import org.junit.Test;
-import org.xml.sax.SAXException;
-
-
-/**
- * Unit test for {@link WSSecurityInfoExtractor}
- * <p/>
- *
- * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
- *
- */
-public class WSSecurityInfoExtractorUnitTest
-{
- private WSSecurityInfoExtractor extractor;
-
- @Test
- public void extractUserPassSecurityInfo() throws SAXException, IOException, ParserConfigurationException, ConfigurationException
- {
- String soap = createUserPassSoapString("soap-userpass-example.xml");
- AuthenticationRequest authRequest = extractor.extractSecurityInfo(soap);
- assertNotNull(authRequest);
- assertEquals( "Clark", authRequest.getPrincipal().getName());
- }
-
- @Test
- public void processEmptyHeaderWithUserNameElementInBody() throws SAXException, IOException, ParserConfigurationException, ConfigurationException
- {
- String soap = createUserPassSoapString("soap-userpass-example2.xml");
- AuthenticationRequest authRequest = extractor.extractSecurityInfo(soap);
- assertNull(authRequest);
- }
-
- @Test
- public void extractKeySecurityInfo() throws SAXException, IOException, ParserConfigurationException, ConfigurationException
- {
- String soap = createKeySoapString("soap-keys-example.xml");
- AuthenticationRequest authRequest = extractor.extractSecurityInfo(soap);
- assertNotNull(authRequest);
- assertTrue( authRequest.getCredentials().size() > 0 );
- Object cert = authRequest.getCredentials().iterator().next();
- assertTrue( cert instanceof java.security.cert.X509Certificate);
- }
-
- @Test
- public void extractKeySecurityInfo2() throws SAXException, IOException, ParserConfigurationException, ConfigurationException
- {
- String soap = createKeySoapString("soap-keys-example2.xml");
- AuthenticationRequest authRequest = extractor.extractSecurityInfo(soap);
- assertNotNull(authRequest);
- assertTrue( authRequest.getCredentials().size() > 0 );
- Object cert = authRequest.getCredentials().iterator().next();
- assertTrue( cert instanceof java.security.cert.X509Certificate);
- }
-
- @Test
- public void extractKeySecurityInfoUsingStringInput() throws SAXException, IOException, ParserConfigurationException, ConfigurationException
- {
- String soap = "some payload";
- AuthenticationRequest authRequest = extractor.extractSecurityInfo(soap);
- assertNull(authRequest);
- }
-
- @Test
- public void extractKeySecurityInfoUsingNullInput() throws SAXException, IOException, ParserConfigurationException, ConfigurationException
- {
- String soap = null;
- AuthenticationRequest authRequest = extractor.extractSecurityInfo(soap);
- assertNull(authRequest);
- }
-
- private String createUserPassSoapString(final String filename) throws SAXException, IOException, ParserConfigurationException, ConfigurationException
- {
- return getStringFromFile(filename);
- }
-
- private String createKeySoapString(final String filename) throws SAXException, IOException, ParserConfigurationException, ConfigurationException
- {
- return getStringFromFile(filename);
- }
-
- private String getStringFromFile(final String fileName ) throws SAXException, IOException, ParserConfigurationException, ConfigurationException
- {
- InputStream inputStream = ClassUtil.getResourceAsStream(fileName, getClass() );
- return new String(StreamUtils.readStream(inputStream));
- }
-
- @Before
- public void createInstance()
- {
- extractor = new WSSecurityInfoExtractor();
- }
-
- public static junit.framework.Test suite()
- {
- return new JUnit4TestAdapter(WSSecurityInfoExtractorUnitTest.class);
- }
-
-}
Modified: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/WSSecuritySoapExtractorUnitTest.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/WSSecuritySoapExtractorUnitTest.java 2009-12-02 22:13:38 UTC (rev 30440)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/WSSecuritySoapExtractorUnitTest.java 2009-12-02 23:20:43 UTC (rev 30441)
@@ -24,19 +24,14 @@
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
-import java.io.IOException;
import java.security.cert.X509Certificate;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
import junit.framework.JUnit4TestAdapter;
-import org.jboss.soa.esb.ConfigurationException;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
import org.junit.Test;
-import org.xml.sax.SAXException;
/**
@@ -49,7 +44,7 @@
public class WSSecuritySoapExtractorUnitTest
{
@Test
- public void extractSecurityInfoBinarySecurityToken() throws SAXException, IOException, ParserConfigurationException, ConfigurationException, SOAPException
+ public void extractSecurityInfoBinarySecurityToken() throws Exception
{
WSSecuritySoapExtractor extractor = new WSSecuritySoapExtractor();
SOAPMessage soap = WSTestUtil.createWithBinarySecurityToken("wsse:Base64Binary", "wsse:X509v3", WSTestUtil.getStringFromFile("cert-example.xml", getClass()));
@@ -61,7 +56,7 @@
}
@Test
- public void extractSecurityInfoBinarySecurityTokenNoNSPrifix() throws SAXException, IOException, ParserConfigurationException, ConfigurationException, SOAPException
+ public void extractSecurityInfoBinarySecurityTokenNoNSPrifix() throws Exception
{
WSSecuritySoapExtractor extractor = new WSSecuritySoapExtractor();
// create the SAOPMessage with out namespace prefixes for ValueType and EncodingType
@@ -74,7 +69,7 @@
}
@Test
- public void extractSecurityInfoBinarySecurityTokenFromFile() throws SAXException, IOException, ParserConfigurationException, ConfigurationException, SOAPException
+ public void extractSecurityInfoBinarySecurityTokenFromFile() throws Exception
{
WSSecuritySoapExtractor extractor = new WSSecuritySoapExtractor();
SOAPMessage soap = WSTestUtil.createMessage("soap-keys-example.xml", getClass());
@@ -86,7 +81,7 @@
}
@Test
- public void extractSecurityInfoUsernameToken() throws SAXException, IOException, ParserConfigurationException, ConfigurationException, SOAPException
+ public void extractSecurityInfoUsernameToken() throws Exception
{
final String username = "Bubbles";
final String password = "228833dkd0";
@@ -101,7 +96,7 @@
}
@Test
- public void extractSecurityInfoUsernameTokenNoUsername() throws SAXException, IOException, ParserConfigurationException, ConfigurationException, SOAPException
+ public void extractSecurityInfoUsernameTokenNoUsername() throws Exception
{
final String password = "228833dkd0";
WSSecuritySoapExtractor extractor = new WSSecuritySoapExtractor();
@@ -115,7 +110,7 @@
}
@Test
- public void extractSecurityInfoUsernameTokenNoPassword() throws SAXException, IOException, ParserConfigurationException, ConfigurationException, SOAPException
+ public void extractSecurityInfoUsernameTokenNoPassword() throws Exception
{
final String username = "Bubbles";
WSSecuritySoapExtractor extractor = new WSSecuritySoapExtractor();
Modified: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/WSTestUtil.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/WSTestUtil.java 2009-12-02 22:13:38 UTC (rev 30440)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/WSTestUtil.java 2009-12-02 23:20:43 UTC (rev 30441)
@@ -82,7 +82,7 @@
SOAPEnvelope soapEnvelope = soapPart.getEnvelope();
SOAPHeader soapHeader = soapEnvelope.getHeader();
- Name security = soapEnvelope.createName(SOAPExtractorUtil.WSSE_LN, "wsse", SOAPExtractorUtil.WSSE_NS);
+ Name security = soapEnvelope.createName(SoapConstants.WSSE_LN, "wsse", SoapConstants.WSSE_NS);
SOAPHeaderElement headerElement = soapHeader.addHeaderElement( security );
createBinaryHeaderElement(soapEnvelope, headerElement, encodingType, valueType, cert );
@@ -123,7 +123,7 @@
SOAPEnvelope soapEnvelope = soapPart.getEnvelope();
SOAPHeader soapHeader = soapEnvelope.getHeader();
- Name security = soapEnvelope.createName(SOAPExtractorUtil.WSSE_LN, "wsse", SOAPExtractorUtil.WSSE_NS);
+ Name security = soapEnvelope.createName(SoapConstants.WSSE_LN, "wsse", SoapConstants.WSSE_NS);
SOAPHeaderElement headerElement = soapHeader.addHeaderElement( security );
createUsernameTokenHeaderElement(soapEnvelope, headerElement, username, password );
@@ -200,7 +200,7 @@
final String cert) throws SOAPException
{
// create the BinarySecurityToken element
- Name binarySecurityTokenName = soapEnvelope.createName("BinarySecurityToken", "wsse", SOAPExtractorUtil.WSSE_NS);
+ Name binarySecurityTokenName = soapEnvelope.createName("BinarySecurityToken", "wsse", SoapConstants.WSSE_NS);
SOAPElement binarySecurityTokenElement = headerElement.addChildElement(binarySecurityTokenName);
// add the EncodingType attribute
@@ -219,13 +219,13 @@
final String password) throws SOAPException
{
// create the UsernameToken element
- Name usernameTokenName = soapEnvelope.createName("UsernameToken", "wsse", SOAPExtractorUtil.WSSE_NS);
+ Name usernameTokenName = soapEnvelope.createName("UsernameToken", "wsse", SoapConstants.WSSE_NS);
SOAPElement usernameTokenElement = headerElement.addChildElement(usernameTokenName);
// create and add the Username sub element
if ( username != null )
{
- Name usernameName = soapEnvelope.createName("Username", "wsse", SOAPExtractorUtil.WSSE_NS);
+ Name usernameName = soapEnvelope.createName("Username", "wsse", SoapConstants.WSSE_NS);
SOAPElement usernameNode = usernameTokenElement.addChildElement(usernameName);
usernameNode.addTextNode(username);
}
@@ -233,7 +233,7 @@
// create and add the password sub element
if ( password != null )
{
- Name passwordName = soapEnvelope.createName("password", "wsse", SOAPExtractorUtil.WSSE_NS);
+ Name passwordName = soapEnvelope.createName("password", "wsse", SoapConstants.WSSE_NS);
SOAPElement passwordNode = usernameTokenElement.addChildElement(passwordName);
passwordNode.addTextNode(password);
}
Modified: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/soap-keys-example.xml
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/soap-keys-example.xml 2009-12-02 22:13:38 UTC (rev 30440)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/soap-keys-example.xml 2009-12-02 23:20:43 UTC (rev 30441)
@@ -15,5 +15,5 @@
</wsse:BinarySecurityToken>
</wsse:Security>
</env:Header>
- <env:Body></env:Body>
+ <env:Body><sample>bajja</sample></env:Body>
</env:Envelope>
\ No newline at end of file
Modified: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/soap-saml-example.xml
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/soap-saml-example.xml 2009-12-02 22:13:38 UTC (rev 30440)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/soap-saml-example.xml 2009-12-02 23:20:43 UTC (rev 30441)
@@ -29,6 +29,7 @@
</soap:Header>
<soap:Body>
+ <sample>bajja</sample>
</soap:Body>
</soap:Envelope>
Copied: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/soap-security-header-1.0-example.xml (from rev 30431, labs/jbossesb/workspace/performance/perf2/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/soap-security-header-1.0-example.xml)
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/soap-security-header-1.0-example.xml (rev 0)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/soap-security-header-1.0-example.xml 2009-12-02 23:20:43 UTC (rev 30441)
@@ -0,0 +1,35 @@
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+
+ <soap:Header>
+ <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+ <saml:Assertion
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ Version="2.0"
+ IssueInstant="2005-04-01T16:58:33.173Z">
+ <saml:Issuer>http://authority.example.com/</saml:Issuer>
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">...</ds:Signature>
+ <saml:Subject>
+ <saml:NameID format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">
+ jygH5F90l
+ </saml:NameID>
+ </saml:Subject>
+ <saml:AuthnStatement
+ AuthnInstant="2005-04-01T16:57:30.000Z"
+ SessionIndex="6345789">
+ <saml:AuthnContext>
+ <saml:AuthnContextClassRef>
+ urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
+ </saml:AuthnContextClassRef>
+ </saml:AuthnContext>
+ </saml:AuthnStatement>
+ </saml:Assertion>
+ </wsse:Security>
+ </soap:Header>
+
+ <soap:Body>
+ </soap:Body>
+
+</soap:Envelope>
+
Copied: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/soap-security-header-1.1-example.xml (from rev 30431, labs/jbossesb/workspace/performance/perf2/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/soap-security-header-1.1-example.xml)
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/soap-security-header-1.1-example.xml (rev 0)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/soap-security-header-1.1-example.xml 2009-12-02 23:20:43 UTC (rev 30441)
@@ -0,0 +1,35 @@
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+
+ <soap:Header>
+ <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
+ <saml:Assertion
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ Version="2.0"
+ IssueInstant="2005-04-01T16:58:33.173Z">
+ <saml:Issuer>http://authority.example.com/</saml:Issuer>
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">...</ds:Signature>
+ <saml:Subject>
+ <saml:NameID format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">
+ jygH5F90l
+ </saml:NameID>
+ </saml:Subject>
+ <saml:AuthnStatement
+ AuthnInstant="2005-04-01T16:57:30.000Z"
+ SessionIndex="6345789">
+ <saml:AuthnContext>
+ <saml:AuthnContextClassRef>
+ urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
+ </saml:AuthnContextClassRef>
+ </saml:AuthnContext>
+ </saml:AuthnStatement>
+ </saml:Assertion>
+ </wsse:Security>
+ </soap:Header>
+
+ <soap:Body>
+ </soap:Body>
+
+</soap:Envelope>
+
Copied: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/soap-security-header-2002-1.0-example.xml (from rev 30431, labs/jbossesb/workspace/performance/perf2/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/soap-security-header-2002-1.0-example.xml)
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/soap-security-header-2002-1.0-example.xml (rev 0)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/ws/soap-security-header-2002-1.0-example.xml 2009-12-02 23:20:43 UTC (rev 30441)
@@ -0,0 +1,32 @@
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+
+ <soap:Header><wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/secext"><saml:Assertion
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ Version="2.0"
+ IssueInstant="2005-04-01T16:58:33.173Z">
+ <saml:Issuer>http://authority.example.com/</saml:Issuer>
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">...</ds:Signature>
+ <saml:Subject>
+ <saml:NameID format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">
+ jygH5F90l
+ </saml:NameID>
+ </saml:Subject>
+ <saml:AuthnStatement
+ AuthnInstant="2005-04-01T16:57:30.000Z"
+ SessionIndex="6345789">
+ <saml:AuthnContext>
+ <saml:AuthnContextClassRef>
+ urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
+ </saml:AuthnContextClassRef>
+ </saml:AuthnContext>
+ </saml:AuthnStatement>
+ </saml:Assertion></wsse:Security>
+ </soap:Header>
+
+ <soap:Body>
+ </soap:Body>
+
+</soap:Envelope>
+
Modified: labs/jbossesb/branches/JBESB_4_7_CP/product/samples/quickstarts/security_saml/soap-request.xml
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/samples/quickstarts/security_saml/soap-request.xml 2009-12-02 22:13:38 UTC (rev 30440)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/samples/quickstarts/security_saml/soap-request.xml 2009-12-02 23:20:43 UTC (rev 30441)
@@ -1,6 +1,6 @@
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:good="http://security_saml/goodbyeworld" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<soapenv:Header>
- <wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/secext">
+ <wsse:Security>
<wsse:UsernameToken>
<wsse:Username>admin</wsse:Username>
<wsse:Password>admin</wsse:Password>
More information about the jboss-svn-commits
mailing list