[picketlink-commits] Picketlink SVN: r892 - in trust/trunk/jbossws/src: main/java/org/picketlink/trust/jbossws/util and 2 other directories.
picketlink-commits at lists.jboss.org
picketlink-commits at lists.jboss.org
Mon Apr 18 11:43:44 EDT 2011
Author: anil.saldhana at jboss.com
Date: 2011-04-18 11:43:43 -0400 (Mon, 18 Apr 2011)
New Revision: 892
Added:
trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/invalid-jboss-wsse-port-role.xml
Modified:
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthorizationHandler.java
trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/util/JBossWSSERoleExtractor.java
trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/jbossws/xml/JBossWSSEFileParseTestCase.java
Log:
PLFED-176: check for invalid authorize element
Modified: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthorizationHandler.java
===================================================================
--- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthorizationHandler.java 2011-04-15 01:50:28 UTC (rev 891)
+++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthorizationHandler.java 2011-04-18 15:43:43 UTC (rev 892)
@@ -23,6 +23,7 @@
import java.io.InputStream;
import java.security.Principal;
+import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
@@ -35,6 +36,7 @@
import org.jboss.security.AuthorizationManager;
import org.jboss.security.SimplePrincipal;
import org.jboss.wsf.spi.invocation.SecurityAdaptor;
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.trust.jbossws.util.JBossWSSERoleExtractor;
/**
@@ -47,6 +49,8 @@
*/
public class WSAuthorizationHandler extends AbstractPicketLinkTrustHandler
{
+ public static final String UNCHECKED = "unchecked";
+
@Override
protected boolean handleInbound(MessageContext msgContext)
{
@@ -62,9 +66,17 @@
QName portName = (QName) msgContext.get(MessageContext.WSDL_PORT);
QName opName = (QName) msgContext.get(MessageContext.WSDL_OPERATION);
- List<String> roles = JBossWSSERoleExtractor.getRoles(is, portName.getLocalPart(), opName.toString());
- if( !roles.contains("unchecked"))
+ List<String> roles = new ArrayList<String>();
+ try
{
+ roles = JBossWSSERoleExtractor.getRoles(is, portName.getLocalPart(), opName.toString());
+ }
+ catch (ProcessingException e)
+ {
+ throw new RuntimeException(e);
+ }
+ if( !roles.contains(UNCHECKED))
+ {
AuthorizationManager authorizationManager = getAuthorizationManager();
SecurityAdaptor securityAdaptor = secAdapterfactory.newSecurityAdapter();
@@ -101,14 +113,6 @@
throw new RuntimeException("Servlet Context is null");
InputStream is = context.getResourceAsStream("/WEB-INF/jboss-wsse.xml");
- /*InputStream is = null;
- ClassLoader cl = SecurityActions.getClassLoader(getClass());
- is = load(cl);
- if( is == null)
- {
- cl = SecurityActions.getContextClassLoader();
- is = load(cl);
- }*/
return is;
}
Modified: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/util/JBossWSSERoleExtractor.java
===================================================================
--- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/util/JBossWSSERoleExtractor.java 2011-04-15 01:50:28 UTC (rev 891)
+++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/util/JBossWSSERoleExtractor.java 2011-04-18 15:43:43 UTC (rev 892)
@@ -39,6 +39,8 @@
*/
public class JBossWSSERoleExtractor
{
+ public static final String UNCHECKED = "unchecked";
+
/**
* <p>
* Given the jboss-wsse.xml inputstream, return the configured roles
@@ -51,7 +53,7 @@
* @param portName optionally pass in a portName
* @return a {@link List} of role names
*/
- public static List<String> getRoles(InputStream is, String portName, String operationName)
+ public static List<String> getRoles(InputStream is, String portName, String operationName) throws ProcessingException
{
List<String> roles = new ArrayList<String>();
try
@@ -73,10 +75,14 @@
return getDefaultRoles(doc.getDocumentElement());
}
}
- catch (Exception e)
+ catch (ProcessingException e)
{
- throw new RuntimeException(e);
+ throw e;
}
+ catch( Exception e1)
+ {
+ throw new ProcessingException(e1);
+ }
return roles;
}
@@ -145,11 +151,20 @@
roles = getDefaultRoles(newNode);
}
}
- }
+ }
+
+ return validate(roles);
+ }
+
+ private static List<String> validate( List<String> roles) throws ProcessingException
+ {
+ //Validate that we do not have unchecked and roles
+ if(roles.contains(UNCHECKED) && roles.size() > 1)
+ throw new ProcessingException("unchecked and role(s) cannot be together");
return roles;
}
- private static List<String> getRolesFromAuthorize( Element authorize)
+ private static List<String> getRolesFromAuthorize( Element authorize) throws ProcessingException
{
List<String> roles = new ArrayList<String>();
NodeList children = authorize.getChildNodes();
@@ -171,6 +186,6 @@
}
}
}
- return roles;
+ return validate(roles);
}
}
\ No newline at end of file
Modified: trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/jbossws/xml/JBossWSSEFileParseTestCase.java
===================================================================
--- trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/jbossws/xml/JBossWSSEFileParseTestCase.java 2011-04-15 01:50:28 UTC (rev 891)
+++ trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/jbossws/xml/JBossWSSEFileParseTestCase.java 2011-04-18 15:43:43 UTC (rev 892)
@@ -24,11 +24,13 @@
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
import java.io.InputStream;
import java.util.List;
import org.junit.Test;
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.trust.jbossws.util.JBossWSSERoleExtractor;
/**
@@ -43,7 +45,8 @@
public void testUnchecked() throws Exception
{
ClassLoader tcl = Thread.currentThread().getContextClassLoader();
- InputStream is = tcl.getResourceAsStream("jbossws/jboss-wsse/jboss-wsse-unchecked.xml");
+ String file = "jbossws/jboss-wsse/jboss-wsse-unchecked.xml";
+ InputStream is = tcl.getResourceAsStream(file);
assertNotNull(is);
List<String> roles = JBossWSSERoleExtractor.getRoles(is, null, null);
@@ -56,7 +59,8 @@
public void testRoles() throws Exception
{
ClassLoader tcl = Thread.currentThread().getContextClassLoader();
- InputStream is = tcl.getResourceAsStream("jbossws/jboss-wsse/jboss-wsse-roles.xml");
+ String file = "jbossws/jboss-wsse/jboss-wsse-roles.xml";
+ InputStream is = tcl.getResourceAsStream(file);
assertNotNull(is);
List<String> roles = JBossWSSERoleExtractor.getRoles(is, null, null);
@@ -70,7 +74,8 @@
public void testRolesForPort() throws Exception
{
ClassLoader tcl = Thread.currentThread().getContextClassLoader();
- InputStream is = tcl.getResourceAsStream("jbossws/jboss-wsse/jboss-wsse-port-role.xml");
+ String file = "jbossws/jboss-wsse/jboss-wsse-port-role.xml";
+ InputStream is = tcl.getResourceAsStream(file);
assertNotNull(is);
List<String> roles = JBossWSSERoleExtractor.getRoles(is, "TestPort", null);
@@ -78,7 +83,7 @@
assertEquals( 1, roles.size());
assertTrue( roles.contains("Trader"));
- is = tcl.getResourceAsStream("jbossws/jboss-wsse/jboss-wsse-port-role.xml");
+ is = tcl.getResourceAsStream(file);
assertNotNull(is);
roles = JBossWSSERoleExtractor.getRoles(is, "MaxiPort", null);
assertNotNull(roles);
@@ -87,7 +92,7 @@
assertTrue( roles.contains("friend"));
assertTrue( roles.contains("family"));
- is = tcl.getResourceAsStream("jbossws/jboss-wsse/jboss-wsse-port-role.xml");
+ is = tcl.getResourceAsStream(file);
assertNotNull(is);
roles = JBossWSSERoleExtractor.getRoles(is, "NonExistingPort", null);
assertNotNull(roles);
@@ -99,7 +104,8 @@
public void testRolesForPortOps() throws Exception
{
ClassLoader tcl = Thread.currentThread().getContextClassLoader();
- InputStream is = tcl.getResourceAsStream("jbossws/jboss-wsse/jboss-wsse-port-ops.xml");
+ String file = "jbossws/jboss-wsse/jboss-wsse-port-ops.xml";
+ InputStream is = tcl.getResourceAsStream(file);
assertNotNull(is);
List<String> roles = JBossWSSERoleExtractor.getRoles(is, "POJOBeanPort", "{http://ws.trust.test.picketlink.org/}echoUnchecked");
@@ -107,14 +113,14 @@
assertEquals( 1, roles.size());
assertTrue( roles.contains("unchecked"));
- is = tcl.getResourceAsStream("jbossws/jboss-wsse/jboss-wsse-port-ops.xml");
+ is = tcl.getResourceAsStream(file);
assertNotNull(is);
roles = JBossWSSERoleExtractor.getRoles(is, "POJOBeanPort", "{http://ws.trust.test.picketlink.org/}echo");
assertNotNull(roles);
assertEquals( 1, roles.size());
assertTrue( roles.contains("JBossAdmin"));
- is = tcl.getResourceAsStream("jbossws/jboss-wsse/jboss-wsse-port-ops.xml");
+ is = tcl.getResourceAsStream(file);
assertNotNull(is);
roles = JBossWSSERoleExtractor.getRoles(is, "NonExistingPort", null);
assertNotNull(roles);
@@ -122,4 +128,37 @@
assertTrue( roles.contains("friend"));
assertTrue( roles.contains("family"));
}
+
+ @Test
+ public void testInvalidXML() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ String file = "jbossws/jboss-wsse/invalid-jboss-wsse-port-role.xml";
+ InputStream is = tcl.getResourceAsStream(file);
+ assertNotNull(is);
+
+ List<String> roles = JBossWSSERoleExtractor.getRoles(is, "TestPort", null);
+ assertNotNull(roles);
+ assertEquals( 1, roles.size());
+ assertTrue( roles.contains("Trader"));
+
+ is = tcl.getResourceAsStream(file);
+ assertNotNull(is);
+ try
+ {
+ roles = JBossWSSERoleExtractor.getRoles(is, "MaxiPort", null);
+ fail( "Should have thrown exception");
+ }
+ catch( ProcessingException pe)
+ {
+ //pass
+ }
+
+ is = tcl.getResourceAsStream(file);
+ assertNotNull(is);
+ roles = JBossWSSERoleExtractor.getRoles(is, "NonExistingPort", null);
+ assertNotNull(roles);
+ assertEquals( 1, roles.size());
+ assertTrue( roles.contains("Trader"));
+ }
}
\ No newline at end of file
Added: trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/invalid-jboss-wsse-port-role.xml
===================================================================
--- trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/invalid-jboss-wsse-port-role.xml (rev 0)
+++ trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/invalid-jboss-wsse-port-role.xml 2011-04-18 15:43:43 UTC (rev 892)
@@ -0,0 +1,30 @@
+<jboss-ws-security xmlns='http://www.jboss.com/ws-security/config'
+ xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
+ xsi:schemaLocation='http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd'>
+
+ <config>
+ <authorize>
+ <role>Trader</role>
+ </authorize>
+ </config>
+
+ <port name="TestPort">
+ <config>
+ <authorize>
+ <role>Trader</role>
+ </authorize>
+ </config>
+ </port>
+
+ <port name="MaxiPort">
+ <config>
+ <authorize>
+ <role>Trader</role>
+ <role>friend</role>
+ <role>family</role>
+ <role>unchecked</role>
+ </authorize>
+ </config>
+ </port>
+
+</jboss-ws-security>
\ No newline at end of file
More information about the picketlink-commits
mailing list