jbossws-commits November 2013

jbossws-commits@lists.jboss.org

1 participants
54 discussions

JBossWS SVN: r18057 - shared-testsuite/branches/jbossws-shared-testsuite-4.1.x/testsuite/src/test/java/org/jboss/test/ws/jaxws/jbws1807.

by jbossws-commits＠lists.jboss.org

Author: jim.ma Date: 2013-11-04 00:11:17 -0500 (Mon, 04 Nov 2013) New Revision: 18057 Modified: shared-testsuite/branches/jbossws-shared-testsuite-4.1.x/testsuite/src/test/java/org/jboss/test/ws/jaxws/jbws1807/JBWS1807TestCase.java Log: [BZ1025385]:Fix JBWS1807TestCase Modified: shared-testsuite/branches/jbossws-shared-testsuite-4.1.x/testsuite/src/test/java/org/jboss/test/ws/jaxws/jbws1807/JBWS1807TestCase.java =================================================================== --- shared-testsuite/branches/jbossws-shared-testsuite-4.1.x/testsuite/src/test/java/org/jboss/test/ws/jaxws/jbws1807/JBWS1807TestCase.java 2013-11-01 09:26:26 UTC (rev 18056) +++ shared-testsuite/branches/jbossws-shared-testsuite-4.1.x/testsuite/src/test/java/org/jboss/test/ws/jaxws/jbws1807/JBWS1807TestCase.java 2013-11-04 05:11:17 UTC (rev 18057) @@ -72,7 +72,7 @@ service.addPort(portName, HTTPBinding.HTTP_BINDING, TARGET_ENDPOINT_ADDRESS); Dispatch<Source> dispatch = service.createDispatch(portName, Source.class, Mode.PAYLOAD); - Source resPayload = dispatch.invoke(new DOMSource(DOMUtils.parse("<input>hello</input>"))); + Source resPayload = dispatch.invoke(new DOMSource(DOMUtils.parse("<ns2:input xmlns:ns2='http://ws.com/'><arg0>hello</arg0></ns2:input>"))); Element docElement = DOMUtils.sourceToElement(resPayload); Element response = ((Element)DOMUtils.getChildElements(docElement, "input").next());

11 years, 2 months

1
0
0 / 0

JBossWS SVN: r18056 - in stack/cxf/branches/jaspi/modules: server/src/test/java/org/jboss/wsf/stack/cxf/configuration and 1 other directory.

by jbossws-commits＠lists.jboss.org

Author: jim.ma Date: 2013-11-01 05:26:26 -0400 (Fri, 01 Nov 2013) New Revision: 18056 Modified: stack/cxf/branches/jaspi/modules/client/src/main/java/org/jboss/wsf/stack/cxf/Loggers.java stack/cxf/branches/jaspi/modules/server/src/test/java/org/jboss/wsf/stack/cxf/configuration/BusHolderTest.java Log: Fix logger id and BusHolderTest Modified: stack/cxf/branches/jaspi/modules/client/src/main/java/org/jboss/wsf/stack/cxf/Loggers.java =================================================================== --- stack/cxf/branches/jaspi/modules/client/src/main/java/org/jboss/wsf/stack/cxf/Loggers.java 2013-11-01 09:14:17 UTC (rev 18055) +++ stack/cxf/branches/jaspi/modules/client/src/main/java/org/jboss/wsf/stack/cxf/Loggers.java 2013-11-01 09:26:26 UTC (rev 18056) @@ -210,10 +210,10 @@ void unknownJAXWSClientBusStrategy(String strategy); @LogMessage(level = WARN) - @Message(id = 24096, value = "No application policy found for security domain '%s'") + @Message(id = 24097, value = "No application policy found for security domain '%s'") void noApplicationPolicy(String securityDomain); @LogMessage(level = WARN) - @Message(id = 24097, value = "No JASPIAuthenticationInfo found for security domain '%s'") + @Message(id = 24098, value = "No JASPIAuthenticationInfo found for security domain '%s'") void noJaspiApplicationPolicy(String securityDomain); } Modified: stack/cxf/branches/jaspi/modules/server/src/test/java/org/jboss/wsf/stack/cxf/configuration/BusHolderTest.java =================================================================== --- stack/cxf/branches/jaspi/modules/server/src/test/java/org/jboss/wsf/stack/cxf/configuration/BusHolderTest.java 2013-11-01 09:14:17 UTC (rev 18055) +++ stack/cxf/branches/jaspi/modules/server/src/test/java/org/jboss/wsf/stack/cxf/configuration/BusHolderTest.java 2013-11-01 09:26:26 UTC (rev 18056) @@ -64,7 +64,7 @@ } BusHolder holder = new NonSpringBusHolder(new DDBeans()); try { - holder.configure(null, null, wsmd, null); + holder.configure(null, null, wsmd, null, null); return holder.getBus().getExtension(PolicyEngine.class).getAlternativeSelector().getClass().getName(); } finally { holder.close();

11 years, 2 months

1
0
0 / 0

JBossWS SVN: r18055 - in stack/cxf/branches/jaspi: modules/client/src/main/java/org/jboss/wsf/stack/cxf and 10 other directories.

by jbossws-commits＠lists.jboss.org

Author: jim.ma Date: 2013-11-01 05:14:17 -0400 (Fri, 01 Nov 2013) New Revision: 18055 Added: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/interceptor/JaspiClientInInterceptor.java stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/interceptor/JaspiClientOutInterceptor.java stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/interceptor/JaspiSeverInInterceptor.java stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/interceptor/JaspiSeverOutInterceptor.java stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/ stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/JaspiClientAuthenticator.java stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/JaspiServerAuthenticator.java stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/ stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSAuthConfigProvider.java stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSAuthConstants.java stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSClientAuthConfig.java stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSClientAuthContext.java stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSServerAuthConfig.java stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSServerAuthContext.java stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/SecurityActions.java stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/interceptor/ stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/interceptor/WSS4JOutInterceptor.java stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/module/ stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/module/SOAPClientAuthModule.java stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/module/SOAPServerAuthModule.java stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/validator/ stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/validator/UsernameTokenValidator.java Modified: stack/cxf/branches/jaspi/modules/client/src/main/java/org/jboss/wsf/stack/cxf/Loggers.java stack/cxf/branches/jaspi/modules/server/pom.xml stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/configuration/BusHolder.java stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/configuration/NonSpringBusHolder.java stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/configuration/SpringBusHolder.java stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/deployment/aspect/BusDeploymentAspect.java stack/cxf/branches/jaspi/pom.xml Log: Initial commit for jaspi soap profile integration Modified: stack/cxf/branches/jaspi/modules/client/src/main/java/org/jboss/wsf/stack/cxf/Loggers.java =================================================================== --- stack/cxf/branches/jaspi/modules/client/src/main/java/org/jboss/wsf/stack/cxf/Loggers.java 2013-11-01 08:35:44 UTC (rev 18054) +++ stack/cxf/branches/jaspi/modules/client/src/main/java/org/jboss/wsf/stack/cxf/Loggers.java 2013-11-01 09:14:17 UTC (rev 18055) @@ -208,4 +208,12 @@ @LogMessage(level = WARN) @Message(id = 24095, value = "Unknown strategy '%s' requested for selecting the Apache CXF Bus to be used for building JAXWS clients; default strategy will be used.") void unknownJAXWSClientBusStrategy(String strategy); + + @LogMessage(level = WARN) + @Message(id = 24096, value = "No application policy found for security domain '%s'") + void noApplicationPolicy(String securityDomain); + + @LogMessage(level = WARN) + @Message(id = 24097, value = "No JASPIAuthenticationInfo found for security domain '%s'") + void noJaspiApplicationPolicy(String securityDomain); } Modified: stack/cxf/branches/jaspi/modules/server/pom.xml =================================================================== --- stack/cxf/branches/jaspi/modules/server/pom.xml 2013-11-01 08:35:44 UTC (rev 18054) +++ stack/cxf/branches/jaspi/modules/server/pom.xml 2013-11-01 09:14:17 UTC (rev 18055) @@ -249,6 +249,11 @@ <artifactId>jboss-jms-api_1.1_spec</artifactId> </dependency> <dependency> + <groupId>org.jboss.spec.javax.security.auth.message</groupId> + <artifactId>jboss-jaspi-api_1.1_spec</artifactId> + </dependency> + + <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <scope>test</scope> Modified: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/configuration/BusHolder.java =================================================================== --- stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/configuration/BusHolder.java 2013-11-01 08:35:44 UTC (rev 18054) +++ stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/configuration/BusHolder.java 2013-11-01 09:14:17 UTC (rev 18055) @@ -57,7 +57,9 @@ import org.jboss.wsf.stack.cxf.interceptor.EnableDecoupledFaultInterceptor; import org.jboss.wsf.stack.cxf.interceptor.EndpointAssociationInterceptor; import org.jboss.wsf.stack.cxf.interceptor.HandlerAuthInterceptor; +import org.jboss.wsf.stack.cxf.interceptor.JaspiSeverInInterceptor; import org.jboss.wsf.stack.cxf.interceptor.NsCtxSelectorStoreInterceptor; +import org.jboss.wsf.stack.cxf.jaspi.JaspiServerAuthenticator; import org.jboss.wsf.stack.cxf.management.InstrumentationManagerExtImpl; /** @@ -95,7 +97,7 @@ * @param wsmd The current JBossWebservicesMetaData, if any * @param depRuntimeClassLoader The current deployment classloader */ - public void configure(ResourceResolver resolver, Configurer configurer, JBossWebservicesMetaData wsmd, ClassLoader depRuntimeClassLoader) + public void configure(ResourceResolver resolver, Configurer configurer, JBossWebservicesMetaData wsmd, ClassLoader depRuntimeClassLoader, JaspiServerAuthenticator authenticator) { bus.setProperty(org.jboss.wsf.stack.cxf.client.Constants.DEPLOYMENT_BUS, true); busHolderListener = new BusHolderLifeCycleListener(); @@ -106,6 +108,11 @@ bus.setExtension(configurer, Configurer.class); } setInterceptors(bus); + + if (authenticator != null) { + bus.getInInterceptors().add(new JaspiSeverInInterceptor(authenticator)); + } + setResourceResolver(bus, resolver); Map<String, String> props = (wsmd == null) ? null : wsmd.getProperties(); Modified: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/configuration/NonSpringBusHolder.java =================================================================== --- stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/configuration/NonSpringBusHolder.java 2013-11-01 08:35:44 UTC (rev 18054) +++ stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/configuration/NonSpringBusHolder.java 2013-11-01 09:14:17 UTC (rev 18055) @@ -45,6 +45,7 @@ import org.jboss.wsf.stack.cxf.client.configuration.JBossWSNonSpringConfigurer; import org.jboss.wsf.stack.cxf.deployment.EndpointImpl; import org.jboss.wsf.stack.cxf.deployment.WSDLFilePublisher; +import org.jboss.wsf.stack.cxf.jaspi.JaspiServerAuthenticator; import org.jboss.wsf.stack.cxf.metadata.services.DDBeans; import org.jboss.wsf.stack.cxf.metadata.services.DDEndpoint; @@ -71,7 +72,7 @@ //Force servlet transport to prevent CXF from using Jetty / http server or other transports bus.setExtension(new ServletDestinationFactory(), HttpDestinationFactory.class); } - + /** * Update the Bus held by the this instance using the provided parameters. * This basically prepares the bus for being used with JBossWS. @@ -81,14 +82,14 @@ * @param wsmd The current JBossWebservicesMetaData, if any * @param depRuntimeClassLoader The current deployment classloader */ - @Override - public void configure(ResourceResolver resolver, Configurer configurer, JBossWebservicesMetaData wsmd, ClassLoader depRuntimeClassLoader) + + public void configure(ResourceResolver resolver, Configurer configurer, JBossWebservicesMetaData wsmd, ClassLoader depRuntimeClassLoader, JaspiServerAuthenticator authenticator) { if (configured) { throw Messages.MESSAGES.busAlreadyConfigured(bus); } - super.configure(resolver, configurer, wsmd, depRuntimeClassLoader); + super.configure(resolver, configurer, wsmd, depRuntimeClassLoader, authenticator); for (DDEndpoint dde : metadata.getEndpoints()) { Modified: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/configuration/SpringBusHolder.java =================================================================== --- stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/configuration/SpringBusHolder.java 2013-11-01 08:35:44 UTC (rev 18054) +++ stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/configuration/SpringBusHolder.java 2013-11-01 09:14:17 UTC (rev 18055) @@ -45,6 +45,7 @@ import org.jboss.wsf.stack.cxf.client.configuration.JBossWSSpringBusFactory; import org.jboss.wsf.stack.cxf.client.configuration.JBossWSSpringConfigurer; import org.jboss.wsf.stack.cxf.deployment.WSDLFilePublisher; +import org.jboss.wsf.stack.cxf.jaspi.JaspiServerAuthenticator; import org.jboss.wsf.stack.cxf.spring.handler.NamespaceHandlerResolver; import org.jboss.wsf.stack.cxf.spring.parser.JaxwsEndpointDefinitionParser.JBossWSSpringEndpointImpl; import org.springframework.beans.factory.xml.XmlBeanDefinitionReader; @@ -124,13 +125,13 @@ * @param depRuntimeClassLoader The current deployment classloader */ @Override - public void configure(ResourceResolver resolver, Configurer configurer, JBossWebservicesMetaData wsmd, ClassLoader depRuntimeClassLoader) + public void configure(ResourceResolver resolver, Configurer configurer, JBossWebservicesMetaData wsmd, ClassLoader depRuntimeClassLoader, JaspiServerAuthenticator authenticator) { if (configured) { throw MESSAGES.busAlreadyConfigured(ctx); } - super.configure(resolver, configurer, wsmd, depRuntimeClassLoader); + super.configure(resolver, configurer, wsmd, depRuntimeClassLoader, authenticator); GenericApplicationContext jbosswsCxfContext = null; //load stuff from provided jbossws-cxf.xml DD Modified: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/deployment/aspect/BusDeploymentAspect.java =================================================================== --- stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/deployment/aspect/BusDeploymentAspect.java 2013-11-01 08:35:44 UTC (rev 18054) +++ stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/deployment/aspect/BusDeploymentAspect.java 2013-11-01 09:14:17 UTC (rev 18055) @@ -24,11 +24,21 @@ import java.io.IOException; import java.net.URL; import java.util.Map; +import java.util.Properties; +import javax.security.auth.message.config.AuthConfigFactory; +import javax.security.auth.message.config.AuthConfigProvider; +import javax.security.auth.message.config.ServerAuthConfig; import javax.xml.ws.spi.Provider; import org.apache.cxf.BusFactory; import org.apache.cxf.configuration.Configurer; +import org.jboss.security.auth.callback.JBossCallbackHandler; +import org.jboss.security.auth.login.AuthenticationInfo; +import org.jboss.security.auth.login.BaseAuthenticationInfo; +import org.jboss.security.auth.login.JASPIAuthenticationInfo; +import org.jboss.security.config.ApplicationPolicy; +import org.jboss.security.config.SecurityConfiguration; import org.jboss.ws.api.binding.BindingCustomization; import org.jboss.ws.common.integration.AbstractDeploymentAspect; import org.jboss.ws.common.integration.WSConstants; @@ -38,11 +48,15 @@ import org.jboss.wsf.spi.deployment.ResourceResolver; import org.jboss.wsf.spi.metadata.j2ee.JSEArchiveMetaData; import org.jboss.wsf.spi.metadata.webservices.JBossWebservicesMetaData; +import org.jboss.wsf.stack.cxf.Loggers; import org.jboss.wsf.stack.cxf.client.configuration.JBossWSBusFactory; import org.jboss.wsf.stack.cxf.configuration.BusHolder; import org.jboss.wsf.stack.cxf.configuration.NonSpringBusHolder; import org.jboss.wsf.stack.cxf.configuration.SpringBusHolder; import org.jboss.wsf.stack.cxf.deployment.WSDLFilePublisher; +import org.jboss.wsf.stack.cxf.jaspi.JaspiServerAuthenticator; +import org.jboss.wsf.stack.cxf.jaspi.config.JBossWSAuthConfigProvider; +import org.jboss.wsf.stack.cxf.jaspi.config.JBossWSAuthConstants; import org.jboss.wsf.stack.cxf.metadata.services.DDBeans; import org.jboss.wsf.stack.cxf.resolver.JBossWSResourceResolver; @@ -124,9 +138,11 @@ epConfigFile = wsmd.getConfigFile(); } + JaspiServerAuthenticator jaspiAuthenticator = getJaspiAuthenticator(dep); + Configurer configurer = holder.createServerConfigurer(dep.getAttachment(BindingCustomization.class), new WSDLFilePublisher(aDep), dep.getService().getEndpoints(), aDep.getRootFile(), epConfigName, epConfigFile); - holder.configure(resolver, configurer, wsmd, dep.getRuntimeClassLoader()); + holder.configure(resolver, configurer, wsmd, dep.getRuntimeClassLoader(), jaspiAuthenticator); dep.addAttachment(BusHolder.class, holder); } finally @@ -136,6 +152,44 @@ } } + private JaspiServerAuthenticator getJaspiAuthenticator(Deployment dep) { + //TODO: get security-domain from jboss-webservices.xml and get hostname + String securityDomain = "jaspi"; + ApplicationPolicy appPolicy = SecurityConfiguration.getApplicationPolicy(securityDomain); + if (appPolicy == null) { + Loggers.ROOT_LOGGER.noApplicationPolicy(securityDomain); + return null; + } + BaseAuthenticationInfo bai = appPolicy.getAuthenticationInfo(); + if (bai == null || bai instanceof AuthenticationInfo) { + Loggers.ROOT_LOGGER.noJaspiApplicationPolicy(securityDomain); + return null; + } + JASPIAuthenticationInfo jai = (JASPIAuthenticationInfo) bai; + + String contextRoot = dep.getService().getContextRoot(); + String appId = "localhost " + contextRoot; + AuthConfigFactory factory = AuthConfigFactory.getFactory(); + Properties properties = new Properties(); + AuthConfigProvider provider = new JBossWSAuthConfigProvider(properties, factory); + provider = factory.getConfigProvider(JBossWSAuthConstants.SOAP_LAYER, appId, null); + + JBossCallbackHandler callbackHandler = new JBossCallbackHandler(); + try + { + ServerAuthConfig serverConfig = provider.getServerAuthConfig(JBossWSAuthConstants.SOAP_LAYER, appId, callbackHandler); + return new JaspiServerAuthenticator(serverConfig, securityDomain, jai); + } + catch (Exception e) + { + //ignore + } + + return null; + + } + + private static URL getResourceUrl(final ResourceResolver resolver, final String resourcePath) { try Added: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/interceptor/JaspiClientInInterceptor.java =================================================================== --- stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/interceptor/JaspiClientInInterceptor.java (rev 0) +++ stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/interceptor/JaspiClientInInterceptor.java 2013-11-01 09:14:17 UTC (rev 18055) @@ -0,0 +1,58 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2010, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.interceptor; + +import javax.xml.soap.SOAPMessage; + +import org.apache.cxf.binding.soap.SoapMessage; +import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor; +import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor; +import org.apache.cxf.interceptor.Fault; +import org.apache.cxf.phase.Phase; +import org.jboss.wsf.stack.cxf.jaspi.JaspiClientAuthenticator; +import org.jboss.wsf.stack.cxf.jaspi.JaspiServerAuthenticator; +/** + * @author <a href="ema(a)redhat.com">Jim Ma</a> + */ +public class JaspiClientInInterceptor extends AbstractSoapInterceptor +{ + private JaspiClientAuthenticator authManager; + public JaspiClientInInterceptor(JaspiClientAuthenticator authManager) + { + super(Phase.POST_PROTOCOL_ENDING); + addAfter(SAAJOutInterceptor.SAAJOutEndingInterceptor.class.getName()); + this.authManager = authManager; + } + + @Override + public void handleMessage(SoapMessage message) throws Fault + { + + if (message.getContent(SOAPMessage.class) == null) + { + SAAJOutInterceptor saajout = new SAAJOutInterceptor(); + saajout.handleMessage(message); + } + authManager.validateResponse(message); + } + +} Property changes on: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/interceptor/JaspiClientInInterceptor.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/interceptor/JaspiClientOutInterceptor.java =================================================================== --- stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/interceptor/JaspiClientOutInterceptor.java (rev 0) +++ stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/interceptor/JaspiClientOutInterceptor.java 2013-11-01 09:14:17 UTC (rev 18055) @@ -0,0 +1,96 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2010, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.interceptor; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; + +import javax.xml.soap.MessageFactory; +import javax.xml.soap.SOAPException; +import javax.xml.soap.SOAPMessage; + +import org.apache.cxf.binding.soap.SoapMessage; +import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor; +import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor; +import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor.SAAJPreInInterceptor; +import org.apache.cxf.interceptor.Fault; +import org.apache.cxf.phase.Phase; +import org.jboss.wsf.stack.cxf.jaspi.JaspiClientAuthenticator; +/** + * @author <a href="ema(a)redhat.com">Jim Ma</a> + */ +public class JaspiClientOutInterceptor extends AbstractSoapInterceptor +{ + private JaspiClientAuthenticator authManager; + public JaspiClientOutInterceptor(JaspiClientAuthenticator authManager) + { + super(Phase.PRE_PROTOCOL); + addAfter(SAAJInInterceptor.class.getName()); + this.authManager = authManager; + } + + @Override + public void handleMessage(SoapMessage message) throws Fault + { + if (message.getContent(SOAPMessage.class) == null) + { + SAAJInInterceptor saajIn = new SAAJInInterceptor(); + saajIn.handleMessage(message); + } + SOAPMessage soapMessage = message.getContent(SOAPMessage.class); + if (soapMessage == null) + { + return; + } + + SOAPMessage copyMessage = null; + try + { + MessageFactory messageFactory = SAAJPreInInterceptor.INSTANCE.getFactory(message); + ByteArrayOutputStream bout = new ByteArrayOutputStream(); + soapMessage.writeTo(bout); + copyMessage = messageFactory.createMessage(soapMessage.getMimeHeaders(), new ByteArrayInputStream(bout.toByteArray())); + } + catch (SOAPException e) + { + throw new Fault(e); + } + catch (IOException e) + { + throw new Fault(e); + } + if (copyMessage != null) { + message.put(SOAPMessage.class, copyMessage); + } + try + { + authManager.secureRequest(message); + } + finally + { + message.put(SOAPMessage.class, soapMessage); + } + + } + +} Property changes on: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/interceptor/JaspiClientOutInterceptor.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/interceptor/JaspiSeverInInterceptor.java =================================================================== --- stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/interceptor/JaspiSeverInInterceptor.java (rev 0) +++ stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/interceptor/JaspiSeverInInterceptor.java 2013-11-01 09:14:17 UTC (rev 18055) @@ -0,0 +1,96 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2010, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.interceptor; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; + +import javax.xml.soap.MessageFactory; +import javax.xml.soap.SOAPException; +import javax.xml.soap.SOAPMessage; + +import org.apache.cxf.binding.soap.SoapMessage; +import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor; +import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor; +import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor.SAAJPreInInterceptor; +import org.apache.cxf.interceptor.Fault; +import org.apache.cxf.phase.Phase; +import org.jboss.wsf.stack.cxf.jaspi.JaspiServerAuthenticator; +/** + * @author <a href="ema(a)redhat.com">Jim Ma</a> + */ +public class JaspiSeverInInterceptor extends AbstractSoapInterceptor +{ + private JaspiServerAuthenticator authManager; + public JaspiSeverInInterceptor(JaspiServerAuthenticator authManager) + { + super(Phase.PRE_PROTOCOL); + addAfter(SAAJInInterceptor.class.getName()); + this.authManager = authManager; + } + + @Override + public void handleMessage(SoapMessage message) throws Fault + { + if (message.getContent(SOAPMessage.class) == null) + { + SAAJInInterceptor saajIn = new SAAJInInterceptor(); + saajIn.handleMessage(message); + } + SOAPMessage soapMessage = message.getContent(SOAPMessage.class); + if (soapMessage == null) + { + return; + } + + SOAPMessage copyMessage = null; + try + { + MessageFactory messageFactory = SAAJPreInInterceptor.INSTANCE.getFactory(message); + ByteArrayOutputStream bout = new ByteArrayOutputStream(); + soapMessage.writeTo(bout); + copyMessage = messageFactory.createMessage(soapMessage.getMimeHeaders(), new ByteArrayInputStream(bout.toByteArray())); + } + catch (SOAPException e) + { + throw new Fault(e); + } + catch (IOException e) + { + throw new Fault(e); + } + if (copyMessage != null) { + message.put(SOAPMessage.class, copyMessage); + } + try + { + authManager.validateRequest(message); + } + finally + { + message.put(SOAPMessage.class, soapMessage); + } + + } + +} Property changes on: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/interceptor/JaspiSeverInInterceptor.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/interceptor/JaspiSeverOutInterceptor.java =================================================================== --- stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/interceptor/JaspiSeverOutInterceptor.java (rev 0) +++ stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/interceptor/JaspiSeverOutInterceptor.java 2013-11-01 09:14:17 UTC (rev 18055) @@ -0,0 +1,57 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2010, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.interceptor; + +import javax.xml.soap.SOAPMessage; + +import org.apache.cxf.binding.soap.SoapMessage; +import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor; +import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor; +import org.apache.cxf.interceptor.Fault; +import org.apache.cxf.phase.Phase; +import org.jboss.wsf.stack.cxf.jaspi.JaspiServerAuthenticator; +/** + * @author <a href="ema(a)redhat.com">Jim Ma</a> + */ +public class JaspiSeverOutInterceptor extends AbstractSoapInterceptor +{ + private JaspiServerAuthenticator authManager; + public JaspiSeverOutInterceptor(JaspiServerAuthenticator authManager) + { + super(Phase.POST_PROTOCOL_ENDING); + addAfter(SAAJOutInterceptor.SAAJOutEndingInterceptor.class.getName()); + this.authManager = authManager; + } + + @Override + public void handleMessage(SoapMessage message) throws Fault + { + + if (message.getContent(SOAPMessage.class) == null) + { + SAAJOutInterceptor saajout = new SAAJOutInterceptor(); + saajout.handleMessage(message); + } + authManager.secureResponse(message); + } + +} Property changes on: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/interceptor/JaspiSeverOutInterceptor.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/JaspiClientAuthenticator.java =================================================================== --- stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/JaspiClientAuthenticator.java (rev 0) +++ stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/JaspiClientAuthenticator.java 2013-11-01 09:14:17 UTC (rev 18055) @@ -0,0 +1,117 @@ +package org.jboss.wsf.stack.cxf.jaspi; + +import java.util.Properties; + +import javax.security.auth.Subject; +import javax.security.auth.message.AuthException; +import javax.security.auth.message.AuthStatus; +import javax.security.auth.message.MessageInfo; +import javax.security.auth.message.config.ClientAuthConfig; +import javax.security.auth.message.config.ClientAuthContext; +import javax.xml.namespace.QName; +import javax.xml.soap.SOAPMessage; + +import org.apache.cxf.binding.soap.Soap12; +import org.apache.cxf.binding.soap.SoapBinding; +import org.apache.cxf.binding.soap.SoapFault; +import org.apache.cxf.binding.soap.SoapMessage; +import org.apache.cxf.message.Message; +import org.jboss.security.auth.login.JASPIAuthenticationInfo; +import org.jboss.security.auth.message.GenericMessageInfo; +/** + * @author <a href="ema(a)redhat.com">Jim Ma</a> + */ +public class JaspiClientAuthenticator +{ + private ClientAuthConfig clientConfig; + private String securityDomain; + private JASPIAuthenticationInfo jpi; + + public JaspiClientAuthenticator(ClientAuthConfig clientConfig, String securityDomain, JASPIAuthenticationInfo jpi) + { + + this.clientConfig = clientConfig; + this.securityDomain = securityDomain; + this.jpi = jpi; + } + + public void secureRequest(SoapMessage message) + { + SOAPMessage soapMessage = message.getContent(SOAPMessage.class); + MessageInfo messageInfo = new GenericMessageInfo(soapMessage, null); + String authContextID = clientConfig.getAuthContextID(messageInfo); + + Properties serverContextProperties = new Properties(); + serverContextProperties.put("security-domain", securityDomain); + serverContextProperties.put("jaspi-policy", jpi); + Subject clientSubject = new Subject(); + AuthStatus authStatus = null; + try + { + ClientAuthContext cctx = clientConfig.getAuthContext(authContextID, clientSubject, serverContextProperties); + authStatus = cctx.secureRequest(messageInfo, clientSubject); + } + catch (AuthException e) + { + if (isSOAP12(message)) + { + SoapFault soap12Fault = new SoapFault(e.getMessage(), Soap12.getInstance().getSender()); + throw soap12Fault; + } + else + { + throw new SoapFault(e.getMessage(), new QName("", "japsi AuthException")); + } + } + //TODO:look at how to handle AuthStatus + + } + + public void validateResponse(SoapMessage message) + { + SOAPMessage request = message.getExchange().getInMessage().get(SOAPMessage.class); + SOAPMessage response = message.getContent(SOAPMessage.class); + MessageInfo messageInfo = new GenericMessageInfo(request, response); + String authContextID = clientConfig.getAuthContextID(messageInfo); + + Properties serverContextProperties = new Properties(); + serverContextProperties.put("security-domain", securityDomain); + serverContextProperties.put("jaspi-policy", jpi); + Subject clientSubject = new Subject(); + AuthStatus authStatus = null; + try + { + ClientAuthContext sctx = clientConfig.getAuthContext(authContextID, clientSubject, serverContextProperties); + authStatus = sctx.validateResponse(messageInfo, new Subject(), new Subject()); + } + catch (AuthException e) + { + if (isSOAP12(message)) + { + SoapFault soap12Fault = new SoapFault(e.getMessage(), Soap12.getInstance().getSender()); + throw soap12Fault; + } + else + { + throw new SoapFault(e.getMessage(), new QName("", "japsi AuthException")); + } + } + //TODO:handle AuthStatus + + } + + private boolean isSOAP12(Message message) + { + if (message.getExchange().getBinding() instanceof SoapBinding) + { + SoapBinding binding = (SoapBinding)message.getExchange().getBinding(); + if (binding.getSoapVersion() == Soap12.getInstance()) + { + return true; + } + } + return false; + } + +} + Property changes on: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/JaspiClientAuthenticator.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/JaspiServerAuthenticator.java =================================================================== --- stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/JaspiServerAuthenticator.java (rev 0) +++ stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/JaspiServerAuthenticator.java 2013-11-01 09:14:17 UTC (rev 18055) @@ -0,0 +1,177 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2010, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.jaspi; + +import java.util.Properties; + +import javax.security.auth.Subject; +import javax.security.auth.message.AuthException; +import javax.security.auth.message.AuthStatus; +import javax.security.auth.message.MessageInfo; +import javax.security.auth.message.config.ServerAuthConfig; +import javax.security.auth.message.config.ServerAuthContext; +import javax.xml.namespace.QName; +import javax.xml.soap.SOAPMessage; + +import org.apache.cxf.binding.soap.Soap12; +import org.apache.cxf.binding.soap.SoapBinding; +import org.apache.cxf.binding.soap.SoapFault; +import org.apache.cxf.binding.soap.SoapMessage; +import org.apache.cxf.binding.soap.interceptor.SoapPreProtocolOutInterceptor; +import org.apache.cxf.endpoint.Endpoint; +import org.apache.cxf.interceptor.InterceptorChain; +import org.apache.cxf.interceptor.OutgoingChainInterceptor; +import org.apache.cxf.message.Message; +import org.apache.cxf.message.MessageImpl; +import org.jboss.security.auth.login.JASPIAuthenticationInfo; +import org.jboss.security.auth.message.GenericMessageInfo; +/** + * @author <a href="ema(a)redhat.com">Jim Ma</a> + */ +public class JaspiServerAuthenticator +{ + private ServerAuthConfig serverConfig; + private String securityDomain; + private JASPIAuthenticationInfo jpi; + + public JaspiServerAuthenticator(ServerAuthConfig serverConfig, String securityDomain, JASPIAuthenticationInfo jpi) + { + + this.serverConfig = serverConfig; + this.securityDomain = securityDomain; + this.jpi = jpi; + } + + public void validateRequest(SoapMessage message) + { + SOAPMessage soapMessage = message.getContent(SOAPMessage.class); + MessageInfo messageInfo = new GenericMessageInfo(soapMessage, null); + String authContextID = serverConfig.getAuthContextID(messageInfo); + + Properties serverContextProperties = new Properties(); + serverContextProperties.put("security-domain", securityDomain); + serverContextProperties.put("jaspi-policy", jpi); + Subject clientSubject = new Subject(); + AuthStatus authStatus = null; + try + { + ServerAuthContext sctx = serverConfig.getAuthContext(authContextID, clientSubject, serverContextProperties); + authStatus = sctx.validateRequest(messageInfo, clientSubject, null); + } + catch (AuthException e) + { + if (isSOAP12(message)) + { + SoapFault soap12Fault = new SoapFault(e.getMessage(), Soap12.getInstance().getReceiver()); + throw soap12Fault; + } + else + { + throw new SoapFault(e.getMessage(), new QName("", "japsi AuthException")); + } + } + Message response = null; + if (messageInfo.getResponseMessage() != null && !message.getExchange().isOneWay()) + { + + Endpoint e = message.getExchange().get(Endpoint.class); + + response = new MessageImpl(); + response.setExchange(message.getExchange()); + response = e.getBinding().createMessage(response); + message.getExchange().setOutMessage(response); + response.setContent(SOAPMessage.class, messageInfo.getResponseMessage()); + if (AuthStatus.SEND_CONTINUE == authStatus) + { + response.put(Message.RESPONSE_CODE, Integer.valueOf(303)); + } + if (AuthStatus.SEND_FAILURE == authStatus) + { + response.put(Message.RESPONSE_CODE, Integer.valueOf(500)); + } + + message.getInterceptorChain().abort(); + InterceptorChain chain = OutgoingChainInterceptor.getOutInterceptorChain(message.getExchange()); + response.setInterceptorChain(chain); + chain.doInterceptStartingAfter(response, SoapPreProtocolOutInterceptor.class.getName()); + + } + + } + + public void secureResponse(SoapMessage message) + { + SOAPMessage request = message.getExchange().getInMessage().get(SOAPMessage.class); + SOAPMessage response = message.getContent(SOAPMessage.class); + MessageInfo messageInfo = new GenericMessageInfo(request, response); + String authContextID = serverConfig.getAuthContextID(messageInfo); + + Properties serverContextProperties = new Properties(); + serverContextProperties.put("security-domain", securityDomain); + serverContextProperties.put("jaspi-policy", jpi); + Subject clientSubject = new Subject(); + AuthStatus authStatus = null; + try + { + ServerAuthContext sctx = serverConfig.getAuthContext(authContextID, clientSubject, serverContextProperties); + authStatus = sctx.secureResponse(messageInfo, null); + } + catch (AuthException e) + { + if (isSOAP12(message)) + { + SoapFault soap12Fault = new SoapFault(e.getMessage(), Soap12.getInstance().getReceiver()); + throw soap12Fault; + } + else + { + throw new SoapFault(e.getMessage(), new QName("", "japsi AuthException")); + } + } + if (messageInfo.getResponseMessage() != null && !message.getExchange().isOneWay()) + { + if (AuthStatus.SEND_CONTINUE == authStatus) + { + message.put(Message.RESPONSE_CODE, Integer.valueOf(303)); + } + if (AuthStatus.SEND_FAILURE == authStatus) + { + message.put(Message.RESPONSE_CODE, Integer.valueOf(500)); + } + } + + } + + private boolean isSOAP12(Message message) + { + if (message.getExchange().getBinding() instanceof SoapBinding) + { + SoapBinding binding = (SoapBinding)message.getExchange().getBinding(); + if (binding.getSoapVersion() == Soap12.getInstance()) + { + return true; + } + } + return false; + } + +} Property changes on: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/JaspiServerAuthenticator.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSAuthConfigProvider.java =================================================================== --- stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSAuthConfigProvider.java (rev 0) +++ stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSAuthConfigProvider.java 2013-11-01 09:14:17 UTC (rev 18055) @@ -0,0 +1,66 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2013, Red Hat, Inc., and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.jaspi.config; + +import java.util.Properties; + +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.message.AuthException; +import javax.security.auth.message.config.AuthConfigFactory; +import javax.security.auth.message.config.AuthConfigProvider; +import javax.security.auth.message.config.ClientAuthConfig; +import javax.security.auth.message.config.ServerAuthConfig; + +/** + * @author <a href="ema(a)redhat.com">Jim Ma</a> + */ +public class JBossWSAuthConfigProvider implements AuthConfigProvider { + private Properties contextProperties; + + public JBossWSAuthConfigProvider(Properties props, AuthConfigFactory factory) { + contextProperties = props; + if (factory != null) { + factory.registerConfigProvider(this, "SOAP", null,"JBossWS AuthConfigProvider"); + } + + } + + @Override + public ClientAuthConfig getClientAuthConfig(String layer, + String appContext, CallbackHandler handler) throws AuthException, SecurityException { + return new JBossWSClientAuthConfig(layer, appContext, handler, contextProperties); + } + + @Override + public ServerAuthConfig getServerAuthConfig(String layer, + String appContext, CallbackHandler handler) throws AuthException, + SecurityException { + return new JBossWSServerAuthConfig(layer, appContext, handler, contextProperties); + } + + @Override + public void refresh() { + + + } + +} \ No newline at end of file Property changes on: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSAuthConfigProvider.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSAuthConstants.java =================================================================== --- stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSAuthConstants.java (rev 0) +++ stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSAuthConstants.java 2013-11-01 09:14:17 UTC (rev 18055) @@ -0,0 +1,30 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2013, Red Hat, Inc., and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.jaspi.config; +/** + * @author <a href="ema(a)redhat.com">Jim Ma</a> + */ +public class JBossWSAuthConstants { + public static final String WSS4J_CONFIG = "wss4j.config"; + public static final String SOAP_LAYER = "soap"; + +} Property changes on: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSAuthConstants.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSClientAuthConfig.java =================================================================== --- stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSClientAuthConfig.java (rev 0) +++ stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSClientAuthConfig.java 2013-11-01 09:14:17 UTC (rev 18055) @@ -0,0 +1,118 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2013, Red Hat, Inc., and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.jaspi.config; + +import java.lang.reflect.Constructor; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.message.AuthException; +import javax.security.auth.message.config.ClientAuthContext; +import javax.security.auth.message.module.ClientAuthModule; + +import org.jboss.security.auth.container.config.AuthModuleEntry; +import org.jboss.security.auth.login.JASPIAuthenticationInfo; +import org.jboss.security.auth.message.config.JBossClientAuthConfig; +import org.jboss.security.config.ControlFlag; +import org.jboss.security.plugins.ClassLoaderLocator; +import org.jboss.security.plugins.ClassLoaderLocatorFactory; + +/** + * @author <a href="ema(a)redhat.com">Jim Ma</a> + */ +public class JBossWSClientAuthConfig extends JBossClientAuthConfig +{ + + @SuppressWarnings("rawtypes") + private List modules = new ArrayList(); + private CallbackHandler callbackHandler; + + @SuppressWarnings("rawtypes") + public JBossWSClientAuthConfig(String layer, String appContext, CallbackHandler handler, Map properties) + { + super(layer, appContext, handler, properties); + } + + @SuppressWarnings({ "rawtypes", "unchecked" }) + public ClientAuthContext getAuthContext(String authContextID, Subject clientSubject, Map properties) throws AuthException + { + List<ControlFlag> controlFlags = new ArrayList<ControlFlag>(); + + Map<String, Map> mapOptionsByName = new HashMap<String, Map>(); + + String secDomain = (String)properties.get("security-domain"); + + JASPIAuthenticationInfo jai = (JASPIAuthenticationInfo)properties.get("jaspi-policy"); + AuthModuleEntry[] amearr = jai.getAuthModuleEntry(); + + ClassLoader moduleCL = null; + String jbossModule = jai.getJBossModuleName(); + if (jbossModule != null && !jbossModule.isEmpty()) + { + ClassLoaderLocator locator = ClassLoaderLocatorFactory.get(); + if (locator != null) + moduleCL = locator.get(jbossModule); + } + + for (AuthModuleEntry ame : amearr) + { + + try + { + mapOptionsByName.put(ame.getAuthModuleName(), ame.getOptions()); + controlFlags.add(ame.getControlFlag()); + ClientAuthModule sam = this.createCAM(moduleCL, ame.getAuthModuleName()); + + Map options = new HashMap(); + sam.initialize(null, null, callbackHandler, options); + modules.add(sam); + } + catch (Exception e) + { + throw new AuthException(e.getLocalizedMessage()); + } + } + + JBossWSClientAuthContext clientAuthContext = new JBossWSClientAuthContext(modules, mapOptionsByName, this.callbackHandler); + clientAuthContext.setControlFlags(controlFlags); + return clientAuthContext; + } + + @SuppressWarnings({ "unchecked", "rawtypes" }) + private ClientAuthModule createCAM(ClassLoader moduleCL, String name) throws Exception + { + Class clazz = SecurityActions.loadClass(moduleCL, name); + Constructor ctr = clazz.getConstructor(new Class[0]); + return (ClientAuthModule)ctr.newInstance(new Object[0]); + } + + @SuppressWarnings({ "rawtypes" }) + public List getClientAuthModules() + { + return modules; + } + +} \ No newline at end of file Property changes on: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSClientAuthConfig.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSClientAuthContext.java =================================================================== --- stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSClientAuthContext.java (rev 0) +++ stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSClientAuthContext.java 2013-11-01 09:14:17 UTC (rev 18055) @@ -0,0 +1,100 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2013, Red Hat, Inc., and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.jaspi.config; + + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.message.AuthException; +import javax.security.auth.message.AuthStatus; +import javax.security.auth.message.MessageInfo; +import javax.security.auth.message.config.ClientAuthContext; +import javax.security.auth.message.module.ClientAuthModule; + +import org.jboss.security.config.ControlFlag; + +/** + * @author <a href="ema(a)redhat.com">Jim Ma</a> + */ +public class JBossWSClientAuthContext implements ClientAuthContext { + private List<ClientAuthModule> modules = new ArrayList<ClientAuthModule>(); + @SuppressWarnings("rawtypes") + private Map<String, Map> moduleOptionsByName = new HashMap<String, Map>(); + protected List<ControlFlag> controlFlags = new ArrayList<ControlFlag>(); + + @SuppressWarnings("rawtypes") + public JBossWSClientAuthContext(List<ClientAuthModule> modules, + Map<String, Map> moduleNameToOptions, CallbackHandler cbh) + throws AuthException { + this.modules = modules; + this.moduleOptionsByName = moduleNameToOptions; + for (ClientAuthModule cam : modules) { + cam.initialize(null, null, cbh, + moduleOptionsByName.get(cam.getClass().getName())); + } + } + + @Override + public void cleanSubject(MessageInfo messageInfo, Subject subject) + throws AuthException { + for (ClientAuthModule cam : modules) { + cam.cleanSubject(messageInfo, subject); + } + + } + + public void setControlFlags(List<ControlFlag> controlFlags) { + this.controlFlags = controlFlags; + } + + @Override + public AuthStatus secureRequest(MessageInfo messageInfo, + Subject clientSubject) throws AuthException { + AuthStatus status = null; + for (ClientAuthModule sam : modules) { + status = sam.secureRequest(messageInfo, clientSubject); + if (status == AuthStatus.FAILURE) { + break; + } + } + return status; + } + + @Override + public AuthStatus validateResponse(MessageInfo messageInfo, + Subject clientSubject, Subject serviceSubject) throws AuthException { + AuthStatus status = null; + for (ClientAuthModule sam : modules) { + status = sam.secureRequest(messageInfo, clientSubject); + if (status == AuthStatus.FAILURE) { + break; + } + } + return status; + } + +} \ No newline at end of file Property changes on: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSClientAuthContext.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSServerAuthConfig.java =================================================================== --- stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSServerAuthConfig.java (rev 0) +++ stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSServerAuthConfig.java 2013-11-01 09:14:17 UTC (rev 18055) @@ -0,0 +1,245 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2013, Red Hat, Inc., and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.jaspi.config; + +import java.lang.reflect.Constructor; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; + +import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.message.AuthException; +import javax.security.auth.message.MessageInfo; +import javax.security.auth.message.config.AuthConfig; +import javax.security.auth.message.config.ServerAuthConfig; +import javax.security.auth.message.config.ServerAuthContext; +import javax.security.auth.message.module.ServerAuthModule; +import javax.xml.namespace.QName; +import javax.xml.soap.MimeHeaders; +import javax.xml.soap.SOAPBody; +import javax.xml.soap.SOAPElement; +import javax.xml.soap.SOAPEnvelope; +import javax.xml.soap.SOAPException; +import javax.xml.soap.SOAPMessage; +import javax.xml.soap.SOAPPart; + +import org.apache.commons.lang.StringUtils; +import org.jboss.security.auth.callback.JBossCallbackHandler; +import org.jboss.security.auth.container.config.AuthModuleEntry; +import org.jboss.security.auth.login.JASPIAuthenticationInfo; +import org.jboss.security.config.ControlFlag; +import org.jboss.security.plugins.ClassLoaderLocator; +import org.jboss.security.plugins.ClassLoaderLocatorFactory; +/** + * @author <a href="ema(a)redhat.com">Jim Ma</a> + */ +//TODO: Refactor JBossServerAuthConfig, this class should extend JBossServerAuthConfig, +public class JBossWSServerAuthConfig implements ServerAuthConfig { + private String layer; + private String appContextId; + private CallbackHandler callbackHandler = new JBossCallbackHandler(); + @SuppressWarnings("rawtypes") + private List modules = new ArrayList(); + @SuppressWarnings({ "unused", "rawtypes" }) + private Map contextProperties; + + @SuppressWarnings("rawtypes") + public JBossWSServerAuthConfig(String layer, String appContext, + CallbackHandler handler, Map properties) { + this.layer = layer; + this.appContextId = appContext; + this.callbackHandler = handler; + this.contextProperties = properties; + } + + @SuppressWarnings({ "rawtypes", "unchecked" }) + public ServerAuthContext getAuthContext(String authContextID, Subject serviceSubject, Map properties) throws AuthException + { + List<ControlFlag> controlFlags = new ArrayList<ControlFlag>(); + + Map<String, Map> mapOptionsByName = new HashMap<String, Map>(); + String secDomain = (String)properties.get("security-domain"); + + JASPIAuthenticationInfo jai = (JASPIAuthenticationInfo)properties.get("jaspi-policy"); + AuthModuleEntry[] amearr = jai.getAuthModuleEntry(); + + ClassLoader moduleCL = null; + String jbossModule = jai.getJBossModuleName(); + if (jbossModule != null && !jbossModule.isEmpty()) + { + ClassLoaderLocator locator = ClassLoaderLocatorFactory.get(); + if (locator != null) + moduleCL = locator.get(jbossModule); + } + + for (AuthModuleEntry ame : amearr) + { + if (ame.getLoginModuleStackHolderName() != null) + { + try + { + mapOptionsByName.put(ame.getAuthModuleName(), ame.getOptions()); + controlFlags.add(ame.getControlFlag()); + ServerAuthModule sam = this.createSAM(moduleCL, ame.getAuthModuleName(), ame.getLoginModuleStackHolderName()); + + Map options = new HashMap(); + + sam.initialize(null, null, callbackHandler, options); + modules.add(sam); + } + catch (Exception e) + { + throw new AuthException(e.getLocalizedMessage()); + } + } + else + { + try + { + mapOptionsByName.put(ame.getAuthModuleName(), ame.getOptions()); + controlFlags.add(ame.getControlFlag()); + ServerAuthModule sam = this.createSAM(moduleCL, ame.getAuthModuleName()); + + Map options = new HashMap(); + sam.initialize(null, null, callbackHandler, options); + modules.add(sam); + } + catch (Exception e) + { + throw new AuthException(e.getLocalizedMessage()); + } + } + } + + JBossWSServerAuthContext serverAuthContext = new JBossWSServerAuthContext(modules, mapOptionsByName, this.callbackHandler); + serverAuthContext.setControlFlags(controlFlags); + return serverAuthContext; + } + + /** + * @see AuthConfig#getAppContext() + */ + public String getAppContext() { + return this.appContextId; + } + + /** + * @see AuthConfig#getMessageLayer() + */ + public String getMessageLayer() { + return this.layer; + } + + /** + * @see AuthConfig#refresh() + */ + public void refresh() { + } + + // Custom Methods + @SuppressWarnings({ "rawtypes" }) + public List getServerAuthModules() { + return this.modules; + } + + @SuppressWarnings("rawtypes") + public String getAuthContextID(MessageInfo messageInfo) + { + SOAPMessage request = (SOAPMessage)messageInfo.getRequestMessage(); + if (request == null) + { + return null; + } + String authContext = null; + MimeHeaders headers = request.getMimeHeaders(); + if (headers != null) + { + String[] soapActions = headers.getHeader("SOAPAction"); + if (soapActions != null && soapActions.length > 0) + { + authContext = soapActions[0]; + if (StringUtils.isNotEmpty(authContext)) + { + return authContext; + } + } + } + + SOAPPart soapMessage = request.getSOAPPart(); + if (soapMessage != null) + { + try + { + SOAPEnvelope envelope = soapMessage.getEnvelope(); + if (envelope != null) + { + SOAPBody body = envelope.getBody(); + if (body != null) + { + + Iterator it = body.getChildElements(); + while (it.hasNext()) + { + Object o = it.next(); + if (o instanceof SOAPElement) + { + QName name = ((SOAPElement)o).getElementQName(); + return name.getLocalPart(); + + } + } + } + } + } + catch (SOAPException se) + { + //ignore; + } + } + + return null; + } + + public boolean isProtected() { + throw new UnsupportedOperationException(); + } + + @SuppressWarnings({ "unchecked", "rawtypes" }) + private ServerAuthModule createSAM(ClassLoader moduleCL, String name) + throws Exception { + Class clazz = SecurityActions.loadClass(moduleCL, name); + Constructor ctr = clazz.getConstructor(new Class[0]); + return (ServerAuthModule) ctr.newInstance(new Object[0]); + } + + @SuppressWarnings({ "unchecked", "rawtypes" }) + private ServerAuthModule createSAM(ClassLoader moduleCL, String name, + String lmshName) throws Exception { + Class clazz = SecurityActions.loadClass(moduleCL, name); + Constructor ctr = clazz.getConstructor(new Class[] { String.class }); + return (ServerAuthModule) ctr.newInstance(new Object[] { lmshName }); + } + +} \ No newline at end of file Property changes on: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSServerAuthConfig.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSServerAuthContext.java =================================================================== --- stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSServerAuthContext.java (rev 0) +++ stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSServerAuthContext.java 2013-11-01 09:14:17 UTC (rev 18055) @@ -0,0 +1,43 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2013, Red Hat, Inc., and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.jaspi.config; +/** + * @author <a href="ema(a)redhat.com">Jim Ma</a> + */ +import java.util.List; +import java.util.Map; + +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.message.AuthException; +import javax.security.auth.message.module.ServerAuthModule; + +import org.jboss.security.auth.message.config.JBossServerAuthContext; +@SuppressWarnings({"rawtypes" }) +public class JBossWSServerAuthContext extends JBossServerAuthContext { + + public JBossWSServerAuthContext(List<ServerAuthModule> modules, + Map<String, Map> moduleNameToOptions, CallbackHandler cbh) + throws AuthException { + super(modules, moduleNameToOptions, cbh); + } + +} Property changes on: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSServerAuthContext.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/SecurityActions.java =================================================================== --- stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/SecurityActions.java (rev 0) +++ stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/SecurityActions.java 2013-11-01 09:14:17 UTC (rev 18055) @@ -0,0 +1,106 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2013, Red Hat, Inc., and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.jaspi.config; +/** + * @author <a href="ema(a)redhat.com">Jim Ma</a> + */ +import java.security.AccessController; +import java.security.PrivilegedAction; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; + +import org.jboss.security.SecurityContext; +import org.jboss.security.SecurityContextAssociation; + +class SecurityActions +{ + static ClassLoader getContextClassLoader() + { + return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() + { + public ClassLoader run() + { + return Thread.currentThread().getContextClassLoader(); + } + }); + + } + + static SecurityContext getSecurityContext() + { + return AccessController.doPrivileged(new PrivilegedAction<SecurityContext>() + { + + public SecurityContext run() + { + return SecurityContextAssociation.getSecurityContext(); + } + }); + } + + static Class<?> loadClass(final ClassLoader cl, final String name) throws PrivilegedActionException + { + return AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>() + { + public Class<?> run() throws PrivilegedActionException + { + if (cl == null) + { + return loadClass(name); + } + try + { + return cl.loadClass(name); + } + catch (Exception ignore) + { + return loadClass(name); + } + } + }); + } + + static Class<?> loadClass(final String name) throws PrivilegedActionException + { + return AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>() + { + public Class<?> run() throws PrivilegedActionException + { + try + { + return getClass().getClassLoader().loadClass(name); + } + catch (Exception ignore) + { + try + { + return getContextClassLoader().loadClass(name); + } + catch (Exception e) + { + throw new PrivilegedActionException(e); + } + } + } + }); + } +} \ No newline at end of file Property changes on: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/SecurityActions.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/interceptor/WSS4JOutInterceptor.java =================================================================== --- stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/interceptor/WSS4JOutInterceptor.java (rev 0) +++ stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/interceptor/WSS4JOutInterceptor.java 2013-11-01 09:14:17 UTC (rev 18055) @@ -0,0 +1,360 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2013, Red Hat, Inc., and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.jaspi.interceptor; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.logging.Level; +import java.util.logging.Logger; + +import javax.xml.soap.SOAPMessage; + +import org.apache.cxf.binding.soap.SoapFault; +import org.apache.cxf.binding.soap.SoapMessage; +import org.apache.cxf.binding.soap.SoapVersion; +import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor; +import org.apache.cxf.common.i18n.Message; +import org.apache.cxf.common.logging.LogUtils; +import org.apache.cxf.helpers.CastUtils; +import org.apache.cxf.interceptor.Fault; +import org.apache.cxf.phase.Phase; +import org.apache.cxf.phase.PhaseInterceptor; +import org.apache.cxf.ws.security.wss4j.AbstractWSS4JInterceptor; + +import org.apache.ws.security.WSConstants; +import org.apache.ws.security.WSSConfig; +import org.apache.ws.security.WSSecurityException; +import org.apache.ws.security.action.Action; +import org.apache.ws.security.handler.RequestData; +import org.apache.ws.security.handler.WSHandlerConstants; +import org.apache.ws.security.util.WSSecurityUtil; +import org.w3c.dom.Document; +/** + * This is a copy of WSS4JOutInterceptor and public WSS4JOutInterceptorInternal + * We need to refactor the WSS4JOutInterceptor and directly use it + * @author <a href="ema(a)redhat.com">Jim Ma</a> + * + */ +public class WSS4JOutInterceptor extends AbstractWSS4JInterceptor { + + /** + * Property name for a map of action IDs ({@link Integer}) to action + * class names. Values can be either {@link Class}) or Objects +- * implementing {@link Action}. + */ + public static final String WSS4J_ACTION_MAP = "wss4j.action.map"; + + private static final Logger LOG = LogUtils + .getL7dLogger(WSS4JOutInterceptor.class); + + private static final Logger TIME_LOG = LogUtils + .getL7dLogger(WSS4JOutInterceptor.class, + null, + WSS4JOutInterceptor.class.getName() + "-Time"); + + private WSS4JOutInterceptorInternal ending; + private SAAJOutInterceptor saajOut = new SAAJOutInterceptor(); + private boolean mtomEnabled; + + + + public WSS4JOutInterceptor() { + super(); + setPhase(Phase.PRE_PROTOCOL); + getAfter().add(SAAJOutInterceptor.class.getName()); + + ending = createEndingInterceptor(); + } + + public WSS4JOutInterceptor(Map<String, Object> props) { + this(); + setProperties(props); + } + + public boolean isAllowMTOM() { + return mtomEnabled; + } + /** + * Enable or disable mtom with WS-Security. By default MTOM is disabled as + * attachments would not get encrypted or be part of the signature. + * @param mtomEnabled + */ + public void setAllowMTOM(boolean allowMTOM) { + this.mtomEnabled = allowMTOM; + } + + + @Override + public Object getProperty(Object msgContext, String key) { + // use the superclass first + Object result = super.getProperty(msgContext, key); + + // handle the special case of the RECV_RESULTS + if (result == null + && WSHandlerConstants.RECV_RESULTS.equals(key) + && !this.isRequestor((SoapMessage)msgContext)) { + result = ((SoapMessage)msgContext).getExchange().getInMessage().get(key); + } + return result; + } + + public void handleMessage(SoapMessage mc) throws Fault { + //must turn off mtom when using WS-Sec so binary is inlined so it can + //be properly signed/encrypted/etc... + if (!mtomEnabled) { + mc.put(org.apache.cxf.message.Message.MTOM_ENABLED, false); + } + + if (mc.getContent(SOAPMessage.class) == null) { + saajOut.handleMessage(mc); + } + + mc.getInterceptorChain().add(ending); + } + public void handleFault(SoapMessage message) { + saajOut.handleFault(message); + } + + public final WSS4JOutInterceptorInternal createEndingInterceptor() { + return new WSS4JOutInterceptorInternal(); + } + + public class WSS4JOutInterceptorInternal + implements PhaseInterceptor<SoapMessage> { + public WSS4JOutInterceptorInternal() { + super(); + } + + public void handleMessage(SoapMessage mc) throws Fault { + + boolean doDebug = LOG.isLoggable(Level.FINE); + boolean doTimeDebug = TIME_LOG.isLoggable(Level.FINE); + + long t0 = 0; + long t1 = 0; + long t2 = 0; + + if (doTimeDebug) { + t0 = System.currentTimeMillis(); + } + + if (doDebug) { + LOG.fine("WSS4JOutInterceptor: enter handleMessage()"); + } + /** + * There is nothing to send...Usually happens when the provider + * needs to send a HTTP 202 message (with no content) + */ + if (mc == null) { + return; + } + SoapVersion version = mc.getVersion(); + RequestData reqData = new RequestData(); + translateProperties(mc); + + reqData.setMsgContext(mc); + + /* + * The overall try, just to have a finally at the end to perform some + * housekeeping. + */ + try { + WSSConfig config = WSSConfig.getNewInstance(); + reqData.setWssConfig(config); + + /* + * Setup any custom actions first by processing the input properties + * and reconfiguring the WSSConfig with the user defined properties. + */ + this.configureActions(mc, doDebug, version, config); + + /* + * Get the action first. + */ + List<Integer> actions = new ArrayList<Integer>(); + String action = getString(WSHandlerConstants.ACTION, mc); + if (action == null) { + throw new SoapFault(new Message("NO_ACTION", LOG), version + .getReceiver()); + } + + int doAction = WSSecurityUtil.decodeAction(action, actions, config); + if (doAction == WSConstants.NO_SECURITY && actions.isEmpty()) { + return; + } + + /* + * For every action we need a username, so get this now. The + * username defined in the deployment descriptor takes precedence. + */ + reqData.setUsername((String) getOption(WSHandlerConstants.USER)); + if (reqData.getUsername() == null + || reqData.getUsername().equals("")) { + String username = (String) getProperty(reqData.getMsgContext(), + WSHandlerConstants.USER); + if (username != null) { + reqData.setUsername(username); + } + } + + /* + * Now we perform some set-up for UsernameToken and Signature + * functions. No need to do it for encryption only. Check if + * username is available and then get a passowrd. + */ + if ((doAction & (WSConstants.SIGN | WSConstants.UT | WSConstants.UT_SIGN)) != 0 + && (reqData.getUsername() == null + || reqData.getUsername().equals(""))) { + /* + * We need a username - if none throw an SoapFault. For + * encryption there is a specific parameter to get a username. + */ + throw new SoapFault(new Message("NO_USERNAME", LOG), version + .getReceiver()); + } + if (doDebug) { + LOG.fine("Action: " + doAction); + LOG.fine("Actor: " + reqData.getActor()); + } + /* + * Now get the SOAP part from the request message and convert it + * into a Document. This forces CXF to serialize the SOAP request + * into FORM_STRING. This string is converted into a document. + * During the FORM_STRING serialization CXF performs multi-ref of + * complex data types (if requested), generates and inserts + * references for attachements and so on. The resulting Document + * MUST be the complete and final SOAP request as CXF would send it + * over the wire. Therefore this must shall be the last (or only) + * handler in a chain. Now we can perform our security operations on + * this request. + */ + + SOAPMessage saaj = mc.getContent(SOAPMessage.class); + + if (saaj == null) { + LOG.warning("SAAJOutHandler must be enabled for WS-Security!"); + throw new SoapFault(new Message("NO_SAAJ_DOC", LOG), version + .getReceiver()); + } + + Document doc = saaj.getSOAPPart(); + + if (doTimeDebug) { + t1 = System.currentTimeMillis(); + } + + doSenderAction(doAction, doc, reqData, actions, Boolean.TRUE + .equals(getProperty(mc, org.apache.cxf.message.Message.REQUESTOR_ROLE))); + + if (doTimeDebug) { + t2 = System.currentTimeMillis(); + TIME_LOG.fine("Send request: total= " + (t2 - t0) + + " request preparation= " + (t1 - t0) + + " request processing= " + (t2 - t1) + + "\n"); + } + + if (doDebug) { + LOG.fine("WSS4JOutInterceptor: exit handleMessage()"); + } + } catch (WSSecurityException e) { + throw new SoapFault(new Message("SECURITY_FAILED", LOG), e, version + .getSender()); + } finally { + reqData.clear(); + reqData = null; + } + } + + public Set<String> getAfter() { + return Collections.emptySet(); + } + + public Set<String> getBefore() { + return Collections.emptySet(); + } + + public String getId() { + return WSS4JOutInterceptorInternal.class.getName(); + } + + public String getPhase() { + return Phase.POST_PROTOCOL; + } + + public void handleFault(SoapMessage message) { + //nothing + } + + private void configureActions(SoapMessage mc, boolean doDebug, + SoapVersion version, WSSConfig config) { + + final Map<Integer, Object> actionMap = CastUtils.cast( + (Map<?, ?>)getProperty(mc, WSS4J_ACTION_MAP)); + if (actionMap != null) { + for (Map.Entry<Integer, Object> entry : actionMap.entrySet()) { + Class<?> removedAction = null; + + // Be defensive here since the cast above is slightly risky + // with the handler config options not being strongly typed. + try { + if (entry.getValue() instanceof Class<?>) { + removedAction = config.setAction( + entry.getKey().intValue(), + (Class<?>)entry.getValue()); + } else if (entry.getValue() instanceof Action) { + removedAction = config.setAction( + entry.getKey().intValue(), + (Action)entry.getValue()); + } else { + throw new SoapFault(new Message("BAD_ACTION", LOG), version + .getReceiver()); + } + } catch (ClassCastException e) { + throw new SoapFault(new Message("BAD_ACTION", LOG), version + .getReceiver()); + } + + if (doDebug) { + if (removedAction != null) { + LOG.fine("Replaced Action: " + removedAction.getName() + + " with Action: " + entry.getValue() + + " for ID: " + entry.getKey()); + } else { + LOG.fine("Added Action: " + entry.getValue() + + " with ID: " + entry.getKey()); + } + } + } + } + } + + public Collection<PhaseInterceptor<? extends org.apache.cxf.message.Message>> + getAdditionalInterceptors() { + return null; + } + } +} Property changes on: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/interceptor/WSS4JOutInterceptor.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/module/SOAPClientAuthModule.java =================================================================== --- stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/module/SOAPClientAuthModule.java (rev 0) +++ stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/module/SOAPClientAuthModule.java 2013-11-01 09:14:17 UTC (rev 18055) @@ -0,0 +1,143 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2013, Red Hat, Inc., and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.jaspi.module; + +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.message.AuthException; +import javax.security.auth.message.AuthStatus; +import javax.security.auth.message.MessageInfo; +import javax.security.auth.message.MessagePolicy; +import javax.security.auth.message.module.ClientAuthModule; +import javax.xml.soap.SOAPException; +import javax.xml.soap.SOAPMessage; + +import org.apache.cxf.binding.soap.SoapMessage; +import org.apache.cxf.binding.soap.SoapVersion; +import org.apache.cxf.binding.soap.SoapVersionFactory; +import org.apache.cxf.message.Exchange; +import org.apache.cxf.message.ExchangeImpl; +import org.apache.cxf.message.MessageImpl; +import org.apache.ws.security.WSSConfig; +import org.jboss.security.SimplePrincipal; +import org.jboss.wsf.stack.cxf.jaspi.interceptor.WSS4JOutInterceptor; + +/** + * @author <a href="ema(a)redhat.com">Jim Ma</a> + */ +public class SOAPClientAuthModule implements ClientAuthModule +{ + + @SuppressWarnings("rawtypes") + private List<Class> supportedTypes = new ArrayList<Class>(); + private SimplePrincipal principal = null; + private Object credential = null; + + @SuppressWarnings("unused") + private MessagePolicy requestPolicy = null; + @SuppressWarnings("unused") + private MessagePolicy responsePolicy = null; + @SuppressWarnings("unused") + private CallbackHandler handler = null; + @SuppressWarnings({ "rawtypes" }) + private Map options = null; + + public SOAPClientAuthModule() + { + this.supportedTypes.add(Object.class); + this.supportedTypes.add(SOAPMessage.class); + } + + @SuppressWarnings("rawtypes") + public SOAPClientAuthModule(List<Class> supportedTypes) + { + this.supportedTypes = supportedTypes; + } + + @SuppressWarnings("rawtypes") + public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy, CallbackHandler handler, Map options) throws AuthException + { + this.requestPolicy = requestPolicy; + this.responsePolicy = responsePolicy; + this.handler = handler; + this.options = options; + } + + @SuppressWarnings({ "unchecked" }) + public AuthStatus secureRequest(MessageInfo messageInfo, Subject source) throws AuthException + { + + SOAPMessage soapMessage = (SOAPMessage)messageInfo.getRequestMessage(); + SoapVersion soapVersion = null; + try + { + String ns = soapMessage.getSOAPBody().getNamespaceURI(); + soapVersion = SoapVersionFactory.getInstance().getSoapVersion(ns); + } + catch (SOAPException e) + { + throw new AuthException(e.getMessage()); + } + if (soapVersion == null) + { + throw new AuthException("Invalid soap message"); + } + + Exchange exchange = new ExchangeImpl(); + MessageImpl messageImpl = new MessageImpl(); + messageImpl.setExchange(exchange); + SoapMessage cxfSoapMessage = new SoapMessage(messageImpl); + cxfSoapMessage.setVersion(soapVersion); + cxfSoapMessage.setContent(SOAPMessage.class, soapMessage); + + WSSConfig wssConfig = WSSConfig.getNewInstance(); + cxfSoapMessage.put(WSSConfig.class.getName(), wssConfig); + + WSS4JOutInterceptor wss4jOutInterceptor = new WSS4JOutInterceptor(options); + wss4jOutInterceptor.createEndingInterceptor().handleMessage(cxfSoapMessage); + return AuthStatus.SUCCESS; + } + + public AuthStatus validateResponse(MessageInfo messageInfo, Subject source, Subject recipient) throws AuthException + { + return AuthStatus.SUCCESS; + } + + @SuppressWarnings("rawtypes") + public Class[] getSupportedMessageTypes() + { + Class[] clsarr = new Class[this.supportedTypes.size()]; + supportedTypes.toArray(clsarr); + return clsarr; + } + + public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException + { + subject.getPrincipals().remove(principal); + subject.getPublicCredentials().remove(credential); + } + +} Property changes on: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/module/SOAPClientAuthModule.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/module/SOAPServerAuthModule.java =================================================================== --- stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/module/SOAPServerAuthModule.java (rev 0) +++ stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/module/SOAPServerAuthModule.java 2013-11-01 09:14:17 UTC (rev 18055) @@ -0,0 +1,141 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2013, Red Hat, Inc., and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.jaspi.module; + +import java.util.Map.Entry; +import java.util.Properties; + +import javax.security.auth.Subject; +import javax.security.auth.message.AuthException; +import javax.security.auth.message.AuthStatus; +import javax.security.auth.message.MessageInfo; +import javax.xml.soap.SOAPException; +import javax.xml.soap.SOAPMessage; + +import org.apache.cxf.binding.soap.SoapMessage; +import org.apache.cxf.binding.soap.SoapVersion; +import org.apache.cxf.binding.soap.SoapVersionFactory; +import org.apache.cxf.message.Exchange; +import org.apache.cxf.message.ExchangeImpl; +import org.apache.cxf.message.Message; +import org.apache.cxf.message.MessageImpl; +import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor; +import org.apache.ws.security.WSSConfig; +import org.apache.ws.security.WSSecurityEngine; +import org.jboss.security.auth.container.modules.AbstractServerAuthModule; +import org.jboss.wsf.stack.cxf.jaspi.config.JBossWSAuthConstants; +import org.jboss.wsf.stack.cxf.jaspi.validator.UsernameTokenValidator; +/** + * @author <a href="ema(a)redhat.com">Jim Ma</a> + */ +public class SOAPServerAuthModule extends AbstractServerAuthModule { + private String securityDomainName = null; + + public SOAPServerAuthModule() { + supportedTypes.add(Object.class); + supportedTypes.add(SOAPMessage.class); + } + + public SOAPServerAuthModule(String lmshName) { + supportedTypes.add(Object.class); + this.supportedTypes.add(SOAPMessage.class); + securityDomainName = lmshName; + } + + @Override + public AuthStatus validateRequest(MessageInfo messageInfo, + Subject clientSubject, Subject serviceSubject) throws AuthException { + //TODO:look at what we need to do with options + return validate(clientSubject, messageInfo) ? AuthStatus.SUCCESS : AuthStatus.FAILURE; + } + + @Override + protected boolean validate(Subject clientSubject, MessageInfo messageInfo) + throws AuthException { + + SOAPMessage soapMessage = (SOAPMessage)messageInfo.getRequestMessage(); + SoapVersion soapVersion = null; + try { + String ns = soapMessage.getSOAPBody().getNamespaceURI(); + soapVersion = SoapVersionFactory.getInstance().getSoapVersion(ns); + } catch (SOAPException e) { + throw new AuthException(e.getMessage()); + } + if (soapVersion == null) { + throw new AuthException("Invalid soap message"); + } + + + Exchange exchange = new ExchangeImpl(); + MessageImpl messageImpl = new MessageImpl(); + messageImpl.setExchange(exchange); + SoapMessage cxfSoapMessage = new SoapMessage(messageImpl); + cxfSoapMessage.setVersion(soapVersion); + cxfSoapMessage.setContent(SOAPMessage.class, soapMessage); + cxfSoapMessage.put(Message.HTTP_REQUEST_METHOD, "POST"); + + + WSSConfig wssConfig = WSSConfig.getNewInstance(); + setJASPICValidator(wssConfig, clientSubject); + cxfSoapMessage.put(WSSConfig.class.getName(), wssConfig); + + //set the wss4j config from messageinfo + if (messageInfo.getMap().get(JBossWSAuthConstants.WSS4J_CONFIG) != null) { + Properties props = (Properties)messageInfo.getMap().get(JBossWSAuthConstants.WSS4J_CONFIG); + for(Entry<Object, Object> e : props.entrySet()) { + cxfSoapMessage.put(e.getKey().toString(), e.getValue()); + } + } + + WSS4JInInterceptor wss4jInterceptor = new WSS4JInInterceptor(); + wss4jInterceptor.handleMessage(cxfSoapMessage); + + return true; + + } + + public AuthStatus secureResponse(MessageInfo arg0, Subject arg1) + throws AuthException { + throw new UnsupportedOperationException(); + } + + protected void setJASPICValidator(WSSConfig wssconfig, Subject subject) { + //TODO: add other validator + UsernameTokenValidator usernameTokenValidator = new UsernameTokenValidator(subject); + usernameTokenValidator.setContextName(getSecurityDomainName()); + wssconfig.setValidator(WSSecurityEngine.USERNAME_TOKEN, usernameTokenValidator); + } + + protected String getSecurityDomainName() { + if (this.securityDomainName != null) + return securityDomainName; + + // Check if it is passed in the options + String domainName = (String) options + .get("javax.security.auth.login.LoginContext"); + if (domainName == null) { + domainName = getClass().getName(); + } + return domainName; + } + +} \ No newline at end of file Property changes on: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/module/SOAPServerAuthModule.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/validator/UsernameTokenValidator.java =================================================================== --- stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/validator/UsernameTokenValidator.java (rev 0) +++ stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/validator/UsernameTokenValidator.java 2013-11-01 09:14:17 UTC (rev 18055) @@ -0,0 +1,101 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2013, Red Hat, Inc., and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.jaspi.validator; + +import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.login.LoginContext; +import javax.security.auth.login.LoginException; + +import org.apache.ws.security.WSConstants; +import org.apache.ws.security.WSSecurityException; +import org.apache.ws.security.handler.RequestData; +import org.apache.ws.security.message.token.UsernameToken; +import org.apache.ws.security.validate.Credential; +import org.apache.ws.security.validate.JAASUsernameTokenValidator; +/** + * @author <a href="ema(a)redhat.com">Jim Ma</a> + */ +public class UsernameTokenValidator extends JAASUsernameTokenValidator { + + private Subject subject; + + public UsernameTokenValidator(Subject subject) { + this.subject = subject; + } + + //wss4j's JAASUsernameTokenValidator only supports plain text password + //TODO: support other type password + private static org.apache.commons.logging.Log log = + org.apache.commons.logging.LogFactory.getLog(UsernameTokenValidator.class); + public Credential validate(Credential credential, RequestData data) throws WSSecurityException { + if (credential == null || credential.getUsernametoken() == null) { + throw new WSSecurityException(WSSecurityException.FAILURE, "noCredential"); + } + + String user = null; + String password = null; + + UsernameToken usernameToken = credential.getUsernametoken(); + + user = usernameToken.getName(); + String pwType = usernameToken.getPasswordType(); + if (log.isDebugEnabled()) { + log.debug("UsernameToken user " + usernameToken.getName()); + log.debug("UsernameToken password type " + pwType); + } + + if (usernameToken.isHashed()) { + log.warn("Authentication failed as hashed username token not supported"); + throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION); + } + + password = usernameToken.getPassword(); + + if (!WSConstants.PASSWORD_TEXT.equals(pwType)) { + log.warn("Password type " + pwType + " not supported"); + throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION); + } + + if (!(user != null && user.length() > 0 && password != null && password.length() > 0)) { + log.warn("User or password empty"); + throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION); + } + + try { + CallbackHandler handler = getCallbackHandler(user, password); + LoginContext ctx = new LoginContext(getContextName(), subject , handler); + ctx.login(); + Subject subject = ctx.getSubject(); + credential.setSubject(subject); + + } catch (LoginException ex) { + log.info("Authentication failed", ex); + throw new WSSecurityException( + WSSecurityException.FAILED_AUTHENTICATION, null, null, ex + ); + } + + return credential; + + } +} Property changes on: stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/validator/UsernameTokenValidator.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Modified: stack/cxf/branches/jaspi/pom.xml =================================================================== --- stack/cxf/branches/jaspi/pom.xml 2013-11-01 08:35:44 UTC (rev 18054) +++ stack/cxf/branches/jaspi/pom.xml 2013-11-01 09:14:17 UTC (rev 18055) @@ -108,6 +108,7 @@ <wstx.version>4.2.0</wstx.version> <spring.version>3.0.7.RELEASE</spring.version> <shrinkwrap.version>1.1.3</shrinkwrap.version> + <jaspi.api.version>1.0.0.Alpha1</jaspi.api.version> </properties> @@ -1150,6 +1151,11 @@ <artifactId>jboss-servlet-api_3.0_spec</artifactId> <version>${servlet.api.version}</version> </dependency> + <dependency> + <groupId>org.jboss.spec.javax.security.auth.message</groupId> + <artifactId>jboss-jaspi-api_1.1_spec</artifactId> + <version>${jaspi.api.version}</version> + </dependency>  <dependency>

11 years, 2 months

1
0
0 / 0

JBossWS SVN: r18054 - stack/cxf/branches.

by jbossws-commits＠lists.jboss.org

Author: jim.ma Date: 2013-11-01 04:35:44 -0400 (Fri, 01 Nov 2013) New Revision: 18054 Added: stack/cxf/branches/jaspi/ Log: Create jaspi workspace

11 years, 2 months

1
0
0 / 0

← Newer
1
2
3
4
5
6
Older →

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jbossws-commits November 2013