February 2014 - jbossws-commits - Jboss List Archives

JBossWS SVN: r18415 - spi/tags/jbossws-spi-2.3.0.CR1.

by jbossws-commits＠lists.jboss.org

Author: jim.ma Date: 2014-02-24 08:09:45 -0500 (Mon, 24 Feb 2014) New Revision: 18415 Modified: spi/tags/jbossws-spi-2.3.0.CR1/pom.xml Log: Update the tag version Modified: spi/tags/jbossws-spi-2.3.0.CR1/pom.xml =================================================================== --- spi/tags/jbossws-spi-2.3.0.CR1/pom.xml 2014-02-24 13:06:04 UTC (rev 18414) +++ spi/tags/jbossws-spi-2.3.0.CR1/pom.xml 2014-02-24 13:09:45 UTC (rev 18415) @@ -7,7 +7,7 @@ <packaging>jar</packaging> <description>JBossWS SPI</description> - <version>2.3.0-SNAPSHOT</version> + <version>2.3.0.CR1</version>  <parent>

10 years, 2 months

1
0
0 / 0

JBossWS SVN: r18414 - spi/tags.

by jbossws-commits＠lists.jboss.org

Author: jim.ma Date: 2014-02-24 08:06:04 -0500 (Mon, 24 Feb 2014) New Revision: 18414 Added: spi/tags/jbossws-spi-2.3.0.CR1/ Log: Tag jbossws-spi-2.3.0.CR1

10 years, 2 months

1
0
0 / 0

JBossWS SVN: r18413 - spi/tags.

by jbossws-commits＠lists.jboss.org

Author: jim.ma Date: 2014-02-24 08:05:14 -0500 (Mon, 24 Feb 2014) New Revision: 18413 Removed: spi/tags/jbossws-spi-2.3.0.Beta5/ Log: Remove the wrong tag

10 years, 2 months

1
0
0 / 0

JBossWS SVN: r18412 - spi/tags.

by jbossws-commits＠lists.jboss.org

Author: jim.ma Date: 2014-02-24 08:02:13 -0500 (Mon, 24 Feb 2014) New Revision: 18412 Added: spi/tags/jbossws-spi-2.3.0.Beta5/ Log: Tag jbossws-spi-2.3.0.Beta5

10 years, 2 months

1
0
0 / 0

JBossWS SVN: r18411 - in stack/cxf/trunk: modules and 41 other directories.

by jbossws-commits＠lists.jboss.org

Author: jim.ma Date: 2014-02-24 07:56:33 -0500 (Mon, 24 Feb 2014) New Revision: 18411 Added: stack/cxf/trunk/modules/jaspi/ stack/cxf/trunk/modules/jaspi/pom.xml stack/cxf/trunk/modules/jaspi/src/ stack/cxf/trunk/modules/jaspi/src/main/ stack/cxf/trunk/modules/jaspi/src/main/java/ stack/cxf/trunk/modules/jaspi/src/main/java/org/ stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/ stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/ stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/ stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/ stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/ stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/DefaultJASPIAuthenticationProvider.java stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/JaspiServerAuthenticator.java stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/client/ stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/client/JaspiClientAuthenticator.java stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/client/JaspiClientInInterceptor.java stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/client/JaspiClientOutInterceptor.java stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/client/SecurityActions.java stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/client/module/ stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/client/module/SOAPClientAuthModule.java stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/ stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSAuthConfigProvider.java stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSAuthConstants.java stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSClientAuthConfig.java stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSClientAuthContext.java stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSServerAuthConfig.java stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSServerAuthContext.java stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/SecurityActions.java stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/interceptor/ stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/interceptor/JaspiSeverInInterceptor.java stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/interceptor/JaspiSeverOutInterceptor.java stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/interceptor/JaspiSubjectCreatingInitInterceptor.java stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/log/ stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/log/Loggers.java stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/module/ stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/module/UsernameTokenServerAuthModule.java stack/cxf/trunk/modules/jaspi/src/main/resources/ stack/cxf/trunk/modules/jaspi/src/main/resources/META-INF/ stack/cxf/trunk/modules/jaspi/src/main/resources/META-INF/services/ stack/cxf/trunk/modules/jaspi/src/main/resources/META-INF/services/org.jboss.wsf.spi.security.JASPIAuthenticationProvider stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/AutenticationMgrSubjectCreatingInterceptor.java stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/ stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaspi/ Modified: stack/cxf/trunk/ stack/cxf/trunk/modules/client/src/main/java/org/jboss/wsf/stack/cxf/Loggers.java stack/cxf/trunk/modules/client/src/main/java/org/jboss/wsf/stack/cxf/client/configuration/CXFClientConfigurer.java stack/cxf/trunk/modules/dist/pom.xml stack/cxf/trunk/modules/dist/src/main/scripts/assembly-deploy-artifacts.xml stack/cxf/trunk/modules/resources/src/main/resources/modules/wildfly800/org/jboss/ws/cxf/jbossws-cxf-client/main/module.xml stack/cxf/trunk/modules/resources/src/main/resources/modules/wildfly800/org/jboss/ws/cxf/jbossws-cxf-server/main/module.xml stack/cxf/trunk/modules/resources/src/main/resources/modules/wildfly800/org/jboss/ws/jaxws-client/main/module.xml stack/cxf/trunk/modules/resources/src/main/resources/resources/jbossws-deploy-macros.xml stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/configuration/BusHolder.java stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/configuration/ServerBeanCustomizer.java stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreatingInterceptor.java stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreatingPolicyInterceptor.java stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreator.java stack/cxf/trunk/modules/testsuite/cxf-tests/scripts/cxf-samples-jars-jaxws.xml stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/Helper.java stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/JaspiAuthenticationTestCase.java stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/ServiceEndpointImpl.java stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/ServiceIface.java stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/ServiceImpl.java stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/UsernamePasswordCallback.java stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/config/jaspi-config-client.xml stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaspi/META-INF/jaxws-client-config.xml stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaspi/WEB-INF/jaxws-endpoint-config.xml stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaspi/WEB-INF/web.xml stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaspi/WEB-INF/wsdl/SecurityService.wsdl stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaspi/WEB-INF/wsdl/SecurityService_schema1.xsd stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaspi/WEB-INF2/jboss-webservices.xml stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaspi/WEB-INF2/web.xml stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaspi/WEB-INF2/wsdl/SecurityService.wsdl stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaspi/WEB-INF2/wsdl/SecurityService_schema1.xsd stack/cxf/trunk/modules/testsuite/pom.xml stack/cxf/trunk/modules/testsuite/test-utils/src/main/java/org/jboss/wsf/test/JBossWSTestHelper.java stack/cxf/trunk/pom.xml Log: [JBWS-3767]:Jaspic soap profile implementation Property changes on: stack/cxf/trunk ___________________________________________________________________ Modified: svn:mergeinfo - /stack/cxf/branches/asoldano:14032-14050,14068 /stack/cxf/branches/ropalka:16301-16305,16966-17008 /stack/cxf/branches/ropalka_JBWS-3550:16747-16757 + /stack/cxf/branches/asoldano:14032-14050,14068 /stack/cxf/branches/jaspi:18054-18409 /stack/cxf/branches/ropalka:16301-16305,16966-17008 /stack/cxf/branches/ropalka_JBWS-3550:16747-16757 Modified: stack/cxf/trunk/modules/client/src/main/java/org/jboss/wsf/stack/cxf/Loggers.java =================================================================== --- stack/cxf/trunk/modules/client/src/main/java/org/jboss/wsf/stack/cxf/Loggers.java 2014-02-24 09:51:06 UTC (rev 18410) +++ stack/cxf/trunk/modules/client/src/main/java/org/jboss/wsf/stack/cxf/Loggers.java 2014-02-24 12:56:33 UTC (rev 18411) @@ -224,4 +224,8 @@ @LogMessage(level = WARN) @Message(id = 24100, value = "Could not delete wsdl directory %s") void couldNotDeleteWsdlDirectory(String filename); + + @LogMessage(level = INFO) + @Message(id = 24102, value = "jaspi authentication isn't enabled, can not find jaspi modules and classes") + void cannotFindJaspiClasses(); } Modified: stack/cxf/trunk/modules/client/src/main/java/org/jboss/wsf/stack/cxf/client/configuration/CXFClientConfigurer.java =================================================================== --- stack/cxf/trunk/modules/client/src/main/java/org/jboss/wsf/stack/cxf/client/configuration/CXFClientConfigurer.java 2014-02-24 09:51:06 UTC (rev 18410) +++ stack/cxf/trunk/modules/client/src/main/java/org/jboss/wsf/stack/cxf/client/configuration/CXFClientConfigurer.java 2014-02-24 12:56:33 UTC (rev 18411) @@ -29,7 +29,12 @@ import org.apache.cxf.frontend.ClientProxy; import org.apache.cxf.jaxws.DispatchImpl; import org.jboss.ws.common.configuration.ConfigHelper; +import org.jboss.wsf.spi.SPIProvider; +import org.jboss.wsf.spi.WSFException; +import org.jboss.wsf.spi.classloading.ClassLoaderProvider; import org.jboss.wsf.spi.metadata.config.ClientConfig; +import org.jboss.wsf.spi.security.JASPIAuthenticationProvider; +import org.jboss.wsf.stack.cxf.Loggers; /** * CXF extension of common ClientConfigurer @@ -57,6 +62,21 @@ savePropList(cxfClient, props); } setConfigProperties(cxfClient, props); + + //config jaspi + try + { + JASPIAuthenticationProvider japsiProvider = SPIProvider.getInstance().getSPI(JASPIAuthenticationProvider.class, + ClassLoaderProvider.getDefaultProvider().getServerIntegrationClassLoader()); + if (japsiProvider != null) + { + japsiProvider.enableClientAuthentication(cxfClient, props); + } + } + catch (WSFException e) + { + Loggers.DEPLOYMENT_LOGGER.cannotFindJaspiClasses(); + } } public void setConfigProperties(Client client, Map<String, String> properties) { Modified: stack/cxf/trunk/modules/dist/pom.xml =================================================================== --- stack/cxf/trunk/modules/dist/pom.xml 2014-02-24 09:51:06 UTC (rev 18410) +++ stack/cxf/trunk/modules/dist/pom.xml 2014-02-24 12:56:33 UTC (rev 18411) @@ -24,6 +24,12 @@ <dependency> <groupId>org.jboss.ws.cxf</groupId> + <artifactId>jbossws-cxf-jaspi</artifactId> + <version>${project.version}</version> + </dependency> + + <dependency> + <groupId>org.jboss.ws.cxf</groupId> <artifactId>jbossws-cxf-transports-httpserver</artifactId> <version>${project.version}</version> </dependency> Modified: stack/cxf/trunk/modules/dist/src/main/scripts/assembly-deploy-artifacts.xml =================================================================== --- stack/cxf/trunk/modules/dist/src/main/scripts/assembly-deploy-artifacts.xml 2014-02-24 09:51:06 UTC (rev 18410) +++ stack/cxf/trunk/modules/dist/src/main/scripts/assembly-deploy-artifacts.xml 2014-02-24 12:56:33 UTC (rev 18411) @@ -30,6 +30,7 @@ <unpack>false</unpack> <includes> <include>org.jboss.ws.cxf:jbossws-cxf-client:jar</include> + <include>org.jboss.ws.cxf:jbossws-cxf-jaspi:jar</include> <include>org.jboss.ws.cxf:jbossws-cxf-factories:jar</include> <include>org.jboss.ws.cxf:jbossws-cxf-server:jar</include> <include>org.jboss.ws.cxf:jbossws-cxf-transports-httpserver:jar</include> Added: stack/cxf/trunk/modules/jaspi/pom.xml =================================================================== --- stack/cxf/trunk/modules/jaspi/pom.xml (rev 0) +++ stack/cxf/trunk/modules/jaspi/pom.xml 2014-02-24 12:56:33 UTC (rev 18411) @@ -0,0 +1,113 @@ +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> + <modelVersion>4.0.0</modelVersion> + + <name>JBoss Web Services - Stack CXF JASPI</name> + <artifactId>jbossws-cxf-jaspi</artifactId> + <packaging>jar</packaging> + +  + <parent> + <groupId>org.jboss.ws.cxf</groupId> + <artifactId>jbossws-cxf</artifactId> + <version>4.3.0-SNAPSHOT</version> + <relativePath>../../pom.xml</relativePath> + </parent> + +  + <dependencies> + <dependency> + <groupId>org.jboss.ws</groupId> + <artifactId>jbossws-spi</artifactId> + </dependency> + <dependency> + <groupId>org.jboss.spec.javax.servlet</groupId> + <artifactId>jboss-servlet-api_3.0_spec</artifactId> + </dependency> + + <dependency> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-rt-frontend-jaxws</artifactId> + </dependency> + + <dependency> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-rt-ws-security</artifactId> + </dependency> + + <dependency> + <groupId>org.picketbox</groupId> + <artifactId>picketbox</artifactId> + </dependency> + + <dependency> + <groupId>org.jboss.spec.javax.security.auth.message</groupId> + <artifactId>jboss-jaspi-api_1.1_spec</artifactId> + </dependency> + + <dependency> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + </dependency> + <dependency> + <groupId>org.jboss.logging</groupId> + <artifactId>jboss-logging</artifactId> + </dependency> + <dependency> + <groupId>org.jboss.logging</groupId> + <artifactId>jboss-logging-processor</artifactId> + <scope>provided</scope> + </dependency> + + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <scope>test</scope> + </dependency> + </dependencies> + + <profiles> +  + <profile> + <id>enforce</id> + <activation> + <property> + <name>!skip-enforce</name> + </property> + </activation> + <build> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-enforcer-plugin</artifactId> + <executions> + <execution> + <id>ban-bad-dependencies</id> + <goals> + <goal>enforce</goal> + </goals> + <configuration> + <rules> + <bannedDependencies> + <searchTransitive>true</searchTransitive> + <excludes> + <exclude>org.apache.cxf:cxf-rt-bindings-corba</exclude> + <exclude>org.apache.cxf:cxf-rt-javascript</exclude> + <exclude>org.apache.geronimo.specs</exclude> + <exclude>org.codehaus.jra:jra</exclude> + <exclude>org.slf4j:slf4j-jdk14</exclude> + </excludes> + </bannedDependencies> + </rules> + </configuration> + </execution> + </executions> + </plugin> + </plugins> + </build> + </profile> + </profiles> + +</project> Property changes on: stack/cxf/trunk/modules/jaspi/pom.xml ___________________________________________________________________ Added: svn:mime-type + text/xml Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/DefaultJASPIAuthenticationProvider.java =================================================================== --- stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/DefaultJASPIAuthenticationProvider.java (rev 0) +++ stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/DefaultJASPIAuthenticationProvider.java 2014-02-24 12:56:33 UTC (rev 18411) @@ -0,0 +1,227 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2010, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.jaspi; + +import java.util.Map; +import java.util.Properties; + +import javax.security.auth.message.config.AuthConfigFactory; +import javax.security.auth.message.config.AuthConfigProvider; +import javax.security.auth.message.config.ClientAuthConfig; +import javax.security.auth.message.config.ServerAuthConfig; +import javax.security.auth.message.config.ServerAuthContext; + +import org.apache.cxf.Bus; +import org.apache.cxf.endpoint.Client; +import org.apache.cxf.jaxws22.EndpointImpl; +import org.jboss.security.auth.callback.JBossCallbackHandler; +import org.jboss.security.auth.login.AuthenticationInfo; +import org.jboss.security.auth.login.BaseAuthenticationInfo; +import org.jboss.security.auth.login.JASPIAuthenticationInfo; +import org.jboss.security.config.ApplicationPolicy; +import org.jboss.security.config.SecurityConfiguration; +import org.jboss.wsf.spi.deployment.Deployment; +import org.jboss.wsf.spi.deployment.Endpoint; +import org.jboss.wsf.spi.metadata.webservices.JBossWebservicesMetaData; +import org.jboss.wsf.spi.security.JASPIAuthenticationProvider; +import org.jboss.wsf.stack.cxf.jaspi.client.JaspiClientAuthenticator; +import org.jboss.wsf.stack.cxf.jaspi.client.JaspiClientInInterceptor; +import org.jboss.wsf.stack.cxf.jaspi.client.JaspiClientOutInterceptor; +import org.jboss.wsf.stack.cxf.jaspi.config.JBossWSAuthConfigProvider; +import org.jboss.wsf.stack.cxf.jaspi.config.JBossWSAuthConstants; +import org.jboss.wsf.stack.cxf.jaspi.interceptor.JaspiSeverInInterceptor; +import org.jboss.wsf.stack.cxf.jaspi.interceptor.JaspiSeverOutInterceptor; +import org.jboss.wsf.stack.cxf.jaspi.log.Loggers; + +/** + * Class to enable the jaspi authentication interceptors in cxf bus , endpoint or client + * @author <a href="mailto:ema@redhat.com">Jim Ma</a> + */ +public class DefaultJASPIAuthenticationProvider implements JASPIAuthenticationProvider +{ + public DefaultJASPIAuthenticationProvider() + { + } + + public boolean enableClientAuthentication(Object target, Map<String, String> properties) + { + if (!(target instanceof Client)) { + Loggers.ROOT_LOGGER.cannotEnableJASPIAuthentication(target.getClass().getSimpleName()); + return false; + } + Client client = (Client)target; + String securityDomain = properties.get(JaspiClientAuthenticator.JASPI_SECURITY_DOMAIN); + if (securityDomain == null) + { + return false; + } + ApplicationPolicy appPolicy = SecurityConfiguration.getApplicationPolicy(securityDomain); + if (appPolicy == null) + { + Loggers.ROOT_LOGGER.noApplicationPolicy(securityDomain); + return false; + } + BaseAuthenticationInfo bai = appPolicy.getAuthenticationInfo(); + if (bai == null || bai instanceof AuthenticationInfo) + { + Loggers.ROOT_LOGGER.noJaspiApplicationPolicy(securityDomain); + return false; + } + JASPIAuthenticationInfo jai = (JASPIAuthenticationInfo) bai; + + String contextRoot = client.getEndpoint().getEndpointInfo().getName().toString(); + String appId = "localhost " + contextRoot; + AuthConfigFactory factory = AuthConfigFactory.getFactory(); + + Properties props = new Properties(); + AuthConfigProvider provider = new JBossWSAuthConfigProvider(props, factory); + provider = factory.getConfigProvider(JBossWSAuthConstants.SOAP_LAYER, appId, null); + JBossCallbackHandler callbackHandler = new JBossCallbackHandler(); + try + { + ClientAuthConfig clientConfig = provider.getClientAuthConfig("soap", appId, callbackHandler); + JaspiClientAuthenticator clientAuthenticator = new JaspiClientAuthenticator(clientConfig, securityDomain, jai); + client.getInInterceptors().add(new JaspiClientInInterceptor(clientAuthenticator)); + client.getOutInterceptors().add(new JaspiClientOutInterceptor(clientAuthenticator)); + } + catch (Exception e) + { + Loggers.DEPLOYMENT_LOGGER.cannotCreateServerAuthContext(securityDomain, e); + } + + return false; + + } + + public boolean enableServerAuthentication(Deployment dep, JBossWebservicesMetaData wsmd) + { + String securityDomain = null; + if (wsmd != null) + { + securityDomain = wsmd.getProperty(JaspiServerAuthenticator.JASPI_SECURITY_DOMAIN); + } + if (securityDomain == null) + { + return false; + } + ApplicationPolicy appPolicy = SecurityConfiguration.getApplicationPolicy(securityDomain); + if (appPolicy == null) + { + Loggers.ROOT_LOGGER.noApplicationPolicy(securityDomain); + return false; + } + BaseAuthenticationInfo bai = appPolicy.getAuthenticationInfo(); + if (bai == null || bai instanceof AuthenticationInfo) + { + Loggers.ROOT_LOGGER.noJaspiApplicationPolicy(securityDomain); + return false; + } + JASPIAuthenticationInfo jai = (JASPIAuthenticationInfo) bai; + + String contextRoot = dep.getService().getContextRoot(); + String appId = "localhost " + contextRoot; + AuthConfigFactory factory = AuthConfigFactory.getFactory(); + Properties properties = new Properties(); + AuthConfigProvider provider = new JBossWSAuthConfigProvider(properties, factory); + provider = factory.getConfigProvider(JBossWSAuthConstants.SOAP_LAYER, appId, null); + + JBossCallbackHandler callbackHandler = new JBossCallbackHandler(); + try + { + ServerAuthConfig serverConfig = provider.getServerAuthConfig(JBossWSAuthConstants.SOAP_LAYER, appId, + callbackHandler); + Properties serverContextProperties = new Properties(); + serverContextProperties.put("security-domain", securityDomain); + serverContextProperties.put("jaspi-policy", jai); + Bus bus = dep.getAttachment(Bus.class); + serverContextProperties.put(Bus.class, bus); + String authContextID = dep.getSimpleName(); + ServerAuthContext sctx = serverConfig.getAuthContext(authContextID, null, serverContextProperties); + JaspiServerAuthenticator serverAuthenticator = new JaspiServerAuthenticator(sctx); + bus.getInInterceptors().add(new JaspiSeverInInterceptor(serverAuthenticator)); + bus.getOutInterceptors().add(new JaspiSeverOutInterceptor(serverAuthenticator)); + return true; + } + catch (Exception e) + { + Loggers.DEPLOYMENT_LOGGER.cannotCreateServerAuthContext(securityDomain, e); + } + return false; + } + + public boolean enableServerAuthentication(Object target, Endpoint endpoint) + { + if (!(target instanceof EndpointImpl)) { + Loggers.ROOT_LOGGER.cannotEnableJASPIAuthentication(target.getClass().getSimpleName()); + return false; + } + EndpointImpl endpointImpl = (EndpointImpl)target; + String securityDomain = (String) endpointImpl.getProperties().get(JaspiServerAuthenticator.JASPI_SECURITY_DOMAIN); + if (securityDomain == null) + { + return false; + } + ApplicationPolicy appPolicy = SecurityConfiguration.getApplicationPolicy(securityDomain); + if (appPolicy == null) + { + Loggers.ROOT_LOGGER.noApplicationPolicy(securityDomain); + return false; + } + BaseAuthenticationInfo bai = appPolicy.getAuthenticationInfo(); + if (bai == null || bai instanceof AuthenticationInfo) + { + Loggers.ROOT_LOGGER.noJaspiApplicationPolicy(securityDomain); + return false; + } + JASPIAuthenticationInfo jai = (JASPIAuthenticationInfo) bai; + String contextRoot = endpoint.getService().getContextRoot(); + String appId = "localhost " + contextRoot; + AuthConfigFactory factory = AuthConfigFactory.getFactory(); + Properties properties = new Properties(); + AuthConfigProvider provider = new JBossWSAuthConfigProvider(properties, factory); + provider = factory.getConfigProvider(JBossWSAuthConstants.SOAP_LAYER, appId, null); + + JBossCallbackHandler callbackHandler = new JBossCallbackHandler(); + JaspiServerAuthenticator serverAuthenticator = null; + try + { + ServerAuthConfig serverConfig = provider.getServerAuthConfig(JBossWSAuthConstants.SOAP_LAYER, appId, + callbackHandler); + Properties serverContextProperties = new Properties(); + serverContextProperties.put("security-domain", securityDomain); + serverContextProperties.put("jaspi-policy", jai); + serverContextProperties.put(javax.xml.ws.Endpoint.class, endpointImpl); + String authContextID = endpointImpl.getBeanName(); + ServerAuthContext sctx = serverConfig.getAuthContext(authContextID, null, serverContextProperties); + serverAuthenticator = new JaspiServerAuthenticator(sctx); + endpointImpl.getInInterceptors().add(new JaspiSeverInInterceptor(serverAuthenticator)); + endpointImpl.getOutInterceptors().add(new JaspiSeverOutInterceptor(serverAuthenticator)); + return true; + + } + catch (Exception e) + { + Loggers.DEPLOYMENT_LOGGER.cannotCreateServerAuthContext(securityDomain, e); + } + return false; + } +} Property changes on: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/DefaultJASPIAuthenticationProvider.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/JaspiServerAuthenticator.java =================================================================== --- stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/JaspiServerAuthenticator.java (rev 0) +++ stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/JaspiServerAuthenticator.java 2014-02-24 12:56:33 UTC (rev 18411) @@ -0,0 +1,157 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2010, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.jaspi; + +import javax.security.auth.message.AuthException; +import javax.security.auth.message.AuthStatus; +import javax.security.auth.message.MessageInfo; +import javax.security.auth.message.config.ServerAuthContext; +import javax.xml.namespace.QName; +import javax.xml.soap.SOAPMessage; + +import org.apache.cxf.binding.soap.Soap12; +import org.apache.cxf.binding.soap.SoapBinding; +import org.apache.cxf.binding.soap.SoapFault; +import org.apache.cxf.binding.soap.SoapMessage; +import org.apache.cxf.binding.soap.interceptor.SoapPreProtocolOutInterceptor; +import org.apache.cxf.endpoint.Endpoint; +import org.apache.cxf.interceptor.InterceptorChain; +import org.apache.cxf.interceptor.OutgoingChainInterceptor; +import org.apache.cxf.message.Message; +import org.apache.cxf.message.MessageImpl; +import org.jboss.security.auth.message.GenericMessageInfo; + +/** + * Authenticator for server side , it is used to authenticate cxf SoapMessage with japsi ServerAuthContext + * @author <a href="mailto:ema@redhat.com">Jim Ma</a> + */ +public class JaspiServerAuthenticator +{ + public static final String JASPI_SECURITY_DOMAIN = "jaspi.security.domain"; + + private final ServerAuthContext sctx; + + public JaspiServerAuthenticator(ServerAuthContext sctx) + { + this.sctx = sctx; + } + + public void validateRequest(SoapMessage message) + { + SOAPMessage soapMessage = message.getContent(SOAPMessage.class); + MessageInfo messageInfo = new GenericMessageInfo(soapMessage, null); + AuthStatus authStatus; + try + { + authStatus = sctx.validateRequest(messageInfo, null, null); + } + catch (AuthException e) + { + if (isSOAP12(message)) + { + SoapFault soap12Fault = new SoapFault(e.getMessage(), Soap12.getInstance().getReceiver()); + throw soap12Fault; + } + else + { + throw new SoapFault(e.getMessage(), new QName("", "japsi AuthException")); + } + } + Message response = null; + if (messageInfo.getResponseMessage() != null && !message.getExchange().isOneWay()) + { + + Endpoint e = message.getExchange().get(Endpoint.class); + + response = new MessageImpl(); + response.setExchange(message.getExchange()); + response = e.getBinding().createMessage(response); + message.getExchange().setOutMessage(response); + response.setContent(SOAPMessage.class, messageInfo.getResponseMessage()); + if (AuthStatus.SEND_CONTINUE == authStatus) + { + response.put(Message.RESPONSE_CODE, Integer.valueOf(303)); + } + if (AuthStatus.SEND_FAILURE == authStatus) + { + response.put(Message.RESPONSE_CODE, Integer.valueOf(500)); + } + + message.getInterceptorChain().abort(); + InterceptorChain chain = OutgoingChainInterceptor.getOutInterceptorChain(message.getExchange()); + response.setInterceptorChain(chain); + chain.doInterceptStartingAfter(response, SoapPreProtocolOutInterceptor.class.getName()); + + } + + } + + public void secureResponse(SoapMessage message) + { + SOAPMessage request = message.getExchange().getInMessage().get(SOAPMessage.class); + SOAPMessage response = message.getContent(SOAPMessage.class); + MessageInfo messageInfo = new GenericMessageInfo(request, response); + AuthStatus authStatus = null; + try + { + authStatus = sctx.secureResponse(messageInfo, null); + } + catch (AuthException e) + { + if (isSOAP12(message)) + { + SoapFault soap12Fault = new SoapFault(e.getMessage(), Soap12.getInstance().getReceiver()); + throw soap12Fault; + } + else + { + throw new SoapFault(e.getMessage(), new QName("", "japsi AuthException")); + } + } + if (messageInfo.getResponseMessage() != null && !message.getExchange().isOneWay()) + { + if (AuthStatus.SEND_CONTINUE == authStatus) + { + message.put(Message.RESPONSE_CODE, Integer.valueOf(303)); + } + if (AuthStatus.SEND_FAILURE == authStatus) + { + message.put(Message.RESPONSE_CODE, Integer.valueOf(500)); + } + } + + } + + private boolean isSOAP12(Message message) + { + if (message.getExchange().getBinding() instanceof SoapBinding) + { + SoapBinding binding = (SoapBinding) message.getExchange().getBinding(); + if (binding.getSoapVersion() == Soap12.getInstance()) + { + return true; + } + } + return false; + } + +} Property changes on: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/JaspiServerAuthenticator.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/client/JaspiClientAuthenticator.java =================================================================== --- stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/client/JaspiClientAuthenticator.java (rev 0) +++ stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/client/JaspiClientAuthenticator.java 2014-02-24 12:56:33 UTC (rev 18411) @@ -0,0 +1,124 @@ +package org.jboss.wsf.stack.cxf.jaspi.client; + +import java.util.Properties; + +import javax.security.auth.Subject; +import javax.security.auth.message.AuthException; +import javax.security.auth.message.AuthStatus; +import javax.security.auth.message.MessageInfo; +import javax.security.auth.message.config.ClientAuthConfig; +import javax.security.auth.message.config.ClientAuthContext; +import javax.xml.namespace.QName; +import javax.xml.soap.SOAPMessage; + +import org.apache.cxf.binding.soap.Soap12; +import org.apache.cxf.binding.soap.SoapBinding; +import org.apache.cxf.binding.soap.SoapFault; +import org.apache.cxf.binding.soap.SoapMessage; +import org.apache.cxf.message.Message; +import org.jboss.security.auth.login.JASPIAuthenticationInfo; +import org.jboss.security.auth.message.GenericMessageInfo; + +/** + * Authenticator for client side , it is used to obtain ClientAuthContext and authenticate cxf SoapMessage + * @author <a href="mailto:ema@redhat.com">Jim Ma</a> + */ +public class JaspiClientAuthenticator +{ + public static final String JASPI_SECURITY_DOMAIN = "jaspi.security.domain"; + + private final ClientAuthConfig clientConfig; + + private final String securityDomain; + + private final JASPIAuthenticationInfo jpi; + + public JaspiClientAuthenticator(ClientAuthConfig clientConfig, String securityDomain, JASPIAuthenticationInfo jpi) + { + + this.clientConfig = clientConfig; + this.securityDomain = securityDomain; + this.jpi = jpi; + } + + public void secureRequest(SoapMessage message) + { + SOAPMessage soapMessage = message.getContent(SOAPMessage.class); + MessageInfo messageInfo = new GenericMessageInfo(soapMessage, null); + String authContextID = clientConfig.getAuthContextID(messageInfo); + + Properties serverContextProperties = new Properties(); + serverContextProperties.put("security-domain", securityDomain); + serverContextProperties.put("jaspi-policy", jpi); + Subject clientSubject = new Subject(); + @SuppressWarnings("unused") + AuthStatus authStatus = null; + try + { + ClientAuthContext cctx = clientConfig.getAuthContext(authContextID, clientSubject, serverContextProperties); + authStatus = cctx.secureRequest(messageInfo, clientSubject); + } + catch (AuthException e) + { + if (isSOAP12(message)) + { + SoapFault soap12Fault = new SoapFault(e.getMessage(), Soap12.getInstance().getSender()); + throw soap12Fault; + } + else + { + throw new SoapFault(e.getMessage(), new QName("", "japsi AuthException")); + } + } + //TODO:look at how to handle AuthStatus + + } + + public void validateResponse(SoapMessage message) + { + SOAPMessage request = message.getExchange().getInMessage().get(SOAPMessage.class); + SOAPMessage response = message.getContent(SOAPMessage.class); + MessageInfo messageInfo = new GenericMessageInfo(request, response); + String authContextID = clientConfig.getAuthContextID(messageInfo); + + Properties serverContextProperties = new Properties(); + serverContextProperties.put("security-domain", securityDomain); + serverContextProperties.put("jaspi-policy", jpi); + Subject clientSubject = new Subject(); + @SuppressWarnings("unused") + AuthStatus authStatus = null; + try + { + ClientAuthContext sctx = clientConfig.getAuthContext(authContextID, clientSubject, serverContextProperties); + authStatus = sctx.validateResponse(messageInfo, new Subject(), new Subject()); + } + catch (AuthException e) + { + if (isSOAP12(message)) + { + SoapFault soap12Fault = new SoapFault(e.getMessage(), Soap12.getInstance().getSender()); + throw soap12Fault; + } + else + { + throw new SoapFault(e.getMessage(), new QName("", "japsi AuthException")); + } + } + //TODO:handle AuthStatus + + } + + private boolean isSOAP12(Message message) + { + if (message.getExchange().getBinding() instanceof SoapBinding) + { + SoapBinding binding = (SoapBinding) message.getExchange().getBinding(); + if (binding.getSoapVersion() == Soap12.getInstance()) + { + return true; + } + } + return false; + } + +} Property changes on: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/client/JaspiClientAuthenticator.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/client/JaspiClientInInterceptor.java =================================================================== --- stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/client/JaspiClientInInterceptor.java (rev 0) +++ stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/client/JaspiClientInInterceptor.java 2014-02-24 12:56:33 UTC (rev 18411) @@ -0,0 +1,60 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2010, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.jaspi.client; + +import javax.xml.soap.SOAPMessage; + +import org.apache.cxf.binding.soap.SoapMessage; +import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor; +import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor; +import org.apache.cxf.interceptor.Fault; +import org.apache.cxf.phase.Phase; + +/** + * CXF in interceptor to validateResponse cxf SoapMessage with JaspiClientAuthentcator + * @See org.jboss.wsf.stack.cxf.client.jaspi.JaspiClientAuthentcator + * @author <a href="mailto:ema@redhat.com">Jim Ma</a> + */ +public class JaspiClientInInterceptor extends AbstractSoapInterceptor +{ + private final JaspiClientAuthenticator authManager; + + public JaspiClientInInterceptor(JaspiClientAuthenticator authManager) + { + super(Phase.POST_PROTOCOL_ENDING); + addAfter(SAAJOutInterceptor.SAAJOutEndingInterceptor.class.getName()); + this.authManager = authManager; + } + + @Override + public void handleMessage(SoapMessage message) throws Fault + { + + if (message.getContent(SOAPMessage.class) == null) + { + SAAJOutInterceptor saajout = new SAAJOutInterceptor(); + saajout.handleMessage(message); + } + authManager.validateResponse(message); + } + +} Property changes on: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/client/JaspiClientInInterceptor.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/client/JaspiClientOutInterceptor.java =================================================================== --- stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/client/JaspiClientOutInterceptor.java (rev 0) +++ stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/client/JaspiClientOutInterceptor.java 2014-02-24 12:56:33 UTC (rev 18411) @@ -0,0 +1,101 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2010, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.jaspi.client; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; + +import javax.xml.soap.MessageFactory; +import javax.xml.soap.SOAPException; +import javax.xml.soap.SOAPMessage; + +import org.apache.cxf.binding.soap.SoapMessage; +import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor; +import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor; +import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor.SAAJPreInInterceptor; +import org.apache.cxf.interceptor.Fault; +import org.apache.cxf.phase.Phase; + +/** + * CXF out interceptor to secureRequest cxf SoapMessage with JaspiClientAuthentcator + * @See org.jboss.wsf.stack.cxf.client.jaspi.JaspiClientAuthentcator + * @author <a href="mailto:ema@redhat.com">Jim Ma</a> + */ +public class JaspiClientOutInterceptor extends AbstractSoapInterceptor +{ + private final JaspiClientAuthenticator authManager; + + public JaspiClientOutInterceptor(JaspiClientAuthenticator authManager) + { + super(Phase.PRE_PROTOCOL); + addAfter(SAAJInInterceptor.class.getName()); + this.authManager = authManager; + } + + @Override + public void handleMessage(SoapMessage message) throws Fault + { + if (message.getContent(SOAPMessage.class) == null) + { + SAAJInInterceptor saajIn = new SAAJInInterceptor(); + saajIn.handleMessage(message); + } + SOAPMessage soapMessage = message.getContent(SOAPMessage.class); + if (soapMessage == null) + { + return; + } + + SOAPMessage copyMessage = null; + try + { + MessageFactory messageFactory = SAAJPreInInterceptor.INSTANCE.getFactory(message); + ByteArrayOutputStream bout = new ByteArrayOutputStream(); + soapMessage.writeTo(bout); + copyMessage = messageFactory.createMessage(soapMessage.getMimeHeaders(), + new ByteArrayInputStream(bout.toByteArray())); + } + catch (SOAPException e) + { + throw new Fault(e); + } + catch (IOException e) + { + throw new Fault(e); + } + if (copyMessage != null) + { + message.put(SOAPMessage.class, copyMessage); + } + try + { + authManager.secureRequest(message); + } + finally + { + message.put(SOAPMessage.class, soapMessage); + } + + } + +} Property changes on: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/client/JaspiClientOutInterceptor.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/client/SecurityActions.java =================================================================== --- stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/client/SecurityActions.java (rev 0) +++ stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/client/SecurityActions.java 2014-02-24 12:56:33 UTC (rev 18411) @@ -0,0 +1,107 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2013, Red Hat, Inc., and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.jaspi.client; + +/** + * @author <a href="mailto:ema@redhat.com">Jim Ma</a> + */ +import java.security.AccessController; +import java.security.PrivilegedAction; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; + +import org.jboss.security.SecurityContext; +import org.jboss.security.SecurityContextAssociation; + +class SecurityActions +{ + static ClassLoader getContextClassLoader() + { + return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() + { + public ClassLoader run() + { + return Thread.currentThread().getContextClassLoader(); + } + }); + + } + + static SecurityContext getSecurityContext() + { + return AccessController.doPrivileged(new PrivilegedAction<SecurityContext>() + { + + public SecurityContext run() + { + return SecurityContextAssociation.getSecurityContext(); + } + }); + } + + static Class<?> loadClass(final ClassLoader cl, final String name) throws PrivilegedActionException + { + return AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>() + { + public Class<?> run() throws PrivilegedActionException + { + if (cl == null) + { + return loadClass(name); + } + try + { + return cl.loadClass(name); + } + catch (Exception ignore) + { + return loadClass(name); + } + } + }); + } + + static Class<?> loadClass(final String name) throws PrivilegedActionException + { + return AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>() + { + public Class<?> run() throws PrivilegedActionException + { + try + { + return getClass().getClassLoader().loadClass(name); + } + catch (Exception ignore) + { + try + { + return getContextClassLoader().loadClass(name); + } + catch (Exception e) + { + throw new PrivilegedActionException(e); + } + } + } + }); + } +} \ No newline at end of file Property changes on: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/client/SecurityActions.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/client/module/SOAPClientAuthModule.java =================================================================== --- stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/client/module/SOAPClientAuthModule.java (rev 0) +++ stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/client/module/SOAPClientAuthModule.java 2014-02-24 12:56:33 UTC (rev 18411) @@ -0,0 +1,118 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2013, Red Hat, Inc., and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.jaspi.client.module; + +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.message.AuthException; +import javax.security.auth.message.AuthStatus; +import javax.security.auth.message.MessageInfo; +import javax.security.auth.message.MessagePolicy; +import javax.security.auth.message.module.ClientAuthModule; +import javax.xml.soap.SOAPMessage; + +import org.jboss.security.SimplePrincipal; + +/** + * SOAPClientAuthModule + * TODO: Investigate what we can do with this module + * @author <a href="mailto:ema@redhat.com">Jim Ma</a> + */ +public class SOAPClientAuthModule implements ClientAuthModule +{ + public static String log; + + @SuppressWarnings("rawtypes") + private List<Class> supportedTypes = new ArrayList<Class>(); + + private SimplePrincipal principal = null; + + private Object credential = null; + + @SuppressWarnings("unused") + private MessagePolicy requestPolicy = null; + + @SuppressWarnings("unused") + private MessagePolicy responsePolicy = null; + + @SuppressWarnings("unused") + private CallbackHandler handler = null; + + @SuppressWarnings( + {"rawtypes"}) + private Map options = null; + + public SOAPClientAuthModule() + { + this.supportedTypes.add(Object.class); + this.supportedTypes.add(SOAPMessage.class); + } + + @SuppressWarnings("rawtypes") + public SOAPClientAuthModule(List<Class> supportedTypes) + { + this.supportedTypes = supportedTypes; + } + + @SuppressWarnings("rawtypes") + public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy, CallbackHandler handler, + Map options) throws AuthException + { + this.requestPolicy = requestPolicy; + this.responsePolicy = responsePolicy; + this.handler = handler; + this.options = options; + } + + @SuppressWarnings( + {"unchecked"}) + public AuthStatus secureRequest(MessageInfo messageInfo, Subject source) throws AuthException + { + log = "secureRequest"; + SOAPMessage soapMessage = (SOAPMessage) messageInfo.getRequestMessage(); + return AuthStatus.SUCCESS; + } + + public AuthStatus validateResponse(MessageInfo messageInfo, Subject source, Subject recipient) throws AuthException + { + return AuthStatus.SUCCESS; + } + + @SuppressWarnings("rawtypes") + public Class[] getSupportedMessageTypes() + { + Class[] clsarr = new Class[this.supportedTypes.size()]; + supportedTypes.toArray(clsarr); + return clsarr; + } + + public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException + { + subject.getPrincipals().remove(principal); + subject.getPublicCredentials().remove(credential); + } + +} Property changes on: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/client/module/SOAPClientAuthModule.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSAuthConfigProvider.java =================================================================== --- stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSAuthConfigProvider.java (rev 0) +++ stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSAuthConfigProvider.java 2014-02-24 12:56:33 UTC (rev 18411) @@ -0,0 +1,75 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2013, Red Hat, Inc., and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.jaspi.config; + +import java.util.Properties; + +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.message.AuthException; +import javax.security.auth.message.config.AuthConfigFactory; +import javax.security.auth.message.config.AuthConfigProvider; +import javax.security.auth.message.config.ClientAuthConfig; +import javax.security.auth.message.config.ServerAuthConfig; + +/** + * Factory class used to getJBossWSClientAuthConfig and JBossWSServerAuthConfig + * <p>I + * It is used to Obtain JBosswSClientAuthConfig and JBossWSServerAuthConfig + * @see org.jboss.wsf.stack.cxf.jaspi.config.JBosswSClientAuthConfig + * @see org.jboss.wsf.stack.cxf.jaspi.config.JBossWSServerAuthConfig + * @author <a href="mailto:ema@redhat.com">Jim Ma</a> + */ +public class JBossWSAuthConfigProvider implements AuthConfigProvider +{ + private final Properties contextProperties; + + public JBossWSAuthConfigProvider(Properties props, AuthConfigFactory factory) + { + contextProperties = props; + if (factory != null) + { + factory.registerConfigProvider(this, "soap", null, "JBossWS AuthConfigProvider"); + } + + } + + @Override + public ClientAuthConfig getClientAuthConfig(String layer, String appContext, CallbackHandler handler) + throws AuthException, SecurityException + { + return new JBossWSClientAuthConfig(layer, appContext, handler, contextProperties); + } + + @Override + public ServerAuthConfig getServerAuthConfig(String layer, String appContext, CallbackHandler handler) + throws AuthException, SecurityException + { + return new JBossWSServerAuthConfig(layer, appContext, handler, contextProperties); + } + + @Override + public void refresh() + { + + } + +} \ No newline at end of file Property changes on: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSAuthConfigProvider.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSAuthConstants.java =================================================================== --- stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSAuthConstants.java (rev 0) +++ stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSAuthConstants.java 2014-02-24 12:56:33 UTC (rev 18411) @@ -0,0 +1,32 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2013, Red Hat, Inc., and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.jaspi.config; + +/** + * Define the jaspi authentication property name + * @author <a href="mailto:ema@redhat.com">Jim Ma</a> + */ +public class JBossWSAuthConstants +{ + public static final String SOAP_LAYER = "soap"; + +} Property changes on: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSAuthConstants.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSClientAuthConfig.java =================================================================== --- stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSClientAuthConfig.java (rev 0) +++ stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSClientAuthConfig.java 2014-02-24 12:56:33 UTC (rev 18411) @@ -0,0 +1,193 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2013, Red Hat, Inc., and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.jaspi.config; + +import java.lang.reflect.Constructor; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; + +import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.message.AuthException; +import javax.security.auth.message.MessageInfo; +import javax.security.auth.message.config.ClientAuthContext; +import javax.security.auth.message.module.ClientAuthModule; +import javax.xml.namespace.QName; +import javax.xml.soap.MimeHeaders; +import javax.xml.soap.SOAPBody; +import javax.xml.soap.SOAPElement; +import javax.xml.soap.SOAPEnvelope; +import javax.xml.soap.SOAPException; +import javax.xml.soap.SOAPMessage; +import javax.xml.soap.SOAPPart; + +import org.apache.cxf.common.util.StringUtils; +import org.jboss.security.auth.container.config.AuthModuleEntry; +import org.jboss.security.auth.login.JASPIAuthenticationInfo; +import org.jboss.security.auth.message.config.JBossClientAuthConfig; +import org.jboss.security.config.ControlFlag; +import org.jboss.security.plugins.ClassLoaderLocator; +import org.jboss.security.plugins.ClassLoaderLocatorFactory; + +/** + * JBossWS ClientAuthConfig implementation to obtain ClientAuthContext + * @author <a href="mailto:ema@redhat.com">Jim Ma</a> + */ +public class JBossWSClientAuthConfig extends JBossClientAuthConfig +{ + + @SuppressWarnings("rawtypes") + private final List modules = new ArrayList(); + + private CallbackHandler callbackHandler; + + @SuppressWarnings("rawtypes") + public JBossWSClientAuthConfig(String layer, String appContext, CallbackHandler handler, Map properties) + { + super(layer, appContext, handler, properties); + callbackHandler = handler; + } + + @SuppressWarnings( + {"rawtypes", "unchecked"}) + public ClientAuthContext getAuthContext(String authContextID, Subject clientSubject, Map properties) + throws AuthException + { + List<ControlFlag> controlFlags = new ArrayList<ControlFlag>(); + + Map<String, Map> mapOptionsByName = new HashMap<String, Map>(); + + JASPIAuthenticationInfo jai = (JASPIAuthenticationInfo) properties.get("jaspi-policy"); + AuthModuleEntry[] amearr = jai.getAuthModuleEntry(); + + ClassLoader moduleCL = null; + String jbossModule = jai.getJBossModuleName(); + if (jbossModule != null && !jbossModule.isEmpty()) + { + ClassLoaderLocator locator = ClassLoaderLocatorFactory.get(); + if (locator != null) + moduleCL = locator.get(jbossModule); + } + + for (AuthModuleEntry ame : amearr) + { + + try + { + mapOptionsByName.put(ame.getAuthModuleName(), ame.getOptions()); + controlFlags.add(ame.getControlFlag()); + ClientAuthModule sam = this.createCAM(moduleCL, ame.getAuthModuleName()); + + Map options = new HashMap(); + sam.initialize(null, null, callbackHandler, options); + modules.add(sam); + } + catch (Exception e) + { + throw new AuthException(e.getLocalizedMessage()); + } + } + + JBossWSClientAuthContext clientAuthContext = new JBossWSClientAuthContext(modules, mapOptionsByName, + this.callbackHandler); + clientAuthContext.setControlFlags(controlFlags); + return clientAuthContext; + } + + @SuppressWarnings( + {"unchecked", "rawtypes"}) + private ClientAuthModule createCAM(ClassLoader moduleCL, String name) throws Exception + { + Class clazz = SecurityActions.loadClass(moduleCL, name); + Constructor ctr = clazz.getConstructor(new Class[0]); + return (ClientAuthModule) ctr.newInstance(new Object[0]); + } + + @SuppressWarnings( + {"rawtypes"}) + public List getClientAuthModules() + { + return modules; + } + + @SuppressWarnings("rawtypes") + public String getAuthContextID(MessageInfo messageInfo) + { + SOAPMessage request = (SOAPMessage) messageInfo.getRequestMessage(); + if (request == null) + { + return null; + } + String authContext = null; + MimeHeaders headers = request.getMimeHeaders(); + if (headers != null) + { + String[] soapActions = headers.getHeader("SOAPAction"); + if (soapActions != null && soapActions.length > 0) + { + authContext = soapActions[0]; + if (!StringUtils.isEmpty(authContext)) + { + return authContext; + } + } + } + + SOAPPart soapMessage = request.getSOAPPart(); + if (soapMessage != null) + { + try + { + SOAPEnvelope envelope = soapMessage.getEnvelope(); + if (envelope != null) + { + SOAPBody body = envelope.getBody(); + if (body != null) + { + + Iterator it = body.getChildElements(); + while (it.hasNext()) + { + Object o = it.next(); + if (o instanceof SOAPElement) + { + QName name = ((SOAPElement) o).getElementQName(); + return name.getLocalPart(); + + } + } + } + } + } + catch (SOAPException se) + { + //ignore; + } + } + + return null; + } + +} \ No newline at end of file Property changes on: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSClientAuthConfig.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSClientAuthContext.java =================================================================== --- stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSClientAuthContext.java (rev 0) +++ stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSClientAuthContext.java 2014-02-24 12:56:33 UTC (rev 18411) @@ -0,0 +1,110 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2013, Red Hat, Inc., and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.jaspi.config; + +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.message.AuthException; +import javax.security.auth.message.AuthStatus; +import javax.security.auth.message.MessageInfo; +import javax.security.auth.message.config.ClientAuthContext; +import javax.security.auth.message.module.ClientAuthModule; + +import org.jboss.security.config.ControlFlag; + +/** + * JBossWS ClientAuthContext implementation to {@link #secureRequest(MessageInfo, Subject)} + * <p>and {@link #validateResponse(MessageInfo, Subject, Subject)} + * @author <a href="mailto:ema@redhat.com">Jim Ma</a> + */ +public class JBossWSClientAuthContext implements ClientAuthContext +{ + private final List<ClientAuthModule> modules; + + @SuppressWarnings("rawtypes") + private final Map<String, Map> moduleOptionsByName; + + protected List<ControlFlag> controlFlags = new ArrayList<ControlFlag>(); + + @SuppressWarnings("rawtypes") + public JBossWSClientAuthContext(List<ClientAuthModule> modules, Map<String, Map> moduleNameToOptions, + CallbackHandler cbh) throws AuthException + { + this.modules = modules; + this.moduleOptionsByName = moduleNameToOptions; + for (ClientAuthModule cam : modules) + { + cam.initialize(null, null, cbh, moduleOptionsByName.get(cam.getClass().getName())); + } + } + + @Override + public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException + { + for (ClientAuthModule cam : modules) + { + cam.cleanSubject(messageInfo, subject); + } + + } + + public void setControlFlags(List<ControlFlag> controlFlags) + { + this.controlFlags = controlFlags; + } + + @Override + public AuthStatus secureRequest(MessageInfo messageInfo, Subject clientSubject) throws AuthException + { + AuthStatus status = null; + for (ClientAuthModule sam : modules) + { + status = sam.secureRequest(messageInfo, clientSubject); + if (status == AuthStatus.FAILURE) + { + break; + } + } + return status; + } + + @Override + public AuthStatus validateResponse(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) + throws AuthException + { + AuthStatus status = null; + for (ClientAuthModule sam : modules) + { + status = sam.secureRequest(messageInfo, clientSubject); + if (status == AuthStatus.FAILURE) + { + break; + } + } + return status; + } + +} \ No newline at end of file Property changes on: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSClientAuthContext.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSServerAuthConfig.java =================================================================== --- stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSServerAuthConfig.java (rev 0) +++ stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSServerAuthConfig.java 2014-02-24 12:56:33 UTC (rev 18411) @@ -0,0 +1,227 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2013, Red Hat, Inc., and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.jaspi.config; + +import java.lang.reflect.Constructor; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; + +import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.message.AuthException; +import javax.security.auth.message.MessageInfo; +import javax.security.auth.message.config.ServerAuthContext; +import javax.security.auth.message.module.ServerAuthModule; +import javax.xml.namespace.QName; +import javax.xml.soap.MimeHeaders; +import javax.xml.soap.SOAPBody; +import javax.xml.soap.SOAPElement; +import javax.xml.soap.SOAPEnvelope; +import javax.xml.soap.SOAPException; +import javax.xml.soap.SOAPMessage; +import javax.xml.soap.SOAPPart; + +import org.apache.cxf.Bus; +import org.apache.cxf.common.util.StringUtils; +import org.jboss.security.auth.callback.JBossCallbackHandler; +import org.jboss.security.auth.container.config.AuthModuleEntry; +import org.jboss.security.auth.login.JASPIAuthenticationInfo; +import org.jboss.security.auth.message.config.JBossServerAuthConfig; +import org.jboss.security.config.ControlFlag; +import org.jboss.security.plugins.ClassLoaderLocator; +import org.jboss.security.plugins.ClassLoaderLocatorFactory; + +/** + * JBossWS ServerAuthConfig implentation to obtain JBossWSServerAuthContext + * @see org.jboss.wsf.stack.cxf.jaspi.config.JBossWSServerAuthContext + * @author <a href="mailto:ema@redhat.com">Jim Ma</a> + */ +public class JBossWSServerAuthConfig extends JBossServerAuthConfig +{ + private final CallbackHandler callbackHandler = new JBossCallbackHandler(); + + @SuppressWarnings("rawtypes") + private final List modules = new ArrayList(); + + @SuppressWarnings("rawtypes") + public JBossWSServerAuthConfig(String layer, String appContext, CallbackHandler handler, Map properties) + { + super(layer, appContext, handler, properties); + } + + @SuppressWarnings( + {"rawtypes", "unchecked"}) + public ServerAuthContext getAuthContext(String authContextID, Subject serviceSubject, Map properties) + throws AuthException + { + List<ControlFlag> controlFlags = new ArrayList<ControlFlag>(); + + Map<String, Map> mapOptionsByName = new HashMap<String, Map>(); + JASPIAuthenticationInfo jai = (JASPIAuthenticationInfo) properties.get("jaspi-policy"); + AuthModuleEntry[] amearr = jai.getAuthModuleEntry(); + + ClassLoader moduleCL = null; + String jbossModule = jai.getJBossModuleName(); + if (jbossModule != null && !jbossModule.isEmpty()) + { + ClassLoaderLocator locator = ClassLoaderLocatorFactory.get(); + if (locator != null) + moduleCL = locator.get(jbossModule); + } + + for (AuthModuleEntry ame : amearr) + { + if (ame.getLoginModuleStackHolderName() != null) + { + try + { + mapOptionsByName.put(ame.getAuthModuleName(), ame.getOptions()); + controlFlags.add(ame.getControlFlag()); + ServerAuthModule sam = this.createSAM(moduleCL, ame.getAuthModuleName(), + ame.getLoginModuleStackHolderName()); + + Map options = new HashMap(); + Bus bus = (Bus) properties.get(Bus.class); + options.put(Bus.class, bus); + javax.xml.ws.Endpoint endpoint = (javax.xml.ws.Endpoint) properties.get(javax.xml.ws.Endpoint.class); + options.put(javax.xml.ws.Endpoint.class, endpoint); + + sam.initialize(null, null, callbackHandler, options); + modules.add(sam); + } + catch (Exception e) + { + throw new AuthException(e.getLocalizedMessage()); + } + } + else + { + try + { + mapOptionsByName.put(ame.getAuthModuleName(), ame.getOptions()); + controlFlags.add(ame.getControlFlag()); + ServerAuthModule sam = this.createSAM(moduleCL, ame.getAuthModuleName()); + + Map options = new HashMap(); + sam.initialize(null, null, callbackHandler, options); + modules.add(sam); + } + catch (Exception e) + { + throw new AuthException(e.getLocalizedMessage()); + } + } + } + + JBossWSServerAuthContext serverAuthContext = new JBossWSServerAuthContext(modules, mapOptionsByName, + this.callbackHandler); + serverAuthContext.setControlFlags(controlFlags); + return serverAuthContext; + } + + @SuppressWarnings("rawtypes") + public String getAuthContextID(MessageInfo messageInfo) + { + SOAPMessage request = (SOAPMessage) messageInfo.getRequestMessage(); + if (request == null) + { + return null; + } + String authContext = null; + MimeHeaders headers = request.getMimeHeaders(); + if (headers != null) + { + String[] soapActions = headers.getHeader("SOAPAction"); + if (soapActions != null && soapActions.length > 0) + { + authContext = soapActions[0]; + if (!StringUtils.isEmpty(authContext)) + { + return authContext; + } + } + } + + SOAPPart soapMessage = request.getSOAPPart(); + if (soapMessage != null) + { + try + { + SOAPEnvelope envelope = soapMessage.getEnvelope(); + if (envelope != null) + { + SOAPBody body = envelope.getBody(); + if (body != null) + { + + Iterator it = body.getChildElements(); + while (it.hasNext()) + { + Object o = it.next(); + if (o instanceof SOAPElement) + { + QName name = ((SOAPElement) o).getElementQName(); + return name.getLocalPart(); + + } + } + } + } + } + catch (SOAPException se) + { + //ignore; + } + } + + return null; + } + + public boolean isProtected() + { + throw new UnsupportedOperationException(); + } + + @SuppressWarnings( + {"unchecked", "rawtypes"}) + private ServerAuthModule createSAM(ClassLoader moduleCL, String name) throws Exception + { + Class clazz = SecurityActions.loadClass(moduleCL, name); + Constructor ctr = clazz.getConstructor(new Class[0]); + return (ServerAuthModule) ctr.newInstance(new Object[0]); + } + + @SuppressWarnings( + {"unchecked", "rawtypes"}) + private ServerAuthModule createSAM(ClassLoader moduleCL, String name, String lmshName) throws Exception + { + Class clazz = SecurityActions.loadClass(moduleCL, name); + Constructor ctr = clazz.getConstructor(new Class[] + {String.class}); + return (ServerAuthModule) ctr.newInstance(new Object[] + {lmshName}); + } + +} \ No newline at end of file Property changes on: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSServerAuthConfig.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSServerAuthContext.java =================================================================== --- stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSServerAuthContext.java (rev 0) +++ stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSServerAuthContext.java 2014-02-24 12:56:33 UTC (rev 18411) @@ -0,0 +1,47 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2013, Red Hat, Inc., and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.jaspi.config; + +/** + * JBossWS ServerAuthContext implementation + * @author <a href="mailto:ema@redhat.com">Jim Ma</a> + */ +import java.util.List; +import java.util.Map; + +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.message.AuthException; +import javax.security.auth.message.module.ServerAuthModule; + +import org.jboss.security.auth.message.config.JBossServerAuthContext; + +@SuppressWarnings({"rawtypes"}) +public class JBossWSServerAuthContext extends JBossServerAuthContext +{ + + public JBossWSServerAuthContext(List<ServerAuthModule> modules, Map<String, Map> moduleNameToOptions, + CallbackHandler cbh) throws AuthException + { + super(modules, moduleNameToOptions, cbh); + } + +} Property changes on: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSServerAuthContext.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/SecurityActions.java =================================================================== --- stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/SecurityActions.java (rev 0) +++ stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/SecurityActions.java 2014-02-24 12:56:33 UTC (rev 18411) @@ -0,0 +1,106 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2013, Red Hat, Inc., and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.jaspi.config; +/** + * @author <a href="mailto:ema@redhat.com">Jim Ma</a> + */ +import java.security.AccessController; +import java.security.PrivilegedAction; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; + +import org.jboss.security.SecurityContext; +import org.jboss.security.SecurityContextAssociation; + +class SecurityActions +{ + static ClassLoader getContextClassLoader() + { + return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() + { + public ClassLoader run() + { + return Thread.currentThread().getContextClassLoader(); + } + }); + + } + + static SecurityContext getSecurityContext() + { + return AccessController.doPrivileged(new PrivilegedAction<SecurityContext>() + { + + public SecurityContext run() + { + return SecurityContextAssociation.getSecurityContext(); + } + }); + } + + static Class<?> loadClass(final ClassLoader cl, final String name) throws PrivilegedActionException + { + return AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>() + { + public Class<?> run() throws PrivilegedActionException + { + if (cl == null) + { + return loadClass(name); + } + try + { + return cl.loadClass(name); + } + catch (Exception ignore) + { + return loadClass(name); + } + } + }); + } + + static Class<?> loadClass(final String name) throws PrivilegedActionException + { + return AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>() + { + public Class<?> run() throws PrivilegedActionException + { + try + { + return getClass().getClassLoader().loadClass(name); + } + catch (Exception ignore) + { + try + { + return getContextClassLoader().loadClass(name); + } + catch (Exception e) + { + throw new PrivilegedActionException(e); + } + } + } + }); + } +} \ No newline at end of file Property changes on: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/SecurityActions.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/interceptor/JaspiSeverInInterceptor.java =================================================================== --- stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/interceptor/JaspiSeverInInterceptor.java (rev 0) +++ stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/interceptor/JaspiSeverInInterceptor.java 2014-02-24 12:56:33 UTC (rev 18411) @@ -0,0 +1,99 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2010, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.jaspi.interceptor; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; + +import javax.xml.soap.MessageFactory; +import javax.xml.soap.SOAPException; +import javax.xml.soap.SOAPMessage; + +import org.apache.cxf.binding.soap.SoapMessage; +import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor; +import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor; +import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor.SAAJPreInInterceptor; +import org.apache.cxf.interceptor.Fault; +import org.apache.cxf.phase.Phase; +import org.jboss.wsf.stack.cxf.jaspi.JaspiServerAuthenticator; +/** + * CXF in interceptor to validateRequest cxf SoapMessage with JaspiServerAuthenticator + * @see org.jboss.wsf.stack.cxf.jaspi.JaspiServerAuthenticator + * @author <a href="mailto:ema@redhat.com">Jim Ma</a> + */ +public class JaspiSeverInInterceptor extends AbstractSoapInterceptor +{ + private final JaspiServerAuthenticator authManager; + + public JaspiSeverInInterceptor(JaspiServerAuthenticator authManager) + { + super(Phase.PRE_PROTOCOL); + addAfter(SAAJInInterceptor.class.getName()); + this.authManager = authManager; + } + + @Override + public void handleMessage(SoapMessage message) throws Fault + { + if (message.getContent(SOAPMessage.class) == null) + { + SAAJInInterceptor saajIn = new SAAJInInterceptor(); + saajIn.handleMessage(message); + } + SOAPMessage soapMessage = message.getContent(SOAPMessage.class); + if (soapMessage == null) + { + return; + } + + SOAPMessage copyMessage = null; + try + { + MessageFactory messageFactory = SAAJPreInInterceptor.INSTANCE.getFactory(message); + ByteArrayOutputStream bout = new ByteArrayOutputStream(); + soapMessage.writeTo(bout); + copyMessage = messageFactory.createMessage(soapMessage.getMimeHeaders(), new ByteArrayInputStream(bout.toByteArray())); + } + catch (SOAPException e) + { + throw new Fault(e); + } + catch (IOException e) + { + throw new Fault(e); + } + if (copyMessage != null) { + message.put(SOAPMessage.class, copyMessage); + } + try + { + authManager.validateRequest(message); + } + finally + { + message.put(SOAPMessage.class, soapMessage); + } + + } + +} Property changes on: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/interceptor/JaspiSeverInInterceptor.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/interceptor/JaspiSeverOutInterceptor.java =================================================================== --- stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/interceptor/JaspiSeverOutInterceptor.java (rev 0) +++ stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/interceptor/JaspiSeverOutInterceptor.java 2014-02-24 12:56:33 UTC (rev 18411) @@ -0,0 +1,98 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2010, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.jaspi.interceptor; + +import java.util.ListIterator; + +import javax.xml.soap.SOAPMessage; + +import org.apache.cxf.binding.soap.SoapMessage; +import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor; +import org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor; +import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor; +import org.apache.cxf.interceptor.Fault; +import org.apache.cxf.interceptor.Interceptor; +import org.apache.cxf.interceptor.StaxOutInterceptor; +import org.apache.cxf.message.Message; +import org.apache.cxf.phase.Phase; +import org.jboss.wsf.stack.cxf.jaspi.JaspiServerAuthenticator; + +/** + * CXF out interceptor to secureResponse cxf SoapMessage with JaspiServerAuthenticator + * @author <a href="mailto:ema@redhat.com">Jim Ma</a> + */ +public class JaspiSeverOutInterceptor extends AbstractSoapInterceptor +{ + private final JaspiServerAuthenticator authManager; + private static final SAAJOutInterceptor SAAJ_OUT = new SAAJOutInterceptor(); + + public JaspiSeverOutInterceptor(JaspiServerAuthenticator authManager) + { + super(Phase.PRE_STREAM); + addAfter(StaxOutInterceptor.class.getName()); + this.authManager = authManager; + } + + @Override + public void handleMessage(SoapMessage message) throws Fault + { + if (!chainAlreadyContainsSAAJ(message)) + { + SAAJ_OUT.handleMessage(message); + } + message.getInterceptorChain().add(new JaspiServerOutEndingInterceptor()); + + } + + private static boolean chainAlreadyContainsSAAJ(SoapMessage message) + { + ListIterator<Interceptor<? extends Message>> listIterator = message.getInterceptorChain().getIterator(); + while (listIterator.hasNext()) + { + if (listIterator.next() instanceof SAAJOutInterceptor) + { + return true; + } + } + return false; + } + + public class JaspiServerOutEndingInterceptor extends AbstractSoapInterceptor + { + public JaspiServerOutEndingInterceptor() + { + super(Phase.WRITE_ENDING); + addAfter(SoapOutInterceptor.SoapOutEndingInterceptor.class.getName()); + } + + @Override + public void handleMessage(SoapMessage message) throws Fault + { + if (message.getContent(SOAPMessage.class) == null) + { + return; + } + authManager.secureResponse(message); + } + } + +} Property changes on: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/interceptor/JaspiSeverOutInterceptor.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/interceptor/JaspiSubjectCreatingInitInterceptor.java =================================================================== --- stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/interceptor/JaspiSubjectCreatingInitInterceptor.java (rev 0) +++ stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/interceptor/JaspiSubjectCreatingInitInterceptor.java 2014-02-24 12:56:33 UTC (rev 18411) @@ -0,0 +1,32 @@ +package org.jboss.wsf.stack.cxf.jaspi.interceptor; + +import org.apache.cxf.interceptor.Fault; +import org.apache.cxf.message.Message; +import org.apache.cxf.phase.AbstractPhaseInterceptor; +import org.apache.cxf.phase.Phase; +import org.jboss.security.auth.callback.JBossCallbackHandler; +import org.jboss.security.plugins.JBossAuthenticationManager; + +/* + * CXF interceptor to set jaspi JBossAuthenticationManager in message + * @author <a href="mailto:ema@redhat.com">Jim Ma</a> + */ +public class JaspiSubjectCreatingInitInterceptor extends AbstractPhaseInterceptor<Message> +{ + private final JBossAuthenticationManager authenticationManger; + + public JaspiSubjectCreatingInitInterceptor(String securityDomain) { + super(Phase.PRE_INVOKE); + this.addBefore("org.jboss.wsf.stack.cxf.security.authentication.JaspiSubjectCreatingInterceptor"); + authenticationManger = new JBossAuthenticationManager(securityDomain, new JBossCallbackHandler()); + } + + + @Override + public void handleMessage(Message message) throws Fault + { + message.put(JBossAuthenticationManager.class, authenticationManger); + } + + +} Property changes on: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/interceptor/JaspiSubjectCreatingInitInterceptor.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/log/Loggers.java =================================================================== --- stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/log/Loggers.java (rev 0) +++ stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/log/Loggers.java 2014-02-24 12:56:33 UTC (rev 18411) @@ -0,0 +1,59 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2012, Red Hat, Inc., and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.jaspi.log; + +import static org.jboss.logging.Logger.Level.WARN; + +import org.jboss.logging.BasicLogger; +import org.jboss.logging.Cause; +import org.jboss.logging.LogMessage; +import org.jboss.logging.Message; +import org.jboss.logging.MessageLogger; + +/** + * JBossWS-CXF log messages + * + * @author alessio.soldano(a)jboss.com + */ +@SuppressWarnings("deprecation") +@MessageLogger(projectCode = "JBWS") +public interface Loggers extends BasicLogger +{ + Loggers ROOT_LOGGER = org.jboss.logging.Logger.getMessageLogger(Loggers.class, "org.jboss.ws.cxf"); + Loggers DEPLOYMENT_LOGGER = org.jboss.logging.Logger.getMessageLogger(Loggers.class, "org.jboss.ws.cxf.deployment"); + + @LogMessage(level = WARN) + @Message(id = 24201, value = "No application policy found for security domain '%s'") + void noApplicationPolicy(String securityDomain); + + @LogMessage(level = WARN) + @Message(id = 24202, value = "No JASPIAuthenticationInfo found for security domain '%s'") + void noJaspiApplicationPolicy(String securityDomain); + + @LogMessage(level = WARN) + @Message(id = 24203, value = "Can not create Jaspi ServerAuthContext for security domain '%s'") + void cannotCreateServerAuthContext(String securityDomain, @Cause Throwable cause); + + @LogMessage(level = WARN) + @Message(id = 24204, value = "Can not enable Jaspi authentication for '%s' instance") + void cannotEnableJASPIAuthentication(String classname); +} Property changes on: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/log/Loggers.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/module/UsernameTokenServerAuthModule.java =================================================================== --- stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/module/UsernameTokenServerAuthModule.java (rev 0) +++ stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/module/UsernameTokenServerAuthModule.java 2014-02-24 12:56:33 UTC (rev 18411) @@ -0,0 +1,118 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2013, Red Hat, Inc., and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.jaspi.module; + +import java.util.Map; + +import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.message.AuthException; +import javax.security.auth.message.AuthStatus; +import javax.security.auth.message.MessageInfo; +import javax.security.auth.message.MessagePolicy; +import javax.xml.soap.SOAPMessage; + +import org.apache.cxf.Bus; +import org.apache.cxf.interceptor.InterceptorProvider; +import org.apache.cxf.ws.security.SecurityConstants; +import org.jboss.security.auth.container.modules.AbstractServerAuthModule; +import org.jboss.wsf.stack.cxf.jaspi.interceptor.JaspiSubjectCreatingInitInterceptor; + + +/** + * This ServerAuthModule class adds JaspiSubjectCreatingInitInterceptor to authenticate principal and populates Subject + * @author <a href="mailto:ema@redhat.com">Jim Ma</a> + */ +public class UsernameTokenServerAuthModule extends AbstractServerAuthModule +{ + private final String securityDomainName; + + @SuppressWarnings("rawtypes") + public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy, CallbackHandler handler, Map options) throws AuthException + { + super.initialize(requestPolicy, responsePolicy, handler, options); + final javax.xml.ws.Endpoint endpoint = (javax.xml.ws.Endpoint)options.get(javax.xml.ws.Endpoint.class); + InterceptorProvider ip = null; + if (endpoint == null && options.get(Bus.class) != null) + { + final Bus bus = (Bus)options.get(Bus.class); + bus.setProperty(SecurityConstants.VALIDATE_TOKEN, false); + ip = (InterceptorProvider)bus; + } + if (endpoint != null) { + endpoint.getProperties().put(SecurityConstants.VALIDATE_TOKEN, false); + ip = (InterceptorProvider)endpoint; + } + if (ip != null) + { + JaspiSubjectCreatingInitInterceptor jaspiInterceptor = new JaspiSubjectCreatingInitInterceptor(securityDomainName); + ip.getInInterceptors().add(jaspiInterceptor); + } + + } + + public UsernameTokenServerAuthModule() + { + supportedTypes.add(Object.class); + supportedTypes.add(SOAPMessage.class); + securityDomainName = null; + } + + public UsernameTokenServerAuthModule(String lmshName) + { + supportedTypes.add(Object.class); + this.supportedTypes.add(SOAPMessage.class); + securityDomainName = lmshName; + } + + @Override + public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException + { + return AuthStatus.SUCCESS; + } + + public AuthStatus secureResponse(MessageInfo messageInfo, Subject arg1) throws AuthException + { + return AuthStatus.SUCCESS; + } + + protected String getSecurityDomainName() + { + if (this.securityDomainName != null) + return securityDomainName; + + // Check if it is passed in the options + String domainName = (String)options.get("javax.security.auth.login.LoginContext"); + if (domainName == null) + { + domainName = getClass().getName(); + } + return domainName; + } + + @Override + protected boolean validate(Subject clientSubject, MessageInfo messageInfo) throws AuthException + { + return true; + } + +} \ No newline at end of file Property changes on: stack/cxf/trunk/modules/jaspi/src/main/java/org/jboss/wsf/stack/cxf/jaspi/module/UsernameTokenServerAuthModule.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Added: stack/cxf/trunk/modules/jaspi/src/main/resources/META-INF/services/org.jboss.wsf.spi.security.JASPIAuthenticationProvider =================================================================== --- stack/cxf/trunk/modules/jaspi/src/main/resources/META-INF/services/org.jboss.wsf.spi.security.JASPIAuthenticationProvider (rev 0) +++ stack/cxf/trunk/modules/jaspi/src/main/resources/META-INF/services/org.jboss.wsf.spi.security.JASPIAuthenticationProvider 2014-02-24 12:56:33 UTC (rev 18411) @@ -0,0 +1 @@ +org.jboss.wsf.stack.cxf.jaspi.DefaultJASPIAuthenticationProvider Modified: stack/cxf/trunk/modules/resources/src/main/resources/modules/wildfly800/org/jboss/ws/cxf/jbossws-cxf-client/main/module.xml =================================================================== --- stack/cxf/trunk/modules/resources/src/main/resources/modules/wildfly800/org/jboss/ws/cxf/jbossws-cxf-client/main/module.xml 2014-02-24 09:51:06 UTC (rev 18410) +++ stack/cxf/trunk/modules/resources/src/main/resources/modules/wildfly800/org/jboss/ws/cxf/jbossws-cxf-client/main/module.xml 2014-02-24 12:56:33 UTC (rev 18411) @@ -47,5 +47,8 @@ <module name="org.jboss.ws.cxf.jbossws-cxf-transports-undertow" export="true" services="export" /> <module name="org.jboss.ws.cxf.jbossws-cxf-transports-udp" export="true" services="export" /> <module name="org.jboss.jaxbintros" export="true"/> + <module name="javax.security.auth.message.api" export="true"/> + <module name="org.picketbox" export="true"/> + <module name="org.apache.ws.security" export="true"/> </dependencies> </module> Modified: stack/cxf/trunk/modules/resources/src/main/resources/modules/wildfly800/org/jboss/ws/cxf/jbossws-cxf-server/main/module.xml =================================================================== --- stack/cxf/trunk/modules/resources/src/main/resources/modules/wildfly800/org/jboss/ws/cxf/jbossws-cxf-server/main/module.xml 2014-02-24 09:51:06 UTC (rev 18410) +++ stack/cxf/trunk/modules/resources/src/main/resources/modules/wildfly800/org/jboss/ws/cxf/jbossws-cxf-server/main/module.xml 2014-02-24 12:56:33 UTC (rev 18411) @@ -34,6 +34,7 @@ <dependencies> <module name="javax.api" /> + <module name="javax.security.auth.message.api"/> <module name="javax.servlet.api" /> <module name="javax.jws.api" /> <module name="javax.wsdl4j.api" /> Modified: stack/cxf/trunk/modules/resources/src/main/resources/modules/wildfly800/org/jboss/ws/jaxws-client/main/module.xml =================================================================== --- stack/cxf/trunk/modules/resources/src/main/resources/modules/wildfly800/org/jboss/ws/jaxws-client/main/module.xml 2014-02-24 09:51:06 UTC (rev 18410) +++ stack/cxf/trunk/modules/resources/src/main/resources/modules/wildfly800/org/jboss/ws/jaxws-client/main/module.xml 2014-02-24 12:56:33 UTC (rev 18411) @@ -36,6 +36,7 @@ <module name="javax.api" /> <module name="javax.servlet.api" /> <module name="javax.xml.bind.api" /> + <module name="javax.security.auth.message.api"/> <module name="com.sun.xml.bind" services="import"/> <module name="javax.xml.ws.api" /> <module name="org.jboss.ws.api" /> @@ -65,6 +66,7 @@ <module name="org.apache.neethi" /> <module name="org.apache.ws.security" /> <module name="org.jboss.logging" /> + <module name="org.picketbox"/> <module name="org.springframework.spring" optional="true"> <imports> <include path="META-INF"/> Modified: stack/cxf/trunk/modules/resources/src/main/resources/resources/jbossws-deploy-macros.xml =================================================================== --- stack/cxf/trunk/modules/resources/src/main/resources/resources/jbossws-deploy-macros.xml 2014-02-24 09:51:06 UTC (rev 18410) +++ stack/cxf/trunk/modules/resources/src/main/resources/resources/jbossws-deploy-macros.xml 2014-02-24 12:56:33 UTC (rev 18411) @@ -38,6 +38,7 @@ <copy todir="@{targetdir}/org/jboss/ws/jaxws-client/main" flatten="false" overwrite="true"> <fileset dir="@{thirdpartydir}/lib"> <include name="**/jbossws-cxf-client.jar"/> + <include name="**/jbossws-cxf-jaspi.jar"/> </fileset> </copy> <copy todir="@{targetdir}/org/jboss/ws/jaxws-undertow-httpspi/main" flatten="false" overwrite="true"> Modified: stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/configuration/BusHolder.java =================================================================== --- stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/configuration/BusHolder.java 2014-02-24 09:51:06 UTC (rev 18410) +++ stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/configuration/BusHolder.java 2014-02-24 12:56:33 UTC (rev 18411) @@ -50,11 +50,16 @@ import org.apache.cxf.ws.policy.selector.MaximalAlternativeSelector; import org.jboss.ws.api.annotation.PolicySets; import org.jboss.ws.api.binding.BindingCustomization; +import org.jboss.wsf.spi.SPIProvider; +import org.jboss.wsf.spi.WSFException; +import org.jboss.wsf.spi.classloading.ClassLoaderProvider; import org.jboss.wsf.spi.deployment.AnnotationsInfo; import org.jboss.wsf.spi.deployment.Deployment; import org.jboss.wsf.spi.deployment.Endpoint; import org.jboss.wsf.spi.deployment.UnifiedVirtualFile; import org.jboss.wsf.spi.metadata.webservices.JBossWebservicesMetaData; +import org.jboss.wsf.spi.security.JASPIAuthenticationProvider; +import org.jboss.wsf.stack.cxf.Loggers; import org.jboss.wsf.stack.cxf.client.Constants; import org.jboss.wsf.stack.cxf.deployment.WSDLFilePublisher; import org.jboss.wsf.stack.cxf.extensions.policy.PolicySetsAnnotationListener; @@ -63,6 +68,7 @@ import org.jboss.wsf.stack.cxf.interceptor.HandlerAuthInterceptor; import org.jboss.wsf.stack.cxf.interceptor.NsCtxSelectorStoreInterceptor; import org.jboss.wsf.stack.cxf.management.InstrumentationManagerExtImpl; +import org.jboss.wsf.stack.cxf.security.authentication.AutenticationMgrSubjectCreatingInterceptor; import org.jboss.wsf.stack.cxf.transport.JBossWSDestinationRegistryImpl; /** @@ -113,6 +119,24 @@ Map<String, String> props = (wsmd == null) ? null : wsmd.getProperties(); setInterceptors(bus, props); + dep.addAttachment(Bus.class, bus); + + try + { + final JASPIAuthenticationProvider jaspiProvider = SPIProvider.getInstance().getSPI( + JASPIAuthenticationProvider.class, + ClassLoaderProvider.getDefaultProvider().getServerIntegrationClassLoader()); + + if (jaspiProvider != null && jaspiProvider.enableServerAuthentication(dep, wsmd)) + { + bus.getInInterceptors().add(new AutenticationMgrSubjectCreatingInterceptor()); + } + } + catch (WSFException e) + { + Loggers.DEPLOYMENT_LOGGER.cannotFindJaspiClasses(); + } + setResourceResolver(bus, resolver); if (bus.getExtension(PolicyEngine.class) != null) @@ -281,6 +305,8 @@ return selector; } + + private static AutomaticWorkQueue createWorkQueue(String name, Map<String, String> props) { int mqs = parseInt(props.get(Constants.CXF_QUEUE_MAX_QUEUE_SIZE_PROP), 256); int initialThreads = parseInt(props.get(Constants.CXF_QUEUE_INITIAL_THREADS_PROP), 0); Modified: stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/configuration/ServerBeanCustomizer.java =================================================================== --- stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/configuration/ServerBeanCustomizer.java 2014-02-24 09:51:06 UTC (rev 18410) +++ stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/configuration/ServerBeanCustomizer.java 2014-02-24 12:56:33 UTC (rev 18411) @@ -28,16 +28,22 @@ import org.apache.cxf.frontend.ServerFactoryBean; import org.jboss.ws.api.annotation.EndpointConfig; import org.jboss.ws.common.management.AbstractServerConfig; +import org.jboss.wsf.spi.SPIProvider; +import org.jboss.wsf.spi.WSFException; +import org.jboss.wsf.spi.classloading.ClassLoaderProvider; import org.jboss.wsf.spi.deployment.Endpoint; import org.jboss.wsf.spi.deployment.UnifiedVirtualFile; import org.jboss.wsf.spi.management.ServerConfig; import org.jboss.wsf.spi.metadata.config.ConfigMetaDataParser; import org.jboss.wsf.spi.metadata.config.ConfigRoot; +import org.jboss.wsf.spi.security.JASPIAuthenticationProvider; import org.jboss.wsf.stack.cxf.JBossWSInvoker; +import org.jboss.wsf.stack.cxf.Loggers; import org.jboss.wsf.stack.cxf.Messages; import org.jboss.wsf.stack.cxf.client.configuration.BeanCustomizer; import org.jboss.wsf.stack.cxf.deployment.EndpointImpl; import org.jboss.wsf.stack.cxf.deployment.WSDLFilePublisher; +import org.jboss.wsf.stack.cxf.security.authentication.AutenticationMgrSubjectCreatingInterceptor; /** * @@ -150,13 +156,26 @@ { UnifiedVirtualFile vf = deploymentRoot.findChild(configFile); ConfigRoot config = ConfigMetaDataParser.parse(vf.toURL()); - endpoint.setEndpointConfig(config.getEndpointConfigByName(configName)); + endpoint.setEndpointConfig(config.getEndpointConfigByName(configName)); } catch (IOException e) { throw Messages.MESSAGES.couldNotReadConfigFile(configFile); } } + try + { + final JASPIAuthenticationProvider jaspiProvider = SPIProvider.getInstance().getSPI(JASPIAuthenticationProvider.class, + ClassLoaderProvider.getDefaultProvider().getServerIntegrationClassLoader()); + if (jaspiProvider != null && jaspiProvider.enableServerAuthentication(endpoint, depEndpoints.get(0))) + { + endpoint.getInInterceptors().add(new AutenticationMgrSubjectCreatingInterceptor()); + } + } + catch (WSFException e) + { + Loggers.DEPLOYMENT_LOGGER.cannotFindJaspiClasses(); + } } } @@ -191,5 +210,7 @@ { this.epConfigFile = epConfigFile; } + + } Copied: stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/AutenticationMgrSubjectCreatingInterceptor.java (from rev 18409, stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/AutenticationMgrSubjectCreatingInterceptor.java) =================================================================== --- stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/AutenticationMgrSubjectCreatingInterceptor.java (rev 0) +++ stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/AutenticationMgrSubjectCreatingInterceptor.java 2014-02-24 12:56:33 UTC (rev 18411) @@ -0,0 +1,73 @@ +package org.jboss.wsf.stack.cxf.security.authentication; + +import java.security.Principal; + +import javax.security.auth.Subject; + +import org.apache.cxf.common.security.SecurityToken; +import org.apache.cxf.common.security.TokenType; +import org.apache.cxf.common.security.UsernameToken; +import org.apache.cxf.interceptor.Fault; +import org.apache.cxf.message.Message; +import org.apache.cxf.security.SecurityContext; +import org.apache.ws.security.WSUsernameTokenPrincipal; +import org.jboss.security.plugins.JBossAuthenticationManager; +import org.jboss.wsf.stack.cxf.Loggers; +import org.jboss.wsf.stack.cxf.Messages; + +/* + * Interceptor to authenticate principal with provided jaspi JBossAuthenticationManager + * @author <a href="mailto:ema@redhat.com">Jim Ma</a> + */ +public class AutenticationMgrSubjectCreatingInterceptor extends SubjectCreatingPolicyInterceptor +{ + + public AutenticationMgrSubjectCreatingInterceptor() { + super(); + } + + + @Override + public void handleMessage(Message message) throws Fault + { + JBossAuthenticationManager authenticationManger = message.get(JBossAuthenticationManager.class); + if (authenticationManger == null) { + return; + } + SecurityContext context = message.get(SecurityContext.class); + if (context == null || context.getUserPrincipal() == null) + { + Loggers.SECURITY_LOGGER.userPrincipalNotAvailableOnCurrentMessage(); + return; + } + + SecurityToken token = message.get(SecurityToken.class); + Subject subject = null; + if (token != null) + { + //Try authenticating using SecurityToken info + if (token.getTokenType() != TokenType.UsernameToken) + { + throw Messages.MESSAGES.unsupportedTokenType(token.getTokenType()); + } + UsernameToken ut = (UsernameToken) token; + subject = helper.createSubject(authenticationManger, ut.getName(), ut.getPassword(), ut.isHashed(), ut.getNonce(), ut.getCreatedTime()); + + } + else + { + //Try authenticating using WSS4J internal info (previously set into SecurityContext by WSS4JInInterceptor) + Principal p = context.getUserPrincipal(); + if (!(p instanceof WSUsernameTokenPrincipal)) { + throw Messages.MESSAGES.couldNotGetSubjectInfo(); + } + WSUsernameTokenPrincipal up = (WSUsernameTokenPrincipal) p; + subject = helper.createSubject(authenticationManger, up.getName(), up.getPassword(), up.isPasswordDigest(), up.getNonce(), up.getCreatedTime()); + } + + Principal principal = getPrincipal(context.getUserPrincipal(), subject); + message.put(SecurityContext.class, createSecurityContext(principal, subject)); + } + + +} Modified: stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreatingInterceptor.java =================================================================== --- stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreatingInterceptor.java 2014-02-24 09:51:06 UTC (rev 18410) +++ stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreatingInterceptor.java 2014-02-24 12:56:33 UTC (rev 18411) @@ -60,12 +60,12 @@ */ public class SubjectCreatingInterceptor extends WSS4JInInterceptor { + protected SubjectCreator helper = new SubjectCreator(); + private static final Logger LOG = LogUtils.getL7dLogger(SubjectCreatingInterceptor.class); private ThreadLocal<SecurityDomainContext> sdc = new ThreadLocal<SecurityDomainContext>(); - - private SubjectCreator helper = new SubjectCreator(); - + private boolean supportDigestPasswords; public SubjectCreatingInterceptor() Modified: stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreatingPolicyInterceptor.java =================================================================== --- stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreatingPolicyInterceptor.java 2014-02-24 09:51:06 UTC (rev 18410) +++ stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreatingPolicyInterceptor.java 2014-02-24 12:56:33 UTC (rev 18411) @@ -51,7 +51,7 @@ */ public class SubjectCreatingPolicyInterceptor extends AbstractPhaseInterceptor<Message> { - private SubjectCreator helper = new SubjectCreator(); + protected SubjectCreator helper = new SubjectCreator(); public SubjectCreatingPolicyInterceptor() { @@ -99,7 +99,7 @@ message.put(SecurityContext.class, createSecurityContext(principal, subject)); } - private Subject createSubject(SecurityDomainContext sdc, String name, String password, boolean isDigest, String nonce, String creationTime) + protected Subject createSubject(SecurityDomainContext sdc, String name, String password, boolean isDigest, String nonce, String creationTime) { Subject subject = null; try Modified: stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreator.java =================================================================== --- stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreator.java 2014-02-24 09:51:06 UTC (rev 18410) +++ stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreator.java 2014-02-24 12:56:33 UTC (rev 18411) @@ -35,6 +35,7 @@ import org.apache.cxf.common.security.SimplePrincipal; import org.jboss.security.auth.callback.CallbackHandlerPolicyContextHandler; +import org.jboss.security.plugins.JBossAuthenticationManager; import org.jboss.ws.common.utils.DelegateClassLoader; import org.jboss.wsf.spi.classloading.ClassLoaderProvider; import org.jboss.wsf.spi.security.SecurityDomainContext; @@ -124,8 +125,67 @@ } return subject; } + //TODO:refactor this + public Subject createSubject(JBossAuthenticationManager manager, String name, String password, boolean isDigest, String nonce, String created) + { + if (isDigest) + { + verifyUsernameToken(nonce, created); + // It is not possible at the moment to figure out if the digest has been created + // using the original nonce bytes or the bytes of the (Base64)-encoded nonce, some + // legacy clients might use the (Base64)-encoded nonce bytes when creating a digest; + // lets default to true and assume the nonce has been Base-64 encoded, given that + // WSS4J client Base64-decodes the nonce before creating the digest - private void verifyUsernameToken(String nonce, String created) + CallbackHandler handler = new UsernameTokenCallbackHandler(nonce, created, decodeNonce); + CallbackHandlerPolicyContextHandler.setCallbackHandler(handler); + } + + // authenticate and populate Subject + + + Principal principal = new SimplePrincipal(name); + Subject subject = new Subject(); + + boolean TRACE = SECURITY_LOGGER.isTraceEnabled(); + if (TRACE) + SECURITY_LOGGER.aboutToAuthenticate(manager.getSecurityDomain()); + + try + { + ClassLoader tccl = SecurityActions.getContextClassLoader(); + //allow PicketBox to see jbossws modules' classes + SecurityActions.setContextClassLoader(createDelegateClassLoader(ClassLoaderProvider.getDefaultProvider().getServerIntegrationClassLoader(), tccl)); + try + { + if (manager.isValid(principal, password, subject) == false) + { + throw MESSAGES.authenticationFailed(principal.getName()); + } + } + finally + { + SecurityActions.setContextClassLoader(tccl); + } + } + finally + { + if (isDigest) + { + // does not remove the TL entry completely but limits the potential + // growth to a number of available threads in a container + CallbackHandlerPolicyContextHandler.setCallbackHandler(null); + } + } + + if (TRACE) + SECURITY_LOGGER.authenticated(name); + + return subject; + } + + + protected void verifyUsernameToken(String nonce, String created) { if (created != null) { Modified: stack/cxf/trunk/modules/testsuite/cxf-tests/scripts/cxf-samples-jars-jaxws.xml =================================================================== --- stack/cxf/trunk/modules/testsuite/cxf-tests/scripts/cxf-samples-jars-jaxws.xml 2014-02-24 09:51:06 UTC (rev 18410) +++ stack/cxf/trunk/modules/testsuite/cxf-tests/scripts/cxf-samples-jars-jaxws.xml 2014-02-24 12:56:33 UTC (rev 18411) @@ -468,7 +468,6 @@ </metainf> </jar> -  <war warfile="${tests.output.dir}/test-libs/jaxws-samples-wsse-policy-trust-actas.war" @@ -542,7 +541,6 @@ value="org.jboss.ws.cxf.jbossws-cxf-client, org.apache.cxf.impl"/> </manifest> </war> -  <war warfile="${tests.output.dir}/test-libs/jaxws-samples-wsse-policy-trustPicketLink-sts.war" @@ -629,7 +627,62 @@ <attribute name="Dependencies" value="org.jboss.ws.cxf.jbossws-cxf-client,org.apache.cxf.impl"/>  </manifest> </war> + +  + <war + warfile="${tests.output.dir}/test-libs/jaxws-samples-wsse-policy-username-endpoint-jaspi.war" + webxml="${tests.output.dir}/test-resources/jaxws/samples/wsse/policy/jaspi/WEB-INF/web.xml"> + <classes dir="${tests.output.dir}/test-classes"> + <include name="org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/ServiceIface.class"/> + <include name="org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/ServiceEndpointImpl.class"/> + <include name="org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/*.class"/> + </classes> + <webinf dir="${tests.output.dir}/test-resources/jaxws/samples/wsse/policy/jaspi/WEB-INF"> + <include name="jaxws-*.xml"/> + <include name="wsdl/*"/> + </webinf> + <manifest> + <attribute name="Dependencies" value="org.jboss.ws.cxf.jbossws-cxf-client,org.apache.cxf.impl"/>  + </manifest> + </war> +  + <war + warfile="${tests.output.dir}/test-libs/jaxws-samples-wsse-policy-username-jbws-jaspi.war" + webxml="${tests.output.dir}/test-resources/jaxws/samples/wsse/policy/jaspi/WEB-INF2/web.xml"> + <classes dir="${tests.output.dir}/test-classes"> + <include name="org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/ServiceIface.class"/> + <include name="org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/ServiceImpl.class"/> + <include name="org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/*.class"/> + </classes> + <webinf dir="${tests.output.dir}/test-resources/jaxws/samples/wsse/policy/jaspi/WEB-INF2"> + <include name="jboss-*.xml"/> + <include name="wsdl/*"/> + </webinf> + <manifest> + <attribute name="Dependencies" value="org.jboss.ws.cxf.jbossws-cxf-client,org.apache.cxf.impl"/>  + </manifest> + </war> + +  + <war + warfile="${tests.output.dir}/test-libs/jaxws-samples-wsse-policy-username-jaspi-client.war" needxmlfile="false"> + <classes dir="${tests.output.dir}/test-classes"> + <include name="org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/Helper.class"/> + <include name="org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/ServiceIface.class"/> + <include name="org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/UsernamePasswordCallback.class"/> + <include name="org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/*.class"/> + <include name="org/jboss/wsf/test/TestServlet.class"/> + <include name="org/jboss/wsf/test/ClientHelper.class"/> + </classes> + <classes dir="${tests.output.dir}/test-resources/jaxws/samples/wsse/policy/jaspi"> + <include name="META-INF/jaxws-client-config.xml"/> + </classes> + <manifest> + <attribute name="Dependencies" value="org.jboss.ws.cxf.jbossws-cxf-client,org.apache.cxf.impl"/>  + </manifest> + </war> +  <war warfile="${tests.output.dir}/test-libs/jaxws-samples-wsse-policy-username-jaas-digest.war" Modified: stack/cxf/trunk/modules/testsuite/pom.xml =================================================================== --- stack/cxf/trunk/modules/testsuite/pom.xml 2014-02-24 09:51:06 UTC (rev 18410) +++ stack/cxf/trunk/modules/testsuite/pom.xml 2014-02-24 12:56:33 UTC (rev 18411) @@ -73,6 +73,11 @@ </dependency> <dependency> <groupId>org.jboss.ws.cxf</groupId> + <artifactId>jbossws-cxf-jaspi</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.jboss.ws.cxf</groupId> <artifactId>jbossws-cxf-factories</artifactId> <version>${project.version}</version> </dependency> @@ -870,6 +875,7 @@  <exclude>org/jboss/test/ws/jaxws/samples/wsse/kerberos/*TestCase*</exclude> + </excludes> </configuration> </plugin> Modified: stack/cxf/trunk/modules/testsuite/test-utils/src/main/java/org/jboss/wsf/test/JBossWSTestHelper.java =================================================================== --- stack/cxf/trunk/modules/testsuite/test-utils/src/main/java/org/jboss/wsf/test/JBossWSTestHelper.java 2014-02-24 09:51:06 UTC (rev 18410) +++ stack/cxf/trunk/modules/testsuite/test-utils/src/main/java/org/jboss/wsf/test/JBossWSTestHelper.java 2014-02-24 12:56:33 UTC (rev 18411) @@ -389,6 +389,13 @@ getDeployer().addSecurityDomain(name, authenticationOptions); } + public static void addJaspiSecurityDomain(String name, String loginModuleStackName, Map<String, String> loginModuleOptions, String authModuleName, + Map<String, String> authModuleOptions) throws Exception + { + getDeployer().addJaspiSecurityDomain(name, loginModuleStackName, loginModuleOptions, authModuleName, authModuleOptions); + } + + public static void removeSecurityDomain(String name) throws Exception { getDeployer().removeSecurityDomain(name); Modified: stack/cxf/trunk/pom.xml =================================================================== --- stack/cxf/trunk/pom.xml 2014-02-24 09:51:06 UTC (rev 18410) +++ stack/cxf/trunk/pom.xml 2014-02-24 12:56:33 UTC (rev 18411) @@ -50,6 +50,7 @@  <modules> +  <module>modules/server</module> <module>modules/client</module> <module>modules/endorsed</module> @@ -108,6 +109,7 @@ <wstx.version>4.2.0</wstx.version> <spring.version>3.0.7.RELEASE</spring.version> <shrinkwrap.version>1.1.3</shrinkwrap.version> + <jaspi.api.version>1.0.0.Alpha1</jaspi.api.version> </properties> @@ -1156,6 +1158,11 @@ <artifactId>jboss-servlet-api_3.0_spec</artifactId> <version>${servlet.api.version}</version> </dependency> + <dependency> + <groupId>org.jboss.spec.javax.security.auth.message</groupId> + <artifactId>jboss-jaspi-api_1.1_spec</artifactId> + <version>${jaspi.api.version}</version> + </dependency>  <dependency>

10 years, 2 months

1
0
0 / 0

JBossWS SVN: r18410 - stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/cxf/udp.

by jbossws-commits＠lists.jboss.org

Author: psakar Date: 2014-02-24 04:51:06 -0500 (Mon, 24 Feb 2014) New Revision: 18410 Modified: stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/cxf/udp/UDPEndpointAPITestCase.java Log: [JBWS-3721] Fixing testcase - improve readability Modified: stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/cxf/udp/UDPEndpointAPITestCase.java =================================================================== --- stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/cxf/udp/UDPEndpointAPITestCase.java 2014-02-24 03:34:56 UTC (rev 18409) +++ stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/cxf/udp/UDPEndpointAPITestCase.java 2014-02-24 09:51:06 UTC (rev 18410) @@ -63,7 +63,7 @@ public void testClientSide() throws Exception { if (!isProperNetworkSetup()) { - System.out.println("Skipping broadcast test: no non-loopback IPv4 interface available"); + System.out.println("Skipping broadcast test: no non-loopback IPv4 interface available"); //IPv6 does not support broadcast, so some IPv4 nonloopback interface with broacast is required return; } Bus bus = BusFactory.newInstance().createBus(); @@ -88,22 +88,15 @@ private boolean isProperNetworkSetup() throws Exception { Enumeration<NetworkInterface> interfaces = NetworkInterface.getNetworkInterfaces(); - int count = 0; while (interfaces.hasMoreElements()) { NetworkInterface networkInterface = interfaces.nextElement(); - if (!networkInterface.isUp() || networkInterface.isLoopback() || !isBroadcastAddressAvailable(networkInterface)) + if (networkInterface.isUp() && !networkInterface.isLoopback() && isBroadcastAddressAvailable(networkInterface)) { - continue; + return true; } - count++; } - if (count == 0) - { - //no non-loopbacks, cannot do broadcasts - return false; - } - return true; + return false; } private boolean isBroadcastAddressAvailable(NetworkInterface networkInterface) {

10 years, 2 months

1
0
0 / 0

JBossWS SVN: r18409 - in spi/trunk/src/main/java/org/jboss/wsf/spi: security and 1 other directory.

by jbossws-commits＠lists.jboss.org

Author: jim.ma Date: 2014-02-23 22:34:56 -0500 (Sun, 23 Feb 2014) New Revision: 18409 Added: spi/trunk/src/main/java/org/jboss/wsf/spi/security/JASPIAuthenticationProvider.java Modified: spi/trunk/src/main/java/org/jboss/wsf/spi/deployer/Deployer.java Log: [JBWS-3767]:Add apis for jaspi soap profile Modified: spi/trunk/src/main/java/org/jboss/wsf/spi/deployer/Deployer.java =================================================================== --- spi/trunk/src/main/java/org/jboss/wsf/spi/deployer/Deployer.java 2014-02-22 01:49:07 UTC (rev 18408) +++ spi/trunk/src/main/java/org/jboss/wsf/spi/deployer/Deployer.java 2014-02-24 03:34:56 UTC (rev 18409) @@ -51,6 +51,11 @@ */ void addSecurityDomain(String name, Map<String,String> authenticationOptions) throws Exception; + + public void addJaspiSecurityDomain(String name, String loginModuleStackName, Map<String, String> loginModuleOptions, + String authModuleName, Map<String, String> authModuleOptions) throws Exception; + + /** * Removes a security domain * Added: spi/trunk/src/main/java/org/jboss/wsf/spi/security/JASPIAuthenticationProvider.java =================================================================== --- spi/trunk/src/main/java/org/jboss/wsf/spi/security/JASPIAuthenticationProvider.java (rev 0) +++ spi/trunk/src/main/java/org/jboss/wsf/spi/security/JASPIAuthenticationProvider.java 2014-02-24 03:34:56 UTC (rev 18409) @@ -0,0 +1,40 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2014, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.spi.security; + +import java.util.Map; + +import org.jboss.wsf.spi.deployment.Deployment; +import org.jboss.wsf.spi.deployment.Endpoint; +import org.jboss.wsf.spi.metadata.webservices.JBossWebservicesMetaData; + +/** + * Interface to enable jaspi authentication on server/client side + * @author <a href="mailto:ema@redhat.com">Jim Ma</a> + */ +public interface JASPIAuthenticationProvider +{ + boolean enableClientAuthentication(Object target, Map<String, String> properties); + boolean enableServerAuthentication(Deployment dep, JBossWebservicesMetaData wsmd); + public boolean enableServerAuthentication(Object target, Endpoint endpoint); + +} Property changes on: spi/trunk/src/main/java/org/jboss/wsf/spi/security/JASPIAuthenticationProvider.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native

10 years, 2 months

1
0
0 / 0

JBossWS SVN: r18408 - stack/native/branches/jbossws-native-3.1.2.SP15-patch-01_JBPAPP-10869/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws1172.

by jbossws-commits＠lists.jboss.org

Author: klape Date: 2014-02-21 20:49:07 -0500 (Fri, 21 Feb 2014) New Revision: 18408 Modified: stack/native/branches/jbossws-native-3.1.2.SP15-patch-01_JBPAPP-10869/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws1172/JBWS1172TestCase.java Log: [JBPAPP-11003] Fixing schema validation test cases Modified: stack/native/branches/jbossws-native-3.1.2.SP15-patch-01_JBPAPP-10869/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws1172/JBWS1172TestCase.java =================================================================== --- stack/native/branches/jbossws-native-3.1.2.SP15-patch-01_JBPAPP-10869/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws1172/JBWS1172TestCase.java 2014-02-21 19:17:52 UTC (rev 18407) +++ stack/native/branches/jbossws-native-3.1.2.SP15-patch-01_JBPAPP-10869/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws1172/JBWS1172TestCase.java 2014-02-22 01:49:07 UTC (rev 18408) @@ -63,7 +63,7 @@ public void testSchemaValidationPositive() throws Exception { URL wsdlURL = getResourceURL("jaxws/jbws1172/WEB-INF/wsdl/TestService.wsdl"); - Map<String, byte[]> xsdStreams = new SchemaExtractor().getSchemas(wsdlURL); + Map<String, byte[]> xsdStreams = new SchemaExtractor(wsdlURL).getSchemasFromWsdl(); String inxml = "<tns:performTest xmlns:tns='http://www.my-company.it/ws/my-test'><Code>1000</Code></tns:performTest>"; new SchemaValidationHelper(xsdStreams).validateDocument(inxml); } @@ -71,7 +71,7 @@ public void testSchemaValidationNegative() throws Exception { URL wsdlURL = getResourceURL("jaxws/jbws1172/WEB-INF/wsdl/TestService.wsdl"); - Map<String, byte[]> xsdStreams = new SchemaExtractor().getSchemas(wsdlURL); + Map<String, byte[]> xsdStreams = new SchemaExtractor(wsdlURL).getSchemasFromWsdl(); String inxml = "<tns:performTest xmlns:tns='http://www.my-company.it/ws/my-test'><Code>2000</Code></tns:performTest>"; try { @@ -80,14 +80,14 @@ catch (SAXException ex) { String msg = ex.getMessage(); - assertTrue("Unexpectd message: " + msg, msg.indexOf("Value '2000' is not facet-valid with respect to maxInclusive '1000'") > 0); + assertTrue("Unexpected message: " + msg, msg.indexOf("Value '2000' is not facet-valid with respect to maxInclusive '1000'") > 0); } } public void testEndpointWsdlValidation() throws Exception { URL wsdlURL = new URL("http://" + getServerHost() + ":8080/jaxws-jbws1172/noval?wsdl"); - Map<String, byte[]> xsdStreams = new SchemaExtractor().getSchemas(wsdlURL); + Map<String, byte[]> xsdStreams = new SchemaExtractor(wsdlURL).getSchemasFromWsdl(); String inxml = "<tns:performTest xmlns:tns='http://www.my-company.it/ws/my-test'><Code>1000</Code></tns:performTest>"; new SchemaValidationHelper(xsdStreams).validateDocument(inxml); }

10 years, 2 months

1
0
0 / 0

JBossWS SVN: r18407 - in stack/native/branches/jbossws-native-3.1.2.SP15-patch-01_JBPAPP-10869/modules/core/src/main/java/org/jboss/ws: extensions/validation and 1 other directory.

by jbossws-commits＠lists.jboss.org

Author: klape Date: 2014-02-21 14:17:52 -0500 (Fri, 21 Feb 2014) New Revision: 18407 Modified: stack/native/branches/jbossws-native-3.1.2.SP15-patch-01_JBPAPP-10869/modules/core/src/main/java/org/jboss/ws/core/soap/SOAPBodyElementDoc.java stack/native/branches/jbossws-native-3.1.2.SP15-patch-01_JBPAPP-10869/modules/core/src/main/java/org/jboss/ws/extensions/validation/SchemaExtractor.java Log: [JBPAPP-11003] Schema resource handling now uses URLs rather than filenames so VFS can be utilized Modified: stack/native/branches/jbossws-native-3.1.2.SP15-patch-01_JBPAPP-10869/modules/core/src/main/java/org/jboss/ws/core/soap/SOAPBodyElementDoc.java =================================================================== --- stack/native/branches/jbossws-native-3.1.2.SP15-patch-01_JBPAPP-10869/modules/core/src/main/java/org/jboss/ws/core/soap/SOAPBodyElementDoc.java 2014-02-21 17:54:06 UTC (rev 18406) +++ stack/native/branches/jbossws-native-3.1.2.SP15-patch-01_JBPAPP-10869/modules/core/src/main/java/org/jboss/ws/core/soap/SOAPBodyElementDoc.java 2014-02-21 19:17:52 UTC (rev 18407) @@ -98,14 +98,13 @@ private void validatePayload(Source source) { - SchemaExtractor schemaExtractor = new SchemaExtractor(); try { CommonMessageContext msgContext = MessageContextAssociation.peekMessageContext(); EndpointMetaData epMetaData = msgContext.getEndpointMetaData(); feature = epMetaData.getFeature(SchemaValidationFeature.class); URL xsdURL = feature.getSchemaLocation() != null ? new URL(feature.getSchemaLocation()) : null; - Map<String, byte[]> xsdStreams = new HashMap<String, byte[]>(); + Map<String, byte[]> xsdStreams = null; if (xsdURL == null) { URL wsdlURL = epMetaData.getServiceMetaData().getWsdlFileOrLocation(); @@ -115,21 +114,18 @@ } else { - xsdStreams = schemaExtractor.getSchemas(wsdlURL); + SchemaExtractor schemaExtractor = new SchemaExtractor(wsdlURL); + xsdStreams = schemaExtractor.getSchemasFromWsdl(); } } - if (xsdURL != null) + else { - ErrorHandler errorHandler = feature.getErrorHandler(); - Element xmlDOM = DOMUtils.sourceToElement(source); - new SchemaValidationHelper(xsdURL).setErrorHandler(errorHandler).validateDocument(xmlDOM); + SchemaExtractor schemaExtractor = new SchemaExtractor(xsdURL); + xsdStreams = schemaExtractor.getSchemas(); } - else //xsdStreams != null - { - ErrorHandler errorHandler = feature.getErrorHandler(); - Element xmlDOM = DOMUtils.sourceToElement(source); - new SchemaValidationHelper(xsdStreams).setErrorHandler(errorHandler).validateDocument(xmlDOM); - } + ErrorHandler errorHandler = feature.getErrorHandler(); + Element xmlDOM = DOMUtils.sourceToElement(source); + new SchemaValidationHelper(xsdStreams).setErrorHandler(errorHandler).validateDocument(xmlDOM); } catch (RuntimeException rte) { Modified: stack/native/branches/jbossws-native-3.1.2.SP15-patch-01_JBPAPP-10869/modules/core/src/main/java/org/jboss/ws/extensions/validation/SchemaExtractor.java =================================================================== --- stack/native/branches/jbossws-native-3.1.2.SP15-patch-01_JBPAPP-10869/modules/core/src/main/java/org/jboss/ws/extensions/validation/SchemaExtractor.java 2014-02-21 17:54:06 UTC (rev 18406) +++ stack/native/branches/jbossws-native-3.1.2.SP15-patch-01_JBPAPP-10869/modules/core/src/main/java/org/jboss/ws/extensions/validation/SchemaExtractor.java 2014-02-21 19:17:52 UTC (rev 18407) @@ -23,10 +23,10 @@ import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; -import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; +import java.io.File; import java.io.OutputStreamWriter; import java.net.URL; import java.util.ArrayList; @@ -62,8 +62,10 @@ // provide logging private static Logger log = Logger.getLogger(SchemaExtractor.class); private static Transformer transformer = null; - private String path; - static { + private URL topLevelResource; + + static + { try { transformer = TransformerFactory.newInstance().newTransformer(); @@ -72,18 +74,31 @@ { throw new RuntimeException(e); } + } + public SchemaExtractor(URL wsdlURL) + { + this.topLevelResource = wsdlURL; } - public Map<String, byte[]> getSchemas(URL wsdlURL) throws IOException + + public Map<String, byte[]> getSchemas() throws IOException { - Map<String, byte[]> streams = new HashMap<String, byte[]>(); - //Get the path to the WSDL - String wsdlFile = wsdlURL.getFile(); - int lastSlash = wsdlFile.lastIndexOf(File.separator); - path = wsdlFile.substring(0, lastSlash+1); + Map<String, byte[]> streams = new HashMap<String, byte[]>(); + Element root = DOMUtils.parse(topLevelResource.openStream()); + List<Element> list = new ArrayList<Element>(); + list.add(root); + //no need to propagate any namespaces here + List<Attr> nsAttrs = new ArrayList<Attr>(); + processSchemas(streams, list, nsAttrs); + return streams; + } + public Map<String, byte[]> getSchemasFromWsdl() throws IOException + { + Map<String, byte[]> streams = new HashMap<String, byte[]>(); + // parse the wsdl - Element root = DOMUtils.parse(wsdlURL.openStream()); + Element root = DOMUtils.parse(topLevelResource.openStream()); List<Attr> nsAttrs = getNamespaceAttrs(root); @@ -105,6 +120,14 @@ return null; } + processSchemas(streams, schemaElements, nsAttrs); + + return streams; + } + + private void processSchemas(Map<String, byte[]> streams, List<Element> schemaElements, List<Attr> nsAttrs) + throws IOException + { for (Element schemaElement : schemaElements) { @@ -124,8 +147,6 @@ + schemaElement.getAttribute("targetNamespace")); } - - for (Attr nsAttr : nsAttrs) { @@ -147,8 +168,6 @@ String tns = newSchemeElement.getAttribute("targetNamespace"); streams.put(tns, outStream.toByteArray()); } - - return streams; } private List<Attr> getNamespaceAttrs(Element element) @@ -191,7 +210,7 @@ try { - FileInputStream in = new FileInputStream( path + schemaLocation ); + InputStream in = new URL( getUrlPath() + schemaLocation ).openStream(); outStream = new ByteArrayOutputStream(); int bt = 0; @@ -212,8 +231,15 @@ } catch(IOException ioe) { - log.warn("Error obtaining schema: " + path + schemaLocation); + log.warn("Error obtaining schema: " + getUrlPath() + schemaLocation); } } } + + private String getUrlPath() + { + String resStr = topLevelResource.toString(); + int lastSlash = resStr.lastIndexOf("/"); + return resStr.substring(0, lastSlash+1); + } }

10 years, 2 months

1
0
0 / 0

JBossWS SVN: r18406 - in stack/native/branches/jbossws-native-3.1.2.SP15-patch-01_JBPAPP-10869: modules/core/src/main/java/org/jboss/ws/extensions/validation and 1 other directory.

by jbossws-commits＠lists.jboss.org

Author: klape Date: 2014-02-21 12:54:06 -0500 (Fri, 21 Feb 2014) New Revision: 18406 Modified: stack/native/branches/jbossws-native-3.1.2.SP15-patch-01_JBPAPP-10869/modules/core/src/main/java/org/jboss/ws/extensions/validation/SchemaExtractor.java stack/native/branches/jbossws-native-3.1.2.SP15-patch-01_JBPAPP-10869/pom.xml Log: [JBPAPP-10869] Schema extractor should allow filenames with non-alphabetic characters Modified: stack/native/branches/jbossws-native-3.1.2.SP15-patch-01_JBPAPP-10869/modules/core/src/main/java/org/jboss/ws/extensions/validation/SchemaExtractor.java =================================================================== --- stack/native/branches/jbossws-native-3.1.2.SP15-patch-01_JBPAPP-10869/modules/core/src/main/java/org/jboss/ws/extensions/validation/SchemaExtractor.java 2014-02-21 16:03:51 UTC (rev 18405) +++ stack/native/branches/jbossws-native-3.1.2.SP15-patch-01_JBPAPP-10869/modules/core/src/main/java/org/jboss/ws/extensions/validation/SchemaExtractor.java 2014-02-21 17:54:06 UTC (rev 18406) @@ -23,6 +23,7 @@ import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; +import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; @@ -77,9 +78,9 @@ { Map<String, byte[]> streams = new HashMap<String, byte[]>(); //Get the path to the WSDL - Pattern p = Pattern.compile("[a-zA-Z]+\\.[a-zA-Z]+$"); - Matcher m = p.matcher(wsdlURL.getFile()); - path = m.replaceFirst(""); + String wsdlFile = wsdlURL.getFile(); + int lastSlash = wsdlFile.lastIndexOf(File.separator); + path = wsdlFile.substring(0, lastSlash+1); // parse the wsdl Element root = DOMUtils.parse(wsdlURL.openStream()); Modified: stack/native/branches/jbossws-native-3.1.2.SP15-patch-01_JBPAPP-10869/pom.xml =================================================================== --- stack/native/branches/jbossws-native-3.1.2.SP15-patch-01_JBPAPP-10869/pom.xml 2014-02-21 16:03:51 UTC (rev 18405) +++ stack/native/branches/jbossws-native-3.1.2.SP15-patch-01_JBPAPP-10869/pom.xml 2014-02-21 17:54:06 UTC (rev 18406) @@ -74,7 +74,7 @@ <woodstox.version>3.2.9</woodstox.version> <wsdl4j.version>1.6.2</wsdl4j.version> <xmlsec.version>1.5.1</xmlsec.version> - <xalan.version>2.7.1-patch-05</xalan.version> + <xalan.version>2.7.1-patch-04</xalan.version> <xerces.version>2.9.1</xerces.version> </properties>

10 years, 2 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jbossws-commits February 2014