Author: jim.ma
Date: 2013-12-17 03:34:08 -0500 (Tue, 17 Dec 2013)
New Revision: 18186
Added:
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/module/UsernameTokenServerAuthModule.java
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/JaspiSubjectCreatingInterceptor.java
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/JaspiAuthenticationTestCase.java
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/ServiceIface.java
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/ServiceImpl.java
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/UsernamePasswordCallback.java
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaspi/
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaspi/WEB-INF/
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaspi/WEB-INF/jboss-webservices.xml
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaspi/WEB-INF/web.xml
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaspi/WEB-INF/wsdl/
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaspi/WEB-INF/wsdl/SecurityService.wsdl
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaspi/WEB-INF/wsdl/SecurityService_schema1.xsd
Removed:
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/module/SOAPServerAuthModule.java
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/validator/
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/cxf/jaspi/
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/resources/jaxws/cxf/jaspi/
Modified:
stack/cxf/branches/jaspi/modules/client/src/main/java/org/jboss/wsf/stack/cxf/Loggers.java
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/deployment/aspect/BusDeploymentAspect.java
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/JaspiServerAuthenticator.java
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSClientAuthConfig.java
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSServerAuthConfig.java
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreatingInterceptor.java
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreatingPolicyInterceptor.java
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreator.java
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/scripts/cxf-jars-jaxws.xml
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/scripts/cxf-samples-jars-jaxws.xml
Log:
Transparently direct the wsse authentication in ServerAuthModule without define the wss4j
actions
Modified:
stack/cxf/branches/jaspi/modules/client/src/main/java/org/jboss/wsf/stack/cxf/Loggers.java
===================================================================
---
stack/cxf/branches/jaspi/modules/client/src/main/java/org/jboss/wsf/stack/cxf/Loggers.java 2013-12-16
20:46:04 UTC (rev 18185)
+++
stack/cxf/branches/jaspi/modules/client/src/main/java/org/jboss/wsf/stack/cxf/Loggers.java 2013-12-17
08:34:08 UTC (rev 18186)
@@ -216,4 +216,9 @@
@LogMessage(level = WARN)
@Message(id = 24098, value = "No JASPIAuthenticationInfo found for security
domain '%s'")
void noJaspiApplicationPolicy(String securityDomain);
+
+ @LogMessage(level = WARN)
+ @Message(id = 24099, value = "Can not create Jaspi ServerAuthContext for
security domain '%s'")
+ void cannotCreateServerAuthContext(String securityDomain);
+
}
Modified:
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/deployment/aspect/BusDeploymentAspect.java
===================================================================
---
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/deployment/aspect/BusDeploymentAspect.java 2013-12-16
20:46:04 UTC (rev 18185)
+++
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/deployment/aspect/BusDeploymentAspect.java 2013-12-17
08:34:08 UTC (rev 18186)
@@ -29,8 +29,10 @@
import javax.security.auth.message.config.AuthConfigFactory;
import javax.security.auth.message.config.AuthConfigProvider;
import javax.security.auth.message.config.ServerAuthConfig;
+import javax.security.auth.message.config.ServerAuthContext;
import javax.xml.ws.spi.Provider;
+import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
import org.apache.cxf.configuration.Configurer;
import org.jboss.security.auth.callback.JBossCallbackHandler;
@@ -138,7 +140,7 @@
epConfigFile = wsmd.getConfigFile();
}
- JaspiServerAuthenticator jaspiAuthenticator = getJaspiAuthenticator(dep, wsmd);
+ JaspiServerAuthenticator jaspiAuthenticator = getJaspiAuthenticator(dep, wsmd,
holder.getBus());
Configurer configurer =
holder.createServerConfigurer(dep.getAttachment(BindingCustomization.class),
new WSDLFilePublisher(aDep), dep.getService().getEndpoints(),
aDep.getRootFile(), epConfigName, epConfigFile);
@@ -152,7 +154,7 @@
}
}
- private JaspiServerAuthenticator getJaspiAuthenticator(Deployment dep,
JBossWebservicesMetaData wsmd) {
+ private JaspiServerAuthenticator getJaspiAuthenticator(Deployment dep,
JBossWebservicesMetaData wsmd, Bus bus) {
String securityDomain = null;
if (wsmd != null) {
securityDomain =
wsmd.getProperty(JaspiServerAuthenticator.JASPI_SECURITY_DOMAIN);
@@ -183,11 +185,17 @@
try
{
ServerAuthConfig serverConfig =
provider.getServerAuthConfig(JBossWSAuthConstants.SOAP_LAYER, appId, callbackHandler);
- return new JaspiServerAuthenticator(serverConfig, securityDomain, jai);
+ Properties serverContextProperties = new Properties();
+ serverContextProperties.put("security-domain", securityDomain);
+ serverContextProperties.put("jaspi-policy", jai);
+ serverContextProperties.put(Bus.class, bus);
+ String authContextID = dep.getSimpleName();
+ ServerAuthContext sctx = serverConfig.getAuthContext(authContextID, null,
serverContextProperties);
+ return new JaspiServerAuthenticator(sctx);
}
catch (Exception e)
{
- e.printStackTrace();
+ Loggers.DEPLOYMENT_LOGGER.cannotCreateServerAuthContext(securityDomain);
}
return null;
Modified:
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/JaspiServerAuthenticator.java
===================================================================
---
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/JaspiServerAuthenticator.java 2013-12-16
20:46:04 UTC (rev 18185)
+++
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/JaspiServerAuthenticator.java 2013-12-17
08:34:08 UTC (rev 18186)
@@ -21,13 +21,9 @@
*/
package org.jboss.wsf.stack.cxf.jaspi;
-import java.util.Properties;
-
-import javax.security.auth.Subject;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
-import javax.security.auth.message.config.ServerAuthConfig;
import javax.security.auth.message.config.ServerAuthContext;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPMessage;
@@ -42,138 +38,104 @@
import org.apache.cxf.interceptor.OutgoingChainInterceptor;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageImpl;
-import org.jboss.security.auth.login.JASPIAuthenticationInfo;
import org.jboss.security.auth.message.GenericMessageInfo;
-/**
+
+/**
* @author <a href="ema(a)redhat.com">Jim Ma</a>
*/
-public class JaspiServerAuthenticator
-{
- public static final String JASPI_SECURITY_DOMAIN = "jaspi.security.domain";
- private ServerAuthConfig serverConfig;
- private String securityDomain;
- private JASPIAuthenticationInfo jpi;
+public class JaspiServerAuthenticator {
+ public static final String JASPI_SECURITY_DOMAIN = "jaspi.security.domain";
+ private ServerAuthContext sctx;
- public JaspiServerAuthenticator(ServerAuthConfig serverConfig, String securityDomain,
JASPIAuthenticationInfo jpi)
- {
+ public JaspiServerAuthenticator(ServerAuthContext sctx) {
+ this.sctx = sctx;
+ }
- this.serverConfig = serverConfig;
- this.securityDomain = securityDomain;
- this.jpi = jpi;
- }
+ public void validateRequest(SoapMessage message) {
+ SOAPMessage soapMessage = message.getContent(SOAPMessage.class);
+ MessageInfo messageInfo = new GenericMessageInfo(soapMessage, null);
+ AuthStatus authStatus;
+ try {
+ authStatus = sctx.validateRequest(messageInfo, null, null);
+ } catch (AuthException e) {
+ if (isSOAP12(message)) {
+ SoapFault soap12Fault = new SoapFault(e.getMessage(), Soap12
+ .getInstance().getReceiver());
+ throw soap12Fault;
+ } else {
+ throw new SoapFault(e.getMessage(), new QName("",
+ "japsi AuthException"));
+ }
+ }
+ Message response = null;
+ if (messageInfo.getResponseMessage() != null
+ && !message.getExchange().isOneWay()) {
- public void validateRequest(SoapMessage message)
- {
- SOAPMessage soapMessage = message.getContent(SOAPMessage.class);
- MessageInfo messageInfo = new GenericMessageInfo(soapMessage, null);
- String authContextID = serverConfig.getAuthContextID(messageInfo);
+ Endpoint e = message.getExchange().get(Endpoint.class);
- Properties serverContextProperties = new Properties();
- serverContextProperties.put("security-domain", securityDomain);
- serverContextProperties.put("jaspi-policy", jpi);
- Subject clientSubject = new Subject();
- AuthStatus authStatus = null;
- try
- {
- ServerAuthContext sctx = serverConfig.getAuthContext(authContextID,
clientSubject, serverContextProperties);
-
- authStatus = sctx.validateRequest(messageInfo, clientSubject, null);
- }
- catch (AuthException e)
- {
- if (isSOAP12(message))
- {
- SoapFault soap12Fault = new SoapFault(e.getMessage(),
Soap12.getInstance().getReceiver());
- throw soap12Fault;
- }
- else
- {
- throw new SoapFault(e.getMessage(), new QName("", "japsi
AuthException"));
- }
- }
- Message response = null;
- if (messageInfo.getResponseMessage() != null &&
!message.getExchange().isOneWay())
- {
+ response = new MessageImpl();
+ response.setExchange(message.getExchange());
+ response = e.getBinding().createMessage(response);
+ message.getExchange().setOutMessage(response);
+ response.setContent(SOAPMessage.class,
+ messageInfo.getResponseMessage());
+ if (AuthStatus.SEND_CONTINUE == authStatus) {
+ response.put(Message.RESPONSE_CODE, Integer.valueOf(303));
+ }
+ if (AuthStatus.SEND_FAILURE == authStatus) {
+ response.put(Message.RESPONSE_CODE, Integer.valueOf(500));
+ }
- Endpoint e = message.getExchange().get(Endpoint.class);
+ message.getInterceptorChain().abort();
+ InterceptorChain chain = OutgoingChainInterceptor
+ .getOutInterceptorChain(message.getExchange());
+ response.setInterceptorChain(chain);
+ chain.doInterceptStartingAfter(response,
+ SoapPreProtocolOutInterceptor.class.getName());
- response = new MessageImpl();
- response.setExchange(message.getExchange());
- response = e.getBinding().createMessage(response);
- message.getExchange().setOutMessage(response);
- response.setContent(SOAPMessage.class, messageInfo.getResponseMessage());
- if (AuthStatus.SEND_CONTINUE == authStatus)
- {
- response.put(Message.RESPONSE_CODE, Integer.valueOf(303));
- }
- if (AuthStatus.SEND_FAILURE == authStatus)
- {
- response.put(Message.RESPONSE_CODE, Integer.valueOf(500));
- }
+ }
- message.getInterceptorChain().abort();
- InterceptorChain chain =
OutgoingChainInterceptor.getOutInterceptorChain(message.getExchange());
- response.setInterceptorChain(chain);
- chain.doInterceptStartingAfter(response,
SoapPreProtocolOutInterceptor.class.getName());
+ }
- }
+ public void secureResponse(SoapMessage message) {
+ SOAPMessage request = message.getExchange().getInMessage()
+ .get(SOAPMessage.class);
+ SOAPMessage response = message.getContent(SOAPMessage.class);
+ MessageInfo messageInfo = new GenericMessageInfo(request, response);
+ AuthStatus authStatus = null;
+ try {
+ authStatus = sctx.secureResponse(messageInfo, null);
+ } catch (AuthException e) {
+ if (isSOAP12(message)) {
+ SoapFault soap12Fault = new SoapFault(e.getMessage(), Soap12
+ .getInstance().getReceiver());
+ throw soap12Fault;
+ } else {
+ throw new SoapFault(e.getMessage(), new QName("",
+ "japsi AuthException"));
+ }
+ }
+ if (messageInfo.getResponseMessage() != null
+ && !message.getExchange().isOneWay()) {
+ if (AuthStatus.SEND_CONTINUE == authStatus) {
+ message.put(Message.RESPONSE_CODE, Integer.valueOf(303));
+ }
+ if (AuthStatus.SEND_FAILURE == authStatus) {
+ message.put(Message.RESPONSE_CODE, Integer.valueOf(500));
+ }
+ }
- }
+ }
- public void secureResponse(SoapMessage message)
- {
- SOAPMessage request = message.getExchange().getInMessage().get(SOAPMessage.class);
- SOAPMessage response = message.getContent(SOAPMessage.class);
- MessageInfo messageInfo = new GenericMessageInfo(request, response);
- String authContextID = serverConfig.getAuthContextID(messageInfo);
+ private boolean isSOAP12(Message message) {
+ if (message.getExchange().getBinding() instanceof SoapBinding) {
+ SoapBinding binding = (SoapBinding) message.getExchange()
+ .getBinding();
+ if (binding.getSoapVersion() == Soap12.getInstance()) {
+ return true;
+ }
+ }
+ return false;
+ }
- Properties serverContextProperties = new Properties();
- serverContextProperties.put("security-domain", securityDomain);
- serverContextProperties.put("jaspi-policy", jpi);
- Subject clientSubject = new Subject();
- AuthStatus authStatus = null;
- try
- {
- ServerAuthContext sctx = serverConfig.getAuthContext(authContextID,
clientSubject, serverContextProperties);
- authStatus = sctx.secureResponse(messageInfo, null);
- }
- catch (AuthException e)
- {
- if (isSOAP12(message))
- {
- SoapFault soap12Fault = new SoapFault(e.getMessage(),
Soap12.getInstance().getReceiver());
- throw soap12Fault;
- }
- else
- {
- throw new SoapFault(e.getMessage(), new QName("", "japsi
AuthException"));
- }
- }
- if (messageInfo.getResponseMessage() != null &&
!message.getExchange().isOneWay())
- {
- if (AuthStatus.SEND_CONTINUE == authStatus)
- {
- message.put(Message.RESPONSE_CODE, Integer.valueOf(303));
- }
- if (AuthStatus.SEND_FAILURE == authStatus)
- {
- message.put(Message.RESPONSE_CODE, Integer.valueOf(500));
- }
- }
-
- }
-
- private boolean isSOAP12(Message message)
- {
- if (message.getExchange().getBinding() instanceof SoapBinding)
- {
- SoapBinding binding = (SoapBinding)message.getExchange().getBinding();
- if (binding.getSoapVersion() == Soap12.getInstance())
- {
- return true;
- }
- }
- return false;
- }
-
}
Modified:
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSClientAuthConfig.java
===================================================================
---
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSClientAuthConfig.java 2013-12-16
20:46:04 UTC (rev 18185)
+++
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSClientAuthConfig.java 2013-12-17
08:34:08 UTC (rev 18186)
@@ -63,8 +63,6 @@
Map<String, Map> mapOptionsByName = new HashMap<String, Map>();
- String secDomain = (String)properties.get("security-domain");
-
JASPIAuthenticationInfo jai =
(JASPIAuthenticationInfo)properties.get("jaspi-policy");
AuthModuleEntry[] amearr = jai.getAuthModuleEntry();
Modified:
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSServerAuthConfig.java
===================================================================
---
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSServerAuthConfig.java 2013-12-16
20:46:04 UTC (rev 18185)
+++
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/config/JBossWSServerAuthConfig.java 2013-12-17
08:34:08 UTC (rev 18186)
@@ -45,7 +45,9 @@
import javax.xml.soap.SOAPMessage;
import javax.xml.soap.SOAPPart;
+import org.apache.cxf.Bus;
import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.interceptor.InterceptorProvider;
import org.jboss.security.auth.callback.JBossCallbackHandler;
import org.jboss.security.auth.container.config.AuthModuleEntry;
import org.jboss.security.auth.login.JASPIAuthenticationInfo;
@@ -62,7 +64,7 @@
private CallbackHandler callbackHandler = new JBossCallbackHandler();
@SuppressWarnings("rawtypes")
private List modules = new ArrayList();
- @SuppressWarnings({ "unused", "rawtypes" })
+ @SuppressWarnings({"rawtypes" })
private Map contextProperties;
@SuppressWarnings("rawtypes")
@@ -80,8 +82,6 @@
List<ControlFlag> controlFlags = new ArrayList<ControlFlag>();
Map<String, Map> mapOptionsByName = new HashMap<String, Map>();
- String secDomain = (String)properties.get("security-domain");
-
JASPIAuthenticationInfo jai =
(JASPIAuthenticationInfo)properties.get("jaspi-policy");
AuthModuleEntry[] amearr = jai.getAuthModuleEntry();
@@ -94,6 +94,7 @@
moduleCL = locator.get(jbossModule);
}
+ InterceptorProvider ip =
(InterceptorProvider)contextProperties.get(InterceptorProvider.class);
for (AuthModuleEntry ame : amearr)
{
if (ame.getLoginModuleStackHolderName() != null)
@@ -105,7 +106,10 @@
ServerAuthModule sam = this.createSAM(moduleCL, ame.getAuthModuleName(),
ame.getLoginModuleStackHolderName());
Map options = new HashMap();
-
+ options.put(InterceptorProvider.class, ip);
+ Bus bus = (Bus)properties.get(Bus.class);
+ options.put(Bus.class, bus);
+
sam.initialize(null, null, callbackHandler, options);
modules.add(sam);
}
Deleted:
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/module/SOAPServerAuthModule.java
===================================================================
---
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/module/SOAPServerAuthModule.java 2013-12-16
20:46:04 UTC (rev 18185)
+++
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/module/SOAPServerAuthModule.java 2013-12-17
08:34:08 UTC (rev 18186)
@@ -1,139 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2013, Red Hat, Inc., and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.wsf.stack.cxf.jaspi.module;
-
-import java.util.Map.Entry;
-import java.util.Properties;
-
-import javax.security.auth.Subject;
-import javax.security.auth.message.AuthException;
-import javax.security.auth.message.AuthStatus;
-import javax.security.auth.message.MessageInfo;
-import javax.xml.soap.SOAPException;
-import javax.xml.soap.SOAPMessage;
-
-import org.apache.cxf.binding.soap.SoapMessage;
-import org.apache.cxf.binding.soap.SoapVersion;
-import org.apache.cxf.binding.soap.SoapVersionFactory;
-import org.apache.cxf.message.Exchange;
-import org.apache.cxf.message.ExchangeImpl;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageImpl;
-import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
-import org.apache.ws.security.WSSConfig;
-import org.apache.ws.security.WSSecurityEngine;
-import org.jboss.security.auth.container.modules.AbstractServerAuthModule;
-import org.jboss.wsf.stack.cxf.jaspi.config.JBossWSAuthConstants;
-import org.jboss.wsf.stack.cxf.jaspi.validator.UsernameTokenValidator;
-/**
- * @author <a href="ema(a)redhat.com">Jim Ma</a>
- */
-public class SOAPServerAuthModule extends AbstractServerAuthModule {
- private String securityDomainName = null;
- private WSSConfig wssConfig = WSSConfig.getNewInstance();
- private WSS4JInInterceptor wss4jInterceptor = new WSS4JInInterceptor();
- public SOAPServerAuthModule() {
- supportedTypes.add(Object.class);
- supportedTypes.add(SOAPMessage.class);
- }
-
- public SOAPServerAuthModule(String lmshName) {
- supportedTypes.add(Object.class);
- this.supportedTypes.add(SOAPMessage.class);
- securityDomainName = lmshName;
- }
-
- @Override
- public AuthStatus validateRequest(MessageInfo messageInfo,
- Subject clientSubject, Subject serviceSubject) throws AuthException {
- return validate(clientSubject, messageInfo) ? AuthStatus.SUCCESS : AuthStatus.FAILURE;
- }
-
- @Override
- protected boolean validate(Subject clientSubject, MessageInfo messageInfo)
- throws AuthException {
-
- SOAPMessage soapMessage = (SOAPMessage)messageInfo.getRequestMessage();
- SoapVersion soapVersion = null;
- try {
- String ns = soapMessage.getSOAPBody().getNamespaceURI();
- soapVersion = SoapVersionFactory.getInstance().getSoapVersion(ns);
- } catch (SOAPException e) {
- throw new AuthException(e.getMessage());
- }
- if (soapVersion == null) {
- throw new AuthException("Invalid soap message");
- }
-
-
- Exchange exchange = new ExchangeImpl();
- MessageImpl messageImpl = new MessageImpl();
- messageImpl.setExchange(exchange);
- SoapMessage cxfSoapMessage = new SoapMessage(messageImpl);
- cxfSoapMessage.setVersion(soapVersion);
- cxfSoapMessage.setContent(SOAPMessage.class, soapMessage);
- cxfSoapMessage.put(Message.HTTP_REQUEST_METHOD, "POST");
-
- setJASPICValidator(wssConfig, clientSubject);
- cxfSoapMessage.put(WSSConfig.class.getName(), wssConfig);
-
- for (Object key : options.keySet()) {
- cxfSoapMessage.put((String)key, options.get(key));
- }
- //set the wss4j config from messageinfo
- if (messageInfo.getMap().get(JBossWSAuthConstants.WSS4J_CONFIG) != null) {
- Properties props =
(Properties)messageInfo.getMap().get(JBossWSAuthConstants.WSS4J_CONFIG);
- for(Entry<Object, Object> e : props.entrySet()) {
- cxfSoapMessage.put(e.getKey().toString(), e.getValue());
- }
- }
- wss4jInterceptor.handleMessage(cxfSoapMessage);
-
- return true;
-
- }
-
- public AuthStatus secureResponse(MessageInfo arg0, Subject arg1)
- throws AuthException {
- throw new UnsupportedOperationException();
- }
-
- protected void setJASPICValidator(WSSConfig wssconfig, Subject subject) {
- UsernameTokenValidator usernameTokenValidator = new UsernameTokenValidator(subject);
- usernameTokenValidator.setContextName(getSecurityDomainName());
- wssconfig.setValidator(WSSecurityEngine.USERNAME_TOKEN, usernameTokenValidator);
- }
-
- protected String getSecurityDomainName() {
- if (this.securityDomainName != null)
- return securityDomainName;
-
- // Check if it is passed in the options
- String domainName = (String) options
- .get("javax.security.auth.login.LoginContext");
- if (domainName == null) {
- domainName = getClass().getName();
- }
- return domainName;
- }
-
-}
\ No newline at end of file
Added:
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/module/UsernameTokenServerAuthModule.java
===================================================================
---
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/module/UsernameTokenServerAuthModule.java
(rev 0)
+++
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/module/UsernameTokenServerAuthModule.java 2013-12-17
08:34:08 UTC (rev 18186)
@@ -0,0 +1,118 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2013, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.wsf.stack.cxf.jaspi.module;
+
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.MessagePolicy;
+import javax.xml.soap.SOAPMessage;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.endpoint.Endpoint;
+import org.apache.cxf.interceptor.InterceptorProvider;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.jboss.security.auth.container.modules.AbstractServerAuthModule;
+import org.jboss.wsf.stack.cxf.security.authentication.JaspiSubjectCreatingInterceptor;
+
+/**
+ * @author <a href="ema(a)redhat.com">Jim Ma</a>
+ */
+public class UsernameTokenServerAuthModule extends AbstractServerAuthModule
+{
+ private String securityDomainName = null;
+ private Endpoint endpoint = null;
+ private Bus bus = null;
+ private InterceptorProvider ip = null;
+
+ @SuppressWarnings("rawtypes")
+ public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy,
CallbackHandler handler, Map options) throws AuthException
+ {
+ super.initialize(requestPolicy, responsePolicy, handler, options);
+ endpoint = (Endpoint)options.get(Endpoint.class);
+ if (endpoint == null && options.get(Bus.class) != null)
+ {
+ bus = (Bus)options.get(Bus.class);
+ bus.setProperty(SecurityConstants.VALIDATE_TOKEN, false);
+ ip = (InterceptorProvider)bus;
+ }
+ if (endpoint != null) {
+ endpoint.put(SecurityConstants.VALIDATE_TOKEN, false);
+ ip = (InterceptorProvider)endpoint;
+ }
+ if (ip != null)
+ {
+ JaspiSubjectCreatingInterceptor jaspiInterceptor = new
JaspiSubjectCreatingInterceptor(securityDomainName);
+ ip.getInInterceptors().add(jaspiInterceptor);
+ }
+
+ }
+
+ public UsernameTokenServerAuthModule()
+ {
+ supportedTypes.add(Object.class);
+ supportedTypes.add(SOAPMessage.class);
+ }
+
+ public UsernameTokenServerAuthModule(String lmshName)
+ {
+ supportedTypes.add(Object.class);
+ this.supportedTypes.add(SOAPMessage.class);
+ securityDomainName = lmshName;
+ }
+
+ @Override
+ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject,
Subject serviceSubject) throws AuthException
+ {
+ return AuthStatus.SUCCESS;
+ }
+
+ public AuthStatus secureResponse(MessageInfo arg0, Subject arg1) throws AuthException
+ {
+ throw new UnsupportedOperationException();
+ }
+
+ protected String getSecurityDomainName()
+ {
+ if (this.securityDomainName != null)
+ return securityDomainName;
+
+ // Check if it is passed in the options
+ String domainName =
(String)options.get("javax.security.auth.login.LoginContext");
+ if (domainName == null)
+ {
+ domainName = getClass().getName();
+ }
+ return domainName;
+ }
+
+ @Override
+ protected boolean validate(Subject clientSubject, MessageInfo messageInfo) throws
AuthException
+ {
+ return true;
+ }
+
+}
\ No newline at end of file
Property changes on:
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/jaspi/module/UsernameTokenServerAuthModule.java
___________________________________________________________________
Added: svn:keywords
+ Rev Date
Added: svn:eol-style
+ native
Added:
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/JaspiSubjectCreatingInterceptor.java
===================================================================
---
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/JaspiSubjectCreatingInterceptor.java
(rev 0)
+++
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/JaspiSubjectCreatingInterceptor.java 2013-12-17
08:34:08 UTC (rev 18186)
@@ -0,0 +1,72 @@
+package org.jboss.wsf.stack.cxf.security.authentication;
+
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+
+import org.apache.cxf.common.security.SecurityToken;
+import org.apache.cxf.common.security.TokenType;
+import org.apache.cxf.common.security.UsernameToken;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.security.SecurityContext;
+import org.apache.ws.security.WSUsernameTokenPrincipal;
+import org.jboss.security.auth.callback.JBossCallbackHandler;
+import org.jboss.security.plugins.JBossAuthenticationManager;
+import org.jboss.wsf.spi.deployment.Endpoint;
+import org.jboss.wsf.spi.security.SecurityDomainContext;
+import org.jboss.wsf.stack.cxf.Loggers;
+import org.jboss.wsf.stack.cxf.Messages;
+
+public class JaspiSubjectCreatingInterceptor extends SubjectCreatingPolicyInterceptor
+{
+ private JBossAuthenticationManager authenticationManger;
+
+ public JaspiSubjectCreatingInterceptor(String securityDomain) {
+ super();
+ authenticationManger = new JBossAuthenticationManager(securityDomain, new
JBossCallbackHandler());
+ }
+
+
+ @Override
+ public void handleMessage(Message message) throws Fault
+ {
+ Endpoint ep = message.getExchange().get(Endpoint.class);
+ SecurityDomainContext sdc = ep.getSecurityDomainContext();
+ SecurityContext context = message.get(SecurityContext.class);
+ if (context == null || context.getUserPrincipal() == null)
+ {
+ Loggers.SECURITY_LOGGER.userPrincipalNotAvailableOnCurrentMessage();
+ return;
+ }
+
+ SecurityToken token = message.get(SecurityToken.class);
+ Subject subject = null;
+ if (token != null)
+ {
+ //Try authenticating using SecurityToken info
+ if (token.getTokenType() != TokenType.UsernameToken)
+ {
+ throw Messages.MESSAGES.unsupportedTokenType(token.getTokenType());
+ }
+ UsernameToken ut = (UsernameToken) token;
+ subject = helper.createSubject(authenticationManger,ut.getName(),
ut.getPassword(), ut.isHashed(), ut.getNonce(), ut.getCreatedTime());
+
+ }
+ else
+ {
+ //Try authenticating using WSS4J internal info (previously set into
SecurityContext by WSS4JInInterceptor)
+ Principal p = context.getUserPrincipal();
+ if (!(p instanceof WSUsernameTokenPrincipal)) {
+ throw Messages.MESSAGES.couldNotGetSubjectInfo();
+ }
+ WSUsernameTokenPrincipal up = (WSUsernameTokenPrincipal) p;
+ subject = createSubject(sdc, up.getName(), up.getPassword(),
up.isPasswordDigest(), up.getNonce(), up.getCreatedTime());
+ }
+
+ Principal principal = getPrincipal(context.getUserPrincipal(), subject);
+ message.put(SecurityContext.class, createSecurityContext(principal, subject));
+ }
+
+
+}
Property changes on:
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/JaspiSubjectCreatingInterceptor.java
___________________________________________________________________
Added: svn:keywords
+ Rev Date
Added: svn:eol-style
+ native
Modified:
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreatingInterceptor.java
===================================================================
---
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreatingInterceptor.java 2013-12-16
20:46:04 UTC (rev 18185)
+++
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreatingInterceptor.java 2013-12-17
08:34:08 UTC (rev 18186)
@@ -60,12 +60,12 @@
*/
public class SubjectCreatingInterceptor extends WSS4JInInterceptor
{
+ protected SubjectCreator helper = new SubjectCreator();
+
private static final Logger LOG =
LogUtils.getL7dLogger(SubjectCreatingInterceptor.class);
private ThreadLocal<SecurityDomainContext> sdc = new
ThreadLocal<SecurityDomainContext>();
-
- private SubjectCreator helper = new SubjectCreator();
-
+
private boolean supportDigestPasswords;
public SubjectCreatingInterceptor()
Modified:
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreatingPolicyInterceptor.java
===================================================================
---
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreatingPolicyInterceptor.java 2013-12-16
20:46:04 UTC (rev 18185)
+++
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreatingPolicyInterceptor.java 2013-12-17
08:34:08 UTC (rev 18186)
@@ -51,7 +51,7 @@
*/
public class SubjectCreatingPolicyInterceptor extends
AbstractPhaseInterceptor<Message>
{
- private SubjectCreator helper = new SubjectCreator();
+ protected SubjectCreator helper = new SubjectCreator();
public SubjectCreatingPolicyInterceptor()
{
@@ -99,7 +99,7 @@
message.put(SecurityContext.class, createSecurityContext(principal, subject));
}
- private Subject createSubject(SecurityDomainContext sdc, String name, String password,
boolean isDigest, String nonce, String creationTime)
+ protected Subject createSubject(SecurityDomainContext sdc, String name, String
password, boolean isDigest, String nonce, String creationTime)
{
Subject subject = null;
try
Modified:
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreator.java
===================================================================
---
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreator.java 2013-12-16
20:46:04 UTC (rev 18185)
+++
stack/cxf/branches/jaspi/modules/server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreator.java 2013-12-17
08:34:08 UTC (rev 18186)
@@ -35,6 +35,7 @@
import org.apache.cxf.common.security.SimplePrincipal;
import org.jboss.security.auth.callback.CallbackHandlerPolicyContextHandler;
+import org.jboss.security.plugins.JBossAuthenticationManager;
import org.jboss.ws.common.utils.DelegateClassLoader;
import org.jboss.wsf.spi.classloading.ClassLoaderProvider;
import org.jboss.wsf.spi.security.SecurityDomainContext;
@@ -124,8 +125,67 @@
}
return subject;
}
+ //TODO:refactor this
+ public Subject createSubject(JBossAuthenticationManager manager, String name, String
password, boolean isDigest, String nonce, String created)
+ {
+ if (isDigest)
+ {
+ verifyUsernameToken(nonce, created);
+ // It is not possible at the moment to figure out if the digest has been created
+ // using the original nonce bytes or the bytes of the (Base64)-encoded nonce,
some
+ // legacy clients might use the (Base64)-encoded nonce bytes when creating a
digest;
+ // lets default to true and assume the nonce has been Base-64 encoded, given
that
+ // WSS4J client Base64-decodes the nonce before creating the digest
- private void verifyUsernameToken(String nonce, String created)
+ CallbackHandler handler = new UsernameTokenCallbackHandler(nonce, created,
decodeNonce);
+ CallbackHandlerPolicyContextHandler.setCallbackHandler(handler);
+ }
+
+ // authenticate and populate Subject
+
+
+ Principal principal = new SimplePrincipal(name);
+ Subject subject = new Subject();
+
+ boolean TRACE = SECURITY_LOGGER.isTraceEnabled();
+ if (TRACE)
+ SECURITY_LOGGER.aboutToAuthenticate(manager.getSecurityDomain());
+
+ try
+ {
+ ClassLoader tccl = SecurityActions.getContextClassLoader();
+ //allow PicketBox to see jbossws modules' classes
+
SecurityActions.setContextClassLoader(createDelegateClassLoader(ClassLoaderProvider.getDefaultProvider().getServerIntegrationClassLoader(),
tccl));
+ try
+ {
+ if (manager.isValid(principal, password, subject) == false)
+ {
+ throw MESSAGES.authenticationFailed(principal.getName());
+ }
+ }
+ finally
+ {
+ SecurityActions.setContextClassLoader(tccl);
+ }
+ }
+ finally
+ {
+ if (isDigest)
+ {
+ // does not remove the TL entry completely but limits the potential
+ // growth to a number of available threads in a container
+ CallbackHandlerPolicyContextHandler.setCallbackHandler(null);
+ }
+ }
+
+ if (TRACE)
+ SECURITY_LOGGER.authenticated(name);
+
+ return subject;
+ }
+
+
+ protected void verifyUsernameToken(String nonce, String created)
{
if (created != null)
{
Modified: stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/scripts/cxf-jars-jaxws.xml
===================================================================
---
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/scripts/cxf-jars-jaxws.xml 2013-12-16
20:46:04 UTC (rev 18185)
+++
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/scripts/cxf-jars-jaxws.xml 2013-12-17
08:34:08 UTC (rev 18186)
@@ -291,16 +291,6 @@
dir="${tests.output.dir}/test-resources/jaxws/cxf/httpauth/digest"
prefix="WEB-INF/"/>
</war>
-
- <war warfile="${tests.output.dir}/test-libs/jaxws-cxf-jaspi.war"
webxml="${tests.output.dir}/test-resources/jaxws/cxf/jaspi/WEB-INF/web.xml">
- <classes dir="${tests.output.dir}/test-classes">
- <include
name="org/jboss/test/ws/jaxws/cxf/jaspi/Endpoint*.class"/>
- </classes>
-
- <webinf
dir="${tests.output.dir}/test-resources//jaxws/cxf/jaspi/WEB-INF">
- <include name="jboss-*.xml"/>
- </webinf>
- </war>
<!-- jaxws-cxf-jaxbintros -->
<jar
destfile="${tests.output.dir}/test-libs/jaxws-cxf-jaxbintros.jar">
Modified:
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/scripts/cxf-samples-jars-jaxws.xml
===================================================================
---
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/scripts/cxf-samples-jars-jaxws.xml 2013-12-16
20:46:04 UTC (rev 18185)
+++
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/scripts/cxf-samples-jars-jaxws.xml 2013-12-17
08:34:08 UTC (rev 18186)
@@ -509,7 +509,7 @@
<!-- jaxws-samples-wsse-policy-username -->
<war
-
warfile="${tests.output.dir}/test-libs/jaxws-samples-wsse-policy-username.war"
+ warfile="${tests.output.dir}/test-libs/jaxws-samples--username.war"
webxml="${tests.output.dir}/test-resources/jaxws/samples/wsse/policy/basic/username/WEB-INF/web.xml">
<classes dir="${tests.output.dir}/test-classes">
<include
name="org/jboss/test/ws/jaxws/samples/wsse/policy/basic/Service*.class"/>
@@ -543,6 +543,24 @@
<attribute name="Dependencies"
value="org.jboss.ws.cxf.jbossws-cxf-client,org.apache.cxf.impl"/> <!-- cxf
impl required due to custom interceptor in deployment -->
</manifest>
</war>
+
+ <!-- jaxws-samples-wsse-policy-username-jaspi -->
+ <war
+
warfile="${tests.output.dir}/test-libs/jaxws-samples-wsse-policy-username-jaspi.war"
+
webxml="${tests.output.dir}/test-resources/jaxws/samples/wsse/policy/jaspi/WEB-INF/web.xml">
+ <classes dir="${tests.output.dir}/test-classes">
+ <include
name="org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/Service*.class"/>
+ <include
name="org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/*.class"/>
+ </classes>
+ <webinf
dir="${tests.output.dir}/test-resources/jaxws/samples/wsse/policy/jaspi/WEB-INF">
+ <include name="jboss-*.xml"/>
+ <include name="wsdl/*"/>
+ </webinf>
+ <manifest>
+ <attribute name="Dependencies"
value="org.jboss.ws.cxf.jbossws-cxf-client,org.apache.cxf.impl"/> <!-- cxf
impl required due to custom interceptor in deployment -->
+ </manifest>
+ </war>
+
<!-- jaxws-samples-wsse-policy-username-jaas-digest -->
<war
Added:
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/JaspiAuthenticationTestCase.java
===================================================================
---
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/JaspiAuthenticationTestCase.java
(rev 0)
+++
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/JaspiAuthenticationTestCase.java 2013-12-17
08:34:08 UTC (rev 18186)
@@ -0,0 +1,114 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2011, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.ws.jaxws.samples.wsse.policy.jaspi;
+
+import java.net.URL;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.xml.namespace.QName;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.Service;
+
+import junit.extensions.TestSetup;
+import junit.framework.Test;
+
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.jboss.wsf.test.JBossWSCXFTestSetup;
+import org.jboss.wsf.test.JBossWSTest;
+import org.jboss.wsf.test.JBossWSTestHelper;
+
+//TODO: reuse jaas test
+public final class JaspiAuthenticationTestCase extends JBossWSTest
+{
+ private final String serviceURL = "http://" + getServerHost() +
":8080/jaxws-samples-wsse-policy-username-jaspi";
+
+ public static Test suite()
+ {
+ TestSetup testSetup = new JBossWSCXFTestSetup(JaspiAuthenticationTestCase.class,
"jaxws-samples-wsse-policy-username-jaspi.war") {
+
+ public void setUp() throws Exception
+ {
+ Map<String, String> loginModuleOptions = new HashMap<String,
String>();
+ String usersPropFile =
System.getProperty("org.jboss.ws.testsuite.securityDomain.users.propfile");
+ String rolesPropFile =
System.getProperty("org.jboss.ws.testsuite.securityDomain.roles.propfile");
+ if (usersPropFile != null)
+ {
+ loginModuleOptions.put("usersProperties", usersPropFile);
+ }
+ if (rolesPropFile != null)
+ {
+ loginModuleOptions.put("rolesProperties", rolesPropFile);
+ }
+
+ Map<String, String> authModuleOptions = new HashMap<String,
String>();
+ //authModuleOptions.put("action", "UsernameToken
Timestamp");
+ JBossWSTestHelper.addJaspiSecurityDomain("jaspi",
"jaas-lm-stack", loginModuleOptions,
"org.jboss.wsf.stack.cxf.jaspi.module.UsernameTokenServerAuthModule",
+ authModuleOptions);
+ super.setUp();
+ }
+
+ public void tearDown() throws Exception
+ {
+ JBossWSTestHelper.removeSecurityDomain("jaspi");
+ super.tearDown();
+
+ }
+ };
+ return testSetup;
+ }
+
+ public void testAuthenticated() throws Exception
+ {
+ QName serviceName = new
QName("http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy",
"SecurityService");
+ URL wsdlURL = new URL(serviceURL + "?wsdl");
+ Service service = Service.create(wsdlURL, serviceName);
+ ServiceIface proxy = (ServiceIface)service.getPort(ServiceIface.class);
+ setupWsse(proxy, "kermit");
+ assertEquals("Secure Hello World!", proxy.sayHello());
+ }
+
+ public void testUnauthenticated() throws Exception
+ {
+ QName serviceName = new
QName("http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy",
"SecurityService");
+ URL wsdlURL = new URL(serviceURL + "?wsdl");
+ Service service = Service.create(wsdlURL, serviceName);
+ ServiceIface proxy = (ServiceIface)service.getPort(ServiceIface.class);
+ setupWsse(proxy, "snoopy");
+ try
+ {
+ proxy.sayHello();
+ fail("User snoopy shouldn't be authenticated.");
+ }
+ catch (Exception e)
+ {
+ //OK
+ }
+ }
+
+ private void setupWsse(ServiceIface proxy, String username)
+ {
+ ((BindingProvider)proxy).getRequestContext().put(SecurityConstants.USERNAME,
username);
+ ((BindingProvider)proxy).getRequestContext()
+ .put(SecurityConstants.CALLBACK_HANDLER,
"org.jboss.test.ws.jaxws.samples.wsse.policy.jaspi.UsernamePasswordCallback");
+ }
+}
Property changes on:
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/JaspiAuthenticationTestCase.java
___________________________________________________________________
Added: svn:keywords
+ Rev Date
Added: svn:eol-style
+ native
Added:
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/ServiceIface.java
===================================================================
---
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/ServiceIface.java
(rev 0)
+++
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/ServiceIface.java 2013-12-17
08:34:08 UTC (rev 18186)
@@ -0,0 +1,38 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2011, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.ws.jaxws.samples.wsse.policy.jaspi;
+
+import javax.jws.WebMethod;
+import javax.jws.WebService;
+
+@WebService
+(
+ targetNamespace =
"http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy"
+)
+public interface ServiceIface
+{
+ @WebMethod
+ String sayHello();
+
+ @WebMethod
+ String greetMe();
+}
Property changes on:
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/ServiceIface.java
___________________________________________________________________
Added: svn:keywords
+ Rev Date
Added: svn:eol-style
+ native
Added:
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/ServiceImpl.java
===================================================================
---
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/ServiceImpl.java
(rev 0)
+++
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/ServiceImpl.java 2013-12-17
08:34:08 UTC (rev 18186)
@@ -0,0 +1,45 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2011, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.ws.jaxws.samples.wsse.policy.jaspi;
+
+import javax.jws.WebService;
+
+@WebService
+(
+ portName = "SecurityServicePort",
+ serviceName = "SecurityService",
+ wsdlLocation = "WEB-INF/wsdl/SecurityService.wsdl",
+ targetNamespace =
"http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy",
+ endpointInterface =
"org.jboss.test.ws.jaxws.samples.wsse.policy.jaspi.ServiceIface"
+)
+public class ServiceImpl implements ServiceIface
+{
+ public String sayHello()
+ {
+ return "Secure Hello World!";
+ }
+
+ public String greetMe()
+ {
+ return "Greetings!";
+ }
+}
Property changes on:
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/ServiceImpl.java
___________________________________________________________________
Added: svn:keywords
+ Rev Date
Added: svn:eol-style
+ native
Added:
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/UsernamePasswordCallback.java
===================================================================
---
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/UsernamePasswordCallback.java
(rev 0)
+++
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/UsernamePasswordCallback.java 2013-12-17
08:34:08 UTC (rev 18186)
@@ -0,0 +1,41 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.ws.jaxws.samples.wsse.policy.jaspi;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import org.apache.ws.security.WSPasswordCallback;
+
+public class UsernamePasswordCallback implements CallbackHandler
+{
+ public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException
+ {
+ WSPasswordCallback pc = (WSPasswordCallback)callbacks[0];
+ if ("kermit".equals(pc.getIdentifier()))
+ pc.setPassword("thefrog");
+ else
+ pc.setPassword("wrong password");
+ }
+}
Property changes on:
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaspi/UsernamePasswordCallback.java
___________________________________________________________________
Added: svn:keywords
+ Rev Date
Added: svn:eol-style
+ native
Added:
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaspi/WEB-INF/jboss-webservices.xml
===================================================================
---
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaspi/WEB-INF/jboss-webservices.xml
(rev 0)
+++
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaspi/WEB-INF/jboss-webservices.xml 2013-12-17
08:34:08 UTC (rev 18186)
@@ -0,0 +1,13 @@
+<?xml version="1.1" encoding="UTF-8"?>
+<webservices
+
xmlns="http://www.jboss.com/xml/ns/javaee"
+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ version="1.2"
+
xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee">
+
+ <property>
+ <name>jaspi.security.domain</name>
+ <value>jaspi</value>
+ </property>
+
+</webservices>
\ No newline at end of file
Property changes on:
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaspi/WEB-INF/jboss-webservices.xml
___________________________________________________________________
Added: svn:mime-type
+ text/xml
Added: svn:keywords
+ Rev Date
Added: svn:eol-style
+ native
Added:
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaspi/WEB-INF/web.xml
===================================================================
---
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaspi/WEB-INF/web.xml
(rev 0)
+++
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaspi/WEB-INF/web.xml 2013-12-17
08:34:08 UTC (rev 18186)
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<web-app
+ version="2.5"
xmlns="http://java.sun.com/xml/ns/javaee"
+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
+ <servlet>
+ <servlet-name>TestService</servlet-name>
+
<servlet-class>org.jboss.test.ws.jaxws.samples.wsse.policy.jaspi.ServiceImpl</servlet-class>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>TestService</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+</web-app>
Property changes on:
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaspi/WEB-INF/web.xml
___________________________________________________________________
Added: svn:mime-type
+ text/xml
Added: svn:keywords
+ Rev Date
Added: svn:eol-style
+ native
Added:
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaspi/WEB-INF/wsdl/SecurityService.wsdl
===================================================================
---
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaspi/WEB-INF/wsdl/SecurityService.wsdl
(rev 0)
+++
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaspi/WEB-INF/wsdl/SecurityService.wsdl 2013-12-17
08:34:08 UTC (rev 18186)
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"
standalone="yes"?>
+<definitions
targetNamespace="http://www.jboss.org/jbossws/ws-extensions/wssecuri...
name="SecurityService"
+
xmlns:tns="http://www.jboss.org/jbossws/ws-extensions/wssecuritypoli...
+
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+
xmlns="http://schemas.xmlsoap.org/wsdl/"
+
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-w...
+
xmlns:wsaws="http://www.w3.org/2005/08/addressing">
+ <types>
+ <xsd:schema>
+ <xsd:import
namespace="http://www.jboss.org/jbossws/ws-extensions/wssecuritypoli...
schemaLocation="SecurityService_schema1.xsd"/>
+ </xsd:schema>
+ </types>
+ <message name="sayHello">
+ <part name="parameters" element="tns:sayHello"/>
+ </message>
+ <message name="sayHelloResponse">
+ <part name="parameters" element="tns:sayHelloResponse"/>
+ </message>
+ <message name="greetMe">
+ <part name="parameters" element="tns:greetMe"/>
+ </message>
+ <message name="greetMeResponse">
+ <part name="parameters" element="tns:greetMeResponse"/>
+ </message>
+ <portType name="ServiceIface">
+ <operation name="sayHello">
+ <input message="tns:sayHello"/>
+ <output message="tns:sayHelloResponse"/>
+ </operation>
+ <operation name="greetMe">
+ <input message="tns:greetMe"/>
+ <output message="tns:greetMeResponse"/>
+ </operation>
+ </portType>
+ <binding name="SecurityServicePortBinding"
type="tns:ServiceIface">
+ <wsp:PolicyReference
URI="#SecurityServiceUsernameUnsecureTransportPolicy"/>
+ <soap:binding
transport="http://schemas.xmlsoap.org/soap/http"
style="document"/>
+ <operation name="sayHello">
+ <soap:operation soapAction=""/>
+ <input>
+ <soap:body use="literal"/>
+ </input>
+ <output>
+ <soap:body use="literal"/>
+ </output>
+ </operation>
+ <operation name="greetMe">
+ <soap:operation soapAction=""/>
+ <input>
+ <soap:body use="literal"/>
+ </input>
+ <output>
+ <soap:body use="literal"/>
+ </output>
+ </operation>
+ </binding>
+ <service name="SecurityService">
+ <port name="SecurityServicePort"
binding="tns:SecurityServicePortBinding">
+ <soap:address
location="http://@jboss.bind.address@:8080/jaxws-samples-wsse-username-jaas"/>
+ </port>
+ </service>
+
+ <wsp:Policy wsu:Id="SecurityServiceUsernameUnsecureTransportPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SupportingTokens
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702&...
+ <wsp:Policy>
+ <sp:UsernameToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/...
+ <wsp:Policy>
+ <sp:WssUsernameToken10/>
+ </wsp:Policy>
+ </sp:UsernameToken>
+ </wsp:Policy>
+ </sp:SupportingTokens>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</definitions>
Property changes on:
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaspi/WEB-INF/wsdl/SecurityService.wsdl
___________________________________________________________________
Added: svn:mime-type
+ text/xml
Added: svn:keywords
+ Rev Date
Added: svn:eol-style
+ native
Added:
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaspi/WEB-INF/wsdl/SecurityService_schema1.xsd
===================================================================
---
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaspi/WEB-INF/wsdl/SecurityService_schema1.xsd
(rev 0)
+++
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaspi/WEB-INF/wsdl/SecurityService_schema1.xsd 2013-12-17
08:34:08 UTC (rev 18186)
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"
standalone="yes"?>
+<xs:schema version="1.0"
targetNamespace="http://www.jboss.org/jbossws/ws-extensions/wssecuri...
xmlns:tns="http://www.jboss.org/jbossws/ws-extensions/wssecuritypoli...
xmlns:xs="http://www.w3.org/2001/XMLSchema">
+
+ <xs:element name="sayHello" type="tns:sayHello"/>
+
+ <xs:element name="sayHelloResponse"
type="tns:sayHelloResponse"/>
+
+ <xs:complexType name="sayHello">
+ <xs:sequence/>
+ </xs:complexType>
+
+ <xs:complexType name="sayHelloResponse">
+ <xs:sequence>
+ <xs:element name="return" type="xs:string"
minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:element name="greetMe" type="tns:greetMe"/>
+
+ <xs:element name="greetMeResponse"
type="tns:greetMeResponse"/>
+
+ <xs:complexType name="greetMe">
+ <xs:sequence/>
+ </xs:complexType>
+
+ <xs:complexType name="greetMeResponse">
+ <xs:sequence>
+ <xs:element name="return" type="xs:string"
minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+</xs:schema>
+
Property changes on:
stack/cxf/branches/jaspi/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaspi/WEB-INF/wsdl/SecurityService_schema1.xsd
___________________________________________________________________
Added: svn:mime-type
+ text/xml
Added: svn:keywords
+ Rev Date
Added: svn:eol-style
+ native