JBossWS SVN: r18000 - in projects/jaspic-soap/trunk/src: main/java/org/jboss/ws/jaspic/container/module and 3 other directories.
5:11 a.m.
Author: jim.ma
Date: 2013-10-16 06:11:07 -0400 (Wed, 16 Oct 2013)
New Revision: 18000
Modified:
projects/jaspic-soap/trunk/src/main/java/org/jboss/ws/jaspic/container/config/JBossWSAuthConfigProvider.java
projects/jaspic-soap/trunk/src/main/java/org/jboss/ws/jaspic/container/config/JBossWSAuthConstants.java
projects/jaspic-soap/trunk/src/main/java/org/jboss/ws/jaspic/container/config/JBossWSServerAuthConfig.java
projects/jaspic-soap/trunk/src/main/java/org/jboss/ws/jaspic/container/config/JBossWSServerAuthContext.java
projects/jaspic-soap/trunk/src/main/java/org/jboss/ws/jaspic/container/config/SecurityActions.java
projects/jaspic-soap/trunk/src/main/java/org/jboss/ws/jaspic/container/module/SOAPServerAuthModule.java
projects/jaspic-soap/trunk/src/main/java/org/jboss/ws/jaspic/wss/validator/UsernameTokenValidator.java
projects/jaspic-soap/trunk/src/test/java/org/jboss/ws/jaspic/container/config/JASPISoapTest.java
projects/jaspic-soap/trunk/src/test/resources/usernametoken-soapmessage.xml
Log:
Refactor JASPISoapTest;Pass client subject to wss4j UserNameTokenValidator
Modified:
projects/jaspic-soap/trunk/src/main/java/org/jboss/ws/jaspic/container/config/JBossWSAuthConfigProvider.java
===================================================================
---
projects/jaspic-soap/trunk/src/main/java/org/jboss/ws/jaspic/container/config/JBossWSAuthConfigProvider.java 2013-10-16
06:29:47 UTC (rev 17999)
+++
projects/jaspic-soap/trunk/src/main/java/org/jboss/ws/jaspic/container/config/JBossWSAuthConfigProvider.java 2013-10-16
10:11:07 UTC (rev 18000)
@@ -30,6 +30,9 @@
import javax.security.auth.message.config.ClientAuthConfig;
import javax.security.auth.message.config.ServerAuthConfig;
+/**
+ * @author <a href="ema(a)redhat.com">Jim Ma</a>
+ */
public class JBossWSAuthConfigProvider implements AuthConfigProvider {
private Properties contextProperties;
Modified:
projects/jaspic-soap/trunk/src/main/java/org/jboss/ws/jaspic/container/config/JBossWSAuthConstants.java
===================================================================
---
projects/jaspic-soap/trunk/src/main/java/org/jboss/ws/jaspic/container/config/JBossWSAuthConstants.java 2013-10-16
06:29:47 UTC (rev 17999)
+++
projects/jaspic-soap/trunk/src/main/java/org/jboss/ws/jaspic/container/config/JBossWSAuthConstants.java 2013-10-16
10:11:07 UTC (rev 18000)
@@ -1,5 +1,28 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2013, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
package org.jboss.ws.jaspic.container.config;
-
+/**
+ * @author <a href="ema(a)redhat.com">Jim Ma</a>
+ */
public class JBossWSAuthConstants {
public static final String WSS4J_CONFIG = "wss4j.config";
Modified:
projects/jaspic-soap/trunk/src/main/java/org/jboss/ws/jaspic/container/config/JBossWSServerAuthConfig.java
===================================================================
---
projects/jaspic-soap/trunk/src/main/java/org/jboss/ws/jaspic/container/config/JBossWSServerAuthConfig.java 2013-10-16
06:29:47 UTC (rev 17999)
+++
projects/jaspic-soap/trunk/src/main/java/org/jboss/ws/jaspic/container/config/JBossWSServerAuthConfig.java 2013-10-16
10:11:07 UTC (rev 18000)
@@ -44,13 +44,14 @@
import org.jboss.security.auth.login.AuthenticationInfo;
import org.jboss.security.auth.login.BaseAuthenticationInfo;
import org.jboss.security.auth.login.JASPIAuthenticationInfo;
-import org.jboss.security.auth.message.config.JBossServerAuthContext;
import org.jboss.security.config.ApplicationPolicy;
import org.jboss.security.config.ControlFlag;
import org.jboss.security.config.SecurityConfiguration;
import org.jboss.security.plugins.ClassLoaderLocator;
import org.jboss.security.plugins.ClassLoaderLocatorFactory;
-
+/**
+ * @author <a href="ema(a)redhat.com">Jim Ma</a>
+ */
//TODO: Refactor JBossServerAuthConfig, this class should extend JBossServerAuthConfig,
public class JBossWSServerAuthConfig implements ServerAuthConfig {
private String layer;
@@ -152,7 +153,7 @@
}
}
- JBossServerAuthContext serverAuthContext = new JBossServerAuthContext(
+ JBossWSServerAuthContext serverAuthContext = new JBossWSServerAuthContext(
modules, mapOptionsByName, this.callbackHandler);
serverAuthContext.setControlFlags(controlFlags);
return serverAuthContext;
Modified:
projects/jaspic-soap/trunk/src/main/java/org/jboss/ws/jaspic/container/config/JBossWSServerAuthContext.java
===================================================================
---
projects/jaspic-soap/trunk/src/main/java/org/jboss/ws/jaspic/container/config/JBossWSServerAuthContext.java 2013-10-16
06:29:47 UTC (rev 17999)
+++
projects/jaspic-soap/trunk/src/main/java/org/jboss/ws/jaspic/container/config/JBossWSServerAuthContext.java 2013-10-16
10:11:07 UTC (rev 18000)
@@ -20,7 +20,9 @@
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.jboss.ws.jaspic.container.config;
-
+/**
+ * @author <a href="ema(a)redhat.com">Jim Ma</a>
+ */
import java.util.List;
import java.util.Map;
Modified:
projects/jaspic-soap/trunk/src/main/java/org/jboss/ws/jaspic/container/config/SecurityActions.java
===================================================================
---
projects/jaspic-soap/trunk/src/main/java/org/jboss/ws/jaspic/container/config/SecurityActions.java 2013-10-16
06:29:47 UTC (rev 17999)
+++
projects/jaspic-soap/trunk/src/main/java/org/jboss/ws/jaspic/container/config/SecurityActions.java 2013-10-16
10:11:07 UTC (rev 18000)
@@ -20,7 +20,9 @@
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.jboss.ws.jaspic.container.config;
-
+/**
+ * @author <a href="ema(a)redhat.com">Jim Ma</a>
+ */
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
Modified:
projects/jaspic-soap/trunk/src/main/java/org/jboss/ws/jaspic/container/module/SOAPServerAuthModule.java
===================================================================
---
projects/jaspic-soap/trunk/src/main/java/org/jboss/ws/jaspic/container/module/SOAPServerAuthModule.java 2013-10-16
06:29:47 UTC (rev 17999)
+++
projects/jaspic-soap/trunk/src/main/java/org/jboss/ws/jaspic/container/module/SOAPServerAuthModule.java 2013-10-16
10:11:07 UTC (rev 18000)
@@ -44,7 +44,9 @@
import org.jboss.security.auth.container.modules.AbstractServerAuthModule;
import org.jboss.ws.jaspic.container.config.JBossWSAuthConstants;
import org.jboss.ws.jaspic.wss.validator.UsernameTokenValidator;
-
+/**
+ * @author <a href="ema(a)redhat.com">Jim Ma</a>
+ */
public class SOAPServerAuthModule extends AbstractServerAuthModule {
private String securityDomainName = null;
@@ -60,6 +62,13 @@
}
@Override
+ public AuthStatus validateRequest(MessageInfo messageInfo,
+ Subject clientSubject, Subject serviceSubject) throws AuthException {
+ //TODO:look at what we need to do with options
+ return validate(clientSubject, messageInfo) ? AuthStatus.SUCCESS : AuthStatus.FAILURE;
+ }
+
+ @Override
protected boolean validate(Subject clientSubject, MessageInfo messageInfo)
throws AuthException {
@@ -86,7 +95,7 @@
WSSConfig wssConfig = WSSConfig.getNewInstance();
- setJASPICValidator(wssConfig);
+ setJASPICValidator(wssConfig, clientSubject);
cxfSoapMessage.put(WSSConfig.class.getName(), wssConfig);
//set the wss4j config from messageinfo
@@ -98,7 +107,6 @@
}
WSS4JInInterceptor wss4jInterceptor = new WSS4JInInterceptor();
- wss4jInterceptor.setIgnoreActions(true);
wss4jInterceptor.handleMessage(cxfSoapMessage);
return true;
@@ -110,9 +118,9 @@
throw new UnsupportedOperationException();
}
- protected void setJASPICValidator(WSSConfig wssconfig) {
+ protected void setJASPICValidator(WSSConfig wssconfig, Subject subject) {
//TODO: add other validator
- UsernameTokenValidator usernameTokenValidator = new UsernameTokenValidator();
+ UsernameTokenValidator usernameTokenValidator = new UsernameTokenValidator(subject);
usernameTokenValidator.setContextName(getSecurityDomainName());
wssconfig.setValidator(WSSecurityEngine.USERNAME_TOKEN, usernameTokenValidator);
}
Modified:
projects/jaspic-soap/trunk/src/main/java/org/jboss/ws/jaspic/wss/validator/UsernameTokenValidator.java
===================================================================
---
projects/jaspic-soap/trunk/src/main/java/org/jboss/ws/jaspic/wss/validator/UsernameTokenValidator.java 2013-10-16
06:29:47 UTC (rev 17999)
+++
projects/jaspic-soap/trunk/src/main/java/org/jboss/ws/jaspic/wss/validator/UsernameTokenValidator.java 2013-10-16
10:11:07 UTC (rev 18000)
@@ -21,10 +21,81 @@
*/
package org.jboss.ws.jaspic.wss.validator;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.message.token.UsernameToken;
+import org.apache.ws.security.validate.Credential;
import org.apache.ws.security.validate.JAASUsernameTokenValidator;
-
+/**
+ * @author <a href="ema(a)redhat.com">Jim Ma</a>
+ */
public class UsernameTokenValidator extends JAASUsernameTokenValidator {
+
+ private Subject subject;
+
+ public UsernameTokenValidator(Subject subject) {
+ this.subject = subject;
+ }
+
//wss4j's JAASUsernameTokenValidator only supports plain text password
//TODO: support other type password
+ private static org.apache.commons.logging.Log log =
+ org.apache.commons.logging.LogFactory.getLog(UsernameTokenValidator.class);
+ public Credential validate(Credential credential, RequestData data) throws
WSSecurityException {
+ if (credential == null || credential.getUsernametoken() == null) {
+ throw new WSSecurityException(WSSecurityException.FAILURE,
"noCredential");
+ }
+
+ String user = null;
+ String password = null;
+
+ UsernameToken usernameToken = credential.getUsernametoken();
+
+ user = usernameToken.getName();
+ String pwType = usernameToken.getPasswordType();
+ if (log.isDebugEnabled()) {
+ log.debug("UsernameToken user " + usernameToken.getName());
+ log.debug("UsernameToken password type " + pwType);
+ }
+
+ if (usernameToken.isHashed()) {
+ log.warn("Authentication failed as hashed username token not
supported");
+ throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION);
+ }
+
+ password = usernameToken.getPassword();
+
+ if (!WSConstants.PASSWORD_TEXT.equals(pwType)) {
+ log.warn("Password type " + pwType + " not supported");
+ throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION);
+ }
+
+ if (!(user != null && user.length() > 0 && password != null
&& password.length() > 0)) {
+ log.warn("User or password empty");
+ throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION);
+ }
+
+ try {
+ CallbackHandler handler = getCallbackHandler(user, password);
+ LoginContext ctx = new LoginContext(getContextName(), subject , handler);
+ ctx.login();
+ Subject subject = ctx.getSubject();
+ credential.setSubject(subject);
+ } catch (LoginException ex) {
+ log.info("Authentication failed", ex);
+ throw new WSSecurityException(
+ WSSecurityException.FAILED_AUTHENTICATION, null, null, ex
+ );
+ }
+
+ return credential;
+
+ }
}
Modified:
projects/jaspic-soap/trunk/src/test/java/org/jboss/ws/jaspic/container/config/JASPISoapTest.java
===================================================================
---
projects/jaspic-soap/trunk/src/test/java/org/jboss/ws/jaspic/container/config/JASPISoapTest.java 2013-10-16
06:29:47 UTC (rev 17999)
+++
projects/jaspic-soap/trunk/src/test/java/org/jboss/ws/jaspic/container/config/JASPISoapTest.java 2013-10-16
10:11:07 UTC (rev 18000)
@@ -50,7 +50,9 @@
import org.jboss.security.auth.message.GenericMessageInfo;
import org.junit.BeforeClass;
import org.junit.Test;
-
+/**
+ * @author <a href="ema(a)redhat.com">Jim Ma</a>
+ */
public class JASPISoapTest extends TestCase {
@BeforeClass
@@ -87,12 +89,13 @@
MessageInfo messageInfo = new GenericMessageInfo();
Properties props = new Properties();
- props.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
- props.put(WSHandlerConstants.TIMESTAMP_STRICT, "false");
+ props.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN + " "
+ WSHandlerConstants.TIMESTAMP);
messageInfo.getMap().put(JBossWSAuthConstants.WSS4J_CONFIG, props);
messageInfo.setRequestMessage(prepareSOAPMessage("usernametoken-soapmessage.xml"));
- AuthStatus authStatus = sctx.validateRequest(messageInfo, new Subject(), new
Subject());
+ Subject clientSubject = new Subject();
+ Subject serviceSubject = new Subject();
+ AuthStatus authStatus = sctx.validateRequest(messageInfo, clientSubject,
serviceSubject);
assertTrue(authStatus.equals(AuthStatus.SUCCESS));
}
@@ -114,7 +117,7 @@
String content = readFile(fins);
XmlSchemaDateFormat formater = new XmlSchemaDateFormat();
- String replaced = content.replaceAll("NOW", formater.format(new
Date(System.currentTimeMillis()-10)));
+ String replaced = content.replaceAll("\\$NOW", formater.format(new
Date()));
ByteArrayInputStream bin = new ByteArrayInputStream(replaced.getBytes());
return factory.createMessage(null, bin);
}
Modified: projects/jaspic-soap/trunk/src/test/resources/usernametoken-soapmessage.xml
===================================================================
--- projects/jaspic-soap/trunk/src/test/resources/usernametoken-soapmessage.xml 2013-10-16
06:29:47 UTC (rev 17999)
+++ projects/jaspic-soap/trunk/src/test/resources/usernametoken-soapmessage.xml 2013-10-16
10:11:07 UTC (rev 18000)
@@ -1 +1,24 @@
-<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><S...
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">&...
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-...
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-w...
soap:mustUnderstand="1"><wsu:Timestamp
wsu:Id="TS-96d29305-8a68-42a9-84a7-3f30a2a04e11"><wsu:Created>NOW</wsu:Created><wsu:Expires>NOW</wsu:Expires></wsu:Timestamp><wsse:UsernameToken
wsu:Id="UsernameToken-4313b55e-cbcd-438f-8408-c19f1016b208"><wsse:Username>jbossws</wsse:Username><wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-userna...
xmlns:ns2="http://www.example.org/schema/DoubleIt"><numbe...
\ No newline at end of file
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
+ <SOAP-ENV:Header
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
+ <wsse:Security
+ xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-...
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-w...
+ soap:mustUnderstand="1">
+ <wsu:Timestamp wsu:Id="TS-96d29305-8a68-42a9-84a7-3f30a2a04e11">
+ <wsu:Created>$NOW</wsu:Created>
+ <wsu:Expires>2113-10-16T08:58:19.763Z</wsu:Expires>
+ </wsu:Timestamp>
+ <wsse:UsernameToken
+ wsu:Id="UsernameToken-4313b55e-cbcd-438f-8408-c19f1016b208">
+ <wsse:Username>jbossws</wsse:Username>
+ <wsse:Password
+ Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-userna...
+ </wsse:UsernameToken>
+ </wsse:Security>
+ </SOAP-ENV:Header>
+ <soap:Body>
+ <ns2:DoubleIt xmlns:ns2="http://www.example.org/schema/DoubleIt">
+ <numberToDouble>25</numberToDouble>
+ </ns2:DoubleIt>
+ </soap:Body>
+</soap:Envelope>
\ No newline at end of file
4084
days inactive
4084
days old
jbossws-commits@lists.jboss.org
0 comments
1 participants
participants (1)
-
jbossws-commits@lists.jboss.org