Author: alessio.soldano(a)jboss.com Date: 2008-05-26 07:41:28 -0400 (Mon, 26 May 2008) New Revision: 7167 Added: stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/ReceiveX509Certificate.java stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsse/Authenticate.java stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsse/SignatureCertAuth.java stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsse/UsernameAuth.java Modified: stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/KeyResolver.java stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/SecurityDecoder.java stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/element/Signature.java stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsse/Config.java stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java stack/native/trunk/modules/core/src/main/resources/schema/jboss-ws-security_1_0.xsd stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxrpc/wsse/MicrosoftInteropTestCase.java stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxrpc/wsse/RoundTripTestCase.java stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxrpc/wsse/SunInteropTestCase.java Log: [JBWS-1907][JBWS-652] JAAS certificate auth support for wsse Modified: stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/KeyResolver.java =================================================================== --- stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/KeyResolver.java 2008-05-26 11:24:42 UTC (rev 7166) +++ stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/KeyResolver.java 2008-05-26 11:41:28 UTC (rev 7167) @@ -94,7 +94,7 @@ return resolveX509IssuerSerial(issuerSerial); } - throw new NotImplementedException("Currently only DirectReference is supported!"); + throw new NotImplementedException("Currently only DirectReference, KeyIdentifier and X509IssuerSerial are supported!"); } private BinarySecurityToken resolveDirectReference(DirectReference direct) throws WSSecurityException Modified: stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/SecurityDecoder.java =================================================================== --- stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/SecurityDecoder.java 2008-05-26 11:24:42 UTC (rev 7166) +++ stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/SecurityDecoder.java 2008-05-26 11:41:28 UTC (rev 7167) @@ -37,11 +37,13 @@ import org.jboss.ws.extensions.security.nonce.NonceFactory; import org.jboss.ws.extensions.security.operation.DecryptionOperation; import org.jboss.ws.extensions.security.operation.ReceiveUsernameOperation; +import org.jboss.ws.extensions.security.operation.ReceiveX509Certificate; import org.jboss.ws.extensions.security.operation.RequireEncryptionOperation; import org.jboss.ws.extensions.security.operation.RequireOperation; import org.jboss.ws.extensions.security.operation.RequireSignatureOperation; import org.jboss.ws.extensions.security.operation.SignatureVerificationOperation; import org.jboss.ws.extensions.security.operation.TimestampVerificationOperation; +import org.jboss.ws.metadata.wsse.Authenticate; import org.jboss.ws.metadata.wsse.TimestampVerification; import org.w3c.dom.Document; import org.w3c.dom.Element; @@ -65,17 +67,20 @@ private SecurityStore store; private TimestampVerification timestampVerification; + + private Authenticate authenticate; private HashSet<String> signedIds = new HashSet<String>(); private HashSet<String> encryptedIds = new HashSet<String>(); - public SecurityDecoder(SecurityStore store, NonceFactory nonceFactory, TimestampVerification timestampVerification) + public SecurityDecoder(SecurityStore store, NonceFactory nonceFactory, TimestampVerification timestampVerification, Authenticate authenticate) { org.apache.xml.security.Init.init(); this.store = store; this.nonceFactory = nonceFactory; this.timestampVerification = timestampVerification; + this.authenticate = authenticate; } /** @@ -85,9 +90,9 @@ * @param SecurityStore the security store that contains key and trust information * @param now The timestamp to use as the current time when validating a message expiration */ - public SecurityDecoder(SecurityStore store, Calendar now, NonceFactory nonceFactory, TimestampVerification timestampVerification) + public SecurityDecoder(SecurityStore store, Calendar now, NonceFactory nonceFactory, TimestampVerification timestampVerification, Authenticate authenticate) { - this(store, nonceFactory, timestampVerification); + this(store, nonceFactory, timestampVerification, authenticate); this.now = now; } @@ -118,10 +123,13 @@ operation.process(message, timestamp); } - for (Token token : header.getTokens()) + if (authenticate == null || authenticate.isUsernameAuth()) { - if (token instanceof UsernameToken) - new ReceiveUsernameOperation(header, store, (nonceFactory != null ? nonceFactory.getStore() : null)).process(message, token); + for (Token token : header.getTokens()) + { + if (token instanceof UsernameToken) + new ReceiveUsernameOperation(header, store, (nonceFactory != null ? nonceFactory.getStore() : null)).process(message, token); + } } signedIds.clear(); @@ -135,9 +143,12 @@ // If this list gets much larger it should probably be a hash lookup if (process instanceof Signature) { - Collection<String> ids = signatureVerifier.process(message, process); + Signature signature = (Signature)process; + Collection<String> ids = signatureVerifier.process(message, signature); if (ids != null) signedIds.addAll(ids); + if (authenticate != null && authenticate.isSignatureCertAuth()) + new ReceiveX509Certificate(authenticate.getSignatureCertAuth().getCertificatePrincipal()).process(message, signature.getSecurityToken()); } else if (process instanceof EncryptedKey) { @@ -146,6 +157,8 @@ encryptedIds.addAll(ids); } } + + } public void verify(List<RequireOperation> requireOperations) throws WSSecurityException Modified: stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java =================================================================== --- stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java 2008-05-26 11:24:42 UTC (rev 7166) +++ stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java 2008-05-26 11:41:28 UTC (rev 7167) @@ -100,7 +100,7 @@ SecurityStore securityStore = new SecurityStore(configuration.getKeyStoreURL(), configuration.getKeyStoreType(), configuration.getKeyStorePassword(), configuration.getKeyPasswords(), configuration.getTrustStoreURL(), configuration.getTrustStoreType(), configuration.getTrustStorePassword()); NonceFactory factory = Util.loadFactory(NonceFactory.class, configuration.getNonceFactory(), DefaultNonceFactory.class); - SecurityDecoder decoder = new SecurityDecoder(securityStore, factory, configuration.getTimestampVerification()); + SecurityDecoder decoder = new SecurityDecoder(securityStore, factory, configuration.getTimestampVerification(), config.getAuthenticate()); decoder.decode(message.getSOAPPart(), secHeaderElement); Modified: stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/element/Signature.java =================================================================== --- stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/element/Signature.java 2008-05-26 11:24:42 UTC (rev 7166) +++ stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/element/Signature.java 2008-05-26 11:41:28 UTC (rev 7167) @@ -25,6 +25,7 @@ import org.apache.xml.security.exceptions.XMLSecurityException; import org.apache.xml.security.signature.XMLSignature; +import org.jboss.logging.Logger; import org.jboss.ws.extensions.security.KeyResolver; import org.jboss.ws.extensions.security.exception.WSSecurityException; import org.w3c.dom.Element; @@ -36,10 +37,13 @@ */ public class Signature implements SecurityProcess { + private static Logger log = Logger.getLogger(Signature.class); private XMLSignature signature; /* Used only for decoding */ private PublicKey publicKey; + /* Used only for jaas authentication */ + private BinarySecurityToken securityToken; private Element cachedElement; @@ -54,6 +58,15 @@ { signature = new XMLSignature(element, null); publicKey = resolver.resolvePublicKey(signature.getKeyInfo()); + try + { + securityToken = resolver.resolve(signature.getKeyInfo()); + } + catch (Exception e) + { + //log exception and ignore, KeyInfo might not reference a security token + log.debug("KeyInfo does not contain any reference to a binary security token.", e); + } } catch (XMLSecurityException e) { @@ -84,4 +97,9 @@ { return publicKey; } + + public BinarySecurityToken getSecurityToken() + { + return securityToken; + } } \ No newline at end of file Added: stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/ReceiveX509Certificate.java =================================================================== --- stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/ReceiveX509Certificate.java (rev 0) +++ stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/ReceiveX509Certificate.java 2008-05-26 11:41:28 UTC (rev 7167) @@ -0,0 +1,87 @@ +/* +* JBoss, Home of Professional Open Source +* Copyright 2005, JBoss Inc., and individual contributors as indicated +* by the @authors tag. See the copyright.txt in the distribution for a +* full listing of individual contributors. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ +package org.jboss.ws.extensions.security.operation; + +import java.security.Principal; +import java.security.cert.X509Certificate; + +import org.jboss.logging.Logger; +import org.jboss.security.CertificatePrincipal; +import org.jboss.security.auth.certs.SubjectCNMapping; +import org.jboss.security.auth.certs.SubjectDNMapping; +import org.jboss.ws.extensions.security.element.Token; +import org.jboss.ws.extensions.security.element.X509Token; +import org.jboss.ws.extensions.security.exception.WSSecurityException; +import org.jboss.wsf.spi.SPIProvider; +import org.jboss.wsf.spi.SPIProviderResolver; +import org.jboss.wsf.spi.invocation.SecurityAdaptor; +import org.jboss.wsf.spi.invocation.SecurityAdaptorFactory; +import org.w3c.dom.Document; + +/** + * This is used for X509Certificate JAAS authentication + * + * @author alessio.soldano(a)jboss.com + * @since 24-May-2008 + */ +public class ReceiveX509Certificate implements TokenOperation +{ + private static Logger log = Logger.getLogger(ReceiveX509Certificate.class); + private SecurityAdaptorFactory secAdapterfactory; + private CertificatePrincipal certMapping; + + public ReceiveX509Certificate(String certificatePrincipal) + { + SPIProvider spiProvider = SPIProviderResolver.getInstance().getProvider(); + secAdapterfactory = spiProvider.getSPI(SecurityAdaptorFactory.class); + if (certificatePrincipal != null && !certificatePrincipal.equals("")) + { + try + { + ClassLoader loader = Thread.currentThread().getContextClassLoader(); + Class<?> cpClass = loader.loadClass(certificatePrincipal); + certMapping = (CertificatePrincipal) cpClass.newInstance(); + } + catch (Exception e) + { + log.error("Failed to load CertificatePrincipal '" + certificatePrincipal + "', using default SubjectDNMapping.", e); + } + } + if (certMapping == null) + certMapping = new SubjectDNMapping(); + } + + public void process(Document message, Token token) throws WSSecurityException + { + if (token == null || !(token instanceof X509Token)) + { + throw new IllegalArgumentException("Token " + token + " is not a X509Token!"); + } + X509Certificate cert = ((X509Token)token).getCert(); + Principal principal = certMapping.toPrinicipal(new X509Certificate[] { cert }); + SecurityAdaptor securityAdaptor = secAdapterfactory.newSecurityAdapter(); + securityAdaptor.setPrincipal(principal); + securityAdaptor.setCredential(cert); + + } + +} Property changes on: stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/ReceiveX509Certificate.java ___________________________________________________________________ Name: svn:keywords + Id Revision Name: svn:eol-style + LF Added: stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsse/Authenticate.java =================================================================== --- stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsse/Authenticate.java (rev 0) +++ stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsse/Authenticate.java 2008-05-26 11:41:28 UTC (rev 7167) @@ -0,0 +1,68 @@ +/* +* JBoss, Home of Professional Open Source +* Copyright 2005, JBoss Inc., and individual contributors as indicated +* by the @authors tag. See the copyright.txt in the distribution for a +* full listing of individual contributors. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ +package org.jboss.ws.metadata.wsse; + +import java.io.Serializable; + +/** + * <code>Authenticate</code> specifies the token to be used for JAAS authentication. + * + * @author alessio.soldano(a)jboss.com + * @since 26-May-2008 + */ +public class Authenticate implements Serializable +{ + private static final long serialVersionUID = -1338421514796889714L; + + private UsernameAuth usernameAuth; + private SignatureCertAuth signatureCertAuth; + + public UsernameAuth getUsernameAuth() + { + return usernameAuth; + } + + public void setUsernameAuth(UsernameAuth usernameAuth) + { + this.usernameAuth = usernameAuth; + } + + public SignatureCertAuth getSignatureCertAuth() + { + return signatureCertAuth; + } + + public void setSignatureCertAuth(SignatureCertAuth signatureCertAuth) + { + this.signatureCertAuth = signatureCertAuth; + } + + public boolean isUsernameAuth() + { + return usernameAuth != null; + } + + public boolean isSignatureCertAuth() + { + return signatureCertAuth != null; + } +} Property changes on: stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsse/Authenticate.java ___________________________________________________________________ Name: svn:keywords + Id Revision Name: svn:eol-style + LF Modified: stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsse/Config.java =================================================================== --- stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsse/Config.java 2008-05-26 11:24:42 UTC (rev 7166) +++ stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsse/Config.java 2008-05-26 11:41:28 UTC (rev 7167) @@ -38,6 +38,7 @@ private Sign sign; private Encrypt encrypt; private Requires requires; + private Authenticate authenticate; public Encrypt getEncrypt() { @@ -88,4 +89,14 @@ { this.requires = requires; } + + public Authenticate getAuthenticate() + { + return authenticate; + } + + public void setAuthenticate(Authenticate authenticate) + { + this.authenticate = authenticate; + } } Added: stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsse/SignatureCertAuth.java =================================================================== --- stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsse/SignatureCertAuth.java (rev 0) +++ stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsse/SignatureCertAuth.java 2008-05-26 11:41:28 UTC (rev 7167) @@ -0,0 +1,52 @@ +/* +* JBoss, Home of Professional Open Source +* Copyright 2005, JBoss Inc., and individual contributors as indicated +* by the @authors tag. See the copyright.txt in the distribution for a +* full listing of individual contributors. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ +package org.jboss.ws.metadata.wsse; + +import java.io.Serializable; + +/** + * <code>UsernameAuth</code> specifies that the certificate token + * referenced by the signature should be used for JAAS authentication. + * + * @author alessio.soldano(a)jboss.com + * @since 26-May-2008 + */ +public class SignatureCertAuth implements Serializable +{ + private static final long serialVersionUID = -6618730662350740011L; + private String certificatePrincipal; + + public SignatureCertAuth(String certificatePrincipal) + { + this.certificatePrincipal = certificatePrincipal; + } + + public String getCertificatePrincipal() + { + return certificatePrincipal; + } + + public void setCertificatePrincipal(String certificatePrincipal) + { + this.certificatePrincipal = certificatePrincipal; + } +} Property changes on: stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsse/SignatureCertAuth.java ___________________________________________________________________ Name: svn:keywords + Id Revision Name: svn:eol-style + LF Added: stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsse/UsernameAuth.java =================================================================== --- stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsse/UsernameAuth.java (rev 0) +++ stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsse/UsernameAuth.java 2008-05-26 11:41:28 UTC (rev 7167) @@ -0,0 +1,41 @@ +/* +* JBoss, Home of Professional Open Source +* Copyright 2005, JBoss Inc., and individual contributors as indicated +* by the @authors tag. See the copyright.txt in the distribution for a +* full listing of individual contributors. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ +package org.jboss.ws.metadata.wsse; + +import java.io.Serializable; + +/** + * <code>UsernameAuth</code> specifies that the username + * token should be used for JAAS authentication. + * + * @author alessio.soldano(a)jboss.com + * @since 26-May-2008 + */ +public class UsernameAuth implements Serializable +{ + private static final long serialVersionUID = -7767474325576294780L; + + public UsernameAuth() + { + + } +} Property changes on: stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsse/UsernameAuth.java ___________________________________________________________________ Name: svn:keywords + Id Revision Name: svn:eol-style + LF Modified: stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java =================================================================== --- stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java 2008-05-26 11:24:42 UTC (rev 7166) +++ stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java 2008-05-26 11:41:28 UTC (rev 7167) @@ -304,6 +304,10 @@ return new Username(digestPassword, useNonce, useCreated); } + else if ("authenticate".equals(localName)) + { + return new Authenticate(); + } return null; } @@ -352,6 +356,33 @@ log.trace("addChild: [obj=" + config + ",child=" + requires + "]"); config.setRequires(requires); } + + /** + * Called when parsing character is complete. + */ + public void addChild(Config config, Authenticate authenticate, UnmarshallingContext navigator, String namespaceURI, String localName) + { + log.trace("addChild: [obj=" + config + ",child=" + authenticate + "]"); + config.setAuthenticate(authenticate); + } + + /** + * Called when parsing character is complete. + */ + public void addChild(Authenticate authenticate, UsernameAuth usernameAuth, UnmarshallingContext navigator, String namespaceURI, String localName) + { + log.trace("addChild: [obj=" + authenticate + ",child=" + usernameAuth + "]"); + authenticate.setUsernameAuth(usernameAuth); + } + + /** + * Called when parsing character is complete. + */ + public void addChild(Authenticate authenticate, SignatureCertAuth signatureCertAuth, UnmarshallingContext navigator, String namespaceURI, String localName) + { + log.trace("addChild: [obj=" + authenticate + ",child=" + signatureCertAuth + "]"); + authenticate.setSignatureCertAuth(signatureCertAuth); + } private Object handleTargets(Object object, UnmarshallingContext navigator, String namespaceURI, String localName, Attributes attrs) { @@ -404,7 +435,25 @@ return null; } + + /** + * Called when parsing of a new element started. + */ + public Object newChild(Authenticate authenticate, UnmarshallingContext navigator, String namespaceURI, String localName, Attributes attrs) + { + log.trace("newChild: " + localName); + if ("usernameAuth".equals(localName)) + { + return new UsernameAuth(); + } + else if ("signatureCertAuth".equals(localName)) + { + return new SignatureCertAuth(attrs.getValue("", "certificatePrincipal")); + } + return null; + } + /** * Called when parsing of a new element started. */ Modified: stack/native/trunk/modules/core/src/main/resources/schema/jboss-ws-security_1_0.xsd =================================================================== --- stack/native/trunk/modules/core/src/main/resources/schema/jboss-ws-security_1_0.xsd 2008-05-26 11:24:42 UTC (rev 7166) +++ stack/native/trunk/modules/core/src/main/resources/schema/jboss-ws-security_1_0.xsd 2008-05-26 11:41:28 UTC (rev 7167) @@ -131,6 +131,11 @@ <xs:documentation>Specifies the security requirements that should be applied when receiving a response from the communicating party. If this is not specified, all messages will be allowed through.</xs:documentation> </xs:annotation> </xs:element> + <xs:element name="authenticate" type="authenticateType" minOccurs="0"> + <xs:annotation> + <xs:documentation>Specifies the token to be used for JAAS authentication. If this is not specified, the username token will be used if available.</xs:documentation> + </xs:annotation> + </xs:element> </xs:all> </xs:complexType> <xs:complexType name="requireTimestampType"> @@ -324,4 +329,26 @@ </xs:element> </xs:sequence> </xs:complexType> + <xs:complexType name="authenticateType"> + <xs:choice minOccurs="1" maxOccurs="1"> + <xs:element name="usernameAuth" type="usernameAuthType" minOccurs="0"> + <xs:annotation> + <xs:documentation>Specifies that the username token should be used for JAAS authentication.</xs:documentation> + </xs:annotation> + </xs:element> + <xs:element name="signatureCertAuth" type="signatureCertAuthType" minOccurs="0"> + <xs:annotation> + <xs:documentation>Specifies that the certificate token referenced from the signature should be used for JAAS authentication.</xs:documentation> + </xs:annotation> + </xs:element> + </xs:choice> + </xs:complexType> + <xs:complexType name="usernameAuthType"/> + <xs:complexType name="signatureCertAuthType"> + <xs:attribute name="certificatePrincipal" use="optional"> + <xs:annotation> + <xs:documentation>This specifies the class to be used to map certificates to principal. It must implement org.jboss.security.auth.certs.CertificatePrincipal. Default is org.jboss.security.auth.certs.SubjectCNMapping</xs:documentation> + </xs:annotation> + </xs:attribute> + </xs:complexType> </xs:schema> Modified: stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxrpc/wsse/MicrosoftInteropTestCase.java =================================================================== --- stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxrpc/wsse/MicrosoftInteropTestCase.java 2008-05-26 11:24:42 UTC (rev 7166) +++ stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxrpc/wsse/MicrosoftInteropTestCase.java 2008-05-26 11:41:28 UTC (rev 7167) @@ -95,7 +95,7 @@ cal.set(Calendar.MINUTE, 22); cal.set(Calendar.SECOND, 25); - SecurityDecoder decoder = new SecurityDecoder(new SecurityStore(), cal, null, null); + SecurityDecoder decoder = new SecurityDecoder(new SecurityStore(), cal, null, null, null); decoder.decode(soapEnv.getOwnerDocument()); decoder.complete(); Modified: stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxrpc/wsse/RoundTripTestCase.java =================================================================== --- stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxrpc/wsse/RoundTripTestCase.java 2008-05-26 11:24:42 UTC (rev 7166) +++ stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxrpc/wsse/RoundTripTestCase.java 2008-05-26 11:41:28 UTC (rev 7167) @@ -103,7 +103,7 @@ env = soapMsg.getSOAPPart().getEnvelope(); doc = env.getOwnerDocument(); - SecurityDecoder decoder = new SecurityDecoder(new SecurityStore(), null, null); + SecurityDecoder decoder = new SecurityDecoder(new SecurityStore(), null, null, null); decoder.decode(doc); decoder.verify(buildRequireOperations()); decoder.complete(); Modified: stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxrpc/wsse/SunInteropTestCase.java =================================================================== --- stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxrpc/wsse/SunInteropTestCase.java 2008-05-26 11:24:42 UTC (rev 7166) +++ stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxrpc/wsse/SunInteropTestCase.java 2008-05-26 11:41:28 UTC (rev 7167) @@ -72,7 +72,7 @@ cal.set(Calendar.MINUTE, 32); cal.set(Calendar.SECOND, 25); - SecurityDecoder decoder = new SecurityDecoder(new SecurityStore(), cal, null, null); + SecurityDecoder decoder = new SecurityDecoder(new SecurityStore(), cal, null, null, null); decoder.decode(doc); decoder.complete(); @@ -107,7 +107,7 @@ cal.set(Calendar.SECOND, 40); - SecurityDecoder decoder = new SecurityDecoder(new SecurityStore(), cal, null, null); + SecurityDecoder decoder = new SecurityDecoder(new SecurityStore(), cal, null, null, null); decoder.decode(doc); decoder.complete();