[jboss-svn-commits] JBL Code SVN: r29406 - labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws.

jboss-svn-commits at lists.jboss.org jboss-svn-commits at lists.jboss.org
Fri Sep 18 10:54:19 EDT 2009 

Author: beve
Date: 2009-09-18 10:54:18 -0400 (Fri, 18 Sep 2009)
New Revision: 29406

Modified:
   labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/JBossSTSSecurityHandler.java
Log:
Added some javadocs. Plus minor clean up.


Modified: labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/JBossSTSSecurityHandler.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/JBossSTSSecurityHandler.java	2009-09-18 14:30:38 UTC (rev 29405)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/JBossSTSSecurityHandler.java	2009-09-18 14:54:18 UTC (rev 29406)
@@ -43,13 +43,41 @@
 import org.w3c.dom.Element;
 
 /**
- * JBossSTSSecurityHandler is a server side JAXWS SOAP Protocol handler
- * that will extract a Security Token from the SOAP Security Header
- * and validate the token with JBoss Security Token Service (STS)
+ * JBossSTSSecurityHandler is a server-side JAX-WS SOAP Protocol handler that will extract 
+ * a Security Token from the SOAP Security Header and validate the token with JBoss Security 
+ * Token Service (STS)
  * <p/>
  * 
+ * <h3>Concrete implementations</h3>
+ * Subclasses a required to implement two methods:
+ * <ul>
+ * <li> {@link #getSecurityElementQName()} 
+ *    This should return the qualified name of the security header. This lets us support 
+ *    different versions. </li>
+ *    
+ * <li>{@link #getTokenElementQName()}
+ *    This should return the qualified name of the security token element that should exist
+ *    in the security header. This lets us support different tokens that can be validated
+ *    with JBossSTS.</li>
+ * </ul>
+ * <p/>
+ *    
+ * <h3>Configuration</h3>
+ * This class uses {@link WSTrustClient} to interact with JBossSTS. By default the configuration
+ * properties are set in a file named {@link WSTrustClientConfig#DEFAULT_CONFIG_FILE}.
+ * This can be overridden by specifying environment entries in a deployment descriptor. 
+ * 
+ * For example in web.xml:
+ * <pre>{@code
+ * <env-entry>
+ *   <env-entry-name>JBossSTSClientConfig</env-entry-name>
+ *   <env-entry-type>java.lang.String</env-entry-type>
+ *   <env-entry-value>/jboss-sts-client.properties</env-entry-value>
+ * </env-entry>
+ * }</pre>
+ * 
+ * 
  * @author <a href="mailto:dbevenius at jboss.com">Daniel Bevenius</a>
- *
  */
 public abstract class JBossSTSSecurityHandler implements SOAPHandler<SOAPMessageContext>
 {
@@ -92,8 +120,7 @@
             final WSTrustClientConfig config = new WSTrustClientConfig.Builder().build(configFile);
             final WSTrustClient wsTrustClient = createWSTrustClient(config);
 
-            Element securityToken = extractSecurityToken(messageContext, getSecurityElementQName(), getTokenElementQName());
-            // Validate the security token with JBossSTS
+            final Element securityToken = extractSecurityToken(messageContext, getSecurityElementQName(), getTokenElementQName());
             final boolean valid = wsTrustClient.validateToken(securityToken);
             if (valid)
             {
@@ -133,16 +160,12 @@
     private Element extractSecurityToken(final SOAPMessageContext messageContext, final QName securityQName, final QName tokenQName) throws SOAPException
     {
         final SOAPHeader soapHeader = messageContext.getMessage().getSOAPHeader();
-        // Inspect all SOAP Headers
-        final Iterator examineAllHeaderElements = soapHeader.examineAllHeaderElements();
-        while (examineAllHeaderElements.hasNext())
+        final Iterator securityHeaders = soapHeader.getChildElements(securityQName);
+        while (securityHeaders.hasNext())
         {
-            final SOAPHeaderElement elem = (SOAPHeaderElement) examineAllHeaderElements.next();
-            final QName elementQName = elem.getElementQName();
-            if (elementQName.equals(securityQName))
+            final SOAPHeaderElement elem = (SOAPHeaderElement) securityHeaders.next();
+            if (elem.getElementQName().equals(securityQName))
             {
-                // Get all(should only be one) the of the Security Headers
-                // that we are interested in.
                 final Iterator childElements = elem.getChildElements(tokenQName);
                 while (childElements.hasNext())
                 {
@@ -174,14 +197,6 @@
     /**
      * This setter enables the injection of the jboss-sts-client.properties file
      * path.
-     * This can be specified for example in web.xml:
-     * <pre>
-     * <env-entry>
-     *   <env-entry-name>JBossSTSClientConfig</env-entry-name>
-     *   <env-entry-type>java.lang.String</env-entry-type>
-     *   <env-entry-value>/jboss-sts-client.properties</env-entry-value>
-     *  </env-entry>
-     * </pre>
      *  
      * @param configFile
      */

More information about the jboss-svn-commits mailing list