[jbossws-commits] JBossWS SVN: r5883 - stack/native/trunk/src/main/java/org/jboss/ws/extensions/security.
jbossws-commits at lists.jboss.org
jbossws-commits at lists.jboss.org
Wed Mar 5 19:29:13 EST 2008
Author: alessio.soldano at jboss.com
Date: 2008-03-05 19:29:13 -0500 (Wed, 05 Mar 2008)
New Revision: 5883
Added:
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/MessageContextConfigSelector.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/WSSecurityAPI.java
Modified:
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java
Log:
[JBWS-2022] Refactoring to provide a WSSecurity API (WIP)
Added: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/MessageContextConfigSelector.java
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/MessageContextConfigSelector.java (rev 0)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/MessageContextConfigSelector.java 2008-03-06 00:29:13 UTC (rev 5883)
@@ -0,0 +1,182 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ws.extensions.security;
+
+//$Id$
+
+import javax.xml.namespace.QName;
+import javax.xml.soap.SOAPException;
+import javax.xml.ws.WebServiceException;
+
+import org.jboss.logging.Logger;
+import org.jboss.ws.WSException;
+import org.jboss.ws.core.CommonMessageContext;
+import org.jboss.ws.core.soap.SOAPMessageImpl;
+import org.jboss.ws.metadata.umdm.EndpointMetaData;
+import org.jboss.ws.metadata.umdm.OperationMetaData;
+import org.jboss.ws.metadata.wsse.Config;
+import org.jboss.ws.metadata.wsse.Encrypt;
+import org.jboss.ws.metadata.wsse.Operation;
+import org.jboss.ws.metadata.wsse.Port;
+import org.jboss.ws.metadata.wsse.Requires;
+import org.jboss.ws.metadata.wsse.Sign;
+import org.jboss.ws.metadata.wsse.Timestamp;
+import org.jboss.ws.metadata.wsse.Username;
+import org.jboss.ws.metadata.wsse.WSSecurityConfiguration;
+
+/**
+ * A Config whose attributes are derived from the specified message context.
+ * This is useful to provide the WSSecurityDispatcher with the right config
+ * according to the operation/port the current message is related to.
+ *
+ * @author alessio.soldano at jboss.com
+ * @since 06-Mar-2008
+ */
+public class MessageContextConfigSelector extends Config
+{
+ private static Logger log = Logger.getLogger(MessageContextConfigSelector.class);
+ private CommonMessageContext ctx;
+ private WSSecurityConfiguration configuration;
+ private Config config;
+ private QName opName;
+
+ public MessageContextConfigSelector(CommonMessageContext ctx)
+ {
+ this.ctx = ctx;
+ this.configuration = ctx.getEndpointMetaData().getServiceMetaData().getSecurityConfiguration();
+ if (configuration == null)
+ throw new WSException("Cannot obtain security configuration from message context");
+ this.config = new Config(); //empty config, no wsse requirements / processing
+ }
+
+ public Encrypt getEncrypt()
+ {
+ readConfig();
+ return config.getEncrypt();
+ }
+
+ public Requires getRequires()
+ {
+ readConfig();
+ return config.getRequires();
+ }
+
+ public Sign getSign()
+ {
+ readConfig();
+ return config.getSign();
+ }
+
+ public Timestamp getTimestamp()
+ {
+ readConfig();
+ return config.getTimestamp();
+ }
+
+ public Username getUsername()
+ {
+ readConfig();
+ return config.getUsername();
+ }
+
+ /**
+ * Gets the operation & port the current message is headed to and
+ * use them to get the right config to use.
+ *
+ */
+ private void readConfig()
+ {
+ //once the operation name is known the specific config
+ //is not going to change
+ if (opName == null)
+ {
+ EndpointMetaData epMetaData = ctx.getEndpointMetaData();
+ QName port = epMetaData.getPortName();
+
+ OperationMetaData opMetaData = ctx.getOperationMetaData();
+ if (opMetaData == null)
+ {
+ // Get the operation meta data from the soap message
+ // for the server side inbound message.
+ SOAPMessageImpl soapMessage = (SOAPMessageImpl)ctx.getSOAPMessage();
+ try
+ {
+ opMetaData = soapMessage.getOperationMetaData(epMetaData);
+ }
+ catch (SOAPException e)
+ {
+ throw new WebServiceException("Error while looking for the operation meta data: " + e);
+ }
+ }
+ if (opMetaData != null)
+ opName = opMetaData.getQName();
+
+ Config opConfig = getConfig(port, opName);
+ log.debug("WS-Security config: " + opConfig);
+ if (opConfig != null)
+ this.config = opConfig;
+ }
+ }
+
+ private Config getConfig(QName portName, QName opName)
+ {
+ Port port = configuration.getPorts().get(portName != null ? portName.getLocalPart() : null);
+ if (port == null)
+ return configuration.getDefaultConfig();
+
+ Operation operation = port.getOperations().get(opName != null ? opName.toString() : null);
+ if (operation == null)
+ {
+ //if the operation name was not available or didn't match any wsse configured operation,
+ //we fall back to the port wsse config (if available) or the default config.
+ Config portConfig = port.getDefaultConfig();
+ return (portConfig == null) ? configuration.getDefaultConfig() : portConfig;
+
+ }
+ return operation.getConfig();
+ }
+
+ public void setEncrypt(Encrypt encrypt)
+ {
+ throw new UnsupportedOperationException();
+ }
+
+ public void setSign(Sign sign)
+ {
+ throw new UnsupportedOperationException();
+ }
+
+ public void setTimestamp(Timestamp timestamp)
+ {
+ throw new UnsupportedOperationException();
+ }
+
+ public void setUsername(Username username)
+ {
+ throw new UnsupportedOperationException();
+ }
+
+ public void setRequires(Requires requires)
+ {
+ throw new UnsupportedOperationException();
+ }
+}
Property changes on: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/MessageContextConfigSelector.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Added: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/WSSecurityAPI.java
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/WSSecurityAPI.java (rev 0)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/WSSecurityAPI.java 2008-03-06 00:29:13 UTC (rev 5883)
@@ -0,0 +1,69 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ws.extensions.security;
+
+//$Id$
+
+import javax.xml.soap.SOAPException;
+import javax.xml.soap.SOAPMessage;
+
+import org.jboss.ws.metadata.wsse.Config;
+import org.jboss.ws.metadata.wsse.WSSecurityConfiguration;
+
+public interface WSSecurityAPI
+{
+ /**
+ * Decodes a message using the specified configuration. This includes
+ * unencrypt, signature verification, etc. according to the requirements.
+ *
+ * @param configuration
+ * The WSSecurityConfiguration to use
+ * @param message
+ * The message that needs to be handled
+ * @param operationConfig
+ * The config object defining the operation (requirement checks)
+ * that should be performed on this message; overrides the default
+ * config contained in the provided WSSecurityConfiguration.
+ * @throws SOAPException
+ */
+ public void decodeMessage(WSSecurityConfiguration configuration, SOAPMessage message, Config operationConfig) throws SOAPException;
+
+ /**
+ * Encodes a message using the specified configuration. This includes
+ * encrypt, signature, username profile, etc. according to the config.
+ *
+ * @param configuration
+ * The WSSecurityConfiguration to use
+ * @param message
+ * The message that needs to be handled
+ * @param operationConfig
+ * The config object defining the operation that should be
+ * performed on this message; overrides the default config
+ * contained in the provided WSSecurityConfiguration.
+ * @param user
+ * The username to use if Username Token is needed.
+ * @param password
+ * The password to use if Username Token is needed.
+ * @throws SOAPException
+ */
+ public void encodeMessage(WSSecurityConfiguration configuration, SOAPMessage message, Config operationConfig, String user, String password) throws SOAPException;
+}
Property changes on: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/WSSecurityAPI.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Modified: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java 2008-03-03 17:47:41 UTC (rev 5882)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java 2008-03-06 00:29:13 UTC (rev 5883)
@@ -31,22 +31,18 @@
import javax.xml.rpc.soap.SOAPFaultException;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPHeader;
+import javax.xml.soap.SOAPMessage;
import javax.xml.ws.BindingProvider;
import org.jboss.logging.Logger;
import org.jboss.ws.WSException;
import org.jboss.ws.core.CommonMessageContext;
import org.jboss.ws.core.CommonSOAPFaultException;
-import org.jboss.ws.core.StubExt;
import org.jboss.ws.core.soap.SOAPMessageImpl;
import org.jboss.ws.extensions.security.exception.InvalidSecurityHeaderException;
import org.jboss.ws.extensions.security.exception.WSSecurityException;
-import org.jboss.ws.metadata.umdm.EndpointMetaData;
-import org.jboss.ws.metadata.umdm.OperationMetaData;
import org.jboss.ws.metadata.wsse.Config;
import org.jboss.ws.metadata.wsse.Encrypt;
-import org.jboss.ws.metadata.wsse.Operation;
-import org.jboss.ws.metadata.wsse.Port;
import org.jboss.ws.metadata.wsse.RequireEncryption;
import org.jboss.ws.metadata.wsse.RequireSignature;
import org.jboss.ws.metadata.wsse.RequireTimestamp;
@@ -57,7 +53,7 @@
import org.jboss.wsf.common.DOMWriter;
import org.w3c.dom.Element;
-public class WSSecurityDispatcher
+public class WSSecurityDispatcher implements WSSecurityAPI
{
// provide logging
private static Logger log = Logger.getLogger(WSSecurityDispatcher.class);
@@ -85,23 +81,6 @@
return newList;
}
- private static Config getConfig(WSSecurityConfiguration config, String portName, String opName)
- {
- Port port = config.getPorts().get(portName);
- if (port == null)
- return config.getDefaultConfig();
-
- Operation operation = port.getOperations().get(opName);
- if (operation == null)
- {
- Config portConfig = port.getDefaultConfig();
- return (portConfig == null) ? config.getDefaultConfig() : portConfig;
-
- }
-
- return operation.getConfig();
- }
-
private static CommonSOAPFaultException convertToFault(WSSecurityException e)
{
return new CommonSOAPFaultException(e.getFaultCode(), e.getFaultString());
@@ -109,75 +88,10 @@
public static void handleInbound(CommonMessageContext ctx) throws SOAPException, SOAPFaultException
{
- WSSecurityConfiguration config = getSecurityConfig(ctx);
+ WSSecurityConfiguration configuration = getSecurityConfig(ctx);
SOAPMessageImpl soapMessage = (SOAPMessageImpl)ctx.getSOAPMessage();
-
- SOAPHeader soapHeader = soapMessage.getSOAPHeader();
- QName secQName = new QName(Constants.WSSE_NS, "Security");
- Element secHeaderElement = (soapHeader != null) ? Util.findElement(soapHeader, secQName) : null;
-
- if (secHeaderElement == null)
- {
- // This is ok, we always allow faults to be received because WS-Security does not encrypt faults
- if (soapMessage.getSOAPBody().getFault() != null)
- return;
-
- OperationMetaData opMetaData = ctx.getOperationMetaData();
- if (opMetaData == null)
- {
- // Get the operation meta data from the soap message
- // for the server side inbound message.
- EndpointMetaData epMetaData = ctx.getEndpointMetaData();
- opMetaData = soapMessage.getOperationMetaData(epMetaData);
- }
-
- String operation = opMetaData.getQName().toString();
- String port = opMetaData.getEndpointMetaData().getPortName().getLocalPart();
-
- if (hasRequirements(config, operation, port))
- throw convertToFault(new InvalidSecurityHeaderException("This service requires <wsse:Security>, which is missing."));
-
- return;
- }
-
- try
- {
- SecurityStore securityStore = new SecurityStore(config.getKeyStoreURL(), config.getKeyStoreType(), config.getKeyStorePassword(), config.getKeyPasswords(), config.getTrustStoreURL(),
- config.getTrustStoreType(), config.getTrustStorePassword());
- SecurityDecoder decoder = new SecurityDecoder(securityStore);
-
- decoder.decode(soapMessage.getSOAPPart(), secHeaderElement);
-
- if (log.isTraceEnabled())
- log.trace("Decoded Message:\n" + DOMWriter.printNode(soapMessage.getSOAPPart(), true));
-
- OperationMetaData opMetaData = ctx.getOperationMetaData();
- if (opMetaData == null)
- {
- // Get the operation meta data from the soap message
- // for the server side inbound message.
- EndpointMetaData epMetaData = ctx.getEndpointMetaData();
- opMetaData = soapMessage.getOperationMetaData(epMetaData);
- }
-
- String operation = opMetaData.getQName().toString();
- String port = opMetaData.getEndpointMetaData().getPortName().getLocalPart();
-
- List<OperationDescription<RequireOperation>> operations = buildRequireOperations(config, operation, port);
-
- decoder.verify(operations);
- if(log.isDebugEnabled()) log.debug("Verification is successful");
-
- decoder.complete();
- }
- catch (WSSecurityException e)
- {
- if (e.isInternalError())
- log.error("Internal error occured handling inbound message:", e);
- else if(log.isDebugEnabled()) log.debug("Returning error to sender: " + e.getMessage());
-
- throw convertToFault(e);
- }
+
+ new WSSecurityDispatcher().decodeMessage(configuration, soapMessage, new MessageContextConfigSelector(ctx)); //TODO!!!
}
private static WSSecurityConfiguration getSecurityConfig(CommonMessageContext ctx)
@@ -189,18 +103,11 @@
return config;
}
- private static boolean hasRequirements(WSSecurityConfiguration config, String operation, String port)
+ private static List<OperationDescription<RequireOperation>> buildRequireOperations(Config operationConfig)
{
- Config operationConfig = getConfig(config, port, operation);
- return (operationConfig != null && operationConfig.getRequires() != null);
- }
-
- private static List<OperationDescription<RequireOperation>> buildRequireOperations(WSSecurityConfiguration config, String operation, String port)
- {
- Config operationConfig = getConfig(config, port, operation);
if (operationConfig == null)
return null;
-
+
Requires requires = operationConfig.getRequires();
if (requires == null)
return null;
@@ -229,50 +136,102 @@
public static void handleOutbound(CommonMessageContext ctx) throws SOAPException, SOAPFaultException
{
- WSSecurityConfiguration config = getSecurityConfig(ctx);
+ WSSecurityConfiguration configuration = getSecurityConfig(ctx);
SOAPMessageImpl soapMessage = (SOAPMessageImpl)ctx.getSOAPMessage();
+
+ String user = (String)ctx.get(Stub.USERNAME_PROPERTY);
+ String pass = (String)ctx.get(Stub.PASSWORD_PROPERTY);
+
+ if (user == null && pass == null)
+ {
+ user = (String)ctx.get(BindingProvider.USERNAME_PROPERTY);
+ pass = (String)ctx.get(BindingProvider.PASSWORD_PROPERTY);
+ }
- EndpointMetaData epMetaData = ctx.getEndpointMetaData();
- String port = epMetaData.getPortName().getLocalPart();
+ new WSSecurityDispatcher().encodeMessage(configuration, soapMessage, new MessageContextConfigSelector(ctx), user, pass); //TODO!!
+ }
+
+ private static Config getConfig(WSSecurityConfiguration configuration, Config operationConfig)
+ {
+ //null operationConfig means default behavior
+ return operationConfig != null ? operationConfig : configuration.getDefaultConfig();
+ }
+
+ private static boolean hasRequirements(Config config)
+ {
+ return config != null && config.getRequires() != null;
+ }
+
+ public void decodeMessage(WSSecurityConfiguration configuration, SOAPMessage message, Config operationConfig) throws SOAPException
+ {
+ Config config = getConfig(configuration, operationConfig);
+ SOAPHeader soapHeader = message.getSOAPHeader();
+ QName secQName = new QName(Constants.WSSE_NS, "Security");
+ Element secHeaderElement = (soapHeader != null) ? Util.findElement(soapHeader, secQName) : null;
+
+ if (secHeaderElement == null)
+ {
+ // This is ok, we always allow faults to be received because WS-Security does not encrypt faults
+ if (message.getSOAPBody().getFault() != null)
+ return;
+
+ if (hasRequirements(config))
+ throw convertToFault(new InvalidSecurityHeaderException("This service requires <wsse:Security>, which is missing."));
+
+ return;
+ }
+
+ try
+ {
+ SecurityStore securityStore = new SecurityStore(configuration.getKeyStoreURL(), configuration.getKeyStoreType(), configuration.getKeyStorePassword(),
+ configuration.getKeyPasswords(), configuration.getTrustStoreURL(), configuration.getTrustStoreType(), configuration.getTrustStorePassword());
+ SecurityDecoder decoder = new SecurityDecoder(securityStore);
+
+ decoder.decode(message.getSOAPPart(), secHeaderElement);
+
+ if (log.isTraceEnabled())
+ log.trace("Decoded Message:\n" + DOMWriter.printNode(message.getSOAPPart(), true));
+
+ List<OperationDescription<RequireOperation>> operations = buildRequireOperations(config);
+
+ decoder.verify(operations);
+ if(log.isDebugEnabled()) log.debug("Verification is successful");
+
+ decoder.complete();
+ }
+ catch (WSSecurityException e)
+ {
+ if (e.isInternalError())
+ log.error("Internal error occured handling inbound message:", e);
+ else if(log.isDebugEnabled()) log.debug("Returning error to sender: " + e.getMessage());
+
+ throw convertToFault(e);
+ }
- String opName = null;
- OperationMetaData opMetaData = ctx.getOperationMetaData();
- if (opMetaData != null)
- opName = opMetaData.getQName().toString();
+ }
- Config opConfig = getConfig(config, port, opName);
- log.debug("WS-Security config: " + opConfig);
+ public void encodeMessage(WSSecurityConfiguration configuration, SOAPMessage message, Config operationConfig, String user, String password) throws SOAPException
+ {
+ Config config = getConfig(configuration, operationConfig);
+ log.debug("WS-Security config: " + config);
// Nothing to process
- if (opConfig == null)
+ if (config == null)
return;
ArrayList<OperationDescription<EncodingOperation>> operations = new ArrayList<OperationDescription<EncodingOperation>>();
- Timestamp timestamp = opConfig.getTimestamp();
+ Timestamp timestamp = config.getTimestamp();
if (timestamp != null)
{
operations.add(new OperationDescription<EncodingOperation>(TimestampOperation.class, null, null, timestamp.getTtl(), null, null, null));
}
- if (opConfig.getUsername() != null)
+ if (config.getUsername() != null && user != null && password != null)
{
- Object user = ctx.get(Stub.USERNAME_PROPERTY);
- Object pass = ctx.get(Stub.PASSWORD_PROPERTY);
-
- if (user == null && pass == null)
- {
- user = ctx.get(BindingProvider.USERNAME_PROPERTY);
- pass = ctx.get(BindingProvider.PASSWORD_PROPERTY);
- }
-
- if (user != null && pass != null)
- {
- operations.add(new OperationDescription<EncodingOperation>(SendUsernameOperation.class, null, user.toString(), pass.toString(), null, null, null));
- ctx.put(StubExt.PROPERTY_AUTH_TYPE, StubExt.PROPERTY_AUTH_TYPE_WSSE);
- }
+ operations.add(new OperationDescription<EncodingOperation>(SendUsernameOperation.class, null, user, password, null, null, null));
}
- Sign sign = opConfig.getSign();
+ Sign sign = config.getSign();
if (sign != null)
{
List<Target> targets = convertTargets(sign.getTargets());
@@ -288,7 +247,7 @@
operations.add(new OperationDescription<EncodingOperation>(SignatureOperation.class, targets, sign.getAlias(), null, null, null, sign.getTokenRefType()));
}
- Encrypt encrypt = opConfig.getEncrypt();
+ Encrypt encrypt = config.getEncrypt();
if (encrypt != null)
{
List<Target> targets = convertTargets(encrypt.getTargets());
@@ -298,14 +257,14 @@
if (operations.size() == 0)
return;
- if(log.isDebugEnabled()) log.debug("Encoding Message:\n" + DOMWriter.printNode(soapMessage.getSOAPPart(), true));
+ if(log.isDebugEnabled()) log.debug("Encoding Message:\n" + DOMWriter.printNode(message.getSOAPPart(), true));
try
{
- SecurityStore securityStore = new SecurityStore(config.getKeyStoreURL(), config.getKeyStoreType(), config.getKeyStorePassword(), config.getKeyPasswords() , config.getTrustStoreURL(),
- config.getTrustStoreType(), config.getTrustStorePassword());
+ SecurityStore securityStore = new SecurityStore(configuration.getKeyStoreURL(), configuration.getKeyStoreType(), configuration.getKeyStorePassword(),
+ configuration.getKeyPasswords() , configuration.getTrustStoreURL(), configuration.getTrustStoreType(), configuration.getTrustStorePassword());
SecurityEncoder encoder = new SecurityEncoder(operations, securityStore);
- encoder.encode(soapMessage.getSOAPPart());
+ encoder.encode(message.getSOAPPart());
}
catch (WSSecurityException e)
{
@@ -316,4 +275,5 @@
throw convertToFault(e);
}
}
+
}
More information about the jbossws-commits
mailing list