[jbossws-commits] JBossWS SVN: r8756 - in stack/native/branches/dlofthouse/JBPAPP-1349/src/main: java/org/jboss/ws/extensions/security/element and 2 other directories.
jbossws-commits at lists.jboss.org
jbossws-commits at lists.jboss.org
Tue Nov 18 12:13:12 EST 2008
Author: darran.lofthouse at jboss.com
Date: 2008-11-18 12:13:12 -0500 (Tue, 18 Nov 2008)
New Revision: 8756
Added:
stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/metadata/wsse/Authenticate.java
stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/metadata/wsse/SignatureCertAuth.java
stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/metadata/wsse/UsernameAuth.java
Modified:
stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/extensions/security/KeyResolver.java
stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/extensions/security/ReceiveX509Certificate.java
stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/extensions/security/SecurityDecoder.java
stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java
stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/extensions/security/element/Signature.java
stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/metadata/wsse/Config.java
stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java
stack/native/branches/dlofthouse/JBPAPP-1349/src/main/resources/schema/jboss-ws-security_1_0.xsd
Log:
Backported -r 7167
Modified: stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/extensions/security/KeyResolver.java
===================================================================
--- stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/extensions/security/KeyResolver.java 2008-11-18 16:46:47 UTC (rev 8755)
+++ stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/extensions/security/KeyResolver.java 2008-11-18 17:13:12 UTC (rev 8756)
@@ -92,7 +92,7 @@
return resolveX509IssuerSerial(issuerSerial);
}
- throw new NotImplementedException("Currently only DirectReference is supported!");
+ throw new NotImplementedException("Currently only DirectReference, KeyIdentifier and X509IssuerSerial are supported!");
}
private BinarySecurityToken resolveDirectReference(DirectReference direct) throws WSSecurityException
Modified: stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/extensions/security/ReceiveX509Certificate.java
===================================================================
--- stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/extensions/security/ReceiveX509Certificate.java 2008-11-18 16:46:47 UTC (rev 8755)
+++ stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/extensions/security/ReceiveX509Certificate.java 2008-11-18 17:13:12 UTC (rev 8756)
@@ -19,7 +19,7 @@
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
-package org.jboss.ws.extensions.security.operation;
+package org.jboss.ws.extensions.security;
import java.security.Principal;
import java.security.cert.X509Certificate;
@@ -30,7 +30,7 @@
import org.jboss.security.auth.certs.SubjectDNMapping;
import org.jboss.ws.extensions.security.element.Token;
import org.jboss.ws.extensions.security.element.X509Token;
-import org.jboss.ws.extensions.security.exception.WSSecurityException;
+import org.jboss.ws.extensions.security.WSSecurityException;
import org.jboss.wsf.spi.SPIProvider;
import org.jboss.wsf.spi.SPIProviderResolver;
import org.jboss.wsf.spi.invocation.SecurityAdaptor;
Modified: stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/extensions/security/SecurityDecoder.java
===================================================================
--- stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/extensions/security/SecurityDecoder.java 2008-11-18 16:46:47 UTC (rev 8755)
+++ stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/extensions/security/SecurityDecoder.java 2008-11-18 17:13:12 UTC (rev 8756)
@@ -34,6 +34,7 @@
import org.jboss.ws.extensions.security.element.Timestamp;
import org.jboss.ws.extensions.security.element.Token;
import org.jboss.ws.extensions.security.element.UsernameToken;
+import org.jboss.ws.metadata.wsse.Authenticate;
import org.jboss.ws.metadata.wsse.TimestampVerification;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -46,26 +47,28 @@
{
private Element headerElement;
- private Calendar now = null;
+ private Calendar now = null;
private SecurityHeader header;
private Document message;
private SecurityStore store;
-
+
private TimestampVerification timestampVerification;
+ private Authenticate authenticate;
+
private HashSet<String> signedIds = new HashSet<String>();
private HashSet<String> encryptedIds = new HashSet<String>();
-
- public SecurityDecoder(SecurityStore store, TimestampVerification timestampVerification)
+ public SecurityDecoder(SecurityStore store, TimestampVerification timestampVerification, Authenticate authenticate)
{
org.apache.xml.security.Init.init();
this.store = store;
this.timestampVerification = timestampVerification;
+ this.authenticate = authenticate;
}
/**
@@ -76,9 +79,9 @@
* @param now The timestamp to use as the current time when validating a message expiration
*/
- public SecurityDecoder(SecurityStore store, Calendar now, TimestampVerification timestampVerification)
+ public SecurityDecoder(SecurityStore store, Calendar now, TimestampVerification timestampVerification, Authenticate authenticate)
{
- this(store, timestampVerification);
+ this(store, timestampVerification, authenticate);
this.now = now;
}
@@ -96,7 +99,6 @@
headerElement.getParentNode().removeChild(headerElement);
}
-
private void decode() throws WSSecurityException
{
// Validate a timestamp if it is present
@@ -104,15 +106,17 @@
if (timestamp != null)
{
- TimestampVerificationOperation operation =
- (now == null) ? new TimestampVerificationOperation(timestampVerification) : new TimestampVerificationOperation(now);
+ TimestampVerificationOperation operation = (now == null) ? new TimestampVerificationOperation(timestampVerification) : new TimestampVerificationOperation(now);
operation.process(message, timestamp);
}
- for (Token token : header.getTokens())
+ if (authenticate == null || authenticate.isUsernameAuth())
{
- if (token instanceof UsernameToken)
- new ReceiveUsernameOperation(header, store).process(message, token);
+ for (Token token : header.getTokens())
+ {
+ if (token instanceof UsernameToken)
+ new ReceiveUsernameOperation(header, store).process(message, token);
+ }
}
signedIds.clear();
@@ -126,9 +130,12 @@
// If this list gets much larger it should probably be a hash lookup
if (process instanceof Signature)
{
- Collection<String> ids = signatureVerifier.process(message, process);
+ Signature signature = (Signature)process;
+ Collection<String> ids = signatureVerifier.process(message, signature);
if (ids != null)
- signedIds.addAll(ids);
+ signedIds.addAll(ids);
+ if (authenticate != null && authenticate.isSignatureCertAuth())
+ new ReceiveX509Certificate(authenticate.getSignatureCertAuth().getCertificatePrincipal()).process(message, signature.getSecurityToken());
}
else if (process instanceof EncryptedKey)
{
@@ -137,6 +144,7 @@
encryptedIds.addAll(ids);
}
}
+
}
public void verify(List<OperationDescription<RequireOperation>> requireOperations) throws WSSecurityException
Modified: stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java
===================================================================
--- stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java 2008-11-18 16:46:47 UTC (rev 8755)
+++ stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java 2008-11-18 17:13:12 UTC (rev 8756)
@@ -32,12 +32,14 @@
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPHeader;
import javax.xml.ws.BindingProvider;
+import javax.xml.ws.WebServiceException;
import org.jboss.logging.Logger;
import org.jboss.ws.WSException;
import org.jboss.ws.core.CommonMessageContext;
import org.jboss.ws.core.CommonSOAPFaultException;
import org.jboss.ws.core.StubExt;
+import org.jboss.ws.core.soap.MessageContextAssociation;
import org.jboss.ws.core.soap.SOAPMessageImpl;
import org.jboss.ws.metadata.umdm.EndpointMetaData;
import org.jboss.ws.metadata.umdm.OperationMetaData;
@@ -109,10 +111,11 @@
{
WSSecurityConfiguration config = getSecurityConfig(ctx);
SOAPMessageImpl soapMessage = (SOAPMessageImpl)ctx.getSOAPMessage();
+ Config actualConfig = getActualConfig(config, null);
SOAPHeader soapHeader = soapMessage.getSOAPHeader();
QName secQName = new QName(Constants.WSSE_NS, "Security");
- Element secHeaderElement = (soapHeader != null) ? Util.findElement(soapHeader, secQName) : null;
+ Element secHeaderElement = (soapHeader != null) ? Util.findElement(soapHeader, secQName) : null;
if (secHeaderElement == null)
{
@@ -140,12 +143,12 @@
try
{
- SecurityStore securityStore = new SecurityStore(config.getKeyStoreURL(), config.getKeyStoreType(), config.getKeyStorePassword(), config.getKeyPasswords(), config.getTrustStoreURL(),
- config.getTrustStoreType(), config.getTrustStorePassword());
- SecurityDecoder decoder = new SecurityDecoder(securityStore, config.getTimestampVerification());
+ SecurityStore securityStore = new SecurityStore(config.getKeyStoreURL(), config.getKeyStoreType(), config.getKeyStorePassword(), config.getKeyPasswords(),
+ config.getTrustStoreURL(), config.getTrustStoreType(), config.getTrustStorePassword());
+ SecurityDecoder decoder = new SecurityDecoder(securityStore, config.getTimestampVerification(), actualConfig == null ? null : actualConfig.getAuthenticate());
decoder.decode(soapMessage.getSOAPPart(), secHeaderElement);
-
+
if (log.isTraceEnabled())
log.trace("Decoded Message:\n" + DOMWriter.printNode(soapMessage.getSOAPPart(), true));
@@ -164,7 +167,8 @@
List<OperationDescription<RequireOperation>> operations = buildRequireOperations(config, operation, port);
decoder.verify(operations);
- if(log.isDebugEnabled()) log.debug("Verification is successful");
+ if (log.isDebugEnabled())
+ log.debug("Verification is successful");
decoder.complete();
}
@@ -172,7 +176,8 @@
{
if (e.isInternalError())
log.error("Internal error occured handling inbound message:", e);
- else if(log.isDebugEnabled()) log.debug("Returning error to sender: " + e.getMessage());
+ else if (log.isDebugEnabled())
+ log.debug("Returning error to sender: " + e.getMessage());
throw convertToFault(e);
}
@@ -187,6 +192,59 @@
return config;
}
+ private static Config getActualConfig(WSSecurityConfiguration configuration, Config operationConfig)
+ {
+ if (operationConfig == null)
+ {
+ //if no configuration override, we try getting the right operation config
+ //according to the invoked operation that can be found using the context
+ CommonMessageContext ctx = MessageContextAssociation.peekMessageContext();
+ if (ctx != null)
+ {
+ EndpointMetaData epMetaData = ctx.getEndpointMetaData();
+ QName port = epMetaData.getPortName();
+
+ OperationMetaData opMetaData = ctx.getOperationMetaData();
+ if (opMetaData == null)
+ {
+ // Get the operation meta data from the soap message
+ // for the server side inbound message.
+ SOAPMessageImpl soapMessage = (SOAPMessageImpl)ctx.getSOAPMessage();
+ try
+ {
+ opMetaData = soapMessage.getOperationMetaData(epMetaData);
+ }
+ catch (SOAPException e)
+ {
+ throw new WebServiceException("Error while looking for the operation meta data: " + e);
+ }
+ }
+ if (opMetaData != null)
+ operationConfig = selectOperationConfig(configuration, port, opMetaData.getQName());
+ }
+ }
+ //null operationConfig means default behavior
+ return operationConfig != null ? operationConfig : configuration.getDefaultConfig();
+ }
+
+ private static Config selectOperationConfig(WSSecurityConfiguration configuration, QName portName, QName opName)
+ {
+ Port port = configuration.getPorts().get(portName != null ? portName.getLocalPart() : null);
+ if (port == null)
+ return configuration.getDefaultConfig();
+
+ Operation operation = port.getOperations().get(opName != null ? opName.toString() : null);
+ if (operation == null)
+ {
+ //if the operation name was not available or didn't match any wsse configured operation,
+ //we fall back to the port wsse config (if available) or the default config.
+ Config portConfig = port.getDefaultConfig();
+ return (portConfig == null) ? configuration.getDefaultConfig() : portConfig;
+
+ }
+ return operation.getConfig();
+ }
+
private static boolean hasRequirements(WSSecurityConfiguration config, String operation, String port)
{
Config operationConfig = getConfig(config, port, operation);
@@ -237,7 +295,7 @@
Config operationConfig = getConfig(config, port, operation);
log.debug("WS-Security config: " + operationConfig);
-
+
// Nothing to process
if (operationConfig == null)
return;
@@ -253,7 +311,7 @@
{
Object user = ctx.get(Stub.USERNAME_PROPERTY);
Object pass = ctx.get(Stub.PASSWORD_PROPERTY);
-
+
if (user == null && pass == null)
{
user = ctx.get(BindingProvider.USERNAME_PROPERTY);
@@ -293,12 +351,13 @@
if (operations.size() == 0)
return;
- if(log.isDebugEnabled()) log.debug("Encoding Message:\n" + DOMWriter.printNode(soapMessage.getSOAPPart(), true));
+ if (log.isDebugEnabled())
+ log.debug("Encoding Message:\n" + DOMWriter.printNode(soapMessage.getSOAPPart(), true));
try
{
- SecurityStore securityStore = new SecurityStore(config.getKeyStoreURL(), config.getKeyStoreType(), config.getKeyStorePassword(), config.getKeyPasswords() , config.getTrustStoreURL(),
- config.getTrustStoreType(), config.getTrustStorePassword());
+ SecurityStore securityStore = new SecurityStore(config.getKeyStoreURL(), config.getKeyStoreType(), config.getKeyStorePassword(), config.getKeyPasswords(),
+ config.getTrustStoreURL(), config.getTrustStoreType(), config.getTrustStorePassword());
SecurityEncoder encoder = new SecurityEncoder(operations, securityStore);
encoder.encode(soapMessage.getSOAPPart());
}
@@ -306,7 +365,8 @@
{
if (e.isInternalError())
log.error("Internal error occured handling outbound message:", e);
- else if(log.isDebugEnabled()) log.debug("Returning error to sender: " + e.getMessage());
+ else if (log.isDebugEnabled())
+ log.debug("Returning error to sender: " + e.getMessage());
throw convertToFault(e);
}
Modified: stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/extensions/security/element/Signature.java
===================================================================
--- stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/extensions/security/element/Signature.java 2008-11-18 16:46:47 UTC (rev 8755)
+++ stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/extensions/security/element/Signature.java 2008-11-18 17:13:12 UTC (rev 8756)
@@ -25,6 +25,7 @@
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.signature.XMLSignature;
+import org.jboss.logging.Logger;
import org.jboss.ws.extensions.security.KeyResolver;
import org.jboss.ws.extensions.security.WSSecurityException;
import org.w3c.dom.Element;
@@ -36,10 +37,13 @@
*/
public class Signature implements SecurityProcess
{
+ private static Logger log = Logger.getLogger(Signature.class);
private XMLSignature signature;
/* Used only for decoding */
private PublicKey publicKey;
+ /* Used only for jaas authentication */
+ private BinarySecurityToken securityToken;
private Element cachedElement;
@@ -54,6 +58,15 @@
{
signature = new XMLSignature(element, null);
publicKey = resolver.resolvePublicKey(signature.getKeyInfo());
+ try
+ {
+ securityToken = resolver.resolve(signature.getKeyInfo());
+ }
+ catch (Exception e)
+ {
+ //log exception and ignore, KeyInfo might not reference a security token
+ log.debug("KeyInfo does not contain any reference to a binary security token.", e);
+ }
}
catch (XMLSecurityException e)
{
@@ -84,4 +97,9 @@
{
return publicKey;
}
+
+ public BinarySecurityToken getSecurityToken()
+ {
+ return securityToken;
+ }
}
\ No newline at end of file
Copied: stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/metadata/wsse/Authenticate.java (from rev 7167, stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsse/Authenticate.java)
===================================================================
--- stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/metadata/wsse/Authenticate.java (rev 0)
+++ stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/metadata/wsse/Authenticate.java 2008-11-18 17:13:12 UTC (rev 8756)
@@ -0,0 +1,68 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.ws.metadata.wsse;
+
+import java.io.Serializable;
+
+/**
+ * <code>Authenticate</code> specifies the token to be used for JAAS authentication.
+ *
+ * @author alessio.soldano at jboss.com
+ * @since 26-May-2008
+ */
+public class Authenticate implements Serializable
+{
+ private static final long serialVersionUID = -1338421514796889714L;
+
+ private UsernameAuth usernameAuth;
+ private SignatureCertAuth signatureCertAuth;
+
+ public UsernameAuth getUsernameAuth()
+ {
+ return usernameAuth;
+ }
+
+ public void setUsernameAuth(UsernameAuth usernameAuth)
+ {
+ this.usernameAuth = usernameAuth;
+ }
+
+ public SignatureCertAuth getSignatureCertAuth()
+ {
+ return signatureCertAuth;
+ }
+
+ public void setSignatureCertAuth(SignatureCertAuth signatureCertAuth)
+ {
+ this.signatureCertAuth = signatureCertAuth;
+ }
+
+ public boolean isUsernameAuth()
+ {
+ return usernameAuth != null;
+ }
+
+ public boolean isSignatureCertAuth()
+ {
+ return signatureCertAuth != null;
+ }
+}
Modified: stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/metadata/wsse/Config.java
===================================================================
--- stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/metadata/wsse/Config.java 2008-11-18 16:46:47 UTC (rev 8755)
+++ stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/metadata/wsse/Config.java 2008-11-18 17:13:12 UTC (rev 8756)
@@ -38,6 +38,7 @@
private Sign sign;
private Encrypt encrypt;
private Requires requires;
+ private Authenticate authenticate;
public Encrypt getEncrypt()
{
@@ -88,4 +89,14 @@
{
this.requires = requires;
}
+
+ public Authenticate getAuthenticate()
+ {
+ return authenticate;
+ }
+
+ public void setAuthenticate(Authenticate authenticate)
+ {
+ this.authenticate = authenticate;
+ }
}
Copied: stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/metadata/wsse/SignatureCertAuth.java (from rev 7167, stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsse/SignatureCertAuth.java)
===================================================================
--- stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/metadata/wsse/SignatureCertAuth.java (rev 0)
+++ stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/metadata/wsse/SignatureCertAuth.java 2008-11-18 17:13:12 UTC (rev 8756)
@@ -0,0 +1,52 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.ws.metadata.wsse;
+
+import java.io.Serializable;
+
+/**
+ * <code>UsernameAuth</code> specifies that the certificate token
+ * referenced by the signature should be used for JAAS authentication.
+ *
+ * @author alessio.soldano at jboss.com
+ * @since 26-May-2008
+ */
+public class SignatureCertAuth implements Serializable
+{
+ private static final long serialVersionUID = -6618730662350740011L;
+ private String certificatePrincipal;
+
+ public SignatureCertAuth(String certificatePrincipal)
+ {
+ this.certificatePrincipal = certificatePrincipal;
+ }
+
+ public String getCertificatePrincipal()
+ {
+ return certificatePrincipal;
+ }
+
+ public void setCertificatePrincipal(String certificatePrincipal)
+ {
+ this.certificatePrincipal = certificatePrincipal;
+ }
+}
Copied: stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/metadata/wsse/UsernameAuth.java (from rev 7167, stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsse/UsernameAuth.java)
===================================================================
--- stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/metadata/wsse/UsernameAuth.java (rev 0)
+++ stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/metadata/wsse/UsernameAuth.java 2008-11-18 17:13:12 UTC (rev 8756)
@@ -0,0 +1,41 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.ws.metadata.wsse;
+
+import java.io.Serializable;
+
+/**
+ * <code>UsernameAuth</code> specifies that the username
+ * token should be used for JAAS authentication.
+ *
+ * @author alessio.soldano at jboss.com
+ * @since 26-May-2008
+ */
+public class UsernameAuth implements Serializable
+{
+ private static final long serialVersionUID = -7767474325576294780L;
+
+ public UsernameAuth()
+ {
+
+ }
+}
Modified: stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java
===================================================================
--- stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java 2008-11-18 16:46:47 UTC (rev 8755)
+++ stack/native/branches/dlofthouse/JBPAPP-1349/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java 2008-11-18 17:13:12 UTC (rev 8756)
@@ -284,6 +284,10 @@
{
return new Username();
}
+ else if ("authenticate".equals(localName))
+ {
+ return new Authenticate();
+ }
return null;
}
@@ -332,6 +336,33 @@
log.trace("addChild: [obj=" + config + ",child=" + requires + "]");
config.setRequires(requires);
}
+
+ /**
+ * Called when parsing character is complete.
+ */
+ public void addChild(Config config, Authenticate authenticate, UnmarshallingContext navigator, String namespaceURI, String localName)
+ {
+ log.trace("addChild: [obj=" + config + ",child=" + authenticate + "]");
+ config.setAuthenticate(authenticate);
+ }
+
+ /**
+ * Called when parsing character is complete.
+ */
+ public void addChild(Authenticate authenticate, UsernameAuth usernameAuth, UnmarshallingContext navigator, String namespaceURI, String localName)
+ {
+ log.trace("addChild: [obj=" + authenticate + ",child=" + usernameAuth + "]");
+ authenticate.setUsernameAuth(usernameAuth);
+ }
+
+ /**
+ * Called when parsing character is complete.
+ */
+ public void addChild(Authenticate authenticate, SignatureCertAuth signatureCertAuth, UnmarshallingContext navigator, String namespaceURI, String localName)
+ {
+ log.trace("addChild: [obj=" + authenticate + ",child=" + signatureCertAuth + "]");
+ authenticate.setSignatureCertAuth(signatureCertAuth);
+ }
private Object handleTargets(Object object, UnmarshallingContext navigator, String namespaceURI, String localName, Attributes attrs)
{
@@ -384,7 +415,25 @@
return null;
}
+
+ /**
+ * Called when parsing of a new element started.
+ */
+ public Object newChild(Authenticate authenticate, UnmarshallingContext navigator, String namespaceURI, String localName, Attributes attrs)
+ {
+ log.trace("newChild: " + localName);
+ if ("usernameAuth".equals(localName))
+ {
+ return new UsernameAuth();
+ }
+ else if ("signatureCertAuth".equals(localName))
+ {
+ return new SignatureCertAuth(attrs.getValue("", "certificatePrincipal"));
+ }
+ return null;
+ }
+
/**
* Called when parsing of a new element started.
*/
Modified: stack/native/branches/dlofthouse/JBPAPP-1349/src/main/resources/schema/jboss-ws-security_1_0.xsd
===================================================================
--- stack/native/branches/dlofthouse/JBPAPP-1349/src/main/resources/schema/jboss-ws-security_1_0.xsd 2008-11-18 16:46:47 UTC (rev 8755)
+++ stack/native/branches/dlofthouse/JBPAPP-1349/src/main/resources/schema/jboss-ws-security_1_0.xsd 2008-11-18 17:13:12 UTC (rev 8756)
@@ -126,6 +126,11 @@
<xs:documentation>Specifies the security requirements that should be applied when receiving a response from the communicating party. If this is not specified, all messages will be allowed through.</xs:documentation>
</xs:annotation>
</xs:element>
+ <xs:element name="authenticate" type="authenticateType" minOccurs="0">
+ <xs:annotation>
+ <xs:documentation>Specifies the token to be used for JAAS authentication. If this is not specified, the username token will be used if available.</xs:documentation>
+ </xs:annotation>
+ </xs:element>
</xs:all>
</xs:complexType>
<xs:complexType name="requireTimestampType">
@@ -277,4 +282,26 @@
</xs:element>
</xs:sequence>
</xs:complexType>
+ <xs:complexType name="authenticateType">
+ <xs:choice minOccurs="1" maxOccurs="1">
+ <xs:element name="usernameAuth" type="usernameAuthType" minOccurs="0">
+ <xs:annotation>
+ <xs:documentation>Specifies that the username token should be used for JAAS authentication.</xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="signatureCertAuth" type="signatureCertAuthType" minOccurs="0">
+ <xs:annotation>
+ <xs:documentation>Specifies that the certificate token referenced from the signature should be used for JAAS authentication.</xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ </xs:choice>
+ </xs:complexType>
+ <xs:complexType name="usernameAuthType"/>
+ <xs:complexType name="signatureCertAuthType">
+ <xs:attribute name="certificatePrincipal" use="optional">
+ <xs:annotation>
+ <xs:documentation>This specifies the class to be used to map certificates to principal. It must implement org.jboss.security.auth.certs.CertificatePrincipal. Default is org.jboss.security.auth.certs.SubjectCNMapping</xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+ </xs:complexType>
</xs:schema>
More information about the jbossws-commits
mailing list