[jbossws-commits] JBossWS SVN: r8961 - in stack/native/branches/dlofthouse/JBWS-1999/modules/core: src/main/java/org/jboss/ws/extensions/security and 1 other directories.
jbossws-commits at lists.jboss.org
jbossws-commits at lists.jboss.org
Mon Jan 5 11:20:01 EST 2009
Author: darran.lofthouse at jboss.com
Date: 2009-01-05 11:20:01 -0500 (Mon, 05 Jan 2009)
New Revision: 8961
Added:
stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/AuthorizeOperation.java
Modified:
stack/native/branches/dlofthouse/JBWS-1999/modules/core/pom.xml
stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/SecurityDecoder.java
stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java
Log:
Current implementation so far.
Modified: stack/native/branches/dlofthouse/JBWS-1999/modules/core/pom.xml
===================================================================
--- stack/native/branches/dlofthouse/JBWS-1999/modules/core/pom.xml 2009-01-05 12:39:16 UTC (rev 8960)
+++ stack/native/branches/dlofthouse/JBWS-1999/modules/core/pom.xml 2009-01-05 16:20:01 UTC (rev 8961)
@@ -82,6 +82,12 @@
<version>${jboss.jbosssx.version}</version>
</dependency>
<dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jboss-security-spi</artifactId>
+ <scope>provided</scope>
+ <version>${jboss.jbosssx.version}</version>
+ </dependency>
+ <dependency>
<groupId>org.jboss</groupId>
<artifactId>jbossxb</artifactId>
<scope>provided</scope>
Modified: stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/SecurityDecoder.java
===================================================================
--- stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/SecurityDecoder.java 2009-01-05 12:39:16 UTC (rev 8960)
+++ stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/SecurityDecoder.java 2009-01-05 16:20:01 UTC (rev 8961)
@@ -35,6 +35,7 @@
import org.jboss.ws.extensions.security.element.UsernameToken;
import org.jboss.ws.extensions.security.exception.WSSecurityException;
import org.jboss.ws.extensions.security.nonce.NonceFactory;
+import org.jboss.ws.extensions.security.operation.AuthorizeOperation;
import org.jboss.ws.extensions.security.operation.DecryptionOperation;
import org.jboss.ws.extensions.security.operation.ReceiveUsernameOperation;
import org.jboss.ws.extensions.security.operation.ReceiveX509Certificate;
@@ -44,6 +45,7 @@
import org.jboss.ws.extensions.security.operation.SignatureVerificationOperation;
import org.jboss.ws.extensions.security.operation.TimestampVerificationOperation;
import org.jboss.ws.metadata.wsse.Authenticate;
+import org.jboss.ws.metadata.wsse.Authorize;
import org.jboss.ws.metadata.wsse.TimestampVerification;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -68,18 +70,21 @@
private TimestampVerification timestampVerification;
private Authenticate authenticate;
+
+ private Authorize authorize;
private HashSet<String> signedIds = new HashSet<String>();
private HashSet<String> encryptedIds = new HashSet<String>();
- public SecurityDecoder(SecurityStore store, NonceFactory nonceFactory, TimestampVerification timestampVerification, Authenticate authenticate)
+ public SecurityDecoder(SecurityStore store, NonceFactory nonceFactory, TimestampVerification timestampVerification, Authenticate authenticate, Authorize authorize)
{
org.apache.xml.security.Init.init();
this.store = store;
this.nonceFactory = nonceFactory;
this.timestampVerification = timestampVerification;
this.authenticate = authenticate;
+ this.authorize = authorize;
}
/**
@@ -89,9 +94,9 @@
* @param SecurityStore the security store that contains key and trust information
* @param now The timestamp to use as the current time when validating a message expiration
*/
- public SecurityDecoder(SecurityStore store, Calendar now, NonceFactory nonceFactory, TimestampVerification timestampVerification, Authenticate authenticate)
+ public SecurityDecoder(SecurityStore store, Calendar now, NonceFactory nonceFactory, TimestampVerification timestampVerification, Authenticate authenticate, Authorize authorize)
{
- this(store, nonceFactory, timestampVerification, authenticate);
+ this(store, nonceFactory, timestampVerification, authenticate, authorize);
this.now = now;
}
@@ -157,6 +162,11 @@
}
}
+ if (authorize != null)
+ {
+ AuthorizeOperation authorizeOp = new AuthorizeOperation(authorize);
+ authorizeOp.process();
+ }
}
Modified: stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java
===================================================================
--- stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java 2009-01-05 12:39:16 UTC (rev 8960)
+++ stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java 2009-01-05 16:20:01 UTC (rev 8961)
@@ -50,6 +50,8 @@
import org.jboss.ws.extensions.security.operation.TimestampOperation;
import org.jboss.ws.metadata.umdm.EndpointMetaData;
import org.jboss.ws.metadata.umdm.OperationMetaData;
+import org.jboss.ws.metadata.wsse.Authenticate;
+import org.jboss.ws.metadata.wsse.Authorize;
import org.jboss.ws.metadata.wsse.Config;
import org.jboss.ws.metadata.wsse.Encrypt;
import org.jboss.ws.metadata.wsse.Operation;
@@ -98,8 +100,17 @@
SecurityStore securityStore = new SecurityStore(configuration.getKeyStoreURL(), configuration.getKeyStoreType(), configuration.getKeyStorePassword(),
configuration.getKeyPasswords(), configuration.getTrustStoreURL(), configuration.getTrustStoreType(), configuration.getTrustStorePassword());
NonceFactory factory = Util.loadFactory(NonceFactory.class, configuration.getNonceFactory(), DefaultNonceFactory.class);
- SecurityDecoder decoder = new SecurityDecoder(securityStore, factory, configuration.getTimestampVerification(), config == null ? null : config.getAuthenticate());
+
+ Authenticate authenticate = null;
+ Authorize authorize = null;
+ if (config != null)
+ {
+ authenticate = config.getAuthenticate();
+ authorize = config.getAuthorize();
+ }
+ SecurityDecoder decoder = new SecurityDecoder(securityStore, factory, configuration.getTimestampVerification(), authenticate, authorize);
+
decoder.decode(message.getSOAPPart(), secHeaderElement);
if (log.isTraceEnabled())
Added: stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/AuthorizeOperation.java
===================================================================
--- stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/AuthorizeOperation.java (rev 0)
+++ stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/AuthorizeOperation.java 2009-01-05 16:20:01 UTC (rev 8961)
@@ -0,0 +1,81 @@
+/*
+* JBoss, Home of Professional Open Source.
+* Copyright 2008, Red Hat Middleware LLC, and individual contributors
+* as indicated by the @author tags. See the copyright.txt file in the
+* distribution for a full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.ws.extensions.security.operation;
+
+import javax.naming.Context;
+import javax.naming.InitialContext;
+import javax.naming.NamingException;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.AuthenticationManager;
+import org.jboss.security.RealmMapping;
+import org.jboss.ws.WSException;
+import org.jboss.ws.metadata.wsse.Authorize;
+
+/**
+ * Operation to authenticate and check the authorisation of the
+ * current user.
+ *
+ * @author <a href="mailto:darran.lofthouse at jboss.com">Darran Lofthouse</a>
+ * @since December 23rd 2008
+ */
+public class AuthorizeOperation
+{
+
+ private static final Logger log = Logger.getLogger(AuthorizeOperation.class);
+
+ private Authorize authorize;
+
+ private AuthenticationManager am;
+
+ private RealmMapping rm;
+
+ public AuthorizeOperation(Authorize authorize)
+ {
+ this.authorize = authorize;
+
+ try
+ {
+ Context ctx = new InitialContext();
+ Object obj = ctx.lookup("java:comp/env/security/securityMgr");
+ am = (AuthenticationManager)obj;
+ rm = (RealmMapping)am;
+ }
+ catch (NamingException ne)
+ {
+ throw new WSException("Unable to lookup AuthenticationManager", ne);
+ }
+
+ }
+
+ public void process()
+ {
+ log.trace("About to check authorization, using security domain '" + am.getSecurityDomain() + "'");
+ // Step 1 - Authenticate using currently associated principals.
+
+ // Step 2 - If unchecked all ok so return.
+
+ // Step 3 - If roles specified check user in role.
+
+ }
+
+}
Property changes on: stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/AuthorizeOperation.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
More information about the jbossws-commits
mailing list