[jbossws-commits] JBossWS SVN: r9006 - in stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security: operation and 1 other directory.
jbossws-commits at lists.jboss.org
jbossws-commits at lists.jboss.org
Fri Jan 9 12:56:34 EST 2009
Author: darran.lofthouse at jboss.com
Date: 2009-01-09 12:56:34 -0500 (Fri, 09 Jan 2009)
New Revision: 9006
Modified:
stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/SecurityDecoder.java
stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java
stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/AuthorizeOperation.java
Log:
Refactoring to ensure authorization check is always called if needed.
Modified: stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/SecurityDecoder.java
===================================================================
--- stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/SecurityDecoder.java 2009-01-09 17:12:10 UTC (rev 9005)
+++ stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/SecurityDecoder.java 2009-01-09 17:56:34 UTC (rev 9006)
@@ -69,22 +69,19 @@
private TimestampVerification timestampVerification;
- private Authenticate authenticate;
-
- private Authorize authorize;
+ private Authenticate authenticate;
private HashSet<String> signedIds = new HashSet<String>();
private HashSet<String> encryptedIds = new HashSet<String>();
- public SecurityDecoder(SecurityStore store, NonceFactory nonceFactory, TimestampVerification timestampVerification, Authenticate authenticate, Authorize authorize)
+ public SecurityDecoder(SecurityStore store, NonceFactory nonceFactory, TimestampVerification timestampVerification, Authenticate authenticate)
{
org.apache.xml.security.Init.init();
this.store = store;
this.nonceFactory = nonceFactory;
this.timestampVerification = timestampVerification;
this.authenticate = authenticate;
- this.authorize = authorize;
}
/**
@@ -94,9 +91,9 @@
* @param SecurityStore the security store that contains key and trust information
* @param now The timestamp to use as the current time when validating a message expiration
*/
- public SecurityDecoder(SecurityStore store, Calendar now, NonceFactory nonceFactory, TimestampVerification timestampVerification, Authenticate authenticate, Authorize authorize)
+ public SecurityDecoder(SecurityStore store, Calendar now, NonceFactory nonceFactory, TimestampVerification timestampVerification, Authenticate authenticate)
{
- this(store, nonceFactory, timestampVerification, authenticate, authorize);
+ this(store, nonceFactory, timestampVerification, authenticate);
this.now = now;
}
@@ -160,14 +157,8 @@
if (ids != null)
encryptedIds.addAll(ids);
}
- }
+ }
- if (authorize != null)
- {
- AuthorizeOperation authorizeOp = new AuthorizeOperation(authorize);
- authorizeOp.process();
- }
-
}
public void verify(List<RequireOperation> requireOperations) throws WSSecurityException
Modified: stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java
===================================================================
--- stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java 2009-01-09 17:12:10 UTC (rev 9005)
+++ stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java 2009-01-09 17:56:34 UTC (rev 9006)
@@ -39,6 +39,7 @@
import org.jboss.ws.extensions.security.exception.WSSecurityException;
import org.jboss.ws.extensions.security.nonce.DefaultNonceFactory;
import org.jboss.ws.extensions.security.nonce.NonceFactory;
+import org.jboss.ws.extensions.security.operation.AuthorizeOperation;
import org.jboss.ws.extensions.security.operation.EncodingOperation;
import org.jboss.ws.extensions.security.operation.EncryptionOperation;
import org.jboss.ws.extensions.security.operation.RequireEncryptionOperation;
@@ -81,7 +82,7 @@
Config config = getActualConfig(configuration, operationConfig);
SOAPHeader soapHeader = message.getSOAPHeader();
QName secQName = new QName(Constants.WSSE_NS, "Security");
- Element secHeaderElement = (soapHeader != null) ? Util.findElement(soapHeader, secQName) : null;
+ Element secHeaderElement = (soapHeader != null) ? Util.findElement(soapHeader, secQName) : null;
if (secHeaderElement == null)
{
@@ -91,54 +92,76 @@
if (hasRequirements(config))
throw convertToFault(new InvalidSecurityHeaderException("This service requires <wsse:Security>, which is missing."));
-
- return;
}
try
{
- SecurityStore securityStore = new SecurityStore(configuration.getKeyStoreURL(), configuration.getKeyStoreType(), configuration.getKeyStorePassword(),
- configuration.getKeyPasswords(), configuration.getTrustStoreURL(), configuration.getTrustStoreType(), configuration.getTrustStorePassword());
- NonceFactory factory = Util.loadFactory(NonceFactory.class, configuration.getNonceFactory(), DefaultNonceFactory.class);
-
- Authenticate authenticate = null;
- Authorize authorize = null;
- if (config != null)
+ if (secHeaderElement != null)
{
- authenticate = config.getAuthenticate();
- authorize = config.getAuthorize();
+ decodeHeader(configuration, config, message, secHeaderElement);
}
- SecurityDecoder decoder = new SecurityDecoder(securityStore, factory, configuration.getTimestampVerification(), authenticate, authorize);
-
- decoder.decode(message.getSOAPPart(), secHeaderElement);
-
- if (log.isTraceEnabled())
- log.trace("Decoded Message:\n" + DOMWriter.printNode(message.getSOAPPart(), true));
-
- List<RequireOperation> operations = buildRequireOperations(config);
-
- decoder.verify(operations);
- if(log.isDebugEnabled()) log.debug("Verification is successful");
-
- decoder.complete();
+ authorize(config);
}
catch (WSSecurityException e)
{
if (e.isInternalError())
log.error("Internal error occured handling inbound message:", e);
- else if(log.isDebugEnabled()) log.debug("Returning error to sender: " + e.getMessage());
+ else if (log.isDebugEnabled())
+ log.debug("Returning error to sender: " + e.getMessage());
throw convertToFault(e);
}
-
+
}
+ private void decodeHeader(WSSecurityConfiguration configuration, Config config, SOAPMessage message, Element secHeaderElement) throws WSSecurityException
+ {
+ SecurityStore securityStore = new SecurityStore(configuration.getKeyStoreURL(), configuration.getKeyStoreType(), configuration.getKeyStorePassword(),
+ configuration.getKeyPasswords(), configuration.getTrustStoreURL(), configuration.getTrustStoreType(), configuration.getTrustStorePassword());
+ NonceFactory factory = Util.loadFactory(NonceFactory.class, configuration.getNonceFactory(), DefaultNonceFactory.class);
+
+ Authenticate authenticate = null;
+
+ if (config != null)
+ {
+ authenticate = config.getAuthenticate();
+ }
+
+ SecurityDecoder decoder = new SecurityDecoder(securityStore, factory, configuration.getTimestampVerification(), authenticate);
+
+ decoder.decode(message.getSOAPPart(), secHeaderElement);
+
+ if (log.isTraceEnabled())
+ log.trace("Decoded Message:\n" + DOMWriter.printNode(message.getSOAPPart(), true));
+
+ List<RequireOperation> operations = buildRequireOperations(config);
+
+ decoder.verify(operations);
+ if (log.isDebugEnabled())
+ log.debug("Verification is successful");
+
+ decoder.complete();
+ }
+
+ private void authorize(Config config) throws WSSecurityException
+ {
+ if (config != null)
+ {
+ Authorize authorize = config.getAuthorize();
+ if (authorize != null)
+ {
+ AuthorizeOperation authorizeOp = new AuthorizeOperation(authorize);
+ authorizeOp.process();
+ }
+ }
+ }
+
public void encodeMessage(WSSecurityConfiguration configuration, SOAPMessage message, Config operationConfig, String user, String password) throws SOAPException
{
Config config = getActualConfig(configuration, operationConfig);
log.debug("WS-Security config: " + config);
-
+
// Nothing to process
if (config == null)
return;
@@ -183,12 +206,13 @@
if (operations.size() == 0)
return;
- if(log.isDebugEnabled()) log.debug("Encoding Message:\n" + DOMWriter.printNode(message.getSOAPPart(), true));
+ if (log.isDebugEnabled())
+ log.debug("Encoding Message:\n" + DOMWriter.printNode(message.getSOAPPart(), true));
try
{
SecurityStore securityStore = new SecurityStore(configuration.getKeyStoreURL(), configuration.getKeyStoreType(), configuration.getKeyStorePassword(),
- configuration.getKeyPasswords() , configuration.getTrustStoreURL(), configuration.getTrustStoreType(), configuration.getTrustStorePassword());
+ configuration.getKeyPasswords(), configuration.getTrustStoreURL(), configuration.getTrustStoreType(), configuration.getTrustStorePassword());
SecurityEncoder encoder = new SecurityEncoder(operations, securityStore);
encoder.encode(message.getSOAPPart());
}
@@ -196,7 +220,8 @@
{
if (e.isInternalError())
log.error("Internal error occured handling outbound message:", e);
- else if(log.isDebugEnabled()) log.debug("Returning error to sender: " + e.getMessage());
+ else if (log.isDebugEnabled())
+ log.debug("Returning error to sender: " + e.getMessage());
throw convertToFault(e);
}
@@ -210,7 +235,7 @@
securityAdaptor.setPrincipal(null);
securityAdaptor.setCredential(null);
}
-
+
private List<Target> convertTargets(List<org.jboss.ws.metadata.wsse.Target> targets)
{
if (targets == null)
@@ -243,7 +268,7 @@
{
if (operationConfig == null)
return null;
-
+
Requires requires = operationConfig.getRequires();
if (requires == null)
return null;
@@ -281,7 +306,7 @@
{
EndpointMetaData epMetaData = ctx.getEndpointMetaData();
QName port = epMetaData.getPortName();
-
+
OperationMetaData opMetaData = ctx.getOperationMetaData();
if (opMetaData == null)
{
@@ -304,7 +329,7 @@
//null operationConfig means default behavior
return operationConfig != null ? operationConfig : configuration.getDefaultConfig();
}
-
+
private Config selectOperationConfig(WSSecurityConfiguration configuration, QName portName, QName opName)
{
Port port = configuration.getPorts().get(portName != null ? portName.getLocalPart() : null);
@@ -322,8 +347,7 @@
}
return operation.getConfig();
}
-
-
+
private boolean hasRequirements(Config config)
{
return config != null && config.getRequires() != null;
Modified: stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/AuthorizeOperation.java
===================================================================
--- stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/AuthorizeOperation.java 2009-01-09 17:12:10 UTC (rev 9005)
+++ stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/AuthorizeOperation.java 2009-01-09 17:56:34 UTC (rev 9006)
@@ -145,7 +145,6 @@
{
List<Role> roles = authorize.getRoles();
int rolesCount = (roles != null) ? roles.size() : 0;
- log.info(rolesCount);
Set<Principal> expectedRoles = new HashSet<Principal>(rolesCount);
if (roles != null)
More information about the jbossws-commits
mailing list