Re: svn commit: r453622 - in /webservices/axis2/trunk/java/modules: integration/test/org/apache/rampart/ rahas/src/org/apache/rahas/impl/ security/src/org/apache/rampart/ security/src/org/apache/rampart/builder/

Ruchith Fernando Fri, 06 Oct 2006 07:53:05 -0700

This requires the latest WSS4J SNAPSHOT.

Thanks,
Ruchith


On 10/6/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:

Author: ruchithf
Date: Fri Oct  6 07:49:55 2006
New Revision: 453622

URL: http://svn.apache.org/viewvc?view=rev&rev=453622
Log:
Makesure we use the map of contexts only in the client side and use the sct 
info from the request at the service.
Provided a mechanism to handle set the SCT id in teh message context. This will 
be used in token cancellation and in sending RM ack msgs.


Modified:
    
webservices/axis2/trunk/java/modules/integration/test/org/apache/rampart/RampartTest.java
    
webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java
    
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java
    
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartMessageData.java
    
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java
    
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/errors.properties

Modified: 
webservices/axis2/trunk/java/modules/integration/test/org/apache/rampart/RampartTest.java
URL: 
http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test/org/apache/rampart/RampartTest.java?view=diff&rev=453622&r1=453621&r2=453622
==============================================================================
--- 
webservices/axis2/trunk/java/modules/integration/test/org/apache/rampart/RampartTest.java
 (original)
+++ 
webservices/axis2/trunk/java/modules/integration/test/org/apache/rampart/RampartTest.java
 Fri Oct  6 07:49:55 2006
@@ -103,6 +103,10 @@
                 options.setProperty(RampartMessageData.CANCEL_REQUEST, 
Constants.VALUE_TRUE);
                 serviceClient.sendReceive(getEchoElement());

+                options.setProperty(RampartMessageData.CANCEL_REQUEST, 
Constants.VALUE_FALSE);
+                serviceClient.sendReceive(getEchoElement());
+                options.setProperty(RampartMessageData.CANCEL_REQUEST, 
Constants.VALUE_TRUE);
+                serviceClient.sendReceive(getEchoElement());
             }

         } catch (Exception e) {

Modified: 
webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java
URL: 
http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java?view=diff&rev=453622&r1=453621&r2=453622
==============================================================================
--- 
webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java
 (original)
+++ 
webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java
 Fri Oct  6 07:49:55 2006
@@ -172,10 +172,6 @@

             sctToken.setState(Token.ISSUED);
             TrustUtil.getTokenStore(data.getInMessageContext()).add(sctToken);
-            this.getContextMap(data.getInMessageContext()).put(
-                    this.getContextIdentifierKey(data.getInMessageContext()),
-                    sctToken.getId());
-
             return env;
         } catch (ConversationException e) {
             throw new TrustException(e.getMessage(), e);

Modified: 
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java
URL: 
http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java?view=diff&rev=453622&r1=453621&r2=453622
==============================================================================
--- 
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java
 (original)
+++ 
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java
 Fri Oct  6 07:49:55 2006
@@ -98,7 +98,7 @@
                 String ctxIdKey = RampartUtil.getContextIdentifierKey(msgCtx);
                 String tokenId = 
(String)RampartUtil.getContextMap(msgCtx).get(ctxIdKey);

-                if(RampartUtil.isTokenValid(rmd, tokenId)) {
+                if(tokenId != null && RampartUtil.isTokenValid(rmd, tokenId)) {
                     OMElement bodyElem = msgCtx.getEnvelope().getBody();
                     OMElement child = bodyElem.getFirstElement();
                     OMElement newChild = 
TrustUtil.createCancelRequest(tokenId, rmd.getWstVersion());

Modified: 
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartMessageData.java
URL: 
http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartMessageData.java?view=diff&rev=453622&r1=453621&r2=453622
==============================================================================
--- 
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartMessageData.java
 (original)
+++ 
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartMessageData.java
 Fri Oct  6 07:49:55 2006
@@ -38,10 +38,13 @@
 import org.apache.rampart.util.Axis2Util;
 import org.apache.rampart.util.RampartUtil;
 import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.WSSecurityEngineResult;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.conversation.ConversationConstants;
 import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
 import org.apache.ws.security.message.WSSecHeader;
 import org.apache.ws.security.util.Loader;
 import org.w3c.dom.Document;
@@ -49,6 +52,7 @@
 import javax.xml.namespace.QName;

 import java.util.List;
+import java.util.Vector;

 public class RampartMessageData {

@@ -76,6 +80,8 @@

     public final static String CANCEL_REQUEST = "cancelrequest";

+    public final static String SCT_ID = "sctID";
+
     private MessageContext msgContext = null;

     private RampartPolicyData policyData = null;
@@ -231,15 +237,30 @@
             this.isClientSide = !msgCtx.isServerSide();
             this.sender = sender;

+            OperationContext opCtx = this.msgContext.getOperationContext();
+
             if(!this.isClientSide && this.sender) {
                 //Get hold of the incoming msg ctx
-                OperationContext opCtx = this.msgContext.getOperationContext();
                 MessageContext inMsgCtx;
                 if (opCtx != null
                         && (inMsgCtx = opCtx
                                 
.getMessageContext(WSDLConstants.MESSAGE_LABEL_IN_VALUE)) != null) {
                     msgContext.setProperty(WSHandlerConstants.RECV_RESULTS,
                             
inMsgCtx.getProperty(WSHandlerConstants.RECV_RESULTS));
+
+                    //If someone set the sct_id externally use it at the 
receiver
+                    msgContext.setProperty(SCT_ID, 
inMsgCtx.getProperty(SCT_ID));
+                }
+            }
+
+            if(this.isClientSide && !this.sender) {
+                MessageContext outMsgCtx;
+                if (opCtx != null
+                        && (outMsgCtx = opCtx
+                                
.getMessageContext(WSDLConstants.MESSAGE_LABEL_OUT_VALUE)) != null) {
+
+                    //If someone set the sct_id externally use it at the 
receiver
+                    msgContext.setProperty(SCT_ID, 
outMsgCtx.getProperty(SCT_ID));
                 }
             }

@@ -396,8 +417,36 @@
      * @return Returns the secConvTokenId.
      */
     public String getSecConvTokenId() {
-        String contextIdentifierKey = 
RampartUtil.getContextIdentifierKey(this.msgContext);
-        return (String) 
RampartUtil.getContextMap(this.msgContext).get(contextIdentifierKey);
+        String id = null;
+
+        if(this.isClientSide) {
+            String contextIdentifierKey = 
RampartUtil.getContextIdentifierKey(this.msgContext);
+            id = (String) 
RampartUtil.getContextMap(this.msgContext).get(contextIdentifierKey);
+        } else {
+            //get the sec context id from the req msg ctx
+            Vector results = 
(Vector)this.msgContext.getProperty(WSHandlerConstants.RECV_RESULTS);
+            for (int i = 0; i < results.size(); i++) {
+                WSHandlerResult rResult = (WSHandlerResult) results.get(i);
+                Vector wsSecEngineResults = rResult.getResults();
+
+                for (int j = 0; j < wsSecEngineResults.size(); j++) {
+                    WSSecurityEngineResult wser = (WSSecurityEngineResult) 
wsSecEngineResults
+                            .get(j);
+                    if(WSConstants.SCT == wser.getAction()) {
+                        id = wser.getSecurityContextToken().getID();
+                    }
+
+                }
+            }
+        }
+
+        if(id == null || id.length() == 0) {
+            //If we can't find the sec conv token id up to this point then
+            //check if someone has specified which one to use
+            id = (String)this.msgContext.getProperty(SCT_ID);
+        }
+
+        return id;
     }

     /**

Modified: 
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java
URL: 
http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java?view=diff&rev=453622&r1=453621&r2=453622
==============================================================================
--- 
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java
 (original)
+++ 
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java
 Fri Oct  6 07:49:55 2006
@@ -17,6 +17,7 @@
 package org.apache.rampart.builder;

 import org.apache.axiom.om.OMElement;
+import org.apache.axis2.context.MessageContext;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.rahas.RahasConstants;
@@ -57,8 +58,10 @@
             this.addTimestamp(rmd);
         }

-        //Setup required tokens
-        initializeTokens(rmd);
+        if(rmd.isClientSide()) {
+            //Setup required tokens
+            initializeTokens(rmd);
+        }


         if(Constants.ENCRYPT_BEFORE_SIGNING.equals(rpd.getProtectionOrder())) {
@@ -99,6 +102,10 @@
                 log.debug("SCT Id : " + tokenId);
             }

+            if(tokenId == null || tokenId.length() == 0) {
+                throw new RampartException("noSecurityToken");
+            }
+
             /*
              * Get hold of the token from the token storage
              */
@@ -294,6 +301,10 @@
             throw new RampartException("signatureTokenMissing");
         }

+        if(sigTokId == null || sigTokId.length() == 0) {
+            throw new RampartException("noSecurityToken");
+        }
+
         sigTok = this.getToken(rmd, sigTokId);

         if(Constants.INCLUDE_ALWAYS.equals(sigToken.getInclusion()) ||
@@ -456,7 +467,8 @@

         RampartPolicyData rpd = rmd.getPolicyData();

-        if(rpd.isSymmetricBinding() && !rmd.getMsgContext().isServerSide()) {
+        MessageContext msgContext = rmd.getMsgContext();
+        if(rpd.isSymmetricBinding() && !msgContext.isServerSide()) {
             log.debug("Procesing symmentric binding: " +
                     "Setting up encryption token and signature token");
             //Setting up encryption token and signature token
@@ -488,7 +500,7 @@
                 String secConvTokenId = rmd.getSecConvTokenId();

                 //The RSTR has to be secured with the cancelled token
-                String action = rmd.getMsgContext().getOptions().getAction();
+                String action = msgContext.getOptions().getAction();
                 boolean cancelReqResp = 
action.equals(RahasConstants.WST_NS_05_02 + 
RahasConstants.RSTR_ACTION_CANCEL_SCT) ||
                                            
action.equals(RahasConstants.WST_NS_05_02 + 
RahasConstants.RSTR_ACTION_CANCEL_SCT) ||
                                            
action.equals(RahasConstants.WST_NS_05_02 + 
RahasConstants.RST_ACTION_CANCEL_SCT) ||
@@ -498,6 +510,11 @@
                 if(secConvTokenId != null && cancelReqResp) {
                     try {
                         
rmd.getTokenStorage().getToken(secConvTokenId).setState(org.apache.rahas.Token.CANCELLED);
+                        msgContext.setProperty(RampartMessageData.SCT_ID, 
secConvTokenId);
+
+                        //remove from the local map of contexts
+                        String contextIdentifierKey = 
RampartUtil.getContextIdentifierKey(msgContext);
+                        
RampartUtil.getContextMap(msgContext).remove(contextIdentifierKey);
                     } catch (TrustException e) {
                         throw new RampartException("errorExtractingToken");
                     }

Modified: 
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/errors.properties
URL: 
http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/errors.properties?view=diff&rev=453622&r1=453621&r2=453622
==============================================================================
--- 
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/errors.properties
 (original)
+++ 
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/errors.properties
 Fri Oct  6 07:49:55 2006
@@ -40,6 +40,7 @@
 errorInTokenCancellation = Error in cancelling token
 tokenToBeCancelledInvalid = Token to be cancelled is invalid or expired
 errorCreatingRSTTemplateForSCT=Error in creating RST template for SCT
+noSecurityToken = Missing security token

 #Errors in processors
 errorProcessingUT = Error in processing UsernameToken



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



--
www.ruchith.org

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: svn commit: r453622 - in /webservices/axis2/trunk/java/modules: integration/test/org/apache/rampart/ rahas/src/org/apache/rahas/impl/ security/src/org/apache/rampart/ security/src/org/apache/rampart/builder/

Reply via email to