Author: dkulp
Date: Mon Dec 15 13:57:19 2008
New Revision: 726825
URL: http://svn.apache.org/viewvc?rev=726825&view=rev
Log:
Allow using a wsdl for the STSClient so policies can be pulled directly
Update logging to log the URL as well
Modified:
cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingMessage.java
cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingOutInterceptor.java
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/IssuedTokenBuilder.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
Modified:
cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingMessage.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingMessage.java?rev=726825&r1=726824&r2=726825&view=diff
==============================================================================
---
cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingMessage.java
(original)
+++
cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingMessage.java
Mon Dec 15 13:57:19 2008
@@ -21,7 +21,7 @@
public final class LoggingMessage {
private final String heading;
-
+ private final StringBuilder address;
private final StringBuilder encoding;
private final StringBuilder header;
private final StringBuilder message;
@@ -30,11 +30,15 @@
public LoggingMessage(String h) {
heading = h;
+ address = new StringBuilder();
encoding = new StringBuilder();
header = new StringBuilder();
message = new StringBuilder();
payload = new StringBuilder();
}
+ public StringBuilder getAddress() {
+ return address;
+ }
public StringBuilder getEncoding() {
return encoding;
@@ -55,6 +59,10 @@
public String toString() {
StringBuilder buffer = new StringBuilder();
buffer.append(heading);
+ if (address.length() > 0) {
+ buffer.append("\nAddress: ");
+ buffer.append(address);
+ }
buffer.append("\nEncoding: ");
buffer.append(encoding);
buffer.append("\nHeaders: ");
Modified:
cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingOutInterceptor.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingOutInterceptor.java?rev=726825&r1=726824&r2=726825&view=diff
==============================================================================
---
cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingOutInterceptor.java
(original)
+++
cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/LoggingOutInterceptor.java
Mon Dec 15 13:57:19 2008
@@ -113,6 +113,10 @@
buffer.getEncoding().append(encoding);
}
+ String address = (String)message.get(Message.ENDPOINT_ADDRESS);
+ if (address != null) {
+ buffer.getAddress().append(address);
+ }
Object headers = message.get(Message.PROTOCOL_HEADERS);
if (headers != null) {
Modified:
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java?rev=726825&r1=726824&r2=726825&view=diff
==============================================================================
---
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
(original)
+++
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
Mon Dec 15 13:57:19 2008
@@ -680,9 +680,12 @@
String queryString = (String)message.get(Message.QUERY_STRING);
if (result == null) {
if (pathInfo == null && queryString == null) {
- return getURL();
+ URL url = getURL();
+ message.put(Message.ENDPOINT_ADDRESS, url.toString());
+ return url;
}
result = getURL().toString();
+ message.put(Message.ENDPOINT_ADDRESS, result);
}
// REVISIT: is this really correct?
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/IssuedTokenBuilder.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/IssuedTokenBuilder.java?rev=726825&r1=726824&r2=726825&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/IssuedTokenBuilder.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/IssuedTokenBuilder.java
Mon Dec 15 13:57:19 2008
@@ -124,11 +124,11 @@
assertion = (Assertion)iterator.next();
name = assertion.getName();
- if (SP11Constants.REQUIRE_DERIVED_KEYS.equals(name)) {
+ if (SPConstants.REQUIRE_DERIVED_KEYS.equals(name.getLocalPart())) {
parent.setDerivedKeys(true);
- } else if (SP11Constants.REQUIRE_EXTERNAL_REFERENCE.equals(name)) {
+ } else if
(SPConstants.REQUIRE_EXTERNAL_REFERENCE.equals(name.getLocalPart())) {
parent.setRequireExternalReference(true);
- } else if (SP11Constants.REQUIRE_INTERNAL_REFERENCE.equals(name)) {
+ } else if
(SPConstants.REQUIRE_INTERNAL_REFERENCE.equals(name.getLocalPart())) {
parent.setRequireInternalReference(true);
}
}
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=726825&r1=726824&r2=726825&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
Mon Dec 15 13:57:19 2008
@@ -64,14 +64,18 @@
import org.apache.cxf.service.model.ServiceInfo;
import org.apache.cxf.staxutils.StaxUtils;
import org.apache.cxf.staxutils.W3CDOMStreamWriter;
+import org.apache.cxf.transport.Conduit;
import org.apache.cxf.transport.ConduitInitiator;
import org.apache.cxf.transport.ConduitInitiatorManager;
+import org.apache.cxf.ws.policy.EffectivePolicy;
import org.apache.cxf.ws.policy.PolicyBuilder;
+import org.apache.cxf.ws.policy.PolicyEngine;
import org.apache.cxf.ws.security.policy.model.AlgorithmSuite;
import org.apache.cxf.ws.security.policy.model.Binding;
import org.apache.cxf.ws.security.policy.model.Trust10;
import org.apache.cxf.ws.security.policy.model.Trust13;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.wsdl11.WSDLServiceFactory;
import org.apache.neethi.Policy;
import org.apache.neethi.PolicyComponent;
import org.apache.ws.security.WSConstants;
@@ -94,6 +98,11 @@
String name = "default.sts-client";
Client client;
String location;
+
+ String wsdlLocation;
+ QName serviceName;
+ QName endpointName;
+
Policy policy;
String soapVersion = SoapBindingConstants.SOAP11_BINDING_ID;
int keySize = 256;
@@ -175,64 +184,104 @@
return ctx;
}
+ public void setWsdlLocation(String wsdl) {
+ wsdlLocation = wsdl;
+ }
+ public void setServiceName(QName qn) {
+ serviceName = qn;
+ }
+ public void setServiceName(String qn) {
+ serviceName = QName.valueOf(qn);
+ }
+ public void setEndpointName(QName qn) {
+ endpointName = qn;
+ }
+ public void setEndpointName(String qn) {
+ endpointName = QName.valueOf(qn);
+ }
private void createClient() throws BusException, EndpointException {
if (client != null) {
return;
}
bus.getExtension(Configurer.class).configureBean(name, this);
-
- Service service = null;
- String ns = namespace + "/wsdl";
- ServiceInfo si = new ServiceInfo();
-
- QName iName = new QName(ns, "SecurityTokenService");
- si.setName(iName);
- InterfaceInfo ii = new InterfaceInfo(si, iName);
- OperationInfo oi = ii.addOperation(new QName(ns,
"RequestSecurityToken"));
- MessageInfo mii = oi.createMessage(new QName(ns,
"RequestSecurityTokenMsg"),
- MessageInfo.Type.INPUT);
- oi.setInput("RequestSecurityTokenMsg", mii);
- MessagePartInfo mpi = mii.addMessagePart("request");
- mpi.setElementQName(new QName(namespace, "RequestSecurityToken"));
-
- MessageInfo mio = oi.createMessage(new QName(ns,
"RequestSecurityTokenResponseMsg"),
- MessageInfo.Type.OUTPUT);
- oi.setOutput("RequestSecurityTokenResponseMsg", mio);
- mpi = mio.addMessagePart("response");
- mpi.setElementQName(new QName(namespace,
"RequestSecurityTokenResponse"));
-
- si.setInterface(ii);
- service = new ServiceImpl(si);
-
- BindingFactoryManager bfm =
bus.getExtension(BindingFactoryManager.class);
- BindingFactory bindingFactory = bfm.getBindingFactory(soapVersion);
- BindingInfo bi = bindingFactory.createBindingInfo(service,
- soapVersion, null);
- si.addBinding(bi);
- ConduitInitiatorManager cim =
bus.getExtension(ConduitInitiatorManager.class);
- ConduitInitiator ci = cim.getConduitInitiatorForUri(location);
- EndpointInfo ei = new EndpointInfo(si, ci.getTransportIds().get(0));
- ei.setBinding(bi);
- ei.setName(iName);
- ei.setAddress(location);
- si.addEndpoint(ei);
- ei.addExtensor(policy);
-
- BindingOperationInfo boi = bi.getOperation(oi);
- SoapOperationInfo soi = boi.getExtensor(SoapOperationInfo.class);
- if (soi == null) {
- soi = new SoapOperationInfo();
- boi.addExtensor(soi);
+ if (wsdlLocation != null) {
+ WSDLServiceFactory factory = new WSDLServiceFactory(bus,
wsdlLocation, serviceName);
+ SourceDataBinding dataBinding = new SourceDataBinding();
+ factory.setDataBinding(dataBinding);
+ Service service = factory.create();
+ service.setDataBinding(dataBinding);
+ EndpointInfo ei = service.getEndpointInfo(endpointName);
+ Endpoint endpoint = new EndpointImpl(bus, service, ei);
+ client = new ClientImpl(bus, endpoint);
+ } else {
+ Service service = null;
+ String ns = namespace + "/wsdl";
+ ServiceInfo si = new ServiceInfo();
+
+ QName iName = new QName(ns, "SecurityTokenService");
+ si.setName(iName);
+ InterfaceInfo ii = new InterfaceInfo(si, iName);
+ OperationInfo oi = ii.addOperation(new QName(ns,
"RequestSecurityToken"));
+ MessageInfo mii = oi.createMessage(new QName(ns,
"RequestSecurityTokenMsg"),
+ MessageInfo.Type.INPUT);
+ oi.setInput("RequestSecurityTokenMsg", mii);
+ MessagePartInfo mpi = mii.addMessagePart("request");
+ mpi.setElementQName(new QName(namespace, "RequestSecurityToken"));
+
+ MessageInfo mio = oi.createMessage(new QName(ns,
"RequestSecurityTokenResponseMsg"),
+ MessageInfo.Type.OUTPUT);
+ oi.setOutput("RequestSecurityTokenResponseMsg", mio);
+ mpi = mio.addMessagePart("response");
+ mpi.setElementQName(new QName(namespace,
"RequestSecurityTokenResponse"));
+
+ si.setInterface(ii);
+ service = new ServiceImpl(si);
+
+ BindingFactoryManager bfm =
bus.getExtension(BindingFactoryManager.class);
+ BindingFactory bindingFactory = bfm.getBindingFactory(soapVersion);
+ BindingInfo bi = bindingFactory.createBindingInfo(service,
+ soapVersion,
null);
+ si.addBinding(bi);
+ ConduitInitiatorManager cim =
bus.getExtension(ConduitInitiatorManager.class);
+ ConduitInitiator ci = cim.getConduitInitiatorForUri(location);
+ EndpointInfo ei = new EndpointInfo(si,
ci.getTransportIds().get(0));
+ ei.setBinding(bi);
+ ei.setName(iName);
+ ei.setAddress(location);
+ si.addEndpoint(ei);
+ ei.addExtensor(policy);
+
+ BindingOperationInfo boi = bi.getOperation(oi);
+ SoapOperationInfo soi = boi.getExtensor(SoapOperationInfo.class);
+ if (soi == null) {
+ soi = new SoapOperationInfo();
+ boi.addExtensor(soi);
+ }
+ soi.setAction(namespace + "/RST/Issue");
+
+
+ service.setDataBinding(new SourceDataBinding());
+ Endpoint endpoint = new EndpointImpl(bus, service, ei);
+
+ client = new ClientImpl(bus, endpoint);
+ }
+ }
+ private BindingOperationInfo findOperation(String suffix) {
+ BindingInfo bi = client.getEndpoint().getBinding().getBindingInfo();
+ for (BindingOperationInfo boi : bi.getOperations()) {
+ SoapOperationInfo soi = boi.getExtensor(SoapOperationInfo.class);
+ if (soi != null && soi.getAction() != null &&
soi.getAction().endsWith(suffix)) {
+ PolicyEngine pe = bus.getExtension(PolicyEngine.class);
+ Conduit conduit = client.getConduit();
+ EffectivePolicy effectivePolicy
+ =
pe.getEffectiveClientRequestPolicy(client.getEndpoint().getEndpointInfo(),
+ boi, conduit);
+ setPolicy(effectivePolicy.getPolicy());
+ return boi;
+ }
}
- soi.setAction(namespace + "/RST/Issue");
-
-
- service.setDataBinding(new SourceDataBinding());
- Endpoint endpoint = new EndpointImpl(bus, service, ei);
-
- client = new ClientImpl(bus, endpoint);
-
+ return null;
}
public SecurityToken requestSecurityToken() throws Exception {
@@ -240,18 +289,21 @@
}
public SecurityToken requestSecurityToken(String appliesTo) throws
Exception {
createClient();
+ BindingOperationInfo boi = findOperation("/RST/Issue");
+
client.getRequestContext().putAll(ctx);
W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
writer.writeStartElement(namespace, "RequestSecurityToken");
- boolean wroteKeyType = false;
boolean wroteKeySize = false;
+ String keyType = null;
if (template != null) {
Element tl = DOMUtils.getFirstElement(template);
while (tl != null) {
StaxUtils.copy(tl, writer);
- wroteKeyType |= "KeyType".equals(tl.getLocalName());
- if ("KeySize".equals(tl.getLocalName())) {
+ if ("KeyType".equals(tl.getLocalName())) {
+ keyType = DOMUtils.getContent(tl);
+ } else if ("KeySize".equals(tl.getLocalName())) {
wroteKeySize = true;
keySize = Integer.parseInt(DOMUtils.getContent(tl));
}
@@ -267,42 +319,47 @@
//TODO: AppliesTo element?
}
//TODO: Lifetime element?
- if (!wroteKeyType) {
+ if (keyType == null) {
writer.writeStartElement(namespace, "KeyType");
//TODO: Set the KeyType?
writer.writeCharacters(namespace + "/SymmetricKey");
writer.writeEndElement();
+ keyType = namespace + "/SymmetricKey";
}
- if (!wroteKeySize) {
- writer.writeStartElement(namespace, "KeySize");
- writer.writeCharacters(Integer.toString(keySize));
- writer.writeEndElement();
- }
-
byte[] requestorEntropy = null;
- if ((trust10 != null && trust10.isRequireClientEntropy())
- || (trust13 != null && trust13.isRequireClientEntropy())) {
- writer.writeStartElement(namespace, "Entropy");
- writer.writeStartElement(namespace, "BinarySecret");
- writer.writeAttribute("Type", namespace + "/Nounce");
- requestorEntropy =
-
WSSecurityUtil.generateNonce(algorithmSuite.getMaximumSymmetricKeyLength() / 8);
- writer.writeCharacters(Base64.encode(requestorEntropy));
-
- writer.writeEndElement();
- writer.writeEndElement();
- writer.writeStartElement(namespace, "ComputedKeyAlgorithm");
- writer.writeCharacters(namespace + "/CK/PSHA1");
- writer.writeEndElement();
+
+ if (keyType.endsWith("SymmetricKey")) {
+ if (!wroteKeySize) {
+ writer.writeStartElement(namespace, "KeySize");
+ writer.writeCharacters(Integer.toString(keySize));
+ writer.writeEndElement();
+ }
+
+ if ((trust10 != null && trust10.isRequireClientEntropy())
+ || (trust13 != null && trust13.isRequireClientEntropy())) {
+ writer.writeStartElement(namespace, "Entropy");
+ writer.writeStartElement(namespace, "BinarySecret");
+ writer.writeAttribute("Type", namespace + "/Nounce");
+ requestorEntropy =
+
WSSecurityUtil.generateNonce(algorithmSuite.getMaximumSymmetricKeyLength() / 8);
+ writer.writeCharacters(Base64.encode(requestorEntropy));
+
+ writer.writeEndElement();
+ writer.writeEndElement();
+ writer.writeStartElement(namespace, "ComputedKeyAlgorithm");
+ writer.writeCharacters(namespace + "/CK/PSHA1");
+ writer.writeEndElement();
+ }
}
writer.writeEndElement();
- Object obj[] = client.invoke("RequestSecurityToken",
+ Object obj[] = client.invoke(boi,
new
DOMSource(writer.getDocument().getDocumentElement()));
return createSecurityToken((Document)((DOMSource)obj[0]).getNode(),
requestorEntropy);
}
+
private SecurityToken createSecurityToken(Document document, byte[]
requestorEntropy)
throws WSSecurityException {
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=726825&r1=726824&r2=726825&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
Mon Dec 15 13:57:19 2008
@@ -47,6 +47,7 @@
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.conversation.ConversationConstants;
import org.apache.ws.security.message.WSSecDKSign;
import org.apache.ws.security.message.WSSecEncryptedKey;
import org.apache.ws.security.message.WSSecHeader;
@@ -78,6 +79,19 @@
utBuilder.prepare(saaj.getSOAPPart());
utBuilder.appendToHeader(secHeader);
}
+ } else if (token instanceof IssuedToken) {
+ SecurityToken secTok = getSecurityToken();
+
+ SPConstants.IncludeTokenType inclusion = token.getInclusion();
+
+ if (inclusion ==
SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS
+ || ((inclusion ==
SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT
+ || inclusion ==
SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE)
+ && isRequestor())) {
+
+ //Add the token
+ addEncyptedKeyElement(cloneElement(secTok.getToken()));
+ }
} else {
//REVISIT - not supported for signed. Exception?
}
@@ -135,29 +149,30 @@
addUsernameTokens(sgndSuppTokens);
}
}
+
ais = aim.get(SP12Constants.ENDORSING_SUPPORTING_TOKENS);
if (ais != null) {
SupportingToken sgndSuppTokens = null;
for (AssertionInfo ai : ais) {
sgndSuppTokens = (SupportingToken)ai.getAssertion();
ai.setAsserted(true);
- }
+ }
+
if (sgndSuppTokens != null) {
- SignedEncryptedParts signdParts =
sgndSuppTokens.getSignedParts();
-
for (Token token : sgndSuppTokens.getTokens()) {
if (token instanceof IssuedToken) {
-
signatureValues.add(doIssuedTokenSignature(token, signdParts,
+
signatureValues.add(doIssuedTokenSignature(token, null,
sgndSuppTokens));
} else if (token instanceof X509Token) {
-
signatureValues.add(doX509TokenSignature(token, signdParts,
+
signatureValues.add(doX509TokenSignature(token, null,
sgndSuppTokens));
} else if (token instanceof
SecureConversationToken) {
signatureValues.add(doSecureConversationSignature(token,
-
signdParts));
+
null));
}
}
}
+
}
ais = aim.get(SP12Constants.SUPPORTING_TOKENS);
@@ -326,8 +341,10 @@
// Set the algo info
dkSign.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
-
dkSign.setDerivedKeyLength(algorithmSuite.getSignatureDerivedKeyLength());
-
+
dkSign.setDerivedKeyLength(algorithmSuite.getSignatureDerivedKeyLength() / 8);
+ if (token.getSPConstants() == SP12Constants.INSTANCE) {
+ dkSign.setWscVersion(ConversationConstants.VERSION_05_12);
+ }
dkSign.prepare(doc, secHeader);
addDerivedKeyElement(dkSign.getdktElement());
