Author: dvaleri
Date: Thu Jul 22 17:19:34 2010
New Revision: 966762
URL: http://svn.apache.org/viewvc?rev=966762&view=rev
Log:
[CXF-2905] Added ability to send WS-T 1.4 ActAs element in RST.
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=966762&r1=966761&r2=966762&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
Thu Jul 22 17:19:34 2010
@@ -70,6 +70,8 @@ public final class SecurityConstants {
public static final String STS_TOKEN_USERNAME =
"ws-security.sts.token.username";
public static final String STS_TOKEN_DO_CANCEL =
"ws-security.sts.token.do.cancel";
+
+ public static final String STS_TOKEN_ACT_AS =
"ws-security.sts.token.act-as";
public static final Set<String> ALL_PROPERTIES;
@@ -79,7 +81,8 @@ public final class SecurityConstants {
SIGNATURE_USERNAME, SIGNATURE_PROPERTIES, SIGNATURE_CRYPTO,
ENCRYPT_USERNAME, ENCRYPT_PROPERTIES, ENCRYPT_CRYPTO,
TOKEN, TOKEN_ID, STS_CLIENT, STS_TOKEN_PROPERTIES,
STS_TOKEN_CRYPTO,
- STS_TOKEN_DO_CANCEL, TIMESTAMP_TTL, ALWAYS_ENCRYPT_UT
+ STS_TOKEN_DO_CANCEL, TIMESTAMP_TTL, ALWAYS_ENCRYPT_UT,
+ STS_TOKEN_ACT_AS
}));
ALL_PROPERTIES = Collections.unmodifiableSet(s);
}
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java?rev=966762&r1=966761&r2=966762&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
Thu Jul 22 17:19:34 2010
@@ -80,6 +80,10 @@ public class IssuedTokenInterceptorProvi
client.setEndpointName(ep.getEndpointInfo().getName().toString() +
".sts-client");
client.setBeanName(ep.getEndpointInfo().getName().toString() +
".sts-client");
}
+
+ // Transpose ActAs info from original request to the STS client.
+
client.setActAs(message.getContextualProperty(SecurityConstants.STS_TOKEN_ACT_AS));
+
return client;
}
static class IssuedTokenOutInterceptor extends
AbstractPhaseInterceptor<Message> {
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=966762&r1=966761&r2=966762&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
Thu Jul 22 17:19:34 2010
@@ -21,6 +21,7 @@ package org.apache.cxf.ws.security.trust
import java.io.IOException;
import java.io.InputStream;
+import java.io.StringReader;
import java.net.URL;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
@@ -140,6 +141,8 @@ public class STSClient implements Config
boolean isSecureConv;
int ttl = 300;
+
+ Object actAs;
Map<String, Object> ctx = new HashMap<String, Object>();
@@ -273,6 +276,11 @@ public class STSClient implements Config
public void setEndpointQName(QName qn) {
endpointName = qn;
}
+
+ public void setActAs(Object actAs) {
+ this.actAs = actAs;
+ }
+
public void setKeySize(int i) {
keySize = i;
}
@@ -456,6 +464,9 @@ public class STSClient implements Config
StaxUtils.copy(el, writer);
writer.writeEndElement();
}
+
+ addActAs(writer);
+
writer.writeEndElement();
Object obj[] = client.invoke(boi, new
DOMSource(writer.getDocument().getDocumentElement()));
@@ -703,6 +714,35 @@ public class STSClient implements Config
writer.writeEndElement();
}
}
+
+ private void addActAs(W3CDOMStreamWriter writer) throws Exception {
+ if (this.actAs != null) {
+ final boolean isString = this.actAs instanceof String;
+ final boolean isElement = this.actAs instanceof Element;
+ if (isString || isElement) {
+ final Element actAsEl;
+
+ if (isString) {
+ final Document acAsDoc =
+ DOMUtils.readXml(new StringReader((String)
this.actAs));
+ actAsEl = acAsDoc.getDocumentElement();
+ } else {
+ actAsEl = (Element) this.actAs;
+ }
+
+ writer.writeStartElement(STSUtils.WST_NS_08_02, "ActAs");
+
+ // Unlikely to ever be otherwise, but still prudent to check.
+ if (actAsEl.getOwnerDocument() != writer.getDocument()) {
+ writer.getDocument().adoptNode(actAsEl);
+ }
+
+ writer.getCurrentNode().appendChild(actAsEl);
+
+ writer.writeEndElement();
+ }
+ }
+ }
private SecurityToken createSecurityToken(Element el, byte[]
requestorEntropy)
throws WSSecurityException {
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java?rev=966762&r1=966761&r2=966762&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
Thu Jul 22 17:19:34 2010
@@ -49,8 +49,14 @@ import org.apache.neethi.Policy;
*/
public final class STSUtils {
public static final String WST_NS_05_02 =
"http://schemas.xmlsoap.org/ws/2005/02/trust";;
+ /**
+ * WS-T 1.3 Namespace
+ */
public static final String WST_NS_05_12 =
"http://docs.oasis-open.org/ws-sx/ws-trust/200512";;
-
+ /**
+ * WS-T 1.4 Namespace.
+ */
+ public static final String WST_NS_08_02 =
"http://docs.oasis-open.org/ws-sx/ws-trust/200802";;
public static final String SCT_NS_05_02 =
"http://schemas.xmlsoap.org/ws/2005/02/sc";;
public static final String SCT_NS_05_12
= "http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512";;
