Author: coheigea Date: Wed Oct 3 09:42:56 2012 New Revision: 1393377 URL: http://svn.apache.org/viewvc?rev=1393377&view=rev Log: Merged revisions 1393374 via git cherry-pick from https://svn.apache.org/repos/asf/cxf/branches/2.5.x-fixes
........ r1393374 | coheigea | 2012-10-03 10:36:40 +0100 (Wed, 03 Oct 2012) | 16 lines Merged revisions 1393360 via git cherry-pick from https://svn.apache.org/repos/asf/cxf/trunk ........ r1393360 | coheigea | 2012-10-03 10:11:01 +0100 (Wed, 03 Oct 2012) | 3 lines [CXF-4539] - WS-Security inbound performance regression - Fix confirmed by Alessio. ........ Conflicts: rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java ........ Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java?rev=1393377&r1=1393376&r2=1393377&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java (original) +++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java Wed Oct 3 09:42:56 2012 @@ -22,11 +22,11 @@ import java.io.InputStream; import java.net.URI; import java.net.URL; import java.util.Collection; -import java.util.HashMap; import java.util.HashSet; import java.util.Map; import java.util.Properties; import java.util.Set; +import java.util.concurrent.ConcurrentHashMap; import javax.xml.namespace.QName; @@ -57,7 +57,8 @@ public abstract class AbstractWSS4JInter HEADERS.add(new QName(WSConstants.ENC_NS, "EncryptedData")); } - private Map<String, Object> properties = new HashMap<String, Object>(); + private Map<String, Object> properties = new ConcurrentHashMap<String, Object>(); + private Map<String, Crypto> cryptoMap = new ConcurrentHashMap<String, Crypto>(); private Set<String> before = new HashSet<String>(); private Set<String> after = new HashSet<String>(); private String phase; @@ -213,5 +214,49 @@ public abstract class AbstractWSS4JInter Thread.currentThread().setContextClassLoader(orig); } } + + // TODO Remove once we pick up WSS4J 1.6.8 + @Override + protected Crypto loadCrypto( + String cryptoPropertyFile, + String cryptoPropertyRefId, + RequestData requestData + ) throws WSSecurityException { + Object mc = requestData.getMsgContext(); + Crypto crypto = null; + + // + // Try the Property Ref Id first + // + String refId = getString(cryptoPropertyRefId, mc); + if (refId != null) { + crypto = cryptoMap.get(refId); + if (crypto == null) { + Object obj = getProperty(mc, refId); + if (obj instanceof Properties) { + crypto = CryptoFactory.getInstance((Properties)obj); + cryptoMap.put(refId, crypto); + } else if (obj instanceof Crypto) { + crypto = (Crypto)obj; + cryptoMap.put(refId, crypto); + } + } + } + + // + // Now try loading the properties file + // + if (crypto == null) { + String propFile = getString(cryptoPropertyFile, mc); + if (propFile != null) { + crypto = cryptoMap.get(propFile); + if (crypto == null) { + crypto = loadCryptoFromPropertiesFile(propFile, requestData); + cryptoMap.put(propFile, crypto); + } + } + } + return crypto; + } } Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=1393377&r1=1393376&r2=1393377&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java (original) +++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java Wed Oct 3 09:42:56 2012 @@ -28,7 +28,6 @@ import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Properties; -import java.util.concurrent.ConcurrentHashMap; import java.util.logging.Logger; import javax.xml.namespace.QName; @@ -91,6 +90,7 @@ import org.apache.ws.security.WSDataRef; import org.apache.ws.security.WSSecurityEngineResult; import org.apache.ws.security.WSSecurityException; import org.apache.ws.security.components.crypto.Crypto; +import org.apache.ws.security.components.crypto.CryptoFactory; import org.apache.ws.security.handler.RequestData; import org.apache.ws.security.handler.WSHandlerConstants; import org.apache.ws.security.message.token.Timestamp; @@ -100,7 +100,6 @@ import org.apache.ws.security.util.WSSec * */ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor { - public static final String PROPERTIES_CACHE = "ws-security.properties.cache"; public static final PolicyBasedWSS4JInInterceptor INSTANCE = new PolicyBasedWSS4JInInterceptor(); private static final Logger LOG = LogUtils.getL7dLogger(PolicyBasedWSS4JInInterceptor.class); @@ -112,24 +111,8 @@ public class PolicyBasedWSS4JInIntercept super(true); } - protected static Map<Object, Properties> getPropertiesCache(SoapMessage message) { - EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo(); - synchronized (info) { - Map<Object, Properties> o = - CastUtils.cast((Map<?, ?>)message.getContextualProperty(PROPERTIES_CACHE)); - if (o == null) { - o = new ConcurrentHashMap<Object, Properties>(); - info.setProperty(PROPERTIES_CACHE, o); - } - return o; - } - } - private static Properties getProps(Object o, String propsKey, URL propsURL, SoapMessage message) { - Properties properties = getPropertiesCache(message).get(propsKey); - if (properties != null) { - return properties; - } + Properties properties = null; if (o instanceof Properties) { properties = (Properties)o; } else if (propsURL != null) { @@ -143,9 +126,6 @@ public class PolicyBasedWSS4JInIntercept } } - if (properties != null) { - getPropertiesCache(message).put(propsKey, properties); - } return properties; } @@ -210,7 +190,7 @@ public class PolicyBasedWSS4JInIntercept private String checkAsymmetricBinding( AssertionInfoMap aim, String action, SoapMessage message - ) { + ) throws WSSecurityException { Collection<AssertionInfo> ais = aim.get(SP12Constants.ASYMMETRIC_BINDING); if (ais == null || ais.isEmpty()) { return action; @@ -227,34 +207,25 @@ public class PolicyBasedWSS4JInIntercept e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES); } - if (s != null) { - URL propsURL = getPropertiesFileURL(s, message); - String propsKey = s.toString(); - if (propsURL != null) { - propsKey = propsURL.getPath(); - } - message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + propsKey); - if (s instanceof Crypto) { - message.put("RefId-" + propsKey, (Crypto)s); - } else { - message.put("RefId-" + propsKey, getProps(s, propsKey, propsURL, message)); - } - if (e == null) { - e = s; - } + Crypto encrCrypto = getEncryptionCrypto(e, message); + Crypto signCrypto = null; + if (e != null && e.equals(s)) { + signCrypto = encrCrypto; + } else { + signCrypto = getSignatureCrypto(s, message); } - if (e != null) { - URL propsURL = getPropertiesFileURL(e, message); - String propsKey = e.toString(); - if (propsURL != null) { - propsKey = propsURL.getPath(); - } - message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + propsKey); - if (e instanceof Crypto) { - message.put("RefId-" + propsKey, (Crypto)e); - } else { - message.put("RefId-" + propsKey, getProps(e, propsKey, propsURL, message)); - } + + if (signCrypto != null) { + message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + signCrypto.hashCode()); + message.put("RefId-" + signCrypto.hashCode(), signCrypto); + } + + if (encrCrypto != null) { + message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + encrCrypto.hashCode()); + message.put("RefId-" + encrCrypto.hashCode(), (Crypto)encrCrypto); + } else if (signCrypto != null) { + message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + signCrypto.hashCode()); + message.put("RefId-" + signCrypto.hashCode(), (Crypto)signCrypto); } return action; @@ -262,7 +233,7 @@ public class PolicyBasedWSS4JInIntercept private String checkTransportBinding( AssertionInfoMap aim, String action, SoapMessage message - ) { + ) throws WSSecurityException { Collection<AssertionInfo> ais = aim.get(SP12Constants.TRANSPORT_BINDING); if (ais == null || ais.isEmpty()) { return action; @@ -279,34 +250,25 @@ public class PolicyBasedWSS4JInIntercept e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES); } - if (s != null) { - URL propsURL = getPropertiesFileURL(s, message); - String propsKey = s.toString(); - if (propsURL != null) { - propsKey = propsURL.getPath(); - } - message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + propsKey); - if (s instanceof Crypto) { - message.put("RefId-" + propsKey, (Crypto)s); - } else { - message.put("RefId-" + propsKey, getProps(s, propsKey, propsURL, message)); - } - if (e == null) { - e = s; - } + Crypto encrCrypto = getEncryptionCrypto(e, message); + Crypto signCrypto = null; + if (e != null && e.equals(s)) { + signCrypto = encrCrypto; + } else { + signCrypto = getSignatureCrypto(s, message); } - if (e != null) { - URL propsURL = getPropertiesFileURL(e, message); - String propsKey = e.toString(); - if (propsURL != null) { - propsKey = propsURL.getPath(); - } - message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + propsKey); - if (e instanceof Crypto) { - message.put("RefId-" + propsKey, (Crypto)e); - } else { - message.put("RefId-" + propsKey, getProps(e, propsKey, propsURL, message)); - } + + if (signCrypto != null) { + message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + signCrypto.hashCode()); + message.put("RefId-" + signCrypto.hashCode(), signCrypto); + } + + if (encrCrypto != null) { + message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + encrCrypto.hashCode()); + message.put("RefId-" + encrCrypto.hashCode(), (Crypto)encrCrypto); + } else if (signCrypto != null) { + message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + signCrypto.hashCode()); + message.put("RefId-" + signCrypto.hashCode(), (Crypto)signCrypto); } return action; @@ -314,7 +276,7 @@ public class PolicyBasedWSS4JInIntercept private String checkSymmetricBinding( AssertionInfoMap aim, String action, SoapMessage message - ) { + ) throws WSSecurityException { Collection<AssertionInfo> ais = aim.get(SP12Constants.SYMMETRIC_BINDING); if (ais == null || ais.isEmpty()) { return action; @@ -331,71 +293,97 @@ public class PolicyBasedWSS4JInIntercept e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES); } - if (e != null && s == null) { - s = e; - } else if (s != null && e == null) { - e = s; + Crypto encrCrypto = getEncryptionCrypto(e, message); + Crypto signCrypto = null; + if (e != null && e.equals(s)) { + signCrypto = encrCrypto; + } else { + signCrypto = getSignatureCrypto(s, message); } if (isRequestor(message)) { - if (e != null) { - URL propsURL = getPropertiesFileURL(e, message); - String propsKey = e.toString(); - if (propsURL != null) { - propsKey = propsURL.getPath(); - } - message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + propsKey); - if (e instanceof Crypto) { - message.put("RefId-" + propsKey, (Crypto)e); - } else { - message.put("RefId-" + propsKey, getProps(e, propsKey, propsURL, message)); - } + Crypto crypto = encrCrypto; + if (crypto == null) { + crypto = signCrypto; + } + if (crypto != null) { + message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + crypto.hashCode()); + message.put("RefId-" + crypto.hashCode(), crypto); } - if (s != null) { - URL propsURL = getPropertiesFileURL(s, message); - String propsKey = s.toString(); - if (propsURL != null) { - propsKey = propsURL.getPath(); - } - message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + propsKey); - if (s instanceof Crypto) { - message.put("RefId-" + propsKey, (Crypto)s); - } else { - message.put("RefId-" + propsKey, getProps(s, propsKey, propsURL, message)); - } + + crypto = signCrypto; + if (crypto == null) { + crypto = encrCrypto; + } + if (crypto != null) { + message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + crypto.hashCode()); + message.put("RefId-" + crypto.hashCode(), crypto); } } else { - if (s != null) { - URL propsURL = getPropertiesFileURL(s, message); - String propsKey = s.toString(); - if (propsURL != null) { - propsKey = propsURL.getPath(); - } - message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + propsKey); - if (s instanceof Crypto) { - message.put("RefId-" + propsKey, (Crypto)s); - } else { - message.put("RefId-" + propsKey, getProps(s, propsKey, propsURL, message)); - } + Crypto crypto = signCrypto; + if (crypto == null) { + crypto = encrCrypto; + } + if (crypto != null) { + message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + crypto.hashCode()); + message.put("RefId-" + crypto.hashCode(), crypto); } - if (e != null) { - URL propsURL = getPropertiesFileURL(e, message); - String propsKey = e.toString(); - if (propsURL != null) { - propsKey = propsURL.getPath(); - } - message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + propsKey); - if (e instanceof Crypto) { - message.put("RefId-" + propsKey, (Crypto)e); - } else { - message.put("RefId-" + propsKey, getProps(e, propsKey, propsURL, message)); - } + + crypto = encrCrypto; + if (crypto == null) { + crypto = signCrypto; + } + if (crypto != null) { + message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + crypto.hashCode()); + message.put("RefId-" + crypto.hashCode(), crypto); } } return action; } + private Crypto getEncryptionCrypto(Object e, SoapMessage message) throws WSSecurityException { + Crypto encrCrypto = null; + if (e instanceof Crypto) { + encrCrypto = (Crypto)e; + } else if (e != null) { + URL propsURL = getPropertiesFileURL(e, message); + String propsKey = e.toString(); + if (propsURL != null) { + propsKey = propsURL.getPath(); + } + Properties props = getProps(e, propsKey, propsURL, message); + encrCrypto = CryptoFactory.getInstance(props); + + EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo(); + synchronized (info) { + info.setProperty(SecurityConstants.ENCRYPT_CRYPTO, encrCrypto); + } + } + return encrCrypto; + } + + private Crypto getSignatureCrypto(Object s, SoapMessage message) throws WSSecurityException { + Crypto signCrypto = null; + if (s instanceof Crypto) { + signCrypto = (Crypto)s; + } else if (s != null) { + URL propsURL = getPropertiesFileURL(s, message); + String propsKey = s.toString(); + if (propsURL != null) { + propsKey = propsURL.getPath(); + } + Properties props = getProps(s, propsKey, propsURL, message); + signCrypto = CryptoFactory.getInstance(props); + + EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo(); + synchronized (info) { + info.setProperty(SecurityConstants.SIGNATURE_CRYPTO, signCrypto); + } + } + return signCrypto; + } + private boolean assertXPathTokens(AssertionInfoMap aim, QName name, Collection<WSDataRef> refs, @@ -482,7 +470,7 @@ public class PolicyBasedWSS4JInIntercept return true; } - protected void computeAction(SoapMessage message, RequestData data) { + protected void computeAction(SoapMessage message, RequestData data) throws WSSecurityException { String action = getString(WSHandlerConstants.ACTION, message); if (action == null) { action = ""; Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1393377&r1=1393376&r2=1393377&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java (original) +++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java Wed Oct 3 09:42:56 2012 @@ -404,7 +404,7 @@ public class WSS4JInInterceptor extends * @param msg * @param reqData */ - protected void computeAction(SoapMessage msg, RequestData reqData) { + protected void computeAction(SoapMessage msg, RequestData reqData) throws WSSecurityException { // // Try to get Crypto Provider from message context properties. // It gives a possibility to use external Crypto Provider
