Repository: cxf Updated Branches: refs/heads/master 2e19b7549 -> e441a15af
Consolidating all "getCallbackHandler" calls into a single utils class Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e441a15a Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e441a15a Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e441a15a Branch: refs/heads/master Commit: e441a15af9413bfb24ee1b4ce78e01bf543fc148 Parents: 2e19b75 Author: Colm O hEigeartaigh <[email protected]> Authored: Sun Mar 15 18:37:29 2015 +0000 Committer: Colm O hEigeartaigh <[email protected]> Committed: Sun Mar 15 18:37:29 2015 +0000 ---------------------------------------------------------------------- .../apache/cxf/ws/security/SecurityUtils.java | 50 ++++++++++++++++++++ .../cxf/ws/security/kerberos/KerberosUtils.java | 22 ++------- .../policy/interceptors/NegotiationUtils.java | 18 ------- .../SpnegoContextTokenInInterceptor.java | 5 +- .../SpnegoContextTokenOutInterceptor.java | 10 ++-- .../wss4j/AbstractTokenInterceptor.java | 35 +++++--------- .../wss4j/AbstractWSS4JStaxInterceptor.java | 33 ++++++------- .../wss4j/BinarySecurityTokenInterceptor.java | 4 +- .../ws/security/wss4j/SamlTokenInterceptor.java | 4 +- .../wss4j/UsernameTokenInterceptor.java | 4 +- .../ws/security/wss4j/WSS4JInInterceptor.java | 15 ++---- .../policyhandlers/AbstractBindingBuilder.java | 42 +++++++--------- 12 files changed, 119 insertions(+), 123 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/e441a15a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityUtils.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityUtils.java new file mode 100644 index 0000000..7aec398 --- /dev/null +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityUtils.java @@ -0,0 +1,50 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.ws.security; + +import javax.security.auth.callback.CallbackHandler; + +import org.apache.cxf.common.classloader.ClassLoaderUtils; +import org.apache.wss4j.common.ext.WSSecurityException; + +/** + * Some common functionality + */ +public final class SecurityUtils { + + private SecurityUtils() { + // complete + } + + public static CallbackHandler getCallbackHandler(Object o) throws WSSecurityException { + CallbackHandler handler = null; + if (o instanceof CallbackHandler) { + handler = (CallbackHandler)o; + } else if (o instanceof String) { + try { + handler = (CallbackHandler)ClassLoaderUtils.loadClass((String)o, + SecurityUtils.class).newInstance(); + } catch (Exception e) { + throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e); + } + } + return handler; + } + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/e441a15a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java index 73118cb..e67938d 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java @@ -21,10 +21,11 @@ package org.apache.cxf.ws.security.kerberos; import javax.security.auth.callback.CallbackHandler; -import org.apache.cxf.common.classloader.ClassLoaderUtils; import org.apache.cxf.message.Message; import org.apache.cxf.message.MessageUtils; import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.SecurityUtils; +import org.apache.wss4j.common.ext.WSSecurityException; /** * @@ -35,7 +36,7 @@ public final class KerberosUtils { //utility class } - public static KerberosClient getClient(Message message, String type) { + public static KerberosClient getClient(Message message, String type) throws WSSecurityException { KerberosClient client = (KerberosClient)message .getContextualProperty(SecurityConstants.KERBEROS_CLIENT); if (client == null) { @@ -46,7 +47,7 @@ public final class KerberosUtils { String kerberosSpn = (String)message.getContextualProperty(SecurityConstants.KERBEROS_SPN); CallbackHandler callbackHandler = - getCallbackHandler( + SecurityUtils.getCallbackHandler( message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER) ); boolean useCredentialDelegation = @@ -74,19 +75,4 @@ public final class KerberosUtils { return client; } - private static CallbackHandler getCallbackHandler(Object o) { - CallbackHandler handler = null; - if (o instanceof CallbackHandler) { - handler = (CallbackHandler)o; - } else if (o instanceof String) { - try { - handler = (CallbackHandler)ClassLoaderUtils.loadClass((String)o, - KerberosUtils.class).newInstance(); - } catch (Exception e) { - handler = null; - } - } - return handler; - } - } http://git-wip-us.apache.org/repos/asf/cxf/blob/e441a15a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java index 5283822..5180959 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java @@ -22,11 +22,8 @@ package org.apache.cxf.ws.security.policy.interceptors; import java.util.Collection; import java.util.List; -import javax.security.auth.callback.CallbackHandler; - import org.apache.cxf.Bus; import org.apache.cxf.binding.soap.SoapMessage; -import org.apache.cxf.common.classloader.ClassLoaderUtils; import org.apache.cxf.endpoint.Endpoint; import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.interceptor.Fault; @@ -284,19 +281,4 @@ final class NegotiationUtils { return false; } - static CallbackHandler getCallbackHandler(Object o, Class<?> clazz) { - CallbackHandler handler = null; - if (o instanceof CallbackHandler) { - handler = (CallbackHandler)o; - } else if (o instanceof String) { - try { - handler = - (CallbackHandler)ClassLoaderUtils.loadClass((String)o, clazz).newInstance(); - } catch (Exception e) { - handler = null; - } - } - return handler; - } - } http://git-wip-us.apache.org/repos/asf/cxf/blob/e441a15a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java index e0be4e5..ccd8c97 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java @@ -42,6 +42,7 @@ import org.apache.cxf.ws.addressing.JAXWSAConstants; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.SecurityUtils; import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.cxf.ws.security.policy.interceptors.HttpsTokenInterceptorProvider.HttpsTokenInInterceptor; import org.apache.cxf.ws.security.tokenstore.SecurityToken; @@ -294,8 +295,8 @@ class SpnegoContextTokenInInterceptor extends AbstractPhaseInterceptor<SoapMessa String kerberosSpn = (String)message.getContextualProperty(SecurityConstants.KERBEROS_SPN); CallbackHandler callbackHandler = - NegotiationUtils.getCallbackHandler( - message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER), this.getClass() + SecurityUtils.getCallbackHandler( + message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER) ); SpnegoTokenContext spnegoToken = new SpnegoTokenContext(); http://git-wip-us.apache.org/repos/asf/cxf/blob/e441a15a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java index cdbac47..14b4d62 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java @@ -32,6 +32,7 @@ import org.apache.cxf.ws.addressing.AddressingProperties; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.SecurityUtils; import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.cxf.ws.security.trust.STSClient; @@ -100,10 +101,6 @@ class SpnegoContextTokenOutInterceptor extends AbstractPhaseInterceptor<SoapMess (String)message.getContextualProperty(SecurityConstants.KERBEROS_JAAS_CONTEXT_NAME); String kerberosSpn = (String)message.getContextualProperty(SecurityConstants.KERBEROS_SPN); - CallbackHandler callbackHandler = - NegotiationUtils.getCallbackHandler( - message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER), this.getClass() - ); SpnegoTokenContext spnegoToken = new SpnegoTokenContext(); Object spnegoClientAction = @@ -113,6 +110,11 @@ class SpnegoContextTokenOutInterceptor extends AbstractPhaseInterceptor<SoapMess } try { + CallbackHandler callbackHandler = + SecurityUtils.getCallbackHandler( + message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER) + ); + spnegoToken.retrieveServiceTicket(jaasContext, callbackHandler, kerberosSpn); } catch (WSSecurityException e) { throw new Fault(e); http://git-wip-us.apache.org/repos/asf/cxf/blob/e441a15a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java index 4895e68..caa9470 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java @@ -32,7 +32,6 @@ import org.w3c.dom.Element; import org.apache.cxf.binding.soap.SoapHeader; import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor; -import org.apache.cxf.common.classloader.ClassLoaderUtils; import org.apache.cxf.common.i18n.Message; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.endpoint.Endpoint; @@ -47,9 +46,11 @@ import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.policy.PolicyException; import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.SecurityUtils; import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.cxf.ws.security.tokenstore.TokenStore; import org.apache.wss4j.common.ext.WSPasswordCallback; +import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.policy.SPConstants; import org.apache.wss4j.policy.model.AbstractToken; @@ -141,24 +142,6 @@ public abstract class AbstractTokenInterceptor extends AbstractSoapInterceptor { return false; } - protected CallbackHandler getCallback(SoapMessage message) { - //Then try to get the password from the given callback handler - Object o = message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER); - - CallbackHandler handler = null; - if (o instanceof CallbackHandler) { - handler = (CallbackHandler)o; - } else if (o instanceof String) { - try { - handler = (CallbackHandler)ClassLoaderUtils - .loadClass((String)o, this.getClass()).newInstance(); - } catch (Exception e) { - handler = null; - } - } - return handler; - } - protected TokenStore getTokenStore(SoapMessage message) { EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo(); synchronized (info) { @@ -195,13 +178,19 @@ public abstract class AbstractTokenInterceptor extends AbstractSoapInterceptor { protected String getPassword(String userName, AbstractToken info, int usage, SoapMessage message) { //Then try to get the password from the given callback handler - - CallbackHandler handler = getCallback(message); - if (handler == null) { + CallbackHandler handler = null; + try { + Object o = message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER); + handler = SecurityUtils.getCallbackHandler(o); + if (handler == null) { + policyNotAsserted(info, "No callback handler and no password available", message); + return null; + } + } catch (WSSecurityException ex) { policyNotAsserted(info, "No callback handler and no password available", message); return null; } - + WSPasswordCallback[] cb = {new WSPasswordCallback(userName, usage)}; try { handler.handle(cb); http://git-wip-us.apache.org/repos/asf/cxf/blob/e441a15a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java index 16b87dc..f4d6e65 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java @@ -41,7 +41,6 @@ import javax.xml.namespace.QName; import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.binding.soap.interceptor.SoapInterceptor; -import org.apache.cxf.common.classloader.ClassLoaderUtils; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.endpoint.Endpoint; import org.apache.cxf.interceptor.Fault; @@ -53,6 +52,7 @@ import org.apache.cxf.service.model.EndpointInfo; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.SecurityUtils; import org.apache.wss4j.common.ConfigurationConstants; import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.crypto.CryptoFactory; @@ -201,28 +201,23 @@ public abstract class AbstractWSS4JStaxInterceptor implements SoapInterceptor, SoapMessage soapMessage, WSSSecurityProperties securityProperties ) throws WSSecurityException { Object o = soapMessage.getContextualProperty(SecurityConstants.CALLBACK_HANDLER); - if (o instanceof String) { - try { - o = ClassLoaderUtils.loadClass((String)o, this.getClass()).newInstance(); - } catch (Exception e) { - throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e); - } + CallbackHandler callbackHandler = SecurityUtils.getCallbackHandler(o); - if (o instanceof CallbackHandler) { - EndpointInfo info = soapMessage.getExchange().get(Endpoint.class).getEndpointInfo(); - synchronized (info) { - info.setProperty(SecurityConstants.CALLBACK_HANDLER, o); - } - soapMessage.getExchange().get(Endpoint.class).put(SecurityConstants.CALLBACK_HANDLER, o); - soapMessage.getExchange().put(SecurityConstants.CALLBACK_HANDLER, o); + if (callbackHandler != null) { + EndpointInfo info = soapMessage.getExchange().get(Endpoint.class).getEndpointInfo(); + synchronized (info) { + info.setProperty(SecurityConstants.CALLBACK_HANDLER, callbackHandler); } - } - + soapMessage.getExchange().get(Endpoint.class).put(SecurityConstants.CALLBACK_HANDLER, + callbackHandler); + soapMessage.getExchange().put(SecurityConstants.CALLBACK_HANDLER, callbackHandler); + } + // If we have a "password" but no CallbackHandler then construct one - if (o == null && getPassword(soapMessage) != null) { + if (callbackHandler == null && getPassword(soapMessage) != null) { final String password = getPassword(soapMessage); - o = new CallbackHandler() { + callbackHandler = new CallbackHandler() { @Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { @@ -236,7 +231,7 @@ public abstract class AbstractWSS4JStaxInterceptor implements SoapInterceptor, }; } - if (o instanceof CallbackHandler) { + if (callbackHandler != null) { securityProperties.setCallbackHandler((CallbackHandler)o); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/e441a15a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java index 7790cc1..2c8648d 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java @@ -31,6 +31,7 @@ import org.apache.cxf.helpers.DOMUtils; import org.apache.cxf.interceptor.security.DefaultSecurityContext; import org.apache.cxf.security.SecurityContext; import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.SecurityUtils; import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.cxf.ws.security.tokenstore.TokenStore; import org.apache.wss4j.common.ext.WSSecurityException; @@ -100,7 +101,8 @@ public class BinarySecurityTokenInterceptor extends AbstractTokenInterceptor { throws WSSecurityException { WSDocInfo wsDocInfo = new WSDocInfo(tokenElement.getOwnerDocument()); RequestData data = new CXFRequestData(); - data.setCallbackHandler(getCallback(message)); + Object o = message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER); + data.setCallbackHandler(SecurityUtils.getCallbackHandler(o)); data.setMsgContext(message); data.setWssConfig(WSSConfig.getNewInstance()); http://git-wip-us.apache.org/repos/asf/cxf/blob/e441a15a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java index 0d128d8..eb5ab1f 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java @@ -44,6 +44,7 @@ import org.apache.cxf.security.transport.TLSSessionInfo; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.SecurityUtils; import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.crypto.CryptoFactory; @@ -164,7 +165,8 @@ public class SamlTokenInterceptor extends AbstractTokenInterceptor { WSDocInfo wsDocInfo = new WSDocInfo(tokenElement.getOwnerDocument()); RequestData data = new CXFRequestData(); - data.setCallbackHandler(getCallback(message)); + Object o = message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER); + data.setCallbackHandler(SecurityUtils.getCallbackHandler(o)); data.setMsgContext(message); data.setWssConfig(WSSConfig.getNewInstance()); http://git-wip-us.apache.org/repos/asf/cxf/blob/e441a15a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java index abf12e6..1788fce 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java @@ -44,6 +44,7 @@ import org.apache.cxf.security.SecurityContext; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.SecurityUtils; import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.wss4j.common.cache.ReplayCache; import org.apache.wss4j.common.ext.WSPasswordCallback; @@ -194,7 +195,8 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor { WSDocInfo wsDocInfo = new WSDocInfo(tokenElement.getOwnerDocument()); RequestData data = new CXFRequestData(); - data.setCallbackHandler(getCallback(message)); + Object o = message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER); + data.setCallbackHandler(SecurityUtils.getCallbackHandler(o)); data.setMsgContext(message); // Configure replay caching http://git-wip-us.apache.org/repos/asf/cxf/blob/e441a15a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java index fed1be5..5e49194 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java @@ -53,7 +53,6 @@ import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.binding.soap.SoapVersion; import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor; import org.apache.cxf.binding.soap.saaj.SAAJUtils; -import org.apache.cxf.common.classloader.ClassLoaderUtils; import org.apache.cxf.common.i18n.Message; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.endpoint.Endpoint; @@ -70,6 +69,7 @@ import org.apache.cxf.security.SecurityContext; import org.apache.cxf.security.transport.TLSSessionInfo; import org.apache.cxf.staxutils.StaxUtils; import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.SecurityUtils; import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.cxf.ws.security.tokenstore.TokenStore; import org.apache.wss4j.common.cache.ReplayCache; @@ -703,17 +703,8 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { protected CallbackHandler getCallback(RequestData reqData) throws WSSecurityException { Object o = ((SoapMessage)reqData.getMsgContext()) .getContextualProperty(SecurityConstants.CALLBACK_HANDLER); - if (o instanceof String) { - try { - o = ClassLoaderUtils.loadClass((String)o, this.getClass()).newInstance(); - } catch (Exception e) { - throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e); - } - } - CallbackHandler cbHandler = null; - if (o instanceof CallbackHandler) { - cbHandler = (CallbackHandler)o; - } + CallbackHandler cbHandler = SecurityUtils.getCallbackHandler(o); + if (cbHandler == null) { try { cbHandler = getPasswordCallbackHandler(reqData); http://git-wip-us.apache.org/repos/asf/cxf/blob/e441a15a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java index 8198aa0..4f2574e 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java @@ -69,6 +69,7 @@ import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.policy.PolicyConstants; import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.SecurityUtils; import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.cxf.ws.security.tokenstore.TokenStore; @@ -925,8 +926,15 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle public String getPassword(String userName, Assertion info, int usage) { //Then try to get the password from the given callback handler - CallbackHandler handler = getCallbackHandler(); - if (handler == null) { + Object o = message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER); + CallbackHandler handler = null; + try { + handler = SecurityUtils.getCallbackHandler(o); + if (handler == null) { + policyNotAsserted(info, "No callback handler and no password available"); + return null; + } + } catch (WSSecurityException ex) { policyNotAsserted(info, "No callback handler and no password available"); return null; } @@ -942,25 +950,6 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle return cb[0].getPassword(); } - protected CallbackHandler getCallbackHandler() { - Object o = message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER); - - CallbackHandler handler = null; - if (o instanceof CallbackHandler) { - handler = (CallbackHandler)o; - } else if (o instanceof String) { - try { - handler = (CallbackHandler)ClassLoaderUtils - .loadClass((String)o, this.getClass()).newInstance(); - message.put(SecurityConstants.CALLBACK_HANDLER, handler); - } catch (Exception e) { - handler = null; - } - } - - return handler; - } - /** * Generates a wsu:Id attribute for the provided {@code Element} and returns the attribute value * or finds and returns the value of the attribute if it already exists. @@ -1506,9 +1495,14 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle return passwordEncryptor; } - CallbackHandler callbackHandler = getCallbackHandler(); - if (callbackHandler != null) { - return new JasyptPasswordEncryptor(callbackHandler); + Object o = message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER); + try { + CallbackHandler callbackHandler = SecurityUtils.getCallbackHandler(o); + if (callbackHandler != null) { + return new JasyptPasswordEncryptor(callbackHandler); + } + } catch (WSSecurityException ex) { + return null; } return null;
