Repository: cxf Updated Branches: refs/heads/master d4f9674ba -> f94861bd6
More ws-security related refactoring Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f94861bd Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f94861bd Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f94861bd Branch: refs/heads/master Commit: f94861bd6745e92bc1f69acaa907761f3bcc0613 Parents: d4f9674 Author: Colm O hEigeartaigh <[email protected]> Authored: Mon Mar 16 17:43:59 2015 +0000 Committer: Colm O hEigeartaigh <[email protected]> Committed: Mon Mar 16 17:43:59 2015 +0000 ---------------------------------------------------------------------- .../apache/cxf/ws/security/SecurityUtils.java | 83 ++++++++++++++ .../KerberosTokenInterceptorProvider.java | 16 +-- .../policy/interceptors/NegotiationUtils.java | 12 +- .../policy/interceptors/STSTokenHelper.java | 15 ++- .../SecureConversationInInterceptor.java | 8 +- .../SecureConversationOutInterceptor.java | 8 +- .../SpnegoContextTokenOutInterceptor.java | 6 +- .../tokenstore/EHCacheTokenStoreFactory.java | 5 +- .../security/tokenstore/MemoryTokenStore.java | 2 +- .../security/tokenstore/TokenStoreFactory.java | 33 ------ .../ws/security/trust/AbstractSTSClient.java | 32 ++---- .../apache/cxf/ws/security/trust/STSClient.java | 2 +- .../cxf/ws/security/trust/STSLoginModule.java | 4 +- .../ws/security/trust/STSTokenValidator.java | 23 +--- .../wss4j/AbstractWSS4JInterceptor.java | 2 +- .../wss4j/AbstractWSS4JStaxInterceptor.java | 11 +- .../wss4j/PolicyBasedWSS4JInInterceptor.java | 10 +- .../ws/security/wss4j/SamlTokenInterceptor.java | 5 +- .../ws/security/wss4j/WSS4JInInterceptor.java | 12 +- .../security/wss4j/WSS4JStaxInInterceptor.java | 3 +- .../cxf/ws/security/wss4j/WSS4JUtils.java | 112 +------------------ .../policyhandlers/AbstractBindingBuilder.java | 8 +- .../AbstractCommonBindingHandler.java | 4 +- .../StaxAsymmetricBindingHandler.java | 6 +- .../StaxSymmetricBindingHandler.java | 9 +- .../StaxTransportBindingHandler.java | 4 +- 26 files changed, 165 insertions(+), 270 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityUtils.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityUtils.java index 7aec398..17f8d57 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityUtils.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityUtils.java @@ -18,9 +18,20 @@ */ package org.apache.cxf.ws.security; +import java.io.IOException; +import java.net.URL; + import javax.security.auth.callback.CallbackHandler; +import org.apache.cxf.Bus; import org.apache.cxf.common.classloader.ClassLoaderUtils; +import org.apache.cxf.common.classloader.ClassLoaderUtils.ClassLoaderHolder; +import org.apache.cxf.endpoint.Endpoint; +import org.apache.cxf.message.Message; +import org.apache.cxf.resource.ResourceManager; +import org.apache.cxf.service.model.EndpointInfo; +import org.apache.cxf.ws.security.tokenstore.TokenStore; +import org.apache.cxf.ws.security.tokenstore.TokenStoreFactory; import org.apache.wss4j.common.ext.WSSecurityException; /** @@ -47,4 +58,76 @@ public final class SecurityUtils { return handler; } + public static URL getConfigFileURL(Message message, String configFileKey, String configFileDefault) { + Object o = message.getContextualProperty(configFileKey); + if (o == null) { + o = configFileDefault; + } + + return loadResource(message, o); + } + + public static URL loadResource(Message message, Object o) { + + if (o instanceof String) { + URL url = ClassLoaderUtils.getResource((String)o, SecurityUtils.class); + if (url != null) { + return url; + } + ClassLoaderHolder orig = null; + try { + ResourceManager manager = message.getExchange().get(Bus.class).getExtension(ResourceManager.class); + ClassLoader loader = manager.resolveResource((String)o, ClassLoader.class); + if (loader != null) { + orig = ClassLoaderUtils.setThreadContextClassloader(loader); + } + url = manager.resolveResource((String)o, URL.class); + if (url == null) { + try { + url = new URL((String)o); + } catch (IOException e) { + // Do nothing + } + } + return url; + } finally { + if (orig != null) { + orig.reset(); + } + } + } else if (o instanceof URL) { + return (URL)o; + } + return null; + } + + public static TokenStore getTokenStore(Message message) { + EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo(); + synchronized (info) { + TokenStore tokenStore = + (TokenStore)message.getContextualProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE); + if (tokenStore == null) { + tokenStore = (TokenStore)info.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE); + } + if (tokenStore == null) { + TokenStoreFactory tokenStoreFactory = TokenStoreFactory.newInstance(); + String cacheKey = SecurityConstants.TOKEN_STORE_CACHE_INSTANCE; + String cacheIdentifier = + (String)message.getContextualProperty(SecurityConstants.CACHE_IDENTIFIER); + if (cacheIdentifier != null) { + cacheKey += "-" + cacheIdentifier; + } else if (info.getName() != null) { + int hashcode = info.getName().toString().hashCode(); + if (hashcode < 0) { + cacheKey += hashcode; + } else { + cacheKey += "-" + hashcode; + } + } + tokenStore = tokenStoreFactory.newTokenStore(cacheKey, message); + info.setProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, tokenStore); + } + return tokenStore; + } + } } http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java index 6083f66..2c14dd3 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java @@ -41,18 +41,17 @@ import org.apache.cxf.ws.policy.AbstractPolicyInterceptorProvider; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.SecurityUtils; import org.apache.cxf.ws.security.kerberos.KerberosClient; import org.apache.cxf.ws.security.kerberos.KerberosUtils; import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.cxf.ws.security.tokenstore.SecurityToken; -import org.apache.cxf.ws.security.tokenstore.TokenStore; import org.apache.cxf.ws.security.wss4j.KerberosTokenInterceptor; import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor; import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JStaxInInterceptor; import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JStaxOutInterceptor; import org.apache.cxf.ws.security.wss4j.StaxSecurityContextInInterceptor; import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor; -import org.apache.cxf.ws.security.wss4j.WSS4JUtils; import org.apache.cxf.ws.security.wss4j.policyvalidators.KerberosTokenPolicyValidator; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.dom.WSConstants; @@ -99,11 +98,6 @@ public class KerberosTokenInterceptorProvider extends AbstractPolicyInterceptorP this.getInFaultInterceptors().add(PolicyBasedWSS4JStaxInInterceptor.INSTANCE); } - - static final TokenStore getTokenStore(Message message) { - return WSS4JUtils.getTokenStore(message); - } - static class KerberosTokenOutInterceptor extends AbstractPhaseInterceptor<Message> { public KerberosTokenOutInterceptor() { super(Phase.PREPARE_SEND); @@ -137,11 +131,11 @@ public class KerberosTokenInterceptorProvider extends AbstractPolicyInterceptorP tok.getId()); message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getId()); - getTokenStore(message).add(tok); + SecurityUtils.getTokenStore(message).add(tok); // Create another cache entry with the SHA1 Identifier as the key for easy retrieval if (tok.getSHA1() != null) { - getTokenStore(message).add(tok.getSHA1(), tok); + SecurityUtils.getTokenStore(message).add(tok.getSHA1(), tok); } } } else { @@ -210,7 +204,7 @@ public class KerberosTokenInterceptorProvider extends AbstractPolicyInterceptorP if (valid) { SecurityToken token = createSecurityToken(kerberosToken); token.setSecret((byte[])wser.get(WSSecurityEngineResult.TAG_SECRET)); - getTokenStore(message).add(token); + SecurityUtils.getTokenStore(message).add(token); message.getExchange().put(SecurityConstants.TOKEN_ID, token.getId()); return; } @@ -298,7 +292,7 @@ public class KerberosTokenInterceptorProvider extends AbstractPolicyInterceptorP // Just consume this for now as it isn't critical... } - getTokenStore(message).add(token); + SecurityUtils.getTokenStore(message).add(token); message.getExchange().put(SecurityConstants.TOKEN_ID, token.getId()); } http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java index 5180959..aab8fc3 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java @@ -43,11 +43,11 @@ import org.apache.cxf.ws.policy.EndpointPolicy; import org.apache.cxf.ws.policy.PolicyEngine; import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion; import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.SecurityUtils; import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.cxf.ws.security.tokenstore.TokenStore; import org.apache.cxf.ws.security.trust.STSUtils; -import org.apache.cxf.ws.security.wss4j.WSS4JUtils; import org.apache.neethi.Assertion; import org.apache.neethi.Policy; import org.apache.wss4j.common.derivedKey.ConversationConstants; @@ -91,10 +91,6 @@ final class NegotiationUtils { return (Trust13)ai.getAssertion(); } - static TokenStore getTokenStore(Message message) { - return WSS4JUtils.getTokenStore(message); - } - static Assertion getAddressingPolicy(AssertionInfoMap aim, boolean optional) { Collection<AssertionInfo> lst = aim.get(MetadataConstants.USING_ADDRESSING_2004_QNAME); Assertion assertion = null; @@ -184,7 +180,7 @@ final class NegotiationUtils { try { Endpoint endpoint = message.getExchange().getEndpoint(); - TokenStore store = getTokenStore(message); + TokenStore store = SecurityUtils.getTokenStore(message); if (secConv) { endpoint = STSUtils.createSCEndpoint(bus, namespace, @@ -257,7 +253,7 @@ final class NegotiationUtils { (SecurityContextToken)wser.get(WSSecurityEngineResult.TAG_SECURITY_CONTEXT_TOKEN); message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getIdentifier()); - SecurityToken token = getTokenStore(message).getToken(tok.getIdentifier()); + SecurityToken token = SecurityUtils.getTokenStore(message).getToken(tok.getIdentifier()); if (token == null || token.isExpired()) { byte[] secret = (byte[])wser.get(WSSecurityEngineResult.TAG_SECRET); if (secret != null) { @@ -265,7 +261,7 @@ final class NegotiationUtils { token.setToken(tok.getElement()); token.setSecret(secret); token.setTokenType(tok.getTokenType()); - getTokenStore(message).add(token); + SecurityUtils.getTokenStore(message).add(token); } } if (token != null) { http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java index a4d3f41..0177d08 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java @@ -26,7 +26,6 @@ import java.util.logging.Level; import java.util.logging.Logger; import org.w3c.dom.Element; - import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.endpoint.Endpoint; import org.apache.cxf.interceptor.Fault; @@ -36,12 +35,12 @@ import org.apache.cxf.ws.addressing.AddressingProperties; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.SecurityUtils; import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.cxf.ws.security.tokenstore.TokenStore; import org.apache.cxf.ws.security.trust.STSClient; import org.apache.cxf.ws.security.trust.STSUtils; -import org.apache.cxf.ws.security.wss4j.WSS4JUtils; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.saml.SamlAssertionWrapper; import org.apache.wss4j.dom.WSConstants; @@ -98,7 +97,7 @@ public final class STSTokenHelper { message.put(SecurityConstants.TOKEN_ID, tok.getId()); } // ? - WSS4JUtils.getTokenStore(message).add(tok); + SecurityUtils.getTokenStore(message).add(tok); return tok; } @@ -115,7 +114,7 @@ public final class STSTokenHelper { if (tok == null) { String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID); if (tokId != null) { - tok = WSS4JUtils.getTokenStore(message).getToken(tokId); + tok = SecurityUtils.getTokenStore(message).getToken(tokId); } } } else { @@ -123,7 +122,7 @@ public final class STSTokenHelper { if (tok == null) { String tokId = (String)message.get(SecurityConstants.TOKEN_ID); if (tokId != null) { - tok = WSS4JUtils.getTokenStore(message).getToken(tokId); + tok = SecurityUtils.getTokenStore(message).getToken(tokId); } } } @@ -213,7 +212,7 @@ public final class STSTokenHelper { message.getExchange().get(Endpoint.class).remove(SecurityConstants.TOKEN_ID); message.getExchange().remove(SecurityConstants.TOKEN_ID); message.getExchange().remove(SecurityConstants.TOKEN); - NegotiationUtils.getTokenStore(message).remove(tok.getId()); + SecurityUtils.getTokenStore(message).remove(tok.getId()); // If the user has explicitly disabled Renewing then we can't renew a token, // so just get a new one @@ -322,7 +321,7 @@ public final class STSTokenHelper { Element actAsToken, String appliesTo, boolean enableAppliesTo) throws Exception { - TokenStore tokenStore = WSS4JUtils.getTokenStore(message); + TokenStore tokenStore = SecurityUtils.getTokenStore(message); String key = appliesTo; if (!enableAppliesTo || key == null || "".equals(key)) { key = ASSOCIATED_TOKEN; @@ -387,7 +386,7 @@ public final class STSTokenHelper { if (issuedToken == null) { return; } - TokenStore tokenStore = WSS4JUtils.getTokenStore(message); + TokenStore tokenStore = SecurityUtils.getTokenStore(message); String key = appliesTo; if (!enableAppliesTo || key == null || "".equals(key)) { key = ASSOCIATED_TOKEN; http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java index ada01ef..930b8a8 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java @@ -47,6 +47,7 @@ import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion; import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.SecurityUtils; import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.cxf.ws.security.policy.interceptors.HttpsTokenInterceptorProvider.HttpsTokenInInterceptor; import org.apache.cxf.ws.security.tokenstore.SecurityToken; @@ -57,7 +58,6 @@ import org.apache.cxf.ws.security.trust.STSUtils; import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor; import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor; import org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor; -import org.apache.cxf.ws.security.wss4j.WSS4JUtils; import org.apache.neethi.All; import org.apache.neethi.Assertion; import org.apache.neethi.ExactlyOne; @@ -445,7 +445,7 @@ class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessa if (st == null) { String id = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID); if (id != null) { - st = WSS4JUtils.getTokenStore(message).getToken(id); + st = SecurityUtils.getTokenStore(message).getToken(id); } } if (st != null && !st.isExpired()) { @@ -526,7 +526,7 @@ class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessa if (tok == null) { String tokId = (String)m2.getContextualProperty(SecurityConstants.TOKEN_ID); if (tokId != null) { - tok = NegotiationUtils.getTokenStore(m2).getToken(tokId); + tok = SecurityUtils.getTokenStore(m2).getToken(tokId); } } @@ -549,7 +549,7 @@ class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessa } client.cancelSecurityToken(tok); - NegotiationUtils.getTokenStore(m2).remove(tok.getId()); + SecurityUtils.getTokenStore(m2).remove(tok.getId()); m2.put(SecurityConstants.TOKEN, null); } catch (RuntimeException e) { throw e; http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java index ee84f92..bba1952 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java @@ -36,6 +36,7 @@ import org.apache.cxf.ws.addressing.AddressingProperties; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.SecurityUtils; import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider.IssuedTokenOutInterceptor; import org.apache.cxf.ws.security.tokenstore.SecurityToken; @@ -74,8 +75,7 @@ class SecureConversationOutInterceptor extends AbstractPhaseInterceptor<SoapMess if (tok == null) { String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID); if (tokId != null) { - tok = NegotiationUtils - .getTokenStore(message).getToken(tokId); + tok = SecurityUtils.getTokenStore(message).getToken(tokId); } } if (tok == null) { @@ -91,7 +91,7 @@ class SecureConversationOutInterceptor extends AbstractPhaseInterceptor<SoapMess message.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID, tok.getId()); message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getId()); message.getExchange().put(SecurityConstants.TOKEN, tok); - NegotiationUtils.getTokenStore(message).add(tok); + SecurityUtils.getTokenStore(message).add(tok); } PolicyUtils.assertPolicy(aim, SPConstants.BOOTSTRAP_POLICY); } else { @@ -119,7 +119,7 @@ class SecureConversationOutInterceptor extends AbstractPhaseInterceptor<SoapMess message.getExchange().get(Endpoint.class).remove(SecurityConstants.TOKEN_ID); message.getExchange().remove(SecurityConstants.TOKEN_ID); message.getExchange().remove(SecurityConstants.TOKEN); - NegotiationUtils.getTokenStore(message).remove(tok.getId()); + SecurityUtils.getTokenStore(message).remove(tok.getId()); STSClient client = STSUtils.getClient(message, "sct"); AddressingProperties maps = http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java index 14b4d62..af7b0ac 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java @@ -62,12 +62,12 @@ class SpnegoContextTokenOutInterceptor extends AbstractPhaseInterceptor<SoapMess String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID); SecurityToken tok = null; if (tokId != null) { - tok = NegotiationUtils.getTokenStore(message).getToken(tokId); + tok = SecurityUtils.getTokenStore(message).getToken(tokId); if (tok != null && tok.isExpired()) { message.getExchange().get(Endpoint.class).remove(SecurityConstants.TOKEN_ID); message.getExchange().remove(SecurityConstants.TOKEN_ID); - NegotiationUtils.getTokenStore(message).remove(tokId); + SecurityUtils.getTokenStore(message).remove(tokId); tok = null; } } @@ -81,7 +81,7 @@ class SpnegoContextTokenOutInterceptor extends AbstractPhaseInterceptor<SoapMess } message.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID, tok.getId()); message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getId()); - NegotiationUtils.getTokenStore(message).add(tok); + SecurityUtils.getTokenStore(message).add(tok); } } else { // server side should be checked on the way in http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStoreFactory.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStoreFactory.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStoreFactory.java index 74ee172..61b8ded 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStoreFactory.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStoreFactory.java @@ -22,6 +22,8 @@ package org.apache.cxf.ws.security.tokenstore; import java.net.URL; import org.apache.cxf.message.Message; +import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.SecurityUtils; /** @@ -30,7 +32,8 @@ import org.apache.cxf.message.Message; public class EHCacheTokenStoreFactory extends TokenStoreFactory { public TokenStore newTokenStore(String key, Message message) { - URL configFileURL = getConfigFileURL(message); + URL configFileURL = SecurityUtils.getConfigFileURL(message, SecurityConstants.CACHE_CONFIG_FILE, + "cxf-ehcache.xml"); return new EHCacheTokenStore(key, message.getExchange().getBus(), configFileURL); } http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java index ed719a4..ac8d930 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java @@ -33,7 +33,7 @@ public class MemoryTokenStore implements TokenStore { public static final long DEFAULT_TTL = 60L * 5L; public static final long MAX_TTL = DEFAULT_TTL * 12L; - private Map<String, CacheEntry> tokens = new ConcurrentHashMap<String, CacheEntry>(); + private Map<String, CacheEntry> tokens = new ConcurrentHashMap<>(); private long ttl = DEFAULT_TTL; public void add(SecurityToken token) { http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStoreFactory.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStoreFactory.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStoreFactory.java index c34d21f..dfb6eb2 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStoreFactory.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStoreFactory.java @@ -19,13 +19,7 @@ package org.apache.cxf.ws.security.tokenstore; -import java.io.IOException; -import java.net.URL; - -import org.apache.cxf.common.classloader.ClassLoaderUtils; import org.apache.cxf.message.Message; -import org.apache.cxf.resource.ResourceManager; -import org.apache.cxf.ws.security.SecurityConstants; /** * An abstract factory to return a TokenStore instance. It returns an EHCacheTokenStoreFactory @@ -60,31 +54,4 @@ public abstract class TokenStoreFactory { public abstract TokenStore newTokenStore(String key, Message message); - protected URL getConfigFileURL(Message message) { - Object o = message.getContextualProperty(SecurityConstants.CACHE_CONFIG_FILE); - if (o == null) { - o = "cxf-ehcache.xml"; - } - - if (o instanceof String) { - URL url = null; - ResourceManager rm = message.getExchange().getBus().getExtension(ResourceManager.class); - url = rm.resolveResource((String)o, URL.class); - try { - if (url == null) { - url = ClassLoaderUtils.getResource((String)o, TokenStoreFactory.class); - } - if (url == null) { - url = new URL((String)o); - } - return url; - } catch (IOException e) { - // Do nothing - } - } else if (o instanceof URL) { - return (URL)o; - } - return null; - } - } http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java index 0e757c6..a9a11dc 100755 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java @@ -54,7 +54,6 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusException; import org.apache.cxf.binding.soap.SoapBindingConstants; import org.apache.cxf.binding.soap.model.SoapOperationInfo; -import org.apache.cxf.common.classloader.ClassLoaderUtils; //import org.apache.cxf.common.i18n.Message; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.common.util.ModCountCopyOnWriteArrayList; @@ -75,7 +74,6 @@ import org.apache.cxf.interceptor.InterceptorProvider; import org.apache.cxf.jaxws.JaxWsProxyFactoryBean; import org.apache.cxf.message.Message; import org.apache.cxf.phase.PhaseInterceptorChain; -import org.apache.cxf.resource.ResourceManager; import org.apache.cxf.rt.security.claims.ClaimCollection; import org.apache.cxf.service.Service; import org.apache.cxf.service.model.BindingInfo; @@ -100,6 +98,7 @@ import org.apache.cxf.ws.policy.attachment.reference.ReferenceResolver; import org.apache.cxf.ws.policy.attachment.reference.RemoteReferenceResolver; import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion; import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.SecurityUtils; import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.cxf.ws.security.trust.claims.ClaimsCallback; import org.apache.cxf.ws.security.trust.delegation.DelegationCallback; @@ -191,16 +190,12 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv protected String context; protected X509Certificate useKeyCertificate; - protected Map<String, Object> ctx = new HashMap<String, Object>(); + protected Map<String, Object> ctx = new HashMap<>(); - protected List<Interceptor<? extends Message>> in - = new ModCountCopyOnWriteArrayList<Interceptor<? extends Message>>(); - protected List<Interceptor<? extends Message>> out - = new ModCountCopyOnWriteArrayList<Interceptor<? extends Message>>(); - protected List<Interceptor<? extends Message>> outFault - = new ModCountCopyOnWriteArrayList<Interceptor<? extends Message>>(); - protected List<Interceptor<? extends Message>> inFault - = new ModCountCopyOnWriteArrayList<Interceptor<? extends Message>>(); + protected List<Interceptor<? extends Message>> in = new ModCountCopyOnWriteArrayList<>(); + protected List<Interceptor<? extends Message>> out = new ModCountCopyOnWriteArrayList<>(); + protected List<Interceptor<? extends Message>> outFault = new ModCountCopyOnWriteArrayList<>(); + protected List<Interceptor<? extends Message>> inFault = new ModCountCopyOnWriteArrayList<>(); protected List<Feature> features; public AbstractSTSClient(Bus b) { @@ -1559,15 +1554,11 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv protected CallbackHandler createHandler() { Object o = getProperty(SecurityConstants.CALLBACK_HANDLER); - if (o instanceof String) { - try { - Class<?> cls = ClassLoaderUtils.loadClass((String)o, this.getClass()); - o = cls.newInstance(); - } catch (Exception e) { - throw new Fault(e); - } + try { + return SecurityUtils.getCallbackHandler(o); + } catch (Exception e) { + throw new Fault(e); } - return (CallbackHandler)o; } protected Object getProperty(String s) { @@ -1592,8 +1583,7 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv Object o = getProperty(SecurityConstants.STS_TOKEN_PROPERTIES + (decrypt ? ".decrypt" : "")); - ResourceManager manager = bus.getExtension(ResourceManager.class); - URL propsURL = WSS4JUtils.getPropertiesFileURL(o, manager, this.getClass()); + URL propsURL = SecurityUtils.loadResource(message, o); Properties properties = WSS4JUtils.getProps(o, propsURL); if (properties != null) { http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java index afdaaea..899f509 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java @@ -114,7 +114,7 @@ public class STSClient extends AbstractSTSClient { el = DOMUtils.getFirstElement(el); String reason = null; boolean valid = false; - List<SecurityToken> tokens = new LinkedList<SecurityToken>(); + List<SecurityToken> tokens = new LinkedList<>(); while (el != null) { if ("Status".equals(el.getLocalName())) { Element e2 = DOMUtils.getFirstChildWithName(el, el.getNamespaceURI(), "Code"); http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSLoginModule.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSLoginModule.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSLoginModule.java index 465a4c9..ec4e816 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSLoginModule.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSLoginModule.java @@ -147,7 +147,7 @@ public class STSLoginModule implements LoginModule { private static final Logger LOG = LogUtils.getL7dLogger(STSLoginModule.class); private static final String TOKEN_STORE_KEY = "sts.login.module.tokenstore"; - private Set<Principal> roles = new HashSet<Principal>(); + private Set<Principal> roles = new HashSet<>(); private Principal userPrincipal; private Subject subject; private CallbackHandler callbackHandler; @@ -162,7 +162,7 @@ public class STSLoginModule implements LoginModule { private String keyType = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer";; private String tokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";; private String namespace; - private Map<String, Object> stsClientProperties = new HashMap<String, Object>(); + private Map<String, Object> stsClientProperties = new HashMap<>(); @Override public void initialize(Subject subj, CallbackHandler cbHandler, Map<String, ?> sharedState, http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java index 2a76672..3db4a43 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java @@ -28,13 +28,11 @@ import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.UnsupportedCallbackException; import org.w3c.dom.Element; -import org.apache.cxf.endpoint.Endpoint; import org.apache.cxf.message.Message; -import org.apache.cxf.service.model.EndpointInfo; import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.SecurityUtils; import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.cxf.ws.security.tokenstore.TokenStore; -import org.apache.cxf.ws.security.tokenstore.TokenStoreFactory; import org.apache.cxf.ws.security.trust.delegation.DelegationCallback; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl; @@ -176,24 +174,7 @@ public class STSTokenValidator implements Validator { return null; } - EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo(); - synchronized (info) { - TokenStore tokenStore = - (TokenStore)message.getContextualProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE); - if (tokenStore == null) { - tokenStore = (TokenStore)info.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE); - } - if (tokenStore == null) { - TokenStoreFactory tokenStoreFactory = TokenStoreFactory.newInstance(); - String cacheKey = SecurityConstants.TOKEN_STORE_CACHE_INSTANCE; - if (info.getName() != null) { - cacheKey += "-" + info.getName().toString().hashCode(); - } - tokenStore = tokenStoreFactory.newTokenStore(cacheKey, message); - info.setProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, tokenStore); - } - return tokenStore; - } + return SecurityUtils.getTokenStore(message); } protected boolean isValidatedLocally(Credential credential, RequestData data) http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java index 0c62232..d520907 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java @@ -202,7 +202,7 @@ public abstract class AbstractWSS4JInterceptor extends WSHandler implements Soap PasswordEncryptor passwordEncryptor = getPasswordEncryptor(reqData); return WSS4JUtils.loadCryptoFromPropertiesFile( - message, propFilename, this.getClass(), classLoader, passwordEncryptor + message, propFilename, classLoader, passwordEncryptor ); } http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java index 97a96ce..d7b27a1 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java @@ -47,7 +47,6 @@ import org.apache.cxf.interceptor.Fault; import org.apache.cxf.message.Message; import org.apache.cxf.message.MessageUtils; import org.apache.cxf.phase.PhaseInterceptor; -import org.apache.cxf.resource.ResourceManager; import org.apache.cxf.service.model.EndpointInfo; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; @@ -382,7 +381,7 @@ public abstract class AbstractWSS4JStaxInterceptor implements SoapInterceptor, PasswordEncryptor passwordEncryptor = getPasswordEncryptor(soapMessage, securityProperties); return WSS4JUtils.loadCryptoFromPropertiesFile( - soapMessage, propFilename, this.getClass(), getClassLoader(), passwordEncryptor + soapMessage, propFilename, getClassLoader(), passwordEncryptor ); } @@ -433,9 +432,7 @@ public abstract class AbstractWSS4JStaxInterceptor implements SoapInterceptor, } else if (e instanceof Crypto) { return (Crypto)e; } else { - ResourceManager manager = - message.getExchange().getBus().getExtension(ResourceManager.class); - URL propsURL = WSS4JUtils.getPropertiesFileURL(e, manager, this.getClass()); + URL propsURL = SecurityUtils.loadResource(message, e); Properties props = WSS4JUtils.getProps(e, propsURL); if (props == null) { LOG.fine("Cannot find Crypto Encryption properties: " + e); @@ -463,9 +460,7 @@ public abstract class AbstractWSS4JStaxInterceptor implements SoapInterceptor, } else if (s instanceof Crypto) { return (Crypto)s; } else { - ResourceManager manager = - message.getExchange().getBus().getExtension(ResourceManager.class); - URL propsURL = WSS4JUtils.getPropertiesFileURL(s, manager, this.getClass()); + URL propsURL = SecurityUtils.loadResource(message, s); Properties props = WSS4JUtils.getProps(s, propsURL); if (props == null) { LOG.fine("Cannot find Crypto Signature properties: " + s); http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java index abeb41c..12aebb9 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java @@ -49,12 +49,12 @@ import org.apache.cxf.helpers.DOMUtils; import org.apache.cxf.helpers.MapNamespaceContext; import org.apache.cxf.interceptor.Fault; import org.apache.cxf.message.MessageUtils; -import org.apache.cxf.resource.ResourceManager; import org.apache.cxf.security.transport.TLSSessionInfo; import org.apache.cxf.service.model.EndpointInfo; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.SecurityUtils; import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageScope; import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageType; @@ -407,9 +407,7 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor { if (e instanceof Crypto) { encrCrypto = (Crypto)e; } else if (e != null) { - ResourceManager manager = - message.getExchange().getBus().getExtension(ResourceManager.class); - URL propsURL = WSS4JUtils.getPropertiesFileURL(e, manager, this.getClass()); + URL propsURL = SecurityUtils.loadResource(message, e); Properties props = WSS4JUtils.getProps(e, propsURL); if (props == null) { LOG.fine("Cannot find Crypto Encryption properties: " + e); @@ -456,9 +454,7 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor { if (s instanceof Crypto) { signCrypto = (Crypto)s; } else if (s != null) { - ResourceManager manager = - message.getExchange().getBus().getExtension(ResourceManager.class); - URL propsURL = WSS4JUtils.getPropertiesFileURL(s, manager, this.getClass()); + URL propsURL = SecurityUtils.loadResource(message, s); Properties props = WSS4JUtils.getProps(s, propsURL); if (props == null) { LOG.fine("Cannot find Crypto Signature properties: " + s); http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java index eb5ab1f..dd91cf2 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java @@ -38,7 +38,6 @@ import org.apache.cxf.headers.Header; import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.helpers.DOMUtils; import org.apache.cxf.interceptor.security.DefaultSecurityContext; -import org.apache.cxf.resource.ResourceManager; import org.apache.cxf.security.SecurityContext; import org.apache.cxf.security.transport.TLSSessionInfo; import org.apache.cxf.ws.policy.AssertionInfo; @@ -300,9 +299,7 @@ public class SamlTokenInterceptor extends AbstractTokenInterceptor { return null; } - ResourceManager manager = - message.getExchange().getBus().getExtension(ResourceManager.class); - URL propsURL = WSS4JUtils.getPropertiesFileURL(o, manager, this.getClass()); + URL propsURL = SecurityUtils.loadResource(message, o); Properties properties = WSS4JUtils.getProps(o, propsURL); if (properties != null) { http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java index 5e49194..c175b58 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java @@ -712,10 +712,8 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { Endpoint ep = ((SoapMessage)reqData.getMsgContext()).getExchange().get(Endpoint.class); if (ep != null && ep.getEndpointInfo() != null) { TokenStore store = - WSS4JUtils.getTokenStore((SoapMessage)reqData.getMsgContext(), false); - if (store != null) { - return new TokenStoreCallbackHandler(null, store); - } + SecurityUtils.getTokenStore((SoapMessage)reqData.getMsgContext()); + return new TokenStoreCallbackHandler(null, store); } throw sec; } @@ -723,10 +721,8 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { Endpoint ep = ((SoapMessage)reqData.getMsgContext()).getExchange().get(Endpoint.class); if (ep != null && ep.getEndpointInfo() != null) { - TokenStore store = WSS4JUtils.getTokenStore((SoapMessage)reqData.getMsgContext(), false); - if (store != null) { - return new TokenStoreCallbackHandler(cbHandler, store); - } + TokenStore store = SecurityUtils.getTokenStore((SoapMessage)reqData.getMsgContext()); + return new TokenStoreCallbackHandler(cbHandler, store); } return cbHandler; } http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java index 0c82445..112d333 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java @@ -44,6 +44,7 @@ import org.apache.cxf.interceptor.StaxInInterceptor; import org.apache.cxf.message.MessageUtils; import org.apache.cxf.phase.Phase; import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.SecurityUtils; import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.cxf.ws.security.tokenstore.TokenStore; import org.apache.wss4j.common.ConfigurationConstants; @@ -127,7 +128,7 @@ public class WSS4JStaxInInterceptor extends AbstractWSS4JStaxInterceptor { final TokenStoreCallbackHandler callbackHandler = new TokenStoreCallbackHandler( - secProps.getCallbackHandler(), WSS4JUtils.getTokenStore(soapMessage) + secProps.getCallbackHandler(), SecurityUtils.getTokenStore(soapMessage) ); secProps.setCallbackHandler(callbackHandler); http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java index d69e94d..accc4df 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java @@ -32,18 +32,14 @@ import org.apache.cxf.Bus; import org.apache.cxf.binding.soap.SoapFault; import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.binding.soap.SoapVersion; -import org.apache.cxf.common.classloader.ClassLoaderUtils; -import org.apache.cxf.common.classloader.ClassLoaderUtils.ClassLoaderHolder; import org.apache.cxf.endpoint.Endpoint; import org.apache.cxf.message.Message; import org.apache.cxf.message.MessageUtils; -import org.apache.cxf.resource.ResourceManager; import org.apache.cxf.service.model.EndpointInfo; import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.SecurityUtils; import org.apache.cxf.ws.security.cache.CXFEHCacheReplayCache; import org.apache.cxf.ws.security.tokenstore.SecurityToken; -import org.apache.cxf.ws.security.tokenstore.TokenStore; -import org.apache.cxf.ws.security.tokenstore.TokenStoreFactory; import org.apache.wss4j.common.cache.ReplayCache; import org.apache.wss4j.common.cache.ReplayCacheFactory; import org.apache.wss4j.common.crypto.Crypto; @@ -109,7 +105,8 @@ public final class WSS4JUtils { cacheKey += "-" + hashcode; } } - URL configFile = getConfigFileURL(message); + URL configFile = SecurityUtils.getConfigFileURL(message, SecurityConstants.CACHE_CONFIG_FILE, + "cxf-ehcache.xml"); if (ReplayCacheFactory.isEhCacheInstalled()) { Bus bus = message.getExchange().getBus(); @@ -127,67 +124,6 @@ public final class WSS4JUtils { return null; } - private static URL getConfigFileURL(Message message) { - Object o = message.getContextualProperty(SecurityConstants.CACHE_CONFIG_FILE); - if (o == null) { - o = "/cxf-ehcache.xml"; - } - - if (o instanceof String) { - URL url = null; - ResourceManager rm = message.getExchange().get(Bus.class).getExtension(ResourceManager.class); - url = rm.resolveResource((String)o, URL.class); - try { - if (url == null) { - url = ClassLoaderUtils.getResource((String)o, ReplayCacheFactory.class); - } - if (url == null) { - url = new URL((String)o); - } - return url; - } catch (IOException e) { - // Do nothing - } - } else if (o instanceof URL) { - return (URL)o; - } - return null; - } - - public static TokenStore getTokenStore(Message message) { - return getTokenStore(message, true); - } - - public static TokenStore getTokenStore(Message message, boolean create) { - EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo(); - synchronized (info) { - TokenStore tokenStore = - (TokenStore)message.getContextualProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE); - if (tokenStore == null) { - tokenStore = (TokenStore)info.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE); - } - if (create && tokenStore == null) { - TokenStoreFactory tokenStoreFactory = TokenStoreFactory.newInstance(); - String cacheKey = SecurityConstants.TOKEN_STORE_CACHE_INSTANCE; - String cacheIdentifier = - (String)message.getContextualProperty(SecurityConstants.CACHE_IDENTIFIER); - if (cacheIdentifier != null) { - cacheKey += "-" + cacheIdentifier; - } else if (info.getName() != null) { - int hashcode = info.getName().toString().hashCode(); - if (hashcode < 0) { - cacheKey += hashcode; - } else { - cacheKey += "-" + hashcode; - } - } - tokenStore = tokenStoreFactory.newTokenStore(cacheKey, message); - info.setProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, tokenStore); - } - return tokenStore; - } - } - public static String parseAndStoreStreamingSecurityToken( org.apache.xml.security.stax.securityToken.SecurityToken securityToken, Message message @@ -195,7 +131,7 @@ public final class WSS4JUtils { if (securityToken == null) { return null; } - SecurityToken existingToken = getTokenStore(message).getToken(securityToken.getId()); + SecurityToken existingToken = SecurityUtils.getTokenStore(message).getToken(securityToken.getId()); if (existingToken == null || existingToken.isExpired()) { Date created = new Date(); Date expires = new Date(); @@ -229,7 +165,7 @@ public final class WSS4JUtils { } } - getTokenStore(message).add(cachedTok); + SecurityUtils.getTokenStore(message).add(cachedTok); return cachedTok.getId(); } @@ -294,50 +230,14 @@ public final class WSS4JUtils { return properties; } - public static URL getPropertiesFileURL( - Object o, ResourceManager manager, Class<?> callingClass - ) { - if (o instanceof String) { - ClassLoaderHolder orig = null; - try { - URL url = ClassLoaderUtils.getResource((String)o, callingClass); - if (url == null) { - ClassLoader loader = manager.resolveResource((String)o, ClassLoader.class); - if (loader != null) { - orig = ClassLoaderUtils.setThreadContextClassloader(loader); - } - url = manager.resolveResource((String)o, URL.class); - } - if (url == null) { - try { - url = new URL((String)o); - } catch (IOException e) { - // Do nothing - } - } - return url; - } finally { - if (orig != null) { - orig.reset(); - } - } - } else if (o instanceof URL) { - return (URL)o; - } - return null; - } - public static Crypto loadCryptoFromPropertiesFile( Message message, String propFilename, - Class<?> callingClass, ClassLoader classLoader, PasswordEncryptor passwordEncryptor ) throws WSSecurityException { try { - ResourceManager manager = - message.getExchange().getBus().getExtension(ResourceManager.class); - URL url = getPropertiesFileURL(propFilename, manager, callingClass); + URL url = SecurityUtils.loadResource(message, propFilename); if (url != null) { Properties props = new Properties(); try (InputStream in = url.openStream()) { http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java index 4f2574e..38edb3e 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java @@ -51,7 +51,6 @@ import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; -import org.apache.cxf.Bus; import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.binding.soap.saaj.SAAJUtils; import org.apache.cxf.common.classloader.ClassLoaderUtils; @@ -63,7 +62,6 @@ import org.apache.cxf.helpers.DOMUtils; import org.apache.cxf.helpers.MapNamespaceContext; import org.apache.cxf.interceptor.Fault; import org.apache.cxf.message.MessageUtils; -import org.apache.cxf.resource.ResourceManager; import org.apache.cxf.service.model.EndpointInfo; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; @@ -303,7 +301,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle } protected final TokenStore getTokenStore() { - return WSS4JUtils.getTokenStore(message); + return SecurityUtils.getTokenStore(message); } protected WSSecTimestamp createTimestamp() { @@ -1472,9 +1470,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle return crypto; } - ResourceManager manager = - message.getExchange().get(Bus.class).getExtension(ResourceManager.class); - URL propsURL = WSS4JUtils.getPropertiesFileURL(o, manager, this.getClass()); + URL propsURL = SecurityUtils.loadResource(message, o); Properties properties = WSS4JUtils.getProps(o, propsURL); if (properties != null) { http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java index e175f67..ae36dcc 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java @@ -33,9 +33,9 @@ import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.policy.PolicyException; import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.SecurityUtils; import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.cxf.ws.security.tokenstore.SecurityToken; -import org.apache.cxf.ws.security.wss4j.WSS4JUtils; import org.apache.neethi.Assertion; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.dom.util.WSSecurityUtil; @@ -470,7 +470,7 @@ public abstract class AbstractCommonBindingHandler { if (st == null) { String id = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID); if (id != null) { - st = WSS4JUtils.getTokenStore(message).getToken(id); + st = SecurityUtils.getTokenStore(message).getToken(id); } } return st; http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java index 2d1ebb1..c515749 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java @@ -32,8 +32,8 @@ import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.interceptor.Fault; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.SecurityUtils; import org.apache.cxf.ws.security.tokenstore.SecurityToken; -import org.apache.cxf.ws.security.wss4j.WSS4JUtils; import org.apache.wss4j.common.ConfigurationConstants; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.policy.SPConstants; @@ -134,7 +134,7 @@ public class StaxAsymmetricBindingHandler extends AbstractStaxBindingHandler { WSSSecurityProperties properties = getProperties(); TokenStoreCallbackHandler callbackHandler = new TokenStoreCallbackHandler( - properties.getCallbackHandler(), WSS4JUtils.getTokenStore(message) + properties.getCallbackHandler(), SecurityUtils.getTokenStore(message) ); properties.setCallbackHandler(callbackHandler); } else if (initiatorToken instanceof SamlToken) { @@ -261,7 +261,7 @@ public class StaxAsymmetricBindingHandler extends AbstractStaxBindingHandler { WSSSecurityProperties properties = getProperties(); TokenStoreCallbackHandler callbackHandler = new TokenStoreCallbackHandler( - properties.getCallbackHandler(), WSS4JUtils.getTokenStore(message) + properties.getCallbackHandler(), SecurityUtils.getTokenStore(message) ); properties.setCallbackHandler(callbackHandler); } else if (initiatorToken instanceof SamlToken) { http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java index 15c106b..139f233 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java @@ -35,6 +35,7 @@ import org.apache.cxf.interceptor.Fault; import org.apache.cxf.message.MessageUtils; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.SecurityUtils; import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.cxf.ws.security.wss4j.WSS4JUtils; import org.apache.wss4j.common.ConfigurationConstants; @@ -117,7 +118,7 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler { WSSSecurityProperties properties = getProperties(); TokenStoreCallbackHandler callbackHandler = new TokenStoreCallbackHandler( - properties.getCallbackHandler(), WSS4JUtils.getTokenStore(message) + properties.getCallbackHandler(), SecurityUtils.getTokenStore(message) ); properties.setCallbackHandler(callbackHandler); @@ -202,7 +203,7 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler { } // Get hold of the token from the token storage - tok = WSS4JUtils.getTokenStore(message).getToken(tokenId); + tok = SecurityUtils.getTokenStore(message).getToken(tokenId); } // Store key @@ -334,7 +335,7 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler { return; } if (sigTok == null) { - sigTok = WSS4JUtils.getTokenStore(message).getToken(sigTokId); + sigTok = SecurityUtils.getTokenStore(message).getToken(sigTokId); } // Store key @@ -603,7 +604,7 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler { tempTok.setKey(symmetricKey); tempTok.setSecret(symmetricKey.getEncoded()); - WSS4JUtils.getTokenStore(message).add(tempTok); + SecurityUtils.getTokenStore(message).add(tempTok); return tempTok.getId(); } http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java index 1beb200..f07412e 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java @@ -33,9 +33,9 @@ import org.apache.cxf.interceptor.Fault; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.SecurityUtils; import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.cxf.ws.security.tokenstore.SecurityToken; -import org.apache.cxf.ws.security.wss4j.WSS4JUtils; import org.apache.wss4j.policy.SP11Constants; import org.apache.wss4j.policy.SP12Constants; import org.apache.wss4j.policy.SPConstants; @@ -315,7 +315,7 @@ public class StaxTransportBindingHandler extends AbstractStaxBindingHandler { // Set up CallbackHandler which wraps the configured Handler TokenStoreCallbackHandler callbackHandler = new TokenStoreCallbackHandler( - properties.getCallbackHandler(), WSS4JUtils.getTokenStore(message) + properties.getCallbackHandler(), SecurityUtils.getTokenStore(message) ); properties.setCallbackHandler(callbackHandler);
