Author: coheigea
Date: Thu Jun 6 16:50:49 2013
New Revision: 1490356
URL: http://svn.apache.org/r1490356
Log:
Added a "pure" Kerberos action + made it possible to take a Kerberos ticket
from the security context
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
webservices/wss4j/trunk/ws-security-common/src/main/resources/wss4j-ehcache.xml
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/KerberosSecurityTokenOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosClientSecurityToken.java
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java?rev=1490356&r1=1490355&r2=1490356&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
(original)
+++
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
Thu Jun 6 16:50:49 2013
@@ -96,6 +96,23 @@ public final class ConfigurationConstant
*/
public static final String ENCRYPT_DERIVED = "EncryptDerived";
+ /**
+ * Perform a Signature action with a kerberos token. The signature
specific parameters define how
+ * to sign, which keys to use, and so on.
+ */
+ public static final String SIGNATURE_WITH_KERBEROS_TOKEN =
"SignatureWithKerberosToken";
+
+ /**
+ * Perform a Encryption action with a kerberos token. The signature
specific parameters define how
+ * to encrypt, which keys to use, and so on.
+ */
+ public static final String ENCRYPT_WITH_KERBEROS_TOKEN =
"EncryptWithKerberosToken";
+
+ /**
+ * Add a kerberos token.
+ */
+ public static final String KERBEROS_TOKEN = "KerberosToken";
+
//
// User properties
//
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/resources/wss4j-ehcache.xml
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/resources/wss4j-ehcache.xml?rev=1490356&r1=1490355&r2=1490356&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-common/src/main/resources/wss4j-ehcache.xml
(original)
+++
webservices/wss4j/trunk/ws-security-common/src/main/resources/wss4j-ehcache.xml
Thu Jun 6 16:50:49 2013
@@ -1,4 +1,4 @@
-<ehcache xsi:noNamespaceSchemaLocation="ehcache.xsd" updateCheck="false"
monitoring="autodetect" dynamicConfig="true">
+<ehcache xsi:noNamespaceSchemaLocation="ehcache.xsd" updateCheck="false"
monitoring="autodetect" dynamicConfig="true" name="wss4jCache">
<diskStore path="java.io.tmpdir"/>
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java?rev=1490356&r1=1490355&r2=1490356&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
Thu Jun 6 16:50:49 2013
@@ -104,6 +104,12 @@ public final class ConfigurationConverte
actions.add(WSSConstants.SIGNATURE_WITH_DERIVED_KEY);
} else if
(single[i].equals(ConfigurationConstants.ENCRYPT_DERIVED)) {
actions.add(WSSConstants.ENCRYPT_WITH_DERIVED_KEY);
+ } else if
(single[i].equals(ConfigurationConstants.SIGNATURE_WITH_KERBEROS_TOKEN)) {
+ actions.add(WSSConstants.SIGNATURE_WITH_KERBEROS_TOKEN);
+ } else if
(single[i].equals(ConfigurationConstants.ENCRYPT_WITH_KERBEROS_TOKEN)) {
+ actions.add(WSSConstants.ENCRYPT_WITH_KERBEROS_TOKEN);
+ } else if
(single[i].equals(ConfigurationConstants.KERBEROS_TOKEN)) {
+ actions.add(WSSConstants.KERBEROS_TOKEN);
}
}
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java?rev=1490356&r1=1490355&r2=1490356&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
Thu Jun 6 16:50:49 2013
@@ -21,6 +21,7 @@ package org.apache.wss4j.stax.ext;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.stax.impl.processor.output.*;
import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.stax.ext.OutboundSecurityContext;
import org.apache.xml.security.stax.ext.OutputProcessor;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.impl.DocumentContextImpl;
@@ -86,7 +87,10 @@ public class OutboundWSSec {
public XMLStreamWriter processOutMessage(
OutputStream outputStream, String encoding, List<SecurityEvent>
requestSecurityEvents,
SecurityEventListener securityEventListener) throws
WSSecurityException {
- return processOutMessage((Object) outputStream, encoding,
requestSecurityEvents, securityEventListener);
+ final OutboundSecurityContextImpl outboundSecurityContext = new
OutboundSecurityContextImpl();
+ outboundSecurityContext.putList(SecurityEvent.class,
requestSecurityEvents);
+
outboundSecurityContext.addSecurityEventListener(securityEventListener);
+ return processOutMessage((Object) outputStream, encoding,
outboundSecurityContext);
}
/**
@@ -100,16 +104,28 @@ public class OutboundWSSec {
public XMLStreamWriter processOutMessage(
XMLStreamWriter xmlStreamWriter, String encoding,
List<SecurityEvent> requestSecurityEvents,
SecurityEventListener securityEventListener) throws
WSSecurityException {
- return processOutMessage((Object) xmlStreamWriter, encoding,
requestSecurityEvents, securityEventListener);
- }
-
- private XMLStreamWriter processOutMessage(
- Object output, String encoding, List<SecurityEvent>
requestSecurityEvents,
- SecurityEventListener securityEventListener) throws
WSSecurityException {
-
final OutboundSecurityContextImpl outboundSecurityContext = new
OutboundSecurityContextImpl();
outboundSecurityContext.putList(SecurityEvent.class,
requestSecurityEvents);
outboundSecurityContext.addSecurityEventListener(securityEventListener);
+ return processOutMessage((Object) xmlStreamWriter, encoding,
outboundSecurityContext);
+ }
+
+ /**
+ * This method is the entry point for the incoming security-engine.
+ * Hand over the original XMLStreamWriter and use the returned one for
further processing
+ *
+ * @param xmlStreamWriter The original outputStream
+ * @return A new XMLStreamWriter which does transparently the security
processing.
+ * @throws WSSecurityException thrown when a Security failure occurs
+ */
+ public XMLStreamWriter processOutMessage(
+ XMLStreamWriter xmlStreamWriter, String encoding,
OutboundSecurityContext outbounSecurityContext) throws WSSecurityException {
+ return processOutMessage((Object) xmlStreamWriter, encoding,
outbounSecurityContext);
+ }
+
+ public XMLStreamWriter processOutMessage(
+ Object output, String encoding, OutboundSecurityContext
outboundSecurityContext
+ ) throws WSSecurityException {
final DocumentContextImpl documentContext = new DocumentContextImpl();
documentContext.setEncoding(encoding);
@@ -223,6 +239,10 @@ public class OutboundWSSec {
final EncryptOutputProcessor encryptOutputProcessor = new
EncryptOutputProcessor();
initializeOutputProcessor(outputProcessorChain,
encryptOutputProcessor, action);
+ } else if (WSSConstants.KERBEROS_TOKEN.equals(action)) {
+ final KerberosSecurityTokenOutputProcessor
kerberosTokenOutputProcessor =
+ new KerberosSecurityTokenOutputProcessor();
+ initializeOutputProcessor(outputProcessorChain,
kerberosTokenOutputProcessor, action);
}
}
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java?rev=1490356&r1=1490355&r2=1490356&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java
Thu Jun 6 16:50:49 2013
@@ -266,6 +266,7 @@ public class WSSConstants extends XMLSec
public static final String NS_WSS_ENC_KEY_VALUE_TYPE =
NS11_SOAPMESSAGE_SECURITY + "#EncryptedKey";
+ public static final String PROP_USE_THIS_TOKEN_ID_FOR_BST =
"PROP_USE_THIS_TOKEN_ID_FOR_BST";
public static final String PROP_USE_THIS_TOKEN_ID_FOR_DERIVED_KEY =
"PROP_USE_THIS_TOKEN_ID_FOR_DERIVED_KEY";
public static final String PROP_USE_THIS_TOKEN_ID_FOR_SECURITYCONTEXTTOKEN
= "PROP_USE_THIS_TOKEN_ID_FOR_SECURITYCONTEXTTOKEN";
@@ -280,6 +281,7 @@ public class WSSConstants extends XMLSec
public static final Action SAML_TOKEN_UNSIGNED = new
Action(ConfigurationConstants.SAML_TOKEN_UNSIGNED);
public static final Action SIGNATURE_WITH_KERBEROS_TOKEN = new
Action("SignatureWithKerberosToken");
public static final Action ENCRYPT_WITH_KERBEROS_TOKEN = new
Action("EncryptWithKerberosToken");
+ public static final Action KERBEROS_TOKEN = new Action("KerberosToken");
public static final AlgorithmUsage Comp_Key = new
AlgorithmUsage("Comp_Key");
public static final AlgorithmUsage Enc_KD = new AlgorithmUsage("Enc_KD");
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/KerberosSecurityTokenOutputProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/KerberosSecurityTokenOutputProcessor.java?rev=1490356&r1=1490355&r2=1490356&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/KerberosSecurityTokenOutputProcessor.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/KerberosSecurityTokenOutputProcessor.java
Thu Jun 6 16:50:49 2013
@@ -52,48 +52,54 @@ public class KerberosSecurityTokenOutput
XMLSecurityConstants.Action action = getAction();
- final KerberosClientSecurityToken kerberosClientSecurityToken =
- new KerberosClientSecurityToken(
- ((WSSSecurityProperties)
getSecurityProperties()).getCallbackHandler(),
- bstId
- );
-
-
- final SecurityTokenProvider<OutboundSecurityToken>
kerberosSecurityTokenProvider =
- new SecurityTokenProvider<OutboundSecurityToken>() {
-
- @Override
- public OutboundSecurityToken getSecurityToken() throws
WSSecurityException {
- return kerberosClientSecurityToken;
- }
-
- @Override
- public String getId() {
- return bstId;
- }
- };
+ String tokenId =
+
outputProcessorChain.getSecurityContext().get(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_BST);
+ KerberosClientSecurityToken kerberosToken = null;
+ if (tokenId != null) {
+ SecurityTokenProvider<OutboundSecurityToken>
securityTokenProvider =
+
outputProcessorChain.getSecurityContext().getSecurityTokenProvider(tokenId);
+ kerberosToken =
(KerberosClientSecurityToken)securityTokenProvider.getSecurityToken();
+ }
+ if (kerberosToken == null) {
+ final KerberosClientSecurityToken kerberosClientSecurityToken =
+ new KerberosClientSecurityToken(
+ ((WSSSecurityProperties)
getSecurityProperties()).getCallbackHandler(),
+ bstId
+ );
+
+ final SecurityTokenProvider<OutboundSecurityToken>
kerberosSecurityTokenProvider =
+ new SecurityTokenProvider<OutboundSecurityToken>() {
+
+ @Override
+ public OutboundSecurityToken getSecurityToken() throws
WSSecurityException {
+ return kerberosClientSecurityToken;
+ }
+
+ @Override
+ public String getId() {
+ return bstId;
+ }
+ };
+
+
outputProcessorChain.getSecurityContext().registerSecurityTokenProvider(bstId,
kerberosSecurityTokenProvider);
+ kerberosToken = kerberosClientSecurityToken;
+ }
+ FinalKerberosSecurityTokenOutputProcessor
finalKerberosSecurityTokenOutputProcessor =
+ new FinalKerberosSecurityTokenOutputProcessor(kerberosToken);
+
finalKerberosSecurityTokenOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
+ finalKerberosSecurityTokenOutputProcessor.setAction(getAction());
+
if (WSSConstants.SIGNATURE_WITH_KERBEROS_TOKEN.equals(action)) {
outputProcessorChain.getSecurityContext().put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE,
bstId);
- FinalKerberosSecurityTokenOutputProcessor
finalKerberosSecurityTokenOutputProcessor =
- new
FinalKerberosSecurityTokenOutputProcessor(kerberosClientSecurityToken);
-
finalKerberosSecurityTokenOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
-
finalKerberosSecurityTokenOutputProcessor.setAction(getAction());
finalKerberosSecurityTokenOutputProcessor.addBeforeProcessor(WSSSignatureOutputProcessor.class.getName());
-
finalKerberosSecurityTokenOutputProcessor.init(outputProcessorChain);
-
kerberosClientSecurityToken.setProcessor(finalKerberosSecurityTokenOutputProcessor);
} else if
(WSSConstants.ENCRYPT_WITH_KERBEROS_TOKEN.equals(action)) {
outputProcessorChain.getSecurityContext().put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION,
bstId);
- FinalKerberosSecurityTokenOutputProcessor
finalKerberosSecurityTokenOutputProcessor =
- new
FinalKerberosSecurityTokenOutputProcessor(kerberosClientSecurityToken);
-
finalKerberosSecurityTokenOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
-
finalKerberosSecurityTokenOutputProcessor.setAction(getAction());
finalKerberosSecurityTokenOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
-
finalKerberosSecurityTokenOutputProcessor.init(outputProcessorChain);
-
kerberosClientSecurityToken.setProcessor(finalKerberosSecurityTokenOutputProcessor);
}
+
finalKerberosSecurityTokenOutputProcessor.init(outputProcessorChain);
+
kerberosToken.setProcessor(finalKerberosSecurityTokenOutputProcessor);
-
outputProcessorChain.getSecurityContext().registerSecurityTokenProvider(bstId,
kerberosSecurityTokenProvider);
} finally {
outputProcessorChain.removeProcessor(this);
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosClientSecurityToken.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosClientSecurityToken.java?rev=1490356&r1=1490355&r2=1490356&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosClientSecurityToken.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosClientSecurityToken.java
Thu Jun 6 16:50:49 2013
@@ -45,6 +45,12 @@ public class KerberosClientSecurityToken
private Key secretKey;
private byte[] ticket;
+ public KerberosClientSecurityToken(byte[] ticket, Key secretKey, String
id) {
+ super(id, WSSecurityTokenConstants.KerberosToken);
+ this.ticket = ticket;
+ this.secretKey = secretKey;
+ }
+
public KerberosClientSecurityToken(CallbackHandler callbackHandler, String
id) {
super(id, WSSecurityTokenConstants.KerberosToken);
this.callbackHandler = callbackHandler;
