Author: werner
Date: Sun Jan 8 11:01:06 2006
New Revision: 367071
URL: http://svn.apache.org/viewcvs?rev=367071&view=rev
Log:
Check-in a first, incomplete version of a security parser example.
Added:
webservices/commons/trunk/policy/src/examples/secParser/
webservices/commons/trunk/policy/src/examples/secParser/SecurityPolicy.java
webservices/commons/trunk/policy/src/examples/secParser/SecurityPolicyToken.java
webservices/commons/trunk/policy/src/examples/secParser/SecurityProcessorContext.java
webservices/commons/trunk/policy/src/examples/secParser/WSSPolicyProcessorFull.java
- copied, changed from r359534,
webservices/commons/trunk/policy/src/examples/WSSPolicyProcessorFull.java
Removed:
webservices/commons/trunk/policy/src/examples/WSSPolicyProcessorFull.java
Added:
webservices/commons/trunk/policy/src/examples/secParser/SecurityPolicy.java
URL:
http://svn.apache.org/viewcvs/webservices/commons/trunk/policy/src/examples/secParser/SecurityPolicy.java?rev=367071&view=auto
==============================================================================
--- webservices/commons/trunk/policy/src/examples/secParser/SecurityPolicy.java
(added)
+++ webservices/commons/trunk/policy/src/examples/secParser/SecurityPolicy.java
Sun Jan 8 11:01:06 2006
@@ -0,0 +1,451 @@
+/*
+ * Created on 28.12.2005
+ *
+ * To change the template for this generated file go to
+ * Window>Preferences>Java>Code Generation>Code and Comments
+ */
+package examples.secParser;
+
+import java.util.ArrayList;
+
+public class SecurityPolicy {
+
+ SecurityPolicyToken signedParts = new SecurityPolicyToken("SignedParts",
+ SecurityPolicyToken.COMPLEX_TOKEN, true, null);
+
+ SecurityPolicyToken header = new SecurityPolicyToken("Header",
+ SecurityPolicyToken.SIMPLE_TOKEN, true, new String[] { "Name",
+ "NameSpace" });
+
+ SecurityPolicyToken body = new SecurityPolicyToken("Body",
+ SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken signedElements = new SecurityPolicyToken(
+ "SignedElements", SecurityPolicyToken.COMPLEX_TOKEN, true,
+ new String[] { "XPathVersion" });
+
+ SecurityPolicyToken xPath = new SecurityPolicyToken(
+ "Body",
+ SecurityPolicyToken.SIMPLE_TOKEN |
SecurityPolicyToken.WITH_CONTENT,
+ true, null);
+
+ SecurityPolicyToken encryptedParts = new SecurityPolicyToken(
+ "EncryptedParts", SecurityPolicyToken.COMPLEX_TOKEN, true, null);
+
+ SecurityPolicyToken encryptedElements = new SecurityPolicyToken(
+ "EncryptedElements", SecurityPolicyToken.COMPLEX_TOKEN, true,
+ new String[] { "XPathVersion" });
+
+ SecurityPolicyToken requiredElements = new SecurityPolicyToken(
+ "RequiredElements", SecurityPolicyToken.COMPLEX_TOKEN, true,
+ new String[] { "XPathVersion" });
+
+ SecurityPolicyToken usernameToken = new SecurityPolicyToken(
+ "UsernameToken", SecurityPolicyToken.COMPLEX_TOKEN, true,
+ new String[] { "IncludeToken" });
+
+ SecurityPolicyToken wssUsernameToken10 = new SecurityPolicyToken(
+ "WssUsernameToken10", SecurityPolicyToken.SIMPLE_TOKEN, true,
null);
+
+ SecurityPolicyToken wssUsernameToken11 = new SecurityPolicyToken(
+ "WssUsernameToken11", SecurityPolicyToken.SIMPLE_TOKEN, true,
null);
+
+ SecurityPolicyToken issuedToken = new SecurityPolicyToken("IssuedToken",
+ SecurityPolicyToken.COMPLEX_TOKEN, true,
+ new String[] { "IncludeToken" });
+
+ SecurityPolicyToken issuer = new SecurityPolicyToken(
+ "Issuer",
+ SecurityPolicyToken.SIMPLE_TOKEN |
SecurityPolicyToken.WITH_CONTENT,
+ true, null);
+
+ SecurityPolicyToken requestSecurityTokenTemplate = new SecurityPolicyToken(
+ "RequestSecurityTokenTemplate", SecurityPolicyToken.COMPLEX_TOKEN
+ | SecurityPolicyToken.WITH_CONTENT, true,
+ new String[] { "TrustVersion" });
+
+ SecurityPolicyToken requireDerivedKeys = new SecurityPolicyToken(
+ "RequireDerivedKeys", SecurityPolicyToken.SIMPLE_TOKEN, true,
null);
+
+ SecurityPolicyToken requireExternalReference = new SecurityPolicyToken(
+ "RequireExternalReference", SecurityPolicyToken.SIMPLE_TOKEN, true,
+ null);
+
+ SecurityPolicyToken requireInternalReference = new SecurityPolicyToken(
+ "RequireInternalReference", SecurityPolicyToken.SIMPLE_TOKEN, true,
+ null);
+
+ SecurityPolicyToken x509Token = new SecurityPolicyToken("X509Token",
+ SecurityPolicyToken.COMPLEX_TOKEN, true,
+ new String[] { "IncludeToken" });
+
+ SecurityPolicyToken requireKeyIdentifierReference = new
SecurityPolicyToken(
+ "RequireKeyIdentifierReference", SecurityPolicyToken.SIMPLE_TOKEN,
+ true, null);
+
+ SecurityPolicyToken requireIssuerSerialReference = new SecurityPolicyToken(
+ "RequireIssuerSerialReference", SecurityPolicyToken.SIMPLE_TOKEN,
+ true, null);
+
+ SecurityPolicyToken requiredEmbeddedTokenReference = new
SecurityPolicyToken(
+ "RequiredEmbeddedTokenReference", SecurityPolicyToken.SIMPLE_TOKEN,
+ true, null);
+
+ SecurityPolicyToken requireThumbprintReference = new SecurityPolicyToken(
+ "RequireThumbprintReference", SecurityPolicyToken.SIMPLE_TOKEN,
+ true, null);
+
+ SecurityPolicyToken wssX509V1Token10 = new SecurityPolicyToken(
+ "WssX509V1Token10", SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken wssX509V3Token10 = new SecurityPolicyToken(
+ "WssX509V3Token10", SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken wssX509Pkcs7Token10 = new SecurityPolicyToken(
+ "WssX509Pkcs7Token10", SecurityPolicyToken.SIMPLE_TOKEN, true,
null);
+
+ SecurityPolicyToken wssX509PkiPathV1Token10 = new SecurityPolicyToken(
+ "WssX509PkiPathV1Token10", SecurityPolicyToken.SIMPLE_TOKEN, true,
+ null);
+
+ SecurityPolicyToken wssX509V1Token11 = new SecurityPolicyToken(
+ "WssX509V1Token11", SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken wssX509V3Token11 = new SecurityPolicyToken(
+ "WssX509V3Token11", SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken wssX509Pkcs7Token11 = new SecurityPolicyToken(
+ "WssX509Pkcs7Token11", SecurityPolicyToken.SIMPLE_TOKEN, true,
null);
+
+ SecurityPolicyToken wssX509PkiPathV1Token11 = new SecurityPolicyToken(
+ "WssX509PkiPathV1Token11", SecurityPolicyToken.SIMPLE_TOKEN, true,
+ null);
+
+ SecurityPolicyToken kerberosToken = new SecurityPolicyToken(
+ "KerberosToken", SecurityPolicyToken.COMPLEX_TOKEN, true,
+ new String[] { "IncludeToken" });
+
+ // requireDerivedKeys already defined for issuedToken
+ // requireKeyIdentifierReference already defined for x509Token
+ SecurityPolicyToken wssKerberosV5ApReqToken11 = new SecurityPolicyToken(
+ "WssKerberosV5ApReqToken11", SecurityPolicyToken.SIMPLE_TOKEN,
+ true, null);
+
+ SecurityPolicyToken wssGssKerberosV5ApReqToken11 = new SecurityPolicyToken(
+ "WssGssKerberosV5ApReqToken11", SecurityPolicyToken.SIMPLE_TOKEN,
+ true, null);
+
+ SecurityPolicyToken spnegoContextToken = new SecurityPolicyToken(
+ "SpnegoContextToken", SecurityPolicyToken.COMPLEX_TOKEN, true,
+ new String[] { "IncludeToken" });
+
+ // issuer already defined for issuedToken
+ // requireDerivedKeys already defined for issuedToken
+
+ SecurityPolicyToken securityContextToken = new SecurityPolicyToken(
+ "SecurityContextToken", SecurityPolicyToken.COMPLEX_TOKEN, true,
+ new String[] { "IncludeToken" });
+
+ // requireDerivedKeys already defined for issuedToken
+ SecurityPolicyToken requireExternalUriReference = new SecurityPolicyToken(
+ "RequireExternalUriReference", SecurityPolicyToken.SIMPLE_TOKEN,
+ true, null);
+
+ SecurityPolicyToken sc10SecurityContextToken = new SecurityPolicyToken(
+ "SC10SecurityContextToken", SecurityPolicyToken.SIMPLE_TOKEN, true,
+ null);
+
+ SecurityPolicyToken secureConversationToken = new SecurityPolicyToken(
+ "SecureConversationToken", SecurityPolicyToken.COMPLEX_TOKEN, true,
+ new String[] { "IncludeToken" });
+
+ // issuer already defined for issuedToken
+ // requireDerivedKeys already defined for issuedToken
+ // requireExternalUriReference is already defined for SecurityContextToken
+ // sc10SecurityContextToken is already defined for SecurityContextToken
+ SecurityPolicyToken bootstrapPolicy = new SecurityPolicyToken(
+ "BootstrapPolicy", SecurityPolicyToken.COMPLEX_TOKEN, true, null);
+
+ SecurityPolicyToken samlToken = new SecurityPolicyToken("SamlToken",
+ SecurityPolicyToken.COMPLEX_TOKEN, true,
+ new String[] { "IncludeToken" });
+
+ // requireDerivedKeys already defined for issuedToken
+ // requireKeyIdentifierReference already defined for x509Token
+ SecurityPolicyToken wssSamlV10Token10 = new SecurityPolicyToken(
+ "WssSamlV10Token10", SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken wssSamlV11Token10 = new SecurityPolicyToken(
+ "WssSamlV11Token10", SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken wssSamlV10Token11 = new SecurityPolicyToken(
+ "WssSamlV10Token11", SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken wssSamlV11Token11 = new SecurityPolicyToken(
+ "WssSamlV11Token11", SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken wssSamlV20Token11 = new SecurityPolicyToken(
+ "WssSamlV20Token11", SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken relToken = new SecurityPolicyToken("RelToken",
+ SecurityPolicyToken.COMPLEX_TOKEN, true,
+ new String[] { "IncludeToken" });
+
+ // requireDerivedKeys already defined for issuedToken
+ // requireKeyIdentifierReference already defined for x509Token
+ SecurityPolicyToken wssRelV10Token10 = new SecurityPolicyToken(
+ "WssRelV10Token10", SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken wssRelV20Token10 = new SecurityPolicyToken(
+ "WssRelV20Token10", SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken wssRelV10Token11 = new SecurityPolicyToken(
+ "WssRelV10Token11", SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken wssRelV20Token11 = new SecurityPolicyToken(
+ "WssRelV20Token11", SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken httpsToken = new SecurityPolicyToken("RelToken",
+ SecurityPolicyToken.COMPLEX_TOKEN, true,
+ new String[] { "RequireClientCertificate" });
+
+ SecurityPolicyToken algorithmSuite = new SecurityPolicyToken("RelToken",
+ SecurityPolicyToken.COMPLEX_TOKEN, true, null);
+
+ SecurityPolicyToken basic256 = new SecurityPolicyToken("Basic256",
+ SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken basic192 = new SecurityPolicyToken("Basic192",
+ SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken basic128 = new SecurityPolicyToken("Basic128",
+ SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken tripleDes = new SecurityPolicyToken("TripleDes",
+ SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken basic256Rsa15 = new SecurityPolicyToken(
+ "Basic256Rsa15", SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken basic192Rsa15 = new SecurityPolicyToken(
+ "Basic192Rsa15", SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken basic128Rsa15 = new SecurityPolicyToken(
+ "Basic128Rsa15", SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken tripleDesRsa15 = new SecurityPolicyToken(
+ "TripleDesRsa15", SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken basic256Sha256 = new SecurityPolicyToken(
+ "Basic256Sha256", SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken basic192Sha256 = new SecurityPolicyToken(
+ "Basic192Sha256", SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken basic128Sha256 = new SecurityPolicyToken(
+ "Basic128Sha256", SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken tripleDesSha256 = new SecurityPolicyToken(
+ "TripleDesSha256", SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken basic256Sha256Rsa15 = new SecurityPolicyToken(
+ "Basic256Sha256Rsa15", SecurityPolicyToken.SIMPLE_TOKEN, true,
null);
+
+ SecurityPolicyToken basic192Sha256Rsa15 = new SecurityPolicyToken(
+ "Basic192Sha256Rsa15", SecurityPolicyToken.SIMPLE_TOKEN, true,
null);
+
+ SecurityPolicyToken basic128Sha256Rsa15 = new SecurityPolicyToken(
+ "Basic128Sha256Rsa15", SecurityPolicyToken.SIMPLE_TOKEN, true,
null);
+
+ SecurityPolicyToken tripleDesSha256Rsa15 = new SecurityPolicyToken(
+ "TripleDesSha256Rsa15", SecurityPolicyToken.SIMPLE_TOKEN, true,
+ null);
+
+ SecurityPolicyToken inclusiveC14N = new SecurityPolicyToken(
+ "InclusiveC14N", SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken soapNormalization10 = new SecurityPolicyToken(
+ "SoapNormalization10", SecurityPolicyToken.SIMPLE_TOKEN, true,
null);
+
+ SecurityPolicyToken strTransform10 = new SecurityPolicyToken(
+ "StrTransform10", SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken xPath10 = new SecurityPolicyToken("XPath10",
+ SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken xPathFilter20 = new SecurityPolicyToken(
+ "XPathFilter20", SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken layout = new SecurityPolicyToken("Layout",
+ SecurityPolicyToken.COMPLEX_TOKEN, true, null);
+
+ SecurityPolicyToken strict = new SecurityPolicyToken("Strict",
+ SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken lax = new SecurityPolicyToken("Lax",
+ SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken laxTsFirst = new SecurityPolicyToken("LaxTsFirst",
+ SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken laxTsLast = new SecurityPolicyToken("LaxTsLast",
+ SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken transportBinding = new SecurityPolicyToken(
+ "TransportBinding", SecurityPolicyToken.COMPLEX_TOKEN, true, null);
+
+ SecurityPolicyToken transportToken = new SecurityPolicyToken(
+ "TransportToken", SecurityPolicyToken.COMPLEX_TOKEN, true, null);
+
+ // algorithmSuite and layout see above
+ SecurityPolicyToken includeTimestamp = new SecurityPolicyToken(
+ "IncludeTimestamp", SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken symmetricBinding = new SecurityPolicyToken(
+ "SymmetricBinding", SecurityPolicyToken.COMPLEX_TOKEN, true, null);
+
+ SecurityPolicyToken encryptionToken = new SecurityPolicyToken(
+ "EncryptionToken", SecurityPolicyToken.COMPLEX_TOKEN, true, null);
+
+ SecurityPolicyToken signatureToken = new SecurityPolicyToken(
+ "SignatureToken", SecurityPolicyToken.COMPLEX_TOKEN, true, null);
+
+ SecurityPolicyToken protectionToken = new SecurityPolicyToken(
+ "ProtectionToken", SecurityPolicyToken.COMPLEX_TOKEN, true, null);
+
+ // algorithmSuite and layout see above
+ // includeTimestamp already defined for transport binding
+ SecurityPolicyToken encryptBeforeSigning = new SecurityPolicyToken(
+ "EncryptBeforeSigning", SecurityPolicyToken.SIMPLE_TOKEN, true,
+ null);
+
+ SecurityPolicyToken encryptSignature = new SecurityPolicyToken(
+ "EncryptSignature", SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken protectTokens = new SecurityPolicyToken(
+ "ProtectTokens", SecurityPolicyToken.SIMPLE_TOKEN, true, null);
+
+ SecurityPolicyToken onlySignEntireHeadersAndBody = new SecurityPolicyToken(
+ "OnlySignEntireHeadersAndBody", SecurityPolicyToken.SIMPLE_TOKEN,
+ true, null);
+
+ SecurityPolicyToken asymmetricBinding = new SecurityPolicyToken(
+ "AsymmetricBinding", SecurityPolicyToken.COMPLEX_TOKEN, true,
null);
+
+ SecurityPolicyToken initiatorToken = new SecurityPolicyToken(
+ "InitiatorToken", SecurityPolicyToken.COMPLEX_TOKEN, true, null);
+
+ SecurityPolicyToken receipientToken = new SecurityPolicyToken(
+ "ReceipientToken", SecurityPolicyToken.COMPLEX_TOKEN, true, null);
+
+ // all other tokens for asymmetric already defined above
+
+ SecurityPolicyToken supportingTokens = new SecurityPolicyToken(
+ "SupportingTokens", SecurityPolicyToken.COMPLEX_TOKEN, true, null);
+
+ SecurityPolicyToken signedSupportingTokens = new SecurityPolicyToken(
+ "SignedSupportingTokens", SecurityPolicyToken.COMPLEX_TOKEN, true,
+ null);
+
+ SecurityPolicyToken endorsingSupportingTokens = new SecurityPolicyToken(
+ "EndorsingSupportingTokens", SecurityPolicyToken.COMPLEX_TOKEN,
+ true, null);
+
+ SecurityPolicyToken signedEndorsingSupportingTokens = new
SecurityPolicyToken(
+ "SignedEndorsingSupportingTokens",
+ SecurityPolicyToken.COMPLEX_TOKEN, true, null);
+
+ SecurityPolicyToken wss10 = new SecurityPolicyToken("wss10",
+ SecurityPolicyToken.COMPLEX_TOKEN, true, null);
+
+ SecurityPolicyToken mustSupportRefKeyIdentifier = new SecurityPolicyToken(
+ "MustSupportRefKeyIdentifier", SecurityPolicyToken.SIMPLE_TOKEN,
+ true, null);
+
+ SecurityPolicyToken mustSupportRefIssuerSerial = new SecurityPolicyToken(
+ "MustSupportRefIssuerSerial", SecurityPolicyToken.SIMPLE_TOKEN,
+ true, null);
+
+ SecurityPolicyToken mustSupportRefExternalUri = new SecurityPolicyToken(
+ "MustSupportRefExternalUri", SecurityPolicyToken.SIMPLE_TOKEN,
+ true, null);
+
+ SecurityPolicyToken mustSupportRefEmbeddedToken = new SecurityPolicyToken(
+ "MustSupportRefEmbeddedToken", SecurityPolicyToken.SIMPLE_TOKEN,
+ true, null);
+
+ SecurityPolicyToken wss11 = new SecurityPolicyToken("wss11",
+ SecurityPolicyToken.COMPLEX_TOKEN, true, null);
+
+ // all from wss10
+ SecurityPolicyToken mustSupportRefKeyThumbprint = new SecurityPolicyToken(
+ "mustSupportRefKeyThumbprint", SecurityPolicyToken.SIMPLE_TOKEN,
+ true, null);
+
+ SecurityPolicyToken mustSupportRefKeyEncryptedKey = new
SecurityPolicyToken(
+ "mustSupportRefKeyEncryptedKey", SecurityPolicyToken.SIMPLE_TOKEN,
+ true, null);
+
+ SecurityPolicyToken requireSignatureConfirmation = new SecurityPolicyToken(
+ "requireSignatureConfirmation", SecurityPolicyToken.SIMPLE_TOKEN,
+ true, null);
+
+ SecurityPolicyToken trust10 = new SecurityPolicyToken("trust10",
+ SecurityPolicyToken.COMPLEX_TOKEN, true, null);
+
+ SecurityPolicyToken mustSupportClientChallenge = new SecurityPolicyToken(
+ "mustSupportClientChallenge", SecurityPolicyToken.SIMPLE_TOKEN,
+ true, null);
+
+ SecurityPolicyToken mustSupportServerChallenge = new SecurityPolicyToken(
+ "mustSupportServerChallenge", SecurityPolicyToken.SIMPLE_TOKEN,
+ true, null);
+
+ SecurityPolicyToken requireClientEntropy = new SecurityPolicyToken(
+ "requireClientEntropy", SecurityPolicyToken.SIMPLE_TOKEN, true,
+ null);
+
+ SecurityPolicyToken requireServerEntropy = new SecurityPolicyToken(
+ "requireServerEntropy", SecurityPolicyToken.SIMPLE_TOKEN, true,
+ null);
+
+ SecurityPolicyToken mustSupportIssuedTokens = new SecurityPolicyToken(
+ "mustSupportIssuedTokens", SecurityPolicyToken.SIMPLE_TOKEN, true,
+ null);
+
+ String includeNever =
"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";;
+
+ String includeOnce =
"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once";;
+
+ String includeAlways =
"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always";;
+
+ /**
+ * Intialize the SignedParts complex token.
+ *
+ * This method creates a copy of the SingedParts token and sets the handler
+ * object to the copy. Then it creates copies of the child tokens that are
+ * allowed for SingedParts. These tokens are Body and Header. These copies
+ * are also initialized with the handler object and then set a schild
tokens
+ * of SingedParts.
+ *
+ * @param handler
+ * The handler object that must contain the methods
+ * <code>doSignedParts, doBody, doHeader</code>.
+ * @return the intialized SignedParts token.
+ * @throws NoSuchMethodException
+ */
+ public SecurityPolicyToken initializeSignedParts(Object handler)
+ throws NoSuchMethodException {
+ SecurityPolicyToken spt = signedParts.copy();
+ spt.setProcessTokenMethod(handler);
+
+ SecurityPolicyToken tmpSpt = body.copy();
+ tmpSpt.setProcessTokenMethod(handler);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = header.copy();
+ tmpSpt.setProcessTokenMethod(handler);
+ spt.setChildToken(tmpSpt);
+ return spt;
+ }
+}
Added:
webservices/commons/trunk/policy/src/examples/secParser/SecurityPolicyToken.java
URL:
http://svn.apache.org/viewcvs/webservices/commons/trunk/policy/src/examples/secParser/SecurityPolicyToken.java?rev=367071&view=auto
==============================================================================
---
webservices/commons/trunk/policy/src/examples/secParser/SecurityPolicyToken.java
(added)
+++
webservices/commons/trunk/policy/src/examples/secParser/SecurityPolicyToken.java
Sun Jan 8 11:01:06 2006
@@ -0,0 +1,225 @@
+/*
+ * Created on 28.12.2005
+ *
+ * To change the template for this generated file go to
+ * Window>Preferences>Java>Code Generation>Code and Comments
+ */
+package examples.secParser;
+
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.Iterator;
+
+public class SecurityPolicyToken {
+
+ /**
+ * The following values describe the type of the security token. A complex
+ * token starts a transaction because it contains nested tokens. A simple
+ * token does not contain nested tokens but stands allone an defines a
+ * simple assertion or property.
+ *
+ * If Content is set then this token contains additional text content, e.g.
+ * XPath expressions.
+ */
+ public static final int COMPLEX_TOKEN = 1;
+
+ public static final int SIMPLE_TOKEN = 2;
+
+ public static final int WITH_CONTENT = 100;
+
+ private String tokenName;
+
+ private int tokenType = 0;
+
+ private boolean supported = false;
+
+ private String[] attributes = null;
+
+ private Object handler = null;
+
+ private Method processTokenMethod = null;
+
+ private ArrayList childTokens = null;
+
+ /**
+ * Create a SecurityPolicyToken data structure.
+ *
+ * @param token
+ * The name of the token, equals to to local name of the XML
+ * element
+ * @param type
+ * Type of the token. Either complex or simple. Can have a flag
+ * if the token containes some data.
+ * @param sup
+ * If true the processor supports this token and the enforcer
can
+ * work with it,
+ * @param attribs
+ * The names of allowed attributes on this token
+ * @param h
+ * The handler object that implements the processing method. The
+ * name of a processing method is constructed by prepending a
+ * "do" to the token name
+ * @throws SecurityException
+ * @throws NoSuchMethodException
+ */
+ public SecurityPolicyToken(String token, int type, boolean sup,
+ String[] attribs, Object h) throws SecurityException,
+ NoSuchMethodException {
+ this(token, type, sup, attribs);
+
+ setProcessTokenMethod(h);
+ }
+
+ /**
+ * Create a SecurityPolicyToken data structure.
+ *
+ * @param token
+ * The name of the token, equals to to local name of the XML
+ * element
+ * @param type
+ * Type of the token. Either complex or simple. Can have a flag
+ * if the token containes some data.
+ * @param sup
+ * If true the processor supports this token and the enforcer
can
+ * work with it,
+ * @param attribs
+ * The names of allowed attributes on this token processing
+ * method is constructed by prepending a "do" to the token name
+ */
+ public SecurityPolicyToken(String token, int type, boolean sup,
+ String[] attribs) {
+ tokenName = token;
+ tokenType = type;
+ supported = sup;
+ attributes = attribs;
+
+ if (tokenType == COMPLEX_TOKEN) {
+ childTokens = new ArrayList();
+ }
+ }
+
+ /**
+ * @return Returns the attributes.
+ */
+ public String[] getAttributes() {
+ return attributes;
+ }
+
+ /**
+ * Set the method which processes this security token.
+ *
+ * @param h
+ * The handler object that implements the processing method. The
+ * name of a processing method is constructed by prepending a
+ * "do" to the token name.
+ *
+ * @throws NoSuchMethodException
+ */
+ public void setProcessTokenMethod(Object h) throws NoSuchMethodException {
+
+ if (h == null) {
+ return;
+ }
+ handler = h;
+ Class handlerCls = h.getClass();
+ Class[] parameters = new Class[] { SecurityProcessorContext.class };
+
+ processTokenMethod = handlerCls.getDeclaredMethod("do" + tokenName,
+ parameters);
+ }
+
+ /**
+ * Invoke the processing method for this token.
+ *
+ * @param spc
+ * The SecurityProcessContext handed over to the processing
+ * method
+ * @return True if the token is processed successfully
+ * @throws IllegalArgumentException
+ * @throws IllegalAccessException
+ * @throws InvocationTargetException
+ */
+ public boolean invokeProcessTokenMethod(SecurityProcessorContext spc)
+ throws IllegalArgumentException, IllegalAccessException,
+ InvocationTargetException {
+
+ if (processTokenMethod == null) {
+ return false;
+ }
+ Object[] parameter = new Object[] { spc };
+ Object ret = processTokenMethod.invoke(handler, parameter);
+ Boolean bool;
+ if (ret instanceof Boolean) {
+ bool = (Boolean) ret;
+ return bool.booleanValue();
+ }
+ return false;
+ }
+
+ /**
+ * @return Returns the supported.
+ */
+ public boolean isSupported() {
+ return supported;
+ }
+
+ /**
+ * @return Returns the tokenName.
+ */
+ public String getTokenName() {
+ return tokenName;
+ }
+
+ /**
+ * Add a Child token to this complex token.
+ *
+ * @param spt
+ * The child token to add to this Complex token
+ */
+ public void setChildToken(SecurityPolicyToken spt) {
+ childTokens.add(spt);
+ }
+
+ /**
+ * Gets a named child token,
+ *
+ * @param sptName
+ * The token name to check for
+ * @return the SecurityPolicyToken if this token contains the named token
as
+ * child token, null otherwise.
+ */
+ public SecurityPolicyToken getChildToken(String sptName) {
+ Iterator it = childTokens.iterator();
+ while (it.hasNext()) {
+ SecurityPolicyToken tmpSpt = (SecurityPolicyToken) it.next();
+ if (sptName.equals(tmpSpt.getTokenName())) {
+ return tmpSpt;
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Copy this SecurityPolicyToken and return the copy.
+ *
+ * Produce a copy of this SPT. The imutable fields (token name, token type,
+ * supported, and attributes) are copied by reference. The child tokens are
+ * copied by value thus they can be modified. The handler object and the
+ * associated processing method are not copied and must be intialized.
+ *
+ * @return A new SecurityPolicyToken
+ */
+ public SecurityPolicyToken copy() {
+ SecurityPolicyToken spt = new SecurityPolicyToken(tokenName, tokenType,
+ supported, attributes);
+ if (childTokens != null) {
+ Iterator it = childTokens.iterator();
+ while (it.hasNext()) {
+ SecurityPolicyToken tmpSpt = (SecurityPolicyToken) it.next();
+ spt.setChildToken(tmpSpt);
+ }
+ }
+ return spt;
+ }
+}
Added:
webservices/commons/trunk/policy/src/examples/secParser/SecurityProcessorContext.java
URL:
http://svn.apache.org/viewcvs/webservices/commons/trunk/policy/src/examples/secParser/SecurityProcessorContext.java?rev=367071&view=auto
==============================================================================
---
webservices/commons/trunk/policy/src/examples/secParser/SecurityProcessorContext.java
(added)
+++
webservices/commons/trunk/policy/src/examples/secParser/SecurityProcessorContext.java
Sun Jan 8 11:01:06 2006
@@ -0,0 +1,15 @@
+/*
+ * Created on 28.12.2005
+ *
+ * To change the template for this generated file go to
+ * Window>Preferences>Java>Code Generation>Code and Comments
+ */
+package examples.secParser;
+
+public class SecurityProcessorContext {
+
+ public SecurityProcessorContext() {
+
+ }
+
+}
Copied:
webservices/commons/trunk/policy/src/examples/secParser/WSSPolicyProcessorFull.java
(from r359534,
webservices/commons/trunk/policy/src/examples/WSSPolicyProcessorFull.java)
URL:
http://svn.apache.org/viewcvs/webservices/commons/trunk/policy/src/examples/secParser/WSSPolicyProcessorFull.java?p2=webservices/commons/trunk/policy/src/examples/secParser/WSSPolicyProcessorFull.java&p1=webservices/commons/trunk/policy/src/examples/WSSPolicyProcessorFull.java&r1=359534&r2=367071&rev=367071&view=diff
==============================================================================
--- webservices/commons/trunk/policy/src/examples/WSSPolicyProcessorFull.java
(original)
+++
webservices/commons/trunk/policy/src/examples/secParser/WSSPolicyProcessorFull.java
Sun Jan 8 11:01:06 2006
@@ -14,11 +14,12 @@
* limitations under the License.
*/
-package examples;
+package examples.secParser;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
+import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
@@ -31,200 +32,248 @@
import org.apache.ws.policy.util.PolicyReader;
import org.apache.ws.policy.util.PolicyFactory;
+
/**
* @author Werner Dittmann ([EMAIL PROTECTED])
*/
public class WSSPolicyProcessorFull {
- FileInputStream fis = null;
+ FileInputStream fis = null;
- PolicyReader prdr = null;
+ PolicyReader prdr = null;
- Policy merged = null;
+ Policy merged = null;
- int level = 0;
+ int level = 0;
- public static void main(String[] args) throws Exception {
-
- WSSPolicyProcessorFull processor = new WSSPolicyProcessorFull();
- processor.setup();
- String[] files = new String[1];
- files[0] = "policy/src/examples/policy2.xml";
- processor.go(files);
- System.out
- .println("\n
----------------------------------------------------");
- files = new String[2];
- files[0] = "policy/src/examples/SecurityPolicyBindings.xml";
- files[1] = "policy/src/examples/SecurityPolicyMsg.xml";
- processor.go(files);
- }
-
- void setup() {
- prdr =
PolicyFactory.getPolicyReader(PolicyFactory.OM_POLICY_READER);
-
- }
-
- void go(String[] args) {
-
- merged = null;
- for (int i = 0; i < args.length; i++) {
- try {
- fis = new FileInputStream(args[i]);
- } catch (FileNotFoundException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
-
- Policy newPolicy = prdr.readPolicy(fis);
- newPolicy = (Policy) newPolicy.normalize();
-
- if (merged == null) {
- merged = newPolicy;
- } else {
- merged = (Policy) merged.merge(newPolicy);
- }
- try {
- fis.close();
- } catch (IOException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
- processPolicy(merged);
- }
-
- /**
- * This method takes a normalized policy object, processes it and
returns
- * true if all assertion can be fulfilled.
- *
- * Each policy must be nromalized accordig to the WS Policy framework
- * specification. Therefore a policy has one child (wsp:ExactlyOne)
that is
- * a XorCompositeAssertion. This child may contain one or more other
terms
- * (alternatives). To match the policy one of these terms (alternatives)
- * must match. If none of the contained terms match this policy cannot
be
- * enforced.
- *
- * @param policy
- * The policy to process
- * @return True if this policy can be enforced by the policy enforcement
- * implmentation
- */
- public boolean processPolicy(Policy policy) {
-
- if (!policy.isNormalized()) {
- throw new RuntimeException("Policy is not in normalized
format");
- }
-
- /*
- *
- */
- XorCompositeAssertion xor = (XorCompositeAssertion)
policy.getTerms()
- .get(0);
- List listOfPolicyAlternatives = xor.getTerms();
-
- boolean success = false;
- int numberOfAlternatives = listOfPolicyAlternatives.size();
-
- for (int i = 0; !success && i < numberOfAlternatives; i++) {
- AndCompositeAssertion aPolicyAlternative =
(AndCompositeAssertion) listOfPolicyAlternatives
- .get(i);
-
- List listOfAssertions = aPolicyAlternative.getTerms();
-
- Iterator iterator = listOfAssertions.iterator();
- /*
- * Loop over all assertions in this alternative. If all
assertions
- * can be fulfilled then we choose this alternative and
signal a
- * success.
- */
- boolean all = true;
- while (all && iterator.hasNext()) {
- Assertion assertion = (Assertion)
iterator.next();
- if (assertion instanceof Policy) {
- all = processPolicy((Policy) assertion);
- continue;
- }
- if (!(assertion instanceof PrimitiveAssertion))
{
- System.out.println("Got a unexpected
assertion type: "
- +
assertion.getClass().getName());
- continue;
- }
- all =
processPrimitiveAssertion((PrimitiveAssertion) assertion);
- }
- /*
- * copy the status of assertion processing. If all is
true the this
- * alternative is "success"ful
- */
- success = all;
- }
- return success;
- }
-
- boolean processPrimitiveAssertion(PrimitiveAssertion pa) {
- /*
- * We need to pick only the primitive assertions which conatain
a
- * WSSecurityPolicy policy assertion. For that we'll check the
namespace
- * of the primitive assertion
- */
- boolean commit = true;
-
- if (pa.getName().getNamespaceURI().equals(
-
"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";)) {
- commit = startPolicyTransaction(pa);
- }
-
- List terms = pa.getTerms();
- if (terms.size() > 0) {
- for (int i = 0; commit && i < terms.size(); i++) {
- level++;
- Assertion assertion = (Assertion)
pa.getTerms().get(i);
- if (assertion instanceof Policy) {
- assertion = assertion.normalize();
- commit = processPolicy((Policy)
assertion);
- } else if (assertion instanceof
PrimitiveAssertion) {
- commit =
processPrimitiveAssertion((PrimitiveAssertion) assertion);
- }
- level--;
- }
- }
- if (commit) {
- commitPolicyTransaction(pa);
- } else {
- abortPolicyTransaction(pa);
- }
- return commit;
- }
-
- public boolean startPolicyTransaction(PrimitiveAssertion prim) {
-
- /*
- * May be I should be setting the configuration options in
- * WSDoAll*Handler according to this security assertion.
- */
- StringBuffer indent = new StringBuffer();
- for (int i = 0; i < level; i++) {
- indent.append(" ");
- }
- System.out.println(new String(indent) +
prim.getName().getLocalPart());
- String text = prim.getStrValue();
- if (text != null) {
- text = text.trim();
- System.out
- .println(new String(indent) + "Value: "
+ text.toString());
- }
- if (prim.getName().getLocalPart().equals("SecurityHeader"))
- return false;
- return true;
- }
-
- public void abortPolicyTransaction(PrimitiveAssertion prim) {
- System.out.println("Aborting Policy transaction "
- + prim.getName().getLocalPart());
- }
-
- public void commitPolicyTransaction(PrimitiveAssertion prim) {
- System.out.println("Commit Policy transaction "
- + prim.getName().getLocalPart());
- }
+// ArrayList securityTokens = new ArrayList();
+
+ SecurityPolicyToken topLevel = new SecurityPolicyToken("_TopLevel_",
+ SecurityPolicyToken.COMPLEX_TOKEN, true, null);
+
+ SecurityPolicy secPolicy = null;
+
+ public static void main(String[] args) throws Exception {
+
+ WSSPolicyProcessorFull processor = new WSSPolicyProcessorFull();
+ if (!processor.setup()) {
+ return;
+ }
+ String[] files = new String[1];
+ // files[0] = "policy/src/examples/policy2.xml";
+ // files[0] = "policy/src/examples/SecurityPolicyMsg.xml";
+ // processor.go(files);
+ // System.out
+ // .println("\n ----------------------------------------------------");
+ files = new String[2];
+ files[0] = "policy/src/examples/SecurityPolicyBindings.xml";
+ files[1] = "policy/src/examples/SecurityPolicyMsg.xml";
+ processor.go(files);
+ }
+
+ boolean setup() throws NoSuchMethodException {
+ prdr = PolicyFactory.getPolicyReader(PolicyFactory.OM_POLICY_READER);
+ secPolicy = new SecurityPolicy();
+
+ SecurityPolicyToken spt = secPolicy.initializeSignedParts(this);
+ topLevel.setChildToken(spt);
+
+ return true;
+ }
+
+ void go(String[] args) {
+
+ merged = null;
+ for (int i = 0; i < args.length; i++) {
+ try {
+ fis = new FileInputStream(args[i]);
+ } catch (FileNotFoundException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+
+ Policy newPolicy = prdr.readPolicy(fis);
+ newPolicy = (Policy) newPolicy.normalize();
+ // if (!newPolicy.isNormalized()) {
+ // throw new RuntimeException("newPolicy is not in normalized
+ // format");
+ // }
+ if (merged == null) {
+ merged = newPolicy;
+ } else {
+ merged = (Policy) merged.merge(newPolicy);
+ }
+ try {
+ fis.close();
+ } catch (IOException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+ processPolicy(merged);
+ }
+
+ /**
+ * This method takes a normalized policy object, processes it and returns
+ * true if all assertion can be fulfilled.
+ *
+ * Each policy must be nromalized accordig to the WS Policy framework
+ * specification. Therefore a policy has one child (wsp:ExactlyOne) that is
+ * a XorCompositeAssertion. This child may contain one or more other terms
+ * (alternatives). To match the policy one of these terms (alternatives)
+ * must match. If none of the contained terms match this policy cannot be
+ * enforced.
+ *
+ * @param policy
+ * The policy to process
+ * @return True if this policy can be enforced by the policy enforcement
+ * implmentation
+ */
+ public boolean processPolicy(Policy policy) {
+
+ if (!policy.isNormalized()) {
+ throw new RuntimeException("Policy is not in normalized format");
+ }
+
+ XorCompositeAssertion xor = (XorCompositeAssertion) policy.getTerms()
+ .get(0);
+ List listOfPolicyAlternatives = xor.getTerms();
+
+ boolean success = false;
+ int numberOfAlternatives = listOfPolicyAlternatives.size();
+
+ for (int i = 0; !success && i < numberOfAlternatives; i++) {
+ AndCompositeAssertion aPolicyAlternative = (AndCompositeAssertion)
listOfPolicyAlternatives
+ .get(i);
+
+ List listOfAssertions = aPolicyAlternative.getTerms();
+
+ Iterator iterator = listOfAssertions.iterator();
+ /*
+ * Loop over all assertions in this alternative. If all assertions
+ * can be fulfilled then we choose this alternative and signal a
+ * success.
+ */
+ boolean all = true;
+ while (all && iterator.hasNext()) {
+ Assertion assertion = (Assertion) iterator.next();
+ if (assertion instanceof Policy) {
+ all = processPolicy((Policy) assertion);
+ continue;
+ }
+ if (!(assertion instanceof PrimitiveAssertion)) {
+ System.out.println("Got a unexpected assertion type: "
+ + assertion.getClass().getName());
+ continue;
+ }
+ all = processPrimitiveAssertion((PrimitiveAssertion)
assertion);
+ }
+ /*
+ * copy the status of assertion processing. If all is true the this
+ * alternative is "success"ful
+ */
+ success = all;
+ }
+ return success;
+ }
+
+ boolean processPrimitiveAssertion(PrimitiveAssertion pa) {
+ /*
+ * We need to pick only the primitive assertions which conatain a
+ * WSSecurityPolicy policy assertion. For that we'll check the
namespace
+ * of the primitive assertion
+ */
+ boolean commit = true;
+
+ if (pa.getName().getNamespaceURI().equals(
+ "http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";)) {
+ commit = startPolicyTransaction(pa);
+ }
+
+ List terms = pa.getTerms();
+ if (terms.size() > 0) {
+ for (int i = 0; commit && i < terms.size(); i++) {
+ level++;
+ Assertion assertion = (Assertion) pa.getTerms().get(i);
+ if (assertion instanceof Policy) {
+ assertion = assertion.normalize();
+ commit = processPolicy((Policy) assertion);
+ } else if (assertion instanceof PrimitiveAssertion) {
+ commit = processPrimitiveAssertion((PrimitiveAssertion)
assertion);
+ }
+ level--;
+ }
+ }
+ if (commit) {
+ commitPolicyTransaction(pa);
+ } else {
+ abortPolicyTransaction(pa);
+ }
+ return commit;
+ }
+
+ public boolean startPolicyTransaction(PrimitiveAssertion prim) {
+
+ /*
+ * May be I should be setting the configuration options in
+ * WSDoAll*Handler according to this security assertion.
+ */
+ StringBuffer indent = new StringBuffer();
+ for (int i = 0; i < level; i++) {
+ indent.append(" ");
+ }
+ String tokenName = prim.getName().getLocalPart();
+ System.out.println(new String(indent) + tokenName);
+ String text = prim.getStrValue();
+ if (text != null) {
+ text = text.trim();
+ System.out
+ .println(new String(indent) + "Value: '" + text.toString()
+ "'");
+ }
+ SecurityPolicyToken spt = topLevel.getChildToken(tokenName);
+ SecurityProcessorContext spc = new SecurityProcessorContext();
+ if (spt != null) {
+ try {
+ System.out.println("SPT: " + spt);
+ spt.invokeProcessTokenMethod(spc);
+ } catch (IllegalArgumentException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (IllegalAccessException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (InvocationTargetException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+ return true;
+ }
+
+ public void abortPolicyTransaction(PrimitiveAssertion prim) {
+ System.out.println("Aborting Policy transaction "
+ + prim.getName().getLocalPart());
+ }
+
+ public void commitPolicyTransaction(PrimitiveAssertion prim) {
+ System.out.println("Commit Policy transaction "
+ + prim.getName().getLocalPart());
+ }
+
+ public Object doSignedParts(SecurityProcessorContext spc) {
+ System.out.println("We found a SignedParts token");
+ return new Boolean(true);
+ }
+
+ public Object doBody(SecurityProcessorContext spc) {
+ System.out.println("We found a Body token");
+ return new Boolean(true);
+ }
+
+ public Object doHeader(SecurityProcessorContext spc) {
+ System.out.println("We found a Header token");
+ return new Boolean(true);
+ }
+
}
