Author: werner
Date: Thu Jan 12 05:32:24 2006
New Revision: 368364
URL: http://svn.apache.org/viewcvs?rev=368364&view=rev
Log:
Example of a security policy language processor. Contains
all methods to parse the examples. Run Javadoc and refer to
the package description of examples.secParser.
Added:
webservices/commons/trunk/policy/src/examples/secParser/package.html
webservices/commons/trunk/policy/src/examples/secParser/processors/InitiatorRecipientTokenProcessor.java
webservices/commons/trunk/policy/src/examples/secParser/processors/Trust10Processor.java
webservices/commons/trunk/policy/src/examples/secParser/processors/Wss10Processor.java
webservices/commons/trunk/policy/src/examples/secParser/processors/Wss11Processor.java
Removed:
webservices/commons/trunk/policy/src/examples/secParser/processors/InitiatorReceipientTokenProcessor.java
Modified:
webservices/commons/trunk/policy/src/examples/SecurityPolicyBindings.xml
webservices/commons/trunk/policy/src/examples/secParser/SecurityPolicy.java
webservices/commons/trunk/policy/src/examples/secParser/SecurityPolicyToken.java
webservices/commons/trunk/policy/src/examples/secParser/WSSPolicyProcessorFull.java
webservices/commons/trunk/policy/src/examples/secParser/processors/AsymmetricBindingProcessor.java
webservices/commons/trunk/policy/src/examples/secParser/processors/X509TokenProcessor.java
Modified:
webservices/commons/trunk/policy/src/examples/SecurityPolicyBindings.xml
URL:
http://svn.apache.org/viewcvs/webservices/commons/trunk/policy/src/examples/SecurityPolicyBindings.xml?rev=368364&r1=368363&r2=368364&view=diff
==============================================================================
--- webservices/commons/trunk/policy/src/examples/SecurityPolicyBindings.xml
(original)
+++ webservices/commons/trunk/policy/src/examples/SecurityPolicyBindings.xml
Thu Jan 12 05:32:24 2006
@@ -7,11 +7,11 @@
<wsp:Policy>
<sp:RecipientToken>
<wsp:Policy>
- <sp:X509V3Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always";
/>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always";
/>
</wsp:Policy> </sp:RecipientToken>
<sp:InitiatorToken>
<wsp:Policy>
- <sp:X509V3Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always";
/>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always";
/>
</wsp:Policy>
</sp:InitiatorToken>
<sp:AlgorithmSuite>
@@ -35,7 +35,7 @@
</sp:SignedSupportingTokens>
<sp:SignedEndorsingSupportingTokens>
<wsp:Policy>
- <sp:X509V3Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once";
/>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once";
/>
</wsp:Policy>
</sp:SignedEndorsingSupportingTokens>
</wsp:Policy>
Modified:
webservices/commons/trunk/policy/src/examples/secParser/SecurityPolicy.java
URL:
http://svn.apache.org/viewcvs/webservices/commons/trunk/policy/src/examples/secParser/SecurityPolicy.java?rev=368364&r1=368363&r2=368364&view=diff
==============================================================================
--- webservices/commons/trunk/policy/src/examples/secParser/SecurityPolicy.java
(original)
+++ webservices/commons/trunk/policy/src/examples/secParser/SecurityPolicy.java
Thu Jan 12 05:32:24 2006
@@ -91,7 +91,7 @@
null);
public static final SecurityPolicyToken requireEmbeddedTokenReference =
new SecurityPolicyToken(
- "RequiredEmbeddedTokenReference",
SecurityPolicyToken.SIMPLE_TOKEN,
+ "RequireEmbeddedTokenReference",
SecurityPolicyToken.SIMPLE_TOKEN,
null);
public static final SecurityPolicyToken requireThumbprintReference =
new SecurityPolicyToken(
@@ -202,11 +202,11 @@
public static final SecurityPolicyToken wssRelV20Token11 = new
SecurityPolicyToken(
"WssRelV20Token11", SecurityPolicyToken.SIMPLE_TOKEN,
null);
- public static final SecurityPolicyToken httpsToken = new
SecurityPolicyToken("RelToken",
+ public static final SecurityPolicyToken httpsToken = new
SecurityPolicyToken("HttpsToken",
SecurityPolicyToken.COMPLEX_TOKEN,
new String[] { "RequireClientCertificate" });
- public static final SecurityPolicyToken algorithmSuite = new
SecurityPolicyToken("RelToken",
+ public static final SecurityPolicyToken algorithmSuite = new
SecurityPolicyToken("AlgorithmSuite",
SecurityPolicyToken.COMPLEX_TOKEN, null);
public static final SecurityPolicyToken basic256 = new
SecurityPolicyToken("Basic256",
@@ -330,8 +330,8 @@
public static final SecurityPolicyToken initiatorToken = new
SecurityPolicyToken(
"InitiatorToken", SecurityPolicyToken.COMPLEX_TOKEN,
null);
- public static final SecurityPolicyToken receipientToken = new
SecurityPolicyToken(
- "ReceipientToken", SecurityPolicyToken.COMPLEX_TOKEN,
null);
+ public static final SecurityPolicyToken recipientToken = new
SecurityPolicyToken(
+ "RecipientToken", SecurityPolicyToken.COMPLEX_TOKEN,
null);
// all other tokens for asymmetric already defined above
@@ -349,7 +349,7 @@
"SignedEndorsingSupportingTokens",
SecurityPolicyToken.COMPLEX_TOKEN, null);
- public static final SecurityPolicyToken wss10 = new
SecurityPolicyToken("wss10",
+ public static final SecurityPolicyToken wss10 = new
SecurityPolicyToken("Wss10",
SecurityPolicyToken.COMPLEX_TOKEN, null);
public static final SecurityPolicyToken mustSupportRefKeyIdentifier =
new SecurityPolicyToken(
@@ -361,47 +361,47 @@
null);
public static final SecurityPolicyToken mustSupportRefExternalUri = new
SecurityPolicyToken(
- "MustSupportRefExternalUri",
SecurityPolicyToken.SIMPLE_TOKEN, null);
+ "MustSupportRefExternalURI",
SecurityPolicyToken.SIMPLE_TOKEN, null);
public static final SecurityPolicyToken mustSupportRefEmbeddedToken =
new SecurityPolicyToken(
"MustSupportRefEmbeddedToken",
SecurityPolicyToken.SIMPLE_TOKEN,
null);
- public static final SecurityPolicyToken wss11 = new
SecurityPolicyToken("wss11",
+ public static final SecurityPolicyToken wss11 = new
SecurityPolicyToken("Wss11",
SecurityPolicyToken.COMPLEX_TOKEN, null);
// all from wss10
- public static final SecurityPolicyToken mustSupportRefKeyThumbprint =
new SecurityPolicyToken(
- "mustSupportRefKeyThumbprint",
SecurityPolicyToken.SIMPLE_TOKEN,
+ public static final SecurityPolicyToken mustSupportRefThumbprint = new
SecurityPolicyToken(
+ "MustSupportRefThumbprint",
SecurityPolicyToken.SIMPLE_TOKEN,
null);
- public static final SecurityPolicyToken mustSupportRefKeyEncryptedKey =
new SecurityPolicyToken(
- "mustSupportRefKeyEncryptedKey",
SecurityPolicyToken.SIMPLE_TOKEN,
+ public static final SecurityPolicyToken mustSupportRefEncryptedKey =
new SecurityPolicyToken(
+ "MustSupportRefEncryptedKey",
SecurityPolicyToken.SIMPLE_TOKEN,
null);
public static final SecurityPolicyToken requireSignatureConfirmation =
new SecurityPolicyToken(
- "requireSignatureConfirmation",
SecurityPolicyToken.SIMPLE_TOKEN,
+ "RequireSignatureConfirmation",
SecurityPolicyToken.SIMPLE_TOKEN,
null);
- public static final SecurityPolicyToken trust10 = new
SecurityPolicyToken("trust10",
+ public static final SecurityPolicyToken trust10 = new
SecurityPolicyToken("Trust10",
SecurityPolicyToken.COMPLEX_TOKEN, null);
public static final SecurityPolicyToken mustSupportClientChallenge =
new SecurityPolicyToken(
- "mustSupportClientChallenge",
SecurityPolicyToken.SIMPLE_TOKEN,
+ "MustSupportClientChallenge",
SecurityPolicyToken.SIMPLE_TOKEN,
null);
public static final SecurityPolicyToken mustSupportServerChallenge =
new SecurityPolicyToken(
- "mustSupportServerChallenge",
SecurityPolicyToken.SIMPLE_TOKEN,
+ "MustSupportServerChallenge",
SecurityPolicyToken.SIMPLE_TOKEN,
null);
public static final SecurityPolicyToken requireClientEntropy = new
SecurityPolicyToken(
- "requireClientEntropy",
SecurityPolicyToken.SIMPLE_TOKEN, null);
+ "RequireClientEntropy",
SecurityPolicyToken.SIMPLE_TOKEN, null);
public static final SecurityPolicyToken requireServerEntropy = new
SecurityPolicyToken(
- "requireServerEntropy",
SecurityPolicyToken.SIMPLE_TOKEN, null);
+ "RequireServerEntropy",
SecurityPolicyToken.SIMPLE_TOKEN, null);
public static final SecurityPolicyToken mustSupportIssuedTokens = new
SecurityPolicyToken(
- "mustSupportIssuedTokens",
SecurityPolicyToken.SIMPLE_TOKEN, null);
+ "MustSupportIssuedTokens",
SecurityPolicyToken.SIMPLE_TOKEN, null);
public static final String includeNever =
"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";;
Modified:
webservices/commons/trunk/policy/src/examples/secParser/SecurityPolicyToken.java
URL:
http://svn.apache.org/viewcvs/webservices/commons/trunk/policy/src/examples/secParser/SecurityPolicyToken.java?rev=368364&r1=368363&r2=368364&view=diff
==============================================================================
---
webservices/commons/trunk/policy/src/examples/secParser/SecurityPolicyToken.java
(original)
+++
webservices/commons/trunk/policy/src/examples/secParser/SecurityPolicyToken.java
Thu Jan 12 05:32:24 2006
@@ -60,9 +60,6 @@
* @param type
* Type of the token. Either complex or simple. Can have a
flag
* if the token containes some data.
- * @param sup
- * If true the processor supports this token and the
enforcer can
- * work with it,
* @param attribs
* The names of allowed attributes on this token
* @param h
@@ -88,9 +85,6 @@
* @param type
* Type of the token. Either complex or simple. Can have a
flag
* if the token containes some data.
- * @param sup
- * If true the processor supports this token and the
enforcer can
- * work with it,
* @param attribs
* The names of allowed attributes on this token processing
* method is constructed by prepending a "do" to the token
name
@@ -220,9 +214,9 @@
* Copy this SecurityPolicyToken and return the copy.
*
* Produce a copy of this SPT. The imutable fields (token name, token
type,
- * supported, and attributes) are copied by reference. The child tokens
are
- * copied by value thus they can be modified. The handler object and the
- * associated processing method are not copied and must be intialized.
+ * and attributes) are copied by reference. The child tokens are copied
by
+ * value thus they can be modified. The handler object and the
associated
+ * processing method are not copied and must be intialized.
*
* @return A new SecurityPolicyToken
*/
Modified:
webservices/commons/trunk/policy/src/examples/secParser/WSSPolicyProcessorFull.java
URL:
http://svn.apache.org/viewcvs/webservices/commons/trunk/policy/src/examples/secParser/WSSPolicyProcessorFull.java?rev=368364&r1=368363&r2=368364&view=diff
==============================================================================
---
webservices/commons/trunk/policy/src/examples/secParser/WSSPolicyProcessorFull.java
(original)
+++
webservices/commons/trunk/policy/src/examples/secParser/WSSPolicyProcessorFull.java
Thu Jan 12 05:32:24 2006
@@ -18,6 +18,10 @@
import examples.secParser.processors.SignedPartsElementsProcessor;
import examples.secParser.processors.EncryptedPartsElementsProcessor;
+import examples.secParser.processors.AsymmetricBindingProcessor;
+import examples.secParser.processors.SymmetricBindingProcessor;
+import examples.secParser.processors.Wss10Processor;
+import examples.secParser.processors.Wss11Processor;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
@@ -76,25 +80,35 @@
spt = SecurityPolicy.signedParts.copy();
spt.setProcessTokenMethod(spep);
topLevel.setChildToken(spt);
-
+
spt = SecurityPolicy.signedElements.copy();
- spt.setProcessTokenMethod(spep);
+ spt.setProcessTokenMethod(spep);
topLevel.setChildToken(spt);
EncryptedPartsElementsProcessor epep = new
EncryptedPartsElementsProcessor();
spt = SecurityPolicy.encryptedParts.copy();
spt.setProcessTokenMethod(epep);
topLevel.setChildToken(spt);
-
+
spt = SecurityPolicy.encryptedElements.copy();
spt.setProcessTokenMethod(epep);
topLevel.setChildToken(spt);
-
-// UsernameTokenProcessor unt = new UsernameTokenProcessor();
-// spt = secPolicy.usernameToken.copy();
-// spt.setProcessTokenMethod(unt);
-// topLevel.setChildToken(spt);
+ spt = SecurityPolicy.asymmetricBinding.copy();
+ spt.setProcessTokenMethod(new AsymmetricBindingProcessor());
+ topLevel.setChildToken(spt);
+
+ spt = SecurityPolicy.symmetricBinding.copy();
+ spt.setProcessTokenMethod(new SymmetricBindingProcessor());
+ topLevel.setChildToken(spt);
+
+ spt = SecurityPolicy.wss10.copy();
+ spt.setProcessTokenMethod(new Wss10Processor());
+ topLevel.setChildToken(spt);
+
+ spt = SecurityPolicy.wss11.copy();
+ spt.setProcessTokenMethod(new Wss11Processor());
+ topLevel.setChildToken(spt);
/*
* Now get a context and push the top level token onto the
token stack.
* The top level token is a special token that acts as anchor
to start
@@ -132,7 +146,11 @@
e.printStackTrace();
}
}
- processPolicy(merged);
+ if (processPolicy(merged)) {
+ System.out.println("Security Policy sucessfully
parsed");
+ } else {
+ System.out.println("Security Policy not sucessfully
parsed");
+ }
}
/**
@@ -249,82 +267,95 @@
*/
SecurityPolicyToken currentToken = secProcessorContext
.readCurrentSecurityToken();
- if (currentToken != null) {
- spt = currentToken.getChildToken(tokenName);
+ if (currentToken == null) {
+ System.out
+ .println("Internal error on token stack
- No current token");
+ System.exit(1);
}
+ spt = currentToken.getChildToken(tokenName);
secProcessorContext.pushSecurityToken(spt);
secProcessorContext.setAssertion(pa);
secProcessorContext.setAction(SecurityProcessorContext.START);
- boolean ret = true; // initi to flase if all tokens
a ready and intialized
- if (spt != null) {
- try {
- ret =
spt.invokeProcessTokenMethod(secProcessorContext);
- } catch (IllegalArgumentException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (IllegalAccessException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (InvocationTargetException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } finally {
-
secProcessorContext.setAction(SecurityProcessorContext.NONE);
- }
+ if (spt == null) {
+ System.out
+ .println("Security token: '" + tokenName
+ + "' unknown in context
of '"
+ +
currentToken.getTokenName());
+ return false;
+ }
+ boolean ret = false;
+
+ try {
+ ret = spt.invokeProcessTokenMethod(secProcessorContext);
+ } catch (IllegalArgumentException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (IllegalAccessException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (InvocationTargetException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } finally {
+
secProcessorContext.setAction(SecurityProcessorContext.NONE);
}
return ret;
}
- public void abortPolicyTransaction(PrimitiveAssertion prim) {
-// System.out.println("Aborting Policy transaction "
-// + prim.getName().getLocalPart());
- secProcessorContext.setAction(SecurityProcessorContext.ABORT);
+ public void abortPolicyTransaction(PrimitiveAssertion pa) {
SecurityPolicyToken currentToken = secProcessorContext
.readCurrentSecurityToken();
- if (currentToken != null) {
- try {
-
currentToken.invokeProcessTokenMethod(secProcessorContext);
- } catch (IllegalArgumentException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (IllegalAccessException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (InvocationTargetException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } finally {
-
secProcessorContext.setAction(SecurityProcessorContext.NONE);
- }
-
secProcessorContext.setAction(SecurityProcessorContext.NONE); // only in
finally block if all tokens are ready
- secProcessorContext.popSecurityToken(); // put this in
finally block if all tokens are ready
+ if (currentToken == null) {
+ secProcessorContext.popSecurityToken();
+ System.out.println("Abort transaction because of
unknown token: '"
+ + pa.getName().getLocalPart() + "'");
+ return;
+ }
+ secProcessorContext.setAssertion(pa);
+ secProcessorContext.setAction(SecurityProcessorContext.ABORT);
+ try {
+
currentToken.invokeProcessTokenMethod(secProcessorContext);
+ } catch (IllegalArgumentException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (IllegalAccessException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (InvocationTargetException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } finally {
+
secProcessorContext.setAction(SecurityProcessorContext.NONE);
+ secProcessorContext.popSecurityToken();
+
}
}
- public void commitPolicyTransaction(PrimitiveAssertion prim) {
- System.out.println("Commit Policy transaction "
- + prim.getName().getLocalPart());
- secProcessorContext.setAction(SecurityProcessorContext.COMMIT);
+ public void commitPolicyTransaction(PrimitiveAssertion pa) {
SecurityPolicyToken currentToken = secProcessorContext
.readCurrentSecurityToken();
- if (currentToken != null) {
- try {
-
currentToken.invokeProcessTokenMethod(secProcessorContext);
- } catch (IllegalArgumentException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (IllegalAccessException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (InvocationTargetException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } finally {
-
secProcessorContext.setAction(SecurityProcessorContext.NONE);
- }
+ if (currentToken == null) {
+ System.out
+ .println("Internal error on token stack
- Commiting an unknown token: "
+ +
pa.getName().getLocalPart() + "'");
+ System.exit(1);
+ }
+ secProcessorContext.setAssertion(pa);
+ secProcessorContext.setAction(SecurityProcessorContext.COMMIT);
+ try {
+
currentToken.invokeProcessTokenMethod(secProcessorContext);
+ } catch (IllegalArgumentException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (IllegalAccessException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (InvocationTargetException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } finally {
+
secProcessorContext.setAction(SecurityProcessorContext.NONE);
+ secProcessorContext.popSecurityToken();
}
- secProcessorContext.setAction(SecurityProcessorContext.NONE);
// only in finally block if all tokens are ready
- secProcessorContext.popSecurityToken(); // put this in finally
block if all tokens are ready
-
}
}
Added: webservices/commons/trunk/policy/src/examples/secParser/package.html
URL:
http://svn.apache.org/viewcvs/webservices/commons/trunk/policy/src/examples/secParser/package.html?rev=368364&view=auto
==============================================================================
--- webservices/commons/trunk/policy/src/examples/secParser/package.html (added)
+++ webservices/commons/trunk/policy/src/examples/secParser/package.html Thu
Jan 12 05:32:24 2006
@@ -0,0 +1,117 @@
+<!-- <!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
+ -->
+<html>
+<head>
+ <title>Parser for Web Services Security Policy Language</title>
+<!--
+
+ @(#)Parser for Web Services Security Policy Language
+
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+</head>
+<body bgcolor="white">
+
+This parser shows how to use the generic Policy implementation to read,
process,
+and decide on policies. The generic Policy implementation provides the
framework
+to read, normalize, merge, and intersect policies. The generic implementation
+follows the specifications laid down in the document
+<a
href="http://www-128.ibm.com/developerworks/webservices/library/specification/ws-polfram/";>
+<i>Web Services Policy Framework</i></a>.
+<p/>
+The <i>Parser for Web Services Security Policy Language</i> uses the generic
policy
+implementation to read, normalize, and merge Web Service Sercurity policy
files. The
+parser then parses and processes the specific Web Services Security Policy
assertions.
+The document <a
href="http://www-128.ibm.com/developerworks/library/specification/ws-secpol/";>
+<i>Web Services Security Policy Language</i></a> defines the specific Web
Service
+Security Policy assertions.
+<p/>
+This is an example and the parser provides a skeleton for further development.
Currently
+the processing methods of all assertions return <code>true</code>, that is
every assertion
+is accepted.
+
+<h3>Prerequisties</h3>
+To be able to run the generic Policy implementation and the associated
examples you
+need several additonal Jar files from the current Axis2 development because
some
+examples use the StAX API and the OM XML datamodell implemented in Axis2.
Currently
+you need
+
+<ul>
+ <li>Axis2-0.94.jar</li>
+ <li>axis2-wsdl-0.94.jar</li>
+ <li>axis2-common-0.94.jar</li>
+ <li>wsdl4j-1.5.1.jar</li>
+ <li>stax-api-1.0.jar</li>
+ <li>stax-1.1.2.jar</li>
+</ul>
+
+In addition you also need the ubiquitous log4j, junit and commons-logging
jars. At least
+this is the enviroment I currently use. For the Axis2 files you may use the
according
+*SNAPSHOT.jar files as well.
+
+<h3>How does it work</h3>
+The main class is <code>WSSpolicyProcessorFull</code>. At first it populates
the top level
+token with all security policy tokens/assertions known at the top level. All
+tokens/assertions are pre-initialized in the <code>SecurityPolicy</code> class
file. We always
+use copies of the pre-initialized token structures. During setup the parser
initializes
+the top level tokens with the objects that contain the processing methods for
the
+tokens.
+<p/>
+There are two types of security policy tokens: <i>simple</i> tokens and
<i>complex</i> tokens.
+Simple tokens stand for themself and do not contains subtokens or assertions.
Simple
+tokens switch on properties of define a specific behaviour. Complex token
contain other
+tokens and assertions. At the top level we only have complex tokens (refer to
the <code>
+setup</code> method).
+<p/>
+When the parser finds a security policy assertion
(<code>PrimitiveAssertion</code>) it starts
+a policy transaction (<code>startPolicyTransaction</code>). The start policy
transaction
+checks if the current token contains this assertion as a child assertin. If
the parser finds the
+assertion it sets up the parser context and calls the assertion's processing
function. The
+processing functions use the following naming pattern: use the token's name
and prepend
+this name with the string <i>do</i>. For example: the processing method of the
<i>X509Token</i>
+has the name <code>doX509Token</code>. Each processing function of a complex
token
+initializes its child tokens on the first call of the processing function
(lazy initialization).
+<p/>
+If all children of an assertion/token are processed the policy transaction is
either committed or aborted
+depending on the outcome of the processing of the child tokens. During commit
transaction
+the information gathered during the processing of the child tokens can be
check, validated,
+and mixed with other data. These functions are not implemented in this
example. If a transaction
+has to be aborted you can perform some cleanup.
+<p/>
+All policies are parsed recursively. If a policy containes alternatives the
first alternative
+that matches or can be processed is chosen.
+
+<h3>Missing stuff</h3>
+As noted before this is an example and provides some ideas how to implement a
security
+policy parser. Not all top level tokens are implemented as processors (all
assertions/tokens are
+pre-initialized in SecurityPolicy). The following processors are currently
missing:
+
+<ul>
+ <li>IssuedToken</li>
+ <li>KerberosToken</li>
+ <li>SpnegoContextToken</li>
+ <li>SecurityContextToken</li>
+ <li>SecureConversationToken</li>
+ <li>SamlTokenAssertion</li>
+ <li>RelTokenAssertion</li>
+</ul>
+
+<!-- Put @see and @since tags down here. -->
[EMAIL PROTECTED] Parser for Web Services Security Policy Language 1.0
+</body>
+</html>
Modified:
webservices/commons/trunk/policy/src/examples/secParser/processors/AsymmetricBindingProcessor.java
URL:
http://svn.apache.org/viewcvs/webservices/commons/trunk/policy/src/examples/secParser/processors/AsymmetricBindingProcessor.java?rev=368364&r1=368363&r2=368364&view=diff
==============================================================================
---
webservices/commons/trunk/policy/src/examples/secParser/processors/AsymmetricBindingProcessor.java
(original)
+++
webservices/commons/trunk/policy/src/examples/secParser/processors/AsymmetricBindingProcessor.java
Thu Jan 12 05:32:24 2006
@@ -24,7 +24,7 @@
*
*/
public class AsymmetricBindingProcessor {
- private boolean initializedSymmetricBinding = false;
+ private boolean initializedAsymmetricBinding = false;
/**
* Intialize the SymmetricBinding complex token.
@@ -40,15 +40,15 @@
* The token that will hold the child tokens.
* @throws NoSuchMethodException
*/
- private void initializeSymmetricBinding(SecurityPolicyToken spt)
+ private void initializeAsymmetricBinding(SecurityPolicyToken spt)
throws NoSuchMethodException {
- InitiatorReceipientTokenProcessor irt = new
InitiatorReceipientTokenProcessor();
+ InitiatorRecipientTokenProcessor irt = new
InitiatorRecipientTokenProcessor();
SecurityPolicyToken tmpSpt =
SecurityPolicy.initiatorToken.copy();
tmpSpt.setProcessTokenMethod(irt);
spt.setChildToken(tmpSpt);
- tmpSpt = SecurityPolicy.receipientToken.copy();
+ tmpSpt = SecurityPolicy.recipientToken.copy();
tmpSpt.setProcessTokenMethod(irt);
spt.setChildToken(tmpSpt);
@@ -98,7 +98,7 @@
}
- public Object doSymmetricBinding(SecurityProcessorContext spc) {
+ public Object doAsymmetricBinding(SecurityProcessorContext spc) {
System.out.println("Processing "
+ spc.readCurrentSecurityToken().getTokenName()
+ ": "
+
SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
@@ -107,10 +107,10 @@
switch (spc.getAction()) {
case SecurityProcessorContext.START:
- if (!initializedSymmetricBinding) {
+ if (!initializedAsymmetricBinding) {
try {
- initializeSymmetricBinding(spt);
- initializedSymmetricBinding = true;
+ initializeAsymmetricBinding(spt);
+ initializedAsymmetricBinding = true;
} catch (NoSuchMethodException e) {
// TODO Auto-generated catch block
e.printStackTrace();
Added:
webservices/commons/trunk/policy/src/examples/secParser/processors/InitiatorRecipientTokenProcessor.java
URL:
http://svn.apache.org/viewcvs/webservices/commons/trunk/policy/src/examples/secParser/processors/InitiatorRecipientTokenProcessor.java?rev=368364&view=auto
==============================================================================
---
webservices/commons/trunk/policy/src/examples/secParser/processors/InitiatorRecipientTokenProcessor.java
(added)
+++
webservices/commons/trunk/policy/src/examples/secParser/processors/InitiatorRecipientTokenProcessor.java
Thu Jan 12 05:32:24 2006
@@ -0,0 +1,129 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package examples.secParser.processors;
+
+import examples.secParser.SecurityPolicy;
+import examples.secParser.SecurityPolicyToken;
+import examples.secParser.SecurityProcessorContext;
+
+/**
+ * @author Werner Dittmann ([EMAIL PROTECTED])
+ *
+ */
+public class InitiatorRecipientTokenProcessor {
+ private boolean initializedInitiatorToken = false;
+
+ private boolean initializedRecipientToken = false;
+
+
+ /**
+ * Intialize the InitiatorToken complex token.
+ *
+ * This method creates a copy of the InitiatorToken token and sets the
+ * handler object to the copy. Then it creates copies of the child
tokens
+ * that are allowed for InitiatorToken. These tokens are:
+ *
+ * These copies are also initialized with the handler object and then
set as
+ * child tokens of InitiatorToken.
+ *
+ * @param spt
+ * The token that will hold the child tokens.
+ * @throws NoSuchMethodException
+ */
+ private void initializeInitiatorToken(SecurityPolicyToken spt)
+ throws NoSuchMethodException {
+ SecurityPolicyToken tmpSpt = SecurityPolicy.x509Token.copy();
+ tmpSpt.setProcessTokenMethod(new X509TokenProcessor());
+ spt.setChildToken(tmpSpt);
+ }
+
+ /**
+ * Intialize the RecipientToken complex token.
+ *
+ * This method creates a copy of the RecipientToken token and sets the
+ * handler object to the copy. Then it creates copies of the child
tokens
+ * that are allowed for RecipientToken. These tokens are:
+ *
+ * These copies are also initialized with the handler object and then
set as
+ * child tokens of RecipientToken.
+ *
+ * @param spt
+ * The token that will hold the child tokens.
+ * @throws NoSuchMethodException
+ */
+ private void initializeRecipientToken(SecurityPolicyToken spt)
+ throws NoSuchMethodException {
+ SecurityPolicyToken tmpSpt = SecurityPolicy.x509Token.copy();
+ tmpSpt.setProcessTokenMethod(new X509TokenProcessor());
+ spt.setChildToken(tmpSpt);
+ }
+
+
+ public Object doInitiatorToken(SecurityProcessorContext spc) {
+ System.out.println("Processing "
+ + spc.readCurrentSecurityToken().getTokenName()
+ ": "
+ +
SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ SecurityPolicyToken spt = spc.readCurrentSecurityToken();
+
+ switch (spc.getAction()) {
+
+ case SecurityProcessorContext.START:
+ if (!initializedInitiatorToken) {
+ try {
+ initializeInitiatorToken(spt);
+ initializedInitiatorToken = true;
+ } catch (NoSuchMethodException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ return new Boolean(false);
+ }
+ }
+ break;
+ case SecurityProcessorContext.COMMIT:
+ break;
+ case SecurityProcessorContext.ABORT:
+ break;
+ }
+ return new Boolean(true);
+ }
+
+ public Object doRecipientToken(SecurityProcessorContext spc) {
+ System.out.println("Processing "
+ + spc.readCurrentSecurityToken().getTokenName()
+ ": "
+ +
SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ SecurityPolicyToken spt = spc.readCurrentSecurityToken();
+ switch (spc.getAction()) {
+
+ case SecurityProcessorContext.START:
+ if (!initializedRecipientToken) {
+ try {
+ initializeRecipientToken(spt);
+ initializedRecipientToken = true;
+ } catch (NoSuchMethodException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ return new Boolean(false);
+ }
+ }
+ break;
+ case SecurityProcessorContext.COMMIT:
+ break;
+ case SecurityProcessorContext.ABORT:
+ break;
+ }
+ return new Boolean(true);
+ }
+}
Added:
webservices/commons/trunk/policy/src/examples/secParser/processors/Trust10Processor.java
URL:
http://svn.apache.org/viewcvs/webservices/commons/trunk/policy/src/examples/secParser/processors/Trust10Processor.java?rev=368364&view=auto
==============================================================================
---
webservices/commons/trunk/policy/src/examples/secParser/processors/Trust10Processor.java
(added)
+++
webservices/commons/trunk/policy/src/examples/secParser/processors/Trust10Processor.java
Thu Jan 12 05:32:24 2006
@@ -0,0 +1,141 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package examples.secParser.processors;
+
+import org.apache.ws.policy.PrimitiveAssertion;
+
+import examples.secParser.SecurityPolicy;
+import examples.secParser.SecurityPolicyToken;
+import examples.secParser.SecurityProcessorContext;
+
+/**
+ * @author Werner Dittmann ([EMAIL PROTECTED])
+ *
+ */
+public class Trust10Processor {
+
+ private boolean initializedTrust10 = false;
+
+ /**
+ * Intialize the Trust10 complex token.
+ *
+ * This method creates a copy of the Trust10 token and sets the handler
object
+ * to the copy. Then it creates copies of the child tokens that are
allowed
+ * for Trust10. These tokens are:
+ *
+ * These copies are also initialized with the handler object and then
set as
+ * child tokens of Trust10.
+ *
+ * <p/> The handler object that must contain the methods
+ * <code>doTrust10</code>.
+ *
+ * @param spt
+ * The token that will hold the child tokens.
+ * @throws NoSuchMethodException
+ */
+ public void initializeTrust10(SecurityPolicyToken spt)
+ throws NoSuchMethodException {
+ SecurityPolicyToken tmpSpt =
SecurityPolicy.mustSupportClientChallenge
+ .copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = SecurityPolicy.mustSupportServerChallenge.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = SecurityPolicy.requireClientEntropy.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = SecurityPolicy.requireServerEntropy.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = SecurityPolicy.mustSupportIssuedTokens.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+ }
+
+ public Object doTrust10(SecurityProcessorContext spc) {
+ System.out.println("Processing "
+ + spc.readCurrentSecurityToken().getTokenName()
+ ": "
+ +
SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+
+ SecurityPolicyToken spt = spc.readCurrentSecurityToken();
+
+ switch (spc.getAction()) {
+
+ case SecurityProcessorContext.START:
+ if (!initializedTrust10) {
+ try {
+ initializeTrust10(spt);
+ initializedTrust10 = true;
+ } catch (NoSuchMethodException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ return new Boolean(false);
+ }
+ }
+ PrimitiveAssertion pa = spc.getAssertion();
+ String text = pa.getStrValue();
+ if (text != null) {
+ text = text.trim();
+ System.out.println("Value: '" + text.toString()
+ "'");
+ }
+ case SecurityProcessorContext.COMMIT:
+ break;
+ case SecurityProcessorContext.ABORT:
+ break;
+ }
+ return new Boolean(true);
+ }
+
+ public Object doMustSupportClientChallenge(SecurityProcessorContext
spc) {
+ System.out.println("Processing "
+ + spc.readCurrentSecurityToken().getTokenName()
+ ": "
+ +
SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ return new Boolean(true);
+ }
+
+ public Object doMustSupportServerChallenge(SecurityProcessorContext
spc) {
+ System.out.println("Processing "
+ + spc.readCurrentSecurityToken().getTokenName()
+ ": "
+ +
SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ return new Boolean(true);
+ }
+
+ public Object doRequireClientEntropy(SecurityProcessorContext spc) {
+ System.out.println("Processing "
+ + spc.readCurrentSecurityToken().getTokenName()
+ ": "
+ +
SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ return new Boolean(true);
+ }
+
+ public Object doRequireServerEntropy(SecurityProcessorContext spc) {
+ System.out.println("Processing "
+ + spc.readCurrentSecurityToken().getTokenName()
+ ": "
+ +
SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ return new Boolean(true);
+ }
+
+ public Object doMustSupportIssuedTokens(SecurityProcessorContext spc) {
+ System.out.println("Processing "
+ + spc.readCurrentSecurityToken().getTokenName()
+ ": "
+ +
SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ return new Boolean(true);
+ }
+}
Added:
webservices/commons/trunk/policy/src/examples/secParser/processors/Wss10Processor.java
URL:
http://svn.apache.org/viewcvs/webservices/commons/trunk/policy/src/examples/secParser/processors/Wss10Processor.java?rev=368364&view=auto
==============================================================================
---
webservices/commons/trunk/policy/src/examples/secParser/processors/Wss10Processor.java
(added)
+++
webservices/commons/trunk/policy/src/examples/secParser/processors/Wss10Processor.java
Thu Jan 12 05:32:24 2006
@@ -0,0 +1,131 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package examples.secParser.processors;
+
+import org.apache.ws.policy.PrimitiveAssertion;
+
+import examples.secParser.SecurityPolicy;
+import examples.secParser.SecurityPolicyToken;
+import examples.secParser.SecurityProcessorContext;
+
+/**
+ * @author Werner Dittmann ([EMAIL PROTECTED])
+ *
+ */
+public class Wss10Processor {
+
+ private boolean initializedWss10 = false;
+
+ /**
+ * Intialize the Wss10 complex token.
+ *
+ * This method creates a copy of the Wss10 token and sets the handler
object
+ * to the copy. Then it creates copies of the child tokens that are
allowed
+ * for Wss10. These tokens are:
+ *
+ * These copies are also initialized with the handler object and then
set as
+ * child tokens of Wss10.
+ *
+ * <p/> The handler object that must contain the methods
+ * <code>doWss10</code>.
+ *
+ * @param spt
+ * The token that will hold the child tokens.
+ * @throws NoSuchMethodException
+ */
+ public void initializeWss10(SecurityPolicyToken spt)
+ throws NoSuchMethodException {
+ SecurityPolicyToken tmpSpt =
SecurityPolicy.mustSupportRefKeyIdentifier
+ .copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = SecurityPolicy.mustSupportRefIssuerSerial.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = SecurityPolicy.mustSupportRefExternalUri.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = SecurityPolicy.mustSupportRefEmbeddedToken.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+ }
+
+
+ public Object doWss10(SecurityProcessorContext spc) {
+ System.out.println("Processing "
+ + spc.readCurrentSecurityToken().getTokenName()
+ ": "
+ +
SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+
+ SecurityPolicyToken spt = spc.readCurrentSecurityToken();
+
+ switch (spc.getAction()) {
+
+ case SecurityProcessorContext.START:
+ if (!initializedWss10) {
+ try {
+ initializeWss10(spt);
+ initializedWss10 = true;
+ } catch (NoSuchMethodException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ return new Boolean(false);
+ }
+ }
+ PrimitiveAssertion pa = spc.getAssertion();
+ String text = pa.getStrValue();
+ if (text != null) {
+ text = text.trim();
+ System.out.println("Value: '" + text.toString()
+ "'");
+ }
+ case SecurityProcessorContext.COMMIT:
+ break;
+ case SecurityProcessorContext.ABORT:
+ break;
+ }
+ return new Boolean(true);
+ }
+
+ public Object doMustSupportRefKeyIdentifier(SecurityProcessorContext
spc) {
+ System.out.println("Processing "
+ + spc.readCurrentSecurityToken().getTokenName()
+ ": "
+ +
SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ return new Boolean(true);
+ }
+
+ public Object doMustSupportRefIssuerSerial(SecurityProcessorContext
spc) {
+ System.out.println("Processing "
+ + spc.readCurrentSecurityToken().getTokenName()
+ ": "
+ +
SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ return new Boolean(true);
+ }
+
+ public Object doMustSupportRefExternalURI(SecurityProcessorContext spc)
{
+ System.out.println("Processing "
+ + spc.readCurrentSecurityToken().getTokenName()
+ ": "
+ +
SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ return new Boolean(true);
+ }
+
+ public Object doMustSupportRefEmbeddedToken(SecurityProcessorContext
spc) {
+ System.out.println("Processing "
+ + spc.readCurrentSecurityToken().getTokenName()
+ ": "
+ +
SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ return new Boolean(true);
+ }
+}
Added:
webservices/commons/trunk/policy/src/examples/secParser/processors/Wss11Processor.java
URL:
http://svn.apache.org/viewcvs/webservices/commons/trunk/policy/src/examples/secParser/processors/Wss11Processor.java?rev=368364&view=auto
==============================================================================
---
webservices/commons/trunk/policy/src/examples/secParser/processors/Wss11Processor.java
(added)
+++
webservices/commons/trunk/policy/src/examples/secParser/processors/Wss11Processor.java
Thu Jan 12 05:32:24 2006
@@ -0,0 +1,163 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package examples.secParser.processors;
+
+import org.apache.ws.policy.PrimitiveAssertion;
+
+import examples.secParser.SecurityPolicy;
+import examples.secParser.SecurityPolicyToken;
+import examples.secParser.SecurityProcessorContext;
+
+/**
+ * @author Werner Dittmann ([EMAIL PROTECTED])
+ *
+ */
+public class Wss11Processor {
+
+ private boolean initializedWss11 = false;
+
+ /**
+ * Intialize the Wss11 complex token.
+ *
+ * This method creates a copy of the Wss11 token and sets the handler
object
+ * to the copy. Then it creates copies of the child tokens that are
allowed
+ * for Wss10. These tokens are:
+ *
+ * These copies are also initialized with the handler object and then
set as
+ * child tokens of Wss11.
+ *
+ * <p/> The handler object that must contain the methods
+ * <code>doWss10</code>.
+ *
+ * @param spt
+ * The token that will hold the child tokens.
+ * @throws NoSuchMethodException
+ */
+ public void initializeWss11(SecurityPolicyToken spt)
+ throws NoSuchMethodException {
+ SecurityPolicyToken tmpSpt =
SecurityPolicy.mustSupportRefKeyIdentifier
+ .copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = SecurityPolicy.mustSupportRefIssuerSerial.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = SecurityPolicy.mustSupportRefExternalUri.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = SecurityPolicy.mustSupportRefEmbeddedToken.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = SecurityPolicy.mustSupportRefThumbprint.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = SecurityPolicy.mustSupportRefEncryptedKey.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+
+ tmpSpt = SecurityPolicy.requireSignatureConfirmation.copy();
+ tmpSpt.setProcessTokenMethod(this);
+ spt.setChildToken(tmpSpt);
+ }
+
+ public Object doWss11(SecurityProcessorContext spc) {
+ System.out.println("Processing "
+ + spc.readCurrentSecurityToken().getTokenName()
+ ": "
+ +
SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+
+ SecurityPolicyToken spt = spc.readCurrentSecurityToken();
+
+ switch (spc.getAction()) {
+
+ case SecurityProcessorContext.START:
+ if (!initializedWss11) {
+ try {
+ initializeWss11(spt);
+ initializedWss11 = true;
+ } catch (NoSuchMethodException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ return new Boolean(false);
+ }
+ }
+ PrimitiveAssertion pa = spc.getAssertion();
+ String text = pa.getStrValue();
+ if (text != null) {
+ text = text.trim();
+ System.out.println("Value: '" + text.toString()
+ "'");
+ }
+ case SecurityProcessorContext.COMMIT:
+ break;
+ case SecurityProcessorContext.ABORT:
+ break;
+ }
+ return new Boolean(true);
+ }
+
+ public Object doMustSupportRefKeyIdentifier(SecurityProcessorContext
spc) {
+ System.out.println("Processing "
+ + spc.readCurrentSecurityToken().getTokenName()
+ ": "
+ +
SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ return new Boolean(true);
+ }
+
+ public Object doMustSupportRefIssuerSerial(SecurityProcessorContext
spc) {
+ System.out.println("Processing "
+ + spc.readCurrentSecurityToken().getTokenName()
+ ": "
+ +
SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ return new Boolean(true);
+ }
+
+ public Object doMustSupportRefExternalURI(SecurityProcessorContext spc)
{
+ System.out.println("Processing "
+ + spc.readCurrentSecurityToken().getTokenName()
+ ": "
+ +
SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ return new Boolean(true);
+ }
+
+ public Object doMustSupportRefEmbeddedToken(SecurityProcessorContext
spc) {
+ System.out.println("Processing "
+ + spc.readCurrentSecurityToken().getTokenName()
+ ": "
+ +
SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ return new Boolean(true);
+ }
+
+ public Object doMustSupportRefThumbprint(SecurityProcessorContext spc) {
+ System.out.println("Processing "
+ + spc.readCurrentSecurityToken().getTokenName()
+ ": "
+ +
SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ return new Boolean(true);
+ }
+
+ public Object doMustSupportRefEncryptedKey(SecurityProcessorContext
spc) {
+ System.out.println("Processing "
+ + spc.readCurrentSecurityToken().getTokenName()
+ ": "
+ +
SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ return new Boolean(true);
+ }
+
+ public Object doRequireSignatureConfirmation(SecurityProcessorContext
spc) {
+ System.out.println("Processing "
+ + spc.readCurrentSecurityToken().getTokenName()
+ ": "
+ +
SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
+ return new Boolean(true);
+ }
+}
Modified:
webservices/commons/trunk/policy/src/examples/secParser/processors/X509TokenProcessor.java
URL:
http://svn.apache.org/viewcvs/webservices/commons/trunk/policy/src/examples/secParser/processors/X509TokenProcessor.java?rev=368364&r1=368363&r2=368364&view=diff
==============================================================================
---
webservices/commons/trunk/policy/src/examples/secParser/processors/X509TokenProcessor.java
(original)
+++
webservices/commons/trunk/policy/src/examples/secParser/processors/X509TokenProcessor.java
Thu Jan 12 05:32:24 2006
@@ -166,7 +166,7 @@
return new Boolean(true);
}
- public Object dowssX509V3Token10(SecurityProcessorContext spc) {
+ public Object doWssX509V3Token10(SecurityProcessorContext spc) {
System.out.println("Processing "
+ spc.readCurrentSecurityToken().getTokenName()
+ ": "
+
SecurityProcessorContext.ACTION_NAMES[spc.getAction()]);
