Author: muthulee
Date: Sun Jul 15 20:21:25 2007
New Revision: 556501
URL: http://svn.apache.org/viewvc?view=rev&rev=556501
Log:
Adding the Security Token Service sample
Added:
webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/
webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/README.txt
webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/policy.xml
webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/services.xml
webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/src/
webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/src/org/
webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/src/org/apache/
webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/src/org/apache/rampart/
webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/
webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/
webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/
webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/Client.java
webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/PWCBHandler.java
Added:
webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/README.txt
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/README.txt?view=auto&rev=556501
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/README.txt
(added)
+++
webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/README.txt
Sun Jul 15 20:21:25 2007
@@ -0,0 +1,2 @@
+WS-Trust - RST - Resquest Security Token Service - Issuing a SAML token -
issuing a token
+
Added:
webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/policy.xml
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/policy.xml?view=auto&rev=556501
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/policy.xml
(added)
+++
webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/policy.xml
Sun Jul 15 20:21:25 2007
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<wsp:Policy wsu:Id="SigOnly"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+
<sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
+ <wsp:Policy>
+
<sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Body/>
+ </sp:SignedParts>
+
+ <ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ <ramp:user>client</ramp:user>
+
<ramp:encryptionUser>service</ramp:encryptionUser>
+
<ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample05.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
Added:
webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/services.xml
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/services.xml?view=auto&rev=556501
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/services.xml
(added)
+++
webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/services.xml
Sun Jul 15 20:21:25 2007
@@ -0,0 +1,134 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-1 : UsernameToken-->
+<service>
+ <!--operation name="echo">
+ <messageReceiver
class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass"
locked="false">org.apache.rampart.samples.policy.sample01.SimpleService</parameter-->
+
+ <module ref="rampart" />
+ <module ref="addressing" />
+ <module ref="rahas" />
+ <parameter name="saml-issuer-config">
+ <saml-issuer-config>
+ <issuerName>SAMPLE_STS</issuerName>
+ <issuerKeyAlias>service</issuerKeyAlias>
+ <issuerKeyPassword>apache</issuerKeyPassword>
+ <cryptoProperties>
+ <crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property
name="org.apache.ws.security.crypto.merlin.file">service.jks</property>
+ <property
name="org.apache.ws.security.crypto.merlin.keystore.password">apache</property>
+ </crypto>
+ </cryptoProperties>
+ <timeToLive>300000</timeToLive>
+ <keySize>256</keySize>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>2</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set
to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ <trusted-services>
+ <service
alias="client">http://localhost:8080/axis2/services/SimpleService</service>
+ </trusted-services>
+ </saml-issuer-config>
+ </parameter>
+
+ <wsp:Policy wsu:Id="SigOnly"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+
<wsp:Policy>
+
<sp:WssX509V3Token10/>
+
</wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
+
<wsp:Policy>
+
<sp:WssX509V3Token10/>
+
</wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+
<sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+
<sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+
<sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Body/>
+ </sp:SignedParts>
+
+ <ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ <ramp:user>service</ramp:user>
+
<ramp:encryptionUser>client</ramp:encryptionUser>
+
<ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample05.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+
+
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+
+</service>
Added:
webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/Client.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/Client.java?view=auto&rev=556501
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/Client.java
(added)
+++
webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/Client.java
Sun Jul 15 20:21:25 2007
@@ -0,0 +1,95 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample05;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.rampart.RampartMessageData;
+import org.opensaml.XML;
+
+import javax.xml.namespace.QName;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 3) {
+ System.out.println("Usage: $java Client
endpoint_address client_repo_path policy_xml_path");
+ }
+
+ ConfigurationContext ctx =
ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1],
null);
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ String action =
TrustUtil.getActionValue(RahasConstants.VERSION_05_02,
RahasConstants.RST_ACTION_ISSUE);
+ options.setAction(action);
+ options.setTo(new EndpointReference(args[0]));
+ options.setProperty(RampartMessageData.KEY_RAMPART_POLICY,
loadPolicy(args[2]));
+ client.setOptions(options);
+
+ client.engageModule("addressing");
+ client.engageModule("rampart");
+
+ OMElement response = client.sendReceive(getPayload());
+ OMElement saml = getSAMLToken(response);
+
+ System.out.println(saml);
+
+ }
+
+ private static Policy loadPolicy(String xmlPath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
+ return PolicyEngine.getPolicy(builder.getDocumentElement());
+ }
+
+ private static OMElement getSAMLToken(OMElement resp) {
+ OMElement rst = resp.getFirstChildWithName(new
QName(RahasConstants.WST_NS_05_02,
+
RahasConstants.IssuanceBindingLocalNames.
+
REQUESTED_SECURITY_TOKEN));
+ OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS,
"Assertion"));
+ return elem;
+ }
+
+ private static OMElement getPayload() throws TrustException{
+ OMElement rstElem =
TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_02);
+
TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_02, rstElem,
RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem =
TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, rstElem);
+ tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
+
+ TrustUtil.createAppliesToElement(rstElem,
"http://localhost:8080/axis2/services/SimpleService";,
AddressingConstants.Final.WSA_NAMESPACE);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02,
+ rstElem, RahasConstants.KEY_TYPE_PUBLIC_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02,
rstElem, 256);
+
+ return rstElem;
+ }
+
+}
Added:
webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/PWCBHandler.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/PWCBHandler.java?view=auto&rev=556501
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/PWCBHandler.java
(added)
+++
webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/PWCBHandler.java
Sun Jul 15 20:21:25 2007
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample05;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
