Author: nandana
Date: Wed Jun 11 01:37:43 2008
New Revision: 666566
URL: http://svn.apache.org/viewvc?rev=666566&view=rev
Log:
RAMPART-169 Applying Stefan's patch, thanks Stefan
Modified:
webservices/rampart/trunk/java/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/HttpsToken.java
Modified:
webservices/rampart/trunk/java/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/HttpsToken.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/HttpsToken.java?rev=666566&r1=666565&r2=666566&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/HttpsToken.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/HttpsToken.java
Wed Jun 11 01:37:43 2008
@@ -36,6 +36,8 @@
}
private boolean requireClientCertificate = false;
+ private boolean httpBasicAuthentication = false;
+ private boolean httpDigestAuthentication = false;
public boolean isRequireClientCertificate() {
return requireClientCertificate;
@@ -44,6 +46,38 @@
public void setRequireClientCertificate(boolean requireClientCertificate) {
this.requireClientCertificate = requireClientCertificate;
}
+
+ /**
+ * @return the httpBasicAuthentication
+ */
+ public boolean isHttpBasicAuthentication()
+ {
+ return httpBasicAuthentication;
+ }
+
+ /**
+ * @param httpBasicAuthentication the httpBasicAuthentication to set
+ */
+ public void setHttpBasicAuthentication(boolean httpBasicAuthentication)
+ {
+ this.httpBasicAuthentication = httpBasicAuthentication;
+ }
+
+ /**
+ * @return the httpDigestAuthentication
+ */
+ public boolean isHttpDigestAuthentication()
+ {
+ return httpDigestAuthentication;
+ }
+
+ /**
+ * @param httpDigestAuthentication the httpDigestAuthentication to set
+ */
+ public void setHttpDigestAuthentication(boolean httpDigestAuthentication)
+ {
+ this.httpDigestAuthentication = httpDigestAuthentication;
+ }
public QName getName() {
if (version == SPConstants.SP_V12) {
@@ -71,10 +105,38 @@
// <sp:HttpsToken
writer.writeStartElement(prefix, localname, namespaceURI);
- // RequireClientCertificate=".."
- writer
-
.writeAttribute(SPConstants.REQUIRE_CLIENT_CERTIFICATE.getLocalPart(), Boolean
- .toString(isRequireClientCertificate()));
+
+ if (version == SPConstants.SP_V12) {
+
+ if (isRequireClientCertificate() ||
+ isHttpBasicAuthentication() ||
+ isHttpDigestAuthentication()) {
+ // <wsp:Policy>
+ writer.writeStartElement(SPConstants.POLICY.getPrefix(),
SPConstants.POLICY.getLocalPart(), SPConstants.POLICY.getNamespaceURI());
+
+ /*
+ * The ws policy 1.2 specification states that only one of
those should be present, although
+ * a web server (say tomcat) could be normally configured to
require both a client certificate and
+ * a http user/pwd authentication. Nevertheless stick to the
specification.
+ */
+ if(isHttpBasicAuthentication()) {
+ writer.writeStartElement(prefix,
SPConstants.HTTP_BASIC_AUTHENTICATION.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ } else if(isHttpDigestAuthentication()) {
+ writer.writeStartElement(prefix,
SPConstants.HTTP_DIGEST_AUTHENTICATION.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ } else if(isRequireClientCertificate()) {
+ writer.writeStartElement(prefix,
SPConstants.REQUIRE_CLIENT_CERTIFICATE.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+ // </wsp:Policy>
+ writer.writeEndElement();
+ }
+ } else {
+ // RequireClientCertificate=".."
+
writer.writeAttribute(SPConstants.REQUIRE_CLIENT_CERTIFICATE.getLocalPart(),
Boolean
+ .toString(isRequireClientCertificate()));
+ }
writer.writeEndElement();
// </sp:HttpsToken>
