/**
* Sets the crypto information required to process the RSTR.
*
* @param crypto Crypto information
* @param cbHandler Callback handler to provide the private key password to
* decrypt
*/
public void setCryptoInfo(Crypto crypto, CallbackHandler cbHandler) {
this.crypto = crypto;
this.cbHandler = cbHandler;
}
Test Harness from RampartUtil:
public static String getToken(RampartMessageData rmd, OMElement rstTemplate,
String issuerEpr, String action, Policy issuerPolicy) throws
RampartException {
try {
//First check whether the user has provided the token
MessageContext msgContext = rmd.getMsgContext();
String customTokeId = (String) msgContext
.getProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN);
if(customTokeId != null) {
return customTokeId;
} else {
Axis2Util.useDOOM(false);
STSClient client = new STSClient(rmd.getMsgContext()
.getConfigurationContext());
// Set request action
client.setAction(action);
client.setRstTemplate(rstTemplate);
// Set crypto information
Crypto crypto =
RampartUtil.getSignatureCrypto(rmd.getPolicyData().getRampartConfig(),
rmd.getMsgContext().getAxisService().getClassLoader());
CallbackHandler cbh = RampartUtil.getPasswordCB(rmd);
client.setCryptoInfo(crypto, cbh);
which is called from BindingBuilder:
protected WSSecUsernameToken addUsernameToken(RampartMessageData rmd) throws
RampartException {
log.debug("Adding a UsernameToken");
RampartPolicyData rpd = rmd.getPolicyData();
//Get the user
//First try options
Options options = rmd.getMsgContext().getOptions();
String user = options.getUserName();
if(user == null || user.length() == 0) {
//Then try RampartConfig
if(rpd.getRampartConfig() != null) {
user = rpd.getRampartConfig().getUser();
}
}
if(user != null && !"".equals(user)) {
log.debug("User : " + user);
//Get the password
//First check options object for a password
String password = options.getPassword();
if((password == null || password.length() == 0) &&
rpd.getRampartConfig() != null) {
//Then try to get the password from the given callback handler
CallbackHandler handler = RampartUtil.getPasswordCB(rmd);
where RampartPolicyData has mutator method for recipientToken
/*** @param recipientToken The recipientToken to set. */
public void setRecipientToken(Token recipientToken) {
this.recipientToken = recipientToken;
}
and in the RecipientBuilder.java
/**
* Evaluate policy data that is specific to asymmetric binding.
*
* @param binding
* The asymmetric binding data
* @param rpd
* The WSS4J data to initialize
*/
private static void asymmetricBinding(AsymmetricBinding binding,
RampartPolicyData rpd) throws WSSPolicyException {
TokenWrapper tokWrapper = binding.getRecipientToken();
TokenWrapper tokWrapper1 = binding.getInitiatorToken();
if (tokWrapper == null && tokWrapper1 == null) {
// this is an error - throw something
}
rpd.setRecipientToken(((RecipientToken)
tokWrapper).getReceipientToken());
rpd.setInitiatorToken(((InitiatorToken)
tokWrapper1).getInitiatorToken());
}
the key is to make sure Rec<e>ipientToken is included in the binding
/** in the case of AssymetricBinding ******/
public PolicyComponent normalize() {
if (isNormalized()) {
return this;
}
AlgorithmSuite algorithmSuite = getAlgorithmSuite();
List configs = algorithmSuite.getConfigurations();
Policy policy = new Policy();
ExactlyOne exactlyOne = new ExactlyOne();
policy.addPolicyComponent(exactlyOne);
All wrapper;
AsymmetricBinding asymmetricBinding;
for (Iterator iterator = configs.iterator(); iterator.hasNext();) {
wrapper = new All();
asymmetricBinding = new AsymmetricBinding();
asymmetricBinding.setAlgorithmSuite((AlgorithmSuite) iterator
.next());
asymmetricBinding
.setEntireHeadersAndBodySignatures(isEntireHeadersAndBodySignatures());
asymmetricBinding.setIncludeTimestamp(isIncludeTimestamp());
asymmetricBinding.setInitiatorToken(getInitiatorToken());
asymmetricBinding.setLayout(getLayout());
asymmetricBinding.setProtectionOrder(getProtectionOrder());
asymmetricBinding.setRecipientToken(getRecipientToken());
/********here is where the recipientToken is inserted to the Binding *******/
Martin
______________________________________________
Disclaimer and confidentiality note
Everything in this e-mail and any attachments relates to the official business
of Sender. This transmission is of a confidential nature and Sender does not
endorse distribution to any party other than intended recipient. Sender does
not necessarily endorse content contained within this transmission.
> Date: Wed, 11 Mar 2009 08:55:09 +0100
> Subject: Re: Adding security header to STSClient in rahas
> From: hakon.sageh...@bccs.uib.no
> To: rampart-dev@ws.apache.org
>
> Hi
>
> Yes, I've got this in the policy
>
> <sp:SupportingTokens
> xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
> <sp:UsernameToken
> sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";
> />
> </wsp:Policy>
> </sp:SupportingTokens>
>
> After I define the symmetricbinding element. Do you know if what I asked
> about how to test if the callback handler should provide a password to the
> keystore or actually check username and password was correct?
>
> cheers, Håkon
>
>
> 2009/3/10 Massimiliano Masi <m...@math.unifi.it>
>
> > Hi,
> >
> > Did you add in your STS policy something like:
> >
> > <wsp:Policy>
> > <sp:UsernameToken sp:IncludeToken="
> > http://docs.oasis-open.org/ws-s
> > x/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
> > <wsp:Policy>
> > <sp:HashPassword />
> > </wsp:Policy>
> > </sp:UsernameToken>
> > </wsp:Policy>
> >
> >
> >
> >
> > Quoting Håkon Sagehaug <hakon.sageh...@bccs.uib.no>:
> >
> > Hi all,
> >>
> >> I wanted to add username/password token in my request to my sts service.
> >> I'm
> >> using the STSClient from rahas and tried with this
> >>
> >> Options options = new Options();
> >> options.setUserName("user");
> >> options.setPassword("pass");
> >> options.setProperty(RampartMessageData.KEY_RAMPART_POLICY,
> >> loadPolicy("policy/sts_policy.xml"));
> >> stsClient.setOptions(options);
> >>
> >> But the messages don't have a security header.
> >>
> >> Alos how should I configure the callback handler, since it need to both
> >> validate the username password and fetch the certificate for validating
> >> the
> >> signed message. Should it be something like this
> >>
> >> if(pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN){
> >> /* Do password validation*/
> >> }
> >>
> >> if(pwcb.getUsage() == WSPasswordCallback.SIGNATURE){
> >> /* Do set password for keystore*/
> >> }
> >>
> >> cheers, Håkon
> >> --
> >> Håkon Sagehaug, Scientific Programmer
> >> Parallab, Bergen Center for Computational Science (BCCS)
> >> UNIFOB AS (University of Bergen Research Company)
> >>
> >>
> >
> >
> > ----------------------------------------------------------------
> > This message was sent using IMP, the Internet Messaging Program.
> >
> >
> >
>
>
> --
> Håkon Sagehaug, Scientific Programmer
> Parallab, Bergen Center for Computational Science (BCCS)
> UNIFOB AS (University of Bergen Research Company)
_________________________________________________________________
Windows Live™: Life without walls.
http://windowslive.com/explore?ocid=TXT_TAGLM_WL_allup_1a_explore_032009
