Author: mckierna
Date: Fri Nov 23 03:45:13 2007
New Revision: 597648
URL: http://svn.apache.org/viewvc?rev=597648&view=rev
Log:
RSP: some security refactoring to make checks easier
Modified:
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/handlers/SandeshaGlobalInHandler.java
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/AckRequestedProcessor.java
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/AcknowledgementProcessor.java
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/CloseSequenceProcessor.java
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/CreateSeqResponseMsgProcessor.java
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/MakeConnectionProcessor.java
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/SequenceProcessor.java
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/TerminateSeqMsgProcessor.java
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/TerminateSeqResponseMsgProcessor.java
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/util/SandeshaUtil.java
webservices/sandesha/trunk/java/modules/tests/src/test/java/org/apache/sandesha2/security/UnitTestSecurityManager.java
Modified:
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/handlers/SandeshaGlobalInHandler.java
URL:
http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/handlers/SandeshaGlobalInHandler.java?rev=597648&r1=597647&r2=597648&view=diff
==============================================================================
---
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/handlers/SandeshaGlobalInHandler.java
(original)
+++
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/handlers/SandeshaGlobalInHandler.java
Fri Nov 23 03:45:13 2007
@@ -23,7 +23,6 @@
import javax.xml.namespace.QName;
-import org.apache.axiom.om.OMElement;
import org.apache.axiom.soap.SOAPBody;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axiom.soap.SOAPHeader;
@@ -43,8 +42,6 @@
import org.apache.sandesha2.client.SandeshaClientConstants;
import org.apache.sandesha2.i18n.SandeshaMessageHelper;
import org.apache.sandesha2.i18n.SandeshaMessageKeys;
-import org.apache.sandesha2.security.SecurityManager;
-import org.apache.sandesha2.security.SecurityToken;
import org.apache.sandesha2.storage.StorageManager;
import org.apache.sandesha2.storage.Transaction;
import org.apache.sandesha2.storage.beanmanagers.RMDBeanMgr;
@@ -177,24 +174,16 @@
RMDBeanMgr mgr = storageManager.getRMDBeanMgr();
RMDBean bean = mgr.retrieve(sequenceId);
- if(bean != null && bean.getSecurityTokenData() != null) {
- SecurityManager secManager =
SandeshaUtil.getSecurityManager(rmMsgCtx.getConfigurationContext());
-
- QName seqName = new QName(rmMsgCtx.getRMNamespaceValue(),
Sandesha2Constants.WSRM_COMMON.SEQUENCE);
-
- SOAPEnvelope envelope = rmMsgCtx.getSOAPEnvelope();
- OMElement body = envelope.getBody();
- OMElement seqHeader =
envelope.getHeader().getFirstChildWithName(seqName);
-
- SecurityToken token =
secManager.recoverSecurityToken(bean.getSecurityTokenData());
-
- secManager.checkProofOfPossession(token, seqHeader,
rmMsgCtx.getMessageContext());
- secManager.checkProofOfPossession(token, body,
rmMsgCtx.getMessageContext());
- }
-
MessageContext messageContext = rmMsgCtx.getMessageContext();
-
- if (bean != null) {
+
+ if(bean != null){
+
+ //first check the security credentials of the msg is necessary
+ SandeshaUtil.assertProofOfPossession(bean, messageContext,
messageContext.getEnvelope().getBody());
+ SandeshaUtil.assertProofOfPossession(bean, messageContext,
+
messageContext.getEnvelope().getHeader().getFirstChildWithName(new
QName(rmMsgCtx.getRMNamespaceValue(),
+
Sandesha2Constants.WSRM_COMMON.SEQUENCE)));
+
if (msgNo == 0) {
String message =
SandeshaMessageHelper.getMessage(SandeshaMessageKeys.invalidMsgNumber, Long
@@ -224,16 +213,16 @@
//still allow this msg if we have no corresponding invoker bean
for it and we are inOrder
if(SandeshaUtil.isInOrder(rmMsgCtx.getMessageContext()))
{
- InvokerBean finderBean = new InvokerBean();
- finderBean.setMsgNo(msgNo);
- finderBean.setSequenceID(sequenceId);
- List invokerBeanList =
storageManager.getInvokerBeanMgr().find(finderBean);
- if((invokerBeanList==null || invokerBeanList.size()==0)
- && bean.getNextMsgNoToProcess()<=msgNo){
- isDuplicate = false;
- if (log.isDebugEnabled())
- log.debug("Allowing completed message on sequence " +
sequenceId + ", msgNo " + msgNo);
- }
+ InvokerBean finderBean = new InvokerBean();
+ finderBean.setMsgNo(msgNo);
+ finderBean.setSequenceID(sequenceId);
+ List invokerBeanList =
storageManager.getInvokerBeanMgr().find(finderBean);
+ if((invokerBeanList==null || invokerBeanList.size()==0)
+ && bean.getNextMsgNoToProcess()<=msgNo){
+ isDuplicate = false;
+ if (log.isDebugEnabled())
+ log.debug("Allowing completed message on sequence " +
sequenceId + ", msgNo " + msgNo);
+ }
}
if(isDuplicate){
Modified:
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/AckRequestedProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/AckRequestedProcessor.java?rev=597648&r1=597647&r2=597648&view=diff
==============================================================================
---
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/AckRequestedProcessor.java
(original)
+++
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/AckRequestedProcessor.java
Fri Nov 23 03:45:13 2007
@@ -111,12 +111,10 @@
// Check that the sender of this AckRequest holds the correct
token
RMDBean rmdBean =
SandeshaUtil.getRMDBeanFromSequenceId(storageManager, sequenceId);
-
- if(rmdBean != null && rmdBean.getSecurityTokenData() != null) {
- SecurityManager secManager =
SandeshaUtil.getSecurityManager(configurationContext);
- SecurityToken token =
secManager.recoverSecurityToken(rmdBean.getSecurityTokenData());
-
- secManager.checkProofOfPossession(token, soapHeader,
msgContext);
+
+ //check security credentials
+ if(rmdBean!=null){
+ SandeshaUtil.assertProofOfPossession(rmdBean,
msgContext, soapHeader);
}
// Check that the sequence requested exists
Modified:
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/AcknowledgementProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/AcknowledgementProcessor.java?rev=597648&r1=597647&r2=597648&view=diff
==============================================================================
---
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/AcknowledgementProcessor.java
(original)
+++
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/AcknowledgementProcessor.java
Fri Nov 23 03:45:13 2007
@@ -121,12 +121,7 @@
// Check that the sender of this Ack holds the correct token
String internalSequenceId = rmsBean.getInternalSequenceID();
- if(rmsBean.getSecurityTokenData() != null) {
- SecurityManager secManager =
SandeshaUtil.getSecurityManager(configCtx);
- SecurityToken token =
secManager.recoverSecurityToken(rmsBean.getSecurityTokenData());
-
- secManager.checkProofOfPossession(token, soapHeader,
msgCtx);
- }
+ SandeshaUtil.assertProofOfPossession(rmsBean, msgCtx,
soapHeader);
if(log.isDebugEnabled()) log.debug("Got Ack for RM Sequence: "
+ outSequenceId + ", internalSeqId: " + internalSequenceId);
Iterator ackRangeIterator =
sequenceAck.getAcknowledgementRanges().iterator();
Modified:
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/CloseSequenceProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/CloseSequenceProcessor.java?rev=597648&r1=597647&r2=597648&view=diff
==============================================================================
---
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/CloseSequenceProcessor.java
(original)
+++
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/CloseSequenceProcessor.java
Fri Nov 23 03:45:13 2007
@@ -75,14 +75,9 @@
.getAxisConfiguration());
RMDBean rmdBean =
SandeshaUtil.getRMDBeanFromSequenceId(storageManager, sequenceId);
-
- // Check that the sender of this CloseSequence holds the
correct token
- if(rmdBean != null && rmdBean.getSecurityTokenData() != null) {
- SecurityManager secManager =
SandeshaUtil.getSecurityManager(msgCtx.getConfigurationContext());
- OMElement body = msgCtx.getEnvelope().getBody();
- SecurityToken token =
secManager.recoverSecurityToken(rmdBean.getSecurityTokenData());
- secManager.checkProofOfPossession(token, body, msgCtx);
- }
+
+ //check the security credentials
+ SandeshaUtil.assertProofOfPossession(rmdBean, msgCtx,
msgCtx.getEnvelope().getBody());
if (FaultManager.checkForUnknownSequence(rmMsgCtx, sequenceId,
storageManager, false)) {
if (log.isDebugEnabled())
Modified:
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/CreateSeqResponseMsgProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/CreateSeqResponseMsgProcessor.java?rev=597648&r1=597647&r2=597648&view=diff
==============================================================================
---
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/CreateSeqResponseMsgProcessor.java
(original)
+++
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/CreateSeqResponseMsgProcessor.java
Fri Nov 23 03:45:13 2007
@@ -21,7 +21,6 @@
import java.util.Iterator;
-import org.apache.axiom.om.OMElement;
import org.apache.axis2.AxisFault;
import org.apache.axis2.addressing.EndpointReference;
import org.apache.axis2.addressing.RelatesTo;
@@ -37,8 +36,6 @@
import org.apache.sandesha2.i18n.SandeshaMessageHelper;
import org.apache.sandesha2.i18n.SandeshaMessageKeys;
import org.apache.sandesha2.policy.SandeshaPolicyBean;
-import org.apache.sandesha2.security.SecurityManager;
-import org.apache.sandesha2.security.SecurityToken;
import org.apache.sandesha2.storage.StorageManager;
import org.apache.sandesha2.storage.Transaction;
import org.apache.sandesha2.storage.beanmanagers.RMSBeanMgr;
@@ -113,14 +110,8 @@
}
// Check that the create sequence response message proves
possession of the correct token
- String tokenData = rmsBean.getSecurityTokenData();
- if(tokenData != null) {
- SecurityManager secManager =
SandeshaUtil.getSecurityManager(configCtx);
- MessageContext crtSeqResponseCtx =
createSeqResponseRMMsgCtx.getMessageContext();
- OMElement body =
crtSeqResponseCtx.getEnvelope().getBody();
- SecurityToken token =
secManager.recoverSecurityToken(tokenData);
- secManager.checkProofOfPossession(token, body,
crtSeqResponseCtx);
- }
+ MessageContext msgCtx =
createSeqResponseRMMsgCtx.getMessageContext();
+ SandeshaUtil.assertProofOfPossession(rmsBean, msgCtx,
msgCtx.getEnvelope().getBody());
String internalSequenceId = rmsBean.getInternalSequenceID();
if (internalSequenceId == null ||
"".equals(internalSequenceId)) {
Modified:
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/MakeConnectionProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/MakeConnectionProcessor.java?rev=597648&r1=597647&r2=597648&view=diff
==============================================================================
---
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/MakeConnectionProcessor.java
(original)
+++
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/MakeConnectionProcessor.java
Fri Nov 23 03:45:13 2007
@@ -21,6 +21,7 @@
import java.util.Collection;
import java.util.Iterator;
+import java.util.List;
import java.util.Random;
import org.apache.axis2.AxisFault;
@@ -39,10 +40,14 @@
import org.apache.sandesha2.SandeshaException;
import org.apache.sandesha2.i18n.SandeshaMessageHelper;
import org.apache.sandesha2.i18n.SandeshaMessageKeys;
+import org.apache.sandesha2.security.SecurityManager;
+import org.apache.sandesha2.security.SecurityToken;
import org.apache.sandesha2.storage.StorageManager;
import org.apache.sandesha2.storage.Transaction;
import org.apache.sandesha2.storage.beanmanagers.SenderBeanMgr;
+import org.apache.sandesha2.storage.beans.RMDBean;
import org.apache.sandesha2.storage.beans.RMSBean;
+import org.apache.sandesha2.storage.beans.RMSequenceBean;
import org.apache.sandesha2.storage.beans.SenderBean;
import org.apache.sandesha2.util.MsgInitializer;
import org.apache.sandesha2.util.SandeshaUtil;
@@ -72,24 +77,66 @@
if(log.isDebugEnabled()) log.debug("Enter:
MakeConnectionProcessor::processInMessage " +
rmMsgCtx.getSOAPEnvelope().getBody());
MakeConnection makeConnection = (MakeConnection)
rmMsgCtx.getMakeConnection();
+
Address address = makeConnection.getAddress();
Identifier identifier = makeConnection.getIdentifier();
+ //some initial setup
ConfigurationContext configurationContext =
rmMsgCtx.getConfigurationContext();
StorageManager storageManager =
SandeshaUtil.getSandeshaStorageManager(configurationContext,configurationContext.getAxisConfiguration());
+ SecurityManager secManager =
SandeshaUtil.getSecurityManager(configurationContext);
+ SecurityToken token =
secManager.getSecurityToken(rmMsgCtx.getMessageContext());
+ //we want to find valid sender beans
+ SenderBean findSenderBean = new SenderBean();
+ if(token!=null){
+ if(log.isDebugEnabled()) log.debug("token found " +
token);
+ //this means we have to scope our search for sender
beans that belong to sequences that own the same token
+ String data = secManager.getTokenRecoveryData(token);
+ //first look for RMS beans
+ RMSBean finderRMS = new RMSBean();
+ finderRMS.setSecurityTokenData(data);
+ List possibleBeans =
storageManager.getRMSBeanMgr().find(finderRMS);
+
+ //try looking for RMD beans too
+ RMDBean finderRMD = new RMDBean();
+ finderRMD.setSecurityTokenData(data);
+ List tempList =
storageManager.getRMDBeanMgr().find(finderRMD);
+
+ //combine these two into one list
+ possibleBeans.addAll(tempList);
+
+ int size = possibleBeans.size();
+
+ if(size>0){
+ //select one at random: TODO better method?
+ Random random = new Random ();
+ int itemToPick = random.nextInt(size);
+ RMSequenceBean selectedSequence =
(RMSequenceBean)possibleBeans.get(itemToPick);
+
findSenderBean.setSequenceID(selectedSequence.getSequenceID());
+ if(log.isDebugEnabled()) log.debug("sequence
selected " + findSenderBean.getSequenceID());
+ }
+ else{
+ //we cannot match a RMD with the correct
security credentials so we cannot process this msg under RSP
+ if(log.isDebugEnabled()) log.debug("Exit:
MakeConnectionProcessor::processInMessage : no RM sequence bean with security
credentials" );
+ //return false; //TODO put this in once tested
live
+ }
+ }
+
+ //lookup a sender bean
SenderBeanMgr senderBeanMgr = storageManager.getSenderBeanMgr();
//selecting the set of SenderBeans that suit the given criteria.
- SenderBean findSenderBean = new SenderBean ();
findSenderBean.setSend(true);
findSenderBean.setTransportAvailable(false);
if (address!=null)
findSenderBean.setToAddress(address.getAddress());
- if (identifier!=null)
+ if (identifier!=null){
+ if(log.isDebugEnabled()) log.debug("identifier set,
this violates RSP " + identifier);
findSenderBean.setSequenceID(identifier.getIdentifier());
+ }
// Set the time to send field to be now
findSenderBean.setTimeToSend(System.currentTimeMillis());
Modified:
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/SequenceProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/SequenceProcessor.java?rev=597648&r1=597647&r2=597648&view=diff
==============================================================================
---
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/SequenceProcessor.java
(original)
+++
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/SequenceProcessor.java
Fri Nov 23 03:45:13 2007
@@ -112,20 +112,11 @@
RMDBeanMgr mgr = storageManager.getRMDBeanMgr();
RMDBean bean = mgr.retrieve(sequenceId);
- if(bean != null && bean.getSecurityTokenData() != null) {
- SecurityManager secManager =
SandeshaUtil.getSecurityManager(msgCtx.getConfigurationContext());
-
- QName seqName = new
QName(rmMsgCtx.getRMNamespaceValue(), Sandesha2Constants.WSRM_COMMON.SEQUENCE);
-
- SOAPEnvelope envelope = msgCtx.getEnvelope();
- OMElement body = envelope.getBody();
- OMElement seqHeader =
envelope.getHeader().getFirstChildWithName(seqName);
-
- SecurityToken token =
secManager.recoverSecurityToken(bean.getSecurityTokenData());
-
- secManager.checkProofOfPossession(token, seqHeader,
msgCtx);
- secManager.checkProofOfPossession(token, body, msgCtx);
- }
+ //check the security credentials
+ SandeshaUtil.assertProofOfPossession(bean, msgCtx,
msgCtx.getEnvelope().getHeader().
+ getFirstChildWithName(new
QName(rmMsgCtx.getRMNamespaceValue(),
Sandesha2Constants.WSRM_COMMON.SEQUENCE)));
+ SandeshaUtil.assertProofOfPossession(bean, msgCtx,
msgCtx.getEnvelope().getBody());
+
// Store the inbound sequence id, number and lastMessage onto
the operation context
OperationContext opCtx = msgCtx.getOperationContext();
Modified:
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/TerminateSeqMsgProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/TerminateSeqMsgProcessor.java?rev=597648&r1=597647&r2=597648&view=diff
==============================================================================
---
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/TerminateSeqMsgProcessor.java
(original)
+++
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/TerminateSeqMsgProcessor.java
Fri Nov 23 03:45:13 2007
@@ -95,12 +95,10 @@
// Check that the sender of this TerminateSequence holds the
correct token
RMDBean rmdBean =
SandeshaUtil.getRMDBeanFromSequenceId(storageManager, sequenceId);
- if(rmdBean != null && rmdBean.getSecurityTokenData() != null) {
- SecurityManager secManager =
SandeshaUtil.getSecurityManager(context);
- OMElement body =
terminateSeqRMMsg.getSOAPEnvelope().getBody();
- SecurityToken token =
secManager.recoverSecurityToken(rmdBean.getSecurityTokenData());
- secManager.checkProofOfPossession(token, body,
terminateSeqRMMsg.getMessageContext());
- }
+
+ //check security credentials
+ SandeshaUtil.assertProofOfPossession(rmdBean, terminateSeqMsg,
+ terminateSeqMsg.getEnvelope().getBody());
if (FaultManager.checkForUnknownSequence(terminateSeqRMMsg,
sequenceId, storageManager, false)) {
if (log.isDebugEnabled())
Modified:
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/TerminateSeqResponseMsgProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/TerminateSeqResponseMsgProcessor.java?rev=597648&r1=597647&r2=597648&view=diff
==============================================================================
---
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/TerminateSeqResponseMsgProcessor.java
(original)
+++
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/msgprocessors/TerminateSeqResponseMsgProcessor.java
Fri Nov 23 03:45:13 2007
@@ -19,7 +19,6 @@
package org.apache.sandesha2.msgprocessors;
-import org.apache.axiom.om.OMElement;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.context.MessageContext;
@@ -28,8 +27,6 @@
import org.apache.sandesha2.RMMsgContext;
import org.apache.sandesha2.Sandesha2Constants;
import org.apache.sandesha2.polling.PollingManager;
-import org.apache.sandesha2.security.SecurityManager;
-import org.apache.sandesha2.security.SecurityToken;
import org.apache.sandesha2.storage.StorageManager;
import org.apache.sandesha2.storage.Transaction;
import org.apache.sandesha2.storage.beanmanagers.RMDBeanMgr;
@@ -60,14 +57,9 @@
String sequenceId = tsResponse.getIdentifier().getIdentifier();
RMSBean rmsBean =
SandeshaUtil.getRMSBeanFromSequenceId(storageManager, sequenceId);
-
- // Check that the sender of this TerminateSequence holds the
correct token
- if(rmsBean != null && rmsBean.getSecurityTokenData() != null) {
- SecurityManager secManager =
SandeshaUtil.getSecurityManager(context);
- OMElement body =
terminateResRMMsg.getSOAPEnvelope().getBody();
- SecurityToken token =
secManager.recoverSecurityToken(rmsBean.getSecurityTokenData());
- secManager.checkProofOfPossession(token, body,
msgContext);
- }
+
+ //check security credentials
+ SandeshaUtil.assertProofOfPossession(rmsBean, msgContext,
msgContext.getEnvelope().getBody());
msgContext.setProperty(Sandesha2Constants.MessageContextProperties.INTERNAL_SEQUENCE_ID,rmsBean.getInternalSequenceID());
Modified:
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/util/SandeshaUtil.java
URL:
http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/util/SandeshaUtil.java?rev=597648&r1=597647&r2=597648&view=diff
==============================================================================
---
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/util/SandeshaUtil.java
(original)
+++
webservices/sandesha/trunk/java/modules/core/src/main/java/org/apache/sandesha2/util/SandeshaUtil.java
Fri Nov 23 03:45:13 2007
@@ -69,6 +69,7 @@
import org.apache.sandesha2.i18n.SandeshaMessageKeys;
import org.apache.sandesha2.policy.SandeshaPolicyBean;
import org.apache.sandesha2.security.SecurityManager;
+import org.apache.sandesha2.security.SecurityToken;
import org.apache.sandesha2.storage.StorageManager;
import org.apache.sandesha2.storage.beanmanagers.RMDBeanMgr;
import org.apache.sandesha2.storage.beanmanagers.RMSBeanMgr;
@@ -463,6 +464,25 @@
}
+ public static void assertProofOfPossession(RMSequenceBean bean,
MessageContext context, OMElement elementToCheck)throws SandeshaException{
+ if (log.isDebugEnabled())
+ log.debug("Enter: SandeshaUtil::assertProofOfPossession
:" + bean + ", " + context + ", " + elementToCheck);
+
+ String tokenData = null;
+ if(bean!=null){
+ tokenData = bean.getSecurityTokenData();
+ }
+ if(tokenData != null) {
+ if (log.isDebugEnabled()) log.debug("debug:" +
tokenData);
+ SecurityManager secManager =
SandeshaUtil.getSecurityManager(context.getConfigurationContext());
+ SecurityToken token =
secManager.recoverSecurityToken(tokenData);
+ secManager.checkProofOfPossession(token,
elementToCheck, context); //this will exception if there is no proof
+ }
+
+ if (log.isDebugEnabled())
+ log.debug("Exit:
SandeshaUtil::assertProofOfPossession");
+ }
+
public static void copyConfiguredProperties (MessageContext
fromMessage, MessageContext toMessage) throws AxisFault {
@@ -622,7 +642,6 @@
}
public static long getLastMessageNumber(String internalSequenceID,
StorageManager storageManager)throws SandeshaException {
-
RMSBean rMSBean =
getRMSBeanFromInternalSequenceId(storageManager, internalSequenceID);
long lastMessageNumber = 0;
if(rMSBean!=null){
@@ -835,10 +854,11 @@
Parameter classLoaderParam =
config.getParameter(Sandesha2Constants.MODULE_CLASS_LOADER);
if(classLoaderParam != null) classLoader =
(ClassLoader) classLoaderParam.getValue();
+
if (classLoader==null)
throw new SandeshaException
(SandeshaMessageHelper.getMessage(SandeshaMessageKeys.classLoaderNotFound));
- Class c = classLoader.loadClass(className);
+ Class c = classLoader.loadClass(className);
Class configContextClass = context.getClass();
Constructor constructor = c.getConstructor(new Class[]
{ configContextClass });
@@ -850,6 +870,7 @@
}
return (SecurityManager) obj;
+
} catch (Exception e) {
String message =
SandeshaMessageHelper.getMessage(SandeshaMessageKeys.cannotInitSecurityManager,
e.toString());
throw new SandeshaException(message,e);
@@ -1120,6 +1141,11 @@
if (log.isDebugEnabled())
log.debug("Unreliable operation");
result = true;
}
+ else if(null != unreliableParam &&
"false".equals(unreliable)){
+ //a forced reliable message
+ if (log.isDebugEnabled())
log.debug("Forced reliable message context");
+ result = false;
+ }
}
}
Modified:
webservices/sandesha/trunk/java/modules/tests/src/test/java/org/apache/sandesha2/security/UnitTestSecurityManager.java
URL:
http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/modules/tests/src/test/java/org/apache/sandesha2/security/UnitTestSecurityManager.java?rev=597648&r1=597647&r2=597648&view=diff
==============================================================================
---
webservices/sandesha/trunk/java/modules/tests/src/test/java/org/apache/sandesha2/security/UnitTestSecurityManager.java
(original)
+++
webservices/sandesha/trunk/java/modules/tests/src/test/java/org/apache/sandesha2/security/UnitTestSecurityManager.java
Fri Nov 23 03:45:13 2007
@@ -41,7 +41,6 @@
private static Log log =
LogFactory.getLog(UnitTestSecurityManager.class);
private static HashMap tokens = new HashMap();
- private static int id = 0;
private static String secNamespace =
Sandesha2Constants.SPEC_2005_02.SEC_NS_URI;
private static QName unitTestHeader = new
QName("http://unit.test.security";, "tokenId");
@@ -58,7 +57,7 @@
{
log.debug("Enter:
UnitTestSecurityManager::getSecurityToken(MessageContext)");
- UnitTestSecurityToken result = new UnitTestSecurityToken(id++);
+ UnitTestSecurityToken result = new UnitTestSecurityToken(1);
//use the same token for all messages in unit test
tokens.put(getTokenRecoveryData(result), result);
log.debug("Exit: UnitTestSecurityManager::getSecurityToken " +
result);
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
