ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gi...@apache.org
Subject svn commit: r1295267 [1/11] - in /webservices/wss4j/branches/swssf: rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/ streaming-ws-policy/src/main/java/org/swssf/policy/ streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/ s...
Date Wed, 29 Feb 2012 20:54:56 GMT
Author: giger
Date: Wed Feb 29 20:54:51 2012
New Revision: 1295267

URL: http://svn.apache.org/viewvc?rev=1295267&view=rev
Log:
A lot of work on the policy verification code

Added:
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyUtils.java   (with props)
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSecurityToken.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/InboundWSSecurityContextImpl.java   (contents, props changed)
      - copied, changed from r1235883, webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/WSSecurityContextImpl.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/WSSecurityContextImpl.java   (with props)
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/OperationInputProcessor.java   (with props)
Modified:
    webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SignedElementsBuilder.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/Assertable.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyConstants.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyEnforcer.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyEnforcerFactory.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyInputProcessor.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/ContentEncryptedElementsAssertionState.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedElementsAssertionState.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedPartsAssertionState.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/OnlySignEntireHeadersAndBodyAssertionState.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/ProtectionOrderAssertionState.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredElementsAssertionState.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredPartsAssertionState.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SamlTokenAssertionState.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignatureProtectionAssertionState.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedElementsAssertionState.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedPartsAssertionState.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/TokenAssertionState.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/UsernameTokenAssertionState.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/X509TokenAssertionState.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/AbstractPolicyTestBase.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/AsymmetricBindingIntegrationTest.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/AsymmetricBindingTest.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/ContentEncryptedElementsTest.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/EncryptedElementsTest.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/EncryptedPartsTest.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/HttpsTokenTest.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/IssuedTokenTest.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/KerberosTokenTest.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/KeyValueTokenTest.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/LayoutTest.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/RelTokenTest.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/RequiredElementsTest.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/RequiredPartsTest.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SamlTokenTest.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SecureConversationTokenTest.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SecurityContextTokenTest.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SignedElementsTest.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SignedPartsTest.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SpnegoContextTokenTest.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SymmetricBindingTest.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/TransportBindingIntegrationTest.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/TransportBindingTest.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/UsernameTokenTest.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/X509TokenTest.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/InboundWSSec.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/OutboundWSSec.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSConstants.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSUtils.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSecurityContext.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/WSSDocumentContextImpl.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/BinarySecurityTokenInputHandler.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DecryptInputProcessor.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DerivedKeyTokenInputHandler.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/EncryptedKeyInputHandler.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SAMLTokenInputHandler.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SecurityContextTokenInputHandler.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SecurityTokenReferenceInputHandler.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SignatureInputHandler.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SignatureReferenceVerifyInputProcessor.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/UsernameTokenInputHandler.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/BinarySecurityTokenOutputProcessor.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/DerivedKeyTokenOutputProcessor.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptOutputProcessor.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptedKeyOutputProcessor.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SAMLTokenOutputProcessor.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SecurityContextTokenOutputProcessor.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SignatureConfirmationOutputProcessor.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/UsernameTokenOutputProcessor.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/saml/OpenSAMLBootstrap.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/saml/OpenSAMLUtil.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/saml/SAMLAssertionWrapper.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/saml/SAMLCallback.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/saml/bean/ActionBean.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/saml/bean/AttributeBean.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/saml/bean/AttributeStatementBean.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/saml/bean/AuthDecisionStatementBean.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/saml/bean/AuthenticationStatementBean.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/saml/bean/ConditionsBean.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/saml/bean/KeyInfoBean.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/saml/bean/SubjectBean.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/saml/bean/SubjectLocalityBean.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/saml/builder/SAML1ComponentBuilder.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/saml/builder/SAML1Constants.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/saml/builder/SAML2ComponentBuilder.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/saml/builder/SAML2Constants.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/AbstractSecurityToken.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/HttpsSecurityToken.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SAMLSecurityToken.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecureConversationSecurityToken.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecurityTokenFactoryImpl.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecurityTokenReference.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/ThumbprintSHA1SecurityToken.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/UsernameSecurityToken.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509DataSecurityToken.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509DefaultSecurityToken.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509PKIPathv1SecurityToken.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509SecurityToken.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509SubjectKeyIdentifierSecurityToken.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509_V3SecurityToken.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/securityEvent/ContentEncryptedElementSecurityEvent.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/securityEvent/EncryptedElementSecurityEvent.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/securityEvent/EncryptedPartSecurityEvent.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/securityEvent/HttpsTokenSecurityEvent.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/securityEvent/OperationSecurityEvent.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/securityEvent/RequiredElementSecurityEvent.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/securityEvent/RequiredPartSecurityEvent.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/securityEvent/SecurityEvent.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/securityEvent/SignedElementSecurityEvent.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/securityEvent/SignedPartSecurityEvent.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/securityEvent/TokenSecurityEvent.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/AbstractTestBase.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/CallbackHandlerImpl.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/DerivedKeyTokenTest.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/InteroperabilityTest.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/PerformanceMemoryTest.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/PerformanceTimingTest.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/SignatureConfirmationTest.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/VulnerabliltyVectorsTest.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/AbstractSAMLCallbackHandler.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAML1AuthnHOKHandler.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAML1CallbackHandler.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAML2CallbackHandler.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAMLTokenTest.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/utils/SOAPUtil.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/Crypto.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/CryptoBase.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/CryptoType.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/DERDecoder.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/Loader.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/Merlin.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/MerlinBase.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/X509SubjectPublicKeyInfo.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractInputSecurityHeaderHandler.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/DocumentContext.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/SecurityContext.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/SecurityToken.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/SecurityTokenProvider.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/DocumentContextImpl.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/SecurityContextImpl.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/algorithms/ECDSAUtils.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/algorithms/PKISignatureAlgorithm.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractDecryptInputProcessor.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractSignatureInputHandler.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/output/AbstractSignatureEndingOutputProcessor.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/securityToken/SecurityTokenFactory.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/securityToken/SecurityTokenFactoryImpl.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/test/java/org/swssf/xmlsec/test/Canonicalizer11Test.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/test/java/org/swssf/xmlsec/test/Canonicalizer20010315ExclusiveTest.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/test/java/org/swssf/xmlsec/test/Canonicalizer20010315Test.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/test/java/org/swssf/xmlsec/test/Santuario191Test.java

Modified: webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SignedElementsBuilder.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SignedElementsBuilder.java?rev=1295267&r1=1295266&r2=1295267&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SignedElementsBuilder.java (original)
+++ webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SignedElementsBuilder.java Wed Feb 29 20:54:51 2012
@@ -66,7 +66,7 @@ public class SignedElementsBuilder imple
                     && spVersion.getSPConstants().getXPathExpression().getNamespaceURI().equals(child.getNamespaceURI())) {
                 Map<String, String> declaredNamespaces = new HashMap<String, String>();
                 addDeclaredNamespaces(child, declaredNamespaces);
-                xPaths.add(new XPath(child.getTextContent(), XPath.Version.V1, null, declaredNamespaces));
+                xPaths.add(new XPath(child.getTextContent().trim(), XPath.Version.V1, null, declaredNamespaces));
             }
             child = SPUtils.getNextSiblingElement(child);
         }
@@ -86,7 +86,7 @@ public class SignedElementsBuilder imple
                 if (StringUtils.isEmpty(filter)) {
                     throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
                 }
-                xPaths.add(new XPath(child.getTextContent(), XPath.Version.V2, filter, declaredNamespaces));
+                xPaths.add(new XPath(child.getTextContent().trim(), XPath.Version.V2, filter, declaredNamespaces));
             }
             child = SPUtils.getNextSiblingElement(child);
         }

Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/Assertable.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/Assertable.java?rev=1295267&r1=1295266&r2=1295267&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/Assertable.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/Assertable.java Wed Feb 29 20:54:51 2012
@@ -20,6 +20,7 @@ package org.swssf.policy;
 
 import org.apache.ws.secpolicy.WSSPolicyException;
 import org.swssf.wss.securityEvent.SecurityEvent;
+import org.swssf.xmlsec.ext.XMLSecurityException;
 
 /**
  * @author $Author: giger $
@@ -29,7 +30,7 @@ public interface Assertable {
 
     SecurityEvent.Event[] getSecurityEventType();
 
-    boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException;
+    boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException, XMLSecurityException;
 
     boolean isAsserted();
 

Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyConstants.java?rev=1295267&r1=1295266&r2=1295267&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyConstants.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyConstants.java Wed Feb 29 20:54:51 2012
@@ -18,20 +18,9 @@
  */
 package org.swssf.policy;
 
-import javax.xml.namespace.QName;
-
 /**
  * @author $Author$
  * @version $Revision$ $Date$
  */
 public class PolicyConstants {
-
-    public static final String NS_SOAP11 = "http://schemas.xmlsoap.org/soap/envelope/";
-    public static final String NS_SOAP12 = "http://www.w3.org/2003/05/soap-envelope";
-
-    public static final String PREFIX_SOAPENV = "env";
-    public static final String TAG_soap_Body_LocalName = "Body";
-
-    public static final QName TAG_soap11_Body = new QName(NS_SOAP11, TAG_soap_Body_LocalName, PREFIX_SOAPENV);
-    public static final QName TAG_soap12_Body = new QName(NS_SOAP12, TAG_soap_Body_LocalName, PREFIX_SOAPENV);
 }

Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyEnforcer.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyEnforcer.java?rev=1295267&r1=1295266&r2=1295267&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyEnforcer.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyEnforcer.java Wed Feb 29 20:54:51 2012
@@ -26,10 +26,11 @@ import org.apache.ws.secpolicy.WSSPolicy
 import org.apache.ws.secpolicy.model.*;
 import org.swssf.policy.assertionStates.*;
 import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSUtils;
 import org.swssf.wss.ext.WSSecurityException;
-import org.swssf.wss.securityEvent.*;
-import org.swssf.xmlsec.ext.SecurityToken;
+import org.swssf.wss.securityEvent.OperationSecurityEvent;
+import org.swssf.wss.securityEvent.SecurityEvent;
+import org.swssf.wss.securityEvent.SecurityEventListener;
+import org.swssf.xmlsec.ext.XMLSecurityException;
 
 import javax.xml.namespace.QName;
 import java.util.*;
@@ -52,22 +53,22 @@ public class PolicyEnforcer implements S
     // finishing Layout
     // HttpsToken Algorithms
     //ProtectionOrder
-    //Derived Keys property
+    //unused tokens must be checked (algorithms etc)
 
     protected static final transient Log log = LogFactory.getLog(PolicyEnforcer.class);
 
     private List<OperationPolicy> operationPolicies;
     private OperationPolicy effectivePolicy;
     private List<Map<SecurityEvent.Event, Map<Assertion, List<Assertable>>>> assertionStateMap;
-    //securityEventQueue can probably be eliminated if we queue the events in the streaming-ws-security framework and
-    //the first emitted event will be the operation event!
+    private List<Map<SecurityEvent.Event, Map<Assertion, List<Assertable>>>> failedAssertionStateMap;
+
     private Deque<SecurityEvent> securityEventQueue = new LinkedList<SecurityEvent>();
-    private boolean transportSecurityActive = false;
     private boolean operationSecurityEventOccured = false;
 
     public PolicyEnforcer(List<OperationPolicy> operationPolicies, String soapAction) throws WSSPolicyException {
         this.operationPolicies = operationPolicies;
-        assertionStateMap = new ArrayList<Map<SecurityEvent.Event, Map<Assertion, List<Assertable>>>>();
+        assertionStateMap = new LinkedList<Map<SecurityEvent.Event, Map<Assertion, List<Assertable>>>>();
+        failedAssertionStateMap = new LinkedList<Map<SecurityEvent.Event, Map<Assertion, List<Assertable>>>>();
 
         if (soapAction != null && !soapAction.equals("")) {
             effectivePolicy = findPolicyBySOAPAction(operationPolicies, soapAction);
@@ -78,8 +79,9 @@ public class PolicyEnforcer implements S
     }
 
     private OperationPolicy findPolicyBySOAPAction(List<OperationPolicy> operationPolicies, String soapAction) {
-        for (int i = 0; i < operationPolicies.size(); i++) {
-            OperationPolicy operationPolicy = operationPolicies.get(i);
+        Iterator<OperationPolicy> operationPolicyIterator = operationPolicies.iterator();
+        while (operationPolicyIterator.hasNext()) {
+            OperationPolicy operationPolicy = operationPolicyIterator.next();
             if (soapAction.equals(operationPolicy.getOperationAction())) {
                 return operationPolicy;
             }
@@ -88,8 +90,9 @@ public class PolicyEnforcer implements S
     }
 
     private OperationPolicy findPolicyBySOAPOperationName(List<OperationPolicy> operationPolicies, String soapOperationName) {
-        for (int i = 0; i < operationPolicies.size(); i++) {
-            OperationPolicy operationPolicy = operationPolicies.get(i);
+        Iterator<OperationPolicy> operationPolicyIterator = operationPolicies.iterator();
+        while (operationPolicyIterator.hasNext()) {
+            OperationPolicy operationPolicy = operationPolicyIterator.next();
             if (soapOperationName.equals(operationPolicy.getOperationName())) {
                 return operationPolicy;
             }
@@ -107,8 +110,9 @@ public class PolicyEnforcer implements S
             PolicyOperator policyOperator = (PolicyOperator) policyComponent;
             List<PolicyComponent> policyComponents = policyOperator.getPolicyComponents();
             int alternative = 0;
-            for (int i = 0; i < policyComponents.size(); i++) {
-                PolicyComponent curPolicyComponent = policyComponents.get(i);
+            Iterator<PolicyComponent> policyComponentIterator = policyComponents.iterator();
+            while (policyComponentIterator.hasNext()) {
+                PolicyComponent curPolicyComponent = policyComponentIterator.next();
                 if (policyOperator instanceof ExactlyOne) {
                     assertionStateMap.add(new HashMap<SecurityEvent.Event, Map<Assertion, List<Assertable>>>());
                     buildAssertionStateMap(curPolicyComponent, assertionStateMap, alternative++);
@@ -127,15 +131,17 @@ public class PolicyEnforcer implements S
         if (policyComponent instanceof PolicyOperator) {
             PolicyOperator policyOperator = (PolicyOperator) policyComponent;
             List<PolicyComponent> policyComponents = policyOperator.getPolicyComponents();
-            for (int i = 0; i < policyComponents.size(); i++) {
-                PolicyComponent curPolicyComponent = policyComponents.get(i);
+            Iterator<PolicyComponent> policyComponentIterator = policyComponents.iterator();
+            while (policyComponentIterator.hasNext()) {
+                PolicyComponent curPolicyComponent = policyComponentIterator.next();
                 buildAssertionStateMap(curPolicyComponent, assertionStateMap, alternative);
             }
         } else if (policyComponent instanceof AbstractSecurityAssertion) {
             AbstractSecurityAssertion abstractSecurityAssertion = (AbstractSecurityAssertion) policyComponent;
             List<Assertable> assertablesList = getAssertableForAssertion(abstractSecurityAssertion);
-            for (int i = 0; i < assertablesList.size(); i++) {
-                Assertable assertable = assertablesList.get(i);
+            Iterator<Assertable> assertableIterator = assertablesList.iterator();
+            while (assertableIterator.hasNext()) {
+                Assertable assertable = assertableIterator.next();
                 final Map<SecurityEvent.Event, Map<Assertion, List<Assertable>>> map = assertionStateMap.get(alternative);
                 final SecurityEvent.Event[] securityEventType = assertable.getSecurityEventType();
                 for (int j = 0; j < securityEventType.length; j++) {
@@ -161,14 +167,14 @@ public class PolicyEnforcer implements S
     private void addAssertionState(Map<Assertion, List<Assertable>> assertables, Assertion keyAssertion, Assertable assertable) {
         List<Assertable> assertableList = assertables.get(keyAssertion);
         if (assertableList == null) {
-            assertableList = new ArrayList<Assertable>();
+            assertableList = new LinkedList<Assertable>();
             assertables.put(keyAssertion, assertableList);
         }
         assertableList.add(assertable);
     }
 
     protected List<Assertable> getAssertableForAssertion(AbstractSecurityAssertion abstractSecurityAssertion) throws WSSPolicyException {
-        List<Assertable> assertableList = new ArrayList<Assertable>();
+        List<Assertable> assertableList = new LinkedList<Assertable>();
         if (abstractSecurityAssertion instanceof ContentEncryptedElements) {
             assertableList.add(new ContentEncryptedElementsAssertionState(abstractSecurityAssertion, true));
         } else if (abstractSecurityAssertion instanceof EncryptedParts) {
@@ -223,18 +229,19 @@ public class PolicyEnforcer implements S
                 assertableList.add(new SignatureProtectionAssertionState(abstractSymmetricAsymmetricBinding, true));
                 assertableList.add(new OnlySignEntireHeadersAndBodyAssertionState(abstractSecurityAssertion, false));
                 //todo token protection
-            } else if (abstractSecurityAssertion instanceof TransportBinding) {
-                if (abstractBinding.isIncludeTimestamp()) {
-                    RequiredElementsAssertionState requiredElementsAssertionState = new RequiredElementsAssertionState(abstractBinding, false);
-                    requiredElementsAssertionState.addElement(WSSConstants.TAG_wsu_Timestamp);
-                    assertableList.add(requiredElementsAssertionState);
-                }
             }
 
             assertableList.add(new IncludeTimeStampAssertionState(abstractBinding, true));
             if (abstractBinding.isIncludeTimestamp()) {
+                RequiredElementsAssertionState requiredElementsAssertionState = new RequiredElementsAssertionState(abstractBinding, false);
+                List<QName> timestampElementPath = new LinkedList<QName>();
+                timestampElementPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+                timestampElementPath.add(WSSConstants.TAG_wsu_Timestamp);
+                requiredElementsAssertionState.addElement(timestampElementPath);
+                assertableList.add(requiredElementsAssertionState);
+
                 SignedElementsAssertionState signedElementsAssertionState = new SignedElementsAssertionState(abstractSecurityAssertion, true);
-                signedElementsAssertionState.addElement(WSSConstants.TAG_wsu_Timestamp);
+                signedElementsAssertionState.addElement(timestampElementPath);
                 assertableList.add(signedElementsAssertionState);
             }
         } else if (abstractSecurityAssertion instanceof AbstractToken) {
@@ -248,7 +255,10 @@ public class PolicyEnforcer implements S
                     assertableList.add(signedElementsAssertionState);
                     //todo the other tokens?
                     if (abstractToken instanceof UsernameToken) {
-                        signedElementsAssertionState.addElement(WSSConstants.TAG_wsse_UsernameToken);
+                        List<QName> usernameTokenElementPath = new LinkedList<QName>();
+                        usernameTokenElementPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+                        usernameTokenElementPath.add(WSSConstants.TAG_wsse_UsernameToken);
+                        signedElementsAssertionState.addElement(usernameTokenElementPath);
                     }
                 }
             }
@@ -263,34 +273,64 @@ public class PolicyEnforcer implements S
      * @param securityEvent
      * @throws WSSPolicyException
      */
-    private void verifyPolicy(SecurityEvent securityEvent) throws WSSPolicyException {
-        int notAssertedCount = 0;
-        alternative:
-        for (int i = 0; i < assertionStateMap.size(); i++) {
-            Map<SecurityEvent.Event, Map<Assertion, List<Assertable>>> map = assertionStateMap.get(i);
-
-            //every list entry counts as an alternative...
-            Map<Assertion, List<Assertable>> assertionListMap = map.get(securityEvent.getSecurityEventType());
-            if (assertionListMap != null && assertionListMap.size() > 0) {
-
-                for (Iterator<Map.Entry<Assertion, List<Assertable>>> assertionStateIterator = assertionListMap.entrySet().iterator(); assertionStateIterator.hasNext(); ) {
-                    Map.Entry<Assertion, List<Assertable>> assertionStateEntry = assertionStateIterator.next();
-                    List<Assertable> assertionStates = assertionStateEntry.getValue();
-                    for (int j = 0; j < assertionStates.size(); j++) {
-                        Assertable assertable = assertionStates.get(j);
-                        boolean asserted = assertable.assertEvent(securityEvent);
-                        //...so if one fails, continue with the next map entry and increment the notAssertedCount
-                        if (!asserted) {
-                            notAssertedCount++;
-                            continue alternative;
+    private void verifyPolicy(SecurityEvent securityEvent) throws WSSPolicyException, XMLSecurityException {
+        {
+            //first check the remaining alternatives...
+            Iterator<Map<SecurityEvent.Event, Map<Assertion, List<Assertable>>>> assertionStateMapIterator = this.assertionStateMap.iterator();
+            alternative:
+            while (assertionStateMapIterator.hasNext()) {
+                Map<SecurityEvent.Event, Map<Assertion, List<Assertable>>> map = assertionStateMapIterator.next();
+                //every list entry counts as an alternative...
+                Map<Assertion, List<Assertable>> assertionListMap = map.get(securityEvent.getSecurityEventType());
+                if (assertionListMap != null && assertionListMap.size() > 0) {
+                    Iterator<Map.Entry<Assertion, List<Assertable>>> assertionStateIterator = assertionListMap.entrySet().iterator();
+                    while (assertionStateIterator.hasNext()) {
+                        Map.Entry<Assertion, List<Assertable>> assertionStateEntry = assertionStateIterator.next();
+                        List<Assertable> assertionStates = assertionStateEntry.getValue();
+                        Iterator<Assertable> assertableIterator = assertionStates.iterator();
+                        while (assertableIterator.hasNext()) {
+                            Assertable assertable = assertableIterator.next();
+                            boolean asserted = assertable.assertEvent(securityEvent);
+                            //...so if one fails, continue with the next map entry and increment the notAssertedCount
+                            if (!asserted) {
+                                failedAssertionStateMap.add(map);
+                                assertionStateMapIterator.remove();
+                                continue alternative;
+                            }
                         }
                     }
                 }
             }
         }
-        //if the notAssertedCount equals the size of the list (the size of the list is equal to the alternatives)
+        {
+            //...then also we have to check the failed assertions for logging purposes!
+            Iterator<Map<SecurityEvent.Event, Map<Assertion, List<Assertable>>>> assertionStateMapIterator = this.failedAssertionStateMap.iterator();
+            alternative:
+            while (assertionStateMapIterator.hasNext()) {
+                Map<SecurityEvent.Event, Map<Assertion, List<Assertable>>> map = assertionStateMapIterator.next();
+                //every list entry counts as an alternative...
+                Map<Assertion, List<Assertable>> assertionListMap = map.get(securityEvent.getSecurityEventType());
+                if (assertionListMap != null && assertionListMap.size() > 0) {
+                    Iterator<Map.Entry<Assertion, List<Assertable>>> assertionStateIterator = assertionListMap.entrySet().iterator();
+                    while (assertionStateIterator.hasNext()) {
+                        Map.Entry<Assertion, List<Assertable>> assertionStateEntry = assertionStateIterator.next();
+                        List<Assertable> assertionStates = assertionStateEntry.getValue();
+                        Iterator<Assertable> assertableIterator = assertionStates.iterator();
+                        while (assertableIterator.hasNext()) {
+                            Assertable assertable = assertableIterator.next();
+                            boolean asserted = assertable.assertEvent(securityEvent);
+                            //...so if one fails, continue with the next map entry and increment the notAssertedCount
+                            if (!asserted) {
+                                continue alternative;
+                            }
+                        }
+                    }
+                }
+            }
+        }
+        //if the assertionStateMap is empty (the size of the list is equal to the alternatives)
         //then we could not satisfy any alternative
-        if (notAssertedCount == assertionStateMap.size()) {
+        if (assertionStateMap.isEmpty()) {
             logFailedAssertions();
             throw new PolicyViolationException("No policy alternative could be satisfied");
         }
@@ -303,46 +343,51 @@ public class PolicyEnforcer implements S
      * @throws PolicyViolationException thrown when no alternative could be satisifed
      */
     private void verifyPolicy() throws WSSPolicyException {
-        int notAsserted = 0;
+        Iterator<Map<SecurityEvent.Event, Map<Assertion, List<Assertable>>>> assertionStateMapIterator = this.assertionStateMap.iterator();
         alternative:
-        for (int i = 0; i < assertionStateMap.size(); i++) {
-            Map<SecurityEvent.Event, Map<Assertion, List<Assertable>>> map = assertionStateMap.get(i);
+        while (assertionStateMapIterator.hasNext()) {
+            Map<SecurityEvent.Event, Map<Assertion, List<Assertable>>> map = assertionStateMapIterator.next();
             Iterator<Map.Entry<SecurityEvent.Event, Map<Assertion, List<Assertable>>>> iterator = map.entrySet().iterator();
             while (iterator.hasNext()) {
                 Map.Entry<SecurityEvent.Event, Map<Assertion, List<Assertable>>> mapEntry = iterator.next();
-                Iterator<Map.Entry<Assertion, List<Assertable>>> assertableIterator = mapEntry.getValue().entrySet().iterator();
-                while (assertableIterator.hasNext()) {
-                    Map.Entry<Assertion, List<Assertable>> assertionListEntry = assertableIterator.next();
+                Iterator<Map.Entry<Assertion, List<Assertable>>> assertionStateIterator = mapEntry.getValue().entrySet().iterator();
+                while (assertionStateIterator.hasNext()) {
+                    Map.Entry<Assertion, List<Assertable>> assertionListEntry = assertionStateIterator.next();
                     List<Assertable> assertableList = assertionListEntry.getValue();
-                    for (int j = 0; j < assertableList.size(); j++) {
-                        Assertable assertable = assertableList.get(j);
+                    Iterator<Assertable> assertableIterator = assertableList.iterator();
+                    while (assertableIterator.hasNext()) {
+                        Assertable assertable = assertableIterator.next();
                         if (!assertable.isAsserted()) {
-                            notAsserted++;
+                            failedAssertionStateMap.add(map);
+                            assertionStateMapIterator.remove();
                             continue alternative;
                         }
                     }
                 }
             }
         }
-        if (notAsserted == assertionStateMap.size()) {
+        if (assertionStateMap.isEmpty()) {
             logFailedAssertions();
             throw new WSSPolicyException("No policy alternative could be satisfied");
         }
     }
 
     private void logFailedAssertions() {
-        for (int i = 0; i < assertionStateMap.size(); i++) {
-            Map<SecurityEvent.Event, Map<Assertion, List<Assertable>>> map = assertionStateMap.get(i);
+        Iterator<Map<SecurityEvent.Event, Map<Assertion, List<Assertable>>>> assertionStateMapIterator = this.failedAssertionStateMap.iterator();
+        while (assertionStateMapIterator.hasNext()) {
+            Map<SecurityEvent.Event, Map<Assertion, List<Assertable>>> map = assertionStateMapIterator.next();
             Set<Map.Entry<SecurityEvent.Event, Map<Assertion, List<Assertable>>>> entrySet = map.entrySet();
             Iterator<Map.Entry<SecurityEvent.Event, Map<Assertion, List<Assertable>>>> entryIterator = entrySet.iterator();
             while (entryIterator.hasNext()) {
                 Map.Entry<SecurityEvent.Event, Map<Assertion, List<Assertable>>> eventCollectionEntry = entryIterator.next();
                 Map<Assertion, List<Assertable>> assertionListMap = eventCollectionEntry.getValue();
-                for (Iterator<Map.Entry<Assertion, List<Assertable>>> assertionStateEntryIterator = assertionListMap.entrySet().iterator(); assertionStateEntryIterator.hasNext(); ) {
+                Iterator<Map.Entry<Assertion, List<Assertable>>> assertionStateEntryIterator = assertionListMap.entrySet().iterator();
+                while (assertionStateEntryIterator.hasNext()) {
                     Map.Entry<Assertion, List<Assertable>> entry = assertionStateEntryIterator.next();
                     List<Assertable> assertionStates = entry.getValue();
-                    for (int j = 0; j < assertionStates.size(); j++) {
-                        Assertable assertable = assertionStates.get(j);
+                    Iterator<Assertable> assertableIterator = assertionStates.iterator();
+                    while (assertableIterator.hasNext()) {
+                        Assertable assertable = assertableIterator.next();
                         if (!assertable.isAsserted()) {
                             log.error(entry.getKey().getName() + " not satisfied: " + assertable.getErrorMessage());
                         }
@@ -355,27 +400,26 @@ public class PolicyEnforcer implements S
     //multiple threads can call this method concurrently -> synchronize access
     public synchronized void registerSecurityEvent(SecurityEvent securityEvent) throws WSSecurityException {
 
-        if (securityEvent instanceof HttpsTokenSecurityEvent) {
-            transportSecurityActive = true;
-        }
-
         if (operationSecurityEventOccured) {
             try {
                 verifyPolicy(securityEvent);
             } catch (WSSPolicyException e) {
                 throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
+            } catch (XMLSecurityException e) {
+                throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
             }
         }
 
-        if (securityEvent.getSecurityEventType().equals(SecurityEvent.Event.Operation)) {
+        if (securityEvent.getSecurityEventType() == SecurityEvent.Event.Operation) {
             operationSecurityEventOccured = true;
+            final OperationSecurityEvent operationSecurityEvent = (OperationSecurityEvent) securityEvent;
             if (effectivePolicy != null) {
                 //soap-action spoofing detection
-                if (!effectivePolicy.getOperationName().equals(((OperationSecurityEvent) securityEvent).getOperation().getLocalPart())) {
-                    throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, new WSSPolicyException("SOAPAction (" + effectivePolicy.getOperationName() + ") does not match with the current Operation: " + ((OperationSecurityEvent) securityEvent).getOperation()));
+                if (!effectivePolicy.getOperationName().equals(operationSecurityEvent.getOperation().getLocalPart())) {
+                    throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, new WSSPolicyException("SOAPAction (" + effectivePolicy.getOperationName() + ") does not match with the current Operation: " + operationSecurityEvent.getOperation()));
                 }
             } else {
-                effectivePolicy = findPolicyBySOAPOperationName(operationPolicies, ((OperationSecurityEvent) securityEvent).getOperation().getLocalPart());
+                effectivePolicy = findPolicyBySOAPOperationName(operationPolicies, operationSecurityEvent.getOperation().getLocalPart());
                 if (effectivePolicy == null) {
                     //no policy to the operation given
                     effectivePolicy = new OperationPolicy("NoPolicyFoundForOperation");
@@ -388,311 +432,25 @@ public class PolicyEnforcer implements S
                 }
             }
 
-            try {
-                identifySecurityTokenDepenedenciesAndUsage(securityEventQueue);
-            } catch (PolicyViolationException e) {
-                throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
-            }
-
             Iterator<SecurityEvent> securityEventIterator = securityEventQueue.descendingIterator();
             while (securityEventIterator.hasNext()) {
                 SecurityEvent prevSecurityEvent = securityEventIterator.next();
                 try {
                     verifyPolicy(prevSecurityEvent);
                 } catch (WSSPolicyException e) {
-                    //todo better exceptions
+                    throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
+                } catch (XMLSecurityException e) {
                     throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
                 }
             }
             securityEventQueue.clear();
+
+            return;
         } else {
-            //queue events until the operation security event occured
             securityEventQueue.push(securityEvent);
         }
     }
 
-    private void identifySecurityTokenDepenedenciesAndUsage(Deque<SecurityEvent> securityEventDeque) throws PolicyViolationException, WSSecurityException {
-
-        List<TokenSecurityEvent> messageSignatureTokens = new ArrayList<TokenSecurityEvent>();
-        List<TokenSecurityEvent> messageEncryptionTokens = new ArrayList<TokenSecurityEvent>();
-        List<TokenSecurityEvent> supportingTokens = new ArrayList<TokenSecurityEvent>();
-        List<TokenSecurityEvent> signedSupportingTokens = new ArrayList<TokenSecurityEvent>();
-        List<TokenSecurityEvent> endorsingSupportingTokens = new ArrayList<TokenSecurityEvent>();
-        List<TokenSecurityEvent> signedEndorsingSupportingTokens = new ArrayList<TokenSecurityEvent>();
-        List<TokenSecurityEvent> signedEncryptedSupportingTokens = new ArrayList<TokenSecurityEvent>();
-        List<TokenSecurityEvent> endorsingEncryptedSupportingTokens = new ArrayList<TokenSecurityEvent>();
-        List<TokenSecurityEvent> signedEndorsingEncryptedSupportingTokens = new ArrayList<TokenSecurityEvent>();
-
-        List<TokenSecurityEvent> tokenSecurityEvents = new LinkedList<TokenSecurityEvent>();
-        for (Iterator<SecurityEvent> iterator = securityEventDeque.iterator(); iterator.hasNext(); ) {
-            SecurityEvent securityEvent = iterator.next();
-            //todo it is probably better to use the EventType Enum instead of InstanceOf?
-            if (securityEvent instanceof TokenSecurityEvent) {
-                //iterator.remove();
-                if (securityEvent instanceof HttpsTokenSecurityEvent) {
-                    HttpsTokenSecurityEvent httpsTokenSecurityEvent = (HttpsTokenSecurityEvent) securityEvent;
-                    httpsTokenSecurityEvent.setTokenUsage(TokenSecurityEvent.TokenUsage.MainSignature);
-                    messageSignatureTokens.add(httpsTokenSecurityEvent);
-                    HttpsTokenSecurityEvent clonedHttpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
-                    clonedHttpsTokenSecurityEvent.setAuthenticationType(httpsTokenSecurityEvent.getAuthenticationType());
-                    clonedHttpsTokenSecurityEvent.setIssuerName(httpsTokenSecurityEvent.getIssuerName());
-                    clonedHttpsTokenSecurityEvent.setSecurityToken(httpsTokenSecurityEvent.getSecurityToken());
-                    clonedHttpsTokenSecurityEvent.setTokenUsage(TokenSecurityEvent.TokenUsage.MainEncryption);
-                    messageEncryptionTokens.add(clonedHttpsTokenSecurityEvent);
-                    continue;
-                }
-                tokenSecurityEvents.add((TokenSecurityEvent) securityEvent);
-            }
-        }
-
-        Iterator<TokenSecurityEvent> tokenSecurityEventIterator = tokenSecurityEvents.iterator();
-        while (tokenSecurityEventIterator.hasNext()) {
-            TokenSecurityEvent tokenSecurityEvent = tokenSecurityEventIterator.next();
-            if (tokenSecurityEvent.getSecurityToken().getKeyWrappingToken() == null) {
-                supportingTokens.add(tokenSecurityEvent);
-            } else if (tokenSecurityEvent.getTokenUsage() == TokenSecurityEvent.TokenUsage.Encryption) {
-                SecurityToken securityToken = tokenSecurityEvent.getSecurityToken();
-                while (securityToken.getKeyWrappingToken() != null) {
-                    securityToken = securityToken.getKeyWrappingToken();
-                }
-                TokenSecurityEvent encTokenSecurityEvent = WSSUtils.createTokenSecurityEvent(securityToken);
-                encTokenSecurityEvent.setTokenUsage(TokenSecurityEvent.TokenUsage.Encryption);
-                //todo handle multiple encryption tokens
-                messageEncryptionTokens.add(encTokenSecurityEvent);
-                securityEventDeque.offer(encTokenSecurityEvent);
-            }
-        }
-
-        Iterator<TokenSecurityEvent> supportingTokensIterator = supportingTokens.iterator();
-        while (supportingTokensIterator.hasNext()) {
-            TokenSecurityEvent tokenSecurityEvent = supportingTokensIterator.next();
-            List<SecurityToken> signingSecurityTokens = isSignedToken(tokenSecurityEvent, securityEventDeque);
-            boolean signsSignature = signsElement(tokenSecurityEvent, WSSConstants.TAG_dsig_Signature, securityEventDeque);
-            boolean signsSignatureConfirmation = signsElement(tokenSecurityEvent, WSSConstants.TAG_wsse11_SignatureConfirmation, securityEventDeque);
-            boolean signsTimestamp = signsElement(tokenSecurityEvent, WSSConstants.TAG_wsu_Timestamp, securityEventDeque);
-            if (!this.transportSecurityActive && signsSignatureConfirmation && signsTimestamp) {
-                supportingTokensIterator.remove();
-                messageSignatureTokens.add(tokenSecurityEvent);
-            } else if (!this.transportSecurityActive && signsSignatureConfirmation) {
-                supportingTokensIterator.remove();
-                messageSignatureTokens.add(tokenSecurityEvent);
-            } else if (!this.transportSecurityActive && signsTimestamp) {
-                supportingTokensIterator.remove();
-                messageSignatureTokens.add(tokenSecurityEvent);
-            } else if (signsSignature && signingSecurityTokens.size() > 0) {
-                supportingTokensIterator.remove();
-                signedEndorsingSupportingTokens.add(tokenSecurityEvent);
-            } else if (signsSignature) {
-                supportingTokensIterator.remove();
-                endorsingSupportingTokens.add(tokenSecurityEvent);
-            } else if (signingSecurityTokens.size() > 0) {
-                supportingTokensIterator.remove();
-                signedSupportingTokens.add(tokenSecurityEvent);
-            }
-        }
-
-        if (messageSignatureTokens.size() == 0) {
-            SecurityToken messageSignatureToken = getSupportingTokenSigningToken(
-                    signedSupportingTokens,
-                    signedEndorsingSupportingTokens,
-                    signedEncryptedSupportingTokens,
-                    signedEndorsingEncryptedSupportingTokens,
-                    securityEventDeque);
-
-            TokenSecurityEvent tokenSecurityEvent = getTokenSecurityEvent(messageSignatureToken, tokenSecurityEvents);
-            if (tokenSecurityEvent != null) {
-                supportingTokens.remove(tokenSecurityEvent);
-                signedSupportingTokens.remove(tokenSecurityEvent);
-                endorsingSupportingTokens.remove(tokenSecurityEvent);
-                signedEndorsingSupportingTokens.remove(tokenSecurityEvent);
-                signedEncryptedSupportingTokens.remove(tokenSecurityEvent);
-                endorsingEncryptedSupportingTokens.remove(tokenSecurityEvent);
-                signedEndorsingEncryptedSupportingTokens.remove(tokenSecurityEvent);
-                messageSignatureTokens.add(tokenSecurityEvent);
-            }
-        }
-
-        if (messageSignatureTokens.size() == 0) {
-            for (Iterator<TokenSecurityEvent> iterator = supportingTokens.iterator(); iterator.hasNext(); ) {
-                TokenSecurityEvent supportingToken = iterator.next();
-                if (supportingToken.getTokenUsage() == TokenSecurityEvent.TokenUsage.Signature) {
-                    iterator.remove();
-                    messageSignatureTokens.add(supportingToken);
-                    break;
-                }
-            }
-        }
-
-        if (messageEncryptionTokens.size() == 0) {
-            for (Iterator<TokenSecurityEvent> iterator = supportingTokens.iterator(); iterator.hasNext(); ) {
-                TokenSecurityEvent supportingToken = iterator.next();
-                if (supportingToken.getTokenUsage() == TokenSecurityEvent.TokenUsage.Encryption) {
-                    iterator.remove();
-                    messageEncryptionTokens.add(supportingToken);
-                    break;
-                }
-            }
-        }
-
-        setTokenUsage(messageSignatureTokens, TokenSecurityEvent.TokenUsage.MainSignature);
-        setTokenUsage(messageEncryptionTokens, TokenSecurityEvent.TokenUsage.MainEncryption);
-        setTokenUsage(supportingTokens, TokenSecurityEvent.TokenUsage.SupportingToken);
-        setTokenUsage(signedSupportingTokens, TokenSecurityEvent.TokenUsage.SignedSupportingTokens);
-        setTokenUsage(endorsingSupportingTokens, TokenSecurityEvent.TokenUsage.EndorsingSupportingTokens);
-        setTokenUsage(signedEndorsingSupportingTokens, TokenSecurityEvent.TokenUsage.SignedEndorsingSupportingTokens);
-        setTokenUsage(signedEncryptedSupportingTokens, TokenSecurityEvent.TokenUsage.SignedEncryptedSupportingTokens);
-        setTokenUsage(endorsingEncryptedSupportingTokens, TokenSecurityEvent.TokenUsage.EndorsingEncryptedSupportingTokens);
-        setTokenUsage(signedEndorsingEncryptedSupportingTokens, TokenSecurityEvent.TokenUsage.SignedEndorsingEncryptedSupportingTokens);
-    }
-
-    private TokenSecurityEvent getTokenSecurityEvent(SecurityToken securityToken, List<TokenSecurityEvent> tokenSecurityEvents) {
-        for (int i = 0; i < tokenSecurityEvents.size(); i++) {
-            TokenSecurityEvent tokenSecurityEvent = tokenSecurityEvents.get(i);
-            if (tokenSecurityEvent.getSecurityToken() == securityToken) {
-                return tokenSecurityEvent;
-            }
-        }
-        return null;
-    }
-
-    private SecurityToken getSupportingTokenSigningToken(
-            List<TokenSecurityEvent> signedSupportingTokens,
-            List<TokenSecurityEvent> signedEndorsingSupportingTokens,
-            List<TokenSecurityEvent> signedEncryptedSupportingTokens,
-            List<TokenSecurityEvent> signedEndorsingEncryptedSupportingTokens,
-            Deque<SecurityEvent> securityEventDeque
-    ) {
-
-        //todo we have to check if the signingTokens also cover the other supporting tokens!
-        for (int i = 0; i < signedSupportingTokens.size(); i++) {
-            TokenSecurityEvent tokenSecurityEvent = signedSupportingTokens.get(i);
-            List<SecurityToken> signingSecurityTokens = getSigningToken(tokenSecurityEvent, securityEventDeque);
-            if (signingSecurityTokens.size() == 1) {
-                return signingSecurityTokens.get(0);
-            }
-        }
-        for (int i = 0; i < signedEndorsingSupportingTokens.size(); i++) {
-            TokenSecurityEvent tokenSecurityEvent = signedEndorsingSupportingTokens.get(i);
-            List<SecurityToken> signingSecurityTokens = getSigningToken(tokenSecurityEvent, securityEventDeque);
-            if (signingSecurityTokens.size() == 1) {
-                return signingSecurityTokens.get(0);
-            }
-        }
-        for (int i = 0; i < signedEncryptedSupportingTokens.size(); i++) {
-            TokenSecurityEvent tokenSecurityEvent = signedEncryptedSupportingTokens.get(i);
-            List<SecurityToken> signingSecurityTokens = getSigningToken(tokenSecurityEvent, securityEventDeque);
-            if (signingSecurityTokens.size() == 1) {
-                return signingSecurityTokens.get(0);
-            }
-        }
-        for (int i = 0; i < signedEndorsingEncryptedSupportingTokens.size(); i++) {
-            TokenSecurityEvent tokenSecurityEvent = signedEndorsingEncryptedSupportingTokens.get(i);
-            List<SecurityToken> signingSecurityTokens = getSigningToken(tokenSecurityEvent, securityEventDeque);
-            if (signingSecurityTokens.size() == 1) {
-                return signingSecurityTokens.get(0);
-            }
-        }
-        return null;
-    }
-
-    private List<SecurityToken> getSigningToken(TokenSecurityEvent tokenSecurityEvent, Deque<SecurityEvent> securityEventDeque) {
-        QName elementName = null;
-        //todo element name in security Token?
-        //todo the element name equality must be checked more precisely (inkl. path)!
-        switch (tokenSecurityEvent.getSecurityEventType()) {
-            case UsernameToken:
-                elementName = WSSConstants.TAG_wsse_UsernameToken;
-                break;
-            case X509Token:
-                //todo not always correct:
-                elementName = WSSConstants.TAG_wsse_BinarySecurityToken;
-                break;
-        }
-        if (elementName == null) {
-            throw new RuntimeException("todo other token types...");
-        }
-
-        List<SecurityToken> signingSecurityTokens = new ArrayList<SecurityToken>();
-
-        for (Iterator<SecurityEvent> iterator = securityEventDeque.iterator(); iterator.hasNext(); ) {
-            SecurityEvent securityEvent = iterator.next();
-            if (securityEvent instanceof SignedElementSecurityEvent) {
-                SignedElementSecurityEvent signedElementSecurityEvent = (SignedElementSecurityEvent) securityEvent;
-                if (signedElementSecurityEvent.isSigned()
-                        && signedElementSecurityEvent.getElement().equals(elementName)) {
-                    signingSecurityTokens.add(signedElementSecurityEvent.getSecurityToken());
-                }
-            }
-        }
-        return signingSecurityTokens;
-    }
-
-    //todo overall linked-list and iterate with an iterator
-    private void setTokenUsage(List<TokenSecurityEvent> tokenSecurityEvents, TokenSecurityEvent.TokenUsage tokenUsage) {
-        for (int i = 0; i < tokenSecurityEvents.size(); i++) {
-            TokenSecurityEvent tokenSecurityEvent = tokenSecurityEvents.get(i);
-            tokenSecurityEvent.setTokenUsage(tokenUsage);
-        }
-    }
-
-    private List<SecurityToken> isSignedToken(TokenSecurityEvent tokenSecurityEvent, Deque<SecurityEvent> securityEventDeque) {
-        List<SecurityToken> securityTokenList = new ArrayList<SecurityToken>();
-        for (Iterator<SecurityEvent> iterator = securityEventDeque.iterator(); iterator.hasNext(); ) {
-            SecurityEvent securityEvent = iterator.next();
-            //todo it is probably better to use the EventType Enum instead of InstanceOf?
-            if (securityEvent instanceof SignedElementSecurityEvent) {
-                SignedElementSecurityEvent signedElementSecurityEvent = (SignedElementSecurityEvent) securityEvent;
-                //todo the element name equality must be checked more precisely (inkl. path)!
-                if (signedElementSecurityEvent.isSigned()
-                        //todo element name in security Tokem?
-                        && tokenSecurityEvent instanceof UsernameTokenSecurityEvent
-                        && WSSConstants.TAG_wsse_UsernameToken.equals(signedElementSecurityEvent.getElement())) {
-
-                    if (!securityTokenList.contains(signedElementSecurityEvent.getSecurityToken())) {
-                        securityTokenList.add(signedElementSecurityEvent.getSecurityToken());
-                    }
-                }
-            }
-        }
-        return securityTokenList;
-    }
-
-    private List<SecurityToken> getElementSigningToken(QName element, Deque<SecurityEvent> securityEventDeque) {
-        List<SecurityToken> securityTokenList = new ArrayList<SecurityToken>();
-        for (Iterator<SecurityEvent> iterator = securityEventDeque.iterator(); iterator.hasNext(); ) {
-            SecurityEvent securityEvent = iterator.next();
-            //todo it is probably better to use the EventType Enum instead of InstanceOf?
-            if (securityEvent instanceof SignedElementSecurityEvent) {
-                SignedElementSecurityEvent signedElementSecurityEvent = (SignedElementSecurityEvent) securityEvent;
-                //todo the element name equality must be checked more precisely (inkl. path)!
-                if (signedElementSecurityEvent.isSigned()
-                        && element.equals(signedElementSecurityEvent.getElement())) {
-                    if (!securityTokenList.contains(signedElementSecurityEvent.getSecurityToken())) {
-                        securityTokenList.add(signedElementSecurityEvent.getSecurityToken());
-                    }
-                }
-            }
-        }
-        return securityTokenList;
-    }
-
-    private boolean signsElement(TokenSecurityEvent tokenSecurityEvent, QName element, Deque<SecurityEvent> securityEventDeque) {
-        for (Iterator<SecurityEvent> iterator = securityEventDeque.iterator(); iterator.hasNext(); ) {
-            SecurityEvent securityEvent = iterator.next();
-            //todo it is probably better to use the EventType Enum instead of InstanceOf?
-            if (securityEvent instanceof SignedElementSecurityEvent) {
-                SignedElementSecurityEvent signedElementSecurityEvent = (SignedElementSecurityEvent) securityEvent;
-                //todo the element name equality must be checked more precisely (inkl. path)!
-                if (signedElementSecurityEvent.isSigned()
-                        && signedElementSecurityEvent.getSecurityToken() == tokenSecurityEvent.getSecurityToken()
-                        && element.equals(signedElementSecurityEvent.getElement())) {
-                    return true;
-                }
-            }
-        }
-        return false;
-    }
-
     /**
      * the final Policy validation to find a satisfied alternative
      *
@@ -701,8 +459,4 @@ public class PolicyEnforcer implements S
     public void doFinal() throws WSSPolicyException {
         verifyPolicy();
     }
-
-    public boolean isTransportSecurityActive() {
-        return transportSecurityActive;
-    }
 }

Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyEnforcerFactory.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyEnforcerFactory.java?rev=1295267&r1=1295266&r2=1295267&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyEnforcerFactory.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyEnforcerFactory.java Wed Feb 29 20:54:51 2012
@@ -18,30 +18,6 @@
  */
 package org.swssf.policy;
 
-import java.net.URL;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-
-import javax.wsdl.Binding;
-import javax.wsdl.BindingOperation;
-import javax.wsdl.Definition;
-import javax.wsdl.Operation;
-import javax.wsdl.Port;
-import javax.wsdl.PortType;
-import javax.wsdl.Service;
-import javax.wsdl.WSDLElement;
-import javax.wsdl.WSDLException;
-import javax.wsdl.extensions.ExtensibilityElement;
-import javax.wsdl.extensions.UnknownExtensibilityElement;
-import javax.wsdl.extensions.soap.SOAPOperation;
-import javax.wsdl.extensions.soap12.SOAP12Operation;
-import javax.wsdl.factory.WSDLFactory;
-import javax.wsdl.xml.WSDLReader;
-import javax.xml.namespace.QName;
-
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.neethi.Policy;
@@ -52,6 +28,17 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
 
+import javax.wsdl.*;
+import javax.wsdl.extensions.ExtensibilityElement;
+import javax.wsdl.extensions.UnknownExtensibilityElement;
+import javax.wsdl.extensions.soap.SOAPOperation;
+import javax.wsdl.extensions.soap12.SOAP12Operation;
+import javax.wsdl.factory.WSDLFactory;
+import javax.wsdl.xml.WSDLReader;
+import javax.xml.namespace.QName;
+import java.net.URL;
+import java.util.*;
+
 /**
  * PolicyEnforcerFactory builds a map of all the possible effective Policies
  * and caches them for reuse

Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyInputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyInputProcessor.java?rev=1295267&r1=1295266&r2=1295267&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyInputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyInputProcessor.java Wed Feb 29 20:54:51 2012
@@ -41,8 +41,6 @@ import javax.xml.stream.events.XMLEvent;
 public class PolicyInputProcessor extends AbstractInputProcessor {
 
     private PolicyEnforcer policyEnforcer;
-    private boolean firstHeaderCall = true;
-    private boolean firstBodyCall = true;
 
     public PolicyInputProcessor(PolicyEnforcer policyEnforcer, XMLSecurityProperties securityProperties) {
         super(securityProperties);
@@ -53,29 +51,25 @@ public class PolicyInputProcessor extend
 
     @Override
     public XMLEvent processNextHeaderEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, XMLSecurityException {
-        if (firstHeaderCall) {
-            firstHeaderCall = false;
-            if (policyEnforcer.isTransportSecurityActive()) {
-                inputProcessorChain.getDocumentContext().setIsInEncryptedContent();
-                inputProcessorChain.getDocumentContext().setIsInSignedContent();
-            }
-        }
         XMLEvent xmlEvent = inputProcessorChain.processHeaderEvent();
         //test if non encrypted element have to be encrypted per policy
-        if (!inputProcessorChain.getDocumentContext().isInEncryptedContent() && ((WSSDocumentContext) inputProcessorChain.getDocumentContext()).isInSecurityHeader()) {
+        boolean transportSecurityActive = Boolean.TRUE == inputProcessorChain.getSecurityContext().get(WSSConstants.TRANSPORT_SECURITY_ACTIVE);
+        if (!transportSecurityActive
+                && !inputProcessorChain.getDocumentContext().isInEncryptedContent()
+                && ((WSSDocumentContext) inputProcessorChain.getDocumentContext()).isInSecurityHeader()) {
             testEncryptionPolicy(xmlEvent, inputProcessorChain);
         }
         if (xmlEvent.isStartElement() && inputProcessorChain.getDocumentContext().getDocumentLevel() == 3 && ((WSSDocumentContext) inputProcessorChain.getDocumentContext()).isInSOAPHeader()) {
             RequiredPartSecurityEvent requiredPartSecurityEvent = new RequiredPartSecurityEvent();
-            requiredPartSecurityEvent.setElement(xmlEvent.asStartElement().getName());
+            requiredPartSecurityEvent.setElementPath(inputProcessorChain.getDocumentContext().getPath());
             policyEnforcer.registerSecurityEvent(requiredPartSecurityEvent);
             RequiredElementSecurityEvent requiredElementSecurityEvent = new RequiredElementSecurityEvent();
-            requiredElementSecurityEvent.setElement(xmlEvent.asStartElement().getName());
+            requiredElementSecurityEvent.setElementPath(inputProcessorChain.getDocumentContext().getPath());
             policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
         } else if (xmlEvent.isStartElement() && inputProcessorChain.getDocumentContext().getDocumentLevel() > 3) {
             //test for required elements
             RequiredElementSecurityEvent requiredElementSecurityEvent = new RequiredElementSecurityEvent();
-            requiredElementSecurityEvent.setElement(xmlEvent.asStartElement().getName());
+            requiredElementSecurityEvent.setElementPath(inputProcessorChain.getDocumentContext().getPath());
             policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
         }
         return xmlEvent;
@@ -83,22 +77,9 @@ public class PolicyInputProcessor extend
 
     @Override
     public XMLEvent processNextEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, XMLSecurityException {
-        if (firstBodyCall) {
-            firstBodyCall = false;
-            if (policyEnforcer.isTransportSecurityActive()) {
-                inputProcessorChain.getDocumentContext().setIsInEncryptedContent();
-                inputProcessorChain.getDocumentContext().setIsInSignedContent();
-            }
-        }
         XMLEvent xmlEvent = inputProcessorChain.processEvent();
 
-        if (xmlEvent.isStartElement()) {
-            if (inputProcessorChain.getDocumentContext().getDocumentLevel() == 3 && ((WSSDocumentContext) inputProcessorChain.getDocumentContext()).isInSOAPBody()) {
-                OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
-                operationSecurityEvent.setOperation(xmlEvent.asStartElement().getName());
-                policyEnforcer.registerSecurityEvent(operationSecurityEvent);
-            }
-        } else if (inputProcessorChain.getDocumentContext().getDocumentLevel() == 0
+        if (inputProcessorChain.getDocumentContext().getDocumentLevel() == 0
                 && xmlEvent.isEndElement()
                 //ns mismatch should be detected by the xml parser so a local-name equality check should be enough
                 && xmlEvent.asEndElement().getName().getLocalPart().equals(WSSConstants.TAG_soap_Envelope_LocalName)) {
@@ -112,17 +93,22 @@ public class PolicyInputProcessor extend
         //test for required elements
         if (xmlEvent.isStartElement() && inputProcessorChain.getDocumentContext().getDocumentLevel() > 3) {
             RequiredElementSecurityEvent requiredElementSecurityEvent = new RequiredElementSecurityEvent();
-            requiredElementSecurityEvent.setElement(xmlEvent.asStartElement().getName());
+            requiredElementSecurityEvent.setElementPath(inputProcessorChain.getDocumentContext().getPath());
             policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
         }
 
+        boolean transportSecurityActive = Boolean.TRUE == inputProcessorChain.getSecurityContext().get(WSSConstants.TRANSPORT_SECURITY_ACTIVE);
+
         //test if non encrypted element have to be encrypted per policy
-        if (!inputProcessorChain.getDocumentContext().isInEncryptedContent() && !((WSSDocumentContext) inputProcessorChain.getDocumentContext()).isInSecurityHeader()) {
+        if (!transportSecurityActive
+                && !inputProcessorChain.getDocumentContext().isInEncryptedContent()
+                && !((WSSDocumentContext) inputProcessorChain.getDocumentContext()).isInSecurityHeader()) {
             testEncryptionPolicy(xmlEvent, inputProcessorChain);
         }
 
         //test if non signed element have to be signed per policy
-        if (!inputProcessorChain.getDocumentContext().isInSignedContent()) {
+        if (!transportSecurityActive
+                && !inputProcessorChain.getDocumentContext().isInSignedContent()) {
             testSignaturePolicy(inputProcessorChain, xmlEvent);
         }
         return xmlEvent;
@@ -131,17 +117,19 @@ public class PolicyInputProcessor extend
     private void testSignaturePolicy(InputProcessorChain inputProcessorChain, XMLEvent xmlEvent) throws WSSecurityException {
         if (xmlEvent.isStartElement()) {
 
-            if (inputProcessorChain.getDocumentContext().getDocumentLevel() == 3 && ((WSSDocumentContext) inputProcessorChain.getDocumentContext()).isInSOAPHeader()) {
+            if (inputProcessorChain.getDocumentContext().getDocumentLevel() == 3
+                    && ((WSSDocumentContext) inputProcessorChain.getDocumentContext()).isInSOAPHeader()) {
                 SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(null, false);
-                signedPartSecurityEvent.setElement(xmlEvent.asStartElement().getName());
+                signedPartSecurityEvent.setElementPath(inputProcessorChain.getDocumentContext().getPath());
                 policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
-            } else if (inputProcessorChain.getDocumentContext().getDocumentLevel() == 2 && ((WSSDocumentContext) inputProcessorChain.getDocumentContext()).isInSOAPBody()) {
+            } else if (inputProcessorChain.getDocumentContext().getDocumentLevel() == 2
+                    && ((WSSDocumentContext) inputProcessorChain.getDocumentContext()).isInSOAPBody()) {
                 SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(null, false);
-                signedPartSecurityEvent.setElement(xmlEvent.asStartElement().getName());
+                signedPartSecurityEvent.setElementPath(inputProcessorChain.getDocumentContext().getPath());
                 policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
             } else if (inputProcessorChain.getDocumentContext().getDocumentLevel() > 3) {
                 SignedElementSecurityEvent signedElementSecurityEvent = new SignedElementSecurityEvent(null, false);
-                signedElementSecurityEvent.setElement(xmlEvent.asStartElement().getName());
+                signedElementSecurityEvent.setElementPath(inputProcessorChain.getDocumentContext().getPath());
                 policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
             }
         }
@@ -151,29 +139,36 @@ public class PolicyInputProcessor extend
         //the following events are only interesting for policy verification. So call directly the policyEnforcer for these
         if (xmlEvent.isStartElement()) {
 
-            if (inputProcessorChain.getDocumentContext().getDocumentLevel() == 3 && ((WSSDocumentContext) inputProcessorChain.getDocumentContext()).isInSOAPHeader()) {
-                EncryptedPartSecurityEvent encryptedPartSecurityEvent = new EncryptedPartSecurityEvent(null, false, inputProcessorChain.getDocumentContext().isInSignedContent());
-                encryptedPartSecurityEvent.setElement(xmlEvent.asStartElement().getName());
+            if (inputProcessorChain.getDocumentContext().getDocumentLevel() == 3
+                    && ((WSSDocumentContext) inputProcessorChain.getDocumentContext()).isInSOAPHeader()) {
+                EncryptedPartSecurityEvent encryptedPartSecurityEvent
+                        = new EncryptedPartSecurityEvent(null, false, inputProcessorChain.getDocumentContext().isInSignedContent());
+                encryptedPartSecurityEvent.setElementPath(inputProcessorChain.getDocumentContext().getPath());
                 policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
-            } else if (inputProcessorChain.getDocumentContext().getDocumentLevel() == 3 && ((WSSDocumentContext) inputProcessorChain.getDocumentContext()).isInSOAPBody()) {
-                EncryptedPartSecurityEvent encryptedPartSecurityEvent = new EncryptedPartSecurityEvent(null, false, inputProcessorChain.getDocumentContext().isInSignedContent());
-                encryptedPartSecurityEvent.setElement(inputProcessorChain.getDocumentContext().getParentElement(xmlEvent.getEventType()));
+            } else if (inputProcessorChain.getDocumentContext().getDocumentLevel() == 3
+                    && ((WSSDocumentContext) inputProcessorChain.getDocumentContext()).isInSOAPBody()) {
+                EncryptedPartSecurityEvent encryptedPartSecurityEvent
+                        = new EncryptedPartSecurityEvent(null, false, inputProcessorChain.getDocumentContext().isInSignedContent());
+                encryptedPartSecurityEvent.setElementPath(inputProcessorChain.getDocumentContext().getPath());
                 policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
             } else if (inputProcessorChain.getDocumentContext().getDocumentLevel() > 3) {
-                EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, false, inputProcessorChain.getDocumentContext().isInSignedContent());
-                encryptedElementSecurityEvent.setElement(xmlEvent.asStartElement().getName());
+                EncryptedElementSecurityEvent encryptedElementSecurityEvent
+                        = new EncryptedElementSecurityEvent(null, false, inputProcessorChain.getDocumentContext().isInSignedContent());
+                encryptedElementSecurityEvent.setElementPath(inputProcessorChain.getDocumentContext().getPath());
                 policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
 
                 //... or it could be a contentEncryption too...
-                ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(null, false, inputProcessorChain.getDocumentContext().isInSignedContent());
-                contentEncryptedElementSecurityEvent.setElement(inputProcessorChain.getDocumentContext().getParentElement(xmlEvent.getEventType()));
+                ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent
+                        = new ContentEncryptedElementSecurityEvent(null, false, inputProcessorChain.getDocumentContext().isInSignedContent());
+                contentEncryptedElementSecurityEvent.setElementPath(inputProcessorChain.getDocumentContext().getParentElementPath(xmlEvent.getEventType()));
                 policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
             }
 
         } else if (xmlEvent.isCharacters() || xmlEvent.isEntityReference() || xmlEvent.isProcessingInstruction()) {
             //can only be a content encryption
-            ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(null, false, inputProcessorChain.getDocumentContext().isInSignedContent());
-            contentEncryptedElementSecurityEvent.setElement(inputProcessorChain.getDocumentContext().getParentElement(xmlEvent.getEventType()));
+            ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent
+                    = new ContentEncryptedElementSecurityEvent(null, false, inputProcessorChain.getDocumentContext().isInSignedContent());
+            contentEncryptedElementSecurityEvent.setElementPath(inputProcessorChain.getDocumentContext().getParentElementPath(xmlEvent.getEventType()));
             policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
         }
     }

Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyUtils.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyUtils.java?rev=1295267&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyUtils.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyUtils.java Wed Feb 29 20:54:51 2012
@@ -0,0 +1,55 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.ws.secpolicy.model.XPath;
+
+import javax.xml.namespace.QName;
+import java.util.LinkedList;
+import java.util.List;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class PolicyUtils {
+
+    public static List<QName> getElementPath(XPath xPath) {
+        List<QName> elements = new LinkedList<QName>();
+        String[] xPathElements = xPath.getXPath().split("/");
+        for (int j = 0; j < xPathElements.length; j++) {
+            String xPathElement = xPathElements[j];
+            if (StringUtils.isEmpty(xPathElement)) {
+                continue;
+            }
+            String[] elementParts = xPathElement.split(":");
+            if (elementParts.length == 2) {
+                String ns = xPath.getPrefixNamespaceMap().get(elementParts[0]);
+                if (ns == null) {
+                    throw new IllegalArgumentException("Namespace not declared");
+                }
+                elements.add(new QName(ns, elementParts[1]));
+            } else {
+                elements.add(new QName(elementParts[0]));
+            }
+        }
+        return elements;
+    }
+}

Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyUtils.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision



Mime
View raw message