ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1490356 - in /webservices/wss4j/trunk: ws-security-common/src/main/java/org/apache/wss4j/common/ ws-security-common/src/main/resources/ ws-security-stax/src/main/java/org/apache/wss4j/stax/ ws-security-stax/src/main/java/org/apache/wss4j/s...
Date Thu, 06 Jun 2013 16:50:49 GMT
Author: coheigea
Date: Thu Jun  6 16:50:49 2013
New Revision: 1490356

URL: http://svn.apache.org/r1490356
Log:
Added a "pure" Kerberos action + made it possible to take a Kerberos ticket from the security
context

Modified:
    webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
    webservices/wss4j/trunk/ws-security-common/src/main/resources/wss4j-ehcache.xml
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/KerberosSecurityTokenOutputProcessor.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosClientSecurityToken.java

Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java?rev=1490356&r1=1490355&r2=1490356&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
(original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
Thu Jun  6 16:50:49 2013
@@ -96,6 +96,23 @@ public final class ConfigurationConstant
      */
     public static final String ENCRYPT_DERIVED = "EncryptDerived";
     
+    /**
+     * Perform a Signature action with a kerberos token. The signature specific parameters
define how
+     * to sign, which keys to use, and so on.
+     */
+    public static final String SIGNATURE_WITH_KERBEROS_TOKEN = "SignatureWithKerberosToken";
+    
+    /**
+     * Perform a Encryption action with a kerberos token. The signature specific parameters
define how
+     * to encrypt, which keys to use, and so on.
+     */
+    public static final String ENCRYPT_WITH_KERBEROS_TOKEN = "EncryptWithKerberosToken";
+    
+    /**
+     * Add a kerberos token. 
+     */
+    public static final String KERBEROS_TOKEN = "KerberosToken";
+    
     //
     // User properties
     //

Modified: webservices/wss4j/trunk/ws-security-common/src/main/resources/wss4j-ehcache.xml
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/resources/wss4j-ehcache.xml?rev=1490356&r1=1490355&r2=1490356&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/resources/wss4j-ehcache.xml (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/resources/wss4j-ehcache.xml Thu Jun
 6 16:50:49 2013
@@ -1,4 +1,4 @@
-<ehcache xsi:noNamespaceSchemaLocation="ehcache.xsd" updateCheck="false" monitoring="autodetect"
dynamicConfig="true">
+<ehcache xsi:noNamespaceSchemaLocation="ehcache.xsd" updateCheck="false" monitoring="autodetect"
dynamicConfig="true" name="wss4jCache">
 
     <diskStore path="java.io.tmpdir"/>
 

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java?rev=1490356&r1=1490355&r2=1490356&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
Thu Jun  6 16:50:49 2013
@@ -104,6 +104,12 @@ public final class ConfigurationConverte
                 actions.add(WSSConstants.SIGNATURE_WITH_DERIVED_KEY);
             } else if (single[i].equals(ConfigurationConstants.ENCRYPT_DERIVED)) {
                 actions.add(WSSConstants.ENCRYPT_WITH_DERIVED_KEY);
+            } else if (single[i].equals(ConfigurationConstants.SIGNATURE_WITH_KERBEROS_TOKEN))
{
+                actions.add(WSSConstants.SIGNATURE_WITH_KERBEROS_TOKEN);
+            } else if (single[i].equals(ConfigurationConstants.ENCRYPT_WITH_KERBEROS_TOKEN))
{
+                actions.add(WSSConstants.ENCRYPT_WITH_KERBEROS_TOKEN);
+            } else if (single[i].equals(ConfigurationConstants.KERBEROS_TOKEN)) {
+                actions.add(WSSConstants.KERBEROS_TOKEN);
             }
         }
         

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java?rev=1490356&r1=1490355&r2=1490356&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
Thu Jun  6 16:50:49 2013
@@ -21,6 +21,7 @@ package org.apache.wss4j.stax.ext;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.stax.impl.processor.output.*;
 import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.stax.ext.OutboundSecurityContext;
 import org.apache.xml.security.stax.ext.OutputProcessor;
 import org.apache.xml.security.stax.ext.XMLSecurityConstants;
 import org.apache.xml.security.stax.impl.DocumentContextImpl;
@@ -86,7 +87,10 @@ public class OutboundWSSec {
     public XMLStreamWriter processOutMessage(
             OutputStream outputStream, String encoding, List<SecurityEvent> requestSecurityEvents,
             SecurityEventListener securityEventListener) throws WSSecurityException {
-        return processOutMessage((Object) outputStream, encoding, requestSecurityEvents,
securityEventListener);
+        final OutboundSecurityContextImpl outboundSecurityContext = new OutboundSecurityContextImpl();
+        outboundSecurityContext.putList(SecurityEvent.class, requestSecurityEvents);
+        outboundSecurityContext.addSecurityEventListener(securityEventListener);
+        return processOutMessage((Object) outputStream, encoding, outboundSecurityContext);
     }
 
     /**
@@ -100,16 +104,28 @@ public class OutboundWSSec {
     public XMLStreamWriter processOutMessage(
             XMLStreamWriter xmlStreamWriter, String encoding, List<SecurityEvent> requestSecurityEvents,
             SecurityEventListener securityEventListener) throws WSSecurityException {
-        return processOutMessage((Object) xmlStreamWriter, encoding, requestSecurityEvents,
securityEventListener);
-    }
-
-    private XMLStreamWriter processOutMessage(
-            Object output, String encoding, List<SecurityEvent> requestSecurityEvents,
-            SecurityEventListener securityEventListener) throws WSSecurityException {
-
         final OutboundSecurityContextImpl outboundSecurityContext = new OutboundSecurityContextImpl();
         outboundSecurityContext.putList(SecurityEvent.class, requestSecurityEvents);
         outboundSecurityContext.addSecurityEventListener(securityEventListener);
+        return processOutMessage((Object) xmlStreamWriter, encoding, outboundSecurityContext);
+    }
+    
+    /**
+     * This method is the entry point for the incoming security-engine.
+     * Hand over the original XMLStreamWriter and use the returned one for further processing
+     *
+     * @param xmlStreamWriter The original outputStream
+     * @return A new XMLStreamWriter which does transparently the security processing.
+     * @throws WSSecurityException thrown when a Security failure occurs
+     */
+    public XMLStreamWriter processOutMessage(
+            XMLStreamWriter xmlStreamWriter, String encoding, OutboundSecurityContext outbounSecurityContext)
throws WSSecurityException {
+        return processOutMessage((Object) xmlStreamWriter, encoding, outbounSecurityContext);
+    }
+
+    public XMLStreamWriter processOutMessage(
+            Object output, String encoding, OutboundSecurityContext outboundSecurityContext
+        ) throws WSSecurityException {
 
         final DocumentContextImpl documentContext = new DocumentContextImpl();
         documentContext.setEncoding(encoding);
@@ -223,6 +239,10 @@ public class OutboundWSSec {
 
                     final EncryptOutputProcessor encryptOutputProcessor = new EncryptOutputProcessor();
                     initializeOutputProcessor(outputProcessorChain, encryptOutputProcessor,
action);
+                } else if (WSSConstants.KERBEROS_TOKEN.equals(action)) {
+                    final KerberosSecurityTokenOutputProcessor kerberosTokenOutputProcessor
=
+                        new KerberosSecurityTokenOutputProcessor();
+                    initializeOutputProcessor(outputProcessorChain, kerberosTokenOutputProcessor,
action);
                 }
             }
             

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java?rev=1490356&r1=1490355&r2=1490356&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java
Thu Jun  6 16:50:49 2013
@@ -266,6 +266,7 @@ public class WSSConstants extends XMLSec
 
     public static final String NS_WSS_ENC_KEY_VALUE_TYPE = NS11_SOAPMESSAGE_SECURITY + "#EncryptedKey";
 
+    public static final String PROP_USE_THIS_TOKEN_ID_FOR_BST = "PROP_USE_THIS_TOKEN_ID_FOR_BST";
     public static final String PROP_USE_THIS_TOKEN_ID_FOR_DERIVED_KEY = "PROP_USE_THIS_TOKEN_ID_FOR_DERIVED_KEY";
     public static final String PROP_USE_THIS_TOKEN_ID_FOR_SECURITYCONTEXTTOKEN = "PROP_USE_THIS_TOKEN_ID_FOR_SECURITYCONTEXTTOKEN";
 
@@ -280,6 +281,7 @@ public class WSSConstants extends XMLSec
     public static final Action SAML_TOKEN_UNSIGNED = new Action(ConfigurationConstants.SAML_TOKEN_UNSIGNED);
     public static final Action SIGNATURE_WITH_KERBEROS_TOKEN = new Action("SignatureWithKerberosToken");
     public static final Action ENCRYPT_WITH_KERBEROS_TOKEN = new Action("EncryptWithKerberosToken");
+    public static final Action KERBEROS_TOKEN = new Action("KerberosToken");
 
     public static final AlgorithmUsage Comp_Key = new AlgorithmUsage("Comp_Key");
     public static final AlgorithmUsage Enc_KD = new AlgorithmUsage("Enc_KD");

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/KerberosSecurityTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/KerberosSecurityTokenOutputProcessor.java?rev=1490356&r1=1490355&r2=1490356&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/KerberosSecurityTokenOutputProcessor.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/KerberosSecurityTokenOutputProcessor.java
Thu Jun  6 16:50:49 2013
@@ -52,48 +52,54 @@ public class KerberosSecurityTokenOutput
 
             XMLSecurityConstants.Action action = getAction();
 
-            final KerberosClientSecurityToken kerberosClientSecurityToken =
-                    new KerberosClientSecurityToken(
-                            ((WSSSecurityProperties) getSecurityProperties()).getCallbackHandler(),
-                            bstId
-                    );
-
-
-            final SecurityTokenProvider<OutboundSecurityToken> kerberosSecurityTokenProvider
=
-                    new SecurityTokenProvider<OutboundSecurityToken>() {
-
-                @Override
-                public OutboundSecurityToken getSecurityToken() throws WSSecurityException
{
-                    return kerberosClientSecurityToken;
-                }
-
-                @Override
-                public String getId() {
-                    return bstId;
-                }
-            };
+            String tokenId = 
+                outputProcessorChain.getSecurityContext().get(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_BST);
+            KerberosClientSecurityToken kerberosToken = null;
+            if (tokenId != null) {
+                SecurityTokenProvider<OutboundSecurityToken> securityTokenProvider
= 
+                    outputProcessorChain.getSecurityContext().getSecurityTokenProvider(tokenId);
+                kerberosToken = (KerberosClientSecurityToken)securityTokenProvider.getSecurityToken();
+            }
+            if (kerberosToken == null) {
+                final KerberosClientSecurityToken kerberosClientSecurityToken =
+                        new KerberosClientSecurityToken(
+                                ((WSSSecurityProperties) getSecurityProperties()).getCallbackHandler(),
+                                bstId
+                        );
+    
+                final SecurityTokenProvider<OutboundSecurityToken> kerberosSecurityTokenProvider
=
+                        new SecurityTokenProvider<OutboundSecurityToken>() {
+    
+                    @Override
+                    public OutboundSecurityToken getSecurityToken() throws WSSecurityException
{
+                        return kerberosClientSecurityToken;
+                    }
+    
+                    @Override
+                    public String getId() {
+                        return bstId;
+                    }
+                };
+                
+                outputProcessorChain.getSecurityContext().registerSecurityTokenProvider(bstId,
kerberosSecurityTokenProvider);
+                kerberosToken = kerberosClientSecurityToken;
+            }
 
+            FinalKerberosSecurityTokenOutputProcessor finalKerberosSecurityTokenOutputProcessor
=
+                new FinalKerberosSecurityTokenOutputProcessor(kerberosToken);
+            finalKerberosSecurityTokenOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
+            finalKerberosSecurityTokenOutputProcessor.setAction(getAction());
+        
             if (WSSConstants.SIGNATURE_WITH_KERBEROS_TOKEN.equals(action)) {
                 outputProcessorChain.getSecurityContext().put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE,
bstId);
-                FinalKerberosSecurityTokenOutputProcessor finalKerberosSecurityTokenOutputProcessor
=
-                        new FinalKerberosSecurityTokenOutputProcessor(kerberosClientSecurityToken);
-                finalKerberosSecurityTokenOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
-                finalKerberosSecurityTokenOutputProcessor.setAction(getAction());
                 finalKerberosSecurityTokenOutputProcessor.addBeforeProcessor(WSSSignatureOutputProcessor.class.getName());
-                finalKerberosSecurityTokenOutputProcessor.init(outputProcessorChain);
-                kerberosClientSecurityToken.setProcessor(finalKerberosSecurityTokenOutputProcessor);
             } else if (WSSConstants.ENCRYPT_WITH_KERBEROS_TOKEN.equals(action)) {
                 outputProcessorChain.getSecurityContext().put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION,
bstId);
-                FinalKerberosSecurityTokenOutputProcessor finalKerberosSecurityTokenOutputProcessor
=
-                        new FinalKerberosSecurityTokenOutputProcessor(kerberosClientSecurityToken);
-                finalKerberosSecurityTokenOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
-                finalKerberosSecurityTokenOutputProcessor.setAction(getAction());
                 finalKerberosSecurityTokenOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
-                finalKerberosSecurityTokenOutputProcessor.init(outputProcessorChain);
-                kerberosClientSecurityToken.setProcessor(finalKerberosSecurityTokenOutputProcessor);
             }
+            finalKerberosSecurityTokenOutputProcessor.init(outputProcessorChain);
+            kerberosToken.setProcessor(finalKerberosSecurityTokenOutputProcessor);
 
-            outputProcessorChain.getSecurityContext().registerSecurityTokenProvider(bstId,
kerberosSecurityTokenProvider);
 
         } finally {
             outputProcessorChain.removeProcessor(this);

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosClientSecurityToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosClientSecurityToken.java?rev=1490356&r1=1490355&r2=1490356&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosClientSecurityToken.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosClientSecurityToken.java
Thu Jun  6 16:50:49 2013
@@ -45,6 +45,12 @@ public class KerberosClientSecurityToken
     private Key secretKey;
     private byte[] ticket;
 
+    public KerberosClientSecurityToken(byte[] ticket, Key secretKey, String id) {
+        super(id, WSSecurityTokenConstants.KerberosToken);
+        this.ticket = ticket;
+        this.secretKey = secretKey;
+    }
+    
     public KerberosClientSecurityToken(CallbackHandler callbackHandler, String id) {
         super(id, WSSecurityTokenConstants.KerberosToken);
         this.callbackHandler = callbackHandler;



Mime
View raw message