ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Giger <gi...@apache.org>
Subject Re: PROPOSAL to merge Rampart, CXF, swssf AssertionBuilder and Assertion classes
Date Tue, 22 Nov 2011 16:06:59 GMT
Hi Colm,

On Tue, 22 Nov 2011 14:43:22 +0000
Colm O hEigeartaigh <coheigea@apache.org> wrote:

> Hi Marc,
> 
> Are you still planning on building a common code-base for CXF &
> Rampart as per your previous mail? 

Yes that's still my goal because swssf can/will use the common code-base too.
The swssf policy engine needs just a little bit refactoring (the rampart-policy code refactoring
is the first part of it) to fully support the new policy code.

As you already know, swssf emits security-policy relevant events in realtime which will be
asserted also in realtime (if possible).

To simplify things further CXF (and rampart perhaps too) could then use the swssf assertion-engine
to verify the
policy also with the DOM-WSS (WSS4J) impl. The only difference is that the validation will
not occur in realtime as with swssf.

As example:
When swssf hits an X509Token it will emit a X509TokenSecurityEvent. This event will be feeded
to the policy engine.
The policy engine throws an Exception when the assertions cannot be fullfilled.
So WSS4j-DOM could also emit a X509TokenSecurityEvent when it processed the X509Token. The
X509SecurityEvent could
also be created from the WSResultVector and then hand over to the policy engine for verification.
But in every case I think
both implementation could use finally the same PolicyEngine. 

> If so wouldn't it be better to
> create a new module in WSS4J that both projects could use?

Yes, why not. WS-Sec-Policy is all around WSS minus some special things like Transport binding.

Perhaps my explanation above will help to find the best way to go. It's just a matter of minutes
to
move the rampart-policy module to WSS4J because it has no deps to other rampart code.

Thanks

Marc


> 
> Colm.
> 
> On Tue, Nov 22, 2011 at 1:50 PM, Marc Giger <giger@apache.org> wrote:
> > Hi all
> >
> > I have now a bigger patch for rampart ready with the following changes and new features:
> >
> > - Axiom dependency removed. Just the axiom api is still there because of Neethi:
> > [INFO] ------------------------------------------------------------------------
> > [INFO] Building Rampart - Policy
> > [INFO]    task-segment: [dependency:tree]
> > [INFO] ------------------------------------------------------------------------
> > [INFO] [dependency:tree {execution: default-cli}]
> > [INFO] org.apache.rampart:rampart-policy:jar:1.7.0-SNAPSHOT
> > [INFO] +- org.apache.neethi:neethi:jar:3.0.2-SNAPSHOT:compile
> > [INFO] |  \- org.codehaus.woodstox:woodstox-core-asl:jar:4.0.8:compile
> > [INFO] |     +- javax.xml.stream:stax-api:jar:1.0-2:compile
> > [INFO] |     \- org.codehaus.woodstox:stax2-api:jar:3.0.2:compile
> > [INFO] +- commons-lang:commons-lang:jar:2.3:compile
> > [INFO] +- org.apache.ws.commons.axiom:axiom-api:jar:1.2.13-SNAPSHOT:test
> > [INFO] |  +- org.apache.geronimo.specs:geronimo-activation_1.1_spec:jar:1.0.2:test
> > [INFO] |  +- org.apache.geronimo.specs:geronimo-javamail_1.4_spec:jar:1.6:test
> > [INFO] |  +- commons-logging:commons-logging:jar:1.1.1:test
> > [INFO] |  +- jaxen:jaxen:jar:1.1.3:test
> > [INFO] |  +- org.apache.geronimo.specs:geronimo-stax-api_1.0_spec:jar:1.0.1:test
> > [INFO] |  \- org.apache.james:apache-mime4j-core:jar:0.8-SNAPSHOT:test
> > [INFO] +- xmlunit:xmlunit:jar:1.3:test
> > [INFO] \- junit:junit:jar:3.8.2:test
> > [INFO] ------------------------------------------------------------------------
> > [INFO] BUILD SUCCESSFUL
> > [INFO] ------------------------------------------------------------------------
> >
> >
> > - Complete Support (if I didn't miss something) of WS-Sec-Pol 1.1, 1.2 and 1.3
> > - Support of nested Policies with multiple alternatives
> > - The complete Rampart-Project builds and successfully runs all the tests.
> > - A lot of additional tests for the rampart-policy module to test the Policy building
> > - ...
> >
> > If someone branches the rampart-trunk and gives me rw access to it I will commit
> > the changes. After this you can review it and merge it back to the trunk.
> >
> > Kind regards
> >
> > Marc
> >
> >
> >
> > Some stats:
> >
> > [INFO] ------------------------------------------------------------------------
> > [INFO] Reactor Summary:
> > [INFO] ------------------------------------------------------------------------
> > [INFO] Apache Rampart ........................................ SUCCESS [0.954s]
> > [INFO] Rampart - Policy ...................................... SUCCESS [4.365s]
> > [INFO] Rampart - Trust ....................................... SUCCESS [4.932s]
> > [INFO] Rampart - Core ........................................ SUCCESS [1.427s]
> > [INFO] Rampart - Test Suite .................................. SUCCESS [4.489s]
> > [INFO] Rampart - Mar ......................................... SUCCESS [0.271s]
> > [INFO] Rampart - Trust-Mar ................................... SUCCESS [0.291s]
> > [INFO] Rampart - Integration ................................. SUCCESS [3:18.602s]
> > [INFO] ------------------------------------------------------------------------
> > [INFO] ------------------------------------------------------------------------
> > [INFO] BUILD SUCCESSFUL
> > [INFO] ------------------------------------------------------------------------
> >
> >
> > Lines added (incl. tests): ~14589
> > Lines deleted: ~13602
> >
> >
> > Changelist:
> > A       modules/rampart-policy/src/test
> > A       modules/rampart-policy/src/test/java
> > A       modules/rampart-policy/src/test/java/org
> > A       modules/rampart-policy/src/test/java/org/apache
> > A       modules/rampart-policy/src/test/java/org/apache/ws
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/HttpsTokenTest.java
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/SignedElementsTest.java
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/PolicyNormalizationTest.java
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/EncryptedPartsTest.java
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/SecurityContextTokenTest.java
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/RequiredElementsTest.java
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/KerberosTokenTest.java
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/LayoutTest.java
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/Wss11Test.java
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/UsernameTokenTest.java
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/SecureConversationTokenTest.java
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/Trust13Test.java
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/ContentEncryptedElementsTest.java
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/KeyValueTokenTest.java
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/TransportBindingTest.java
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/RequiredPartsTest.java
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/EncryptedElementsTest.java
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/AbstractTestBase.java
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/AlgorithmSuiteTest.java
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/SpnegoContextTokenTest.java
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/InitiatorTokenTest.java
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/X509TokenTest.java
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/SymmetricBindingTest.java
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/AsymmetricBindingTest.java
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/Wss10Test.java
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/Trust10Test.java
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/SignedPartsTest.java
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/RecipientTokenTest.java
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/RelTokenTest.java
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/SamlTokenTest.java
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/IssuedTokenTest.java
> > A       modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/SupportingTokensTest.java
> > A       modules/rampart-policy/src/test/resources
> > A       modules/rampart-policy/src/test/resources/policy
> > A       modules/rampart-policy/src/test/resources/policy/WSP15_432-serialized.xml
> > A       modules/rampart-policy/src/test/resources/policy/model
> > A       modules/rampart-policy/src/test/resources/policy/model/sp11
> > A       modules/rampart-policy/src/test/resources/policy/model/sp11/Trust10.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp11/normalized
> > A       modules/rampart-policy/src/test/resources/policy/model/sp11/normalized/Trust10.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp11/serialized
> > A       modules/rampart-policy/src/test/resources/policy/model/sp11/serialized/Trust10.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/UsernameToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/SecureConversationToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/RecipientToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/RelToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/SignedParts.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/KeyValueToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/EncryptedElements.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/RequiredParts.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/SamlToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/IssuedToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/AlgorithmSuite.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/HttpsToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/normalized
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/UsernameToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/SecureConversationToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/SignedParts.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/RecipientToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/RelToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/Trust13.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/ContentEncryptedElements.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/KeyValueToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/TransportBinding.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/RequiredParts.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/EncryptedElements.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/SamlToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/IssuedToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/SupportingTokens.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/AlgorithmSuite.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/SpnegoContextToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/InitiatorToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/HttpsToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/X509Token.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/SignedElements.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/EncryptedParts.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/SymmetricBinding.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/AsymmetricBinding.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/Wss10.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/SecurityContextToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/KerberosToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/RequiredElements.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/Layout.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/Wss11.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/X509Token.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/EncryptedParts.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/AsymmetricBinding.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/Layout.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/KerberosToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/RequiredElements.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/SecurityContextToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/ContentEncryptedElements.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/Trust13.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/TransportBinding.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/serialized
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/UsernameToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/SecureConversationToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/SignedParts.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/RecipientToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/RelToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/Trust13.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/ContentEncryptedElements.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/KeyValueToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/TransportBinding.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/RequiredParts.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/EncryptedElements.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/SamlToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/IssuedToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/SupportingTokens.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/AlgorithmSuite.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/SpnegoContextToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/InitiatorToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/HttpsToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/X509Token.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/SignedElements.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/EncryptedParts.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/SymmetricBinding.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/AsymmetricBinding.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/Wss10.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/SecurityContextToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/KerberosToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/RequiredElements.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/Layout.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/Wss11.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/SupportingTokens.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/SpnegoContextToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/InitiatorToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/SignedElements.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/SymmetricBinding.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/Wss10.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp12/Wss11.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp13
> > A       modules/rampart-policy/src/test/resources/policy/model/sp13/UsernameToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp13/SignedParts.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp13/Trust13.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp13/normalized
> > A       modules/rampart-policy/src/test/resources/policy/model/sp13/normalized/UsernameToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp13/normalized/SignedParts.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp13/normalized/Trust13.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp13/normalized/SignedElements.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp13/normalized/EncryptedParts.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp13/SignedElements.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp13/EncryptedParts.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp13/serialized
> > A       modules/rampart-policy/src/test/resources/policy/model/sp13/serialized/UsernameToken.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp13/serialized/SignedParts.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp13/serialized/Trust13.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp13/serialized/SignedElements.xml
> > A       modules/rampart-policy/src/test/resources/policy/model/sp13/serialized/EncryptedParts.xml
> > A       modules/rampart-policy/src/test/resources/policy/WSP15_432-normalized.xml
> > A       modules/rampart-policy/src/test/resources/policy/WSP15_432-compact.xml
> > D       modules/rampart-policy/src/main/java/META-INF
> > D       modules/rampart-policy/src/main/java/META-INF/services
> > D       modules/rampart-policy/src/main/java/META-INF/services/org.apache.neethi.builders.AssertionBuilder
> > MM      modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPConstants.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SymmetricAsymmetricBindingBase.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedParts.java
> > MM      modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignatureToken.java
> > MM      modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/HttpsToken.java
> > A  +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractToken.java
> > A  +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractTokenWrapper.java
> > A  +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedElements.java
> > A       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/EncryptedParts.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Binding.java
> > A  +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Attachments.java
> > MM      modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RequiredElements.java
> > MM      modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Layout.java
> > A  +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/KerberosToken.java
> > MM      modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SecurityContextToken.java
> > A       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SupportingTokenType.java
> > MM      modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Wss11.java
> > A  +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/InitiatorEncryptionToken.java
> > MM      modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/UsernameToken.java
> > MM      modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SecureConversationToken.java
> > MM      modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSecurityAssertion.java
> > A       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/XPath.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java
> > MM      modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Trust13.java
> > MM      modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/ContentEncryptedElements.java
> > A  +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/InitiatorSignatureToken.java
> > A  +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/KeyValueToken.java
> > MM      modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportBinding.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmWrapper.java
> > A  +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSymmetricAsymmetricBinding.java
> > A       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/EncryptedElements.java
> > MM      modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RequiredParts.java
> > MM      modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/EncryptionToken.java
> > A  +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RecipientEncryptionToken.java
> > A  +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractBinding.java
> > R       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java
> > A  +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SpnegoContextToken.java
> > MM      modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/InitiatorToken.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractConfigurableSecurityAssertion.java
> > A  +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RecipientSignatureToken.java
> > MM      modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/X509Token.java
> > MM      modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SymmetricBinding.java
> > MM      modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AsymmetricBinding.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SupportingToken.java
> > MM      modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Wss10.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Token.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TokenWrapper.java
> > MM      modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Trust10.java
> > A       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RelToken.java
> > MM      modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RecipientToken.java
> > A  +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedParts.java
> > MM      modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/ProtectionToken.java
> > MM      modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Header.java
> > MM      modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/IssuedToken.java
> > A  +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SamlToken.java
> > MM      modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportToken.java
> > A  +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SupportingTokens.java
> > MM      modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP11Constants.java
> > MM      modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP12Constants.java
> > A       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP13Constants.java
> > A       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPUtils.java
> > A       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/AssertionState.java
> > A  +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders
> > A  +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/EncryptionTokenBuilder.java
> > MM +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SupportingTokensBuilder.java
> > A  +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SpnegoContextTokenBuilder.java
> > A  +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SignatureTokenBuilder.java
> > MM +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/InitiatorTokenBuilder.java
> > A  +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/RecipientSignatureTokenBuilder.java
> > MM +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SignedElementsBuilder.java
> > MM +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SymmetricBindingBuilder.java
> > MM +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/WSS10Builder.java
> > A  +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/InitiatorEncryptionTokenBuilder.java
> > MM +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/WSS11Builder.java
> > MM +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/UsernameTokenBuilder.java
> > MM +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SecureConversationTokenBuilder.java
> > A  +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/RelTokenBuilder.java
> > MM +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/RecipientTokenBuilder.java
> > MM +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SignedPartsBuilder.java
> > A  +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/KeyValueTokenBuilder.java
> > MM +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/ProtectionTokenBuilder.java
> > MM +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/RequiredPartsBuilder.java
> > MM +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/EncryptedElementsBuilder.java
> > A  +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SamlTokenBuilder.java
> > MM +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/IssuedTokenBuilder.java
> > MM +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/TransportTokenBuilder.java
> > A  +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/RecipientEncryptionTokenBuilder.java
> > MM +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/AlgorithmSuiteBuilder.java
> > MM +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/HttpsTokenBuilder.java
> > MM +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/X509TokenBuilder.java
> > MM +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/EncryptedPartsBuilder.java
> > MM +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/AsymmetricBindingBuilder.java
> > A  +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/KerberosTokenBuilder.java
> > MM +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SecurityContextTokenBuilder.java
> > MM +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/RequiredElementsBuilder.java
> > MM +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/LayoutBuilder.java
> > A  +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/Trust10Builder.java
> > MM +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/ContentEncryptedElementsBuilder.java
> > A  +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/InitiatorSignatureTokenBuilder.java
> > MM +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/Trust13Builder.java
> > MM +    modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/TransportBindingBuilder.java
> > MM      modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/WSSPolicyException.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/Constants.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/EncryptedElementsBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/TransportTokenBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/IssuedTokenBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SupportingTokensBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/AlgorithmSuiteBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/InitiatorTokenBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/X509TokenBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SignedElementsBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/EncryptedPartsBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SymmetricBindingBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/AsymmetricBindingBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/WSS10Builder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/LayoutBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/RequiredElementsBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SecurityContextTokenBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/WSS11Builder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/UsernameTokenBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SecureConversationTokenBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/Trust10Builder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SignedPartsBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/RecipientTokenBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/ProtectionTokenBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/TransportBindingBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/EncryptedElementsBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/RequiredPartsBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/TransportTokenBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/IssuedTokenBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SupportingTokensBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/AlgorithmSuiteBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/HttpsTokenBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/InitiatorTokenBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/X509TokenBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SignedElementsBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SymmetricBindingBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/EncryptedPartsBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/AsymmetricBindingBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/RequiredElementsBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SecurityContextTokenBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/LayoutBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/WSS10Builder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/WSS11Builder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/UsernameTokenBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SecureConversationTokenBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/RecipientTokenBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SignedPartsBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/ContentEncryptedElementsBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/Trust13Builder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/ProtectionTokenBuilder.java
> > D       modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/TransportBindingBuilder.java
> > A       modules/rampart-policy/src/main/resources
> > A  +    modules/rampart-policy/src/main/resources/META-INF
> > M  +    modules/rampart-policy/src/main/resources/META-INF/services/org.apache.neethi.builders.AssertionBuilder
> > M       modules/rampart-policy/pom.xml
> > M       modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
> > M       modules/rampart-trust/pom.xml
> > M       modules/rampart-tests/src/test/java/org/apache/ws/secpolicy/model/SecpolicyModelTest.java
> > M       modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
> > M       modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
> > M       modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
> > M       modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
> > M       modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java
> > M       modules/rampart-core/src/main/java/org/apache/rampart/policy/SupportingPolicyData.java
> > M       modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java
> > M       modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
> > M       modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
> > M       modules/rampart-core/src/main/java/org/apache/rampart/handler/PostDispatchVerificationHandler.java
> > M       pom.xml
> >
> >
> >
> >
> > On Thu, 10 Nov 2011 20:02:48 +0100
> > Marc Giger <giger@apache.org> wrote:
> >
> >> Dear WS-devs,
> >>
> >> At the moment there are at least 4 AssertionBuilder and 3 Assertion classes
per WS-Security-Policy-Assertion.
> >> The original Rampart ones, the CXF ones lent by rampart and my classes (swssf)
lent by Rampart.
> >> All of you, which did contribute to the policy implementations, know how much
time it takes to implement
> >> it and how complicated it can be.
> >>
> >> The attached patch is a first try/draft/proposal to to get rid of this overhead
so that we can use a common code base.
> >> It is of course not intended for inclusion but to start a discussion about requirements.
> >>
> >> The provided patch should show you
> >> - the support of neested policies and its normalization (attached is a sample
policy in compact form
> >> and its normalized version which was normalized with the code in the patch)
> >> - the simplification of the multiple Policy-Versions handling
> >> - generic (simple) method and class to do the final assert of an alternative
> >>
> >> The axis/rampart developers will note that the builders are using the W3C-DOM
implementation instead of the axiom framework.
> >> The rationale is that no additional dependencies are needed, DOM is an official
standard and we aren't in a "hot-path"
> >> (Normally the policy will be build once during the whole runtime). So, this
shouldn't be a big deal.
> >>
> >> There is an alternative to the proposed concept. Build the policy without the
builders and call the concrete builders during
> >> normalization or during other structural changes. The primitive assertion objects
can be hold behind the scene to allow
> >> structural changes all the time.
> >>
> >> Before I invest more time I want to make sure the asf-dev-community is in favor
and the result will be accepted.
> >>
> >> What do you think?
> >>
> >> I agree [ ]
> >> I disagree [ ]
> >> I don't care [ ]
> >> What do you want?, it is perfect as it is! [ ]
> >>
> >> I'm willing to help [ ]
> >>
> >> Comments/notes/concerns/objections/ideas?
> >>
> >> Please share your opinion!
> >>
> >> Thanks
> >>
> >> Marc
> >>
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: dev-help@ws.apache.org
> >
> >
> 
> 
> 
> -- 
> Colm O hEigeartaigh
> 
> Talend Community Coder
> http://coders.talend.com
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: dev-help@ws.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message