SecurityClientPipepublic class SecurityClientPipe extends SecurityPipeBase implements com.sun.xml.ws.security.secconv.SecureConversationInitiator
| Fields Summary |
|---|
| private static com.sun.xml.ws.security.trust.TrustPlugin | trustPlugin | | private static com.sun.xml.ws.security.secconv.WSSCPlugin | scPlugin | | private Set | trustConfig |
| Constructors Summary |
|---|
public SecurityClientPipe(com.sun.xml.ws.assembler.ClientPipeConfiguration config, com.sun.xml.ws.api.pipe.Pipe nextPipe)
// Creates a new instance of SecurityClientPipe
super(config,nextPipe);
CallbackHandler handler = null;
try {
Iterator it = outMessagePolicyMap.values().iterator();
SecurityPolicyHolder holder = (SecurityPolicyHolder)it.next();
Set configAssertions = holder.getConfigAssertions(SUN_WSS_SECURITY_CLIENT_POLICY_NS);
trustConfig = holder.getConfigAssertions(Constants.SUN_TRUST_CLIENT_SECURITY_POLICY_NS);
Properties props = new Properties();
handler = configureClientHandler(configAssertions, props);
secEnv = new DefaultSecurityEnvironmentImpl(handler, props);
} catch (Exception e) {
log.log(Level.SEVERE,
LogStringsMessages.WSSPIPE_0023_ERROR_CREATING_NEW_INSTANCE_SEC_CLIENT_PIPE(), e);
throw new RuntimeException(
LogStringsMessages.WSSPIPE_0023_ERROR_CREATING_NEW_INSTANCE_SEC_CLIENT_PIPE(), e);
}
| protected SecurityClientPipe(SecurityClientPipe that)
super(that);
trustConfig = that.trustConfig;
|
| Methods Summary |
|---|
| protected void | addIncomingFaultPolicy(com.sun.xml.ws.policy.Policy effectivePolicy, com.sun.xml.ws.security.impl.policyconv.SecurityPolicyHolder sph, com.sun.xml.ws.api.model.wsdl.WSDLFault fault)
SecurityPolicyHolder faultPH = constructPolicyHolder(effectivePolicy,false,true);
sph.addFaultPolicy(fault,faultPH);
| | protected com.sun.xml.ws.security.impl.policyconv.SecurityPolicyHolder | addIncomingMP(com.sun.xml.ws.api.model.wsdl.WSDLBoundOperation operation, com.sun.xml.ws.policy.Policy policy)
SecurityPolicyHolder sph = constructPolicyHolder(policy,false,true);
inMessagePolicyMap.put(operation,sph);
return sph;
| | protected void | addIncomingProtocolPolicy(com.sun.xml.ws.policy.Policy effectivePolicy, java.lang.String protocol)
inProtocolPM.put(protocol,constructPolicyHolder(effectivePolicy,false,true,true));
| | protected void | addOutgoingFaultPolicy(com.sun.xml.ws.policy.Policy effectivePolicy, com.sun.xml.ws.security.impl.policyconv.SecurityPolicyHolder sph, com.sun.xml.ws.api.model.wsdl.WSDLFault fault)
SecurityPolicyHolder faultPH = constructPolicyHolder(effectivePolicy,false,false);
sph.addFaultPolicy(fault,faultPH);
| | protected com.sun.xml.ws.security.impl.policyconv.SecurityPolicyHolder | addOutgoingMP(com.sun.xml.ws.api.model.wsdl.WSDLBoundOperation operation, com.sun.xml.ws.policy.Policy policy)
SecurityPolicyHolder sph = constructPolicyHolder(policy,false,false);
outMessagePolicyMap.put(operation,sph);
return sph;
| | protected void | addOutgoingProtocolPolicy(com.sun.xml.ws.policy.Policy effectivePolicy, java.lang.String protocol)
outProtocolPM.put(protocol,constructPolicyHolder(effectivePolicy,false,false,true));
| | private void | cancelSecurityContextToken()
Enumeration keys = issuedTokenContextMap.keys();
while (keys.hasMoreElements()){
String id = (String)keys.nextElement();
IssuedTokenContext ctx =
(IssuedTokenContext)issuedTokenContextMap.get(id);
if (ctx.getSecurityToken() instanceof SecurityContextToken){
ctx = scPlugin.processCancellation(
ctx, pipeConfig.getWSDLModel(), pipeConfig.getBinding(), this, marshaller, unmarshaller, ctx.getEndpointAddress(),addVer);
issuedTokenContextMap.remove(id);
}
}
| | private javax.security.auth.callback.CallbackHandler | configureClientHandler(java.util.Set configAssertions, java.util.Properties props)
//Properties props = new Properties();
String ret = populateConfigProperties(configAssertions, props);
try {
if (ret != null) {
Class handler = loadClass(ret);
Object obj = handler.newInstance();
if (!(obj instanceof CallbackHandler)) {
log.log(Level.SEVERE,
LogStringsMessages.WSSPIPE_0033_INVALID_CALLBACK_HANDLER_CLASS(ret));
throw new RuntimeException(
LogStringsMessages.WSSPIPE_0033_INVALID_CALLBACK_HANDLER_CLASS(ret));
}
return (CallbackHandler)obj;
}
return new DefaultCallbackHandler("client", props);
} catch (Exception e) {
log.log(Level.SEVERE,
LogStringsMessages.WSSPIPE_0027_ERROR_CONFIGURE_CLIENT_HANDLER(), e);
throw new RuntimeException(LogStringsMessages.WSSPIPE_0027_ERROR_CONFIGURE_CLIENT_HANDLER(), e);
}
| | public com.sun.xml.ws.api.pipe.Pipe | copy(com.sun.xml.ws.api.pipe.PipeCloner cloner)
Pipe clonedNextPipe = cloner.copy(nextPipe);
Pipe copied = new SecurityClientPipe(this);
((SecurityClientPipe)copied).setNextPipe(clonedNextPipe);
cloner.add(this, copied);
return copied;
| | protected java.lang.String | getAction(com.sun.xml.ws.api.model.wsdl.WSDLOperation operation, boolean inComming)
if(!inComming){
return operation.getInput().getAction();
}else{
return operation.getOutput().getAction();
}
| | protected java.util.List | getIssuedTokenPolicies(com.sun.xml.ws.api.message.Packet packet, java.lang.String scope)
if (outMessagePolicyMap == null) {
return new ArrayList<PolicyAssertion>();
}
WSDLBoundOperation operation = null;
if(isTrustMessage(packet)){
operation = getWSDLOpFromAction(packet,false);
}else{
operation =getOperation(packet.getMessage());
}
SecurityPolicyHolder sph =(SecurityPolicyHolder) outMessagePolicyMap.get(operation);
if(sph == null){
return EMPTY_LIST;
}
return sph.getIssuedTokens();
| | private void | invokeSCPlugin(com.sun.xml.ws.api.message.Packet packet)
// get the secure conversation policies pertaining to this operation
List<PolicyAssertion> policies = getOutBoundSCP(packet.getMessage());
for (PolicyAssertion scAssertion : policies) {
Token scToken = (Token)scAssertion;
if (issuedTokenContextMap.get(scToken.getTokenId()) == null) {
IssuedTokenContext ctx = scPlugin.process(
scAssertion, pipeConfig.getWSDLModel(), pipeConfig.getBinding(), this, marshaller, unmarshaller, packet.endpointAddress.toString(), packet, addVer);
issuedTokenContextMap.put(((Token)scAssertion).getTokenId(), ctx);
}
}
| | private void | invokeTrustPlugin(com.sun.xml.ws.api.message.Packet packet, boolean isSCMessage)
List<PolicyAssertion> policies = null;
if (isSCMessage) {
Token scToken = (Token)packet.invocationProperties.get(SC_ASSERTION);
policies = getIssuedTokenPoliciesFromBootstrapPolicy(scToken);
} else {
policies = getIssuedTokenPolicies(packet, OPERATION_SCOPE);
}
PolicyAssertion preSetSTSAssertion = null;
URI stsEP = null;
URI wsdlLocation = null;
QName serviceName = null;
QName portName = null;
if(trustConfig != null){
Iterator it = trustConfig.iterator();
while(it!=null && it.hasNext()) {
preSetSTSAssertion = (PolicyAssertion)it.next();
}
//serviceName = (QName)packet.invocationProperties.get(WSTrustConstants.PROPERTY_SERVICE_NAME);
//portName = (QName)packet.invocationProperties.get(WSTrustConstants.PROPERTY_PORT_NAME);
}
for (PolicyAssertion issuedTokenAssertion : policies) {
IssuedTokenContext ctx = trustPlugin.process(issuedTokenAssertion, preSetSTSAssertion, packet.endpointAddress.toString());
issuedTokenContextMap.put(
((Token)issuedTokenAssertion).getTokenId(), ctx);
}
| | public void | preDestroy()
cancelSecurityContextToken();
if (nextPipe != null) {
nextPipe.preDestroy();
}
issuedTokenContextMap.clear();
| | public com.sun.xml.ws.api.message.Packet | process(com.sun.xml.ws.api.message.Packet packet)
// Add Action header to trust message
boolean isTrustMsg = false;
if ("true".equals(packet.invocationProperties.get(WSTrustConstants.IS_TRUST_MESSAGE))){
isTrustMsg = true;
String action = (String)packet.invocationProperties.get(WSTrustConstants.REQUEST_SECURITY_TOKEN_ISSUE_ACTION);
HeaderList headers = packet.getMessage().getHeaders();
headers.fillRequestAddressingHeaders(packet, addVer, soapVersion,false, action);
}
// keep the message
Message msg = packet.getMessage();
boolean isSCMessage = isSCMessage(packet);
if (!isSCMessage && !isSCCancel(packet)){
// this is an application message
// initialize any secure-conversation sessions for this message
invokeSCPlugin(packet);
}
// invoke the Trust Plugin if necessary
invokeTrustPlugin(packet, isSCMessage);
//---------------OUTBOUND SECURITY PROCESSING----------
ProcessingContext ctx = initializeOutgoingProcessingContext(packet, isSCMessage);
try{
if(!optimized) {
if(!isSCMessage){
cacheOperation(msg);
}
SOAPMessage soapMessage = msg.readAsSOAPMessage();
soapMessage = secureOutboundMessage(soapMessage, ctx);
msg = Messages.create(soapMessage);
}else{
msg = secureOutboundMessage(msg, ctx);
}
} catch(SOAPException se){
log.log(Level.SEVERE,
LogStringsMessages.WSSPIPE_0024_ERROR_SECURING_OUTBOUND_MSG(), se);
throw new WebServiceException(
LogStringsMessages.WSSPIPE_0024_ERROR_SECURING_OUTBOUND_MSG(), se);
}
packet.setMessage(msg);
//--------INVOKE NEXT PIPE------------
Packet ret = nextPipe.process(packet);
// Could be OneWay
if (ret == null || ret.getMessage() == null) {
return ret;
}
/* TODO:this piece of code present since payload should be read once*/
if (!optimized) {
try{
SOAPMessage sm = ret.getMessage().readAsSOAPMessage();
Message newMsg = Messages.create(sm);
ret.setMessage(newMsg);
}catch(SOAPException ex){
log.log(Level.SEVERE,
LogStringsMessages.WSSPIPE_0005_PROBLEM_PROC_SOAP_MESSAGE(), ex);
throw new WebServiceException(
LogStringsMessages.WSSPIPE_0005_PROBLEM_PROC_SOAP_MESSAGE(), ex);
}
}
//---------------INBOUND SECURITY VERIFICATION----------
ctx = initializeInboundProcessingContext(ret);
ctx.setExtraneousProperty(ctx.OPERATION_RESOLVER, new PolicyResolverImpl(inMessagePolicyMap,inProtocolPM,cachedOperation,pipeConfig,addVer,true));
try{
msg = ret.getMessage();
// Could be OneWay
if (msg == null) {
return ret;
}
if(!optimized) {
SOAPMessage soapMessage = msg.readAsSOAPMessage();
soapMessage = verifyInboundMessage(soapMessage, ctx);
if (msg.isFault()) {
if (debug) {
DumpFilter.process(ctx);
}
SOAPFault fault = soapMessage.getSOAPBody().getFault();
//log.log(Level.SEVERE,
// LogStringsMessages.WSSPIPE_0034_FAULTY_RESPONSE_MSG(fault));
throw new SOAPFaultException(fault);
}
msg = Messages.create(soapMessage);
}else{
msg = verifyInboundMessage(msg, ctx);
}
} catch (XWSSecurityException xwse) {
log.log(Level.SEVERE,
LogStringsMessages.WSSPIPE_0025_ERROR_VERIFY_INBOUND_MSG(), xwse);
throw new WebServiceException(LogStringsMessages.WSSPIPE_0025_ERROR_VERIFY_INBOUND_MSG(),
getSOAPFaultException(xwse));
}catch(SOAPException se){
log.log(Level.SEVERE,
LogStringsMessages.WSSPIPE_0025_ERROR_VERIFY_INBOUND_MSG(), se);
throw new WebServiceException(LogStringsMessages.WSSPIPE_0025_ERROR_VERIFY_INBOUND_MSG(), se);
}
resetCachedOperation();
ret.setMessage(msg);
if (isTrustMsg){
//String action = getAction(ret);
getAction(ret);
}
return ret;
| | public javax.xml.bind.JAXBElement | startSecureConversation(com.sun.xml.ws.api.message.Packet packet)
List toks =getOutBoundSCP(packet.getMessage());
if (toks.isEmpty()) {
log.log(Level.SEVERE,
LogStringsMessages.WSSPIPE_0026_NO_POLICY_FOUND_FOR_SC());
throw new WSSecureConversationException(LogStringsMessages.WSSPIPE_0026_NO_POLICY_FOUND_FOR_SC());
}
//Note: Assuming only one SC assertion
Token tok = (Token)toks.get(0);
IssuedTokenContext ctx =
(IssuedTokenContext)issuedTokenContextMap.get(tok.getTokenId());
if (ctx == null) {
ctx = scPlugin.process(
(PolicyAssertion)tok, pipeConfig.getWSDLModel(), pipeConfig.getBinding(),
this, marshaller, unmarshaller, packet.endpointAddress.toString(), packet, addVer);
ctx.setEndpointAddress(packet.endpointAddress.toString());
issuedTokenContextMap.put(((Token)tok).getTokenId(), ctx);
}
SecurityTokenReference str = (SecurityTokenReference)ctx.getUnAttachedSecurityTokenReference();
return WSTrustElementFactory.newInstance().toJAXBElement(str);
|
|
