TrustPluginImplpublic class TrustPluginImpl extends Object implements TrustPlugin
| Fields Summary |
|---|
| private static final Logger | log | | private final Configuration | config | | private static WSTrustElementFactory | fact | | private static final String | PRE_CONFIGURED_STS | | private static final String | NAMESPACE | | private static final String | CONFIG_NAMESPACE | | private static final String | ENDPOINT | | private static final String | METADATA | | private static final String | WSDL_LOCATION | | private static final String | SERVICE_NAME | | private static final String | PORT_NAME | | private static final String | REQUEST_SECURITY_TOKEN_TEMPLATE | | private static final String | CLAIMS | | private static final String | DIALECT |
| Constructors Summary |
|---|
public TrustPluginImpl(Configuration config)Creates a new instance of TrustPluginImpl
this.config = config;
|
| Methods Summary |
|---|
| private com.sun.xml.ws.security.trust.elements.RequestSecurityToken | createRequest(com.sun.xml.ws.security.policy.RequestSecurityTokenTemplate rstTemplate, java.lang.String appliesTo)
final URI requestType = URI.create(WSTrustConstants.ISSUE_REQUEST);
AppliesTo applTo = null;
if (appliesTo != null){
applTo = WSTrustUtil.createAppliesTo(appliesTo);
}
int len = 32;
final long keySize = rstTemplate.getKeySize();
if (keySize > 0){
len = (int)keySize/8;
}
final SecureRandom secRandom = new SecureRandom();
final byte[] nonce = new byte[len];
secRandom.nextBytes(nonce);
final BinarySecret binarySecret = fact.createBinarySecret(nonce, BinarySecret.NONCE_KEY_TYPE);
final Entropy entropy = fact.createEntropy(binarySecret);
URI tokenType = URI.create(WSTrustConstants.SAML11_ASSERTION_TOKEN_TYPE);
if (rstTemplate.getTokenType() != null){
tokenType = new URI(rstTemplate.getTokenType().trim());
}
final URI context = null;
final Claims claims = null;
final Lifetime lifetime = null;
final RequestSecurityToken rst= fact.createRSTForIssue(tokenType,requestType,context,applTo,claims,entropy,lifetime);
if (keySize > 0){
rst.setKeySize(keySize);
}
final String keyType = rstTemplate.getKeyType();
if (keyType != null){
rst.setKeyType(new URI(keyType.trim()));
}
rst.setComputedKeyAlgorithm(URI.create(WSTrustConstants.CK_PSHA1));
if (log.isLoggable(Level.FINE)) {
log.log(Level.FINE,
LogStringsMessages.WST_1006_CREATED_RST_ISSUE(elemToString(rst)));
}
return rst;
| | protected static javax.xml.namespace.QName[] | doMexRequest(java.lang.String wsdlLocation, java.lang.String stsURI)This method uses mex client api to issue a mex request and return the
matching service name and port name
final QName[] serviceInfo = new QName[2];
final MetadataClient mexClient = new MetadataClient();
final Metadata metadata = mexClient.retrieveMetadata(wsdlLocation);
//this method gives the names of services and the corresponding port details
if(metadata != null){
final List<PortInfo> ports = mexClient.getServiceInformation(metadata);
//we have to iterate through this to get the appropriate serviceName and portname
for(PortInfo port : ports){
final String uri = port.getAddress();
//if the stsAddress what we have matches the address of this port, return
//this port information
if(uri.equals(stsURI)){
serviceInfo[0]= port.getServiceName();
serviceInfo[1]= port.getPortName();
break;
}
}
if(serviceInfo[0]==null || serviceInfo[1]==null){
log.log(Level.SEVERE,
LogStringsMessages.WST_0042_NO_MATCHING_SERVICE_MEX(stsURI));
throw new WSTrustException(
LogStringsMessages.WST_0042_NO_MATCHING_SERVICE_MEX(stsURI));
}
}else{
log.log(Level.SEVERE,
LogStringsMessages.WST_0017_SERVICE_PORTNAME_ERROR(wsdlLocation.toString()));
throw new WSTrustException(
LogStringsMessages.WST_0017_SERVICE_PORTNAME_ERROR(wsdlLocation.toString()));
}
return serviceInfo;
| | private java.lang.String | elemToString(com.sun.xml.ws.security.trust.elements.RequestSecurityTokenResponse rstr)
try {
final javax.xml.bind.Marshaller marshaller = fact.getContext().createMarshaller();
final JAXBElement<RequestSecurityTokenResponseType> rstrElement = (new ObjectFactory()).createRequestSecurityTokenResponse((RequestSecurityTokenResponseType)rstr);
marshaller.setProperty(javax.xml.bind.Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
final java.io.StringWriter writer = new java.io.StringWriter();
marshaller.marshal(rstrElement, writer);
return writer.toString();
} catch (Exception e) {
log.log(Level.SEVERE,
LogStringsMessages.WST_1004_ERROR_MARSHAL_TO_STRING("RSTR"), e);
throw new WebServiceException(LogStringsMessages.WST_1004_ERROR_MARSHAL_TO_STRING("RSTR"), e);
}
| | private java.lang.String | elemToString(com.sun.xml.ws.security.trust.elements.RequestSecurityToken rst)Prints out the RST created as string.
This method is primarily used for logging purposes.
try {
final javax.xml.bind.Marshaller marshaller = fact.getContext().createMarshaller();
final JAXBElement<RequestSecurityTokenType> rstElement = (new ObjectFactory()).createRequestSecurityToken((RequestSecurityTokenType)rst);
marshaller.setProperty(javax.xml.bind.Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
final java.io.StringWriter writer = new java.io.StringWriter();
marshaller.marshal(rstElement, writer);
return writer.toString();
} catch (Exception e) {
log.log(Level.SEVERE,
LogStringsMessages.WST_1004_ERROR_MARSHAL_TO_STRING("RST"), e);
throw new WebServiceException(LogStringsMessages.WST_1004_ERROR_MARSHAL_TO_STRING("RST"), e);
}
| | private java.net.URI | getAddressFromMetadata(com.sun.xml.ws.security.policy.IssuedToken issuedToken)
final PolicyAssertion issuer = (PolicyAssertion)issuedToken.getIssuer();
PolicyAssertion addressingMetadata = null;
PolicyAssertion metadata = null;
PolicyAssertion metadataSection = null;
PolicyAssertion metadataReference = null;
Address address = null;
if(issuer != null){
address = ((Issuer)issuer).getAddress();
if ( issuer.hasNestedAssertions() ) {
final Iterator <PolicyAssertion> iterator = issuer.getNestedAssertionsIterator();
while ( iterator.hasNext() ) {
final PolicyAssertion assertion = iterator.next();
if ( WSTrustUtil.isAddressingMetadata(assertion)) {
addressingMetadata = assertion;
break;
}
}
}
}
if(addressingMetadata != null){
if ( addressingMetadata.hasNestedAssertions() ) {
final Iterator <PolicyAssertion> iterator = addressingMetadata.getNestedAssertionsIterator();
while ( iterator.hasNext() ) {
final PolicyAssertion assertion = iterator.next();
if ( WSTrustUtil.isMetadata(assertion)) {
metadata = assertion;
break;
}
}
}
}
if(metadata != null){
if ( metadata.hasNestedAssertions() ) {
final Iterator <PolicyAssertion> iterator = metadata.getNestedAssertionsIterator();
while ( iterator.hasNext() ) {
final PolicyAssertion assertion = iterator.next();
if ( WSTrustUtil.isMetadataSection(assertion)) {
metadataSection = assertion;
break;
}
}
}
}
if(metadataSection != null){
if ( metadataSection.hasNestedAssertions() ) {
final Iterator <PolicyAssertion> iterator = metadataSection.getNestedAssertionsIterator();
while ( iterator.hasNext() ) {
final PolicyAssertion assertion = iterator.next();
if ( WSTrustUtil.isMetadataReference(assertion)) {
metadataReference = assertion;
break;
}
}
}
}
if(metadataReference != null){
if ( metadataReference.hasNestedAssertions() ) {
final Iterator <PolicyAssertion> iterator = metadataReference.getNestedAssertionsIterator();
while ( iterator.hasNext() ) {
final PolicyAssertion assertion = iterator.next();
if ( PolicyUtil.isAddress(assertion)) {
address = (Address)assertion;
// return address.getURI();
}
}
}
}
if (address != null){
return address.getURI();
}
return null;
| | private com.sun.xml.ws.api.security.trust.Claims | getClaims(com.sun.xml.ws.policy.PolicyAssertion token, java.lang.String appliesTo)
Claims claims = null;
final Iterator<PolicyAssertion> tokens =
token.getNestedAssertionsIterator();
while(tokens.hasNext()){
final PolicyAssertion cToken = tokens.next();
if(REQUEST_SECURITY_TOKEN_TEMPLATE.equals(cToken.getName().getLocalPart())){
final Iterator<PolicyAssertion> cTokens =
cToken.getNestedAssertionsIterator();
while (cTokens.hasNext()){
final PolicyAssertion gToken = cTokens.next();
if (CLAIMS.equals(gToken.getName().getLocalPart())){
try{
ByteArrayOutputStream baos = new ByteArrayOutputStream();
XMLOutputFactory xof = XMLOutputFactory.newInstance();
XMLStreamWriter writer = xof.createXMLStreamWriter(baos);
AssertionSet set = AssertionSet.createAssertionSet(Arrays.asList(new PolicyAssertion[] {gToken}));
Policy policy = Policy.createPolicy(Arrays.asList(new AssertionSet[] { set }));
PolicySourceModel sourceModel = PolicyModelGenerator.getGenerator().translate(policy);
XmlPolicyModelMarshaller pm = (XmlPolicyModelMarshaller) XmlPolicyModelMarshaller.getXmlMarshaller(true);
pm.marshal(sourceModel, writer);
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
DocumentBuilder db = dbf.newDocumentBuilder();
Document doc = db.parse(new ByteArrayInputStream(baos.toByteArray()));
Element claimsEle = (Element)doc.getElementsByTagNameNS("*", "Claims").item(0);
claims = new ClaimsImpl(ClaimsImpl.fromElement(claimsEle));
writer.close();
}catch (Exception e){
log.log(Level.SEVERE,
LogStringsMessages.WST_0045_ERROR_UNMARSHALL_CLAIMS(appliesTo), e);
throw new WebServiceException(LogStringsMessages.WST_0045_ERROR_UNMARSHALL_CLAIMS(appliesTo), e);
}
}
}
}
}
return claims;
| | private java.net.URI | getSTSURI(com.sun.xml.ws.security.policy.IssuedToken issuedToken)method to examine the IssuedToken assertion and return the URI of the Issuer
endpoint reference.
final Issuer issuer = issuedToken.getIssuer();
if(issuer != null){
final Address address = issuer.getAddress();
if (address != null){
return address.getURI();
}
}
return null;
| | private com.sun.xml.ws.security.trust.elements.RequestSecurityTokenResponse | invokeRST(com.sun.xml.ws.security.trust.elements.RequestSecurityToken request, java.net.URI wsdlLocation, javax.xml.namespace.QName serviceName, javax.xml.namespace.QName portName, java.lang.String stsURI)
if(serviceName == null || portName==null){
//we have to get the serviceName and portName through MEX
if (log.isLoggable(Level.FINE)) {
log.log(Level.FINE,
LogStringsMessages.WST_1012_SERVICE_PORTNAME_MEX(serviceName, portName));
}
final QName[] names = doMexRequest(wsdlLocation.toString(), stsURI);
serviceName = names[0];
portName = names[1];
}
Service service = null;
try{
// Work around for issue 338
String url = wsdlLocation.toString();
// if (url.endsWith("/mex")){
// int index = url.lastIndexOf("/mex");
// url = url.substring(0, index);
//}
service = Service.create(new URL(url), serviceName);
}catch (MalformedURLException ex){
log.log(Level.SEVERE,
LogStringsMessages.WST_0041_SERVICE_NOT_CREATED(wsdlLocation.toString()), ex);
throw new WebServiceException(LogStringsMessages.WST_0041_SERVICE_NOT_CREATED(wsdlLocation.toString()), ex);
}
final Dispatch<Object> dispatch = service.createDispatch(portName, fact.getContext(), Service.Mode.PAYLOAD, new WebServiceFeature[]{new RespectBindingFeature(), new AddressingFeature(false)});
//Dispatch<SOAPMessage> dispatch = service.createDispatch(portName, SOAPMessage.class, Service.Mode.MESSAGE, new WebServiceFeature[]{new AddressingFeature(false)});
//WSBinding wsbinding = (WSBinding) dispatch.getBinding();
//AddressingVersion addVer = wsbinding.getAddressingVersion();
//SOAPVersion sv = wsbinding.getSOAPVersion();
//dispatch = addAddressingHeaders(dispatch);
if (stsURI != null){
dispatch.getRequestContext().put(javax.xml.ws.BindingProvider.ENDPOINT_ADDRESS_PROPERTY, stsURI);
}
dispatch.getRequestContext().put(WSTrustConstants.IS_TRUST_MESSAGE, "true");
dispatch.getRequestContext().put(WSTrustConstants.REQUEST_SECURITY_TOKEN_ISSUE_ACTION, WSTrustConstants.REQUEST_SECURITY_TOKEN_ISSUE_ACTION);
//RequestSecurityTokenResponse rstr = null;
// try{
// MessageFactory factory = sv.saajMessageFactory;
// SOAPMessage message = factory.createMessage();
// message.getSOAPBody().addDocument(fact.toElement(request).getOwnerDocument());
// SOAPHeader header = message.getSOAPHeader();
// SOAPHeaderElement action = header.addHeaderElement(addVer.actionTag);
// action.addTextNode(WSTrustConstants.REQUEST_SECURITY_TOKEN_ISSUE_ACTION);
// SOAPHeaderElement to = header.addHeaderElement(addVer.toTag);
// to.addTextNode(stsURI.toString());
// SOAPHeaderElement msgID = header.addHeaderElement(addVer.messageIDTag);
// msgID.addTextNode("uuid:" + UUID.randomUUID().toString());
// SOAPHeaderElement replyTo = header.addHeaderElement(addVer.replyToTag);
// SOAPElement add = replyTo.addChildElement(new QName(addVer.nsUri, "Address"));
// add.addTextNode(AddressingVersion.W3C.getAnonymousUri());
//SOAPMessage response = (SOAPMessage)dispatch.invoke(message);
// SOAPBody rsp = response.getSOAPBody();
// Element rspEle = rsp.extractContentAsDocument().getDocumentElement();
// rstr = fact.createRSTRFrom(rspEle);
// } catch(Exception ex){
// ex.printStackTrace();
// }
final RequestSecurityTokenResponse rstr = fact.createRSTRFrom((JAXBElement)dispatch.invoke(fact.toJAXBElement(request)));
if (log.isLoggable(Level.FINE)) {
log.log(Level.FINE,
LogStringsMessages.WST_1014_RESPONSE_INVOKING_RST(elemToString(rstr)));
}
return rstr;
| | public com.sun.xml.ws.security.IssuedTokenContext | process(com.sun.xml.ws.policy.PolicyAssertion token, com.sun.xml.ws.policy.PolicyAssertion localToken, java.lang.String appliesTo)Obtain the Token by using WS-Trust or WS-SecureConversation.
final IssuedToken issuedToken = (IssuedToken)token;
final RequestSecurityTokenTemplate rstTemplate = issuedToken.getRequestSecurityTokenTemplate();
URI stsURI = getSTSURI(issuedToken);
URI wsdlLocation = null;
QName serviceName = null;
QName portName = null;
// Get STS information from IssuedToken
if (stsURI != null){
URI metadataAddress = getAddressFromMetadata(issuedToken);
if(metadataAddress != null){
wsdlLocation = metadataAddress;
}else{
wsdlLocation = stsURI;
}
}else if (localToken != null){
// Get STS information from local configuration
if (PRE_CONFIGURED_STS.equals(localToken.getName().getLocalPart())) {
final Map<QName,String> attrs = localToken.getAttributes();
final String namespace = attrs.get(new QName(CONFIG_NAMESPACE,NAMESPACE));
String stsEPStr = attrs.get(new QName(CONFIG_NAMESPACE,ENDPOINT));
if (stsEPStr == null){
stsEPStr = attrs.get(new QName(CONFIG_NAMESPACE,ENDPOINT.toLowerCase()));
}
if (stsEPStr != null){
stsURI = URI.create(stsEPStr);
}
final String metadataStr = attrs.get(new QName(CONFIG_NAMESPACE, METADATA));
if (metadataStr != null){
wsdlLocation = URI.create(metadataStr);
}
final String wsdlLocationStr = attrs.get(new QName(CONFIG_NAMESPACE,WSDL_LOCATION));
if (wsdlLocationStr != null){
wsdlLocation = URI.create(wsdlLocationStr);
}
final String serviceNameStr = attrs.get(new QName(CONFIG_NAMESPACE,SERVICE_NAME));
if (serviceNameStr != null && namespace != null){
serviceName = new QName(namespace,serviceNameStr);
}
if (wsdlLocation == null){
wsdlLocation = stsURI;
}
final String portNameStr = attrs.get(new QName(CONFIG_NAMESPACE,PORT_NAME));
if (portNameStr != null && namespace != null){
portName = new QName(namespace, portNameStr);
}
}
}
if(stsURI == null){
log.log(Level.SEVERE,
LogStringsMessages.WST_0029_COULD_NOT_GET_STS_LOCATION(appliesTo));
throw new WebServiceException(LogStringsMessages.WST_0029_COULD_NOT_GET_STS_LOCATION(appliesTo));
}
RequestSecurityTokenResponse result = null;
try {
final RequestSecurityToken request = createRequest(rstTemplate, appliesTo);
// handle Claims.
// Not: should be in the RequestSecurityTokenTemplate api. Workaround for now.
Claims claims = getClaims(token, appliesTo);
if (claims != null){
request.setClaims(claims);
}
result = invokeRST(request, wsdlLocation, serviceName, portName, stsURI.toString());
final IssuedTokenContext itc = new IssuedTokenContextImpl();
final WSTrustClientContract contract = WSTrustFactory.createWSTrustClientContract(config);
contract.handleRSTR(request, result, itc);
return itc;
} catch (RemoteException ex) {
log.log(Level.SEVERE,
LogStringsMessages.WST_0016_PROBLEM_IT_CTX(stsURI, appliesTo), ex);
throw new WebServiceException(LogStringsMessages.WST_0016_PROBLEM_IT_CTX(stsURI, appliesTo), ex);
} catch (URISyntaxException ex){
log.log(Level.SEVERE,
LogStringsMessages.WST_0016_PROBLEM_IT_CTX(stsURI, appliesTo), ex);
throw new WebServiceException(LogStringsMessages.WST_0016_PROBLEM_IT_CTX(stsURI, appliesTo));
} catch (WSTrustException ex){
log.log(Level.SEVERE,
LogStringsMessages.WST_0016_PROBLEM_IT_CTX(stsURI, appliesTo), ex);
throw new WebServiceException(LogStringsMessages.WST_0016_PROBLEM_IT_CTX(stsURI, appliesTo));
}
|
|
