File Doc Category Size Date Package
WSITClientAuthContext.java API Doc Example 32181 Thu Jun 21 23:32:38 BST 2007 com.sun.xml.wss.provider.wsit

WSITClientAuthContext

java.lang.Object
- WSITAuthContextBase

public class WSITClientAuthContext extends WSITAuthContextBase implements javax.security.auth.message.config.ClientAuthContext

author: kumar jayanti

Fields Summary
private static com.sun.xml.ws.security.trust.TrustPlugin
trustPlugin
private static com.sun.xml.ws.security.secconv.NewWSSCPlugin
scPlugin
private Set
trustConfig
private CallbackHandler
handler
WSITClientAuthModule
authModule
Constructors Summary
public WSITClientAuthContext(String operation, Subject subject, Map map)
Creates a new instance of WSITClientAuthContext
super(map); //this.operation = operation; //this.subject = subject; //this.map = map; Iterator it = outMessagePolicyMap.values().iterator(); SecurityPolicyHolder holder = (SecurityPolicyHolder)it.next(); Set configAssertions = holder.getConfigAssertions(Constants.SUN_WSS_SECURITY_CLIENT_POLICY_NS); trustConfig = holder.getConfigAssertions( com.sun.xml.ws.security.impl.policy.Constants.SUN_TRUST_CLIENT_SECURITY_POLICY_NS); boolean isACC = isGFAppClient(); String isGF = System.getProperty("com.sun.aas.installRoot"); //this client is an ACC client or a WebClient if (isACC || (isGF != null) ) { try { Properties props = new Properties(); populateConfigProperties(configAssertions, props); String jmacHandler = props.getProperty(DefaultCallbackHandler.JMAC_CALLBACK_HANDLER); handler = loadGFHandler(true, jmacHandler); secEnv = new WSITProviderSecurityEnvironment(handler, map, props); }catch (XWSSecurityException ex) { log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0027_ERROR_POPULATING_CLIENT_CONFIG_PROP(), ex); throw new WebServiceException( LogStringsMessages.WSITPVD_0027_ERROR_POPULATING_CLIENT_CONFIG_PROP(), ex); } } else { Properties props = new Properties(); handler = configureClientHandler(configAssertions, props); secEnv = new DefaultSecurityEnvironmentImpl(handler, props); } //initialize the AuthModules and keep references to them authModule = new WSITClientAuthModule(); try { authModule.initialize(null, null, null,map); } catch (AuthException e) { log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0028_ERROR_INIT_AUTH_MODULE(), e); throw new RuntimeException(LogStringsMessages.WSITPVD_0028_ERROR_INIT_AUTH_MODULE(), e); }
Methods Summary
protected void addIncomingFaultPolicy(com.sun.xml.ws.policy.Policy effectivePolicy, com.sun.xml.ws.security.impl.policyconv.SecurityPolicyHolder sph, com.sun.xml.ws.api.model.wsdl.WSDLFault fault)
SecurityPolicyHolder faultPH = constructPolicyHolder(effectivePolicy,false,true); sph.addFaultPolicy(fault,faultPH);
protected com.sun.xml.ws.security.impl.policyconv.SecurityPolicyHolder addIncomingMP(com.sun.xml.ws.api.model.wsdl.WSDLBoundOperation operation, com.sun.xml.ws.policy.Policy policy)
SecurityPolicyHolder sph = constructPolicyHolder(policy,false,true); inMessagePolicyMap.put(operation,sph); return sph;
protected void addIncomingProtocolPolicy(com.sun.xml.ws.policy.Policy effectivePolicy, java.lang.String protocol)
inProtocolPM.put(protocol,constructPolicyHolder(effectivePolicy,false,true,true));
protected void addOutgoingFaultPolicy(com.sun.xml.ws.policy.Policy effectivePolicy, com.sun.xml.ws.security.impl.policyconv.SecurityPolicyHolder sph, com.sun.xml.ws.api.model.wsdl.WSDLFault fault)
SecurityPolicyHolder faultPH = constructPolicyHolder(effectivePolicy,false,false); sph.addFaultPolicy(fault,faultPH);
protected com.sun.xml.ws.security.impl.policyconv.SecurityPolicyHolder addOutgoingMP(com.sun.xml.ws.api.model.wsdl.WSDLBoundOperation operation, com.sun.xml.ws.policy.Policy policy)
SecurityPolicyHolder sph = constructPolicyHolder(policy,false,false); outMessagePolicyMap.put(operation,sph); return sph;
protected void addOutgoingProtocolPolicy(com.sun.xml.ws.policy.Policy effectivePolicy, java.lang.String protocol)
outProtocolPM.put(protocol,constructPolicyHolder(effectivePolicy,false,false,true));
private void cancelSecurityContextToken()
Enumeration keys = issuedTokenContextMap.keys(); while (keys.hasMoreElements()){ String id = (String)keys.nextElement(); IssuedTokenContext ctx = (IssuedTokenContext)issuedTokenContextMap.get(id); if (ctx.getSecurityToken() instanceof SecurityContextToken){ /*ctx = scPlugin.processCancellation( ctx, pipeConfig.getWSDLModel(), pipeConfig.getBinding(), this, jaxbContext, ctx.getEndpointAddress());*/ try { RequestSecurityToken rst = scPlugin.createCancelRequest(ctx); Packet cancelPacket = scPlugin.createCancelPacket( rst,pipeConfig.getWSDLModel(), pipeConfig.getBinding(), jaxbContext, ctx.getEndpointAddress()); //only for issue we pass flag true Packet secCancelPacket = this.secureRequest(cancelPacket, null,false); Packet response = nextPipe.process(secCancelPacket); Packet cancelResponse = this.validateResponse(response, null,null); RequestSecurityTokenResponse rstr = scPlugin.getRSTR(jaxbContext, cancelResponse); ctx = scPlugin.processRSTR(ctx,rst,rstr,ctx.getEndpointAddress()); issuedTokenContextMap.remove(id); } catch (XWSSecurityException ex) { log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0049_ERROR_CANCEL_SECURITY_CONTEXT_TOKEN(), ex); throw new WebServiceException( LogStringsMessages.WSITPVD_0049_ERROR_CANCEL_SECURITY_CONTEXT_TOKEN(), getSOAPFaultException(ex)); } } }
public void cleanSubject(javax.security.auth.message.MessageInfo messageInfo, javax.security.auth.Subject subject)
cancelSecurityContextToken(); issuedTokenContextMap.clear();
private javax.security.auth.callback.CallbackHandler configureClientHandler(java.util.Set configAssertions, java.util.Properties props)
//Properties props = new Properties(); String ret = populateConfigProperties(configAssertions, props); try { if (ret != null) { Class handler = loadClass(ret); Object obj = handler.newInstance(); if (!(obj instanceof CallbackHandler)) { log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0031_INVALID_CALLBACK_HANDLER_CLASS(ret)); throw new RuntimeException( LogStringsMessages.WSITPVD_0031_INVALID_CALLBACK_HANDLER_CLASS(ret)); } return (CallbackHandler)obj; } return new DefaultCallbackHandler("client", props); } catch (Exception e) { log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0032_ERROR_CONFIGURE_CLIENT_HANDLER(), e); throw new RuntimeException( LogStringsMessages.WSITPVD_0032_ERROR_CONFIGURE_CLIENT_HANDLER(), e); }
protected java.lang.String getAction(com.sun.xml.ws.api.model.wsdl.WSDLOperation operation, boolean inComming)
if(!inComming){ return operation.getInput().getAction(); }else{ return operation.getOutput().getAction(); }
protected java.util.List getIssuedTokenPolicies(com.sun.xml.ws.api.message.Packet packet, java.lang.String scope)
if (outMessagePolicyMap == null) { return new ArrayList<PolicyAssertion>(); } WSDLBoundOperation operation = null; if(isTrustMessage(packet)){ operation = getWSDLOpFromAction(packet,false); }else{ operation =getOperation(packet.getMessage(), packet); } SecurityPolicyHolder sph =(SecurityPolicyHolder) outMessagePolicyMap.get(operation); if(sph == null){ return EMPTY_LIST; } return sph.getIssuedTokens();
private void invokeSCPlugin(com.sun.xml.ws.api.message.Packet packet)
// get the secure conversation policies pertaining to this operation List<PolicyAssertion> policies = getOutBoundSCP(packet.getMessage()); for (PolicyAssertion scAssertion : policies) { Token scToken = (Token)scAssertion; if (issuedTokenContextMap.get(scToken.getTokenId()) == null) { //create RST for Issue RequestSecurityToken rst = scPlugin.createIssueRequest((PolicyAssertion)scAssertion); Packet requestPacket = scPlugin.createIssuePacket((PolicyAssertion)scAssertion, rst, pipeConfig.getWSDLModel(), pipeConfig.getBinding(), jaxbContext, packet.endpointAddress.toString(), packet); try { Packet secureRequestPacket = secureRequest(requestPacket, null, true); Packet responsePacket = nextPipe.process(secureRequestPacket); Packet validatedResponsePacket = validateResponse(responsePacket, null, null); RequestSecurityTokenResponse rstr = scPlugin.getRSTR(jaxbContext, validatedResponsePacket); IssuedTokenContext ctx = new IssuedTokenContextImpl(); ctx = scPlugin.processRSTR(ctx,rst, rstr,packet.endpointAddress.toString()); issuedTokenContextMap.put(((Token)scAssertion).getTokenId(), ctx); } catch (XWSSecurityException e) { throw new RuntimeException(e); } } }
private void invokeTrustPlugin(com.sun.xml.ws.api.message.Packet packet, boolean isSCMessage)
List<PolicyAssertion> policies = null; if (isSCMessage) { Token scToken = (Token)packet.invocationProperties.get(SC_ASSERTION); policies = getIssuedTokenPoliciesFromBootstrapPolicy(scToken); } else { policies = getIssuedTokenPolicies(packet, OPERATION_SCOPE); } PolicyAssertion preSetSTSAssertion = null; URI stsEP = null; URI wsdlLocation = null; QName serviceName = null; QName portName = null; if(trustConfig != null){ Iterator it = trustConfig.iterator(); while(it!=null && it.hasNext()) { preSetSTSAssertion = (PolicyAssertion)it.next(); } //serviceName = (QName)packet.invocationProperties.get(WSTrustConstants.PROPERTY_SERVICE_NAME); //portName = (QName)packet.invocationProperties.get(WSTrustConstants.PROPERTY_PORT_NAME); } for (PolicyAssertion issuedTokenAssertion : policies) { IssuedTokenContext ctx = trustPlugin.process(issuedTokenAssertion, preSetSTSAssertion, packet.endpointAddress.toString()); issuedTokenContextMap.put( ((Token)issuedTokenAssertion).getTokenId(), ctx); }
protected javax.xml.soap.SOAPMessage secureOutboundMessage(javax.xml.soap.SOAPMessage message, com.sun.xml.wss.ProcessingContext ctx)
try { ctx.setSOAPMessage(message); SecurityAnnotator.secureMessage(ctx); return ctx.getSOAPMessage(); } catch (WssSoapFaultException soapFaultException) { log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0029_ERROR_SECURING_OUTBOUND_MSG(), soapFaultException); throw new WebServiceException( LogStringsMessages.WSITPVD_0029_ERROR_SECURING_OUTBOUND_MSG(), getSOAPFaultException(soapFaultException)); } catch (XWSSecurityException xwse) { WssSoapFaultException wsfe = SecurableSoapMessage.newSOAPFaultException( MessageConstants.WSSE_INTERNAL_SERVER_ERROR, xwse.getMessage(), xwse); log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0029_ERROR_SECURING_OUTBOUND_MSG(), wsfe); throw new WebServiceException( LogStringsMessages.WSITPVD_0029_ERROR_SECURING_OUTBOUND_MSG(), getSOAPFaultException(wsfe)); }
protected com.sun.xml.ws.api.message.Message secureOutboundMessage(com.sun.xml.ws.api.message.Message message, com.sun.xml.wss.ProcessingContext ctx)
try{ JAXBFilterProcessingContext context = (JAXBFilterProcessingContext)ctx; context.setSOAPVersion(soapVersion); context.setJAXWSMessage(message, soapVersion); context.isOneWayMessage(message.isOneWay(this.pipeConfig.getWSDLModel())); context.setDisableIncPrefix(disableIncPrefix); context.setEncHeaderContent(encHeaderContent); SecurityAnnotator.secureMessage(context); return context.getJAXWSMessage(); } catch(XWSSecurityException xwse){ WssSoapFaultException wsfe = SecurableSoapMessage.newSOAPFaultException( MessageConstants.WSSE_INTERNAL_SERVER_ERROR, xwse.getMessage(), xwse); log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0029_ERROR_SECURING_OUTBOUND_MSG(), wsfe); throw new WebServiceException( LogStringsMessages.WSITPVD_0029_ERROR_SECURING_OUTBOUND_MSG(), getSOAPFaultException(wsfe)); }
public javax.security.auth.message.AuthStatus secureRequest(javax.security.auth.message.MessageInfo messageInfo, javax.security.auth.Subject clientSubject)
try { Packet packet = getRequestPacket(messageInfo); // Add Action header to trust message boolean isTrustMsg = false; if ("true".equals(packet.invocationProperties.get(WSTrustConstants.IS_TRUST_MESSAGE))){ isTrustMsg = true; String action = (String)packet.invocationProperties.get(WSTrustConstants.REQUEST_SECURITY_TOKEN_ISSUE_ACTION); HeaderList headers = packet.getMessage().getHeaders(); headers.fillRequestAddressingHeaders(packet, addVer, soapVersion,false, action); } //set the isTrustProperty into MessageInfo messageInfo.getMap().put("IS_TRUST_MSG", Boolean.valueOf(isTrustMsg)); // keep the message //Message msg = packet.getMessage(); //invoke the SCPlugin here invokeSCPlugin(packet); //secure the outbound request here Packet ret = secureRequest(packet, clientSubject, false); //put the modified packet back setRequestPacket(messageInfo, ret); } catch (XWSSecurityException e) { log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0050_ERROR_SECURE_REQUEST(), e); throw new WebServiceException( LogStringsMessages.WSITPVD_0050_ERROR_SECURE_REQUEST(), getSOAPFaultException(e)); } return AuthStatus.SEND_SUCCESS;
public com.sun.xml.ws.api.message.Packet secureRequest(com.sun.xml.ws.api.message.Packet packet, javax.security.auth.Subject clientSubject, boolean isSCMessage)
// invoke the Trust Plugin if necessary Message msg = packet.getMessage(); invokeTrustPlugin(packet, isSCMessage); ProcessingContext ctx = initializeOutgoingProcessingContext(packet, isSCMessage); //TODO: replace this code with calls to the Module now try{ if(!optimized) { if(!isSCMessage){ cacheOperation(msg, packet); } SOAPMessage soapMessage = msg.readAsSOAPMessage(); soapMessage = secureOutboundMessage(soapMessage, ctx); msg = Messages.create(soapMessage); }else{ msg = secureOutboundMessage(msg, ctx); } } catch(SOAPException se){ log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0029_ERROR_SECURING_OUTBOUND_MSG(), se); throw new WebServiceException( LogStringsMessages.WSITPVD_0029_ERROR_SECURING_OUTBOUND_MSG(), se); } packet.setMessage(msg); return packet;
public javax.xml.bind.JAXBElement startSecureConversation(com.sun.xml.ws.api.message.Packet packet)
List toks =getOutBoundSCP(packet.getMessage()); if (toks.isEmpty()) { log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0030_NO_POLICY_FOUND_FOR_SC()); throw new WSSecureConversationException( LogStringsMessages.WSITPVD_0030_NO_POLICY_FOUND_FOR_SC()); } //Note: Assuming only one SC assertion Token tok = (Token)toks.get(0); IssuedTokenContext ctx = (IssuedTokenContext)issuedTokenContextMap.get(tok.getTokenId()); if (ctx == null) { //create RST for Issue RequestSecurityToken rst = scPlugin.createIssueRequest((PolicyAssertion)tok); Packet requestPacket = scPlugin.createIssuePacket((PolicyAssertion)tok, rst, pipeConfig.getWSDLModel(), pipeConfig.getBinding(), jaxbContext, packet.endpointAddress.toString(), packet); try { Packet secureRequestPacket = secureRequest(requestPacket, null, true); Packet responsePacket = nextPipe.process(secureRequestPacket); Packet validatedResponsePacket = validateResponse(responsePacket, null, null); RequestSecurityTokenResponse rstr = scPlugin.getRSTR(jaxbContext, validatedResponsePacket); ctx = new IssuedTokenContextImpl(); ctx = scPlugin.processRSTR(ctx,rst, rstr,packet.endpointAddress.toString()); issuedTokenContextMap.put(((Token)tok).getTokenId(), ctx); } catch (XWSSecurityException e) { log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0036_ERROR_PROC_REQ_PACKET(), e); throw new RuntimeException( LogStringsMessages.WSITPVD_0036_ERROR_PROC_REQ_PACKET(), e); } } SecurityTokenReference str = (SecurityTokenReference)ctx.getUnAttachedSecurityTokenReference(); return WSTrustElementFactory.newInstance().toJAXBElement(str);
public javax.security.auth.message.AuthStatus validateResponse(javax.security.auth.message.MessageInfo messageInfo, javax.security.auth.Subject clientSubject, javax.security.auth.Subject serviceSubject)
try { Packet ret = getResponsePacket(messageInfo); if (!optimized) { try{ SOAPMessage sm = ret.getMessage().readAsSOAPMessage(); Message newMsg = Messages.create(sm); ret.setMessage(newMsg); }catch(SOAPException ex){ log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0033_ERROR_VALIDATE_RESPONSE(), ex); throw new WebServiceException( LogStringsMessages.WSITPVD_0033_ERROR_VALIDATE_RESPONSE(), ex); } } ret = validateResponse(ret, clientSubject, serviceSubject); resetCachedOperation(ret); Boolean trustMsgProp = (Boolean)messageInfo.getMap().get("IS_TRUST_MSG"); boolean isTrustMsg = (trustMsgProp != null) ? trustMsgProp.booleanValue() : false; if (isTrustMsg){ //String action = getAction(ret); getAction(ret); } setResponsePacket(messageInfo, ret); } catch (XWSSecurityException ex) { log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0033_ERROR_VALIDATE_RESPONSE(), ex); throw new WebServiceException( LogStringsMessages.WSITPVD_0033_ERROR_VALIDATE_RESPONSE(), getSOAPFaultException(ex)); } return AuthStatus.SUCCESS;
public com.sun.xml.ws.api.message.Packet validateResponse(com.sun.xml.ws.api.message.Packet req, javax.security.auth.Subject clientSubject, javax.security.auth.Subject serviceSubject)
ProcessingContext ctx = initializeInboundProcessingContext(req); ctx.setExtraneousProperty(ctx.OPERATION_RESOLVER, new PolicyResolverImpl(inMessagePolicyMap,inProtocolPM,cachedOperation(req),pipeConfig,addVer,true)); Message msg = req.getMessage(); try{ if(!optimized) { SOAPMessage soapMessage = msg.readAsSOAPMessage(); soapMessage = verifyInboundMessage(soapMessage, ctx); if (msg.isFault()) { if (debug) { DumpFilter.process(ctx); } SOAPFault fault = soapMessage.getSOAPBody().getFault(); //log.log(Level.SEVERE, // LogStringsMessages.WSITPVD_0034_FAULTY_RESPONSE_MSG(fault)); throw new SOAPFaultException(fault); } msg = Messages.create(soapMessage); }else{ msg = verifyInboundMessage(msg, ctx); } } catch (XWSSecurityException xwse) { log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0035_ERROR_VERIFY_INBOUND_MSG(), xwse); throw new WebServiceException( LogStringsMessages.WSITPVD_0035_ERROR_VERIFY_INBOUND_MSG(), getSOAPFaultException(xwse)); }catch(SOAPException se){ log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0035_ERROR_VERIFY_INBOUND_MSG(), se); throw new WebServiceException( LogStringsMessages.WSITPVD_0035_ERROR_VERIFY_INBOUND_MSG(), se); } //set the verified message back into the packet req.setMessage(msg); return req;
protected com.sun.xml.ws.api.message.Message verifyInboundMessage(com.sun.xml.ws.api.message.Message message, com.sun.xml.wss.ProcessingContext ctx)
JAXBFilterProcessingContext context = (JAXBFilterProcessingContext)ctx; // context.setJAXWSMessage(message, soapVersion); if(debug){ try { ((LazyStreamBasedMessage)message).print(); } catch (XMLStreamException ex) { log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0003_PROBLEM_PRINTING_MSG(), ex); throw new XWSSecurityException(LogStringsMessages.WSITPVD_0003_PROBLEM_PRINTING_MSG(), ex); } } com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient recipient = new com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient(((LazyStreamBasedMessage)message).readMessage(),soapVersion); return recipient.validateMessage(context);
protected javax.xml.soap.SOAPMessage verifyInboundMessage(javax.xml.soap.SOAPMessage message, com.sun.xml.wss.ProcessingContext ctx)
try { ctx.setSOAPMessage(message); if (debug) { DumpFilter.process(ctx); } NewSecurityRecipient.validateMessage(ctx); return ctx.getSOAPMessage(); } catch (WssSoapFaultException soapFaultException) { log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0035_ERROR_VERIFY_INBOUND_MSG(), soapFaultException); throw new WebServiceException( LogStringsMessages.WSITPVD_0035_ERROR_VERIFY_INBOUND_MSG(), getSOAPFaultException(soapFaultException)); } catch (XWSSecurityException xwse) { WssSoapFaultException wsfe = SecurableSoapMessage.newSOAPFaultException( MessageConstants.WSSE_INTERNAL_SERVER_ERROR, xwse.getMessage(), xwse); log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0035_ERROR_VERIFY_INBOUND_MSG(), wsfe); throw new WebServiceException( LogStringsMessages.WSITPVD_0035_ERROR_VERIFY_INBOUND_MSG(), getSOAPFaultException(wsfe)); }