Hi,
I made a few changes to the WS-Trust impl. :
Changed the WSTrustException a little to include the fault codes and
fault strings from the spec. and also reorganized the constants in
TrustConstants.
Can someone please apply the patch :-)
Thanks,
Ruchith
Index: RSTR_Parser.java
===================================================================
RCS file:
/home/cvspublic/ws-fx/wss4j/src/org/apache/ws/security/trust/RSTR_Parser.java,v
retrieving revision 1.1
diff -u -r1.1 RSTR_Parser.java
--- RSTR_Parser.java 16 Oct 2004 08:05:12 -0000 1.1
+++ RSTR_Parser.java 25 May 2005 11:10:44 -0000
@@ -26,7 +26,6 @@
import org.apache.ws.security.trust.message.token.ComputedKey;
import org.apache.ws.security.trust.message.token.Entropy;
import org.apache.ws.security.trust2.Lifetime;
-import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.utils.QName;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -125,7 +124,7 @@
if (val.getNodeType() == Node.TEXT_NODE) {
ckey.setComputedKeyValue(val.getNodeValue());
} else {
- throw new WSTrustException();
+ throw new WSTrustException("Parser Exception");
}
} else if (el.equals(BinarySecret.TOKEN)) {
this.binSecret = new BinarySecret(elem);
@@ -133,7 +132,7 @@
if (val.getNodeType() == Node.TEXT_NODE) {
binSecret.setBinarySecretValue(val.getNodeValue());
} else {
- throw new WSTrustException();
+ throw new WSTrustException("Parser Exception");
}
}else{
@@ -166,7 +165,7 @@
if (val.getNodeType() == Node.TEXT_NODE) {
binSecret.setBinarySecretValue(val.getNodeValue());
} else {
- throw new WSTrustException();
+ throw new WSTrustException("Parser Exception");
}
} else {
//TODO :: Do something :-0
Index: STSManager2.java
===================================================================
RCS file: STSManager2.java
diff -N STSManager2.java
--- STSManager2.java 12 Apr 2005 12:39:08 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,213 +0,0 @@
-/*
- * Copyright 2003-2004 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-package org.apache.ws.security.trust;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.trust.issue.STIssuer;
-import org.apache.ws.security.trust.message.Info.RequestInfo;
-import org.apache.ws.security.trust.renew.STRenewer;
-import org.apache.ws.security.trust.validate.STValidator;
-import org.w3c.dom.Document;
-
-import java.util.Hashtable;
-
-/**
- * @author Malinda Kaushalye
- * <p/>
- * <p/>
- * The main objective of <code>STSManager</code> is to work as a
- * decision making component in the server side.
- * It decides to whom this request must be handed over,
- * and to carry out the task it uses one <code>RequestResolver</code>
- * and one <code>RequestInfo</code> object. This analogous to the real
- * world the Manager, Clerk and the Report scenario,
- * where (STS)Manager orders clerk(<code>RequestResolver</code> )
- * to resolve a certain request and handover a
- * report (<code>RequestInfo</code> ) about the request.
- * Depending on the RequestInfo <code>STSManager</code>
- * decides the worker class. The worker class can be
- * an Issuer, Validator or a Renewer. Each STS must
- * define its Issuer, Validator and Renewer class names
- * in the server-config.wsdd file. <code>STSServerHandler</code> will
- * read it and give to the <code>STSManager</code> as a hash table.
- * <code>STSManager</code> will load the appropriate worker class and
give the
- * response and request documents for further processing.
- */
-public class STSManager2 {
- static Log log = LogFactory.getLog(STSManager2.class.getName());
- //Following worker classes are defined in the server-config.wsdd
- String issuerClassName = null;
- String renewerClassName = null;
- String validatorClassName = null;
- //To keep the class name of the worker (issuer, renewer or validater)
- String requestType = "";
- String tokenType = "";
- Hashtable hashOps;
-
- /**
- * @param hashOps set of parameters coming from STSServerHandler.
- */
- public STSManager2(Hashtable hashOps) {
- this.hashOps = hashOps;
- }
-
- /**
- * Handle the request and build the Response Envelope
- * <p/>
- * <p/>
- * <p/>
- * Handle the request and build the Response Envelope
- *
- * @param req request message envelop as a DOM Document
- * @param res response message envelop as a DOM Document
- * @return modified response message envelop as a DOM Document
- * Note :
- * (may not need to use since response message envelop is passed
as a reference)
- */
- public Document handleRequest(Document req, Document res, Hashtable
options)
- throws WSTrustException {
-
- RequestResolver requestResolver = new RequestResolver(req);
-
- try {
- log.debug("STS Manager resolving the request");
- RequestInfo requestInfo = requestResolver.resolve();
- this.requestType = requestInfo.getRequestType();
- //this.tokenType = requestInfo.getTokenType();//we may need to
have <wsp:Applies> to override the <wst:TokenType>
- log.debug("STS Manager resolving completed");
- } catch (WSSecurityException wsEx) {
-
- //wsEx.printStackTrace();
- throw new WSTrustException("STSManager: cannot resolve the
request: ",
- wsEx);
- }
- /********************************************************************
- * Issue
- */
- if (this.requestType.equals(TrustConstants.ISSUE_SECURITY_TOKEN)) {
- //issue
-
- //get the woker class name
-
- this.issuerClassName = (String)
hashOps.get(TrustConstants.ISSUER_CLASS);
- log.debug("Issuer class" + this.issuerClassName);
- //Create the instance of the issue/renew/validate class
- Class wClass = null;
- try {
- wClass = java.lang.Class.forName(issuerClassName);
- } catch (ClassNotFoundException e) {
- throw new WSTrustException("STSManager: cannot load security
token class: ",
- e);
- }
- STIssuer stissuer = null;
- try {
- //Create a new instance of the STIssuer
- stissuer = (STIssuer) wClass.newInstance();
-
- } catch (java.lang.Exception e) {
- throw new WSTrustException("STSManager: cannot create instance
of security token issuer: "
- + stissuer,
- e);
- }
-
- try {
- res = stissuer.issue(req, res);
-
- } catch (java.lang.Exception e) {
- System.out.println(e.getMessage());
- throw new WSTrustException("STSManager: could not issue a
token " + stissuer,
- e);
-
- }
-
-
/********************************************************************
- * Renew
- */
- } else if
(this.requestType.equals(TrustConstants.RENEW_SECURITY_TOKEN)) { //renew
- // get the woker class name
- this.renewerClassName = (String)
hashOps.get(TrustConstants.RENEWER_CLASS);
- log.debug("renewer class" + this.renewerClassName);
- //Create the instance of the issue/renew/validate class
- Class wClass = null;
- try {
- wClass = java.lang.Class.forName(renewerClassName);
- } catch (ClassNotFoundException e) {
- throw new WSTrustException("STSManager: cannot load security
token class: ",
- e);
- }
- STRenewer stRenewer = null;
- try {
- //Create a new instance of the STIssuer
- stRenewer = (STRenewer) wClass.newInstance();
-
- } catch (java.lang.Exception e) {
- throw new WSTrustException("STSManager: cannot create instance
of security token renewer: "
- + stRenewer,
- e);
- }
-
- try {
- res = stRenewer.renew(req, res);
-
- } catch (java.lang.Exception e) {
- throw new WSTrustException("STSManager: could not renew the
token " + stRenewer,
- e);
- }
-
/********************************************************************
- * validate
- */
- } else if (
-
this.requestType.equals(TrustConstants.VALIDATE_SECURITY_TOKEN)) { //validate
-// get the woker class name
- this.validatorClassName = (String)
hashOps.get(TrustConstants.VALIDATOR_CLASS);
- log.debug("validatorClassName " + this.validatorClassName);
- //Create the instance of the issue/renew/validate class
- Class wClass = null;
- try {
- wClass = java.lang.Class.forName(validatorClassName);
- } catch (ClassNotFoundException e) {
- throw new WSTrustException("STSManager: cannot load security
token class: ",
- e);
- }
- STValidator stValidator = null;
- try {
- //Create a new instance of the STIssuer
- stValidator = (STValidator) wClass.newInstance();
-
- } catch (java.lang.Exception e) {
- throw new WSTrustException("STSManager: cannot create instance
of security token validator: "
- + stValidator,
- e);
- }
- try {
-
- res = stValidator.validate(req, res);
-
- } catch (java.lang.Exception e) {
- throw new WSTrustException("STSManager: could not validate the
token " + stValidator,
- e);
- }
- } else {
- throw new WSTrustException("STSManager: Cannot Identify the
Request Type ");
-
- }
- return res;
- }
-
-}
Index: TrustConstants.java
===================================================================
RCS file:
/home/cvspublic/ws-fx/wss4j/src/org/apache/ws/security/trust/TrustConstants.java,v
retrieving revision 1.6
diff -u -r1.6 TrustConstants.java
--- TrustConstants.java 12 Apr 2005 12:39:08 -0000 1.6
+++ TrustConstants.java 25 May 2005 11:10:44 -0000
@@ -28,6 +28,13 @@
public class TrustConstants {
+ private static final String NS_YEAR_PREFIX =
"http://schemas.xmlsoap.org/ws/2005/02/";;
+ public static final String WST_NS = NS_YEAR_PREFIX + "trust";
+ public static final String WST_PREFIX = "wst:";
+
+ public static final String WSP_NS =
"http://schemas.xmlsoap.org/ws/2004/09/policy";;
+ public static final String WSP_PREFIX = "wsp";
+
//local names of the token used in WS-Trust
public static final String SECURITY_CONTEXT_TOKEN_RESPONSE_LN =
"SecurityContextTokenResponse";
public static final String REQUEST_SECURITY_TOKEN_RESPONSE_LN =
"RequestSecurityTokenResponse";//trust
@@ -54,49 +61,31 @@
public static final String SECURITY_CONTEXT_TOKEN_LN =
"SecurityContextToken";
// The request type is specified using following URIs as specified in the
WS-Trust specification
- public static final String ISSUE_SECURITY_TOKEN =
"http://schemas.xmlsoap.org/ws/2005/02/security/trust/Issue";//RequestTypeEnum._value1.toString();//"http://schemas.xmlsoap.org/ws/2005/02/security/trust/Issue";;
- public static final String RENEW_SECURITY_TOKEN =
"http://schemas.xmlsoap.org/ws/2005/02/security/trust/Renew";;
- public static final String VALIDATE_SECURITY_TOKEN =
"http://schemas.xmlsoap.org/ws/2005/02/security/trust/Validate";;
-
- public static final String ISSUE_SECURITY_TOKEN_RSTR =
"http://schemas.xmlsoap.org/ws/2005/02/security/trust/RSTR/Issue";;
- public static final String RENEW_SECURITY_TOKEN_RSTR =
"http://schemas.xmlsoap.org/ws/2005/02/security/trust/RSTR/Renew";;
- public static final String VALIDATE_SECURITY_TOKEN_RSTR =
"http://schemas.xmlsoap.org/ws/2005/02/security/trust/RSTR/Validate";;
-
- public static final String ISSUE_SECURITY_TOKEN_RST =
"http://schemas.xmlsoap.org/ws/2005/02/security/trust/RST/Issue";;
- public static final String RENEW_SECURITY_TOKEN_RST =
"http://schemas.xmlsoap.org/ws/2005/02/security/trust/RST/Renew";;
- public static final String VALIDATE_SECURITY_TOKEN_RST =
"http://schemas.xmlsoap.org/ws/2005/02/security/trust/RST/Validate";;
+ public static final String ISSUE_SECURITY_TOKEN = WST_NS +
"/Issue";//RequestTypeEnum._value1.toString();//"http://schemas.xmlsoap.org/ws/2005/02/security/trust/Issue";;
+ public static final String RENEW_SECURITY_TOKEN = WST_NS + "/Renew";
+ public static final String VALIDATE_SECURITY_TOKEN = WST_NS + "/Validate";
+
+ public static final String ISSUE_SECURITY_TOKEN_RSTR = WST_NS +
"/RSTR/Issue";
+ public static final String RENEW_SECURITY_TOKEN_RSTR = WST_NS +
"/RSTR/Renew";
+ public static final String VALIDATE_SECURITY_TOKEN_RSTR = WST_NS +
"/RSTR/Validate";
+
+ public static final String ISSUE_SECURITY_TOKEN_RST = WST_NS +
"/RST/Issue";
+ public static final String RENEW_SECURITY_TOKEN_RST = WST_NS +
"/RST/Renew";
+ public static final String VALIDATE_SECURITY_TOKEN_RST = WST_NS +
"/RST/Validate";
-// public static final URI ISSUE_SECURITY_TOKEN_URI = new
URI("http://schemas.xmlsoap.org/ws/2005/02/security/trust/Issue";);
-// public static final URI RENEW_SECURITY_TOKEN_URI = new
URI("http://schemas.xmlsoap.org/ws/2005/02/security/trust/Renew";);
-// public static final URI VALIDATE_SECURITY_TOKEN_URI = new
URI("http://schemas.xmlsoap.org/ws/2005/02/security/trust/Validate";);
- public static final String WST_NS =
"http://schemas.xmlsoap.org/ws/2005/02/trust";;
- public static final String WSP_NS =
"http://schemas.xmlsoap.org/ws/2004/09/policy";;
-
- public static final String WST_PREFIX = "wst";
- public static final String WSP_PREFIX = "wsp";
-
//For STS there should be an issuer class specified in the STS.properties
public static final String ISSUER_CLASS =
"org.apache.ws.axis.security.trust.service.SecurityTokenService.issuerClass";
- // For STS there should be a renewer class specified in the
STS.properties
+ //For STS there should be a renewer class specified in the STS.properties
public static final String RENEWER_CLASS =
"org.apache.ws.axis.security.trust.service.SecurityTokenService.renewerClass";
- // For STS there should be a validator class specified in the
STS.properties
+ //For STS there should be a validator class specified in the STS.properties
public static final String VALIDATOR_CLASS =
"org.apache.ws.axis.security.trust.service.SecurityTokenService.validatorClass";
//In the request, The token type can be specified in the client-config
public static final String TOKEN_TYPE = "TokenType";
//The request type , issue/renew or validate
public static final String REQUEST_TYPE = "RequestType";
-
-// ...commented.... no need of having these params.
-// architectural change in the STSClientHandler. Now we have more distributed
requesters....
-// //basedon params
-// public static final String BASED_ON="BasedOn";
-// //based on values
-// public static final String BASED_ON_X509="X509Certificate";
-// public static final String BASED_ON_USERNAME_TOKEN="UsernameToken";
-// public static final String BASED_ON_SAML="SAML";
-
+
//for BASED_ON_X509
public static final String BASE_CERT_FILE = "BaseCertFile";
public static final String USER = "user";//alias of the certificate
Index: WSTrustException.java
===================================================================
RCS file:
/home/cvspublic/ws-fx/wss4j/src/org/apache/ws/security/trust/WSTrustException.java,v
retrieving revision 1.3
diff -u -r1.3 WSTrustException.java
--- WSTrustException.java 9 Aug 2004 17:53:46 -0000 1.3
+++ WSTrustException.java 25 May 2005 11:10:45 -0000
@@ -26,10 +26,16 @@
* <p/>
* Exception class for WS-Trust implementation.
*/
-public class WSTrustException extends RemoteException {
- public static final int PASSWORD_DOESNOT_MATCH = 0;
+public class WSTrustException extends RemoteException {
+
+ public static final String INVALID_REQUEST = "InvalidRequest";
+
+
private static ResourceBundle resources;
+ private String faultCode;
+ private String faultString;
+
static {
try {
resources =
ResourceBundle.getBundle("org.apache.ws.security.trust.errors");
@@ -38,45 +44,22 @@
}
}
- /**
- *
- */
- public WSTrustException() {
- super();
-
- }
-
- /**
- * @param s
- */
- public WSTrustException(String s) {
- super(s);
-
- }
-
- /**
- * @param s
- * @param ex
- */
- public WSTrustException(String s, Throwable ex) {
- super(s, ex);
-
+ public WSTrustException(String faultCode, String msgId, Object[] args,
Throwable exception) {
+ super(getMessage(faultCode, null, null),exception);
+ this.faultCode = faultCode;
+ this.faultString = resources.getString(faultCode);
}
- /**
- * Constructor
- *
- * @param errorCode
- */
- public WSTrustException(int errorCode) {
- super(getMessage(errorCode, null, null));
-
+ public WSTrustException(String faultCode, String msgId, Object[] args) {
+ super(getMessage(faultCode, null, null));
+ this.faultCode = faultCode;
+ this.faultString = resources.getString(faultCode);
}
- private static String getMessage(int errorCode, String msgId, Object[]
args) {
+ private static String getMessage(String faultCode, String msgId, Object[]
args) {
String msg = null;
try {
- msg = resources.getString(String.valueOf(errorCode));
+ msg = resources.getString(faultCode);
if (msgId != null) {
return msg += (" (" +
MessageFormat.format(resources.getString(msgId), args) + ")");
}
@@ -86,4 +69,28 @@
return msg;
}
+ public WSTrustException(String message) {
+ super(message);
+ }
+
+ public WSTrustException(String message, Throwable ex) {
+ super(message,ex);
+ }
+
+
+ /**
+ * Return the fault code
+ * @return
+ */
+ public String getFaultCode() {
+ return TrustConstants.WST_PREFIX + faultCode;
+ }
+
+ /**
+ * Return the fault string
+ * @return
+ */
+ public String getFaultString() {
+ return faultString;
+ }
}
Index: message/token/BinarySecret.java
===================================================================
RCS file:
/home/cvspublic/ws-fx/wss4j/src/org/apache/ws/security/trust/message/token/BinarySecret.java,v
retrieving revision 1.1
diff -u -r1.1 BinarySecret.java
--- message/token/BinarySecret.java 16 Oct 2004 06:16:07 -0000 1.1
+++ message/token/BinarySecret.java 25 May 2005 11:10:45 -0000
@@ -58,7 +58,7 @@
QName el = new
QName(this.element.getNamespaceURI(),
this.element.getLocalName());
if (!el.equals(TOKEN)) {
- throw new WSTrustException();
+ throw new WSTrustException("The
given element is not of the type " + TOKEN.toString());
}
}
Index: message/token/ComputedKey.java
===================================================================
RCS file:
/home/cvspublic/ws-fx/wss4j/src/org/apache/ws/security/trust/message/token/ComputedKey.java,v
retrieving revision 1.2
diff -u -r1.2 ComputedKey.java
--- message/token/ComputedKey.java 12 Apr 2005 12:39:08 -0000 1.2
+++ message/token/ComputedKey.java 25 May 2005 11:10:45 -0000
@@ -44,7 +44,7 @@
QName el = new
QName(this.element.getNamespaceURI(),
this.element.getLocalName());
if (!el.equals(TOKEN)) {
- throw new
WSTrustException();
+ throw new
WSTrustException("The given element is not of the type " + TOKEN.toString());
}
}
Index: message/token/Entropy.java
===================================================================
RCS file:
/home/cvspublic/ws-fx/wss4j/src/org/apache/ws/security/trust/message/token/Entropy.java,v
retrieving revision 1.1
diff -u -r1.1 Entropy.java
--- message/token/Entropy.java 16 Oct 2004 06:16:07 -0000 1.1
+++ message/token/Entropy.java 25 May 2005 11:10:46 -0000
@@ -60,7 +60,7 @@
QName el = new
QName(this.element.getNamespaceURI(),
this.element.getLocalName());
if (!el.equals(TOKEN)) {
- throw new
WSTrustException();
+ throw new
WSTrustException("The given element is not of the type " + TOKEN.toString());
}
}
Index: errors.properties
===================================================================
RCS file: errors.properties
diff -N errors.properties
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ errors.properties 1 Jan 1970 00:00:00 -0000
@@ -0,0 +1,14 @@
+##Fault codes and fault strings according to the WS-Trust spec
+InvalidRequest = The request was invalid or malformed
+FailedAuthentication = Authentication failed
+RequestFailed = The specified request failed
+InvalidSecurityToken = Security token has been revoked
+AuthenticationBadElements = Insufficient Digest Elements
+BadRequest = The specified RequestSecurityToken is not understood
+ExpiredData = The request data is out of date
+InvaildTimeRange = The requested time range is invaild or unsupported
+InvaildScope = The request scope is invaild or unsupported
+RenewNeeded = A renewable security token has expired
+UnableToRenew = The requested renewal failed
+
+#Other additional fault information can be listed here
