Author: nandana
Date: Tue Jan 29 20:01:52 2008
New Revision: 616608
URL: http://svn.apache.org/viewvc?rev=616608&view=rev
Log:
fixing the issue https://issues.apache.org/jira/browse/RAMPART-135
Added:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyValidatorCallbackHandler.java
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java?rev=616608&r1=616607&r2=616608&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
Tue Jan 29 20:01:52 2008
@@ -45,10 +45,12 @@
import java.util.Set;
import java.util.Vector;
-public class PolicyBasedResultsValidator {
+public class PolicyBasedResultsValidator implements
PolicyValidatorCallbackHandler {
private static Log log =
LogFactory.getLog(PolicyBasedResultsValidator.class);
+ /** [EMAIL PROTECTED]
+ */
public void validate(ValidatorData data, Vector results)
throws RampartException {
@@ -193,7 +195,7 @@
* @param encryptedParts
* @param signatureParts
*/
- private void validateEncrSig(ValidatorData data,Vector encryptedParts,
Vector signatureParts, Vector results)
+ protected void validateEncrSig(ValidatorData data,Vector encryptedParts,
Vector signatureParts, Vector results)
throws RampartException {
ArrayList actions = getSigEncrActions(results);
boolean sig = false;
@@ -252,7 +254,7 @@
* @param data
* @param results
*/
- private void validateSupportingTokens(ValidatorData data, Vector results)
+ protected void validateSupportingTokens(ValidatorData data, Vector
results)
throws RampartException {
//Check for UsernameToken
@@ -272,7 +274,7 @@
* @param suppTok
* @throws RampartException
*/
- private void handleSupportingTokens(Vector results, SupportingToken
suppTok) throws RampartException {
+ protected void handleSupportingTokens(Vector results, SupportingToken
suppTok) throws RampartException {
if(suppTok == null) {
return;
@@ -310,7 +312,7 @@
* @param data
* @param results
*/
- private void validateProtectionOrder(ValidatorData data, Vector results)
+ protected void validateProtectionOrder(ValidatorData data, Vector results)
throws RampartException {
String protectionOrder =
data.getRampartMessageData().getPolicyData().getProtectionOrder();
@@ -381,7 +383,7 @@
}
- private ArrayList getSigEncrActions(Vector results) {
+ protected ArrayList getSigEncrActions(Vector results) {
ArrayList sigEncrActions = new ArrayList();
for (Iterator iter = results.iterator(); iter.hasNext();) {
Integer actInt = (Integer) ((WSSecurityEngineResult) iter.next())
@@ -395,7 +397,7 @@
return sigEncrActions;
}
- private void validateEncryptedParts(ValidatorData data, Vector
encryptedParts, Vector results)
+ protected void validateEncryptedParts(ValidatorData data, Vector
encryptedParts, Vector results)
throws RampartException {
RampartMessageData rmd = data.getRampartMessageData();
@@ -430,7 +432,7 @@
}
- private void validateSignedPartsHeaders(ValidatorData data, Vector
signatureParts, Vector results)
+ protected void validateSignedPartsHeaders(ValidatorData data, Vector
signatureParts, Vector results)
throws RampartException {
RampartMessageData rmd = data.getRampartMessageData();
@@ -473,7 +475,7 @@
}
- private boolean isSignatureRequired(RampartMessageData rmd) {
+ protected boolean isSignatureRequired(RampartMessageData rmd) {
RampartPolicyData rpd = rmd.getPolicyData();
return (rpd.isSymmetricBinding() && rpd.getSignatureToken() != null) ||
(!rpd.isSymmetricBinding() && !rpd.isTransportBinding() &&
@@ -486,7 +488,7 @@
* Verify that ts->Created is before 'now'
* - testing that timestamp has not expired ('now' is before ts->Expires)
is handled earlier by WSS4J
*/
- private boolean verifyTimestamp(Timestamp timestamp, RampartMessageData
rmd) throws RampartException {
+ protected boolean verifyTimestamp(Timestamp timestamp, RampartMessageData
rmd) throws RampartException {
Calendar cre = timestamp.getCreated();
if (cre != null) {
@@ -660,7 +662,7 @@
}
- private ArrayList getEncryptedReferences(Vector results) {
+ protected ArrayList getEncryptedReferences(Vector results) {
//there can be multiple ref lists
ArrayList encrResults = getResults(results, WSConstants.ENCR);
@@ -687,7 +689,7 @@
- private ArrayList getResults(Vector results, int action) {
+ protected ArrayList getResults(Vector results, int action) {
ArrayList list = new ArrayList();
@@ -703,7 +705,7 @@
return list;
}
- private boolean isUsernameTokenPresent(ValidatorData data) {
+ protected boolean isUsernameTokenPresent(ValidatorData data) {
//TODO This can be integrated with supporting token processing
// which also checks whether Username Tokens present
@@ -735,7 +737,7 @@
}
- private boolean isUsernameTokenPresent(SupportingToken suppTok) {
+ protected boolean isUsernameTokenPresent(SupportingToken suppTok) {
if(suppTok == null) {
return false;
Added:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyValidatorCallbackHandler.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyValidatorCallbackHandler.java?rev=616608&view=auto
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyValidatorCallbackHandler.java
(added)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyValidatorCallbackHandler.java
Tue Jan 29 20:01:52 2008
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rampart;
+
+import java.util.Vector;
+
+/**
+ * Callback handler interface to allow different implementations of policy
based results validation.
+ * Default implementation is
<code>org.apache.rampart.PolicyBasedResultsValidator</code>.
+ * Custom implementations could be provided in rampart config as shown in
below example.
+ *
+ * Example:
+ * <PRE>
+ * <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ *
<ramp:policyValidatorCbClass>xx.yy.CustomPolicyValidator</ramp:policyValidatorCbClass>
+ * ...
+ * </ramp:RampartConfig>
+ * </PRE>
+ */
+
+public interface PolicyValidatorCallbackHandler {
+ /**
+ * Validate policy based results.
+ *
+ * @param data validator data
+ * @param results policy based ws-security results
+ * @throws RampartException Rampart exception
+ */
+ public abstract void validate(ValidatorData data, Vector results) throws
RampartException;
+
+}
\ No newline at end of file
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java?rev=616608&r1=616607&r2=616608&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
Tue Jan 29 20:01:52 2008
@@ -197,8 +197,9 @@
//Convert back to llom since the inflow cannot use DOOM
msgCtx.setEnvelope(env);
Axis2Util.useDOOM(false);
-
- PolicyBasedResultsValidator validator = new
PolicyBasedResultsValidator();
+
+ PolicyValidatorCallbackHandler validator =
RampartUtil.getPolicyValidatorCB(msgCtx, rpd);
+
validator.validate(data, results);
if(dotDebug){
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java?rev=616608&r1=616607&r2=616608&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
Tue Jan 29 20:01:52 2008
@@ -59,6 +59,11 @@
rampartConfig.setPwCbClass(childElement.getText().trim());
}
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.POLICY_VALIDATOR_CB_CLASS_LN));
+ if (childElement != null) {
+
rampartConfig.setPolicyValidatorCbClass(childElement.getText().trim());
+ }
// handle ssl config
childElement = element.getFirstChildWithName(new QName(
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java?rev=616608&r1=616607&r2=616608&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
Tue Jan 29 20:01:52 2008
@@ -34,6 +34,7 @@
* <ramp:user>alice</ramp:user>
* <ramp:encryptionUser>bob</ramp:encryptionUser>
*
<ramp:passwordCallbackClass>org.apache.axis2.security.PWCallback</ramp:passwordCallbackClass>
+ *
<ramp:policyValidatorCbClass>org.apache.axis2.security.ramp:PolicyValidatorCallbackHandler</ramp:policyValidatorCbClass>
* <ramp:timestampTTL>300</ramp:timestampTTL>
* <ramp:timestampMaxSkew>0</ramp:timestampMaxSkew>
*
<ramp:tokenStoreClass>org.apache.rahas.StorageImpl</ramp:tokenStoreClass>
@@ -76,6 +77,8 @@
public final static String ENCRYPTION_USER_LN = "encryptionUser";
public final static String PW_CB_CLASS_LN = "passwordCallbackClass";
+
+ public final static String POLICY_VALIDATOR_CB_CLASS_LN =
"policyValidatorCbClass";
public final static String SIG_CRYPTO_LN = "signatureCrypto";
@@ -100,6 +103,8 @@
private String encryptionUser;
private String pwCbClass;
+
+ private String policyValidatorCbClass;
private CryptoConfig sigCryptoConfig;
@@ -172,6 +177,14 @@
public void setPwCbClass(String pwCbClass) {
this.pwCbClass = pwCbClass;
}
+
+ public String getPolicyValidatorCbClass() {
+ return this.policyValidatorCbClass;
+ }
+
+ public void setPolicyValidatorCbClass(String policyValidatorCbClass) {
+ this.policyValidatorCbClass = policyValidatorCbClass;
+ }
public CryptoConfig getSigCryptoConfig() {
return sigCryptoConfig;
@@ -243,6 +256,12 @@
if (getPwCbClass() != null) {
writer.writeStartElement(NS, PW_CB_CLASS_LN);
writer.writeCharacters(getPwCbClass());
+ writer.writeEndElement();
+ }
+
+ if (getPolicyValidatorCbClass() != null) {
+ writer.writeStartElement(NS, POLICY_VALIDATOR_CB_CLASS_LN);
+ writer.writeCharacters(getPolicyValidatorCbClass());
writer.writeEndElement();
}
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java?rev=616608&r1=616607&r2=616608&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
Tue Jan 29 20:01:52 2008
@@ -36,6 +36,8 @@
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
import org.apache.rahas.client.STSClient;
+import org.apache.rampart.PolicyBasedResultsValidator;
+import org.apache.rampart.PolicyValidatorCallbackHandler;
import org.apache.rampart.RampartException;
import org.apache.rampart.RampartMessageData;
import org.apache.rampart.policy.RampartPolicyData;
@@ -145,6 +147,48 @@
return cbHandler;
}
+
+ /**
+ * Returns an instance of PolicyValidatorCallbackHandler to be used to
validate ws-security results.
+ *
+ * @param msgContext [EMAIL PROTECTED] MessageContext}
+ * @param rpd [EMAIL PROTECTED] RampartPolicyData}
+ * @return [EMAIL PROTECTED] PolicyValidatorCallbackHandler}
+ * @throws RampartException RampartException
+ */
+ public static PolicyValidatorCallbackHandler
getPolicyValidatorCB(MessageContext msgContext, RampartPolicyData rpd) throws
RampartException {
+
+ PolicyValidatorCallbackHandler cbHandler;
+
+ if (rpd.getRampartConfig() != null &&
rpd.getRampartConfig().getPolicyValidatorCbClass() != null) {
+
+ String cbHandlerClass =
rpd.getRampartConfig().getPolicyValidatorCbClass();
+ ClassLoader classLoader =
msgContext.getAxisService().getClassLoader();
+
+ log.debug("loading class : " + cbHandlerClass);
+
+ Class cbClass;
+ try {
+ cbClass = Loader.loadClass(classLoader, cbHandlerClass);
+ } catch (ClassNotFoundException e) {
+ throw new RampartException("cannotLoadPolicyValidatorCbClass",
+ new String[]{cbHandlerClass}, e);
+ }
+ try {
+ cbHandler = (PolicyValidatorCallbackHandler)
cbClass.newInstance();
+ } catch (java.lang.Exception e) {
+ throw new
RampartException("cannotCreatePolicyValidatorCallbackInstance",
+ new String[]{cbHandlerClass}, e);
+ }
+
+ } else { // Initialise default PolicyValidatorCallbackHandler...
+ cbHandler = new PolicyBasedResultsValidator();
+ }
+
+ return cbHandler;
+ }
+
+
/**
* Perform a callback to get a password.
