---------- Forwarded message ---------- From: Sanka Samaranayake <[EMAIL PROTECTED]> Date: Dec 7, 2005 2:27 AM Subject: Re: Some first trials with WS commons Policy implementation To: Werner Dittmann <[EMAIL PROTECTED]>
Hi Werner, Please see the attachment and hope that'll help. Please do feel free to ask any doubts you have and I am willing to help you as needed. Best, Sanka On 12/6/05, Werner Dittmann <[EMAIL PROTECTED]> wrote: > Sanka, > > while you have a look into the wsp:Optinal stuff, maybe you > can give some hints/ideas how to access and evaluate the various > assertions inside a policy once it was normalized? This would > speed up my learning curve considerable :-) . > > Regards, > Werner > > > Davanum Srinivas wrote: > > Nice!!!. Please feel free to cleanup/update policy code if needed. > > > > -- dims > > > > On 12/5/05, Dittmann, Werner <[EMAIL PROTECTED]> wrote: > > > >>All, > >> > >>as proposed by Sanka let's continue the discussion > >>and reports about WS-Commons/Policy on the WSS4J list. We'll > >>try to use Policy as starting point to enable WSS4J with > >>some WS-SecurityPolicy functions. > >> > >>Well, lets start. > >> > >>I did a small (in fact very small) example just to warm up > >>to Policy methods. See the attachement for the Java file. > >> > >>The attachement msg.txt shows the result and the problems > >>I have with the result. > >> > >>The input to the example was taken from the link to IBM's > >>interop site (see msg.txt), selected "policy2", cut/paste > >>it into a small file. This site also shows the expected > >>result if this Policy is normalized (merge and intersect > >>don't work yet?) > >> > >>Sanka, can you have a look into the result and the example > >>Java and give some advise? Did I miss something, e.g. scanning > >>the domain specific part (sec:) and using XOR / AND functions? > >> > >>Regards, > >>Werner > >> > >> > >>--------------------------------------------------------------------- > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > >> > > > > > > > > -- > > Davanum Srinivas : http://wso2.com/blogs/ > > > >
/* * Copyright 2004,2005 The Apache Software Foundation. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.apache.ws.policy.samples; import java.io.ByteArrayInputStream; import java.util.ArrayList; import java.util.Iterator; import java.util.List; import org.apache.ws.policy.model.AndCompositeAssertion; import org.apache.ws.policy.model.Policy; import org.apache.ws.policy.model.PrimitiveAssertion; import org.apache.ws.policy.model.XorCompositeAssertion; import org.apache.ws.policy.util.PolicyFactory; import org.apache.ws.policy.util.PolicyReader; /** * @author Sanka Samaranayake ([EMAIL PROTECTED]) */ public class WSSPolicyProcessor { private static String policy = "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\"; xmlns:wsrm=\"http://schemas.xmlsoap.org/ws/2005/02/rm/policy\""; + "xmlns:sec=\"http://schemas.xmlsoap.org/ws/2002/12/secext\";>" + "<wsp:ExactlyOne>" + "<wsp:All>" + "<sec:SecurityToken>" + "<sec:TokenType>sec:X509v3</sec:TokenType>" + "</sec:SecurityToken>" + "<sec:Integrity>" + "<sec:MessageParts Dialect=\"http://schemas.xmlsoap.org/ws/2002/12/wsse#soap\";>" + "wsp:Body()" + "</sec:MessageParts>" + "</sec:Integrity>" + "<sec:SecurityHeader MustPrepend=\"true\" MustManifestEncryption=\"true\"/>" + "<wsrm:RMAssertion>" + "<wsrm:InactivityTimeout Milliseconds=\"600000\"/>" + "<wsrm:AcknowledgementInterval Milliseconds=\"200\"/>" + "</wsrm:RMAssertion>" + "</wsp:All>" + "</wsp:ExactlyOne>" + "</wsp:Policy>"; public static void main(String[] args) throws Exception { WSSPolicyProcessor process = new WSSPolicyProcessor(); PolicyReader reader = PolicyFactory.getInstance().getPolicyReader(); Policy p = reader .readPolicy(new ByteArrayInputStream(policy.getBytes())); process.processPolicy((Policy) p.normalize()); } /* * This method takes a policy object which contains only *ONE* policy * alternative. WSS4J framework should configure it self in accordance with * WSSecurityPolicy policy assertions if there is any in that policy * alternative. If that alternative contains any WSSecurityPolicy policy * assertion which WSS4J cannot support, it should throw an exception and * notify .. * */ public void processPolicy(Policy policy) { if (!policy.isNormalized()) { throw new RuntimeException("Policy is not in normalized format"); } XorCompositeAssertion xor = (XorCompositeAssertion) policy.getTerms() .get(0); List listOfPolicyAlternatives = xor.getTerms(); if (listOfPolicyAlternatives.size() != 1) { throw new RuntimeException( "Policy contians either zero or more than one policy alterntives"); } AndCompositeAssertion aPolicyAlternative = (AndCompositeAssertion) listOfPolicyAlternatives .get(0); List listOfPrimitiveAssertions = aPolicyAlternative.getTerms(); ArrayList listOfWSSPrimitiveAssertions = new ArrayList(); Iterator iterator = listOfPrimitiveAssertions.iterator(); while (iterator.hasNext()) { PrimitiveAssertion primitiveAssertion = (PrimitiveAssertion) iterator .next(); /* * We need to pick only the primitive assertions which conatain a WSSecurityPolicy policy assertion. * For that we'll check the namespace of the primitive assertion */ if (primitiveAssertion.getName().getNamespaceURI().equals( "http://schemas.xmlsoap.org/ws/2002/12/secext";)) { listOfWSSPrimitiveAssertions.add(primitiveAssertion); } } loadConfigurations(listOfWSSPrimitiveAssertions); } /* * This method takes a list of primitive assertions which contains * WSSecurity policy assertions and configures WSS4j framework according to * those policy information. * * For the time being I just printed those WSSecurity policy assertion to * System.out But what you should really do is something like setting the * options of WSDoAllReceiver/Sender according to these policy assertions. * */ public void loadConfigurations(List assertions) { Iterator iterator = assertions.iterator(); while (iterator.hasNext()) { PrimitiveAssertion prim = (PrimitiveAssertion) iterator.next(); /* * May be I should be setting the configuration options in * WSDoAll*Handler according to this security assertion. */ System.out.println("WSSPolicyAssertion : " + prim.getName().getLocalPart()); } } }
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
