001: /*
002: * The contents of this file are subject to the terms
003: * of the Common Development and Distribution License
004: * (the License). You may not use this file except in
005: * compliance with the License.
006: *
007: * You can obtain a copy of the license at
008: * https://glassfish.dev.java.net/public/CDDLv1.0.html.
009: * See the License for the specific language governing
010: * permissions and limitations under the License.
011: *
012: * When distributing Covered Code, include this CDDL
013: * Header Notice in each file and include the License file
014: * at https://glassfish.dev.java.net/public/CDDLv1.0.html.
015: * If applicable, add the following below the CDDL Header,
016: * with the fields enclosed by brackets [] replaced by
017: * you own identifying information:
018: * "Portions Copyrighted [year] [name of copyright owner]"
019: *
020: * Copyright 2006 Sun Microsystems Inc. All Rights Reserved
021: */
022:
023: package com.sun.xml.wss.jaxws.impl;
024:
025: import com.sun.xml.ws.api.message.Message;
026: import com.sun.xml.ws.api.message.Messages;
027: import com.sun.xml.ws.api.message.Packet;
028: import com.sun.xml.ws.api.server.WSEndpoint;
029: import com.sun.xml.ws.security.impl.policy.Constants;
030:
031: import com.sun.xml.ws.api.message.stream.InputStreamMessage;
032: import com.sun.xml.ws.api.message.stream.XMLStreamReaderMessage;
033: import com.sun.xml.ws.api.model.wsdl.WSDLBoundOperation;
034: import com.sun.xml.ws.api.model.wsdl.WSDLFault;
035: import com.sun.xml.ws.api.model.wsdl.WSDLOperation;
036: import com.sun.xml.ws.api.pipe.Pipe;
037: import com.sun.xml.ws.api.pipe.PipeCloner;
038: import com.sun.xml.ws.policy.Policy;
039: import com.sun.xml.ws.policy.PolicyAssertion;
040: import com.sun.xml.ws.policy.PolicyException;
041: import com.sun.xml.ws.assembler.ServerPipeConfiguration;
042: import com.sun.xml.ws.runtime.util.Session;
043: import com.sun.xml.ws.runtime.util.SessionManager;
044: import com.sun.xml.ws.security.impl.policyconv.SecurityPolicyHolder;
045: import com.sun.xml.ws.security.opt.impl.JAXBFilterProcessingContext;
046: import com.sun.xml.ws.security.policy.SecureConversationToken;
047: import com.sun.xml.ws.security.trust.WSTrustConstants;
048:
049: import com.sun.xml.wss.impl.MessageConstants;
050: import com.sun.xml.wss.impl.ProcessingContextImpl;
051: import com.sun.xml.wss.impl.policy.mls.MessagePolicy;
052: import com.sun.xml.wss.ProcessingContext;
053: import com.sun.xml.wss.XWSSecurityException;
054: import com.sun.xml.wss.impl.WssSoapFaultException;
055:
056: import com.sun.xml.ws.security.IssuedTokenContext;
057: import com.sun.xml.ws.security.SecurityContextToken;
058: import com.sun.xml.ws.security.impl.IssuedTokenContextImpl;
059: import com.sun.xml.ws.security.secconv.WSSecureConversationException;
060: import com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl;
061:
062: import java.util.List;
063:
064: import javax.xml.bind.JAXBElement;
065: import javax.xml.namespace.QName;
066: import javax.xml.soap.SOAPBody;
067: import javax.xml.soap.SOAPConstants;
068:
069: import javax.xml.soap.SOAPException;
070: import javax.xml.soap.SOAPMessage;
071: import javax.xml.ws.WebServiceException;
072:
073: import javax.security.auth.Subject;
074: import javax.security.auth.callback.CallbackHandler;
075:
076: import java.util.Properties;
077: import java.util.Iterator;
078: import java.util.Set;
079:
080: import java.net.URI;
081: import com.sun.xml.ws.security.policy.Token;
082:
083: import com.sun.xml.ws.security.secconv.WSSCContract;
084: import com.sun.xml.ws.security.secconv.WSSCConstants;
085: import com.sun.xml.ws.security.secconv.WSSCElementFactory;
086: import com.sun.xml.ws.security.secconv.WSSCFactory;
087: import com.sun.xml.ws.security.trust.elements.RequestSecurityToken;
088: import com.sun.xml.ws.security.trust.elements.RequestSecurityTokenResponse;
089: import com.sun.xml.wss.SubjectAccessor;
090: import com.sun.xml.wss.RealmAuthenticationAdapter;
091: import com.sun.xml.wss.impl.NewSecurityRecipient;
092:
093: import com.sun.xml.wss.impl.misc.DefaultCallbackHandler;
094: import org.w3c.dom.Node;
095: import org.w3c.dom.NodeList;
096:
097: import static com.sun.xml.wss.jaxws.impl.Constants.SC_ASSERTION;
098: import static com.sun.xml.wss.jaxws.impl.Constants.OPERATION_SCOPE;
099: import static com.sun.xml.wss.jaxws.impl.Constants.EMPTY_LIST;
100: import static com.sun.xml.wss.jaxws.impl.Constants.SUN_WSS_SECURITY_SERVER_POLICY_NS;
101: import static com.sun.xml.wss.jaxws.impl.Constants.SUN_WSS_SECURITY_CLIENT_POLICY_NS;
102: import java.security.AccessController;
103: import java.security.PrivilegedAction;
104:
105: import java.util.logging.Level;
106: import com.sun.xml.wss.jaxws.impl.logging.LogStringsMessages;
107:
108: /**
109: * @author K.Venugopal@sun.com
110: * @author Vbkumar.Jayanti@Sun.COM
111: */
112: public class SecurityServerPipe extends SecurityPipeBase {
113:
114: private SessionManager sessionManager = SessionManager
115: .getSessionManager();
116: //private WSDLBoundOperation cachedOperation = null;
117: private Set trustConfig = null;
118: private CallbackHandler handler = null;
119:
120: // Creates a new instance of SecurityServerPipe
121: public SecurityServerPipe(ServerPipeConfiguration config,
122: Pipe nextPipe) {
123: super (config, nextPipe);
124:
125: try {
126: Iterator it = inMessagePolicyMap.values().iterator();
127: SecurityPolicyHolder holder = (SecurityPolicyHolder) it
128: .next();
129: Set configAssertions = holder
130: .getConfigAssertions(SUN_WSS_SECURITY_SERVER_POLICY_NS);
131: trustConfig = holder
132: .getConfigAssertions(Constants.SUN_TRUST_SERVER_SECURITY_POLICY_NS);
133: Properties props = new Properties();
134: handler = configureServerHandler(configAssertions, props);
135: secEnv = new DefaultSecurityEnvironmentImpl(handler, props);
136: } catch (Exception e) {
137: log
138: .log(
139: Level.SEVERE,
140: LogStringsMessages
141: .WSSPIPE_0028_ERROR_CREATING_NEW_INSTANCE_SEC_SERVER_PIPE(),
142: e);
143: throw new RuntimeException(
144: LogStringsMessages
145: .WSSPIPE_0028_ERROR_CREATING_NEW_INSTANCE_SEC_SERVER_PIPE(),
146: e);
147: }
148: }
149:
150: // copy constructor
151: protected SecurityServerPipe(SecurityServerPipe that) {
152: super (that);
153: sessionManager = that.sessionManager;
154: trustConfig = that.trustConfig;
155: handler = that.handler;
156: }
157:
158: //Note: There is an Assumption that the STS is distinct from the WebService in case of
159: // WS-Trust and the STS and WebService are the same entity for SecureConversation
160: public Packet process(Packet packet) {
161:
162: if (!optimized) {
163: cacheMessage(packet);
164: }
165:
166: Message msg = packet.getMessage();
167:
168: boolean isSCIssueMessage = false;
169: boolean isSCCancelMessage = false;
170: boolean isTrustMessage = false;
171: String msgId = null;
172: String action = null;
173:
174: boolean thereWasAFault = false;
175:
176: //Do Security Processing for Incoming Message
177: //---------------INBOUND SECURITY VERIFICATION----------
178: ProcessingContext ctx = initializeInboundProcessingContext(packet/*, isSCIssueMessage, isTrustMessage*/);
179: ctx.setExtraneousProperty(ctx.OPERATION_RESOLVER,
180: new PolicyResolverImpl(inMessagePolicyMap,
181: inProtocolPM, cachedOperation, pipeConfig,
182: addVer, false));
183: try {
184: if (!optimized) {
185: SOAPMessage soapMessage = msg.readAsSOAPMessage();
186: soapMessage = verifyInboundMessage(soapMessage, ctx);
187: msg = Messages.create(soapMessage);
188: } else {
189: msg = verifyInboundMessage(msg, ctx);
190: }
191: } catch (WssSoapFaultException ex) {
192: thereWasAFault = true;
193: msg = Messages.create(ex, pipeConfig.getBinding()
194: .getSOAPVersion());
195: } catch (XWSSecurityException xwse) {
196: thereWasAFault = true;
197: msg = Messages.create(xwse, pipeConfig.getBinding()
198: .getSOAPVersion());
199:
200: } catch (WebServiceException xwse) {
201: thereWasAFault = true;
202: msg = Messages.create(xwse, pipeConfig.getBinding()
203: .getSOAPVersion());
204:
205: } catch (SOAPException se) {
206: // internal error
207: // Log here because this catch is an internal error not logger by the callee
208: log.log(Level.SEVERE, LogStringsMessages
209: .WSSPIPE_0025_ERROR_VERIFY_INBOUND_MSG(), se);
210: thereWasAFault = true;
211: msg = Messages.create(se, pipeConfig.getBinding()
212: .getSOAPVersion());
213: //throw new WebServiceException(LogStringsMessages.WSSPIPE_0025_ERROR_VERIFY_INBOUND_MSG(), se);
214: }
215:
216: Packet retPacket = null;
217: if (thereWasAFault) {
218: //retPacket = packet;
219: if (this .isAddressingEnabled()) {
220: if (optimized) {
221: packet
222: .setMessage(((JAXBFilterProcessingContext) ctx)
223: .getPVMessage());
224: }
225: retPacket = packet.createServerResponse(msg,
226: this .addVer, this .soapVersion, this .addVer
227: .getDefaultFaultAction());
228: } else {
229: packet.setMessage(msg);
230: retPacket = packet;
231: }
232: }
233:
234: packet.setMessage(msg);
235:
236: if (isAddressingEnabled()) {
237: action = getAction(packet);
238: if (WSSCConstants.REQUEST_SECURITY_CONTEXT_TOKEN_ACTION
239: .equals(action)) {
240: isSCIssueMessage = true;
241: } else if (WSSCConstants.CANCEL_SECURITY_CONTEXT_TOKEN_ACTION
242: .equals(action)) {
243: isSCCancelMessage = true;
244: } else if (WSTrustConstants.REQUEST_SECURITY_TOKEN_ISSUE_ACTION
245: .equals(action)) {
246: isTrustMessage = true;
247: packet.getMessage().getHeaders().getTo(addVer,
248: pipeConfig.getBinding().getSOAPVersion());
249:
250: if (trustConfig != null) {
251: packet.invocationProperties
252: .put(
253: Constants.SUN_TRUST_SERVER_SECURITY_POLICY_NS,
254: trustConfig.iterator());
255:
256: }
257:
258: //set the callbackhandler
259: packet.invocationProperties.put(
260: WSTrustConstants.SECURITY_ENVIRONMENT, secEnv);
261:
262: }
263:
264: if (isSCIssueMessage) {
265: List<PolicyAssertion> policies = getInBoundSCP(packet
266: .getMessage());
267: if (!policies.isEmpty()) {
268: packet.invocationProperties.put(SC_ASSERTION,
269: (PolicyAssertion) policies.get(0));
270: }
271: }
272: }
273:
274: if (!isSCIssueMessage) {
275: cachedOperation = msg.getOperation(pipeConfig
276: .getWSDLModel());
277: if (cachedOperation == null) {
278: if (addVer != null)
279: cachedOperation = getWSDLOpFromAction(packet, true);
280: }
281: }
282:
283: if (!thereWasAFault) {
284:
285: if (isSCIssueMessage || isSCCancelMessage) {
286: //-------put application message on hold and invoke SC contract--------
287:
288: retPacket = invokeSecureConversationContract(packet,
289: ctx, isSCIssueMessage, action);
290:
291: } else {
292: //--------INVOKE NEXT PIPE------------
293: // Put the addressing headers as unread
294: // packet.invocationProperties.put(JAXWSAConstants.SERVER_ADDRESSING_PROPERTIES_INBOUND, null);
295: updateSCBootstrapCredentials(packet, ctx);
296: if (nextPipe != null) {
297: retPacket = nextPipe.process(packet);
298:
299: // Add addrsssing headers to trust message
300: if (isTrustMessage) {
301: retPacket = addAddressingHeaders(
302: packet,
303: retPacket.getMessage(),
304: WSTrustConstants.REQUEST_SECURITY_TOKEN_RESPONSE_ISSUE_ACTION);
305: }
306: } else {
307: retPacket = packet;
308: }
309:
310: }
311: }
312:
313: if (retPacket.getMessage() == null) {
314: return retPacket;
315: }
316: /* TODO:this piece of code present since payload should be read once*/
317: if (!optimized) {
318: try {
319: SOAPMessage sm = retPacket.getMessage()
320: .readAsSOAPMessage();
321: Message newMsg = Messages.create(sm);
322: retPacket.setMessage(newMsg);
323: } catch (SOAPException ex) {
324: log.log(Level.SEVERE, LogStringsMessages
325: .WSSPIPE_0005_PROBLEM_PROC_SOAP_MESSAGE(), ex);
326: throw new WebServiceException(LogStringsMessages
327: .WSSPIPE_0005_PROBLEM_PROC_SOAP_MESSAGE(), ex);
328: }
329: }
330:
331: //---------------OUTBOUND SECURITY PROCESSING----------
332: ctx = initializeOutgoingProcessingContext(retPacket,
333: isSCIssueMessage, isTrustMessage /*, thereWasAFault*/);
334:
335: try {
336: msg = retPacket.getMessage();
337: if (ctx.getSecurityPolicy() != null
338: && ((MessagePolicy) ctx.getSecurityPolicy()).size() > 0) {
339: if (!optimized || msg.isFault()) {
340: SOAPMessage soapMessage = msg.readAsSOAPMessage();
341: soapMessage = secureOutboundMessage(soapMessage,
342: ctx);
343: msg = Messages.create(soapMessage);
344: } else {
345: msg = secureOutboundMessage(msg, ctx);
346: }
347: }
348: } catch (WssSoapFaultException ex) {
349: msg = Messages.create(getSOAPFault(ex));
350: } catch (SOAPException se) {
351: // internal error
352: log.log(Level.SEVERE, LogStringsMessages
353: .WSSPIPE_0024_ERROR_SECURING_OUTBOUND_MSG(), se);
354: throw new WebServiceException(LogStringsMessages
355: .WSSPIPE_0024_ERROR_SECURING_OUTBOUND_MSG(), se);
356: } finally {
357: if (isSCCancel(retPacket)) {
358: removeContext(packet);
359: }
360: }
361: resetCachedOperation();
362: retPacket.setMessage(msg);
363: return retPacket;
364:
365: }
366:
367: private void removeContext(final Packet packet) {
368: SecurityContextToken sct = (SecurityContextToken) packet.invocationProperties
369: .get(MessageConstants.INCOMING_SCT);
370: if (sct != null) {
371: String strId = sct.getIdentifier().toString();
372: if (strId != null) {
373: issuedTokenContextMap.remove(strId);
374: sessionManager.terminateSession(strId);
375: }
376: }
377: }
378:
379: public void preDestroy() {
380: if (nextPipe != null) {
381: nextPipe.preDestroy();
382: }
383: issuedTokenContextMap.clear();
384: }
385:
386: public Pipe copy(PipeCloner cloner) {
387: Pipe clonedNextPipe = null;
388: if (nextPipe != null) {
389: clonedNextPipe = cloner.copy(nextPipe);
390: }
391: Pipe copied = new SecurityServerPipe(this );
392: ((SecurityServerPipe) copied).setNextPipe(clonedNextPipe);
393: cloner.add(this , copied);
394: return copied;
395: }
396:
397: public Packet processMessage(XMLStreamReaderMessage msg) {
398: //TODO:Optimized security
399: throw new UnsupportedOperationException();
400: }
401:
402: public InputStreamMessage processInputStream(
403: XMLStreamReaderMessage msg) {
404: //TODO:Optimized security
405: throw new UnsupportedOperationException();
406: }
407:
408: public InputStreamMessage processInputStream(Message msg) {
409: //TODO:Optimized security
410: throw new UnsupportedOperationException();
411: }
412:
413: protected ProcessingContext initializeOutgoingProcessingContext(
414: Packet packet, boolean isSCMessage, boolean isTrustMessage /*, boolean thereWasAFault*/) {
415: ProcessingContext ctx = initializeOutgoingProcessingContext(
416: packet, isSCMessage/*, thereWasAFault*/);
417: return ctx;
418: }
419:
420: protected ProcessingContext initializeOutgoingProcessingContext(
421: Packet packet, boolean isSCMessage /*, boolean thereWasAFault*/) {
422:
423: ProcessingContextImpl ctx = null;
424: if (optimized) {
425: ctx = new JAXBFilterProcessingContext(
426: packet.invocationProperties);
427: ((JAXBFilterProcessingContext) ctx)
428: .setAddressingVersion(addVer);
429: ((JAXBFilterProcessingContext) ctx)
430: .setSOAPVersion(soapVersion);
431: ((JAXBFilterProcessingContext) ctx).setBSP(bsp10);
432: } else {
433: ctx = new ProcessingContextImpl(packet.invocationProperties);
434: }
435:
436: try {
437: MessagePolicy policy = null;
438: if (packet.getMessage().isFault()) {
439: policy = getOutgoingFaultPolicy(packet);
440: if (optimized) {
441: ctx = new ProcessingContextImpl(
442: packet.invocationProperties);
443: }
444: } else if (isRMMessage(packet)) {
445: SecurityPolicyHolder holder = outProtocolPM.get("RM");
446: policy = holder.getMessagePolicy();
447: } else if (isSCCancel(packet)) {
448: SecurityPolicyHolder holder = outProtocolPM.get("SC");
449: policy = holder.getMessagePolicy();
450: } else {
451: policy = getOutgoingXWSSecurityPolicy(packet,
452: isSCMessage);
453: }
454:
455: if (debug && policy != null) {
456: policy.dumpMessages(true);
457: }
458: //this might mislead if there is a bug in code above
459: //but we are doing this check for cases such as no-fault-security-policy
460: if (policy != null) {
461: ctx.setSecurityPolicy(policy);
462: }
463: // set the policy, issued-token-map, and extraneous properties
464: ctx.setIssuedTokenContextMap(issuedTokenContextMap);
465: ctx
466: .setAlgorithmSuite(getAlgoSuite(getBindingAlgorithmSuite(packet)));
467: ctx.setSecurityEnvironment(secEnv);
468: ctx.isInboundMessage(false);
469: } catch (XWSSecurityException e) {
470: log.log(Level.SEVERE, LogStringsMessages
471: .WSSPIPE_0006_PROBLEM_INIT_OUT_PROC_CONTEXT(), e);
472: throw new RuntimeException(LogStringsMessages
473: .WSSPIPE_0006_PROBLEM_INIT_OUT_PROC_CONTEXT(), e);
474: }
475: return ctx;
476: }
477:
478: protected MessagePolicy getOutgoingXWSSecurityPolicy(Packet packet,
479: boolean isSCMessage) {
480: if (isSCMessage) {
481: Token scToken = (Token) packet.invocationProperties
482: .get(SC_ASSERTION);
483: return getOutgoingXWSBootstrapPolicy(scToken);
484: }
485:
486: MessagePolicy mp = null;
487:
488: if (outMessagePolicyMap == null) {
489: //empty message policy
490: return new MessagePolicy();
491: }
492:
493: if (isTrustMessage(packet)) {
494: cachedOperation = getWSDLOpFromAction(packet, false);
495: }
496:
497: SecurityPolicyHolder sph = (SecurityPolicyHolder) outMessagePolicyMap
498: .get(cachedOperation);
499: if (sph == null) {
500: return new MessagePolicy();
501: }
502: mp = sph.getMessagePolicy();
503: return mp;
504: }
505:
506: protected MessagePolicy getOutgoingFaultPolicy(Packet packet) {
507:
508: if (cachedOperation != null) {
509: WSDLOperation operation = cachedOperation.getOperation();
510: try {
511: SOAPBody body = packet.getMessage().readAsSOAPMessage()
512: .getSOAPBody();
513: NodeList nodes = body.getElementsByTagName("detail");
514: if (nodes.getLength() == 0) {
515: nodes = body.getElementsByTagNameNS(
516: SOAPConstants.URI_NS_SOAP_1_2_ENVELOPE,
517: "Detail");
518: }
519: if (nodes.getLength() > 0) {
520: Node node = nodes.item(0);
521: Node faultNode = node.getFirstChild();
522: if (faultNode == null) {
523: return null;
524: }
525: String uri = faultNode.getNamespaceURI();
526: QName faultDetail = null;
527: if (uri != null && uri.length() > 0) {
528: faultDetail = new QName(faultNode
529: .getNamespaceURI(), faultNode
530: .getLocalName());
531: } else {
532: faultDetail = new QName(faultNode.getNodeName());
533: }
534: WSDLFault fault = operation.getFault(faultDetail);
535: SecurityPolicyHolder sph = outMessagePolicyMap
536: .get(cachedOperation);
537: SecurityPolicyHolder faultPolicyHolder = sph
538: .getFaultPolicy(fault);
539: MessagePolicy faultPolicy = (faultPolicyHolder == null) ? new MessagePolicy()
540: : faultPolicyHolder.getMessagePolicy();
541: return faultPolicy;
542:
543: }
544: } catch (SOAPException sx) {
545: //sx.printStackTrace();
546: //log error
547: }
548: }
549: return null;
550:
551: }
552:
553: protected SOAPMessage verifyInboundMessage(SOAPMessage message,
554: ProcessingContext ctx) throws WssSoapFaultException,
555: XWSSecurityException {
556: ctx.setSOAPMessage(message);
557: NewSecurityRecipient.validateMessage(ctx);
558: return ctx.getSOAPMessage();
559: }
560:
561: // The packet has the Message with RST/SCT inside it
562: // TODO: Need to inspect if it is really a Issue or a Cancel
563: @SuppressWarnings("unchecked")
564: private Packet invokeSecureConversationContract(Packet packet,
565: ProcessingContext ctx, boolean isSCTIssue, String action) {
566:
567: IssuedTokenContext ictx = new IssuedTokenContextImpl();
568:
569: Message msg = packet.getMessage();
570: Message retMsg = null;
571: String retAction = null;
572:
573: try {
574: // Set the requestor authenticated Subject in the IssuedTokenContext
575: Subject subject = SubjectAccessor.getRequesterSubject(ctx);
576:
577: ictx.setRequestorSubject(subject);
578:
579: WSSCElementFactory eleFac = WSSCElementFactory
580: .newInstance();
581: JAXBElement rstEle = msg.readPayloadAsJAXB(jaxbContext
582: .createUnmarshaller());
583: RequestSecurityToken rst = eleFac.createRSTFrom(rstEle);
584: URI requestType = rst.getRequestType();
585: RequestSecurityTokenResponse rstr = null;
586: WSSCContract scContract = WSSCFactory.newWSSCContract(null);
587: if (requestType.toString().equals(
588: WSTrustConstants.ISSUE_REQUEST)) {
589: List<PolicyAssertion> policies = getOutBoundSCP(packet
590: .getMessage());
591: rstr = scContract.issue(rst, ictx,
592: (SecureConversationToken) policies.get(0));
593: retAction = WSSCConstants.REQUEST_SECURITY_CONTEXT_TOKEN_RESPONSE_ACTION;
594: SecurityContextToken sct = (SecurityContextToken) ictx
595: .getSecurityToken();
596: String sctId = sct.getIdentifier().toString();
597:
598: Session session = sessionManager.getSession(sctId);
599: if (session == null) {
600: log.log(Level.SEVERE, LogStringsMessages
601: .WSSPIPE_0029_ERROR_SESSION_CREATION());
602: throw new WSSecureConversationException(
603: LogStringsMessages
604: .WSSPIPE_0029_ERROR_SESSION_CREATION());
605: }
606:
607: // Put it here for RM to pick up
608: packet.invocationProperties.put(Session.SESSION_ID_KEY,
609: sctId);
610:
611: packet.invocationProperties.put(Session.SESSION_KEY,
612: session.getUserData());
613:
614: ((ProcessingContextImpl) ctx)
615: .getIssuedTokenContextMap().put(sctId, ictx);
616:
617: } else if (requestType.toString().equals(
618: WSTrustConstants.CANCEL_REQUEST)) {
619: retAction = WSSCConstants.CANCEL_SECURITY_CONTEXT_TOKEN_RESPONSE_ACTION;
620: rstr = scContract.cancel(rst, ictx,
621: issuedTokenContextMap);
622: } else {
623: log
624: .log(
625: Level.SEVERE,
626: LogStringsMessages
627: .WSSPIPE_0030_UNSUPPORTED_OPERATION_EXCEPTION(requestType));
628: throw new UnsupportedOperationException(
629: LogStringsMessages
630: .WSSPIPE_0030_UNSUPPORTED_OPERATION_EXCEPTION(requestType));
631: }
632:
633: // construct the complete message here containing the RSTR and the
634: // correct Action headers if any and return the message.
635: retMsg = Messages.create(jaxbContext.createMarshaller(),
636: eleFac.toJAXBElement(rstr), soapVersion);
637: } catch (com.sun.xml.wss.XWSSecurityException ex) {
638: log.log(Level.SEVERE, LogStringsMessages
639: .WSSPIPE_0031_ERROR_INVOKE_SC_CONTRACT(), ex);
640: throw new RuntimeException(LogStringsMessages
641: .WSSPIPE_0031_ERROR_INVOKE_SC_CONTRACT(), ex);
642: } catch (javax.xml.bind.JAXBException ex) {
643: log.log(Level.SEVERE, LogStringsMessages
644: .WSSPIPE_0001_PROBLEM_MAR_UNMAR(), ex);
645: throw new RuntimeException(LogStringsMessages
646: .WSSPIPE_0001_PROBLEM_MAR_UNMAR(), ex);
647: } catch (WSSecureConversationException ex) {
648: log.log(Level.SEVERE, LogStringsMessages
649: .WSSPIPE_0031_ERROR_INVOKE_SC_CONTRACT(), ex);
650: throw new RuntimeException(LogStringsMessages
651: .WSSPIPE_0031_ERROR_INVOKE_SC_CONTRACT(), ex);
652: }
653:
654: Packet retPacket = addAddressingHeaders(packet, retMsg,
655: retAction);
656: if (isSCTIssue) {
657: List<PolicyAssertion> policies = getOutBoundSCP(packet
658: .getMessage());
659:
660: if (!policies.isEmpty()) {
661: retPacket.invocationProperties.put(SC_ASSERTION,
662: (PolicyAssertion) policies.get(0));
663: }
664: }
665:
666: return retPacket;
667: }
668:
669: public InputStreamMessage processInputStream(Packet packet) {
670: //TODO:Optimized security
671: throw new UnsupportedOperationException(
672: "Will be supported for optimized path");
673: }
674:
675: /** private Packet addAddressingHeaders(Packet packet, String relatesTo, String action){
676: * AddressingBuilder builder = AddressingBuilder.newInstance();
677: * AddressingProperties ap = builder.newAddressingProperties();
678: *
679: * try{
680: * // Action
681: * ap.setAction(builder.newURI(new URI(action)));
682: *
683: * // RelatesTo
684: * Relationship[] rs = new Relationship[]{builder.newRelationship(new URI(relatesTo))};
685: * ap.setRelatesTo(rs);
686: *
687: * // To
688: * ap.setTo(builder.newURI(new URI(builder.newAddressingConstants().getAnonymousURI())));
689: *
690: * } catch (URISyntaxException e) {
691: * throw new RuntimeException("Exception when adding Addressing Headers");
692: * }
693: *
694: * WsaRuntimeFactory fac = WsaRuntimeFactory.newInstance(ap.getNamespaceURI(), pipeConfig.getWSDLModel(), pipeConfig.getBinding());
695: * fac.writeHeaders(packet, ap);
696: * packet.invocationProperties
697: * .put(JAXWSAConstants.SERVER_ADDRESSING_PROPERTIES_OUTBOUND, ap);
698: *
699: * return packet;
700: * }*/
701:
702: protected SecurityPolicyHolder addOutgoingMP(
703: WSDLBoundOperation operation, Policy policy)
704: throws PolicyException {
705:
706: SecurityPolicyHolder sph = constructPolicyHolder(policy, true,
707: true);
708: inMessagePolicyMap.put(operation, sph);
709: return sph;
710: }
711:
712: protected SecurityPolicyHolder addIncomingMP(
713: WSDLBoundOperation operation, Policy policy)
714: throws PolicyException {
715:
716: SecurityPolicyHolder sph = constructPolicyHolder(policy, true,
717: false);
718: outMessagePolicyMap.put(operation, sph);
719: return sph;
720: }
721:
722: protected void addIncomingProtocolPolicy(Policy effectivePolicy,
723: String protocol) throws PolicyException {
724: outProtocolPM.put(protocol, constructPolicyHolder(
725: effectivePolicy, true, false, true));
726: }
727:
728: protected void addOutgoingProtocolPolicy(Policy effectivePolicy,
729: String protocol) throws PolicyException {
730: inProtocolPM.put(protocol, constructPolicyHolder(
731: effectivePolicy, true, true, true));
732: }
733:
734: protected void addIncomingFaultPolicy(Policy effectivePolicy,
735: SecurityPolicyHolder sph, WSDLFault fault)
736: throws PolicyException {
737: SecurityPolicyHolder faultPH = constructPolicyHolder(
738: effectivePolicy, true, false);
739: sph.addFaultPolicy(fault, faultPH);
740: }
741:
742: protected void addOutgoingFaultPolicy(Policy effectivePolicy,
743: SecurityPolicyHolder sph, WSDLFault fault)
744: throws PolicyException {
745: SecurityPolicyHolder faultPH = constructPolicyHolder(
746: effectivePolicy, true, true);
747: sph.addFaultPolicy(fault, faultPH);
748: }
749:
750: protected String getAction(WSDLOperation operation,
751: boolean inComming) {
752: if (inComming) {
753: return operation.getInput().getAction();
754: } else {
755: return operation.getOutput().getAction();
756: }
757: }
758:
759: private Packet addAddressingHeaders(Packet packet, Message retMsg,
760: String action) {
761: Packet retPacket = packet.createServerResponse(retMsg, addVer,
762: soapVersion, action);
763:
764: retPacket.proxy = packet.proxy;
765: retPacket.invocationProperties
766: .putAll(packet.invocationProperties);
767:
768: return retPacket;
769: }
770:
771: private CallbackHandler configureServerHandler(
772: Set configAssertions, Properties props) {
773: //Properties props = new Properties();
774: String ret = populateConfigProperties(configAssertions, props);
775: try {
776: if (ret != null) {
777: Class handler = loadClass(ret);
778: Object obj = handler.newInstance();
779: if (!(obj instanceof CallbackHandler)) {
780: log
781: .log(
782: Level.SEVERE,
783: LogStringsMessages
784: .WSSPIPE_0033_INVALID_CALLBACK_HANDLER_CLASS(ret));
785: throw new RuntimeException(
786: LogStringsMessages
787: .WSSPIPE_0033_INVALID_CALLBACK_HANDLER_CLASS(ret));
788: }
789: return (CallbackHandler) obj;
790: }
791: // ServletContext context =
792: // ((ServerPipeConfiguration)pipeConfig).getEndpoint().getContainer().getSPI(ServletContext.class);
793: RealmAuthenticationAdapter adapter = getRealmAuthenticationAdapter(((ServerPipeConfiguration) pipeConfig)
794: .getEndpoint());
795: return new DefaultCallbackHandler("server", props, adapter);
796: //return new DefaultCallbackHandler("server", props);
797: } catch (Exception e) {
798: log.log(Level.SEVERE, LogStringsMessages
799: .WSSPIPE_0032_ERROR_CONFIGURE_SERVER_HANDLER(), e);
800: throw new RuntimeException(LogStringsMessages
801: .WSSPIPE_0032_ERROR_CONFIGURE_SERVER_HANDLER(), e);
802: }
803: }
804:
805: @SuppressWarnings("unchecked")
806: private RealmAuthenticationAdapter getRealmAuthenticationAdapter(
807: WSEndpoint wSEndpoint) {
808: String className = "javax.servlet.ServletContext";
809: Class ret = null;
810: ClassLoader loader = Thread.currentThread()
811: .getContextClassLoader();
812: if (loader != null) {
813: try {
814: ret = loader.loadClass(className);
815: } catch (ClassNotFoundException e) {
816: return null;
817: }
818: }
819: if (ret == null) {
820: // if context classloader didnt work, try this
821: loader = this .getClass().getClassLoader();
822: try {
823: ret = loader.loadClass(className);
824: } catch (ClassNotFoundException e) {
825: return null;
826: }
827: }
828: if (ret != null) {
829: Object obj = wSEndpoint.getContainer().getSPI(ret);
830: if (obj != null) {
831: return RealmAuthenticationAdapter.newInstance(obj);
832: }
833: }
834: return null;
835: }
836:
837: //doing this here becuase doing inside keyselector of optimized security would
838: //mean doing it twice (if SCT was used for sign and encrypt) which can impact performance
839: @SuppressWarnings("unchecked")
840: private void updateSCBootstrapCredentials(Packet packet,
841: ProcessingContext ctx) {
842: SecurityContextToken sct = (SecurityContextToken) packet.invocationProperties
843: .get(MessageConstants.INCOMING_SCT);
844: if (sct != null) {
845: //Session session = this.sessionManager.getSession(sct.getIdentifier().toString());
846: //IssuedTokenContext ctx = session.getSecurityInfo().getIssuedTokenContext();
847: IssuedTokenContext itctx = (IssuedTokenContext) ((ProcessingContextImpl) ctx)
848: .getIssuedTokenContextMap().get(
849: sct.getIdentifier().toString());
850: if (itctx != null) {
851: Subject from = itctx.getRequestorSubject();
852: Subject to = DefaultSecurityEnvironmentImpl
853: .getSubject(packet.invocationProperties);
854: copySubject(from, to);
855: }
856: }
857: }
858:
859: @SuppressWarnings("unchecked")
860: private static void copySubject(final Subject from, final Subject to) {
861: if (from == null || to == null) {
862: return;
863: }
864: AccessController.doPrivileged(new PrivilegedAction() {
865: public Object run() {
866: to.getPrincipals().addAll(from.getPrincipals());
867: to.getPublicCredentials().addAll(
868: from.getPublicCredentials());
869: to.getPrivateCredentials().addAll(
870: from.getPrivateCredentials());
871: return null; // nothing to return
872: }
873: });
874: }
875: }
|