001: /*
002: * The contents of this file are subject to the terms
003: * of the Common Development and Distribution License
004: * (the License). You may not use this file except in
005: * compliance with the License.
006: *
007: * You can obtain a copy of the license at
008: * https://glassfish.dev.java.net/public/CDDLv1.0.html.
009: * See the License for the specific language governing
010: * permissions and limitations under the License.
011: *
012: * When distributing Covered Code, include this CDDL
013: * Header Notice in each file and include the License file
014: * at https://glassfish.dev.java.net/public/CDDLv1.0.html.
015: * If applicable, add the following below the CDDL Header,
016: * with the fields enclosed by brackets [] replaced by
017: * you own identifying information:
018: * "Portions Copyrighted [year] [name of copyright owner]"
019: *
020: * Copyright 2006 Sun Microsystems Inc. All Rights Reserved
021: */
022:
023: package com.sun.xml.ws.security.opt.impl.incoming;
024:
025: import com.sun.xml.stream.buffer.XMLStreamBuffer;
026: import com.sun.xml.stream.buffer.XMLStreamBufferException;
027: import com.sun.xml.stream.buffer.XMLStreamBufferMark;
028: import com.sun.xml.stream.buffer.stax.StreamReaderBufferCreator;
029: import com.sun.xml.ws.security.opt.api.NamespaceContextInfo;
030: import com.sun.xml.ws.security.opt.api.PolicyBuilder;
031: import com.sun.xml.ws.security.opt.api.SecurityElementWriter;
032: import com.sun.xml.ws.security.opt.api.SecurityHeaderElement;
033: import com.sun.xml.ws.security.opt.api.TokenValidator;
034: import com.sun.xml.ws.security.opt.api.tokens.UsernameToken;
035: import com.sun.xml.ws.security.opt.impl.incoming.processor.UsernameTokenProcessor;
036: import com.sun.xml.ws.security.opt.impl.util.XMLStreamReaderFactory;
037: import com.sun.xml.wss.ProcessingContext;
038: import com.sun.xml.wss.XWSSecurityException;
039: import com.sun.xml.wss.impl.FilterProcessingContext;
040: import com.sun.xml.wss.impl.MessageConstants;
041: import com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl;
042: import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
043: import com.sun.xml.wss.impl.policy.mls.WSSPolicy;
044: import java.io.OutputStream;
045: import java.util.HashMap;
046: import javax.xml.stream.XMLInputFactory;
047: import javax.xml.stream.XMLStreamException;
048: import javax.xml.stream.XMLStreamReader;
049: import javax.xml.stream.XMLStreamWriter;
050: import java.util.logging.Level;
051: import com.sun.xml.wss.logging.LogDomainConstants;
052: import java.util.logging.Logger;
053:
054: /**
055: *
056: * @author Ashutosh.Shahi@sun.com
057: */
058: public class UsernameTokenHeader implements UsernameToken,
059: SecurityHeaderElement, TokenValidator, PolicyBuilder,
060: NamespaceContextInfo, SecurityElementWriter {
061:
062: private static Logger log = Logger.getLogger(
063: LogDomainConstants.IMPL_FILTER_DOMAIN,
064: LogDomainConstants.IMPL_FILTER_DOMAIN_BUNDLE);
065:
066: private String localPart = null;
067: private String namespaceURI = null;
068: private String id = "";
069:
070: private XMLStreamBuffer mark = null;
071: private UsernameTokenProcessor filter = new UsernameTokenProcessor();
072:
073: private AuthenticationTokenPolicy.UsernameTokenBinding utPolicy = null;
074:
075: private HashMap<String, String> nsDecls;
076:
077: /** Creates a new instance of UsernameTokenHeader */
078: public UsernameTokenHeader(XMLStreamReader reader,
079: StreamReaderBufferCreator creator, HashMap nsDecls,
080: XMLInputFactory staxIF) throws XMLStreamException,
081: XMLStreamBufferException {
082: localPart = reader.getLocalName();
083: namespaceURI = reader.getNamespaceURI();
084: id = reader.getAttributeValue(MessageConstants.WSU_NS, "Id");
085:
086: mark = new XMLStreamBufferMark(nsDecls, creator);
087: XMLStreamReader utReader = XMLStreamReaderFactory
088: .createFilteredXMLStreamReader(reader, filter);
089: creator.createElementFragment(utReader, true);
090: this .nsDecls = nsDecls;
091:
092: utPolicy = new AuthenticationTokenPolicy.UsernameTokenBinding();
093: utPolicy.setUUID(id);
094:
095: utPolicy.setUsername(filter.getUsername());
096: utPolicy.setPassword(filter.getPassword());
097: if (MessageConstants.PASSWORD_DIGEST_NS.equals(filter
098: .getPasswordType())) {
099: utPolicy.setDigestOn(true);
100: }
101: if (filter.getNonce() != null) {
102: utPolicy.setUseNonce(true);
103: }
104: }
105:
106: public void validate(ProcessingContext context)
107: throws XWSSecurityException {
108: boolean authenticated = false;
109: if (filter.getPassword() == null
110: && filter.getCreated() != null
111: && !MessageConstants.PASSWORD_DIGEST_NS.equals(filter
112: .getPasswordType())) {
113: context.getSecurityEnvironment().validateTimestamp(
114: context.getExtraneousProperties(),
115: filter.getCreated(), null,
116: MessageConstants.MAX_CLOCK_SKEW,
117: MessageConstants.TIMESTAMP_FRESHNESS_LIMIT);
118: } else if (filter.getPassword() == null
119: && filter.getCreated() == null) {
120: if (MessageConstants.PASSWORD_DIGEST_NS.equals(filter
121: .getPasswordType())) {
122: throw new XWSSecurityException(
123: "Cannot validate Password Digest since Creation Time was not Specified");
124: }
125: } else if (MessageConstants.PASSWORD_DIGEST_NS.equals(filter
126: .getPasswordType())) {
127: authenticated = context.getSecurityEnvironment()
128: .authenticateUser(
129: context.getExtraneousProperties(),
130: filter.getUsername(),
131: filter.getPasswordDigest(),
132: filter.getNonce(), filter.getCreated());
133: if (!authenticated) {
134: log.log(Level.SEVERE,
135: "WSS1408.failed.sender.authentication");
136: throw new XWSSecurityException(
137: "Invalid Username Password Pair");
138: }
139: } else {
140: authenticated = context.getSecurityEnvironment()
141: .authenticateUser(
142: context.getExtraneousProperties(),
143: filter.getUsername(), filter.getPassword());
144: if (!authenticated) {
145: log.log(Level.SEVERE,
146: "WSS1408.failed.sender.authentication");
147: throw new XWSSecurityException(
148: "Invalid Username Password Pair");
149: }
150: }
151:
152: if (MessageConstants.debug) {
153: log.log(Level.FINEST, "Password Validated.....");
154: }
155:
156: context.getSecurityEnvironment().updateOtherPartySubject(
157: DefaultSecurityEnvironmentImpl
158: .getSubject((FilterProcessingContext) context),
159: filter.getUsername(), filter.getPassword());
160: }
161:
162: public WSSPolicy getPolicy() {
163: return utPolicy;
164: }
165:
166: public boolean refersToSecHdrWithId(String id) {
167: throw new UnsupportedOperationException();
168: }
169:
170: public String getId() {
171: return id;
172: }
173:
174: public void setId(String id) {
175: throw new UnsupportedOperationException();
176: }
177:
178: public String getNamespaceURI() {
179: return namespaceURI;
180: }
181:
182: public String getLocalPart() {
183: return localPart;
184: }
185:
186: public XMLStreamReader readHeader() throws XMLStreamException {
187: return mark.readAsXMLStreamReader();
188: }
189:
190: public void writeTo(OutputStream os) {
191: throw new UnsupportedOperationException();
192: }
193:
194: public void writeTo(XMLStreamWriter streamWriter)
195: throws XMLStreamException {
196: mark.writeToXMLStreamWriter(streamWriter);
197: }
198:
199: public String getUsernameValue() {
200: return filter.getUsername();
201: }
202:
203: public void setUsernameValue(String username) {
204: throw new UnsupportedOperationException();
205: }
206:
207: public String getPasswordValue() {
208: return filter.getPassword();
209: }
210:
211: public void setPasswordValue(String passwd) {
212: throw new UnsupportedOperationException();
213: }
214:
215: public HashMap<String, String> getInscopeNSContext() {
216: return nsDecls;
217: }
218:
219: public void writeTo(javax.xml.stream.XMLStreamWriter streamWriter,
220: HashMap props) throws javax.xml.stream.XMLStreamException {
221: throw new UnsupportedOperationException();
222: }
223:
224: }
|