001: /*
002: * The contents of this file are subject to the terms
003: * of the Common Development and Distribution License
004: * (the "License"). You may not use this file except
005: * in compliance with the License.
006: *
007: * You can obtain a copy of the license at
008: * https://jwsdp.dev.java.net/CDDLv1.0.html
009: * See the License for the specific language governing
010: * permissions and limitations under the License.
011: *
012: * When distributing Covered Code, include this CDDL
013: * HEADER in each file and include the License file at
014: * https://jwsdp.dev.java.net/CDDLv1.0.html If applicable,
015: * add the following below this CDDL HEADER, with the
016: * fields enclosed by brackets "[]" replaced with your
017: * own identifying information: Portions Copyright [yyyy]
018: * [name of copyright owner]
019: */
020: /*
021: * $Id: ClientSecurityAuthModule.java,v 1.4 2007/01/08 16:06:42 shyam_rao Exp $
022: *
023: * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
024: * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
025: */
026:
027: package com.sun.xml.wss.provider;
028:
029: import java.util.Map;
030: import java.util.Set;
031: import java.util.Iterator;
032:
033: import javax.xml.soap.SOAPMessage;
034: import javax.xml.soap.SOAPException;
035: import javax.security.auth.Subject;
036: import javax.security.auth.Destroyable;
037: import javax.security.auth.DestroyFailedException;
038: import javax.security.auth.callback.CallbackHandler;
039:
040: import com.sun.enterprise.security.jauth.AuthParam;
041: import com.sun.enterprise.security.jauth.AuthPolicy;
042: import com.sun.enterprise.security.jauth.SOAPAuthParam;
043: import com.sun.enterprise.security.jauth.AuthException;
044: import com.sun.enterprise.security.jauth.ClientAuthModule;
045: import com.sun.xml.wss.impl.MessageConstants;
046:
047: import com.sun.xml.wss.impl.SecurityAnnotator;
048: import com.sun.xml.wss.impl.SecurityRecipient;
049: import com.sun.xml.wss.XWSSecurityException;
050: import com.sun.xml.wss.impl.ProcessingContextImpl;
051:
052: import com.sun.xml.wss.impl.policy.mls.MessagePolicy;
053: import com.sun.xml.wss.impl.config.DeclarativeSecurityConfiguration;
054:
055: import com.sun.xml.wss.impl.WssProviderSecurityEnvironment;
056:
057: public class ClientSecurityAuthModule extends WssProviderAuthModule
058: implements ClientAuthModule {
059:
060: public ClientSecurityAuthModule() {
061: }
062:
063: public void initialize(AuthPolicy requestPolicy,
064: AuthPolicy responsePolicy, CallbackHandler handler,
065: Map options) {
066: super .initialize(requestPolicy, responsePolicy, handler,
067: options, true);
068: }
069:
070: public void secureRequest(AuthParam param, Subject subject,
071: Map sharedState) throws AuthException {
072: try {
073:
074: ProcessingContextImpl context = new ProcessingContextImpl();
075:
076: _sEnvironment.setSubject(subject, context
077: .getExtraneousProperties());
078: if (sharedState != null) {
079: sharedState.put(SELF_SUBJECT, subject);
080: }
081:
082: MessagePolicy senderConfg = ((DeclarativeSecurityConfiguration) _policy)
083: .senderSettings();
084:
085: SOAPMessage msg = ((SOAPAuthParam) param).getRequest();
086: context.setSecurityPolicy(senderConfg);
087: context.setSOAPMessage(msg);
088: context.setSecurityEnvironment(_sEnvironment);
089:
090: if (optimize != MessageConstants.NOT_OPTIMIZED
091: && isOptimized(msg)) {
092: context.setConfigType(optimize);
093: } else {
094: try {
095: msg.getSOAPBody();
096: msg.getSOAPHeader();
097: context
098: .setConfigType(MessageConstants.NOT_OPTIMIZED);
099: } catch (SOAPException ex) {
100: throw new AuthException(ex.getMessage());
101: }
102: }
103: SecurityAnnotator.secureMessage(context);
104:
105: } catch (XWSSecurityException xwsse) {
106: //TODO: log here
107: xwsse.printStackTrace();
108: throw new AuthException(xwsse.getMessage());
109: }
110: }
111:
112: public void validateResponse(AuthParam param, Subject subject,
113: Map sharedState) throws AuthException {
114: try {
115:
116: ProcessingContextImpl context = new ProcessingContextImpl();
117:
118: // are the below two lines required ?.
119: if (sharedState != null) {
120: Subject selfSubject = (Subject) sharedState
121: .get(SELF_SUBJECT);
122: _sEnvironment.setSubject(selfSubject, context
123: .getExtraneousProperties());
124: }
125:
126: _sEnvironment.setRequesterSubject(subject, context
127: .getExtraneousProperties());
128:
129: MessagePolicy receiverConfg = ((DeclarativeSecurityConfiguration) _policy)
130: .receiverSettings();
131:
132: context.setSecurityPolicy(receiverConfg);
133: context.setSOAPMessage(((SOAPAuthParam) param)
134: .getResponse());
135: context.setSecurityEnvironment(_sEnvironment);
136:
137: SecurityRecipient.validateMessage(context);
138:
139: context.getSecurableSoapMessage().deleteSecurityHeader();
140: } catch (XWSSecurityException xwsse) {
141: xwsse.printStackTrace();
142: throw new AuthException(xwsse.getMessage());
143: }
144: }
145:
146: public void disposeSubject(Subject subject, Map sharedState)
147: throws AuthException {
148: if (subject == null) {
149: // log
150: throw new AuthException(
151: "Error disposing Subject: null value for Subject");
152: }
153:
154: if (!subject.isReadOnly()) {
155: // log
156: //subject = new Subject();
157: return;
158: }
159:
160: Set principals = subject.getPrincipals();
161: Set privateCredentials = subject.getPrivateCredentials();
162: Set publicCredentials = subject.getPublicCredentials();
163:
164: try {
165: principals.clear();
166: } catch (UnsupportedOperationException uoe) {
167: // log
168: }
169:
170: Iterator pi = privateCredentials.iterator();
171: while (pi.hasNext()) {
172: try {
173: Destroyable dstroyable = (Destroyable) pi.next();
174: dstroyable.destroy();
175: } catch (DestroyFailedException dfe) {
176: // log
177: } catch (ClassCastException cce) {
178: // log
179: }
180: }
181:
182: Iterator qi = publicCredentials.iterator();
183: while (qi.hasNext()) {
184: try {
185: Destroyable dstroyable = (Destroyable) qi.next();
186: dstroyable.destroy();
187: } catch (DestroyFailedException dfe) {
188: // log
189: } catch (ClassCastException cce) {
190: // log
191: }
192: }
193: }
194: }
|