001: /*
002: * The contents of this file are subject to the terms
003: * of the Common Development and Distribution License
004: * (the "License"). You may not use this file except
005: * in compliance with the License.
006: *
007: * You can obtain a copy of the license at
008: * https://jwsdp.dev.java.net/CDDLv1.0.html
009: * See the License for the specific language governing
010: * permissions and limitations under the License.
011: *
012: * When distributing Covered Code, include this CDDL
013: * HEADER in each file and include the License file at
014: * https://jwsdp.dev.java.net/CDDLv1.0.html If applicable,
015: * add the following below this CDDL HEADER, with the
016: * fields enclosed by brackets "[]" replaced with your
017: * own identifying information: Portions Copyright [yyyy]
018: * [name of copyright owner]
019: */
020: /*
021: * $Id: ServerSecurityAuthModule.java,v 1.4 2007/01/08 16:06:42 shyam_rao Exp $
022: *
023: * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
024: * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
025: */
026:
027: package com.sun.xml.wss.provider;
028:
029: import java.util.Map;
030: import java.util.Set;
031: import java.util.Iterator;
032:
033: import javax.xml.soap.SOAPMessage;
034: import javax.xml.soap.SOAPException;
035: import javax.security.auth.Subject;
036: import javax.security.auth.Destroyable;
037: import javax.security.auth.DestroyFailedException;
038: import javax.security.auth.callback.CallbackHandler;
039:
040: import com.sun.enterprise.security.jauth.AuthParam;
041: import com.sun.enterprise.security.jauth.AuthPolicy;
042: import com.sun.enterprise.security.jauth.SOAPAuthParam;
043: import com.sun.enterprise.security.jauth.AuthException;
044: import com.sun.enterprise.security.jauth.ServerAuthModule;
045:
046: import com.sun.xml.wss.impl.SecurityAnnotator;
047: import com.sun.xml.wss.impl.SecurityRecipient;
048: import com.sun.xml.wss.impl.SecurableSoapMessage;
049: import com.sun.xml.wss.XWSSecurityException;
050: import com.sun.xml.wss.impl.ProcessingContextImpl;
051:
052: import com.sun.xml.wss.impl.policy.mls.MessagePolicy;
053: import com.sun.xml.wss.impl.config.DeclarativeSecurityConfiguration;
054:
055: import com.sun.xml.wss.impl.WssProviderSecurityEnvironment;
056:
057: import com.sun.xml.wss.impl.MessageConstants;
058:
059: public class ServerSecurityAuthModule extends WssProviderAuthModule
060: implements ServerAuthModule {
061:
062: public ServerSecurityAuthModule() {
063: }
064:
065: public void initialize(AuthPolicy requestPolicy,
066: AuthPolicy responsePolicy, CallbackHandler handler,
067: Map options) {
068: super .initialize(requestPolicy, responsePolicy, handler,
069: options, false);
070: }
071:
072: public void validateRequest(AuthParam param, Subject subject,
073: Map sharedState) throws AuthException {
074: try {
075:
076: ProcessingContextImpl context = new ProcessingContextImpl();
077:
078: _sEnvironment.setRequesterSubject(subject, context
079: .getExtraneousProperties());
080:
081: MessagePolicy receiverCnfg = ((DeclarativeSecurityConfiguration) _policy)
082: .receiverSettings();
083:
084: context.setSecurityPolicy(receiverCnfg);
085: context
086: .setSOAPMessage(((SOAPAuthParam) param)
087: .getRequest());
088: context.setSecurityEnvironment(_sEnvironment);
089:
090: SecurityRecipient.validateMessage(context);
091:
092: populateSharedStateFromContext(sharedState, context);
093:
094: context.getSecurableSoapMessage().deleteSecurityHeader();
095:
096: } catch (XWSSecurityException xwsse) {
097: xwsse.printStackTrace();
098: throw new AuthException(xwsse.getMessage());
099: }
100: }
101:
102: public void secureResponse(AuthParam param, Subject subject,
103: Map sharedState) throws AuthException {
104: try {
105:
106: ProcessingContextImpl context = new ProcessingContextImpl();
107: _sEnvironment.setSubject(subject, context
108: .getExtraneousProperties());
109:
110: populateContextFromSharedState(context, sharedState);
111:
112: MessagePolicy senderCnfg = ((DeclarativeSecurityConfiguration) _policy)
113: .senderSettings();
114:
115: SOAPMessage msg = ((SOAPAuthParam) param).getResponse();
116: context.setSecurityPolicy(senderCnfg);
117: context.setSOAPMessage(msg);
118: context.setSecurityEnvironment(_sEnvironment);
119:
120: if (optimize != MessageConstants.NOT_OPTIMIZED
121: && isOptimized(msg)) {
122: context.setConfigType(optimize);
123: } else {
124: try {
125: msg.getSOAPBody();
126: msg.getSOAPHeader();
127: context
128: .setConfigType(MessageConstants.NOT_OPTIMIZED);
129: } catch (SOAPException ex) {
130: throw new AuthException(ex.getMessage());
131: }
132: }
133:
134: SecurityAnnotator.secureMessage(context);
135:
136: } catch (XWSSecurityException xwsse) {
137: xwsse.printStackTrace();
138: throw new AuthException(xwsse.getMessage());
139: }
140: }
141:
142: public void disposeSubject(Subject subject, Map sharedState)
143: throws AuthException {
144: if (subject == null) {
145: // log
146: throw new AuthException("Subject is null in disposeSubject");
147: }
148:
149: if (!subject.isReadOnly()) {
150: // log
151: //subject = new Subject();
152: return;
153: }
154:
155: Set principals = subject.getPrincipals();
156: Set privateCredentials = subject.getPrivateCredentials();
157: Set publicCredentials = subject.getPublicCredentials();
158:
159: try {
160: principals.clear();
161: } catch (UnsupportedOperationException uoe) {
162: // log
163: }
164:
165: Iterator pi = privateCredentials.iterator();
166: while (pi.hasNext()) {
167: try {
168: Destroyable dstroyable = (Destroyable) pi.next();
169: dstroyable.destroy();
170: } catch (DestroyFailedException dfe) {
171: // log
172: } catch (ClassCastException cce) {
173: // log
174: }
175: }
176:
177: Iterator qi = publicCredentials.iterator();
178: while (qi.hasNext()) {
179: try {
180: Destroyable dstroyable = (Destroyable) qi.next();
181: dstroyable.destroy();
182: } catch (DestroyFailedException dfe) {
183: // log
184: } catch (ClassCastException cce) {
185: // log
186: }
187: }
188: }
189:
190: private void populateContextFromSharedState(
191: ProcessingContextImpl context, Map sharedState) {
192: context.setExtraneousProperty(MessageConstants.AUTH_SUBJECT,
193: sharedState.get(REQUESTER_SUBJECT));
194: context.setExtraneousProperty(MessageConstants.REQUESTER_KEYID,
195: sharedState.get(REQUESTER_KEYID));
196: context.setExtraneousProperty(
197: MessageConstants.REQUESTER_ISSUERNAME, sharedState
198: .get(REQUESTER_ISSUERNAME));
199: context.setExtraneousProperty(
200: MessageConstants.REQUESTER_SERIAL, sharedState
201: .get(REQUESTER_SERIAL));
202: }
203:
204: private void populateSharedStateFromContext(Map sharedState,
205: ProcessingContextImpl context) {
206: sharedState.put(REQUESTER_SUBJECT, context
207: .getExtraneousProperty(MessageConstants.AUTH_SUBJECT));
208: sharedState
209: .put(
210: REQUESTER_KEYID,
211: context
212: .getExtraneousProperty(MessageConstants.REQUESTER_KEYID));
213: sharedState
214: .put(
215: REQUESTER_ISSUERNAME,
216: context
217: .getExtraneousProperty(MessageConstants.REQUESTER_ISSUERNAME));
218: sharedState
219: .put(
220: REQUESTER_SERIAL,
221: context
222: .getExtraneousProperty(MessageConstants.REQUESTER_SERIAL));
223:
224: }
225: }
|