001: /*
002: * Copyright 2005 Sun Microsystems, Inc. All
003: * rights reserved. Use of this product is subject
004: * to license terms. Federal Acquisitions:
005: * Commercial Software -- Government Users
006: * Subject to Standard License Terms and
007: * Conditions.
008: *
009: * Sun, Sun Microsystems, the Sun logo, and Sun ONE
010: * are trademarks or registered trademarks of Sun Microsystems,
011: * Inc. in the United States and other countries.
012: */
013:
014: package com.sun.portal.wsrp.wssso.handler;
015:
016: import com.sun.portal.wsrp.wssso.common.*;
017: import java.util.HashMap;
018: import java.util.logging.Level;
019: import java.util.logging.Logger;
020:
021: import com.iplanet.sso.SSOException;
022: import com.iplanet.sso.SSOToken;
023: import com.iplanet.sso.SSOTokenManager;
024:
025: import javax.servlet.http.HttpServletRequest;
026:
027: import com.sun.portal.desktop.DesktopRequestThreadLocalizer;
028: import com.sun.portal.log.common.PortalLogger;
029:
030: import javax.security.auth.callback.Callback;
031: import javax.security.auth.callback.CallbackHandler;
032: import javax.security.auth.callback.UnsupportedCallbackException;
033:
034: import com.sun.xml.wss.impl.callback.DynamicPolicyCallback;
035: import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
036: import com.sun.xml.wss.impl.configuration.DynamicApplicationContext;
037: import com.sun.xml.wss.impl.policy.mls.DynamicSecurityPolicy;
038: import com.sun.xml.wss.impl.policy.mls.MessagePolicy;
039: import com.sun.xml.wss.impl.policy.mls.WSSPolicyGenerator;
040: import com.sun.xml.wss.impl.policy.PolicyGenerationException;
041:
042: import com.sun.portal.wsrp.common.OASISUsernameTokenProfile;
043: import com.sun.portal.wsrp.common.IdentityPropagationConstants;
044:
045: public class ClientHandler implements CallbackHandler,
046: IdentityPropagationConstants {
047:
048: private UnsupportedCallbackException unsupported = new UnsupportedCallbackException(
049: null, "Unsupported Callback Type Encountered");
050:
051: public static final String END_POINT_URL_KEY = "javax.xml.rpc.service.endpoint.address";
052:
053: private static Logger debugLogger = PortalLogger
054: .getLogger(ClientHandler.class);
055:
056: public void handle(Callback[] callbacks)
057: throws UnsupportedCallbackException {
058: for (int i = 0; i < callbacks.length; i++) {
059: if (callbacks[i] instanceof DynamicPolicyCallback) {
060: DynamicPolicyCallback dpc = (DynamicPolicyCallback) callbacks[i];
061: DynamicApplicationContext dac = (DynamicApplicationContext) dpc
062: .getDynamicContext();
063: boolean inbound = dac.inBoundMessage();
064: if (inbound) {
065: handleDefaultMessageCallback(dpc);
066: return;
067: }
068:
069: HashMap map = dac.getRuntimeProperties();
070: String markupURL = map.get(END_POINT_URL_KEY)
071: .toString();
072: UserConfiguration config = getSSOConfiguration(markupURL);
073: if (config == null) {
074: handleDefaultMessageCallback(dpc);
075: return;
076: }
077: handleOutBoundMessageCallback(dpc, config, markupURL);
078: }
079: }
080: }
081:
082: private void handleDefaultMessageCallback(DynamicPolicyCallback dpc) {
083: DynamicSecurityPolicy policy = (DynamicSecurityPolicy) dpc
084: .getSecurityPolicy();
085: WSSPolicyGenerator generator = (WSSPolicyGenerator) policy
086: .policyGenerator();
087: MessagePolicy mPolicy = new MessagePolicy();
088: mPolicy.dumpMessages(false);
089: dpc.setSecurityPolicy(mPolicy);
090: }
091:
092: private void handleOutBoundMessageCallback(
093: DynamicPolicyCallback dpc, UserConfiguration config,
094: String markupURL) {
095: DynamicSecurityPolicy dsp = (DynamicSecurityPolicy) dpc
096: .getSecurityPolicy();
097: WSSPolicyGenerator generator = (WSSPolicyGenerator) dsp
098: .policyGenerator();
099: AuthenticationTokenPolicy.UsernameTokenBinding utb = null;
100: try {
101:
102: String identityPropagationType = getIdentityPropagationType(
103: config, markupURL);
104:
105: if (identityPropagationType == null
106: || (!isOASISTokenProfileEnabled(identityPropagationType))) {
107: this .handleDefaultMessageCallback(dpc);
108: return;
109: }
110:
111: OASISUsernameTokenProfile profile = getUsernameTokenProfile(
112: config, markupURL);
113:
114: if (profile == null || profile.getUsername() == null) {
115: this .handleDefaultMessageCallback(dpc);
116: return;
117: }
118:
119: AuthenticationTokenPolicy atp = generator
120: .newAuthenticationTokenPolicy();
121: utb = (AuthenticationTokenPolicy.UsernameTokenBinding) atp
122: .newUsernameTokenFeatureBinding();
123:
124: if (isDigestEnabled(identityPropagationType)) {
125: utb.setDigestOn(true);
126: } else {
127: utb.setDigestOn(false);
128: }
129:
130: utb.setUsername(profile.getUsername());
131: if (isPasswordEnabled(identityPropagationType)) {
132: utb.setPassword(profile.getPassword());
133: } else {
134: utb.setPassword(null);
135: }
136:
137: atp.setFeatureBinding(utb);
138: MessagePolicy mPolicy = new MessagePolicy();
139: mPolicy.dumpMessages(false);
140: mPolicy.append(atp);
141: dpc.setSecurityPolicy(mPolicy);
142: } catch (PolicyGenerationException pge) {
143: debugLogger.log(Level.SEVERE, "", pge);
144: }
145: }
146:
147: private OASISUsernameTokenProfile getUsernameTokenProfile(
148: UserConfiguration config, String markupURL) {
149: OASISUsernameTokenProfile profile = null;
150: profile = config.getOASISTokenProfile(markupURL);
151: return profile;
152: }
153:
154: private UserConfiguration getSSOConfiguration(String markupURL) {
155: HttpServletRequest req = DesktopRequestThreadLocalizer
156: .getRequest();
157: SSOToken token = null;
158: try {
159: token = getUserSSOToken(req);
160: } catch (SSOException ex) {
161: // This case is the most likely case for Authless anon users.
162: debugLogger.log(Level.FINEST, "", ex);
163: return null;
164: }
165:
166: UserConfigurationManager mgr = UserConfigurationManager
167: .getInstance();
168: UserConfiguration config = null;
169: try {
170: config = mgr.getUserConfiguration(token);
171: } catch (SSOException ex) {
172: debugLogger.log(Level.SEVERE, "", ex);
173: }
174: return config;
175:
176: }
177:
178: private boolean isOASISTokenProfileEnabled(
179: String identityPropagationType) {
180: if ((!identityPropagationType.equals(NO_IDENTITY_PROPAGATION))
181: && (!identityPropagationType
182: .equals(SSOTOKEN_IDENTITY_PROPAGATION))) {
183: return true;
184: }
185: return false;
186: }
187:
188: private boolean isPasswordEnabled(String identityPropagationType) {
189: boolean passwordEnabled = false;
190: if (identityPropagationType
191: .equals(OASIS_WSS_USERNAME_PASSWORD_PLAINTEXT_PROPAGATION)
192: || identityPropagationType
193: .equals(OASIS_WSS_USERNAME_PASSWORD_DIGEST_PROPAGATION)) {
194: passwordEnabled = true;
195: }
196: return passwordEnabled;
197: }
198:
199: private boolean isDigestEnabled(String identityPropagationType) {
200: boolean digestEnabled = false;
201: if (identityPropagationType
202: .equals(OASIS_WSS_USERNAME_PASSWORD_DIGEST_PROPAGATION)) {
203: digestEnabled = true;
204: }
205: return digestEnabled;
206: }
207:
208: private String getIdentityPropagationType(UserConfiguration config,
209: String markupURL) {
210: return config.getIdentityPropagationType(markupURL);
211: }
212:
213: private SSOToken getUserSSOToken(HttpServletRequest req)
214: throws SSOException {
215: SSOTokenManager mgr = SSOTokenManager.getInstance();
216: SSOToken token = mgr.createSSOToken(req);
217: return token;
218: }
219: }
|