Java Code Examples for org.apache.neethi.Policy#addPolicyComponent()
The following examples show how to use
org.apache.neethi.Policy#addPolicyComponent() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: EndpointPolicyImpl.java From cxf with Apache License 2.0 | 6 votes |
|
void checkExactlyOnes() {
// Policy has been normalized and merged by now but unfortunately
// ExactlyOnce have not been normalized properly by Neethi, for ex
// <Policy>
// <ExactlyOne><All><A></All></ExactlyOne>
// <ExactlyOne><All><B></All></ExactlyOne>
// </Policy>
// this is what we can see after the normalization happens but in fact this
// is still unnormalized expression, should be
// <Policy>
// <ExactlyOne><All><A></All><All><B></All></ExactlyOne>
// </Policy>
List<?> assertions = policy.getPolicyComponents();
if (assertions.size() <= 1) {
return;
}
Policy p = new Policy();
ExactlyOne alternatives = new ExactlyOne();
p.addPolicyComponent(alternatives);
for (Object a : assertions) {
alternatives.addPolicyComponents(((ExactlyOne)a).getPolicyComponents());
}
setPolicy(p);
}
Example 2
| Source File: TransportBinding.java From steady with Apache License 2.0 | 6 votes |
|
public Policy getPolicy() {
Policy p = new Policy();
ExactlyOne ea = new ExactlyOne();
p.addPolicyComponent(ea);
All all = new All();
if (transportToken != null) {
all.addPolicyComponent(transportToken);
}
if (isIncludeTimestamp()) {
all.addPolicyComponent(new PrimitiveAssertion(SP12Constants.INCLUDE_TIMESTAMP));
}
if (getLayout() != null) {
all.addPolicyComponent(getLayout());
}
ea.addPolicyComponent(all);
Policy pc = p.normalize(builder.getPolicyRegistry(), true);
if (pc != null) {
return pc;
} else {
return new Policy();
}
}
Example 3
| Source File: TransportBinding.java From steady with Apache License 2.0 | 6 votes |
|
public Policy getPolicy() {
Policy p = new Policy();
ExactlyOne ea = new ExactlyOne();
p.addPolicyComponent(ea);
All all = new All();
if (transportToken != null) {
all.addPolicyComponent(transportToken);
}
if (isIncludeTimestamp()) {
all.addPolicyComponent(new PrimitiveAssertion(SP12Constants.INCLUDE_TIMESTAMP));
}
if (getLayout() != null) {
all.addPolicyComponent(getLayout());
}
ea.addPolicyComponent(all);
Policy pc = p.normalize(builder.getPolicyRegistry(), true);
if (pc != null) {
return pc;
} else {
return new Policy();
}
}
Example 4
| Source File: TokenWrapper.java From steady with Apache License 2.0 | 6 votes |
|
public Policy getPolicy() {
if (token != null) {
Policy p = new Policy();
ExactlyOne ea = new ExactlyOne();
p.addPolicyComponent(ea);
All all = new All();
all.addPolicyComponent(token);
ea.addPolicyComponent(all);
Policy pc = p.normalize(builder.getPolicyRegistry(), true);
if (pc != null) {
return pc;
} else {
return new Policy();
}
}
return null;
}
Example 5
| Source File: SpnegoTokenInterceptorProvider.java From cxf with Apache License 2.0 | 5 votes |
|
static String setupClient(STSClient client, SoapMessage message, AssertionInfoMap aim) {
client.setTrust(NegotiationUtils.getTrust10(aim));
client.setTrust(NegotiationUtils.getTrust13(aim));
Policy p = new Policy();
ExactlyOne ea = new ExactlyOne();
p.addPolicyComponent(ea);
All all = new All();
all.addPolicyComponent(NegotiationUtils.getAddressingPolicy(aim, false));
ea.addPolicyComponent(all);
client.setPolicy(p);
client.setSoap11(message.getVersion() == Soap11.getInstance());
client.setSpnego(true);
WSSConfig config = WSSConfig.getNewInstance();
String context = config.getIdAllocator().createSecureId("_", null);
client.setContext(context);
String s = message.getContextualProperty(Message.ENDPOINT_ADDRESS).toString();
client.setLocation(s);
AlgorithmSuite suite = NegotiationUtils.getAlgorithmSuite(aim);
if (suite != null) {
client.setAlgorithmSuite(suite);
int x = suite.getAlgorithmSuiteType().getMaximumSymmetricKeyLength();
if (x < 256) {
client.setKeySize(x);
}
}
Map<String, Object> ctx = client.getRequestContext();
mapSecurityProps(message, ctx);
return s;
}
Example 6
| Source File: SupportingToken.java From steady with Apache License 2.0 | 5 votes |
|
public Policy getPolicy() {
Policy p = new Policy();
ExactlyOne ea = new ExactlyOne();
p.addPolicyComponent(ea);
All all = new All();
for (Token token : getTokens()) {
all.addPolicyComponent(token);
}
if (signedParts != null) {
all.addPolicyComponent(signedParts);
} else if (signedElements != null) {
all.addPolicyComponent(signedElements);
} else if (encryptedParts != null) {
all.addPolicyComponent(encryptedParts);
} else if (encryptedElements != null) {
all.addPolicyComponent(encryptedElements);
}
ea.addPolicyComponent(all);
Policy pc = p.normalize(builder.getPolicyRegistry(), true);
if (pc != null) {
return pc;
} else {
return new Policy();
}
}
Example 7
| Source File: SpnegoTokenInterceptorProvider.java From steady with Apache License 2.0 | 5 votes |
|
static String setupClient(STSClient client, SoapMessage message, AssertionInfoMap aim) {
client.setTrust(NegotiationUtils.getTrust10(aim));
client.setTrust(NegotiationUtils.getTrust13(aim));
Policy p = new Policy();
ExactlyOne ea = new ExactlyOne();
p.addPolicyComponent(ea);
All all = new All();
all.addPolicyComponent(NegotiationUtils.getAddressingPolicy(aim, false));
ea.addPolicyComponent(all);
client.setPolicy(p);
client.setSoap11(message.getVersion() == Soap11.getInstance());
client.setSpnego(true);
WSSConfig config = WSSConfig.getNewInstance();
String context = config.getIdAllocator().createSecureId("_", null);
client.setContext(context);
String s = message.getContextualProperty(Message.ENDPOINT_ADDRESS).toString();
client.setLocation(s);
AlgorithmSuite suite = NegotiationUtils.getAlgorithmSuite(aim);
if (suite != null) {
client.setAlgorithmSuite(suite);
int x = suite.getMaximumSymmetricKeyLength();
if (x < 256) {
client.setKeySize(x);
}
}
Map<String, Object> ctx = client.getRequestContext();
mapSecurityProps(message, ctx);
return s;
}
Example 8
| Source File: EndpointPolicyImplTest.java From cxf with Apache License 2.0 | 5 votes |
|
@Test
public void testUpdatePolicyWithEmptyExactlyOneAndAll() {
Policy emptyPolicy = new Policy();
PolicyOperator exactlyOne = new ExactlyOne();
exactlyOne.addPolicyComponent(new All());
exactlyOne.addPolicyComponent(new All());
emptyPolicy.addPolicyComponent(exactlyOne);
emptyPolicy.addPolicyComponent(new All());
emptyPolicy.addPolicyComponent(new All());
doTestUpdateWithEmptyPolicy(emptyPolicy);
}
Example 9
| Source File: SymmetricBinding.java From steady with Apache License 2.0 | 5 votes |
|
public Policy getPolicy() {
Policy p = new Policy();
ExactlyOne ea = new ExactlyOne();
p.addPolicyComponent(ea);
All all = new All();
if (this.getProtectionToken() != null) {
all.addPolicyComponent(this.getProtectionToken());
}
if (this.getSignatureToken() != null) {
all.addPolicyComponent(this.getSignatureToken());
}
if (this.getEncryptionToken() != null) {
all.addPolicyComponent(this.getEncryptionToken());
}
if (isIncludeTimestamp()) {
all.addPolicyComponent(new PrimitiveAssertion(SP12Constants.INCLUDE_TIMESTAMP));
}
if (getLayout() != null) {
all.addPolicyComponent(getLayout());
}
ea.addPolicyComponent(all);
Policy pc = p.normalize(builder.getPolicyRegistry(), true);
if (pc != null) {
return pc;
} else {
return new Policy();
}
}
Example 10
| Source File: EndpointPolicyImplTest.java From cxf with Apache License 2.0 | 5 votes |
|
@Test
public void testUpdatePolicyWithEmptyAll() {
Policy emptyPolicy = new Policy();
emptyPolicy.addPolicyComponent(new All());
emptyPolicy.addPolicyComponent(new All());
doTestUpdateWithEmptyPolicy(emptyPolicy);
}
Example 11
| Source File: AbstractSTSClient.java From steady with Apache License 2.0 | 4 votes |
|
/**
* Make an "Validate" invocation and return the response as a STSResponse Object
*/
protected STSResponse validate(SecurityToken tok, String tokentype)
throws Exception {
createClient();
if (tokentype == null) {
tokentype = tokenType;
}
if (tokentype == null) {
tokentype = namespace + "/RSTR/Status";
}
if (addressingNamespace == null) {
addressingNamespace = "http://www.w3.org/2005/08/addressing";
}
Policy validatePolicy = new Policy();
ExactlyOne one = new ExactlyOne();
validatePolicy.addPolicyComponent(one);
All all = new All();
one.addPolicyComponent(all);
all.addAssertion(getAddressingAssertion());
client.getRequestContext().clear();
client.getRequestContext().putAll(ctx);
client.getRequestContext().put(SecurityConstants.TOKEN, tok);
BindingOperationInfo boi = findOperation("/RST/Validate");
if (boi == null) {
boi = findOperation("/RST/Issue");
client.getRequestContext().put(PolicyConstants.POLICY_OVERRIDE, validatePolicy);
}
client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION,
namespace + "/RST/Validate");
W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
writer.writeStartElement("wst", "RequestSecurityToken", namespace);
writer.writeNamespace("wst", namespace);
writer.writeStartElement("wst", "RequestType", namespace);
writer.writeCharacters(namespace + "/Validate");
writer.writeEndElement();
writer.writeStartElement("wst", "TokenType", namespace);
writer.writeCharacters(tokentype);
writer.writeEndElement();
writer.writeStartElement("wst", "ValidateTarget", namespace);
Element el = tok.getToken();
StaxUtils.copy(el, writer);
writer.writeEndElement();
writer.writeEndElement();
Object o[] = client.invoke(boi, new DOMSource(writer.getDocument().getDocumentElement()));
return new STSResponse((DOMSource)o[0], null);
}
Example 12
| Source File: SpnegoContextTokenInInterceptor.java From steady with Apache License 2.0 | 4 votes |
|
public void handleMessage(SoapMessage message) throws Fault {
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
// extract Assertion information
if (aim != null) {
Collection<AssertionInfo> ais = aim.get(SP12Constants.SPNEGO_CONTEXT_TOKEN);
if (ais == null || ais.isEmpty()) {
return;
}
if (isRequestor(message)) {
//client side should be checked on the way out
for (AssertionInfo ai : ais) {
ai.setAsserted(true);
}
return;
}
String s = (String)message.get(SoapBindingConstants.SOAP_ACTION);
AddressingProperties inProps = (AddressingProperties)message
.getContextualProperty(JAXWSAConstants.SERVER_ADDRESSING_PROPERTIES_INBOUND);
if (inProps != null && s == null) {
//MS/WCF doesn't put a soap action out for this, must check the headers
s = inProps.getAction().getValue();
}
if (s != null
&& s.contains("/RST/Issue")
&& (s.startsWith(STSUtils.WST_NS_05_02)
|| s.startsWith(STSUtils.WST_NS_05_12))) {
Policy p = new Policy();
ExactlyOne ea = new ExactlyOne();
p.addPolicyComponent(ea);
All all = new All();
Assertion ass = NegotiationUtils.getAddressingPolicy(aim, false);
all.addPolicyComponent(ass);
ea.addPolicyComponent(all);
//setup endpoint and forward to it.
unmapSecurityProps(message);
String ns = STSUtils.WST_NS_05_12;
if (s.startsWith(STSUtils.WST_NS_05_02)) {
ns = STSUtils.WST_NS_05_02;
}
NegotiationUtils.recalcEffectivePolicy(message, ns, p, new SpnegoSTSInvoker(), false);
} else {
message.getInterceptorChain().add(SpnegoContextTokenFinderInterceptor.INSTANCE);
}
}
}
Example 13
| Source File: AbstractSTSClient.java From steady with Apache License 2.0 | 4 votes |
|
/**
* Make an "Validate" invocation and return the response as a STSResponse Object
*/
protected STSResponse validate(SecurityToken tok, String tokentype)
throws Exception {
createClient();
if (tokentype == null) {
tokentype = tokenType;
}
if (tokentype == null) {
tokentype = namespace + "/RSTR/Status";
}
if (addressingNamespace == null) {
addressingNamespace = "http://www.w3.org/2005/08/addressing";
}
Policy validatePolicy = new Policy();
ExactlyOne one = new ExactlyOne();
validatePolicy.addPolicyComponent(one);
All all = new All();
one.addPolicyComponent(all);
all.addAssertion(getAddressingAssertion());
client.getRequestContext().clear();
client.getRequestContext().putAll(ctx);
client.getRequestContext().put(SecurityConstants.TOKEN, tok);
BindingOperationInfo boi = findOperation("/RST/Validate");
if (boi == null) {
boi = findOperation("/RST/Issue");
client.getRequestContext().put(PolicyConstants.POLICY_OVERRIDE, validatePolicy);
}
client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION,
namespace + "/RST/Validate");
W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
writer.writeStartElement("wst", "RequestSecurityToken", namespace);
writer.writeNamespace("wst", namespace);
writer.writeStartElement("wst", "RequestType", namespace);
writer.writeCharacters(namespace + "/Validate");
writer.writeEndElement();
writer.writeStartElement("wst", "TokenType", namespace);
writer.writeCharacters(tokentype);
writer.writeEndElement();
writer.writeStartElement("wst", "ValidateTarget", namespace);
Element el = tok.getToken();
StaxUtils.copy(el, writer);
writer.writeEndElement();
writer.writeEndElement();
Object o[] = client.invoke(boi, new DOMSource(writer.getDocument().getDocumentElement()));
return new STSResponse((DOMSource)o[0], null);
}
Example 14
| Source File: AsymmetricBinding.java From steady with Apache License 2.0 | 4 votes |
|
public Policy getPolicy() {
Policy p = new Policy();
ExactlyOne ea = new ExactlyOne();
p.addPolicyComponent(ea);
All all = new All();
/*
asymmetricBinding.setAlgorithmSuite(algorithmSuite);
asymmetricBinding.setProtectionOrder(getProtectionOrder());
asymmetricBinding.setSignatureProtection(isSignatureProtection());
asymmetricBinding.setSignedEndorsingSupportingTokens(getSignedEndorsingSupportingTokens());
asymmetricBinding.setTokenProtection(isTokenProtection());
*/
if (getInitiatorToken() != null) {
all.addPolicyComponent(getInitiatorToken());
}
if (getInitiatorSignatureToken() != null) {
all.addPolicyComponent(getInitiatorSignatureToken());
}
if (getInitiatorEncryptionToken() != null) {
all.addPolicyComponent(getInitiatorEncryptionToken());
}
if (getRecipientToken() != null) {
all.addPolicyComponent(getRecipientToken());
}
if (getRecipientSignatureToken() != null) {
all.addPolicyComponent(getRecipientSignatureToken());
}
if (getRecipientEncryptionToken() != null) {
all.addPolicyComponent(getRecipientEncryptionToken());
}
/*
if (isEntireHeadersAndBodySignatures()) {
all.addPolicyComponent(new PrimitiveAssertion(SP12Constants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY));
}
*/
if (isIncludeTimestamp()) {
all.addPolicyComponent(new PrimitiveAssertion(SP12Constants.INCLUDE_TIMESTAMP));
}
if (getLayout() != null) {
all.addPolicyComponent(getLayout());
}
ea.addPolicyComponent(all);
Policy pc = p.normalize(builder.getPolicyRegistry(), true);
if (pc != null) {
return pc;
} else {
return new Policy();
}
}
Example 15
| Source File: AbstractSTSClient.java From steady with Apache License 2.0 | 4 votes |
|
/**
* Make an "Cancel" invocation and return the response as a STSResponse Object
*/
protected STSResponse cancel(SecurityToken token) throws Exception {
createClient();
if (addressingNamespace == null) {
addressingNamespace = "http://www.w3.org/2005/08/addressing";
}
client.getRequestContext().clear();
client.getRequestContext().putAll(ctx);
client.getRequestContext().put(SecurityConstants.TOKEN, token);
BindingOperationInfo boi = findOperation("/RST/Cancel");
boolean attachTokenDirectly = true;
if (boi == null) {
attachTokenDirectly = false;
boi = findOperation("/RST/Issue");
Policy cancelPolicy = new Policy();
ExactlyOne one = new ExactlyOne();
cancelPolicy.addPolicyComponent(one);
All all = new All();
one.addPolicyComponent(all);
all.addAssertion(getAddressingAssertion());
PolicyBuilder pbuilder = bus.getExtension(PolicyBuilder.class);
SymmetricBinding binding = new SymmetricBinding(pbuilder);
all.addAssertion(binding);
all.addAssertion(getAddressingAssertion());
ProtectionToken ptoken = new ProtectionToken(pbuilder);
binding.setProtectionToken(ptoken);
binding.setIncludeTimestamp(true);
binding.setEntireHeadersAndBodySignatures(true);
binding.setTokenProtection(false);
AlgorithmSuite suite = new AlgorithmSuite();
binding.setAlgorithmSuite(suite);
SecureConversationToken sct = new SecureConversationToken();
sct.setOptional(true);
ptoken.setToken(sct);
SignedEncryptedParts parts = new SignedEncryptedParts(true);
parts.setOptional(true);
parts.setBody(true);
parts.addHeader(new Header("To", addressingNamespace));
parts.addHeader(new Header("From", addressingNamespace));
parts.addHeader(new Header("FaultTo", addressingNamespace));
parts.addHeader(new Header("ReplyTo", addressingNamespace));
parts.addHeader(new Header("Action", addressingNamespace));
parts.addHeader(new Header("MessageID", addressingNamespace));
parts.addHeader(new Header("RelatesTo", addressingNamespace));
all.addPolicyComponent(parts);
client.getRequestContext().put(PolicyConstants.POLICY_OVERRIDE, cancelPolicy);
}
if (isSecureConv) {
client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION,
namespace + "/RST/SCT/Cancel");
} else {
client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION,
namespace + "/RST/Cancel");
}
W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
writer.writeStartElement("wst", "RequestSecurityToken", namespace);
writer.writeNamespace("wst", namespace);
writer.writeStartElement("wst", "RequestType", namespace);
writer.writeCharacters(namespace + "/Cancel");
writer.writeEndElement();
writer.writeStartElement("wst", "CancelTarget", namespace);
Element el = null;
if (attachTokenDirectly) {
el = token.getToken();
} else {
el = token.getUnattachedReference();
if (el == null) {
el = token.getAttachedReference();
}
}
StaxUtils.copy(el, writer);
writer.writeEndElement();
writer.writeEndElement();
Object[] obj = client.invoke(boi, new DOMSource(writer.getDocument().getDocumentElement()));
return new STSResponse((DOMSource)obj[0], null);
}
Example 16
| Source File: SpnegoContextTokenInInterceptor.java From steady with Apache License 2.0 | 4 votes |
|
public void handleMessage(SoapMessage message) throws Fault {
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
// extract Assertion information
if (aim != null) {
Collection<AssertionInfo> ais = aim.get(SP12Constants.SPNEGO_CONTEXT_TOKEN);
if (ais == null || ais.isEmpty()) {
return;
}
if (isRequestor(message)) {
//client side should be checked on the way out
for (AssertionInfo ai : ais) {
ai.setAsserted(true);
}
return;
}
String s = (String)message.get(SoapBindingConstants.SOAP_ACTION);
AddressingProperties inProps = (AddressingProperties)message
.getContextualProperty(JAXWSAConstants.SERVER_ADDRESSING_PROPERTIES_INBOUND);
if (inProps != null && s == null) {
//MS/WCF doesn't put a soap action out for this, must check the headers
s = inProps.getAction().getValue();
}
if (s != null
&& s.contains("/RST/Issue")
&& (s.startsWith(STSUtils.WST_NS_05_02)
|| s.startsWith(STSUtils.WST_NS_05_12))) {
Policy p = new Policy();
ExactlyOne ea = new ExactlyOne();
p.addPolicyComponent(ea);
All all = new All();
Assertion ass = NegotiationUtils.getAddressingPolicy(aim, false);
all.addPolicyComponent(ass);
ea.addPolicyComponent(all);
//setup endpoint and forward to it.
unmapSecurityProps(message);
String ns = STSUtils.WST_NS_05_12;
if (s.startsWith(STSUtils.WST_NS_05_02)) {
ns = STSUtils.WST_NS_05_02;
}
NegotiationUtils.recalcEffectivePolicy(message, ns, p, new SpnegoSTSInvoker(), false);
} else {
message.getInterceptorChain().add(SpnegoContextTokenFinderInterceptor.INSTANCE);
}
}
}
Example 17
| Source File: SecureConversationTokenInterceptorProvider.java From steady with Apache License 2.0 | 4 votes |
|
static String setupClient(STSClient client,
SoapMessage message,
AssertionInfoMap aim,
SecureConversationToken itok,
boolean endorse) {
client.setTrust(NegotiationUtils.getTrust10(aim));
client.setTrust(NegotiationUtils.getTrust13(aim));
Policy pol = itok.getBootstrapPolicy();
Policy p = new Policy();
ExactlyOne ea = new ExactlyOne();
p.addPolicyComponent(ea);
All all = new All();
all.addPolicyComponent(NegotiationUtils.getAddressingPolicy(aim, false));
ea.addPolicyComponent(all);
if (endorse) {
SupportingToken st = new SupportingToken(SupportTokenType.SUPPORTING_TOKEN_ENDORSING,
SP12Constants.INSTANCE,
message.getExchange()
.getBus().getExtension(PolicyBuilder.class));
st.addToken(itok);
all.addPolicyComponent(st);
}
pol = p.merge(pol);
client.setPolicy(pol);
client.setSoap11(message.getVersion() == Soap11.getInstance());
client.setSecureConv(true);
String s = message
.getContextualProperty(Message.ENDPOINT_ADDRESS).toString();
client.setLocation(s);
AlgorithmSuite suite = NegotiationUtils.getAlgorithmSuite(aim);
if (suite != null) {
client.setAlgorithmSuite(suite);
int x = suite.getMaximumSymmetricKeyLength();
if (x < 256) {
client.setKeySize(x);
}
}
Map<String, Object> ctx = client.getRequestContext();
mapSecurityProps(message, ctx);
return s;
}
Example 18
| Source File: SpnegoContextTokenInInterceptor.java From steady with Apache License 2.0 | 4 votes |
|
public void handleMessage(SoapMessage message) throws Fault {
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
// extract Assertion information
if (aim != null) {
Collection<AssertionInfo> ais = aim.get(SP12Constants.SPNEGO_CONTEXT_TOKEN);
if (ais == null || ais.isEmpty()) {
return;
}
if (isRequestor(message)) {
//client side should be checked on the way out
for (AssertionInfo ai : ais) {
ai.setAsserted(true);
}
return;
}
String s = (String)message.get(SoapBindingConstants.SOAP_ACTION);
AddressingProperties inProps = (AddressingProperties)message
.getContextualProperty(JAXWSAConstants.SERVER_ADDRESSING_PROPERTIES_INBOUND);
if (inProps != null && s == null) {
//MS/WCF doesn't put a soap action out for this, must check the headers
s = inProps.getAction().getValue();
}
if (s != null
&& s.contains("/RST/Issue")
&& (s.startsWith(STSUtils.WST_NS_05_02)
|| s.startsWith(STSUtils.WST_NS_05_12))) {
Policy p = new Policy();
ExactlyOne ea = new ExactlyOne();
p.addPolicyComponent(ea);
All all = new All();
Assertion ass = NegotiationUtils.getAddressingPolicy(aim, false);
all.addPolicyComponent(ass);
ea.addPolicyComponent(all);
//setup endpoint and forward to it.
unmapSecurityProps(message);
String ns = STSUtils.WST_NS_05_12;
if (s.startsWith(STSUtils.WST_NS_05_02)) {
ns = STSUtils.WST_NS_05_02;
}
NegotiationUtils.recalcEffectivePolicy(message, ns, p, new SpnegoSTSInvoker(), false);
} else {
message.getInterceptorChain().add(SpnegoContextTokenFinderInterceptor.INSTANCE);
}
}
}
Example 19
| Source File: AbstractSTSClient.java From steady with Apache License 2.0 | 4 votes |
|
/**
* Make an "Cancel" invocation and return the response as a STSResponse Object
*/
protected STSResponse cancel(SecurityToken token) throws Exception {
createClient();
if (addressingNamespace == null) {
addressingNamespace = "http://www.w3.org/2005/08/addressing";
}
client.getRequestContext().clear();
client.getRequestContext().putAll(ctx);
client.getRequestContext().put(SecurityConstants.TOKEN, token);
BindingOperationInfo boi = findOperation("/RST/Cancel");
boolean attachTokenDirectly = true;
if (boi == null) {
attachTokenDirectly = false;
boi = findOperation("/RST/Issue");
Policy cancelPolicy = new Policy();
ExactlyOne one = new ExactlyOne();
cancelPolicy.addPolicyComponent(one);
All all = new All();
one.addPolicyComponent(all);
all.addAssertion(getAddressingAssertion());
PolicyBuilder pbuilder = bus.getExtension(PolicyBuilder.class);
SymmetricBinding binding = new SymmetricBinding(pbuilder);
all.addAssertion(binding);
all.addAssertion(getAddressingAssertion());
ProtectionToken ptoken = new ProtectionToken(pbuilder);
binding.setProtectionToken(ptoken);
binding.setIncludeTimestamp(true);
binding.setEntireHeadersAndBodySignatures(true);
binding.setTokenProtection(false);
AlgorithmSuite suite = new AlgorithmSuite();
binding.setAlgorithmSuite(suite);
SecureConversationToken sct = new SecureConversationToken();
sct.setOptional(true);
ptoken.setToken(sct);
SignedEncryptedParts parts = new SignedEncryptedParts(true);
parts.setOptional(true);
parts.setBody(true);
parts.addHeader(new Header("To", addressingNamespace));
parts.addHeader(new Header("From", addressingNamespace));
parts.addHeader(new Header("FaultTo", addressingNamespace));
parts.addHeader(new Header("ReplyTo", addressingNamespace));
parts.addHeader(new Header("Action", addressingNamespace));
parts.addHeader(new Header("MessageID", addressingNamespace));
parts.addHeader(new Header("RelatesTo", addressingNamespace));
all.addPolicyComponent(parts);
client.getRequestContext().put(PolicyConstants.POLICY_OVERRIDE, cancelPolicy);
}
if (isSecureConv) {
client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION,
namespace + "/RST/SCT/Cancel");
} else {
client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION,
namespace + "/RST/Cancel");
}
W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
writer.writeStartElement("wst", "RequestSecurityToken", namespace);
writer.writeNamespace("wst", namespace);
writer.writeStartElement("wst", "RequestType", namespace);
writer.writeCharacters(namespace + "/Cancel");
writer.writeEndElement();
writer.writeStartElement("wst", "CancelTarget", namespace);
Element el = null;
if (attachTokenDirectly) {
el = token.getToken();
} else {
el = token.getUnattachedReference();
if (el == null) {
el = token.getAttachedReference();
}
}
StaxUtils.copy(el, writer);
writer.writeEndElement();
writer.writeEndElement();
Object[] obj = client.invoke(boi, new DOMSource(writer.getDocument().getDocumentElement()));
return new STSResponse((DOMSource)obj[0], null);
}
Example 20
| Source File: AbstractSTSClient.java From steady with Apache License 2.0 | 4 votes |
|
/**
* Make an "Cancel" invocation and return the response as a STSResponse Object
*/
protected STSResponse cancel(SecurityToken token) throws Exception {
createClient();
if (addressingNamespace == null) {
addressingNamespace = "http://www.w3.org/2005/08/addressing";
}
client.getRequestContext().clear();
client.getRequestContext().putAll(ctx);
client.getRequestContext().put(SecurityConstants.TOKEN, token);
BindingOperationInfo boi = findOperation("/RST/Cancel");
boolean attachTokenDirectly = true;
if (boi == null) {
attachTokenDirectly = false;
boi = findOperation("/RST/Issue");
Policy cancelPolicy = new Policy();
ExactlyOne one = new ExactlyOne();
cancelPolicy.addPolicyComponent(one);
All all = new All();
one.addPolicyComponent(all);
all.addAssertion(getAddressingAssertion());
PolicyBuilder pbuilder = bus.getExtension(PolicyBuilder.class);
SymmetricBinding binding = new SymmetricBinding(pbuilder);
all.addAssertion(binding);
all.addAssertion(getAddressingAssertion());
ProtectionToken ptoken = new ProtectionToken(pbuilder);
binding.setProtectionToken(ptoken);
binding.setIncludeTimestamp(true);
binding.setEntireHeadersAndBodySignatures(true);
binding.setTokenProtection(false);
AlgorithmSuite suite = new AlgorithmSuite();
binding.setAlgorithmSuite(suite);
SecureConversationToken sct = new SecureConversationToken();
sct.setOptional(true);
ptoken.setToken(sct);
SignedEncryptedParts parts = new SignedEncryptedParts(true);
parts.setOptional(true);
parts.setBody(true);
parts.addHeader(new Header("To", addressingNamespace));
parts.addHeader(new Header("From", addressingNamespace));
parts.addHeader(new Header("FaultTo", addressingNamespace));
parts.addHeader(new Header("ReplyTo", addressingNamespace));
parts.addHeader(new Header("Action", addressingNamespace));
parts.addHeader(new Header("MessageID", addressingNamespace));
parts.addHeader(new Header("RelatesTo", addressingNamespace));
all.addPolicyComponent(parts);
client.getRequestContext().put(PolicyConstants.POLICY_OVERRIDE, cancelPolicy);
}
if (isSecureConv) {
client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION,
namespace + "/RST/SCT/Cancel");
} else {
client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION,
namespace + "/RST/Cancel");
}
W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
writer.writeStartElement("wst", "RequestSecurityToken", namespace);
writer.writeNamespace("wst", namespace);
writer.writeStartElement("wst", "RequestType", namespace);
writer.writeCharacters(namespace + "/Cancel");
writer.writeEndElement();
writer.writeStartElement("wst", "CancelTarget", namespace);
Element el = null;
if (attachTokenDirectly) {
el = token.getToken();
} else {
el = token.getUnattachedReference();
if (el == null) {
el = token.getAttachedReference();
}
}
StaxUtils.copy(el, writer);
writer.writeEndElement();
writer.writeEndElement();
Object[] obj = client.invoke(boi, new DOMSource(writer.getDocument().getDocumentElement()));
return new STSResponse((DOMSource)obj[0], null);
}
