Example 1 with ExactlyOne
use of org.apache.neethi.ExactlyOne in project wso2-synapse by wso2.
the class ThrottlePolicyProcessor method processPolicy.
/**
* @param policy - policy for throttle
* @return Throttle - An object which holds Mata-Data about throttle
* @throws ThrottleException - throws for errors in policy processing - ex : invalid policy
* @deprecated process policy and returns throttle object
*/
public static Throttle processPolicy(Policy policy) throws ThrottleException {
if (policy == null) {
// no policy is available in the module description
return null;
}
Throttle th = new Throttle();
// configuration data
ThrottleConfiguration tc = null;
List al = policy.getPolicyComponents();
if (al == null || (al != null && al.isEmpty())) {
handleException("Empty the policy components" + " as ThrottleAssertion's children");
}
for (Iterator i = al.iterator(); i.hasNext(); ) {
Object tp = i.next();
if (tp instanceof All) {
// boolean isOtherConfiguration = false;
// // To track default cn for all ips
// To create a
CallerConfiguration cn = null;
// configurationbean object
boolean isIPRangeFound = false;
boolean isExactlyOneFound = false;
ExactlyOne cp = null;
List cL = ((All) tp).getAssertions();
if (cL != null) {
for (Iterator ci = cL.iterator(); ci.hasNext(); ) {
Object ca = ci.next();
if (ca instanceof XmlPrimtiveAssertion) {
XmlPrimtiveAssertion id = (XmlPrimtiveAssertion) ca;
OMElement el = id.getValue();
String t = el.getAttributeValue(ThrottleConstants.THROTTLE_TYPE_ATTRIBUTE_QNAME);
if (t == null) {
handleException("Type of Throtle " + "in the policy cannot be null");
}
if (t.equals("IP")) {
// create a ip based throttle context and configuration
tc = th.getThrottleConfiguration(ThrottleConstants.IP_BASED_THROTTLE_KEY);
if (tc == null) {
tc = ThrottleConfigurationFactory.createThrottleConfiguration(ThrottleConstants.IP_BASE);
th.addThrottleContext(ThrottleConstants.IP_BASED_THROTTLE_KEY, ThrottleContextFactory.createThrottleContext(ThrottleConstants.IP_BASE, tc));
th.addThrottleConfiguration(ThrottleConstants.IP_BASED_THROTTLE_KEY, tc);
}
// create a callercontext for ip based throttle
cn = CallerConfigurationFactory.createCallerConfiguration(ThrottleConstants.IP_BASE);
} else if (t.equals("DOMAIN")) {
// create a domain based throttle context and configuration
tc = th.getThrottleConfiguration(ThrottleConstants.DOMAIN_BASED_THROTTLE_KEY);
if (tc == null) {
tc = ThrottleConfigurationFactory.createThrottleConfiguration(ThrottleConstants.DOMAIN_BASE);
th.addThrottleContext(ThrottleConstants.DOMAIN_BASED_THROTTLE_KEY, ThrottleContextFactory.createThrottleContext(ThrottleConstants.DOMAIN_BASE, tc));
th.addThrottleConfiguration(ThrottleConstants.DOMAIN_BASED_THROTTLE_KEY, tc);
}
// create a callercontext for domain based throttl
cn = CallerConfigurationFactory.createCallerConfiguration(ThrottleConstants.DOMAIN_BASE);
} else {
handleException("Unsupported throttle type : " + t);
}
if (cn != null) {
// Name of the policy assertion
String n = el.getLocalName();
// Value of the policy assertion
String v = el.getText();
// then it is a invalid policy config
if (n == null || v == null) {
handleException("Either Value or" + " Name of the policy cannot be null");
} else if (n.equals(ThrottleConstants.ID_PARAMETER_NAME)) {
if (!v.equals("")) {
isIPRangeFound = true;
cn.setID(v);
} else {
handleException("Value of ID cannot find " + "- invalid configuration");
}
} else {
handleException("Undefined pocilcy property for" + " throttle - Expect ID ");
}
}
} else if (ca instanceof ExactlyOne) {
cp = (ExactlyOne) ca;
}
}
}
if (cn != null) {
if (cp != null) {
List cal = cp.getPolicyComponents();
boolean haveSelectOneFromExactlyOne = false;
for (Iterator ci = cal.iterator(); ci.hasNext() && !haveSelectOneFromExactlyOne; ) {
Object co = ci.next();
if (co instanceof All) {
haveSelectOneFromExactlyOne = true;
boolean isFoundMaxCount = false;
boolean isFoundUnitTime = false;
All childAll = (All) co;
List cd = childAll.getPolicyComponents();
for (Iterator cdl = cd.iterator(); cdl.hasNext(); ) {
Object d = cdl.next();
if (d instanceof XmlPrimtiveAssertion) {
XmlPrimtiveAssertion adx = (XmlPrimtiveAssertion) d;
OMElement el = adx.getValue();
// Name of the policy assertion
String n = el.getLocalName();
// Value of the policy assertion
String v = el.getText();
// invalid policy config
if (n == null || v == null) {
handleException("Either Value or " + "Name of the policy cannot be null");
}
if (!v.equals("")) {
if (n.equals(ThrottleConstants.MAXIMUM_COUNT_PARAMETER_NAME)) {
isFoundMaxCount = true;
try {
cn.setMaximumRequestPerUnitTime(Integer.parseInt(v.trim()));
} catch (NumberFormatException ignored) {
log.error("Error occurred - " + "Invalid number for maximum " + "request number ", ignored);
if (log.isDebugEnabled()) {
log.debug("Access" + " will be fully allowed");
}
cn.setAccessState(ThrottleConstants.ACCESS_ALLOWED);
}
} else if (n.equals(ThrottleConstants.UNIT_TIME_PARAMETER_NAME)) {
// TODO need to verify that value is in milisecond
long timeInMiliSec = 0;
try {
timeInMiliSec = Long.parseLong(v.trim());
} catch (NumberFormatException ignored) {
log.error("Error occurred " + "- Invalid number for unit time", ignored);
}
if (timeInMiliSec == 0) {
handleException("Unit Time cannot " + "find - invalid throttle " + "policy configuration");
}
isFoundUnitTime = true;
cn.setUnitTime(timeInMiliSec);
} else if (n.equals(ThrottleConstants.PROHIBIT_TIME_PERIOD_PARAMETER_NAME)) {
try {
cn.setProhibitTimePeriod(Long.parseLong(v.trim()));
} catch (NumberFormatException ignored) {
log.error("Error occurred - Invalid" + " number for prohibit time ", ignored);
}
} else {
handleException("Undefined Policy" + " property for Throttle Policy");
}
} else {
if (!n.equals(ThrottleConstants.PROHIBIT_TIME_PERIOD_PARAMETER_NAME)) {
handleException("The policy which have " + " defined as optional " + "should have value ");
}
}
}
}
if (isFoundUnitTime && isFoundMaxCount) {
isExactlyOneFound = true;
} else {
handleException("Maximum Count and UnitTime are " + "Mandatory in Throttle Policy ");
}
} else if (co instanceof XmlPrimtiveAssertion) {
haveSelectOneFromExactlyOne = true;
XmlPrimtiveAssertion alx = (XmlPrimtiveAssertion) co;
OMElement ele = alx.getValue();
// Name of the policy assertion
String n = ele.getLocalName();
// Value of the policy assertion
String v = ele.getText();
// then it is a invalid policy config
if (n == null || v == null) {
handleException("Either Value or" + " Name of the policy cannot be null");
} else if (n.equals(ThrottleConstants.ISALLOW_PARAMETER_NAME)) {
if (v.equals(Boolean.toString(true))) {
isExactlyOneFound = true;
cn.setAccessState(ThrottleConstants.ACCESS_ALLOWED);
} else if (v.equals(Boolean.toString(false))) {
isExactlyOneFound = true;
cn.setAccessState(ThrottleConstants.ACCESS_DENIED);
} else {
handleException("Value for isAllow " + " component is invalied");
}
} else {
handleException("Invalied Throttle" + " Policy configuration");
}
}
}
}
} else {
if (log.isDebugEnabled()) {
log.debug("Couldn't find a cn for a throttle configuration" + " for an one caller ");
}
}
if (isIPRangeFound && isExactlyOneFound) {
// If the Throttle Configuration is valid
tc.addCallerConfiguration(cn);
} else {
handleException("ID and one of Valid Control policy component are " + "Mandatory in Throttle Policy");
}
} else if (tp instanceof XmlPrimtiveAssertion) {
XmlPrimtiveAssertion mca = (XmlPrimtiveAssertion) tp;
OMElement ele = mca.getValue();
// Name of the policy assertion
String n = ele.getLocalName();
// Value of the policy assertion
String v = ele.getText();
// it is a invalid policy configuration
if (n == null || v == null) {
handleException("Either Value or Name of the policy cannot be null");
} else if (n.equals(ThrottleConstants.MAXIMUM_CONCURRENT_ACCESS_PARAMETER_NAME)) {
int intvalue = 0;
try {
intvalue = Integer.parseInt(v.trim());
} catch (NumberFormatException ignored) {
log.error("Error occurred - Invalid number for maximum " + "concurrent access ", ignored);
}
if (intvalue > 0) {
th.setConcurrentAccessController(new ConcurrentAccessController(intvalue));
}
} else {
handleException("Invalied Throttle Policy configuration");
}
}
}
return th;
}
Also used :
All(org.apache.neethi.All)
OMElement(org.apache.axiom.om.OMElement)
ExactlyOne(org.apache.neethi.ExactlyOne)
Iterator(java.util.Iterator)
List(java.util.List)
XmlPrimtiveAssertion(org.apache.neethi.builders.xml.XmlPrimtiveAssertion)
Example 2 with ExactlyOne
use of org.apache.neethi.ExactlyOne in project cxf by apache.
the class SpnegoContextTokenInInterceptor method handleMessage.
public void handleMessage(SoapMessage message) throws Fault {
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
// extract Assertion information
if (aim != null) {
Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SPNEGO_CONTEXT_TOKEN);
if (ais.isEmpty()) {
return;
}
if (isRequestor(message)) {
// client side should be checked on the way out
for (AssertionInfo ai : ais) {
ai.setAsserted(true);
}
return;
}
String s = (String) message.get(SoapBindingConstants.SOAP_ACTION);
if (s == null) {
s = SoapActionInInterceptor.getSoapAction(message);
}
AddressingProperties inProps = (AddressingProperties) message.getContextualProperty(JAXWSAConstants.ADDRESSING_PROPERTIES_INBOUND);
if (inProps != null && s == null) {
// MS/WCF doesn't put a soap action out for this, must check the headers
s = inProps.getAction().getValue();
}
if (s != null && s.contains("/RST/Issue") && (s.startsWith(STSUtils.WST_NS_05_02) || s.startsWith(STSUtils.WST_NS_05_12))) {
Policy p = new Policy();
ExactlyOne ea = new ExactlyOne();
p.addPolicyComponent(ea);
All all = new All();
Assertion ass = NegotiationUtils.getAddressingPolicy(aim, false);
all.addPolicyComponent(ass);
ea.addPolicyComponent(all);
// setup endpoint and forward to it.
unmapSecurityProps(message);
String ns = STSUtils.WST_NS_05_12;
if (s.startsWith(STSUtils.WST_NS_05_02)) {
ns = STSUtils.WST_NS_05_02;
}
NegotiationUtils.recalcEffectivePolicy(message, ns, p, new SpnegoSTSInvoker(), false);
} else {
message.getInterceptorChain().add(SpnegoContextTokenFinderInterceptor.INSTANCE);
}
}
}
Also used :
Policy(org.apache.neethi.Policy)
All(org.apache.neethi.All)
AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo)
Assertion(org.apache.neethi.Assertion)
AddressingProperties(org.apache.cxf.ws.addressing.AddressingProperties)
ExactlyOne(org.apache.neethi.ExactlyOne)
AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)
Example 3 with ExactlyOne
use of org.apache.neethi.ExactlyOne in project cxf by apache.
the class SpnegoTokenInterceptorProvider method setupClient.
static String setupClient(STSClient client, SoapMessage message, AssertionInfoMap aim) {
client.setTrust(NegotiationUtils.getTrust10(aim));
client.setTrust(NegotiationUtils.getTrust13(aim));
Policy p = new Policy();
ExactlyOne ea = new ExactlyOne();
p.addPolicyComponent(ea);
All all = new All();
all.addPolicyComponent(NegotiationUtils.getAddressingPolicy(aim, false));
ea.addPolicyComponent(all);
client.setPolicy(p);
client.setSoap11(message.getVersion() == Soap11.getInstance());
client.setSpnego(true);
WSSConfig config = WSSConfig.getNewInstance();
String context = config.getIdAllocator().createSecureId("_", null);
client.setContext(context);
String s = message.getContextualProperty(Message.ENDPOINT_ADDRESS).toString();
client.setLocation(s);
AlgorithmSuite suite = NegotiationUtils.getAlgorithmSuite(aim);
if (suite != null) {
client.setAlgorithmSuite(suite);
int x = suite.getAlgorithmSuiteType().getMaximumSymmetricKeyLength();
if (x < 256) {
client.setKeySize(x);
}
}
Map<String, Object> ctx = client.getRequestContext();
mapSecurityProps(message, ctx);
return s;
}
Also used :
Policy(org.apache.neethi.Policy)
All(org.apache.neethi.All)
AlgorithmSuite(org.apache.wss4j.policy.model.AlgorithmSuite)
WSSConfig(org.apache.wss4j.dom.engine.WSSConfig)
ExactlyOne(org.apache.neethi.ExactlyOne)
Example 4 with ExactlyOne
use of org.apache.neethi.ExactlyOne in project cxf by apache.
the class WSSCUnitTest method testIssueUnitTest.
@Test
public void testIssueUnitTest() throws Exception {
if (test.isStreaming()) {
return;
}
SpringBusFactory bf = new SpringBusFactory();
URL busFile = WSSCUnitTest.class.getResource("client.xml");
Bus bus = bf.createBus(busFile.toString());
BusFactory.setDefaultBus(bus);
BusFactory.setThreadDefaultBus(bus);
STSClient stsClient = new STSClient(bus);
stsClient.setSecureConv(true);
stsClient.setLocation("https://localhost:" + PORT + "/" + "DoubleItTransport");
// Add Addressing policy
Policy p = new Policy();
ExactlyOne ea = new ExactlyOne();
p.addPolicyComponent(ea);
All all = new All();
all.addPolicyComponent(new PrimitiveAssertion(MetadataConstants.USING_ADDRESSING_2006_QNAME, false));
ea.addPolicyComponent(all);
stsClient.setPolicy(p);
stsClient.requestSecurityToken("http://localhost:" + PORT + "/" + "DoubleItTransport");
}
Also used :
Policy(org.apache.neethi.Policy)
All(org.apache.neethi.All)
Bus(org.apache.cxf.Bus)
STSClient(org.apache.cxf.ws.security.trust.STSClient)
SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory)
PrimitiveAssertion(org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion)
ExactlyOne(org.apache.neethi.ExactlyOne)
URL(java.net.URL)
Test(org.junit.Test)
Example 5 with ExactlyOne
use of org.apache.neethi.ExactlyOne in project cxf by apache.
the class AssertionInfoMapTest method testCheckEffectivePolicy.
@Test
public void testCheckEffectivePolicy() {
Policy p = new Policy();
QName aqn = new QName("http://x.y.z", "a");
Assertion a = new PrimitiveAssertion(aqn);
QName bqn = new QName("http://x.y.z", "b");
Assertion b = new PrimitiveAssertion(bqn);
QName cqn = new QName("http://x.y.z", "c");
Assertion c = new PrimitiveAssertion(cqn);
All alt1 = new All();
alt1.addAssertion(a);
alt1.addAssertion(b);
All alt2 = new All();
alt2.addAssertion(c);
ExactlyOne ea = new ExactlyOne();
ea.addPolicyComponent(alt1);
ea.addPolicyComponent(alt2);
p.addPolicyComponent(ea);
AssertionInfoMap aim = new AssertionInfoMap(CastUtils.cast(Collections.EMPTY_LIST, PolicyAssertion.class));
AssertionInfo ai = new AssertionInfo(a);
AssertionInfo bi = new AssertionInfo(b);
AssertionInfo ci = new AssertionInfo(c);
aim.put(aqn, Collections.singleton(ai));
aim.put(bqn, Collections.singleton(bi));
aim.put(cqn, Collections.singleton(ci));
try {
aim.checkEffectivePolicy(p);
fail("Expected PolicyException not thrown.");
} catch (PolicyException ex) {
// expected
}
ai.setAsserted(true);
ci.setAsserted(true);
aim.checkEffectivePolicy(p);
}
Also used :
Policy(org.apache.neethi.Policy)
All(org.apache.neethi.All)
QName(javax.xml.namespace.QName)
PolicyContainingPrimitiveAssertion(org.apache.neethi.builders.PolicyContainingPrimitiveAssertion)
PrimitiveAssertion(org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion)
PolicyContainingPrimitiveAssertion(org.apache.neethi.builders.PolicyContainingPrimitiveAssertion)
PrimitiveAssertion(org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion)
Assertion(org.apache.neethi.Assertion)
ExactlyOne(org.apache.neethi.ExactlyOne)
Test(org.junit.Test)
Aggregations
ExactlyOne (org.apache.neethi.ExactlyOne)19
All (org.apache.neethi.All)18
Policy (org.apache.neethi.Policy)18
Test (org.junit.Test)9
Assertion (org.apache.neethi.Assertion)7
QName (javax.xml.namespace.QName)6
PrimitiveAssertion (org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion)6
Message (org.apache.cxf.message.Message)3
MessageImpl (org.apache.cxf.message.MessageImpl)3
AlternativeSelector (org.apache.cxf.ws.policy.AlternativeSelector)3
Assertor (org.apache.cxf.ws.policy.Assertor)3
PolicyAssertion (org.apache.cxf.ws.policy.PolicyAssertion)3
PolicyEngine (org.apache.cxf.ws.policy.PolicyEngine)3
TestAssertion (org.apache.cxf.ws.policy.TestAssertion)3
AlgorithmSuite (org.apache.wss4j.policy.model.AlgorithmSuite)3
ProtectionToken (org.apache.wss4j.policy.model.ProtectionToken)3
SignedParts (org.apache.wss4j.policy.model.SignedParts)3
ArrayList (java.util.ArrayList)2
ExtensibilityElement (javax.wsdl.extensions.ExtensibilityElement)2
DOMSource (javax.xml.transform.dom.DOMSource)2
