Example 96 with Policy
use of org.apache.neethi.Policy in project cxf by apache.
the class AlgorithmSuiteBuilder method build.
@Override
public Assertion build(Element element, AssertionBuilderFactory factory) throws IllegalArgumentException {
final SPConstants.SPVersion spVersion = SPConstants.SPVersion.getSPVersion(element.getNamespaceURI());
final Element nestedPolicyElement = SPUtils.getFirstPolicyChildElement(element);
if (nestedPolicyElement == null) {
throw new IllegalArgumentException("sp:AlgorithmSuite must have an inner wsp:Policy element");
}
final Policy nestedPolicy = factory.getPolicyEngine().getPolicy(nestedPolicyElement);
AlgorithmSuiteLoader loader = bus.getExtension(AlgorithmSuiteLoader.class);
if (loader == null) {
loader = new DefaultAlgorithmSuiteLoader();
}
AlgorithmSuite algorithmSuite = loader.getAlgorithmSuite(bus, spVersion, nestedPolicy);
if (algorithmSuite == null || algorithmSuite.getAlgorithmSuiteType() == null) {
String algorithmSuiteName = null;
if (algorithmSuite != null) {
algorithmSuiteName = algorithmSuite.getFirstInvalidAlgorithmSuite();
}
if (algorithmSuiteName == null) {
algorithmSuiteName = DOMUtils.getFirstElement(nestedPolicyElement).getLocalName();
}
throw new IllegalArgumentException("Algorithm suite \"" + algorithmSuiteName + "\" is not registered");
}
algorithmSuite.setOptional(SPUtils.isOptional(element));
algorithmSuite.setIgnorable(SPUtils.isIgnorable(element));
return algorithmSuite;
}
Also used :
Policy(org.apache.neethi.Policy)
AlgorithmSuite(org.apache.wss4j.policy.model.AlgorithmSuite)
Element(org.w3c.dom.Element)
SPConstants(org.apache.wss4j.policy.SPConstants)
Example 97 with Policy
use of org.apache.neethi.Policy in project cxf by apache.
the class SecureConversationInInterceptor method handleMessageForAction.
void handleMessageForAction(SoapMessage message, String s, AssertionInfoMap aim, Collection<AssertionInfo> ais) {
String addNs = null;
AddressingProperties inProps = (AddressingProperties) message.getContextualProperty(JAXWSAConstants.ADDRESSING_PROPERTIES_INBOUND);
if (inProps != null) {
addNs = inProps.getNamespaceURI();
if (s == null) {
// MS/WCF doesn't put a soap action out for this, must check the headers
s = inProps.getAction().getValue();
}
}
if (s != null && s.contains("/RST/SCT") && (s.startsWith(STSUtils.WST_NS_05_02) || s.startsWith(STSUtils.WST_NS_05_12))) {
SecureConversationToken tok = (SecureConversationToken) ais.iterator().next().getAssertion();
Policy pol = tok.getBootstrapPolicy().getPolicy();
if (s.endsWith("Cancel")) {
// Cancel just sign with the token
Policy p = new Policy();
ExactlyOne ea = new ExactlyOne();
p.addPolicyComponent(ea);
All all = new All();
Assertion ass = NegotiationUtils.getAddressingPolicy(aim, false);
all.addPolicyComponent(ass);
ea.addPolicyComponent(all);
final SecureConversationToken secureConversationToken = new SecureConversationToken(SPConstants.SPVersion.SP12, SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER, null, null, null, new Policy());
Policy sctPolicy = new Policy();
ExactlyOne sctPolicyEa = new ExactlyOne();
sctPolicy.addPolicyComponent(sctPolicyEa);
All sctPolicyAll = new All();
sctPolicyAll.addPolicyComponent(secureConversationToken);
sctPolicyEa.addPolicyComponent(sctPolicyAll);
Policy bindingPolicy = new Policy();
ExactlyOne bindingPolicyEa = new ExactlyOne();
bindingPolicy.addPolicyComponent(bindingPolicyEa);
All bindingPolicyAll = new All();
AbstractBinding origBinding = PolicyUtils.getSecurityBinding(aim);
bindingPolicyAll.addPolicyComponent(origBinding.getAlgorithmSuite());
bindingPolicyAll.addPolicyComponent(new ProtectionToken(SPConstants.SPVersion.SP12, sctPolicy));
bindingPolicyAll.addAssertion(new PrimitiveAssertion(SP12Constants.INCLUDE_TIMESTAMP));
bindingPolicyAll.addAssertion(new PrimitiveAssertion(SP12Constants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY));
bindingPolicyEa.addPolicyComponent(bindingPolicyAll);
DefaultSymmetricBinding binding = new DefaultSymmetricBinding(SPConstants.SPVersion.SP12, bindingPolicy);
binding.setOnlySignEntireHeadersAndBody(true);
binding.setProtectTokens(false);
all.addPolicyComponent(binding);
SignedParts signedParts = getSignedParts(aim, addNs);
all.addPolicyComponent(signedParts);
pol = p;
message.getInterceptorChain().add(SecureConversationTokenFinderInterceptor.INSTANCE);
} else {
Policy p = new Policy();
ExactlyOne ea = new ExactlyOne();
p.addPolicyComponent(ea);
All all = new All();
Assertion ass = NegotiationUtils.getAddressingPolicy(aim, false);
all.addPolicyComponent(ass);
ea.addPolicyComponent(all);
pol = p.merge(pol);
}
// setup SCT endpoint and forward to it.
unmapSecurityProps(message);
String ns = STSUtils.WST_NS_05_12;
if (s.startsWith(STSUtils.WST_NS_05_02)) {
ns = STSUtils.WST_NS_05_02;
}
NegotiationUtils.recalcEffectivePolicy(message, ns, pol, new SecureConversationSTSInvoker(), true);
// recalc based on new endpoint
SoapActionInInterceptor.getAndSetOperation(message, s);
} else {
message.getInterceptorChain().add(SecureConversationTokenFinderInterceptor.INSTANCE);
}
assertPolicies(aim);
}
Also used :
Policy(org.apache.neethi.Policy)
All(org.apache.neethi.All)
PrimitiveAssertion(org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion)
Assertion(org.apache.neethi.Assertion)
PrimitiveAssertion(org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion)
DefaultSymmetricBinding(org.apache.cxf.ws.security.trust.DefaultSymmetricBinding)
AbstractBinding(org.apache.wss4j.policy.model.AbstractBinding)
ExactlyOne(org.apache.neethi.ExactlyOne)
SecureConversationToken(org.apache.wss4j.policy.model.SecureConversationToken)
AddressingProperties(org.apache.cxf.ws.addressing.AddressingProperties)
SignedParts(org.apache.wss4j.policy.model.SignedParts)
ProtectionToken(org.apache.wss4j.policy.model.ProtectionToken)
Example 98 with Policy
use of org.apache.neethi.Policy in project cxf by apache.
the class SecureConversationTokenInterceptorProvider method setupClient.
static String setupClient(STSClient client, SoapMessage message, AssertionInfoMap aim, SecureConversationToken itok, boolean endorse) {
if (itok.getBootstrapPolicy() == null || itok.getBootstrapPolicy().getPolicy() == null) {
throw new Fault("The SecureConversationToken does not define a BootstrapPolicy", LOG);
}
client.setTrust(NegotiationUtils.getTrust10(aim));
client.setTrust(NegotiationUtils.getTrust13(aim));
Policy pol = itok.getBootstrapPolicy().getPolicy();
Policy p = new Policy();
ExactlyOne ea = new ExactlyOne();
p.addPolicyComponent(ea);
All all = new All();
all.addPolicyComponent(NegotiationUtils.getAddressingPolicy(aim, false));
ea.addPolicyComponent(all);
if (endorse) {
SupportingTokens st = new SupportingTokens(SPConstants.SPVersion.SP12, SP12Constants.ENDORSING_SUPPORTING_TOKENS, new Policy());
st.addToken(itok);
all.addPolicyComponent(st);
}
pol = p.merge(pol);
client.setPolicy(pol);
client.setSoap11(message.getVersion() == Soap11.getInstance());
client.setSecureConv(true);
String s = message.getContextualProperty(Message.ENDPOINT_ADDRESS).toString();
client.setLocation(s);
AlgorithmSuite suite = NegotiationUtils.getAlgorithmSuite(aim);
if (suite != null) {
client.setAlgorithmSuite(suite);
int x = suite.getAlgorithmSuiteType().getMaximumSymmetricKeyLength();
if (x < 256) {
client.setKeySize(x);
}
}
Map<String, Object> ctx = client.getRequestContext();
mapSecurityProps(message, ctx);
return s;
}
Also used :
Policy(org.apache.neethi.Policy)
All(org.apache.neethi.All)
SupportingTokens(org.apache.wss4j.policy.model.SupportingTokens)
AlgorithmSuite(org.apache.wss4j.policy.model.AlgorithmSuite)
Fault(org.apache.cxf.interceptor.Fault)
ExactlyOne(org.apache.neethi.ExactlyOne)
Example 99 with Policy
use of org.apache.neethi.Policy in project cxf by apache.
the class PolicyVerificationInFaultInterceptorTest method testHandleMessage.
@Test
public void testHandleMessage() throws NoSuchMethodException {
Method m = AbstractPolicyInterceptor.class.getDeclaredMethod("getTransportAssertions", new Class[] { Message.class });
PolicyVerificationInFaultInterceptor interceptor = EasyMock.createMockBuilder(PolicyVerificationInFaultInterceptor.class).addMockedMethod(m).createMock(control);
setupMessage(false, false, false, false, false, false);
control.replay();
interceptor.handleMessage(message);
control.verify();
control.reset();
setupMessage(true, false, false, false, false, false);
control.replay();
interceptor.handleMessage(message);
control.verify();
control.reset();
setupMessage(true, true, false, false, false, false);
control.replay();
interceptor.handleMessage(message);
control.verify();
control.reset();
setupMessage(true, true, true, false, false, false);
control.replay();
interceptor.handleMessage(message);
control.verify();
control.reset();
setupMessage(true, true, true, true, false, false);
control.replay();
interceptor.handleMessage(message);
control.verify();
control.reset();
setupMessage(true, true, true, true, true, false);
control.replay();
interceptor.handleMessage(message);
control.verify();
control.reset();
setupMessage(true, true, true, true, true, true);
interceptor.getTransportAssertions(message);
EasyMock.expectLastCall();
EffectivePolicyImpl effectivePolicy = control.createMock(EffectivePolicyImpl.class);
EasyMock.expect(engine.getEffectiveClientFaultPolicy(ei, boi, bfi, message)).andReturn(effectivePolicy);
Policy policy = control.createMock(Policy.class);
EasyMock.expect(effectivePolicy.getPolicy()).andReturn(policy);
aim.checkEffectivePolicy(policy);
EasyMock.expectLastCall().andReturn(null);
control.replay();
interceptor.handleMessage(message);
control.verify();
}Example 100 with Policy
use of org.apache.neethi.Policy in project cxf by apache.
the class ExternalAttachmentProviderTest method testReadDocumentEPRDomainExpression.
@Test
public void testReadDocumentEPRDomainExpression() throws MalformedURLException {
Bus bus = control.createMock(Bus.class);
DomainExpressionBuilderRegistry debr = control.createMock(DomainExpressionBuilderRegistry.class);
EasyMock.expect(bus.getExtension(DomainExpressionBuilderRegistry.class)).andReturn(debr);
DomainExpression de = control.createMock(DomainExpression.class);
EasyMock.expect(debr.build(EasyMock.isA(Element.class))).andReturn(de);
PolicyBuilder pb = control.createMock(PolicyBuilder.class);
EasyMock.expect(bus.getExtension(PolicyBuilder.class)).andReturn(pb).anyTimes();
Policy p = control.createMock(Policy.class);
EasyMock.expect(pb.getPolicy(EasyMock.isA(Element.class))).andReturn(p);
control.replay();
ExternalAttachmentProvider eap = new ExternalAttachmentProvider(bus);
URL url = ExternalAttachmentProviderTest.class.getResource("resources/attachments4.xml");
String uri = url.toExternalForm();
eap.setLocation(new UrlResource(uri));
eap.readDocument();
assertEquals(1, eap.getAttachments().size());
PolicyAttachment pa = eap.getAttachments().iterator().next();
assertSame(p, pa.getPolicy());
assertEquals(1, pa.getDomainExpressions().size());
assertSame(de, pa.getDomainExpressions().iterator().next());
control.verify();
}
Also used :
Policy(org.apache.neethi.Policy)
Bus(org.apache.cxf.Bus)
UrlResource(org.springframework.core.io.UrlResource)
Element(org.w3c.dom.Element)
PolicyBuilder(org.apache.cxf.ws.policy.PolicyBuilder)
URL(java.net.URL)
Test(org.junit.Test)
Aggregations
Policy (org.apache.neethi.Policy)122
Test (org.junit.Test)47
Assertion (org.apache.neethi.Assertion)27
QName (javax.xml.namespace.QName)23
ArrayList (java.util.ArrayList)21
All (org.apache.neethi.All)18
ExactlyOne (org.apache.neethi.ExactlyOne)18
Message (org.apache.cxf.message.Message)15
EndpointInfo (org.apache.cxf.service.model.EndpointInfo)14
Element (org.w3c.dom.Element)13
Bus (org.apache.cxf.Bus)12
PrimitiveAssertion (org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion)12
List (java.util.List)9
Interceptor (org.apache.cxf.interceptor.Interceptor)9
BindingOperationInfo (org.apache.cxf.service.model.BindingOperationInfo)9
HashMap (java.util.HashMap)7
OMElement (org.apache.axiom.om.OMElement)7
MessageImpl (org.apache.cxf.message.MessageImpl)7
ReferenceResolver (org.apache.cxf.ws.policy.attachment.reference.ReferenceResolver)6
InputStream (java.io.InputStream)5
