Examples with ReplayCache org.apache.wss4j.common.cache.ReplayCache used on opensource projects

Example 1 with ReplayCache

use of org.apache.wss4j.common.cache.ReplayCache in project cxf by apache.

the class WSS4JUtils method getReplayCache.

/**
 * Get a ReplayCache instance. It first checks to see whether caching has been explicitly
 * enabled or disabled via the booleanKey argument. If it has been set to false then no
 * replay caching is done (for this booleanKey). If it has not been specified, then caching
 * is enabled only if we are not the initiator of the exchange. If it has been specified, then
 * caching is enabled.
 *
 * It tries to get an instance of ReplayCache via the instanceKey argument from a
 * contextual property, and failing that the message exchange. If it can't find any, then it
 * defaults to using an EH-Cache instance and stores that on the message exchange.
 */
public static ReplayCache getReplayCache(SoapMessage message, String booleanKey, String instanceKey) throws WSSecurityException {
    boolean specified = false;
    Object o = message.getContextualProperty(booleanKey);
    if (o != null) {
        if (!PropertyUtils.isTrue(o)) {
            return null;
        }
        specified = true;
    }
    if (!specified && MessageUtils.isRequestor(message)) {
        return null;
    }
    ReplayCache replayCache = (ReplayCache) message.getContextualProperty(instanceKey);
    Endpoint ep = message.getExchange().getEndpoint();
    if (replayCache == null && ep != null && ep.getEndpointInfo() != null) {
        EndpointInfo info = ep.getEndpointInfo();
        synchronized (info) {
            replayCache = (ReplayCache) info.getProperty(instanceKey);
            if (replayCache == null) {
                String cacheKey = instanceKey;
                if (info.getName() != null) {
                    int hashcode = info.getName().toString().hashCode();
                    if (hashcode < 0) {
                        cacheKey += hashcode;
                    } else {
                        cacheKey += "-" + hashcode;
                    }
                }
                if (WSS4JCacheUtil.isEhCacheInstalled()) {
                    Bus bus = message.getExchange().getBus();
                    final Path diskstoreParent;
                    try {
                        diskstoreParent = Files.createTempDirectory("cxf");
                    } catch (IOException ex) {
                        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
                    }
                    replayCache = new CXFEHCacheReplayCache(cacheKey, bus, diskstoreParent);
                } else {
                    replayCache = new MemoryReplayCache();
                }
                info.setProperty(instanceKey, replayCache);
            }
        }
    }
    return replayCache;
}

Example 2 with ReplayCache

use of org.apache.wss4j.common.cache.ReplayCache in project cxf by apache.

the class CacheCleanupListener method shutdownResources.

protected void shutdownResources(EndpointInfo info) {
    TokenStore ts = (TokenStore) info.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
    if (ts instanceof Closeable) {
        close((Closeable) ts);
    }
    ReplayCache rc = (ReplayCache) info.getProperty(SecurityConstants.NONCE_CACHE_INSTANCE);
    if (rc != null) {
        close(rc);
    }
    rc = (ReplayCache) info.getProperty(SecurityConstants.TIMESTAMP_CACHE_INSTANCE);
    if (rc != null) {
        close(rc);
    }
    rc = (ReplayCache) info.getProperty(SecurityConstants.SAML_ONE_TIME_USE_CACHE_INSTANCE);
    if (rc != null) {
        close(rc);
    }
}

Example 3 with ReplayCache

use of org.apache.wss4j.common.cache.ReplayCache in project cxf by apache.

the class WSS4JInInterceptor method configureReplayCaches.

protected void configureReplayCaches(RequestData reqData, List<Integer> actions, SoapMessage msg) throws WSSecurityException {
    if (isNonceCacheRequired(actions, msg)) {
        ReplayCache nonceCache = getReplayCache(msg, SecurityConstants.ENABLE_NONCE_CACHE, SecurityConstants.NONCE_CACHE_INSTANCE);
        reqData.setNonceReplayCache(nonceCache);
    }
    if (isTimestampCacheRequired(actions, msg)) {
        ReplayCache timestampCache = getReplayCache(msg, SecurityConstants.ENABLE_TIMESTAMP_CACHE, SecurityConstants.TIMESTAMP_CACHE_INSTANCE);
        reqData.setTimestampReplayCache(timestampCache);
    }
    if (isSamlCacheRequired(actions, msg)) {
        ReplayCache samlCache = getReplayCache(msg, SecurityConstants.ENABLE_SAML_ONE_TIME_USE_CACHE, SecurityConstants.SAML_ONE_TIME_USE_CACHE_INSTANCE);
        reqData.setSamlOneTimeUseReplayCache(samlCache);
    }
}

Example 4 with ReplayCache

use of org.apache.wss4j.common.cache.ReplayCache in project cxf by apache.

the class WSS4JStaxInInterceptor method configureProperties.

protected void configureProperties(SoapMessage msg, WSSSecurityProperties securityProperties) throws XMLSecurityException {
    // Configure replay caching
    ReplayCache nonceCache = null;
    if (isNonceCacheRequired(msg, securityProperties)) {
        nonceCache = WSS4JUtils.getReplayCache(msg, SecurityConstants.ENABLE_NONCE_CACHE, SecurityConstants.NONCE_CACHE_INSTANCE);
    }
    securityProperties.setNonceReplayCache(nonceCache);
    ReplayCache timestampCache = null;
    if (isTimestampCacheRequired(msg, securityProperties)) {
        timestampCache = WSS4JUtils.getReplayCache(msg, SecurityConstants.ENABLE_TIMESTAMP_CACHE, SecurityConstants.TIMESTAMP_CACHE_INSTANCE);
    }
    securityProperties.setTimestampReplayCache(timestampCache);
    ReplayCache samlCache = null;
    if (isSamlCacheRequired(msg, securityProperties)) {
        samlCache = WSS4JUtils.getReplayCache(msg, SecurityConstants.ENABLE_SAML_ONE_TIME_USE_CACHE, SecurityConstants.SAML_ONE_TIME_USE_CACHE_INSTANCE);
    }
    securityProperties.setSamlOneTimeUseReplayCache(samlCache);
    boolean enableRevocation = PropertyUtils.isTrue(SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENABLE_REVOCATION, msg));
    securityProperties.setEnableRevocation(enableRevocation);
    // Crypto loading only applies for Map
    Map<String, Object> config = getProperties();
    if (config != null && !config.isEmpty()) {
        Crypto sigVerCrypto = loadCrypto(msg, ConfigurationConstants.SIG_VER_PROP_FILE, ConfigurationConstants.SIG_VER_PROP_REF_ID, securityProperties);
        if (sigVerCrypto == null) {
            // Fall back to using the Signature properties for verification
            sigVerCrypto = loadCrypto(msg, ConfigurationConstants.SIG_PROP_FILE, ConfigurationConstants.SIG_PROP_REF_ID, securityProperties);
        }
        if (sigVerCrypto != null) {
            config.put(ConfigurationConstants.SIG_VER_PROP_REF_ID, "RefId-" + sigVerCrypto.hashCode());
            config.put("RefId-" + sigVerCrypto.hashCode(), sigVerCrypto);
        }
        Crypto decCrypto = loadCrypto(msg, ConfigurationConstants.DEC_PROP_FILE, ConfigurationConstants.DEC_PROP_REF_ID, securityProperties);
        if (decCrypto != null) {
            config.put(ConfigurationConstants.DEC_PROP_REF_ID, "RefId-" + decCrypto.hashCode());
            config.put("RefId-" + decCrypto.hashCode(), decCrypto);
        }
        ConfigurationConverter.parseCrypto(config, securityProperties);
    }
    // Add Audience Restrictions for SAML
    securityProperties.setAudienceRestrictions(SAMLUtils.getAudienceRestrictions(msg, true));
}

Example 5 with ReplayCache

use of org.apache.wss4j.common.cache.ReplayCache in project cxf by apache.

the class UsernameTokenInterceptor method validateToken.

protected WSSecurityEngineResult validateToken(Element tokenElement, final SoapMessage message) throws WSSecurityException, Base64DecodingException {
    boolean bspCompliant = isWsiBSPCompliant(message);
    boolean allowNoPassword = isAllowNoPassword(message.get(AssertionInfoMap.class));
    UsernameTokenProcessor p = new UsernameTokenProcessor();
    RequestData data = new CXFRequestData();
    Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, message);
    try {
        data.setCallbackHandler(SecurityUtils.getCallbackHandler(o));
    } catch (Exception ex) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
    }
    data.setMsgContext(message);
    // Configure replay caching
    ReplayCache nonceCache = WSS4JUtils.getReplayCache(message, SecurityConstants.ENABLE_NONCE_CACHE, SecurityConstants.NONCE_CACHE_INSTANCE);
    data.setNonceReplayCache(nonceCache);
    data.setAllowUsernameTokenNoPassword(allowNoPassword);
    data.setWssConfig(WSSConfig.getNewInstance());
    if (!bspCompliant) {
        data.setDisableBSPEnforcement(true);
    }
    data.setMsgContext(message);
    WSDocInfo wsDocInfo = new WSDocInfo(tokenElement.getOwnerDocument());
    data.setWsDocInfo(wsDocInfo);
    try {
        List<WSSecurityEngineResult> results = p.handleToken(tokenElement, data);
        return results.get(0);
    } catch (WSSecurityException ex) {
        throw WSS4JUtils.createSoapFault(message, message.getVersion(), ex);
    }
}