Java tutorial
/******************************************************************************* * Copyright (C) 2007 The University of Manchester * * Modifications to the initial code base are copyright of their * respective authors, or their employers as appropriate. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License * as published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 ******************************************************************************/ package net.sf.taverna.t2.activities.wsdl.wss4j; import java.util.Vector; //import net.sf.taverna.t2.security.agents.SAException; //import net.sf.taverna.t2.security.agents.WSSecurityAgent; //import org.apache.commons.logging.Log; //import org.apache.commons.logging.LogFactory; //import org.apache.log4j.Logger; import org.apache.ws.axis.security.WSDoAllSender; import org.apache.ws.security.WSConstants; import org.apache.ws.security.WSEncryptionPart; import org.apache.ws.security.WSSConfig; import org.apache.ws.security.WSSecurityException; import org.apache.ws.security.handler.RequestData; import org.apache.ws.security.handler.WSHandlerConstants; import org.apache.ws.security.message.WSSecHeader; import org.apache.ws.security.util.WSSecurityUtil; import org.w3c.dom.Document; public class T2WSDoAllSender extends WSDoAllSender { /** * This is a security handler for wss4j that invokes security agents * whenever access to the user's credentials (passwords, private keys) * or secret keys is required. The security agent performs the necessary * security operations on the message to be sent and returns the message. */ private static final long serialVersionUID = 1L; //private static Log log = LogFactory.getLog(T2WSDoAllSender.class.getName()); // private boolean doDebug = log.isDebugEnabled(); // private static Logger logger = Logger.getLogger(T2WSDoAllSender.class); /** * Performs all defined security actions to set-up the SOAP request. * * This method overrides the doSenderAction() method of WSHandler class * by setting the actions to be executed to use T2 security agents. * * * @param doAction a set defining the actions to do * @param doc the request as DOM document * @param reqData a data storage to pass values around bewteen methods * @param actions a vector holding the actions to do in the order defined * in the deployment file or property * @throws WSSecurityException */ @Override protected void doSenderAction(int doAction, Document doc, RequestData reqData, Vector actions, boolean isRequest) throws WSSecurityException { boolean mu = decodeMustUnderstand(reqData); WSSConfig wssConfig = WSSConfig.getNewInstance(); wssConfig.setEnableSignatureConfirmation(decodeEnableSignatureConfirmation(reqData)); wssConfig.setPrecisionInMilliSeconds(decodeTimestampPrecision(reqData)); reqData.setWssConfig(wssConfig); Object mc = reqData.getMsgContext(); String actor = getString(WSHandlerConstants.ACTOR, mc); reqData.setActor(actor); WSSecHeader secHeader = new WSSecHeader(actor, mu); secHeader.insertSecurityHeader(doc); reqData.setSecHeader(secHeader); reqData.setSoapConstants(WSSecurityUtil.getSOAPConstants(doc.getDocumentElement())); /* * Here we have action, username, password, and actor, mustUnderstand. * Now get the action specific parameters. */ if ((doAction & WSConstants.UT) == WSConstants.UT) { decodeUTParameter(reqData); } /* * Here we have action, username, password, and actor, mustUnderstand. * Now get the action specific parameters. */ if ((doAction & WSConstants.UT_SIGN) == WSConstants.UT_SIGN) { decodeUTParameter(reqData); decodeSignatureParameter(reqData); } /* * Get and check the Signature specific parameters first because they * may be used for encryption too. */ if ((doAction & WSConstants.SIGN) == WSConstants.SIGN) { reqData.setSigCrypto(loadSignatureCrypto(reqData)); decodeSignatureParameter(reqData); } /* * If we need to handle signed SAML token then we need may of the * Signature parameters. The handle procedure loads the signature crypto * file on demand, thus don't do it here. */ if ((doAction & WSConstants.ST_SIGNED) == WSConstants.ST_SIGNED) { decodeSignatureParameter(reqData); } /* * Set and check the encryption specific parameters, if necessary take * over signature parameters username and crypto instance. */ if ((doAction & WSConstants.ENCR) == WSConstants.ENCR) { reqData.setEncCrypto(loadEncryptionCrypto(reqData)); decodeEncryptionParameter(reqData); } /* * If after all the parsing no Signature parts defined, set here a * default set. This is necessary because we add SignatureConfirmation * and therefore the default (Body) must be set here. The default setting * in WSSignEnvelope doesn't work because the vector is not empty anymore. */ if (reqData.getSignatureParts().isEmpty()) { WSEncryptionPart encP = new WSEncryptionPart(reqData.getSoapConstants().getBodyQName().getLocalPart(), reqData.getSoapConstants().getEnvelopeURI(), "Content"); reqData.getSignatureParts().add(encP); } /* * If SignatureConfirmation is enabled and this is a reqsponse then * insert SignatureCOnfrmation elements, note their wsu:id in the signature * parts. They will be signed automatically during a (probably) defined * SIGN action. */ if (wssConfig.isEnableSignatureConfirmation() && !isRequest) { String done; if ((done = (String) getProperty(reqData.getMsgContext(), WSHandlerConstants.SIG_CONF_DONE)) == null || !DONE.equals(done)) { Vector results = null; if ((results = (Vector) getProperty(reqData.getMsgContext(), WSHandlerConstants.RECV_RESULTS)) != null) { wssConfig.getAction(WSConstants.SC).execute(this, WSConstants.SC, doc, reqData); } } } /* * Here we have all necessary information to perform the requested * action(s). */ // Get the security agent /* WSSecurityAgent sa = (WSSecurityAgent) ((MessageContext)reqData.getMsgContext()).getProperty("security_agent"); // Perform security actions for (int i = 0; i < actions.size(); i++) { int actionToDo = ((Integer) actions.get(i)).intValue(); if (doDebug) { log.debug("Performing Action: " + actionToDo); } switch (actionToDo) { case WSConstants.UT:{ try { sa.wssUsernameToken(doc, reqData); } catch (SAException e) { logger.error("", e); } break; } case WSConstants.ENCR: case WSConstants.SIGN:{//sa.wssSign(doc, reqData); break;} case WSConstants.ST_SIGNED: case WSConstants.ST_UNSIGNED: case WSConstants.TS: case WSConstants.UT_SIGN: wssConfig.getAction(actionToDo).execute(this, actionToDo, doc, reqData); break; case WSConstants.NO_SERIALIZE: reqData.setNoSerialization(true); break; } } */ /* * If this is a request then store all signature values. Add ours to * already gathered values because of chained handlers, e.g. for * other actors. */ if (wssConfig.isEnableSignatureConfirmation() && isRequest) { if (reqData.getSignatureValues().size() > 0) { Vector sigv = null; if ((sigv = (Vector) getProperty(reqData.getMsgContext(), WSHandlerConstants.SEND_SIGV)) == null) { sigv = new Vector(); setProperty(reqData.getMsgContext(), WSHandlerConstants.SEND_SIGV, sigv); } // sigv.add(reqData.getSignatureValues()); sigv.addAll(reqData.getSignatureValues()); } } } }