Examples of org.apache.sandesha2.security.SecurityManager

• org.apache.sandesha2.security.SecurityManager
  SecurityManager interface. This manages the link between the RM layer and Security, so that the CreateSequence message can be secured using a SecurityTokenReference. Once the sequence is secured using the STR, each inbound messgae must be checked to ensure the sender has demonstrated proof-of-possession of the referenced token. See the WS-RM 1.0 spec for details.

    try {
      AxisConfiguration axisConfiguration = new AxisConfiguration ();
      ConfigurationContext configurationContext = new ConfigurationContext (axisConfiguration);

      //setting a dummy property been to stop Sandesha2 from throwing exceptions.
      SandeshaPolicyBean policyBean = new SandeshaPolicyBean ();
      axisConfiguration.addParameter(new Parameter (Sandesha2Constants.SANDESHA_PROPERTY_BEAN,policyBean));

      InMemoryStorageManager storageManager = new InMemoryStorageManager (configurationContext);

      Transaction transaction = storageManager.getTransaction();

        super ("InvokerBeanMgrTest");
    }

    public void setUp() throws Exception {
        AxisConfiguration axisConfig = new AxisConfiguration();
        SandeshaPolicyBean propertyBean = new SandeshaPolicyBean ();
        Parameter parameter = new Parameter ();
        parameter.setName(Sandesha2Constants.SANDESHA_PROPERTY_BEAN);
        parameter.setValue(propertyBean);
        axisConfig.addParameter(parameter);

            // if a WS-RM policy is specified, use it
            if (wsRMPolicyKey != null) {
                Object property = synapseOutMessageContext.getEntry(wsRMPolicyKey);
                if (property instanceof OMElement) {
                    OMElement policyOMElement = (OMElement) property;
                    RMAssertionBuilder builder = new RMAssertionBuilder();
                    SandeshaPolicyBean sandeshaPolicyBean = (SandeshaPolicyBean) builder.build(policyOMElement, null);
                    Parameter policyParam = new Parameter(Sandesha2Constants.SANDESHA_PROPERTY_BEAN, sandeshaPolicyBean);
                    anoymousService.addParameter(policyParam);
                }
            }
        }

            // if a WS-RM policy is specified, use it
            if (wsRMPolicyKey != null) {
                Object property = synapseOutMessageContext.getEntry(wsRMPolicyKey);
                if (property instanceof OMElement) {
                    OMElement policyOMElement = (OMElement) property;
                    RMAssertionBuilder builder = new RMAssertionBuilder();
                    SandeshaPolicyBean sandeshaPolicyBean = (SandeshaPolicyBean) builder.build(policyOMElement, null);
                    Parameter policyParam = new Parameter(Sandesha2Constants.SANDESHA_PROPERTY_BEAN, sandeshaPolicyBean);
                    anoymousService.addParameter(policyParam);
                }
            }
        }

    RMDBean rmdBean = SandeshaUtil.getRMDBeanFromSequenceId(storageManager, sequenceId);

    // Check that the sender of this CloseSequence holds the correct token
    if(rmdBean != null && rmdBean.getSecurityTokenData() != null) {
      SecurityManager secManager = SandeshaUtil.getSecurityManager(msgCtx.getConfigurationContext());
      OMElement body = msgCtx.getEnvelope().getBody();
      SecurityToken token = secManager.recoverSecurityToken(rmdBean.getSecurityTokenData());
      secManager.checkProofOfPossession(token, body, msgCtx);
    }

    if (FaultManager.checkForUnknownSequence(rmMsgCtx, sequenceId, storageManager, false)) {
      if (log.isDebugEnabled())
        log.debug("Exit: CloseSequenceProcessor::processInMessage, Unknown sequence " + sequenceId);

    // Check that the sender of this AckRequest holds the correct token
    RMDBean rmdBean = SandeshaUtil.getRMDBeanFromSequenceId(storageManager, sequenceId);

    if(rmdBean != null && rmdBean.getSecurityTokenData() != null) {
      SecurityManager secManager = SandeshaUtil.getSecurityManager(configurationContext);
      SecurityToken token = secManager.recoverSecurityToken(rmdBean.getSecurityTokenData());

      secManager.checkProofOfPossession(token, soapHeader, msgContext);
    }

    // Check that the sequence requested exists
    if (FaultManager.checkForUnknownSequence(rmMsgCtx, sequenceId, storageManager, piggybackedAckRequest)) {
      if (log.isDebugEnabled())

    storageManager.storeMessageContext(clonedMsgStoreKey, clonedMessage);
    rmsBean.setReferenceMessageStoreKey(clonedMsgStoreKey);

    SecurityToken token = (SecurityToken) createSeqRMMessage.getProperty(Sandesha2Constants.MessageContextProperties.SECURITY_TOKEN);
    if(token != null) {
      SecurityManager secManager = SandeshaUtil.getSecurityManager(configCtx);
      rmsBean.setSecurityTokenData(secManager.getTokenRecoveryData(token));
    }

    storageManager.getRMSBeanMgr().insert(rmsBean);

    SenderBean createSeqEntry = new SenderBean();

    // Check that both the Sequence header and message body have been secured properly
    RMDBeanMgr mgr = storageManager.getRMDBeanMgr();
    RMDBean bean = mgr.retrieve(sequenceId);

    if(bean != null && bean.getSecurityTokenData() != null) {
      SecurityManager secManager = SandeshaUtil.getSecurityManager(msgCtx.getConfigurationContext());

      QName seqName = new QName(rmMsgCtx.getRMNamespaceValue(), Sandesha2Constants.WSRM_COMMON.SEQUENCE);

      SOAPEnvelope envelope = msgCtx.getEnvelope();
      OMElement body = envelope.getBody();
      OMElement seqHeader = envelope.getHeader().getFirstChildWithName(seqName);

      SecurityToken token = secManager.recoverSecurityToken(bean.getSecurityTokenData());

      secManager.checkProofOfPossession(token, seqHeader, msgCtx);
      secManager.checkProofOfPossession(token, body, msgCtx);
    }

    // Store the inbound sequence id, number and lastMessage onto the operation context
    OperationContext opCtx = msgCtx.getOperationContext();
    if(opCtx != null) {

      StorageManager storageManager = SandeshaUtil.getSandeshaStorageManager(context, context.getAxisConfiguration());

      // If the inbound CreateSequence includes a SecurityTokenReference then
      // ask the security manager to resolve that to a token for us. We also
      // check that the Create was secured using the token.
      SecurityManager secManager = SandeshaUtil.getSecurityManager(context);
      OMElement theSTR = createSeqPart.getSecurityTokenReference();
      SecurityToken token = null;
      if(theSTR != null) {
        MessageContext msgcontext = createSeqRMMsg.getMessageContext();
        token = secManager.getSecurityToken(theSTR, msgcontext);

        // The create must be the body part of this message, so we check the
        // security of that element.
        OMElement body = msgcontext.getEnvelope().getBody();
        secManager.checkProofOfPossession(token, body, msgcontext);
      }

      //if toAddress is RMAnon we may need to terminate the request side sequence here.
      EndpointReference toEPR = createSeqMsg.getTo();
      if (toEPR.hasAnonymousAddress()) {

    return null; //could not find the sequenceKey
  }


  public static SecurityManager getSecurityManager(ConfigurationContext context) throws SandeshaException {
    SecurityManager util = null;
    AxisConfiguration config = context.getAxisConfiguration();
    Parameter p = config.getParameter(Sandesha2Constants.SECURITY_MANAGER);
    if(p != null) util = (SecurityManager) p.getValue();
    if (util != null) return util;