Package org.apache.ws.secpolicy.model

Examples of org.apache.ws.secpolicy.model.IssuedToken

818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
                log.debug("SignatureToken is an IssuedToken");
               
                if(rmd.getIssuedSignatureTokenId() == null) {
                    log.debug("No Issuedtoken found, requesting a new token");
                   
                    IssuedToken issuedToken = (IssuedToken)sigTok;
                   
                    String id = RampartUtil.getIssuedToken(rmd,
                            issuedToken);
                    rmd.setIssuedSignatureTokenId(id);
                   
                }
               
            } else if(sigTok instanceof SecureConversationToken) {
               
                log.debug("SignatureToken is a SecureConversationToken");
               
                //TODO check for an existing token and use it
               
                String secConvTokenId = rmd.getSecConvTokenId();
               
                //The RSTR has to be secured with the cancelled token
                String action = msgContext.getOptions().getAction();
                boolean cancelReqResp = action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RSTR_ACTION_CANCEL_SCT) ||
                                           action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RSTR_ACTION_CANCEL_SCT) ||
                                           action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RST_ACTION_CANCEL_SCT) ||
                                           action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RST_ACTION_CANCEL_SCT);
               
                //In the case of the cancel req or resp we should mark the token as cancelled
                if(secConvTokenId != null && cancelReqResp) {
                    try {
                        rmd.getTokenStorage().getToken(secConvTokenId).setState(org.apache.rahas.Token.CANCELLED);
                        msgContext.setProperty(RampartMessageData.SCT_ID, secConvTokenId);
                       
                        //remove from the local map of contexts
                        String contextIdentifierKey = RampartUtil.getContextIdentifierKey(msgContext);
                        RampartUtil.getContextMap(msgContext).remove(contextIdentifierKey);
                    } catch (TrustException e) {
                        throw new RampartException("errorExtractingToken");
                    }
                }
               
                if (secConvTokenId == null
                        || (secConvTokenId != null &&
                                (!RampartUtil.isTokenValid(rmd, secConvTokenId) && !cancelReqResp))) {
               
                    log.debug("No SecureConversationToken found, " +
                            "requesting a new token");
                   
                    SecureConversationToken secConvTok =
                                        (SecureConversationToken) sigTok;
                   
                    try {

                        String id = RampartUtil.getSecConvToken(rmd, secConvTok);
                        rmd.setSecConvTokenId(id);
                       
                    } catch (TrustException e) {
                        throw new RampartException("errorInObtainingSct", e);
                    }
                }
            }
           
            //If it was the ProtectionToken assertion then sigTok is the
            //same as encrTok
            if(sigTok.equals(encrTok) && sigTok instanceof IssuedToken) {
               
                log.debug("Symmetric binding uses a ProtectionToken, both" +
                        " SignatureToken and EncryptionToken are the same");
               
                rmd.setIssuedEncryptionTokenId(rmd.getIssuedEncryptionTokenId());
            } else {
                //Now we'll have to obtain the encryption token as well :-)
                //ASSUMPTION: SecureConversationToken is used as a
                //ProtectionToken therefore we only have to process a issued
                //token here
               
                log.debug("Obtaining the Encryption Token");
                if(rmd.getIssuedEncryptionTokenId() != null) {
                   
                    log.debug("EncrytionToken not alredy set");

                    IssuedToken issuedToken = (IssuedToken)encrTok;
                       
                    String id = RampartUtil.getIssuedToken(rmd,
                            issuedToken);
                    rmd.setIssuedEncryptionTokenId(id);
View Full Code Here
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
            if(sigTok instanceof IssuedToken) {
                log.debug("SignatureToken is an IssuedToken");
                if(rmd.getIssuedSignatureTokenId() == null) {
                    log.debug("No Issuedtoken found, requesting a new token");

                    IssuedToken issuedToken = (IssuedToken)sigTok;
                   
                    String id = RampartUtil.getIssuedToken(rmd,
                            issuedToken);
                    rmd.setIssuedSignatureTokenId(id);
                   
                }
               
            } else if(sigTok instanceof SecureConversationToken) {

                log.debug("SignatureToken is a SecureConversationToken");

                //TODO check for an existing token and use it
               
                String secConvTokenId = rmd.getSecConvTokenId();
               
                //The RSTR has to be secured with the cancelled token
                String action = msgContext.getOptions().getAction();
                boolean cancelReqResp = action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RSTR_ACTION_CANCEL_SCT) ||
                                           action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RSTR_ACTION_CANCEL_SCT) ||
                                           action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RST_ACTION_CANCEL_SCT) ||
                                           action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RST_ACTION_CANCEL_SCT);
               
                //In the case of the cancel req or resp we should mark the token as cancelled
                if(secConvTokenId != null && cancelReqResp) {
                    try {
                        rmd.getTokenStorage().getToken(secConvTokenId).setState(org.apache.rahas.Token.CANCELLED);
                        msgContext.setProperty(RampartMessageData.SCT_ID, secConvTokenId);
                       
                        //remove from the local map of contexts
                        String contextIdentifierKey = RampartUtil.getContextIdentifierKey(msgContext);
                        RampartUtil.getContextMap(msgContext).remove(contextIdentifierKey);
                    } catch (TrustException e) {
                        throw new RampartException("errorExtractingToken");
                    }
                }

                if (secConvTokenId == null
                    || (secConvTokenId != null &&
                        (!RampartUtil.isTokenValid(rmd, secConvTokenId) && !cancelReqResp))) {

                    log.debug("No SecureConversationToken found, requesting a new token");

                    SecureConversationToken secConvTok =
                                        (SecureConversationToken) sigTok;
                   
                    try {

                        String id = RampartUtil.getSecConvToken(rmd, secConvTok);
                        rmd.setSecConvTokenId(id);
                       
                    } catch (TrustException e) {
                        throw new RampartException("errorInObtainingSct", e);
                    }
                }
            }
           
            //If it was the ProtectionToken assertion then sigTok is the
            //same as encrTok
            if(sigTok.equals(encrTok) && sigTok instanceof IssuedToken) {

                log.debug("Symmetric binding uses a ProtectionToken, both" +
                            " SignatureToken and EncryptionToken are the same");

                rmd.setIssuedEncryptionTokenId(rmd.getIssuedEncryptionTokenId());
            } else {
                //Now we'll have to obtain the encryption token as well :-)
                //ASSUMPTION: SecureConversationToken is used as a
                //ProtectionToken therefore we only have to process a issued
                //token here

                log.debug("Obtaining the Encryption Token");

                if(rmd.getIssuedEncryptionTokenId() != null) {

                    log.debug("EncrytionToken not alredy set");

                    IssuedToken issuedToken = (IssuedToken)encrTok;
                       
                    String id = RampartUtil.getIssuedToken(rmd,
                            issuedToken);
                    rmd.setIssuedEncryptionTokenId(id);
View Full Code Here
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
            if (sigTok instanceof IssuedToken) {
                log.debug("SignatureToken is an IssuedToken");
                if (rmd.getIssuedSignatureTokenId() == null) {
                    log.debug("No Issuedtoken found, requesting a new token");

                    IssuedToken issuedToken = (IssuedToken) sigTok;

                    String id = RampartUtil.getIssuedToken(rmd, issuedToken);
                    rmd.setIssuedSignatureTokenId(id);

                }

            } else if (sigTok instanceof SecureConversationToken) {

                log.debug("SignatureToken is a SecureConversationToken");

                // TODO check for an existing token and use it

                String secConvTokenId = rmd.getSecConvTokenId();

                // The RSTR has to be secured with the cancelled token
                String action = msgContext.getOptions().getAction();
                boolean cancelReqResp = action.equals(RahasConstants.WST_NS_05_02
                        + RahasConstants.RSTR_ACTION_CANCEL_SCT)
                        || action.equals(RahasConstants.WST_NS_05_02
                                + RahasConstants.RSTR_ACTION_CANCEL_SCT)
                        || action.equals(RahasConstants.WST_NS_05_02
                                + RahasConstants.RST_ACTION_CANCEL_SCT)
                        || action.equals(RahasConstants.WST_NS_05_02
                                + RahasConstants.RST_ACTION_CANCEL_SCT);

                // In the case of the cancel req or resp we should mark the token as cancelled
                if (secConvTokenId != null && cancelReqResp) {
                    try {
                        rmd.getTokenStorage().getToken(secConvTokenId)
                                .setState(org.apache.rahas.Token.CANCELLED);
                        msgContext.setProperty(RampartMessageData.SCT_ID, secConvTokenId);

                        // remove from the local map of contexts
                        String contextIdentifierKey = RampartUtil
                                .getContextIdentifierKey(msgContext);
                        RampartUtil.getContextMap(msgContext).remove(contextIdentifierKey);
                    } catch (TrustException e) {
                        throw new RampartException("errorExtractingToken");
                    }
                }

                if (secConvTokenId == null
                        || (secConvTokenId != null && (!RampartUtil.isTokenValid(rmd,
                                secConvTokenId) && !cancelReqResp))) {

                    log.debug("No SecureConversationToken found, requesting a new token");

                    SecureConversationToken secConvTok = (SecureConversationToken) sigTok;

                    try {

                        String id = RampartUtil.getSecConvToken(rmd, secConvTok);
                        rmd.setSecConvTokenId(id);

                    } catch (TrustException e) {
                        throw new RampartException("errorInObtainingSct", e);
                    }
                }
            }

            // If it was the ProtectionToken assertion then sigTok is the
            // same as encrTok
            if (sigTok.equals(encrTok) && sigTok instanceof IssuedToken) {

                log.debug("Symmetric binding uses a ProtectionToken, both"
                        + " SignatureToken and EncryptionToken are the same");

                rmd.setIssuedEncryptionTokenId(rmd.getIssuedEncryptionTokenId());
            } else {
                // Now we'll have to obtain the encryption token as well :-)
                // ASSUMPTION: SecureConversationToken is used as a
                // ProtectionToken therefore we only have to process a issued
                // token here

                log.debug("Obtaining the Encryption Token");

                if (rmd.getIssuedEncryptionTokenId() != null) {

                    log.debug("EncrytionToken not alredy set");

                    IssuedToken issuedToken = (IssuedToken) encrTok;

                    String id = RampartUtil.getIssuedToken(rmd, issuedToken);
                    rmd.setIssuedEncryptionTokenId(id);

                }
View Full Code Here
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
public class IssuedTokenBuilder implements AssertionBuilder {

    public Assertion build(OMElement element, AssertionBuilderFactory factory)
            throws IllegalArgumentException {
        IssuedToken issuedToken = new IssuedToken(SPConstants.SP_V11);

        OMAttribute  includeAttr = element.getAttribute(SP11Constants.INCLUDE_TOKEN);
        if(includeAttr != null) {
            issuedToken.setInclusion(SP11Constants.getInclusionFromAttributeValue(includeAttr.getAttributeValue()));
        }
        // Extract Issuer
        OMElement issuerElem = element.getFirstChildWithName(SP11Constants.ISSUER);
        if(issuerElem != null) {
            OMElement issuerEpr = issuerElem.getFirstChildWithName(new QName(AddressingConstants.Final.WSA_NAMESPACE,"Address"));
           
            //try the other addressing namespace
            if (issuerEpr == null) {
                issuerEpr = issuerElem.getFirstChildWithName(new QName(AddressingConstants.Submission.WSA_NAMESPACE,"Address"));
            }
           
            issuedToken.setIssuerEpr(issuerEpr);
        }
       
        //TODO check why this returns an Address element
        //iter = issuerElem.getChildrenWithLocalName("Metadata");
       
        if (issuerElem != null ) {
            OMElement issuerMex = issuerElem.getFirstChildWithName(new QName(AddressingConstants.Final.WSA_NAMESPACE,"Metadata"));
           
          //try the other addressing namespace
            if (issuerMex == null) {
                issuerMex = issuerElem.getFirstChildWithName(new QName(AddressingConstants.Submission.WSA_NAMESPACE,"Metadata"));
            }
                       
            issuedToken.setIssuerMex(issuerMex);
        }
       

        // Extract RSTTemplate
        OMElement rstTmplElem = element.getFirstChildWithName(SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE);
        if (rstTmplElem != null) {
            issuedToken.setRstTemplate(rstTmplElem);
            // Process the RST Template and extract the token type
            Iterator<OMElement> tokenTypeElems = rstTmplElem.getChildrenWithName(
                    SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE_TOKEN_TYPE);
            if(tokenTypeElems != null && tokenTypeElems.hasNext()){
                issuedToken.setRstTokenType(tokenTypeElems.next().getText());
            }

            // Process the RST Template and extract the Claim set
            Iterator<OMElement> claimsElemIterator = rstTmplElem.getChildrenWithName(
                    SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE_CLAIMS);

            Set<String> claimSet = new TreeSet<String>() ;
            if (claimsElemIterator != null && claimsElemIterator.hasNext()) {
                OMElement claimsElem = claimsElemIterator.next();
                if(claimsElem != null && claimsElem.getChildrenWithName(
                            SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE_CLAIM_TYPE) != null){
                    for(Iterator<OMElement> claims = claimsElem.getChildrenWithName(
                            SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE_CLAIM_TYPE); claims.hasNext();){
                        OMElement claim = claims.next();
                        // exclude the claims with the attribute Optional=true
                        if(!(claim.getAttribute(
                                SP11Constants.ATTR_RST_TEMPLATE_CLAIM_TYPE_OPTIONAL) != null &&
                           "true".equals(claim.getAttribute(
                                SP11Constants.ATTR_RST_TEMPLATE_CLAIM_TYPE_OPTIONAL).getAttributeValue()))){
                            claimSet.add(claim.getAttributeValue(
                                SP11Constants.ATTR_RST_TEMPLATE_CLAIM_TYPE_URI));
                        }
                    }
                }
            }
            issuedToken.setRstClaimSet(claimSet);
        }

        OMElement policyElement = element.getFirstChildWithName(org.apache.neethi.Constants.Q_ELEM_POLICY);

        if (policyElement != null) {
View Full Code Here
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
public class IssuedTokenBuilder implements AssertionBuilder {

    public Assertion build(OMElement element, AssertionBuilderFactory factory)
            throws IllegalArgumentException {
        IssuedToken issuedToken = new IssuedToken(SPConstants.SP_V12);

        OMAttribute  includeAttr = element.getAttribute(SP12Constants.INCLUDE_TOKEN);
        if(includeAttr != null) {
            int inclusion = SP12Constants.getInclusionFromAttributeValue(includeAttr.getAttributeValue());
            issuedToken.setInclusion(inclusion);
        }
        // Extract Issuer
        OMElement issuerElem = element.getFirstChildWithName(SP12Constants.ISSUER);
      
        if(issuerElem != null) {
            OMElement issuerEpr = issuerElem.getFirstChildWithName(new QName(AddressingConstants.Final.WSA_NAMESPACE,"Address"));
           
            //try the other addressing namespace
            if (issuerEpr == null) {
                issuerEpr = issuerElem.getFirstChildWithName(new QName(AddressingConstants.Submission.WSA_NAMESPACE,"Address"));
            }
           
            issuedToken.setIssuerEpr(issuerEpr);
        }
       
        //TODO check why this returns an Address element
        //iter = issuerElem.getChildrenWithLocalName("Metadata");
       
        if (issuerElem != null ) {
            OMElement issuerMex = issuerElem.getFirstChildWithName(new QName(AddressingConstants.Final.WSA_NAMESPACE,"Metadata"));
           
          //try the other addressing namespace
            if (issuerMex == null) {
                issuerMex = issuerElem.getFirstChildWithName(new QName(AddressingConstants.Submission.WSA_NAMESPACE,"Metadata"));
            }
                       
            issuedToken.setIssuerMex(issuerMex);
        }

// Extract RSTTemplate
        OMElement rstTmplElem = element.getFirstChildWithName(SP12Constants.REQUEST_SECURITY_TOKEN_TEMPLATE);
        if (rstTmplElem != null) {
            issuedToken.setRstTemplate(rstTmplElem);
            // Process the RST Template and extract the token type
            Iterator<OMElement> tokenTypeElems = rstTmplElem.getChildrenWithName(
                    SP12Constants.REQUEST_SECURITY_TOKEN_TEMPLATE_TOKEN_TYPE);
            if(tokenTypeElems != null && tokenTypeElems.hasNext()){
                issuedToken.setRstTokenType(tokenTypeElems.next().getText());
            }

            // Process the RST Template and extract the Claim set
            Iterator<OMElement> claimsElemIterator = rstTmplElem.getChildrenWithName(
                    SP12Constants.REQUEST_SECURITY_TOKEN_TEMPLATE_CLAIMS);

            Set<String> claimSet = new TreeSet<String>() ;
            if (claimsElemIterator != null && claimsElemIterator.hasNext()) {
                OMElement claimsElem = claimsElemIterator.next();
                if(claimsElem != null && claimsElem.getChildrenWithName(
                            SP12Constants.REQUEST_SECURITY_TOKEN_TEMPLATE_CLAIM_TYPE) != null){
                    for(Iterator<OMElement> claims = claimsElem.getChildrenWithName(
                            SP12Constants.REQUEST_SECURITY_TOKEN_TEMPLATE_CLAIM_TYPE); claims.hasNext();){
                        OMElement claim = claims.next();
                        // exclude the claims with the attribute Optional=true
                        if(!(claim.getAttribute(
                                SP12Constants.ATTR_RST_TEMPLATE_CLAIM_TYPE_OPTIONAL) != null &&
                           "true".equals(claim.getAttribute(
                                SP12Constants.ATTR_RST_TEMPLATE_CLAIM_TYPE_OPTIONAL).getAttributeValue()))){
                            claimSet.add(claim.getAttributeValue(
                                SP12Constants.ATTR_RST_TEMPLATE_CLAIM_TYPE_URI));
                        }
                    }
                }
            }
            issuedToken.setRstClaimSet(claimSet);
        }


        OMElement policyElement = element.getFirstChildWithName(org.apache.neethi.Constants.Q_ELEM_POLICY);
View Full Code Here
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
public class IssuedTokenBuilder implements AssertionBuilder {

    public Assertion build(OMElement element, AssertionBuilderFactory factory)
            throws IllegalArgumentException {
        IssuedToken issuedToken = new IssuedToken();

        // Extract Issuer
        OMElement issuerElem = element.getFirstChildWithName(Constants.ISSUER);
        if (issuerElem != null && issuerElem.getFirstElement() != null) {
            issuedToken.setIssuerEpr(issuerElem.getFirstElement());
        }

        // Extract RSTTemplate
        OMElement rstTmplElem = element.getFirstChildWithName(Constants.ISSUER);
        if (rstTmplElem != null) {
            issuedToken.setIssuerEpr(rstTmplElem);
        }

        OMElement policyElement = element.getFirstElement();

        if (policyElement != null
View Full Code Here
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
                log.debug("SignatureToken is an IssuedToken");
               
                if(rmd.getIssuedSignatureTokenId() == null) {
                    log.debug("No Issuedtoken found, requesting a new token");
                   
                    IssuedToken issuedToken = (IssuedToken)sigTok;
                   
                    String id = RampartUtil.getIssuedToken(rmd,
                            issuedToken);
                    rmd.setIssuedSignatureTokenId(id);
                   
                   
                }
               
            } else if(sigTok instanceof SecureConversationToken) {
               
                log.debug("SignatureToken is a SecureConversationToken");
               
                //TODO check for an existing token and use it
               
                String secConvTokenId = rmd.getSecConvTokenId();
               
                //The RSTR has to be secured with the cancelled token
                String action = msgContext.getOptions().getAction();
                boolean cancelReqResp = action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RSTR_ACTION_CANCEL_SCT) ||
                                           action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RSTR_ACTION_CANCEL_SCT) ||
                                           action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RST_ACTION_CANCEL_SCT) ||
                                           action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RST_ACTION_CANCEL_SCT);
               
                //In the case of the cancel req or resp we should mark the token as cancelled
                if(secConvTokenId != null && cancelReqResp) {
                    try {
                        rmd.getTokenStorage().getToken(secConvTokenId).setState(org.apache.rahas.Token.CANCELLED);
                        msgContext.setProperty(RampartMessageData.SCT_ID, secConvTokenId);
                       
                        //remove from the local map of contexts
                        String contextIdentifierKey = RampartUtil.getContextIdentifierKey(msgContext);
                        RampartUtil.getContextMap(msgContext).remove(contextIdentifierKey);
                    } catch (TrustException e) {
                        throw new RampartException("errorExtractingToken");
                    }
                }
               
                if (secConvTokenId == null
                        || (secConvTokenId != null &&
                                (!RampartUtil.isTokenValid(rmd, secConvTokenId) && !cancelReqResp))) {
               
                    log.debug("No SecureConversationToken found, " +
                            "requesting a new token");
                   
                    SecureConversationToken secConvTok =
                                        (SecureConversationToken) sigTok;
                   
                    try {

                        String id = RampartUtil.getSecConvToken(rmd, secConvTok);
                        rmd.setSecConvTokenId(id);
                       
                    } catch (TrustException e) {
                        throw new RampartException("errorInObtainingSct", e);
                    }
                }
            }
           
            //If it was the ProtectionToken assertion then sigTok is the
            //same as encrTok
            if(sigTok.equals(encrTok) && sigTok instanceof IssuedToken) {
               
                log.debug("Symmetric binding uses a ProtectionToken, both" +
                        " SignatureToken and EncryptionToken are the same");
               
                rmd.setIssuedEncryptionTokenId(rmd.getIssuedEncryptionTokenId());
            } else {
                //Now we'll have to obtain the encryption token as well :-)
                //ASSUMPTION: SecureConversationToken is used as a
                //ProtectionToken therefore we only have to process a issued
                //token here
               
                log.debug("Obtaining the Encryption Token");
                if(rmd.getIssuedEncryptionTokenId() != null) {
                   
                    log.debug("EncrytionToken not alredy set");

                    IssuedToken issuedToken = (IssuedToken)encrTok;
                       
                    String id = RampartUtil.getIssuedToken(rmd,
                            issuedToken);
                    rmd.setIssuedEncryptionTokenId(id);
View Full Code Here
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
                log.debug("SignatureToken is an IssuedToken");
               
                if(rmd.getIssuedSignatureTokenId() == null) {
                    log.debug("No Issuedtoken found, requesting a new token");
                   
                    IssuedToken issuedToken = (IssuedToken)sigTok;
                   
                    String id = RampartUtil.getIssuedToken(rmd,
                            issuedToken);
                    rmd.setIssuedSignatureTokenId(id);
                   
                }
               
            } else if(sigTok instanceof SecureConversationToken) {
               
                log.debug("SignatureToken is a SecureConversationToken");
               
                //TODO check for an existing token and use it
               
                String secConvTokenId = rmd.getSecConvTokenId();
               
                //The RSTR has to be secured with the cancelled token
                String action = msgContext.getOptions().getAction();
                boolean cancelReqResp = action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RSTR_ACTION_CANCEL_SCT) ||
                                           action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RSTR_ACTION_CANCEL_SCT) ||
                                           action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RST_ACTION_CANCEL_SCT) ||
                                           action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RST_ACTION_CANCEL_SCT);
               
                //In the case of the cancel req or resp we should mark the token as cancelled
                if(secConvTokenId != null && cancelReqResp) {
                    try {
                        rmd.getTokenStorage().getToken(secConvTokenId).setState(org.apache.rahas.Token.CANCELLED);
                        msgContext.setProperty(RampartMessageData.SCT_ID, secConvTokenId);
                       
                        //remove from the local map of contexts
                        String contextIdentifierKey = RampartUtil.getContextIdentifierKey(msgContext);
                        RampartUtil.getContextMap(msgContext).remove(contextIdentifierKey);
                    } catch (TrustException e) {
                        throw new RampartException("errorExtractingToken");
                    }
                }
               
                if (secConvTokenId == null
                        || (secConvTokenId != null &&
                                (!RampartUtil.isTokenValid(rmd, secConvTokenId) && !cancelReqResp))) {
               
                    log.debug("No SecureConversationToken found, " +
                            "requesting a new token");
                   
                    SecureConversationToken secConvTok =
                                        (SecureConversationToken) sigTok;
                   
                    try {

                        String id = RampartUtil.getSecConvToken(rmd, secConvTok);
                        rmd.setSecConvTokenId(id);
                       
                    } catch (TrustException e) {
                        throw new RampartException("errorInObtainingSct", e);
                    }
                }
            }
           
            //If it was the ProtectionToken assertion then sigTok is the
            //same as encrTok
            if(sigTok.equals(encrTok) && sigTok instanceof IssuedToken) {
               
                log.debug("Symmetric binding uses a ProtectionToken, both" +
                        " SignatureToken and EncryptionToken are the same");
               
                rmd.setIssuedEncryptionTokenId(rmd.getIssuedEncryptionTokenId());
            } else {
                //Now we'll have to obtain the encryption token as well :-)
                //ASSUMPTION: SecureConversationToken is used as a
                //ProtectionToken therefore we only have to process a issued
                //token here
               
                log.debug("Obtaining the Encryption Token");
                if(rmd.getIssuedEncryptionTokenId() != null) {
                   
                    log.debug("EncrytionToken not alredy set");

                    IssuedToken issuedToken = (IssuedToken)encrTok;
                       
                    String id = RampartUtil.getIssuedToken(rmd,
                            issuedToken);
                    rmd.setIssuedEncryptionTokenId(id);
View Full Code Here
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
public class IssuedTokenBuilder implements AssertionBuilder<OMElement> {

    public Assertion build(OMElement element, AssertionBuilderFactory factory)
            throws IllegalArgumentException {
        IssuedToken issuedToken = new IssuedToken(SPConstants.SP_V12);

        OMAttribute  includeAttr = element.getAttribute(SP12Constants.INCLUDE_TOKEN);
        if(includeAttr != null) {
            int inclusion = SP12Constants.getInclusionFromAttributeValue(includeAttr.getAttributeValue());
            issuedToken.setInclusion(inclusion);
        }
        // Extract Issuer
        OMElement issuerElem = element.getFirstChildWithName(SP12Constants.ISSUER);
      
        if(issuerElem != null) {
            OMElement issuerEpr = issuerElem.getFirstChildWithName(new QName(AddressingConstants.Final.WSA_NAMESPACE,"Address"));
           
            //try the other addressing namespace
            if (issuerEpr == null) {
                issuerEpr = issuerElem.getFirstChildWithName(new QName(AddressingConstants.Submission.WSA_NAMESPACE,"Address"));
            }
           
            issuedToken.setIssuerEpr(issuerEpr);
        }
       
        //TODO check why this returns an Address element
        //iter = issuerElem.getChildrenWithLocalName("Metadata");
       
        if (issuerElem != null ) {
            OMElement issuerMex = issuerElem.getFirstChildWithName(new QName(AddressingConstants.Final.WSA_NAMESPACE,"Metadata"));
           
          //try the other addressing namespace
            if (issuerMex == null) {
                issuerMex = issuerElem.getFirstChildWithName(new QName(AddressingConstants.Submission.WSA_NAMESPACE,"Metadata"));
            }
                       
            issuedToken.setIssuerMex(issuerMex);
        }

        // Extract RSTTemplate
        OMElement rstTmplElem = element.getFirstChildWithName(SP12Constants.REQUEST_SECURITY_TOKEN_TEMPLATE);
        if (rstTmplElem != null) {
            issuedToken.setRstTemplate(rstTmplElem);
        }

        OMElement policyElement = element.getFirstChildWithName(org.apache.neethi.Constants.Q_ELEM_POLICY);

        if (policyElement != null) {
View Full Code Here
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
public class IssuedTokenBuilder implements AssertionBuilder<OMElement> {

    public Assertion build(OMElement element, AssertionBuilderFactory factory)
            throws IllegalArgumentException {
        IssuedToken issuedToken = new IssuedToken(SPConstants.SP_V11);

        OMAttribute  includeAttr = element.getAttribute(SP11Constants.INCLUDE_TOKEN);
        if(includeAttr != null) {
            issuedToken.setInclusion(SP11Constants.getInclusionFromAttributeValue(includeAttr.getAttributeValue()));
        }
        // Extract Issuer
        OMElement issuerElem = element.getFirstChildWithName(SP11Constants.ISSUER);
        if(issuerElem != null) {
            OMElement issuerEpr = issuerElem.getFirstChildWithName(new QName(AddressingConstants.Final.WSA_NAMESPACE,"Address"));
           
            //try the other addressing namespace
            if (issuerEpr == null) {
                issuerEpr = issuerElem.getFirstChildWithName(new QName(AddressingConstants.Submission.WSA_NAMESPACE,"Address"));
            }
           
            issuedToken.setIssuerEpr(issuerEpr);
        }
       
        //TODO check why this returns an Address element
        //iter = issuerElem.getChildrenWithLocalName("Metadata");
       
        if (issuerElem != null ) {
            OMElement issuerMex = issuerElem.getFirstChildWithName(new QName(AddressingConstants.Final.WSA_NAMESPACE,"Metadata"));
           
          //try the other addressing namespace
            if (issuerMex == null) {
                issuerMex = issuerElem.getFirstChildWithName(new QName(AddressingConstants.Submission.WSA_NAMESPACE,"Metadata"));
            }
                       
            issuedToken.setIssuerMex(issuerMex);
        }
       

        // Extract RSTTemplate
        OMElement rstTmplElem = element.getFirstChildWithName(SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE);
        if (rstTmplElem != null) {
            issuedToken.setRstTemplate(rstTmplElem);
        }

        OMElement policyElement = element.getFirstChildWithName(org.apache.neethi.Constants.Q_ELEM_POLICY);

        if (policyElement != null) {
View Full Code Here
TOP

Related Classes of org.apache.ws.secpolicy.model.IssuedToken

  • org.apache.rampart.builder.SymmetricBindingBuilder
  • org.apache.ws.secpolicy.builders.IssuedTokenBuilder
  • org.apache.ws.secpolicy11.builders.IssuedTokenBuilder
  • org.apache.ws.secpolicy12.builders.IssuedTokenBuilder
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.