KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > sun > enterprise > security > wss > WebServiceSecurity


1 /*
2  * The contents of this file are subject to the terms
3  * of the Common Development and Distribution License
4  * (the License). You may not use this file except in
5  * compliance with the License.
6  *
7  * You can obtain a copy of the license at
8  * https://glassfish.dev.java.net/public/CDDLv1.0.html or
9  * glassfish/bootstrap/legal/CDDLv1.0.txt.
10  * See the License for the specific language governing
11  * permissions and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL
14  * Header Notice in each file and include the License file
15  * at glassfish/bootstrap/legal/CDDLv1.0.txt.
16  * If applicable, add the following below the CDDL Header,
17  * with the fields enclosed by brackets [] replaced by
18  * you own identifying information:
19  * "Portions Copyrighted [year] [name of copyright owner]"
20  *
21  * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
22  */
23
24 /*
25  * WebServiceSecurity.java
26  *
27  * Created on April 9, 2004, 2:28 PM
28  */
29
30 package com.sun.enterprise.security.wss;
31
32 import java.util.HashMap JavaDoc;
33 import java.util.Set JavaDoc;
34
35 import com.sun.enterprise.security.jauth.*;
36 import com.sun.enterprise.security.ClientSecurityContext;
37 import com.sun.enterprise.security.SecurityContext;
38 import com.sun.enterprise.security.audit.AuditManager;
39 import com.sun.enterprise.security.audit.AuditManagerFactory;
40     
41 import java.security.Principal JavaDoc;
42 import javax.security.auth.Subject JavaDoc;
43 import javax.xml.soap.SOAPMessage JavaDoc;
44 import javax.servlet.http.HttpServletRequest JavaDoc;
45
46 import com.sun.logging.*;
47 import java.util.logging.*;
48
49 import com.sun.enterprise.webservice.WsUtil;
50 import com.sun.enterprise.webservice.monitoring.Endpoint;
51 import com.sun.enterprise.webservice.monitoring.EndpointType;
52 import com.sun.enterprise.webservice.monitoring.WebServiceEngineImpl;
53
54 /**
55  *
56  * Load Container auth spi.
57  * @author Harpreet Singh
58  */
59
60 public class WebServiceSecurity {
61
62     private static Logger _logger=null;
63     static {
64         _logger = LogDomains.getLogger(LogDomains.SECURITY_LOGGER);
65     }
66
67     private static AuditManager auditManager =
68             AuditManagerFactory.getAuditManagerInstance();
69
70     // keys to shared state (for things like session keys) in SOAPMessageCOntext
71 private static final String JavaDoc SHARED_CLIENT_STATE =
72         "com.sun.enterprise.security.jauth.ClientHashMap";
73
74     private static final String JavaDoc SHARED_SERVER_STATE =
75         "com.sun.enterprise.security.jauth.ServerHashMap";
76
77     private WebServiceSecurity () {
78     }
79     
80     // when called by jaxrpc SystemHandlerDelegate
81 public static boolean
82     validateRequest(javax.xml.rpc.handler.soap.SOAPMessageContext JavaDoc context,
83             ServerAuthContext sAC)
84         throws AuthException
85     {
86     boolean rvalue = true;
87     SOAPAuthParam param =
88         new SOAPAuthParam(WsUtil.getMessage(context), null);
89
90     // put sharedState in MessageContext for use by secureResponse
91 HashMap JavaDoc sharedState = new HashMap JavaDoc();
92     context.setProperty(SHARED_SERVER_STATE, sharedState);
93
94     try {
95         rvalue = validateRequest(param, sharedState, sAC);
96     } catch(PendingException pe){
97             _logger.log(Level.FINE,
98             "Container-auth: wss: Error validating request ",pe);
99         context.setMessage(param.getResponse());
100         rvalue = false;
101     } catch(FailureException fe){
102             _logger.log(Level.FINE,
103             "Container-auth: wss: Error validating request ",fe);
104         context.setMessage(param.getResponse());
105         throw fe;
106         }
107     return rvalue;
108     }
109
110     // when called by jaxws SystemHandlerDelegate
111 public static boolean
112     validateRequest(javax.xml.ws.handler.soap.SOAPMessageContext context,
113             ServerAuthContext sAC)
114         throws AuthException
115     {
116     boolean rvalue = true;
117     SOAPAuthParam param =
118         new SOAPAuthParam(WsUtil.getMessage(context), null);
119
120     // put sharedState in MessageContext for use by secureResponse
121 HashMap JavaDoc sharedState = new HashMap JavaDoc();
122     context.put(SHARED_SERVER_STATE, sharedState);
123
124     try {
125         rvalue = validateRequest(param, sharedState, sAC);
126     } catch(PendingException pe){
127             _logger.log(Level.FINE,
128             "Container-auth: wss: Error validating request ",pe);
129         context.setMessage(param.getResponse());
130         rvalue = false;
131     } catch(FailureException fe){
132             _logger.log(Level.FINE,
133             "Container-auth: wss: Error validating request ",fe);
134         context.setMessage(param.getResponse());
135         throw fe;
136         }
137     return rvalue;
138     }
139
140     private static boolean
141     validateRequest(AuthParam param, HashMap JavaDoc sharedState,
142             ServerAuthContext sAC)
143         throws AuthException
144     {
145     boolean rvalue = true;
146
147         if(_logger.isLoggable(Level.FINE)) {
148             _logger.log(Level.FINE,
149             "Container Auth: ServerAuthContext.validateRequest");
150         }
151     
152     Subject JavaDoc subject = null;
153     boolean firstAuthentication = true;
154     SecurityContext sc = SecurityContext.getCurrent();
155     if (sc == null || sc.didServerGenerateCredentials()) {
156         subject = new Subject JavaDoc();
157     } else {
158         subject = sc.getSubject();
159         firstAuthentication = false;
160     }
161
162     sAC.validateRequest((AuthParam)param, subject, sharedState);
163
164     if (rvalue && firstAuthentication) {
165         Set JavaDoc principalSet = subject.getPrincipals();
166         // must be at least one new principal to establish
167 // non-default security contex
168 if (principalSet != null && !principalSet.isEmpty()) {
169         // define and add initiator to Subject - note that this may add
170 // a second principal (of type PrincipalImpl) for initiator.
171 String JavaDoc initiator = ((Principal JavaDoc)principalSet.iterator().next()).
172             getName();
173         SecurityContext newSC = new SecurityContext(initiator,subject);
174         SecurityContext.setCurrent(newSC);
175         }
176     }
177
178         return rvalue;
179     }
180     
181     // when called by jaxrpc SystemHandlerDelegate
182 public static void
183     secureResponse(javax.xml.rpc.handler.soap.SOAPMessageContext JavaDoc context,
184                ServerAuthContext sAC)
185         throws AuthException
186     {
187     secureResponse(WsUtil.getMessage(context),
188                (HashMap JavaDoc) context.getProperty(SHARED_SERVER_STATE),
189                sAC);
190     }
191
192     // when called by jaxws SystemHandlerDelegate
193 public static void
194     secureResponse(javax.xml.ws.handler.soap.SOAPMessageContext context, ServerAuthContext sAC)
195         throws AuthException
196     {
197     secureResponse(WsUtil.getMessage(context),
198                (HashMap JavaDoc) context.get(SHARED_SERVER_STATE),
199                sAC);
200     }
201
202     private static void
203     secureResponse(SOAPMessage JavaDoc response, HashMap JavaDoc sharedState,
204                ServerAuthContext sAC)
205         throws AuthException
206     {
207         if(_logger.isLoggable(Level.FINE)) {
208             _logger.log(Level.FINE,
209             "Container Auth: ServerAuthContext.secureResponse");
210         }
211
212     // subject may change if runAs identity differs from caller's.
213 // Therefore, session state is saved in sharedState not subject
214 SecurityContext sc = SecurityContext.getCurrent();
215     Subject JavaDoc subject = sc.getSubject();
216
217     SOAPAuthParam param = new SOAPAuthParam(null, response);
218
219         try{
220             sAC.secureResponse((AuthParam)param, subject, sharedState);
221         } finally {
222         sAC.disposeSubject(subject,sharedState);
223     }
224
225         return;
226     }
227
228     // when called by jaxrpc Handler
229 public static void
230     secureRequest(javax.xml.rpc.handler.soap.SOAPMessageContext JavaDoc context,
231               ClientAuthContext cAC, boolean isAppClient)
232         throws AuthException
233     {
234     // put sharedState in MessageContext for use by validateResponse
235 HashMap JavaDoc sharedState = new HashMap JavaDoc();
236     context.setProperty(SHARED_CLIENT_STATE, sharedState);
237         sharedState.put(javax.xml.ws.handler.MessageContext.WSDL_SERVICE,
238             context.getProperty(javax.xml.ws.handler.MessageContext.WSDL_SERVICE));
239
240     secureRequest
241         (WsUtil.getMessage(context), sharedState, cAC, isAppClient);
242     }
243
244     // when called by jaxws Handler or SystemHandlerDelegate
245 public static void
246     secureRequest(javax.xml.ws.handler.soap.SOAPMessageContext context,
247               ClientAuthContext cAC, boolean isAppClient)
248         throws AuthException
249     {
250     // put sharedState in MessageContext for use by validateResponse
251 HashMap JavaDoc sharedState = new HashMap JavaDoc();
252     context.put(SHARED_CLIENT_STATE, sharedState);
253         sharedState.put(javax.xml.ws.handler.MessageContext.WSDL_SERVICE,
254             context.get(javax.xml.ws.handler.MessageContext.WSDL_SERVICE));
255
256     secureRequest
257         (WsUtil.getMessage(context), sharedState, cAC, isAppClient);
258     }
259
260     private static void
261     secureRequest(SOAPMessage JavaDoc request, HashMap JavaDoc sharedState,
262               ClientAuthContext cAC, boolean isAppClient)
263         throws AuthException
264     {
265
266         if(_logger.isLoggable(Level.FINE)) {
267             _logger.log(Level.FINE,
268             "Container Auth: ClientAuthContext.secureRequest");
269         }
270
271     SOAPAuthParam param = new SOAPAuthParam(request, null);
272
273     Subject JavaDoc subject = null;
274     if (isAppClient) {
275         ClientSecurityContext sc = ClientSecurityContext.getCurrent();
276         if (sc != null) {
277         subject = sc.getSubject();
278         }
279     } else {
280         SecurityContext sc = SecurityContext.getCurrent();
281         if (sc != null && !sc.didServerGenerateCredentials()) {
282         // make sure we don't use default unauthenticated subject,
283 // so that module cannot change this important (constant)
284 // subject.
285 subject = sc.getSubject();
286         }
287     }
288     if (subject == null) subject = new Subject JavaDoc();
289     
290     cAC.secureRequest ( param, subject, sharedState);
291     }
292     
293     // when called by jaxrpc Handler
294 public static boolean
295     validateResponse(javax.xml.rpc.handler.soap.SOAPMessageContext JavaDoc context,
296              ClientAuthContext cAC)
297         throws AuthException
298     {
299     return validateResponse
300         (WsUtil.getMessage(context),
301          (HashMap JavaDoc) context.getProperty(SHARED_CLIENT_STATE), cAC);
302     }
303
304     // when called by jaxws Handler or SystemHandlerDelegate
305 public static boolean
306     validateResponse(javax.xml.ws.handler.soap.SOAPMessageContext context,
307              ClientAuthContext cAC)
308         throws AuthException
309     {
310     return validateResponse
311         (WsUtil.getMessage(context),
312          (HashMap JavaDoc) context.get(SHARED_CLIENT_STATE), cAC);
313     }
314
315     private static boolean
316     validateResponse(SOAPMessage JavaDoc response, HashMap JavaDoc sharedState,
317              ClientAuthContext cAC)
318         throws AuthException
319     {
320         boolean rvalue = true;
321
322     // get a subject to be filled in with the principals of the responder
323 Subject JavaDoc responderSubject = new Subject JavaDoc();
324
325     SOAPAuthParam param = new SOAPAuthParam(null, response);
326
327         try{
328             cAC.validateResponse( param, responderSubject, sharedState);
329         } catch(AuthException ae){
330             _logger.log(Level.SEVERE,
331             "Container-auth: wss: Error validating response ", ae);
332         rvalue = false;
333             throw ae;
334         } finally {
335         cAC.disposeSubject(responderSubject,sharedState);
336     }
337         
338         return rvalue;
339     }
340
341     // when called by jaxrpc SystemHandlerDelegate
342 public static void auditInvocation
343     (javax.xml.rpc.handler.soap.SOAPMessageContext JavaDoc context, boolean status) {
344
345     if (auditManager.isAuditOn()) {
346
347         // TODO: replace the string literal with the correct constant
348 // MessageContextProperties.HTTP_SERVLET_REQUEST);
349
350         HttpServletRequest JavaDoc req = (HttpServletRequest JavaDoc)context.getProperty
351         ("com.sun.xml.rpc.server.http.HttpServletRequest");
352        
353         String JavaDoc uri = null;
354
355         if( req != null ) {
356         uri = req.getRequestURI();
357         }
358         
359         Endpoint endpoint = WebServiceEngineImpl.getInstance().getEndpoint
360         (req.getRequestURL().toString());
361
362         String JavaDoc epName = null;
363
364         if( endpoint != null ) {
365         epName = endpoint.getDescriptor().getEndpointName();
366         }
367
368         auditManager.webServiceInvocation
369         ( ((uri==null) ? "(no uri)" : uri),
370           ((epName==null) ? "(no endpoint)" : epName),
371           status);
372     }
373     }
374
375     // when called by jaxws SystemHandlerDelegate
376 public static void auditInvocation
377     (javax.xml.ws.handler.soap.SOAPMessageContext context, boolean status) {
378
379     if (auditManager.isAuditOn()) {
380
381         HttpServletRequest JavaDoc req = (HttpServletRequest JavaDoc)context.get
382         (javax.xml.ws.handler.MessageContext.SERVLET_REQUEST);
383        
384         String JavaDoc uri = null;
385
386         if( req != null ) {
387         uri = req.getRequestURI();
388         }
389         
390         String JavaDoc epName = null;
391
392         Endpoint endpoint = WebServiceEngineImpl.getInstance().getEndpoint
393         (req.getRequestURL().toString());
394         
395         if( endpoint != null ) {
396         epName = endpoint.getDescriptor().getEndpointName();
397         }
398
399         auditManager.webServiceInvocation
400         ( ((uri==null) ? "(no uri)" : uri),
401           ((epName==null) ? "(no endpoint)" : epName),
402           status);
403     }
404     }
405
406 }
407
Popular Tags