WSSResponseHandler


1   /*
2    * JBoss, the OpenSource J2EE webOS
3    *
4    * Distributable under LGPL license.
5    * See terms of license at gnu.org.
6    * 
7    * Created on Feb 2, 2004
8    */
9   package org.jboss.net.axis.security.handler;
10  
11  import java.security.KeyStore  ;
12  import java.util.Map  ;
13  
14  import javax.naming.InitialContext  ;
15  import javax.naming.NamingException  ;
16  
17  import org.apache.axis.AxisFault;
18  import org.apache.axis.MessageContext;
19  import org.apache.log4j.Logger;
20  import org.apache.ws.axis.security.WSDoAllConstants;
21  import org.apache.ws.axis.security.WSDoAllSender;
22  import org.apache.ws.security.components.crypto.Crypto;
23  import org.jboss.net.axis.security.JBossCryptoFactory;
24  import org.jboss.net.axis.security.SecurityConstants;
25  import org.jboss.security.SecurityDomain;
26  
27  /**
28   * <dl>
29   * <dt><b>Title: </b><dd>Web Service Security Response Handler</dd>
30   * <p>
31   * <dt><b>Description: </b><dd>This handler is responsible for signing and/or encrypting the response message.</dd>
32   * <p>
33   * <dt><b>Copyright: </b><dd>Copyright (c) 2004</dd>
34   * <dt><b>Company: </b><dd>Green River Computing Services</dd>
35   * </dl>
36   * @author <a HREF="mailto:jasone@greenrivercomputing.com">Jason Essington</a>
37   * @version $Revision: 1.3 $
38   */
39  public class WSSResponseHandler extends WSDoAllSender
40  {
41     protected Logger log = Logger.getLogger(this.getClass());
42  
43     SecurityDomain domain = null;
44  
45     public void invoke(MessageContext mc) throws AxisFault
46     {
47        /*
48         * We stored off the alias of the user who signed the request (to be used to encrypt the response), 
49         * but just recently werner added a feature to wss4j to track the senders certificate, so we'll first
50         * check to see if wss4j should track the cert or if we should.
51         */
52        if (!WSDoAllConstants.USE_REQ_SIG_CERT.equals(getOption(WSDoAllConstants.ENCRYPTION_USER)))
53        {
54            // retrieve the alias used to sign the request. This guy will be used to encrypt the response (encryption user)
55            String   actor = (String  ) getOption(WSDoAllConstants.ACTOR);
56            String   alias = null;
57            Map   signers = (Map  ) mc.getProperty(SecurityConstants.MC_REQ_SIGNERS);
58            if (signers != null)
59            {
60               alias = (String  ) signers.get(actor);
61            }
62            // now put our ENCRYPTION_USER where the handler expects to find him.
63            // if there was no signature for this actor in the request, then this ENCRYPTION_USER will be set to null
64            // causing an AxisFault to be thrown later.
65            mc.setProperty(WSDoAllConstants.ENCRYPTION_USER, alias);
66        }
67        
68        super.invoke(mc);
69     }
70  
71     protected Crypto loadSignatureCrypto() throws AxisFault
72     {
73        if (log.isDebugEnabled())
74           log.debug("Loading the Signature Crypto Class");
75        if (domain == null)
76           getSecurityDomain();
77        // no need to test for a null domain as it is handled by getSecurityDomain
78        
79        KeyStore   truststore = domain.getTrustStore();
80        if (truststore == null)
81           throw new AxisFault("WSSReceiverHandler: No truststore available.");
82        String   cryptoClass;
83        if ((cryptoClass = (String  ) getOption(SecurityConstants.HANDLER_CRYPTO_CLASS)) == null)
84           throw new AxisFault("WSSReceiverHandler: No Crypto implementation was defined.");
85        return JBossCryptoFactory.getInstance(cryptoClass, truststore);
86     }
87  
88     protected Crypto loadEncryptionCrypto() throws AxisFault
89     {
90        if (log.isDebugEnabled())
91           log.debug("Loading the Decryption Crypto Class");
92        if (domain == null)
93           getSecurityDomain();
94        // npe is handled in getSecurityDomain
95        KeyStore   keystore = domain.getKeyStore();
96        if (keystore == null)
97           throw new AxisFault("WSSReceiverHandler: No keystore available.");
98        String   cryptoClass;
99        if ((cryptoClass = (String  ) getOption(SecurityConstants.HANDLER_CRYPTO_CLASS)) == null)
100          throw new AxisFault("WSSReceiverHandler: No Crypto implementation was defined.");
101       return JBossCryptoFactory.getInstance(cryptoClass, keystore);
102 
103    }
104 
105    private void getSecurityDomain() throws AxisFault
106    {
107       String   sd;
108       if ((sd = (String  ) getOption(SecurityConstants.HANDLER_SEC_DOMAIN)) == null)
109          sd = "java:/jaas/other"; // this is as good a default as any I suppose.
110       if (log.isDebugEnabled())
111          log.debug("WSSReceiveHandler, securityDomain=" + sd);
112       try
113       {
114          Object   tempDomain = new InitialContext  ().lookup(sd);
115          if (tempDomain != null && tempDomain instanceof SecurityDomain)
116             domain = (SecurityDomain) tempDomain;
117          else
118          {
119             // oops, we will not be able to get our keystore in the login module.
120             log.fatal("The SecurityManager named " + sd + " is not a SecurityDomain");
121             throw new AxisFault("WSSReceiverHandler: No security domain is available.");
122          }
123       }
124       catch (NamingException   e)
125       {
126          throw new AxisFault("Unable to find the securityDomain named: " + sd, e);
127       }
128    }
129 }
130
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags