Author: veithen
Date: Sun Oct 30 08:18:31 2011
New Revision: 1195130
URL: http://svn.apache.org/viewvc?rev=1195130&view=rev
Log:
Use a less hacky solution to make OpenSAML 1 use DOOM: register a custom
XML.ParserPool that uses DOOMDocumentBuilderFactory.
Added:
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/AxiomParserPool.java
(with props)
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/Rahas.java
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenRenewer.java
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenValidator.java
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/Rahas.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/Rahas.java?rev=1195130&r1=1195129&r2=1195130&view=diff
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/Rahas.java
(original)
+++
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/Rahas.java
Sun Oct 30 08:18:31 2011
@@ -25,12 +25,17 @@ import org.apache.axis2.description.Axis
import org.apache.axis2.modules.Module;
import org.apache.neethi.Assertion;
import org.apache.neethi.Policy;
+import org.apache.rahas.impl.util.AxiomParserPool;
import org.opensaml.DefaultBootstrap;
+import org.opensaml.XML;
import org.opensaml.xml.ConfigurationException;
public class Rahas implements Module {
public void init(ConfigurationContext configContext, AxisModule module)
throws AxisFault {
+ // Set up OpenSAML to use a DOM aware Axiom implementation
+ XML.parserPool = new AxiomParserPool();
+
try {
DefaultBootstrap.bootstrap();
} catch (ConfigurationException ex) {
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java?rev=1195130&r1=1195129&r2=1195130&view=diff
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java
(original)
+++
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java
Sun Oct 30 08:18:31 2011
@@ -18,7 +18,6 @@ package org.apache.rahas.impl;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMNode;
-import org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.description.Parameter;
@@ -76,176 +75,166 @@ public class SAMLTokenIssuer implements
private String configFile;
public SOAPEnvelope issue(RahasData data) throws TrustException {
+ MessageContext inMsgCtx = data.getInMessageContext();
- try {
- MessageContext inMsgCtx = data.getInMessageContext();
-
- SAMLTokenIssuerConfig config = null;
- if (this.configElement != null) {
- config = new SAMLTokenIssuerConfig(configElement
-
.getFirstChildWithName(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
- }
-
- // Look for the file
- if (config == null && this.configFile != null) {
- config = new SAMLTokenIssuerConfig(this.configFile);
- }
-
- // Look for the param
- if (config == null && this.configParamName != null) {
- Parameter param = inMsgCtx.getParameter(this.configParamName);
- if (param != null && param.getParameterElement() != null) {
- config = new SAMLTokenIssuerConfig(param
- .getParameterElement().getFirstChildWithName(
- SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
- } else {
- throw new TrustException("expectedParameterMissing",
- new String[] { this.configParamName });
- }
- }
-
- if (config == null) {
- throw new TrustException("configurationIsNull");
- }
-
- // Set the DOM impl to DOOM
- DocumentBuilderFactoryImpl.setDOOMRequired(true);
-
- SOAPEnvelope env = TrustUtil.createSOAPEnvelope(inMsgCtx
- .getEnvelope().getNamespace().getNamespaceURI());
-
- Crypto crypto;
- if (config.cryptoElement != null) { // crypto props
- // defined as
- // elements
- crypto = CryptoFactory.getInstance(TrustUtil
- .toProperties(config.cryptoElement), inMsgCtx
- .getAxisService().getClassLoader());
- } else { // crypto props defined in a properties file
- crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile,
- inMsgCtx.getAxisService().getClassLoader());
- }
-
- // Creation and expiration times
- Date creationTime = new Date();
- Date expirationTime = new Date();
- expirationTime.setTime(creationTime.getTime() + config.ttl);
-
- // Get the document
- Document doc = ((Element) env).getOwnerDocument();
-
- // Get the key size and create a new byte array of that size
- int keySize = data.getKeysize();
-
- keySize = (keySize == -1) ? config.keySize : keySize;
-
- /*
- * Find the KeyType If the KeyType is SymmetricKey or PublicKey,
- * issue a SAML HoK assertion. - In the case of the PublicKey, in
- * coming security header MUST contain a certificate (maybe via
- * signature)
- *
- * If the KeyType is Bearer then issue a Bearer assertion
- *
- * If the key type is missing we will issue a HoK assertion
- */
+ SAMLTokenIssuerConfig config = null;
+ if (this.configElement != null) {
+ config = new SAMLTokenIssuerConfig(configElement
+
.getFirstChildWithName(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
+ }
- String keyType = data.getKeyType();
- SAMLAssertion assertion;
- if (keyType == null) {
- throw new TrustException(TrustException.INVALID_REQUEST,
- new String[] { "Requested KeyType is missing" });
- }
+ // Look for the file
+ if (config == null && this.configFile != null) {
+ config = new SAMLTokenIssuerConfig(this.configFile);
+ }
- if (keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)
- || keyType.endsWith(RahasConstants.KEY_TYPE_PUBLIC_KEY)) {
- assertion = createHoKAssertion(config, doc, crypto,
- creationTime, expirationTime, data);
- } else if (keyType.endsWith(RahasConstants.KEY_TYPE_BEARER)) {
- assertion = createBearerAssertion(config, doc, crypto,
- creationTime, expirationTime, data);
+ // Look for the param
+ if (config == null && this.configParamName != null) {
+ Parameter param = inMsgCtx.getParameter(this.configParamName);
+ if (param != null && param.getParameterElement() != null) {
+ config = new SAMLTokenIssuerConfig(param
+ .getParameterElement().getFirstChildWithName(
+ SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
} else {
- throw new TrustException("unsupportedKeyType");
+ throw new TrustException("expectedParameterMissing",
+ new String[] { this.configParamName });
}
+ }
- OMElement rstrElem;
- int wstVersion = data.getVersion();
- if (RahasConstants.VERSION_05_02 == wstVersion) {
- rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(
- wstVersion, env.getBody());
- } else {
- OMElement rstrcElem = TrustUtil
- .createRequestSecurityTokenResponseCollectionElement(
- wstVersion, env.getBody());
- rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(
- wstVersion, rstrcElem);
- }
+ if (config == null) {
+ throw new TrustException("configurationIsNull");
+ }
- TrustUtil.createTokenTypeElement(wstVersion, rstrElem).setText(
- RahasConstants.TOK_TYPE_SAML_10);
+ SOAPEnvelope env = TrustUtil.createSOAPEnvelope(inMsgCtx
+ .getEnvelope().getNamespace().getNamespaceURI());
- if (keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)) {
- TrustUtil.createKeySizeElement(wstVersion, rstrElem, keySize);
- }
+ Crypto crypto;
+ if (config.cryptoElement != null) { // crypto props
+ // defined as
+ // elements
+ crypto = CryptoFactory.getInstance(TrustUtil
+ .toProperties(config.cryptoElement), inMsgCtx
+ .getAxisService().getClassLoader());
+ } else { // crypto props defined in a properties file
+ crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile,
+ inMsgCtx.getAxisService().getClassLoader());
+ }
- if (config.addRequestedAttachedRef) {
- TrustUtil.createRequestedAttachedRef(rstrElem,
assertion.getId(),wstVersion);
- }
+ // Creation and expiration times
+ Date creationTime = new Date();
+ Date expirationTime = new Date();
+ expirationTime.setTime(creationTime.getTime() + config.ttl);
+
+ // Get the document
+ Document doc = ((Element) env).getOwnerDocument();
+
+ // Get the key size and create a new byte array of that size
+ int keySize = data.getKeysize();
+
+ keySize = (keySize == -1) ? config.keySize : keySize;
+
+ /*
+ * Find the KeyType If the KeyType is SymmetricKey or PublicKey,
+ * issue a SAML HoK assertion. - In the case of the PublicKey, in
+ * coming security header MUST contain a certificate (maybe via
+ * signature)
+ *
+ * If the KeyType is Bearer then issue a Bearer assertion
+ *
+ * If the key type is missing we will issue a HoK assertion
+ */
+
+ String keyType = data.getKeyType();
+ SAMLAssertion assertion;
+ if (keyType == null) {
+ throw new TrustException(TrustException.INVALID_REQUEST,
+ new String[] { "Requested KeyType is missing" });
+ }
- if (config.addRequestedUnattachedRef) {
- TrustUtil.createRequestedUnattachedRef(rstrElem,
assertion.getId(),wstVersion);
- }
+ if (keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)
+ || keyType.endsWith(RahasConstants.KEY_TYPE_PUBLIC_KEY)) {
+ assertion = createHoKAssertion(config, doc, crypto,
+ creationTime, expirationTime, data);
+ } else if (keyType.endsWith(RahasConstants.KEY_TYPE_BEARER)) {
+ assertion = createBearerAssertion(config, doc, crypto,
+ creationTime, expirationTime, data);
+ } else {
+ throw new TrustException("unsupportedKeyType");
+ }
- if (data.getAppliesToAddress() != null) {
- TrustUtil.createAppliesToElement(rstrElem, data
- .getAppliesToAddress(), data.getAddressingNs());
- }
+ OMElement rstrElem;
+ int wstVersion = data.getVersion();
+ if (RahasConstants.VERSION_05_02 == wstVersion) {
+ rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(
+ wstVersion, env.getBody());
+ } else {
+ OMElement rstrcElem = TrustUtil
+ .createRequestSecurityTokenResponseCollectionElement(
+ wstVersion, env.getBody());
+ rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(
+ wstVersion, rstrcElem);
+ }
- // Use GMT time in milliseconds
- DateFormat zulu = new XmlSchemaDateFormat();
+ TrustUtil.createTokenTypeElement(wstVersion, rstrElem).setText(
+ RahasConstants.TOK_TYPE_SAML_10);
- // Add the Lifetime element
- TrustUtil.createLifetimeElement(wstVersion, rstrElem, zulu
- .format(creationTime), zulu.format(expirationTime));
+ if (keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)) {
+ TrustUtil.createKeySizeElement(wstVersion, rstrElem, keySize);
+ }
- // Create the RequestedSecurityToken element and add the SAML token
- // to it
- OMElement reqSecTokenElem = TrustUtil
- .createRequestedSecurityTokenElement(wstVersion, rstrElem);
- Token assertionToken;
- try {
- Node tempNode = assertion.toDOM();
- reqSecTokenElem.addChild((OMNode) ((Element) rstrElem)
- .getOwnerDocument().importNode(tempNode, true));
+ if (config.addRequestedAttachedRef) {
+ TrustUtil.createRequestedAttachedRef(rstrElem,
assertion.getId(),wstVersion);
+ }
- // Store the token
- assertionToken = new Token(assertion.getId(),
- (OMElement) assertion.toDOM(), creationTime,
- expirationTime);
+ if (config.addRequestedUnattachedRef) {
+ TrustUtil.createRequestedUnattachedRef(rstrElem,
assertion.getId(),wstVersion);
+ }
- // At this point we definitely have the secret
- // Otherwise it should fail with an exception earlier
- assertionToken.setSecret(data.getEphmeralKey());
- TrustUtil.getTokenStore(inMsgCtx).add(assertionToken);
+ if (data.getAppliesToAddress() != null) {
+ TrustUtil.createAppliesToElement(rstrElem, data
+ .getAppliesToAddress(), data.getAddressingNs());
+ }
- } catch (SAMLException e) {
- throw new TrustException("samlConverstionError", e);
- }
+ // Use GMT time in milliseconds
+ DateFormat zulu = new XmlSchemaDateFormat();
- if (keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)
- && config.keyComputation !=
SAMLTokenIssuerConfig.KeyComputation.KEY_COMP_USE_REQ_ENT) {
+ // Add the Lifetime element
+ TrustUtil.createLifetimeElement(wstVersion, rstrElem, zulu
+ .format(creationTime), zulu.format(expirationTime));
+
+ // Create the RequestedSecurityToken element and add the SAML token
+ // to it
+ OMElement reqSecTokenElem = TrustUtil
+ .createRequestedSecurityTokenElement(wstVersion, rstrElem);
+ Token assertionToken;
+ try {
+ Node tempNode = assertion.toDOM();
+ reqSecTokenElem.addChild((OMNode) ((Element) rstrElem)
+ .getOwnerDocument().importNode(tempNode, true));
+
+ // Store the token
+ assertionToken = new Token(assertion.getId(),
+ (OMElement) assertion.toDOM(), creationTime,
+ expirationTime);
+
+ // At this point we definitely have the secret
+ // Otherwise it should fail with an exception earlier
+ assertionToken.setSecret(data.getEphmeralKey());
+ TrustUtil.getTokenStore(inMsgCtx).add(assertionToken);
- // Add the RequestedProofToken
- TokenIssuerUtil.handleRequestedProofToken(data, wstVersion,
- config, rstrElem, assertionToken, doc);
- }
+ } catch (SAMLException e) {
+ throw new TrustException("samlConverstionError", e);
+ }
+
+ if (keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)
+ && config.keyComputation !=
SAMLTokenIssuerConfig.KeyComputation.KEY_COMP_USE_REQ_ENT) {
- return env;
- } finally {
- // Unset the DOM impl to default
- DocumentBuilderFactoryImpl.setDOOMRequired(false);
+ // Add the RequestedProofToken
+ TokenIssuerUtil.handleRequestedProofToken(data, wstVersion,
+ config, rstrElem, assertionToken, doc);
}
+ return env;
}
private SAMLAssertion createBearerAssertion(SAMLTokenIssuerConfig config,
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenRenewer.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenRenewer.java?rev=1195130&r1=1195129&r2=1195130&view=diff
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenRenewer.java
(original)
+++
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenRenewer.java
Sun Oct 30 08:18:31 2011
@@ -8,7 +8,6 @@ import java.util.Date;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMNode;
-import org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.description.Parameter;
@@ -73,104 +72,96 @@ public class SAMLTokenRenewer implements
// retrieve the list of tokens from the message context
TokenStorage tkStorage = TrustUtil.getTokenStore(inMsgCtx);
- try {
- // Set the DOM impl to DOOM
- DocumentBuilderFactoryImpl.setDOOMRequired(true);
+ // Create envelope
+ SOAPEnvelope env = TrustUtil.createSOAPEnvelope(inMsgCtx
+ .getEnvelope().getNamespace().getNamespaceURI());
+
+ // Create RSTR element, with respective version
+ OMElement rstrElem;
+ int wstVersion = data.getVersion();
+ if (RahasConstants.VERSION_05_02 == wstVersion) {
+ rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(
+ wstVersion, env.getBody());
+ } else {
+ OMElement rstrcElem = TrustUtil
+ .createRequestSecurityTokenResponseCollectionElement(
+ wstVersion, env.getBody());
+ rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(
+ wstVersion, rstrcElem);
+ }
+
+ Crypto crypto;
+ if (config.cryptoElement != null) {
+ // crypto props defined as elements
+ crypto = CryptoFactory.getInstance(TrustUtil
+ .toProperties(config.cryptoElement), inMsgCtx
+ .getAxisService().getClassLoader());
+ } else {
+ // crypto props defined in a properties file
+ crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile,
+ inMsgCtx.getAxisService().getClassLoader());
+ }
- // Create envelope
- SOAPEnvelope env = TrustUtil.createSOAPEnvelope(inMsgCtx
- .getEnvelope().getNamespace().getNamespaceURI());
-
- // Create RSTR element, with respective version
- OMElement rstrElem;
- int wstVersion = data.getVersion();
- if (RahasConstants.VERSION_05_02 == wstVersion) {
- rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(
- wstVersion, env.getBody());
- } else {
- OMElement rstrcElem = TrustUtil
- .createRequestSecurityTokenResponseCollectionElement(
- wstVersion, env.getBody());
- rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(
- wstVersion, rstrcElem);
- }
+ // Create TokenType element
+ TrustUtil.createTokenTypeElement(wstVersion, rstrElem).setText(
+ RahasConstants.TOK_TYPE_SAML_10);
+
+ // Creation and expiration times
+ Date creationTime = new Date();
+ Date expirationTime = new Date();
+ expirationTime.setTime(creationTime.getTime() + config.ttl);
+
+ // Use GMT time in milliseconds
+ DateFormat zulu = new XmlSchemaDateFormat();
+
+ // Add the Lifetime element
+ TrustUtil.createLifetimeElement(wstVersion, rstrElem, zulu
+ .format(creationTime), zulu.format(expirationTime));
+
+ // Obtain the token
+ Token tk = tkStorage.getToken(data.getTokenId());
+
+ OMElement assertionOMElement = tk.getToken();
+ SAMLAssertion samlAssertion = null;
+
+ try {
+ samlAssertion = new SAMLAssertion((Element) assertionOMElement);
+ samlAssertion.unsign();
+ samlAssertion.setNotBefore(creationTime);
+ samlAssertion.setNotOnOrAfter(expirationTime);
- Crypto crypto;
- if (config.cryptoElement != null) {
- // crypto props defined as elements
- crypto = CryptoFactory.getInstance(TrustUtil
- .toProperties(config.cryptoElement), inMsgCtx
- .getAxisService().getClassLoader());
- } else {
- // crypto props defined in a properties file
- crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile,
- inMsgCtx.getAxisService().getClassLoader());
+ // sign the assertion
+ X509Certificate[] issuerCerts = crypto
+ .getCertificates(config.issuerKeyAlias);
+
+ String sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_RSA;
+ String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
+ if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
+ sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_DSA;
}
-
- // Create TokenType element
- TrustUtil.createTokenTypeElement(wstVersion, rstrElem).setText(
- RahasConstants.TOK_TYPE_SAML_10);
+ java.security.Key issuerPK = crypto.getPrivateKey(
+ config.issuerKeyAlias, config.issuerKeyPassword);
- // Creation and expiration times
- Date creationTime = new Date();
- Date expirationTime = new Date();
- expirationTime.setTime(creationTime.getTime() + config.ttl);
+ samlAssertion.sign(sigAlgo, issuerPK, Arrays.asList(issuerCerts));
- // Use GMT time in milliseconds
- DateFormat zulu = new XmlSchemaDateFormat();
+ // Create the RequestedSecurityToken element and add the SAML token
+ // to it
+ OMElement reqSecTokenElem = TrustUtil
+ .createRequestedSecurityTokenElement(wstVersion, rstrElem);
+
+ Node tempNode = samlAssertion.toDOM();
+ reqSecTokenElem.addChild((OMNode) ((Element) rstrElem)
+ .getOwnerDocument().importNode(tempNode, true));
- // Add the Lifetime element
- TrustUtil.createLifetimeElement(wstVersion, rstrElem, zulu
- .format(creationTime), zulu.format(expirationTime));
-
- // Obtain the token
- Token tk = tkStorage.getToken(data.getTokenId());
-
- OMElement assertionOMElement = tk.getToken();
- SAMLAssertion samlAssertion = null;
-
- try {
- samlAssertion = new SAMLAssertion((Element)
assertionOMElement);
- samlAssertion.unsign();
- samlAssertion.setNotBefore(creationTime);
- samlAssertion.setNotOnOrAfter(expirationTime);
-
- // sign the assertion
- X509Certificate[] issuerCerts = crypto
- .getCertificates(config.issuerKeyAlias);
-
- String sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_RSA;
- String pubKeyAlgo =
issuerCerts[0].getPublicKey().getAlgorithm();
- if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
- sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_DSA;
- }
- java.security.Key issuerPK = crypto.getPrivateKey(
- config.issuerKeyAlias, config.issuerKeyPassword);
-
- samlAssertion.sign(sigAlgo, issuerPK,
Arrays.asList(issuerCerts));
-
- // Create the RequestedSecurityToken element and add the SAML
token
- // to it
- OMElement reqSecTokenElem = TrustUtil
- .createRequestedSecurityTokenElement(wstVersion,
rstrElem);
-
- Node tempNode = samlAssertion.toDOM();
- reqSecTokenElem.addChild((OMNode) ((Element) rstrElem)
- .getOwnerDocument().importNode(tempNode, true));
-
-
- } catch (SAMLException e) {
- throw new TrustException("Cannot create SAML Assertion",e);
- } catch (WSSecurityException e) {
- throw new TrustException("Cannot create SAML Assertion",e);
- } catch (Exception e) {
- throw new TrustException("Cannot create SAML Assertion",e);
- }
- return env;
- } finally {
- DocumentBuilderFactoryImpl.setDOOMRequired(false);
- }
+ } catch (SAMLException e) {
+ throw new TrustException("Cannot create SAML Assertion",e);
+ } catch (WSSecurityException e) {
+ throw new TrustException("Cannot create SAML Assertion",e);
+ } catch (Exception e) {
+ throw new TrustException("Cannot create SAML Assertion",e);
+ }
+ return env;
}
/**
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenValidator.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenValidator.java?rev=1195130&r1=1195129&r2=1195130&view=diff
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenValidator.java
(original)
+++
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenValidator.java
Sun Oct 30 08:18:31 2011
@@ -6,7 +6,6 @@ import java.security.cert.X509Certificat
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
-import org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.description.Parameter;
@@ -50,62 +49,55 @@ public class SAMLTokenValidator implemen
// retrieve the list of tokens from the message context
TokenStorage tkStorage = TrustUtil.getTokenStore(inMsgCtx);
- try {
- // Set the DOM impl to DOOM
- DocumentBuilderFactoryImpl.setDOOMRequired(true);
+ // Create envelope
+ SOAPEnvelope env = TrustUtil.createSOAPEnvelope(inMsgCtx
+ .getEnvelope().getNamespace().getNamespaceURI());
+
+ // Create RSTR element, with respective version
+ OMElement rstrElem;
+ int wstVersion = data.getVersion();
+ if (RahasConstants.VERSION_05_02 == wstVersion) {
+ rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(
+ wstVersion, env.getBody());
+ } else {
+ OMElement rstrcElem = TrustUtil
+ .createRequestSecurityTokenResponseCollectionElement(
+ wstVersion, env.getBody());
+ rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(
+ wstVersion, rstrcElem);
+ }
- // Create envelope
- SOAPEnvelope env = TrustUtil.createSOAPEnvelope(inMsgCtx
- .getEnvelope().getNamespace().getNamespaceURI());
-
- // Create RSTR element, with respective version
- OMElement rstrElem;
- int wstVersion = data.getVersion();
- if (RahasConstants.VERSION_05_02 == wstVersion) {
- rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(
- wstVersion, env.getBody());
- } else {
- OMElement rstrcElem = TrustUtil
- .createRequestSecurityTokenResponseCollectionElement(
- wstVersion, env.getBody());
- rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(
- wstVersion, rstrcElem);
- }
+ // Create TokenType element, set to RSTR/Status
+ TrustUtil.createTokenTypeElement(wstVersion, rstrElem).setText(
+ TrustUtil.getWSTNamespace(wstVersion)
+ + RahasConstants.TOK_TYPE_STATUS);
+
+ // Create Status element
+ OMElement statusElement = createMessageElement(wstVersion,
+ rstrElem, RahasConstants.LocalNames.STATUS);
+
+ // Obtain the token
+ Token tk = tkStorage.getToken(data.getTokenId());
+
+ // create the crypto object
+ PublicKey issuerPBKey = getIssuerPublicKey(inMsgCtx);
+
+ boolean valid = isValid(tk, issuerPBKey);
+ String validityCode;
+
+ if (valid) {
+ validityCode = RahasConstants.STATUS_CODE_VALID;
+ } else {
+ validityCode = RahasConstants.STATUS_CODE_INVALID;
+ }
- // Create TokenType element, set to RSTR/Status
- TrustUtil.createTokenTypeElement(wstVersion, rstrElem).setText(
- TrustUtil.getWSTNamespace(wstVersion)
- + RahasConstants.TOK_TYPE_STATUS);
-
- // Create Status element
- OMElement statusElement = createMessageElement(wstVersion,
- rstrElem, RahasConstants.LocalNames.STATUS);
-
- // Obtain the token
- Token tk = tkStorage.getToken(data.getTokenId());
-
- // create the crypto object
- PublicKey issuerPBKey = getIssuerPublicKey(inMsgCtx);
-
- boolean valid = isValid(tk, issuerPBKey);
- String validityCode;
-
- if (valid) {
- validityCode = RahasConstants.STATUS_CODE_VALID;
- } else {
- validityCode = RahasConstants.STATUS_CODE_INVALID;
- }
+ // Create Code element (inside Status) and set it to the
+ // correspondent value
+ createMessageElement(wstVersion, statusElement,
+ RahasConstants.LocalNames.CODE).setText(
+ TrustUtil.getWSTNamespace(wstVersion) + validityCode);
- // Create Code element (inside Status) and set it to the
- // correspondent value
- createMessageElement(wstVersion, statusElement,
- RahasConstants.LocalNames.CODE).setText(
- TrustUtil.getWSTNamespace(wstVersion) + validityCode);
-
- return env;
- } finally {
- DocumentBuilderFactoryImpl.setDOOMRequired(false);
- }
+ return env;
}
/**
Added:
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/AxiomParserPool.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/AxiomParserPool.java?rev=1195130&view=auto
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/AxiomParserPool.java
(added)
+++
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/AxiomParserPool.java
Sun Oct 30 08:18:31 2011
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.rahas.impl.util;
+
+import static org.apache.axiom.om.OMAbstractFactory.FEATURE_DOM;
+
+import java.lang.reflect.Field;
+
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.dom.DOMMetaFactory;
+import org.opensaml.XML.ParserPool;
+
+/**
+ * Custom OpenSAML 1.x {@link ParserPool} implementation that uses a DOM aware
Axiom implementation
+ * instead of requesting a {@link DocumentBuilderFactory} using JAXP.
+ */
+public class AxiomParserPool extends ParserPool {
+ public AxiomParserPool() {
+ DOMMetaFactory metaFactory =
(DOMMetaFactory)OMAbstractFactory.getMetaFactory(FEATURE_DOM);
+ DocumentBuilderFactory dbf = metaFactory.newDocumentBuilderFactory();
+ // Unfortunately, ParserPool doesn't allow to set the
DocumentBuilderFactory, so that we
+ // have to use reflection here.
+ try {
+ Field dbfField = ParserPool.class.getDeclaredField("dbf");
+ dbfField.setAccessible(true);
+ dbfField.set(this, dbf);
+ } catch (IllegalAccessException ex) {
+ throw new IllegalAccessError(ex.getMessage());
+ } catch (NoSuchFieldException ex) {
+ throw new NoSuchFieldError(ex.getMessage());
+ }
+ }
+}
Propchange:
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/AxiomParserPool.java
------------------------------------------------------------------------------
svn:eol-style = native
