RampartUsernameTokenValidator.java

ruchithf Tue, 29 Jan 2013 22:13:07 -0800

Author: ruchithf
Date: Wed Jan 30 06:12:39 2013
New Revision: 1440286

URL: http://svn.apache.org/viewvc?rev=1440286&view=rev
Log:
Fixed the issue raised in this [1] discussion.
RampartUsernameTokenValidator overrides the verifyPlaintextPassword method of 
org.apache.ws.security.validate.UsernameTokenValidator
The default implementation expects the callback handler to supply the plain 
text password (when a username token with a plain text password is used), which 
should not be possible in practice.


1.http://marc.info/?t=135828023100003&r=1&w=3


Added:
    
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartUsernameTokenValidator.java
Modified:
    
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
    
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java

Modified: 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java?rev=1440286&r1=1440285&r2=1440286&view=diff
==============================================================================
--- 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
 (original)
+++ 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
 Wed Jan 30 06:12:39 2013
@@ -83,6 +83,9 @@ public class RampartEngine {
                List<WSSecurityEngineResult> results;
 
                WSSecurityEngine engine = new WSSecurityEngine();
+               
+               //Set rampart's configuration of WSS4J
+               engine.setWssConfig(rmd.getConfig());
 
                ValidatorData data = new ValidatorData(rmd);
 

Modified: 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java?rev=1440286&r1=1440285&r2=1440286&view=diff
==============================================================================
--- 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
 (original)
+++ 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
 Wed Jan 30 06:12:39 2013
@@ -32,6 +32,7 @@ import org.apache.neethi.PolicyEngine;
 import org.apache.rahas.RahasConstants;
 import org.apache.rahas.SimpleTokenStore;
 import org.apache.rahas.TokenStorage;
+import org.apache.rampart.handler.RampartUsernameTokenValidator;
 import org.apache.rampart.handler.WSSHandlerConstants;
 import org.apache.rampart.policy.RampartPolicyBuilder;
 import org.apache.rampart.policy.RampartPolicyData;
@@ -46,6 +47,7 @@ import org.apache.ws.secpolicy.WSSPolicy
 import org.apache.ws.security.SOAPConstants;
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.WSSecurityEngine;
 import org.apache.ws.security.WSSecurityEngineResult;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.conversation.ConversationConstants;
@@ -175,6 +177,9 @@ public class RampartMessageData {
             // Set the WSSConfig
             this.config = WSSConfig.getNewInstance();
             
+            //Update the UsernameToken validator
+            this.config.setValidator(WSSecurityEngine.USERNAME_TOKEN, 
RampartUsernameTokenValidator.class);
+            
             // First obtain the axis service as we have to do a null check, 
there can be situations 
             // where Axis Service is null
             AxisService axisService = msgCtx.getAxisService();            

Added: 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartUsernameTokenValidator.java
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartUsernameTokenValidator.java?rev=1440286&view=auto
==============================================================================
--- 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartUsernameTokenValidator.java
 (added)
+++ 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartUsernameTokenValidator.java
 Wed Jan 30 06:12:39 2013
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2004,2013 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rampart.RampartConstants;
+import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.message.token.UsernameToken;
+import org.apache.ws.security.validate.UsernameTokenValidator;
+
+/**
+ * Overriding the default UsernameTokenValidator provided by WSS4J because the
+ * default implementation expects the user to provide the plain text password 
to
+ * WSS4J for validation.
+ * 
+ */
+public class RampartUsernameTokenValidator extends UsernameTokenValidator {
+
+       private static Log mlog = 
LogFactory.getLog(RampartConstants.MESSAGE_LOG);
+
+       @Override
+       protected void verifyPlaintextPassword(UsernameToken usernameToken,
+                       RequestData data) throws WSSecurityException {
+
+               String user = usernameToken.getName();
+               String password = usernameToken.getPassword();
+               String pwType = usernameToken.getPasswordType();
+
+               // Provide the password to the user for validation
+               WSPasswordCallback pwCb = new WSPasswordCallback(user, password,
+                               pwType, WSPasswordCallback.USERNAME_TOKEN, 
data);
+               try {
+                       data.getCallbackHandler().handle(new Callback[] { pwCb 
});
+               } catch (IOException e) {
+                       if (mlog.isDebugEnabled()) {
+                               mlog.debug(e);
+                       }
+                       throw new WSSecurityException(
+                                       
WSSecurityException.FAILED_AUTHENTICATION, null, null, e);
+               } catch (UnsupportedCallbackException e) {
+                       if (mlog.isDebugEnabled()) {
+                               mlog.debug(e);
+                       }
+                       throw new WSSecurityException(
+                                       
WSSecurityException.FAILED_AUTHENTICATION, null, null, e);
+               }
+
+       }
+}

svn commit: r1440286 - in /axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart: RampartEngine.java RampartMessageData.java handler/RampartUsernameTokenValidator.java

Reply via email to