View Javadoc

1   /**
2    * Copyright 2005-2013 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.ksb.security.soap;
17  
18  import org.apache.cxf.binding.soap.SoapMessage;
19  import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
20  import org.apache.log4j.Logger;
21  import org.apache.ws.security.components.crypto.Crypto;
22  import org.apache.ws.security.components.crypto.Merlin;
23  import org.apache.ws.security.handler.RequestData;
24  import org.apache.ws.security.handler.WSHandlerConstants;
25  import org.kuali.rice.core.api.config.property.ConfigContext;
26  import org.kuali.rice.core.api.exception.RiceRuntimeException;
27  import org.kuali.rice.core.api.util.ClassLoaderUtils;
28  import org.kuali.rice.ksb.config.wss4j.CryptoPasswordCallbackHandler;
29  
30  import java.util.Properties;
31  
32  //import javax.xml.ws.handler.MessageContext;
33  
34  
35  /**
36   *
37   * @author Kuali Rice Team (rice.collab@kuali.org)
38   */
39  
40  //TODO: Replace this class with cxf wss4j in interceptor
41  public class CXFWSS4JInInterceptor extends WSS4JInInterceptor{
42  
43  	private static final Logger LOG = Logger.getLogger(CXFWSS4JInInterceptor.class);
44  
45  	private final boolean busSecurity;
46  	
47  	public CXFWSS4JInInterceptor(boolean busSecurity) {
48  		this.busSecurity = busSecurity;
49          if (busSecurity) {
50  		    this.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE);
51  		    this.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, CryptoPasswordCallbackHandler.class.getName());
52  		    this.setProperty(WSHandlerConstants.SIG_KEY_ID, "IssuerSerial");
53  		    this.setProperty(WSHandlerConstants.USER, ConfigContext.getCurrentContextConfig().getKeystoreAlias());
54          }
55  	}
56  
57  	@Override
58  	public Crypto loadSignatureCrypto(RequestData reqData) {
59  		try {
60  			return new Merlin(getMerlinProperties(), ClassLoaderUtils.getDefaultClassLoader());
61  		} catch (Exception e) {
62  			throw new RiceRuntimeException(e);
63  		}
64  	}
65  
66  	@Override
67  	public Crypto loadDecryptionCrypto(RequestData reqData) {
68  		return loadSignatureCrypto(reqData);
69  	}
70  
71  	protected Properties getMerlinProperties() {
72  		Properties props = new Properties();
73  		props.put("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
74  		props.put("org.apache.ws.security.crypto.merlin.keystore.password", ConfigContext.getCurrentContextConfig().getKeystorePassword());
75  		props.put("org.apache.ws.security.crypto.merlin.alias.password", ConfigContext.getCurrentContextConfig().getKeystorePassword());
76  		props.put("org.apache.ws.security.crypto.merlin.keystore.alias", ConfigContext.getCurrentContextConfig().getKeystoreAlias());
77  		props.put("org.apache.ws.security.crypto.merlin.file", ConfigContext.getCurrentContextConfig().getKeystoreFile());
78  
79  		if (LOG.isDebugEnabled()) {
80  			LOG.debug("Using keystore location " + ConfigContext.getCurrentContextConfig().getKeystoreFile());
81  		}
82  		return props;
83  	}
84  
85  	/**
86  	 * This overridden method will not apply security headers if bus security is disabled.
87  	 * 
88  	 * @see org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor#handleMessage(org.apache.cxf.binding.soap.SoapMessage)
89  	 */
90  	@Override
91  	public void handleMessage(SoapMessage mc)  {
92  		if (busSecurity) {
93  			super.handleMessage(mc);
94  		}
95  	}
96  
97  }