001 /**
002 * Copyright 2005-2012 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016 package org.kuali.rice.ksb.security.soap;
017
018 import org.apache.cxf.binding.soap.SoapMessage;
019 import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
020 import org.apache.log4j.Logger;
021 import org.apache.ws.security.components.crypto.Crypto;
022 import org.apache.ws.security.components.crypto.Merlin;
023 import org.apache.ws.security.handler.RequestData;
024 import org.apache.ws.security.handler.WSHandlerConstants;
025 import org.kuali.rice.core.api.config.property.ConfigContext;
026 import org.kuali.rice.core.api.exception.RiceRuntimeException;
027 import org.kuali.rice.core.api.util.ClassLoaderUtils;
028 import org.kuali.rice.ksb.config.wss4j.CryptoPasswordCallbackHandler;
029
030 import java.util.Properties;
031
032 //import javax.xml.ws.handler.MessageContext;
033
034
035 /**
036 *
037 * @author Kuali Rice Team (rice.collab@kuali.org)
038 */
039
040 //TODO: Replace this class with cxf wss4j in interceptor
041 public class CXFWSS4JInInterceptor extends WSS4JInInterceptor{
042
043 private static final Logger LOG = Logger.getLogger(CXFWSS4JInInterceptor.class);
044
045 private final boolean busSecurity;
046
047 public CXFWSS4JInInterceptor(boolean busSecurity) {
048 this.busSecurity = busSecurity;
049 if (busSecurity) {
050 this.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE);
051 this.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, CryptoPasswordCallbackHandler.class.getName());
052 this.setProperty(WSHandlerConstants.SIG_KEY_ID, "IssuerSerial");
053 this.setProperty(WSHandlerConstants.USER, ConfigContext.getCurrentContextConfig().getKeystoreAlias());
054 }
055 }
056
057 @Override
058 public Crypto loadSignatureCrypto(RequestData reqData) {
059 try {
060 return new Merlin(getMerlinProperties(), ClassLoaderUtils.getDefaultClassLoader());
061 } catch (Exception e) {
062 throw new RiceRuntimeException(e);
063 }
064 }
065
066 @Override
067 public Crypto loadDecryptionCrypto(RequestData reqData) {
068 return loadSignatureCrypto(reqData);
069 }
070
071 protected Properties getMerlinProperties() {
072 Properties props = new Properties();
073 props.put("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
074 props.put("org.apache.ws.security.crypto.merlin.keystore.password", ConfigContext.getCurrentContextConfig().getKeystorePassword());
075 props.put("org.apache.ws.security.crypto.merlin.alias.password", ConfigContext.getCurrentContextConfig().getKeystorePassword());
076 props.put("org.apache.ws.security.crypto.merlin.keystore.alias", ConfigContext.getCurrentContextConfig().getKeystoreAlias());
077 props.put("org.apache.ws.security.crypto.merlin.file", ConfigContext.getCurrentContextConfig().getKeystoreFile());
078
079 if (LOG.isDebugEnabled()) {
080 LOG.debug("Using keystore location " + ConfigContext.getCurrentContextConfig().getKeystoreFile());
081 }
082 return props;
083 }
084
085 /**
086 * This overridden method will not apply security headers if bus security is disabled.
087 *
088 * @see org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor#handleMessage(org.apache.cxf.binding.soap.SoapMessage)
089 */
090 @Override
091 public void handleMessage(SoapMessage mc) {
092 if (busSecurity) {
093 super.handleMessage(mc);
094 }
095 }
096
097 }