-
Notifications
You must be signed in to change notification settings - Fork 138
/
GFServerPipeCreator.java
143 lines (117 loc) · 5.15 KB
/
GFServerPipeCreator.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
/*
* Copyright (c) 1997, 2018 Oracle and/or its affiliates. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0, which is available at
* http://www.eclipse.org/legal/epl-2.0.
*
* This Source Code may also be made available under the following Secondary
* Licenses when the conditions for such availability set forth in the
* Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
* version 2 with the GNU Classpath Exception, which is available at
* https://www.gnu.org/software/classpath/license.html.
*
* SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
*/
package com.sun.enterprise.security.webservices;
import static com.sun.enterprise.util.Utility.isAnyNull;
import static com.sun.xml.ws.policy.PolicyMap.createWsdlEndpointScopeKey;
import static com.sun.xml.ws.policy.PolicyMap.createWsdlOperationScopeKey;
import java.util.HashMap;
import java.util.Map;
import org.jvnet.hk2.annotations.Service;
import com.sun.enterprise.deployment.WebServiceEndpoint;
import com.sun.xml.ws.api.model.SEIModel;
import com.sun.xml.ws.api.model.wsdl.WSDLBoundOperation;
import com.sun.xml.ws.api.model.wsdl.WSDLPort;
import com.sun.xml.ws.api.pipe.Pipe;
import com.sun.xml.ws.api.server.WSEndpoint;
import com.sun.xml.ws.policy.Policy;
import com.sun.xml.ws.policy.PolicyException;
import com.sun.xml.ws.policy.PolicyMap;
import com.sun.xml.ws.policy.PolicyMapKey;
import com.sun.xml.wss.provider.wsit.PipeConstants;
import jakarta.inject.Singleton;
/**
* This is used by JAXWSContainer to return proper Jakarta Authentication security and app server monitoring pipes to
* the StandAlonePipeAssembler and TangoPipeAssembler
*/
@Service
@Singleton
public class GFServerPipeCreator extends org.glassfish.webservices.ServerPipeCreator {
private static final String SECURITY_POLICY_NAMESPACE_URI_SUBMISSION = "http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";
private static final String SECURITY_POLICY_NAMESPACE_URI_SPECVERSION = "http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";
public GFServerPipeCreator() {
super();
}
@Override
public void init(WebServiceEndpoint ep) {
super.init(ep);
}
@Override
public Pipe createSecurityPipe(PolicyMap policyMap, SEIModel sei, WSDLPort port, WSEndpoint owner, Pipe tail) {
Map<String, Object> props = new HashMap<>();
props.put(PipeConstants.POLICY, policyMap);
props.put(PipeConstants.SEI_MODEL, sei);
props.put(PipeConstants.WSDL_MODEL, port);
props.put(PipeConstants.ENDPOINT, owner);
props.put(PipeConstants.SERVICE_ENDPOINT, endpoint);
props.put(PipeConstants.NEXT_PIPE, tail);
props.put(PipeConstants.CONTAINER, owner.getContainer());
if (isSecurityEnabled(policyMap, port)) {
endpoint.setSecurePipeline();
}
return new CommonServerSecurityPipe(props, tail, isHttpBinding);
}
/**
* Checks to see whether WS-Security is enabled or not.
*
* @param policyMap policy map for {@link this} assembler
* @param wsdlPort wsdl:port
* @return true if Security is enabled, false otherwise
*/
// TODO - this code has been copied from PipelineAssemblerFactoryImpl.java and needs
// to be maintained in both places. In the future, code needs to be moved somewhere
// where it can be invoked from both places.
public static boolean isSecurityEnabled(PolicyMap policyMap, WSDLPort wsdlPort) {
if (isAnyNull(policyMap, wsdlPort)) {
return false;
}
try {
Policy policy =
policyMap.getEndpointEffectivePolicy(
createWsdlEndpointScopeKey(wsdlPort.getOwner().getName(), wsdlPort.getName()));
if (isSecured(policy)) {
return true;
}
for (WSDLBoundOperation operation : wsdlPort.getBinding().getBindingOperations()) {
PolicyMapKey operationKey = createWsdlOperationScopeKey(wsdlPort.getOwner().getName(), wsdlPort.getName(), operation.getName());
policy = policyMap.getOperationEffectivePolicy(operationKey);
if (isSecured(policy)) {
return true;
}
policy = policyMap.getInputMessageEffectivePolicy(operationKey);
if (isSecured(policy)) {
return true;
}
policy = policyMap.getOutputMessageEffectivePolicy(operationKey);
if (isSecured(policy)) {
return true;
}
policy = policyMap.getFaultMessageEffectivePolicy(operationKey);
if (isSecured(policy)) {
return true;
}
}
} catch (PolicyException e) {
return false;
}
return false;
}
private static boolean isSecured(Policy policy) {
if (policy == null) {
return false;
}
return policy.contains(SECURITY_POLICY_NAMESPACE_URI_SPECVERSION) || policy.contains(SECURITY_POLICY_NAMESPACE_URI_SUBMISSION);
}
}