eclipse-ee4j · lukasj · Mar 10, 2022 · Mar 8, 2022 · Mar 10, 2022 · lukasj
diff --git a/wsit/boms/bom-ext/pom.xml b/wsit/boms/bom-ext/pom.xml
@@ -28,7 +28,7 @@
     <description>Metro Web Services Stack Dependency POM for Metro-CS</description>
 
     <properties>
-        <authentication-api.version>2.0.0</authentication-api.version>
+        <authentication-api.version>3.0.0-RC2</authentication-api.version>
         <connector-api.version>2.1.0-RC1</connector-api.version>
         <ejb-api.version>4.0.0</ejb-api.version>
         <transaction-api.version>2.0.1-RC1</transaction-api.version>

diff --git a/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/wss/RealmAuthenticationAdapter.java b/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/wss/RealmAuthenticationAdapter.java
@@ -1,5 +1,6 @@
 /*
  * Copyright (c) 1997, 2021 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2022 Contributors to the Eclipse Foundation
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Distribution License v. 1.0, which is available at
@@ -13,6 +14,9 @@
 import com.sun.xml.wss.impl.XWSSecurityRuntimeException;
 import com.sun.xml.wss.impl.misc.DefaultRealmAuthenticationAdapter;
 import com.sun.xml.wss.impl.misc.SecurityUtil;
+import com.sun.xml.wss.util.ServletContextUtil;
+import com.sun.xml.wss.util.WSSServletContextFacade;
+
 import java.net.URL;
 import java.util.Map;
 import javax.security.auth.Subject;
@@ -24,16 +28,10 @@
  * The SPI implementation class needs to 
  * specified as a META-INF/services entry with name "com.sun.xml.xwss.RealmAuthenticator". 
  * A default implementation of this SPI is returned if no entry is configured.
- *
- * 
  */
 public abstract class RealmAuthenticationAdapter {
 
     public static final String UsernameAuthenticator = "com.sun.xml.xwss.RealmAuthenticator";
-    private static final String SERVLET_CONTEXT_CLASSNAME = "jakarta.servlet.ServletContext";
-    // Prefixing with META-INF/ instead of /META-INF/. /META-INF/ is working fine
-    // when loading from a JAR file but not when loading from a plain directory.
-    private static final String JAR_PREFIX = "META-INF/";
 
     /** Creates a new instance of RealmAuthenticator */
     protected RealmAuthenticationAdapter() {
@@ -99,25 +97,19 @@ public boolean authenticate(Subject callerSubject, String username, String passw
      * @return a new instance of the RealmAuthenticationAdapter
      */
     public static RealmAuthenticationAdapter newInstance(Object context) {
-        RealmAuthenticationAdapter adapter = null;
-        URL url = null;
-
-        if (context == null) {
+        final WSSServletContextFacade ctxt = ServletContextUtil.wrap(context);
+        final URL url;
+        if (ctxt == null) {
             url = SecurityUtil.loadFromClasspath("META-INF/services/" + UsernameAuthenticator);
         } else {
-            url = SecurityUtil.loadFromContext("/META-INF/services/" + UsernameAuthenticator, context);
+            url = ctxt.getResource("/META-INF/services/" + UsernameAuthenticator);
         }
-
         if (url != null) {
             Object obj = SecurityUtil.loadSPIClass(url, UsernameAuthenticator);
-            if ((obj != null) && !(obj instanceof RealmAuthenticationAdapter)) {
+            if (obj != null && !(obj instanceof RealmAuthenticationAdapter)) {
                 throw new XWSSecurityRuntimeException("Class :" + obj.getClass().getName() + " is not a valid RealmAuthenticationProvider");
             }
-            adapter = (RealmAuthenticationAdapter) obj;
-        }
-
-        if (adapter != null) {
-            return adapter;
+            return (RealmAuthenticationAdapter) obj;
         }
         return new DefaultRealmAuthenticationAdapter();
     }

diff --git a/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/wss/impl/misc/ReflectionUtil.java b/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/wss/impl/misc/ReflectionUtil.java
diff --git a/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/wss/impl/misc/SecurityUtil.java b/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/wss/impl/misc/SecurityUtil.java
@@ -1,5 +1,6 @@
 /*
  * Copyright (c) 1997, 2021 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2022 Contributors to the Eclipse Foundation
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Distribution License v. 1.0, which is available at
@@ -36,6 +37,7 @@
 import com.sun.xml.wss.XWSSecurityException;
 import com.sun.xml.wss.impl.MessageConstants;
 import com.sun.xml.wss.logging.LogDomainConstants;
+import com.sun.xml.wss.logging.impl.crypto.LogStringsMessages;
 
 import java.util.Random;
 import java.util.Hashtable;
@@ -55,8 +57,6 @@
 import com.sun.xml.ws.api.security.secconv.client.SCTokenConfiguration;
 import com.sun.xml.ws.api.security.trust.WSTrustException;
 import com.sun.xml.ws.api.security.trust.client.IssuedTokenManager;
-
-
 import com.sun.xml.ws.security.impl.IssuedTokenContextImpl;
 import com.sun.xml.ws.security.IssuedTokenContext;
 import com.sun.xml.wss.core.SecurityContextTokenImpl;
@@ -87,7 +87,6 @@
 import com.sun.xml.ws.security.trust.WSTrustElementFactory;
 import com.sun.xml.wss.impl.XWSSecurityRuntimeException;
 import com.sun.xml.wss.impl.policy.MLSPolicy;
-import com.sun.xml.wss.logging.impl.crypto.LogStringsMessages;
 import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.InputStream;
@@ -616,19 +615,6 @@ public static String getDataEncryptionAlgo(JAXBFilterProcessingContext context){
         return tmp;
     }
 
-    /**
-     * Returns a URL pointing to the given config file. The file name is
-     * looked up as a resource from a ServletContext.
-     *
-     * May return null if the file can not be found.
-     *
-     * @param configFileName The name of the file resource
-     * @param context A ServletContext object. May not be null.
-     */
-    public static URL loadFromContext(final String configFileName, final Object context) {
-        return ReflectionUtil.invoke(context, "getResource", URL.class, configFileName);
-    }
-
     /**
      * Returns a URL pointing to the given config file. The file is looked up as
      * a resource on the classpath.
@@ -773,10 +759,10 @@ public static long toLong(String lng) throws XWSSecurityException {
         try {
             ret = Long.parseLong(lng);
         }catch (Exception e) {
-            log.log(Level.SEVERE, com.sun.xml.wss.logging.LogStringsMessages.WSS_0719_ERROR_GETTING_LONG_VALUE());
+            log.log(Level.SEVERE, LogStringsMessages.WSS_0719_ERROR_GETTING_LONG_VALUE());
             throw new XWSSecurityException(e);
         }
-        return ret; 
+        return ret;
     }
     public static String getKeyAlgo(String algo) {
         if (algo != null && algo.equals(MessageConstants.RSA_SHA256)) {

diff --git a/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/wss/jaxws/impl/SecurityServerTube.java b/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/wss/jaxws/impl/SecurityServerTube.java
@@ -1,5 +1,6 @@
 /*
  * Copyright (c) 1997, 2021 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2022 Contributors to the Eclipse Foundation
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Distribution License v. 1.0, which is available at
@@ -98,6 +99,8 @@
 import com.sun.xml.wss.provider.wsit.PipeConstants;
 import com.sun.xml.wss.provider.wsit.PolicyAlternativeHolder;
 import com.sun.xml.wss.provider.wsit.PolicyResolverFactory;
+import com.sun.xml.wss.util.ServletContextUtil;
+
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
@@ -833,16 +836,15 @@ private Packet addAddressingHeaders(Packet packet, Message retMsg, String action
     }
 
     private CallbackHandler configureServerHandler(Set<PolicyAssertion> configAssertions, Properties props) {
-        //Properties props = new Properties();
-        CallbackHandlerFeature cbFeature =
-                tubeConfig.getBinding().getFeature(CallbackHandlerFeature.class);
+        CallbackHandlerFeature cbFeature = tubeConfig.getBinding().getFeature(CallbackHandlerFeature.class);
         if (cbFeature != null) {
             return cbFeature.getHandler();
         }
         String ret = populateConfigProperties(configAssertions, props);
         try {
             if (ret != null) {
-                Object obj = loadClass(ret).newInstance();
+                @SuppressWarnings("unchecked")
+                Object obj = loadClass(ret).getDeclaredConstructor().newInstance();
                 if (!(obj instanceof CallbackHandler)) {
                     log.log(Level.SEVERE,
                             LogStringsMessages.WSSTUBE_0033_INVALID_CALLBACK_HANDLER_CLASS(ret));
@@ -851,51 +853,23 @@ private CallbackHandler configureServerHandler(Set<PolicyAssertion> configAssert
                 }
                 return (CallbackHandler) obj;
             }
-            // ServletContext context =
-            //         ((ServerPipeConfiguration)pipeConfig).getEndpoint().getContainer().getSPI(ServletContext.class);
-            RealmAuthenticationAdapter adapter = getRealmAuthenticationAdapter(((ServerTubeConfiguration) tubeConfig).getEndpoint());
+            RealmAuthenticationAdapter adapter = getRealmAuthenticationAdapter(
+                ((ServerTubeConfiguration) tubeConfig).getEndpoint());
             return new DefaultCallbackHandler("server", props, adapter);
-        //return new DefaultCallbackHandler("server", props);
         } catch (Exception e) {
             log.log(Level.SEVERE,
                     LogStringsMessages.WSSTUBE_0032_ERROR_CONFIGURE_SERVER_HANDLER(), e);
             throw new RuntimeException(LogStringsMessages.WSSTUBE_0032_ERROR_CONFIGURE_SERVER_HANDLER(), e);
         }
     }
 
-    @SuppressWarnings("unchecked")
     private RealmAuthenticationAdapter getRealmAuthenticationAdapter(WSEndpoint wSEndpoint) {
-        String className = "jakarta.servlet.ServletContext";
-        Class ret = null;
-        ClassLoader loader = Thread.currentThread().getContextClassLoader();
-        if (loader != null) {
-            try {
-                ret = loader.loadClass(className);
-            } catch (ClassNotFoundException e) {
-                return null;
-            }
-        }
-        if (ret == null) {
-            // if context classloader didnt work, try this
-            loader = this.getClass().getClassLoader();
-            try {
-                ret = loader.loadClass(className);
-            } catch (ClassNotFoundException e) {
-                return null;
-            }
-        }
-        if (ret != null) {
-            Object obj = wSEndpoint.getContainer().getSPI(ret);
-            if (obj != null) {
-                return RealmAuthenticationAdapter.newInstance(obj);
-            }
-        }
-        return null;
+        Object obj = ServletContextUtil.getServletContextFacade(wSEndpoint);
+        return obj == null ? null : RealmAuthenticationAdapter.newInstance(obj);
     }
 
     //doing this here becuase doing inside keyselector of optimized security would
     //mean doing it twice (if SCT was used for sign and encrypt) which can impact performance
-    @SuppressWarnings("unchecked")
     private void updateSCBootstrapCredentials(Packet packet, ProcessingContext ctx) {
         SecurityContextToken sct =
                 (SecurityContextToken) packet.invocationProperties.get(MessageConstants.INCOMING_SCT);

diff --git a/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/wss/provider/wsit/ClientPipeCreator.java b/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/wss/provider/wsit/ClientPipeCreator.java
@@ -1,5 +1,6 @@
 /*
  * Copyright (c) 1997, 2021 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2022 Contributors to the Eclipse Foundation
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Distribution License v. 1.0, which is available at
@@ -34,7 +35,7 @@ public ClientPipeCreator(){
     @Override
     public Pipe createSecurityPipe(PolicyMap map, 
             ClientPipeAssemblerContext ctxt, Pipe tail) {
-        HashMap<Object, Object> propBag = new HashMap<>();
+        HashMap<String, Object> propBag = new HashMap<>();
         propBag.put(PipeConstants.POLICY, map);
         propBag.put(PipeConstants.WSDL_MODEL, ctxt.getWsdlModel());
         propBag.put(PipeConstants.SERVICE, ctxt.getService());
@@ -50,7 +51,7 @@ public Pipe createSecurityPipe(PolicyMap map,
 
     @Override
     public @NotNull Tube createSecurityTube(ClientTubelineAssemblyContext context) {
-        HashMap<Object, Object> propBag = new HashMap<>();
+        HashMap<String, Object> propBag = new HashMap<>();
         propBag.put(PipeConstants.POLICY, context.getPolicyMap());
         propBag.put(PipeConstants.WSDL_MODEL, context.getWrappedContext().getWsdlModel());
         propBag.put(PipeConstants.SERVICE, context.getService());

diff --git a/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/wss/provider/wsit/ClientSecurityPipe.java b/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/wss/provider/wsit/ClientSecurityPipe.java
@@ -1,5 +1,6 @@
 /*
  * Copyright (c) 1997, 2021 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2022 Contributors to the Eclipse Foundation
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Distribution License v. 1.0, which is available at
@@ -47,7 +48,7 @@ public class ClientSecurityPipe extends AbstractFilterPipeImpl
             LogDomainConstants.WSIT_PVD_DOMAIN,
             LogDomainConstants.WSIT_PVD_DOMAIN_BUNDLE);
 
-    public ClientSecurityPipe(Map<Object, Object> props, Pipe next) {
+    public ClientSecurityPipe(Map<String, Object> props, Pipe next) {
 
         super(next);
 	props.put(PipeConstants.SECURITY_PIPE,this);
@@ -218,7 +219,7 @@ public JAXBElement startSecureConversation(Packet packet)
 
 	    // put MessageInfo in properties map, since MessageInfo 
 	    // is not passed to getAuthContext, key idicates function
-	    HashMap<Object, Object> map = new HashMap<>();
+	    HashMap<String, Object> map = new HashMap<>();
 	    map.put(PipeConstants.SECURITY_TOKEN,info);
 
 	    helper.getSessionToken(map,info,clientSubject);

diff --git a/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/wss/provider/wsit/ClientSecurityTube.java b/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/wss/provider/wsit/ClientSecurityTube.java
@@ -1,5 +1,6 @@
 /*
  * Copyright (c) 1997, 2021 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2022 Contributors to the Eclipse Foundation
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Distribution License v. 1.0, which is available at
@@ -60,7 +61,7 @@ public ClientSecurityTube(TubeConfiguration config, Tube nextTube) {
         super(nextTube);  
     }
 
-    public ClientSecurityTube(Map<Object, Object> props, Tube next) {
+    public ClientSecurityTube(Map<String, Object> props, Tube next) {
 
         super(next);
         props.put(PipeConstants.SECURITY_PIPE, this);
@@ -249,7 +250,7 @@ public JAXBElement startSecureConversation(Packet packet) throws WSSecureConvers
 	    Subject clientSubject = getClientSubject(packet);
 	    // put MessageInfo in properties map, since MessageInfo 
 	    // is not passed to getAuthContext, key idicates function
-	    HashMap<Object, Object> map = new HashMap<>();
+	    HashMap<String, Object> map = new HashMap<>();
 	    map.put(PipeConstants.SECURITY_TOKEN,info);
 	    helper.getSessionToken(map,info,clientSubject);
 	    // helper returns token in map of msgInfo, using same key