1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35 package org.ogf.graap.wsag.wsrf.impl;
36
37 import java.security.cert.X509Certificate;
38 import java.text.MessageFormat;
39 import java.util.Iterator;
40 import java.util.Set;
41
42 import javax.security.auth.Subject;
43 import javax.xml.namespace.QName;
44
45 import org.apache.muse.ws.resource.properties.ResourcePropertyCollection;
46 import org.apache.ws.security.WSSecurityException;
47 import org.apache.xmlbeans.XmlString;
48 import org.ogf.graap.wsag.api.Agreement;
49 import org.ogf.graap.wsag.api.WsagConstants;
50 import org.ogf.graap.wsag.security.core.SecurityConstants;
51 import org.ogf.graap.wsag.server.api.WsagSession;
52 import org.ogf.graap.wsag.server.engine.WsagEngine;
53 import org.ogf.graap.wsag.wsrf.AbstractWsResource;
54 import org.w3.x2005.x08.addressing.EndpointReferenceType;
55
56
57
58
59
60
61
62
63 public class AgreementWsResource extends AbstractWsResource
64 {
65
66
67
68
69 private static final String WSAG4J_SECURITY_DN = "wsag4j.security.dn";
70
71 private Agreement agreement = null;
72
73 private WsagSession session = null;
74
75 private EndpointReferenceType factoryEPR = null;
76
77 private String subjectDN = null;
78
79 private boolean subjectInitiatlized = false;
80
81
82
83
84 private void initializeSubjectDN()
85 {
86 if ( subjectInitiatlized )
87 {
88 return;
89 }
90
91 try
92 {
93 XmlString xmlObject =
94 (XmlString) agreement.getAgreementInstance().getExecutionContext().get( WSAG4J_SECURITY_DN );
95 subjectDN = xmlObject.getStringValue();
96 subjectInitiatlized = true;
97 }
98 catch ( Exception e )
99 {
100 throw new RuntimeException( e );
101 }
102 }
103
104
105
106
107
108
109
110 public void setSubject( Subject subject )
111 {
112 try
113 {
114
115
116
117 subjectDN = "";
118
119 try
120 {
121 subjectDN = resolveSubjectDN( subject );
122 }
123 catch ( Exception e )
124 {
125 throw new RuntimeException( "failed to resolve authenticated user DN", e );
126 }
127
128
129
130
131 agreement.getAgreementInstance().getExecutionContext()
132 .put( WSAG4J_SECURITY_DN, XmlString.Factory.newValue( subjectDN ) );
133 }
134 catch ( Exception e )
135 {
136 throw new RuntimeException( e );
137 }
138 }
139
140
141
142
143 private String resolveSubjectDN( Subject subject )
144 {
145
146
147
148 if ( subject != null )
149 {
150
151
152
153 Set<X509Certificate> cretentials = subject.getPublicCredentials( X509Certificate.class );
154 for ( Iterator<X509Certificate> iterator = cretentials.iterator(); iterator.hasNext(); )
155 {
156 X509Certificate cert = iterator.next();
157 return cert.getSubjectDN().toString();
158 }
159 }
160
161 return null;
162 }
163
164
165
166
167
168
169
170
171 public Agreement getAgreement() throws WSSecurityException
172 {
173
174
175
176
177 Subject currentUser =
178 (Subject) WsagEngine.getWsagMessageContext().get( SecurityConstants.AUTHENTICATED_USER );
179
180
181
182
183
184
185
186
187 if ( !isInitialized() )
188 {
189 return agreement;
190 }
191
192 initializeSubjectDN();
193
194 if ( ( currentUser == null ) || ( subjectDN == null ) )
195 {
196 if ( WsagEngine.isAllowAnonymousAccess() )
197 {
198 return agreement;
199 }
200 }
201 else if ( subjectDN.equals( resolveSubjectDN( currentUser ) ) )
202 {
203 return agreement;
204 }
205
206
207
208
209 String message =
210 "The authenticated user does not match the creator of the agreement instance."
211 + "\nauthenticated: {0}\nexpected: {1}";
212 throw new WSSecurityException( MessageFormat.format( message, currentUser, subjectDN ) );
213 }
214
215
216
217
218
219
220 public void setAgreement( Agreement agreement )
221 {
222 this.agreement = agreement;
223 }
224
225
226
227
228
229
230 public void setSession( WsagSession session )
231 {
232 this.session = session;
233 }
234
235
236
237
238
239 public WsagSession getSession()
240 {
241 return session;
242 }
243
244
245
246
247 @Override
248 public QName getInterfaceName()
249 {
250 return WsagConstants.WSAG_AGREEMENT_QNAME;
251 }
252
253
254
255
256 public EndpointReferenceType getFactoryEPR()
257 {
258 return factoryEPR;
259 }
260
261
262
263
264
265 public void setFactoryEPR( EndpointReferenceType factoryEPR )
266 {
267 this.factoryEPR = factoryEPR;
268 }
269
270
271
272
273
274
275
276
277
278
279
280 @Override
281 protected ResourcePropertyCollection createPropertyCollection()
282 {
283 return new AgreementPropertiesCollection( this );
284 }
285 }