This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch coheigea/saml-refactor-new in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
commit da9bfdb903002f04440b97a42e2011f41387bb64 Author: Colm O hEigeartaigh <[email protected]> AuthorDate: Fri Jun 20 10:20:49 2025 +0100 Switching default validator loading to ServiceLoader --- .../org/apache/wss4j/dom/engine/WSSConfig.java | 35 +++++++++------------- .../dom/validate/JAASUsernameTokenValidator.java | 7 +++++ .../wss4j/dom/validate/KerberosTokenValidator.java | 7 +++++ .../apache/wss4j/dom/validate/NoOpValidator.java | 8 +++++ .../wss4j/dom/validate/SamlAssertionValidator.java | 8 +++++ .../dom/validate/SignatureTrustValidator.java | 8 +++++ .../wss4j/dom/validate/TimestampValidator.java | 9 +++++- .../wss4j/dom/validate/UsernameTokenValidator.java | 6 ++++ .../org/apache/wss4j/dom/validate/Validator.java | 3 ++ .../org.apache.wss4j.dom.validate.Validator | 4 +++ .../wss4j/dom/message/token/BSTKerberosTest.java | 7 +++++ .../org/apache/wss4j/dom/misc/PrincipalTest.java | 6 ++++ .../apache/wss4j/dom/validate/ValidatorTest.java | 7 +++++ 13 files changed, 93 insertions(+), 22 deletions(-) diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/engine/WSSConfig.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/engine/WSSConfig.java index 1aed92d0a..9067f27e9 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/engine/WSSConfig.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/engine/WSSConfig.java @@ -123,32 +123,25 @@ public final class WSSConfig { } /** - * The default collection of validators supported by the toolkit + * The default collection of vaidators supported by the toolkit + * + * Instead of hard-coding, you can use Java's ServiceLoader mechanism to discover Validator implementations + * at runtime. Each Action Validator should be registered in + * META-INF/services/org.apache.wss4j.dom.validate.Validator with its fully qualified class name. + * + * You will still need to map QNames to Validator classes. This can be done by having each Validator + * implementation provide a method (e.g., getSupportedQNames()) that returns the QName actions it supports. */ private static final Map<QName, Class<?>> DEFAULT_VALIDATORS; static { final Map<QName, Class<?>> tmp = new HashMap<>(); try { - tmp.put( - WSConstants.SAML_TOKEN, - org.apache.wss4j.dom.validate.SamlAssertionValidator.class - ); - tmp.put( - WSConstants.SAML2_TOKEN, - org.apache.wss4j.dom.validate.SamlAssertionValidator.class - ); - tmp.put( - WSConstants.SIGNATURE, - org.apache.wss4j.dom.validate.SignatureTrustValidator.class - ); - tmp.put( - WSConstants.TIMESTAMP, - org.apache.wss4j.dom.validate.TimestampValidator.class - ); - tmp.put( - WSConstants.USERNAME_TOKEN, - org.apache.wss4j.dom.validate.UsernameTokenValidator.class - ); + java.util.ServiceLoader<Validator> loader = java.util.ServiceLoader.load(Validator.class); + for (Validator validator : loader) { + for (QName qName : validator.getSupportedQNames()) { + tmp.put(qName, validator.getClass()); + } + } } catch (final Exception ex) { LOG.debug(ex.getMessage(), ex); } diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/JAASUsernameTokenValidator.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/JAASUsernameTokenValidator.java index 224829d68..9298bd0bd 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/JAASUsernameTokenValidator.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/JAASUsernameTokenValidator.java @@ -23,6 +23,7 @@ import javax.security.auth.Subject; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; +import javax.xml.namespace.QName; import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.common.NamePasswordCallbackHandler; @@ -120,4 +121,10 @@ public class JAASUsernameTokenValidator implements Validator { return new NamePasswordCallbackHandler(name, password); } + @Override + public QName[] getSupportedQNames() { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'getSupportedQNames'"); + } + } diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/KerberosTokenValidator.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/KerberosTokenValidator.java index b4827d5c5..4f84c66d1 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/KerberosTokenValidator.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/KerberosTokenValidator.java @@ -28,6 +28,7 @@ import javax.security.auth.Subject; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; +import javax.xml.namespace.QName; import org.apache.wss4j.common.dom.validate.Credential; import org.apache.wss4j.common.ext.WSSecurityException; @@ -278,4 +279,10 @@ public class KerberosTokenValidator implements Validator { public void setSpnego(boolean spnego) { this.spnego = spnego; } + + @Override + public QName[] getSupportedQNames() { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'getSupportedQNames'"); + } } diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/NoOpValidator.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/NoOpValidator.java index 38cce8bc8..07e2a82aa 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/NoOpValidator.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/NoOpValidator.java @@ -20,6 +20,8 @@ package org.apache.wss4j.dom.validate; +import javax.xml.namespace.QName; + import org.apache.wss4j.common.dom.validate.Credential; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.dom.handler.RequestData; @@ -40,4 +42,10 @@ public class NoOpValidator implements Validator { return credential; } + @Override + public QName[] getSupportedQNames() { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'getSupportedQNames'"); + } + } diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java index a36b66ebc..017b11b92 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java @@ -22,6 +22,8 @@ package org.apache.wss4j.dom.validate; import java.time.Instant; import java.util.List; +import javax.xml.namespace.QName; + import org.apache.wss4j.common.cache.ReplayCache; import org.apache.wss4j.common.dom.validate.Credential; import org.apache.wss4j.common.ext.WSSecurityException; @@ -30,6 +32,7 @@ import org.apache.wss4j.common.saml.SAMLKeyInfo; import org.apache.wss4j.common.saml.SamlAssertionWrapper; import org.apache.wss4j.common.saml.builder.SAML1Constants; import org.apache.wss4j.common.saml.builder.SAML2Constants; +import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.handler.RequestData; import org.opensaml.saml.common.SAMLVersion; @@ -329,4 +332,9 @@ public class SamlAssertionValidator extends SignatureTrustValidator { this.ttl = ttl; } + @Override + public QName[] getSupportedQNames() { + return new QName[]{WSConstants.SAML_TOKEN, WSConstants.SAML2_TOKEN}; + } + } diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SignatureTrustValidator.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SignatureTrustValidator.java index 83fd79c2f..0f5d336ed 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SignatureTrustValidator.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SignatureTrustValidator.java @@ -24,9 +24,12 @@ import java.security.cert.X509Certificate; import java.util.Collection; import java.util.regex.Pattern; +import javax.xml.namespace.QName; + import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.dom.validate.Credential; import org.apache.wss4j.common.ext.WSSecurityException; +import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.handler.RequestData; /** @@ -126,4 +129,9 @@ public class SignatureTrustValidator implements Validator { crypto.verifyTrust(publicKey); } + @Override + public QName[] getSupportedQNames() { + return new QName[]{WSConstants.SIGNATURE}; + } + } diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/TimestampValidator.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/TimestampValidator.java index d5343dac2..44aee3abb 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/TimestampValidator.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/TimestampValidator.java @@ -22,7 +22,11 @@ package org.apache.wss4j.dom.validate; import org.apache.wss4j.common.dom.validate.Credential; import org.apache.wss4j.common.ext.WSSecurityException; +import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.handler.RequestData; + +import javax.xml.namespace.QName; + import org.apache.wss4j.common.dom.message.token.Timestamp; /** @@ -77,6 +81,9 @@ public class TimestampValidator implements Validator { return credential; } - + @Override + public QName[] getSupportedQNames() { + return new QName[]{WSConstants.TIMESTAMP}; + } } diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/UsernameTokenValidator.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/UsernameTokenValidator.java index 41c4574a8..16bd74db1 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/UsernameTokenValidator.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/UsernameTokenValidator.java @@ -25,6 +25,7 @@ import java.security.MessageDigest; import javax.security.auth.callback.Callback; import javax.security.auth.callback.UnsupportedCallbackException; +import javax.xml.namespace.QName; import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.common.dom.validate.Credential; @@ -208,4 +209,9 @@ public class UsernameTokenValidator implements Validator { } } + @Override + public QName[] getSupportedQNames() { + return new QName[]{WSConstants.USERNAME_TOKEN}; + } + } diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/Validator.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/Validator.java index 9aadbaebd..99bceda67 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/Validator.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/Validator.java @@ -20,6 +20,8 @@ package org.apache.wss4j.dom.validate; +import javax.xml.namespace.QName; + import org.apache.wss4j.common.dom.validate.Credential; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.dom.handler.RequestData; @@ -42,5 +44,6 @@ public interface Validator { */ Credential validate(Credential credential, RequestData data) throws WSSecurityException; + QName[] getSupportedQNames(); } diff --git a/ws-security-dom/src/main/resources/META-INF/services/org.apache.wss4j.dom.validate.Validator b/ws-security-dom/src/main/resources/META-INF/services/org.apache.wss4j.dom.validate.Validator new file mode 100644 index 000000000..175a3dbb0 --- /dev/null +++ b/ws-security-dom/src/main/resources/META-INF/services/org.apache.wss4j.dom.validate.Validator @@ -0,0 +1,4 @@ +org.apache.wss4j.dom.validate.SamlAssertionValidator +org.apache.wss4j.dom.validate.SignatureTrustValidator +org.apache.wss4j.dom.validate.TimestampValidator +org.apache.wss4j.dom.validate.UsernameTokenValidator diff --git a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/token/BSTKerberosTest.java b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/token/BSTKerberosTest.java index d6f99fbf7..081cae96a 100644 --- a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/token/BSTKerberosTest.java +++ b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/token/BSTKerberosTest.java @@ -49,6 +49,7 @@ import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.security.auth.callback.CallbackHandler; import javax.xml.crypto.dsig.SignatureMethod; +import javax.xml.namespace.QName; import java.util.Arrays; @@ -449,6 +450,12 @@ public class BSTKerberosTest { return credential; } + @Override + public QName[] getSupportedQNames() { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'getSupportedQNames'"); + } + } } \ No newline at end of file diff --git a/ws-security-dom/src/test/java/org/apache/wss4j/dom/misc/PrincipalTest.java b/ws-security-dom/src/test/java/org/apache/wss4j/dom/misc/PrincipalTest.java index 219a0beca..de93d6e74 100644 --- a/ws-security-dom/src/test/java/org/apache/wss4j/dom/misc/PrincipalTest.java +++ b/ws-security-dom/src/test/java/org/apache/wss4j/dom/misc/PrincipalTest.java @@ -363,5 +363,11 @@ public class PrincipalTest { } } + @Override + public QName[] getSupportedQNames() { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'getSupportedQNames'"); + } + } } \ No newline at end of file diff --git a/ws-security-dom/src/test/java/org/apache/wss4j/dom/validate/ValidatorTest.java b/ws-security-dom/src/test/java/org/apache/wss4j/dom/validate/ValidatorTest.java index a68d59bfb..59a8ef229 100644 --- a/ws-security-dom/src/test/java/org/apache/wss4j/dom/validate/ValidatorTest.java +++ b/ws-security-dom/src/test/java/org/apache/wss4j/dom/validate/ValidatorTest.java @@ -24,6 +24,7 @@ import java.util.Collections; import java.util.List; import javax.security.auth.callback.CallbackHandler; +import javax.xml.namespace.QName; import org.apache.wss4j.common.bsp.BSPRule; import org.apache.wss4j.common.crypto.Crypto; @@ -318,6 +319,12 @@ public class ValidatorTest { } } + @Override + public QName[] getSupportedQNames() { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'getSupportedQNames'"); + } + }
