This is an automated email from the ASF dual-hosted git repository.
robertlazarski pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
The following commit(s) were added to refs/heads/master by this push:
new 47a984dc Big update to fix samples 1 thru 9. Also fix or remove a
bunch of old http links
47a984dc is described below
commit 47a984dce1af7bcf19b0f74c45c6b6a8bcd5ee01
Author: Robert Lazarski <[email protected]>
AuthorDate: Sun Nov 2 10:28:50 2025 -1000
Big update to fix samples 1 thru 9. Also fix or remove a bunch of old http
links
---
modules/distribution/bin.xml | 36 ++++-
modules/distribution/pom.xml | 36 ++++-
.../java/org/apache/rampart/MessageBuilder.java | 159 ++++++++++++++++++---
.../java/org/apache/rampart/RampartEngine.java | 114 ++++++++++++++-
.../org/apache/rampart/RampartMessageData.java | 36 ++++-
.../org/apache/rampart/builder/BindingBuilder.java | 5 +-
.../rampart/builder/SymmetricBindingBuilder.java | 151 ++++++++++++++++---
.../rampart/builder/TransportBindingBuilder.java | 12 +-
.../apache/rampart/handler/RampartReceiver.java | 49 ++++++-
.../java/org/apache/rampart/util/RampartUtil.java | 87 ++++++++---
.../resources/org/apache/rampart/errors.properties | 2 +-
.../src/test/resources/log4j.properties | 31 ----
modules/rampart-samples/README.txt | 19 ++-
modules/rampart-samples/policy/build.xml | 12 +-
modules/rampart-samples/policy/sample01/README.txt | 13 +-
modules/rampart-samples/policy/sample05/README.txt | 11 +-
.../rampart/samples/policy/sample05/Client.java | 68 +++++++--
.../rampart-tests/test-resources/log4j.properties | 25 ----
modules/rampart-trust/pom.xml | 5 -
.../org/apache/rahas/impl/util/CommonUtil.java | 66 ++++++++-
.../src/test/resources/log4j.properties | 25 ----
pom.xml | 98 ++++++++++++-
src/site/markdown/download.md.vm | 14 +-
src/site/markdown/index.md | 4 +-
src/site/markdown/release-notes/1.6.2.md | 5 +-
src/site/markdown/release-notes/1.6.3.md | 5 +-
src/site/markdown/release-notes/1.8.0.md | 2 +-
src/site/markdown/release-notes/2.0.0.md | 29 ++++
src/site/site.xml | 19 +--
src/site/xdoc/articles.xml | 69 +++++----
src/site/xdoc/developer-guide.xml | 13 +-
src/site/xdoc/rampartconfig-guide.xml | 2 +-
32 files changed, 958 insertions(+), 264 deletions(-)
diff --git a/modules/distribution/bin.xml b/modules/distribution/bin.xml
index 0e769180..17335002 100644
--- a/modules/distribution/bin.xml
+++ b/modules/distribution/bin.xml
@@ -15,23 +15,37 @@
<dependencySet>
<outputDirectory>lib</outputDirectory>
<includes>
- <include>org.apache.wss4j:wss4j:jar</include>
<include>org.apache.wss4j:wss4j-ws-security-common:jar</include>
<include>org.apache.wss4j:wss4j-ws-security-dom:jar</include>
+ <include>org.apache.wss4j:wss4j-ws-security-stax:jar</include>
<include>org.apache.wss4j:wss4j-policy:jar</include>
+ <include>org.apache.wss4j:wss4j-bindings:jar</include>
<include>org.bouncycastle:bcprov-jdk18on:jar</include>
<include>org.apache.rampart:rampart-core:jar</include>
<include>org.apache.rampart:rampart-policy:jar</include>
<include>org.apache.rampart:rampart-trust:jar</include>
- <include>org.opensaml:opensaml:jar</include>
+ <include>org.opensaml:opensaml-core:jar</include>
+ <include>org.opensaml:opensaml-saml-api:jar</include>
+ <include>org.opensaml:opensaml-saml-impl:jar</include>
<include>org.opensaml:opensaml-soap-impl:jar</include>
<include>org.opensaml:opensaml-soap-api:jar</include>
<include>org.opensaml:opensaml-xacml-impl:jar</include>
<include>org.opensaml:opensaml-xacml-api:jar</include>
+ <include>org.opensaml:opensaml-xmlsec-api:jar</include>
+ <include>org.opensaml:opensaml-xmlsec-impl:jar</include>
+ <include>org.opensaml:opensaml-security-api:jar</include>
+ <include>org.opensaml:opensaml-security-impl:jar</include>
+ <include>net.shibboleth.utilities:java-support:jar</include>
+ <include>net.shibboleth:cryptography-api:jar</include>
+ <include>io.dropwizard.metrics:metrics-core:jar</include>
+ <include>org.cryptacular:cryptacular:jar</include>
<include>org.apache.santuario:xmlsec:jar</include>
<include>org.owasp.esapi:esapi:jar</include>
<include>org.slf4j:slf4j-api:jar</include>
- <include>org.slf4j:jcl-over-slf4j:jar</include>
+ <include>org.apache.logging.log4j:log4j-jcl:jar</include>
+
<include>org.apache.logging.log4j:log4j-slf4j-impl:jar</include>
+ <include>org.apache.logging.log4j:log4j-core:jar</include>
+ <include>org.apache.logging.log4j:log4j-api:jar</include>
<include>velocity:velocity:jar</include>
<include>commons-lang:commons-lang:jar</include>
</includes>
@@ -54,6 +68,22 @@
<directory>src/main/files</directory>
<outputDirectory>.</outputDirectory>
</fileSet>
+ <fileSet>
+ <directory>src/main/resources</directory>
+ <outputDirectory>lib</outputDirectory>
+ <includes>
+ <include>log4j2.xml</include>
+ <include>commons-logging.properties</include>
+ </includes>
+ </fileSet>
+ <fileSet>
+ <directory>src/main/resources</directory>
+ <outputDirectory>conf</outputDirectory>
+ <includes>
+ <include>log4j2.xml</include>
+ <include>commons-logging.properties</include>
+ </includes>
+ </fileSet>
</fileSets>
<files>
diff --git a/modules/distribution/pom.xml b/modules/distribution/pom.xml
index 032d878d..21731b1d 100644
--- a/modules/distribution/pom.xml
+++ b/modules/distribution/pom.xml
@@ -143,10 +143,40 @@
<type>pom</type>
<scope>import</scope>
</dependency>
+ <!-- Log4j2 Commons Logging bridge - replaces commons-logging -->
<dependency>
- <groupId>commons-logging</groupId>
- <artifactId>commons-logging</artifactId>
- <version>1.2</version>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-jcl</artifactId>
+ <version>2.18.0</version>
+ <exclusions>
+ <exclusion>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <!-- SLF4J-Log4j2 bridge for third-party libraries -->
+ <dependency>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-slf4j-impl</artifactId>
+ <version>2.18.0</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>jcl-over-slf4j</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <!-- Log4j2 core implementation -->
+ <dependency>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-core</artifactId>
+ <version>2.18.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-api</artifactId>
+ <version>2.18.0</version>
</dependency>
</dependencies>
diff --git
a/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java
b/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java
index 2eb64de1..e4b3450a 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java
@@ -29,6 +29,8 @@ import org.apache.axis2.wsdl.WSDLConstants;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.RahasConstants;
+import org.apache.rahas.Token;
+import org.apache.rahas.TokenStorage;
import org.apache.rahas.TrustUtil;
import org.apache.rampart.builder.AsymmetricBindingBuilder;
import org.apache.rampart.builder.SymmetricBindingBuilder;
@@ -50,29 +52,111 @@ import org.w3c.dom.Node;
import javax.xml.namespace.QName;
public class MessageBuilder {
-
+
private static Log log = LogFactory.getLog(MessageBuilder.class);
+ private static final String VERSION_ID =
"2025-11-01-MESSAGEBUILDER-DEBUG-v2";
public void build(MessageContext msgCtx) throws WSSPolicyException,
RampartException, WSSecurityException, AxisFault {
+ // Log key message context properties that affect security header
creation
+ Object rampartPolicy =
msgCtx.getOptions().getProperty(RampartMessageData.KEY_RAMPART_POLICY);
+ Object customToken =
msgCtx.getOptions().getProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN);
+
+ if (log.isDebugEnabled()) {
+ String timestamp =
java.time.LocalDateTime.now().format(java.time.format.DateTimeFormatter.ofPattern("yyyy-MM-dd
HH:mm:ss.SSS"));
+ log.debug("=== MESSAGEBUILDER: Starting build for message ===");
+ log.debug("MessageBuilder TIMESTAMP: " + timestamp);
+ log.debug("MessageBuilder VERSION: " + VERSION_ID);
+ log.debug("MessageBuilder: Action = " +
msgCtx.getOptions().getAction());
+ log.debug("MessageBuilder: To = " + msgCtx.getOptions().getTo());
+ log.debug("MessageBuilder: Message flow = " + (msgCtx.getFLOW() ==
MessageContext.IN_FLOW ? "IN_FLOW" :
+
msgCtx.getFLOW() == MessageContext.OUT_FLOW ? "OUT_FLOW" :
+
msgCtx.getFLOW() == MessageContext.IN_FAULT_FLOW ? "IN_FAULT_FLOW" :
+
msgCtx.getFLOW() == MessageContext.OUT_FAULT_FLOW ? "OUT_FAULT_FLOW" :
"UNKNOWN"));
+
+ log.debug("MessageBuilder: RampartPolicy property = " +
(rampartPolicy != null ? "present" : "null"));
+ log.debug("MessageBuilder: CustomIssuedToken property = " +
(customToken != null ? customToken : "null"));
+ }
+
Axis2Util.useDOOM(true);
-
+
RampartMessageData rmd = new RampartMessageData(msgCtx, true);
-
-
+
+
RampartPolicyData rpd = rmd.getPolicyData();
- if(rpd == null || isSecurityValidationFault(msgCtx) ||
- !RampartUtil.isSecHeaderRequired(rpd,
rmd.isInitiator(),false)) {
-
+ log.debug("MessageBuilder: PolicyData available = " + (rpd != null));
+ if (rpd != null) {
+ log.debug("MessageBuilder: Policy has SupportingTokens = " +
(rpd.getSupportingTokens() != null));
+ log.debug("MessageBuilder: Policy binding type = " +
+ (rpd.isTransportBinding() ? "Transport" :
+ rpd.isSymmetricBinding() ? "Symmetric" :
+ rpd.isAsymmetricBinding() ? "Asymmetric" : "Unknown"));
+ log.debug("MessageBuilder: EncryptionToken = " +
(rpd.getEncryptionToken() != null ?
rpd.getEncryptionToken().getClass().getSimpleName() : "null"));
+ log.debug("MessageBuilder: SignatureToken = " +
(rpd.getSignatureToken() != null ?
rpd.getSignatureToken().getClass().getSimpleName() : "null"));
+
+ // Log additional custom issued token details
+ log.debug("MessageBuilder: Custom issued token present = " +
(customToken != null));
+ if (customToken != null) {
+ log.debug("MessageBuilder: Custom issued token value = " +
customToken);
+ }
+
+ // Check token storage
+ try {
+ TokenStorage tokenStorage = rmd.getTokenStorage();
+ log.debug("MessageBuilder: TokenStorage available = " +
(tokenStorage != null));
+ if (tokenStorage != null && customToken != null) {
+ Token token = tokenStorage.getToken((String)customToken);
+ log.debug("MessageBuilder: Token found in storage = " +
(token != null));
+ if (token != null) {
+ log.debug("MessageBuilder: Token ID = " +
token.getId());
+ log.debug("MessageBuilder: Token has secret = " +
(token.getSecret() != null));
+ }
+ }
+ } catch (Exception e) {
+ log.debug("MessageBuilder: Error checking token storage: " +
e.getMessage());
+ }
+ }
+ log.debug("MessageBuilder: isInitiator = " + rmd.isInitiator());
+ log.debug("MessageBuilder: isSecurityValidationFault = " +
isSecurityValidationFault(msgCtx));
+
+ boolean secHeaderRequired = rpd != null ?
RampartUtil.isSecHeaderRequired(rpd, rmd.isInitiator(),false) : false;
+ if (log.isDebugEnabled()) {
+ log.debug("MessageBuilder: isSecHeaderRequired = " +
secHeaderRequired);
+ }
+
+ if(rpd == null || isSecurityValidationFault(msgCtx) ||
!secHeaderRequired) {
+ log.warn("MessageBuilder: EARLY RETURN - No security header will
be added");
+ log.warn("MessageBuilder: rpd null = " + (rpd == null));
+ log.warn("MessageBuilder: validation fault = " +
isSecurityValidationFault(msgCtx));
+ log.warn("MessageBuilder: sec header not required = " +
!secHeaderRequired);
+ if (rpd != null && !secHeaderRequired) {
+ log.warn("MessageBuilder: Policy exists but sec header not
required - diagnosing policy");
+ log.warn("MessageBuilder: isInitiator = " + rmd.isInitiator());
+ log.warn("MessageBuilder: Policy binding type = " +
+ (rpd.isTransportBinding() ? "Transport" :
+ rpd.isSymmetricBinding() ? "Symmetric" :
+ rpd.isAsymmetricBinding() ? "Asymmetric" : "Unknown"));
+ log.warn("MessageBuilder: Policy includeTimestamp = " +
rpd.isIncludeTimestamp());
+ }
+
WSSecHeader secHeader = rmd.getSecHeader();
-
+
if ( secHeader != null && secHeader.isEmpty() ) {
secHeader.removeSecurityHeader();
}
-
+
return;
}
+
+ if (log.isDebugEnabled()) {
+ log.debug("MessageBuilder: PROCEEDING to add security header");
+ log.debug("MessageBuilder: isInitiator = " + rmd.isInitiator());
+ log.debug("MessageBuilder: Policy binding type = " +
+ (rpd.isTransportBinding() ? "Transport" :
+ rpd.isSymmetricBinding() ? "Symmetric" :
+ rpd.isAsymmetricBinding() ? "Asymmetric" : "Unknown"));
+ }
//Copy the RECV_RESULTS if available
if(!rmd.isInitiator()) {
@@ -134,27 +218,68 @@ public class MessageBuilder {
}
if(rpd.isTransportBinding()) {
- log.debug("Building transport binding");
+ log.debug("MessageBuilder: Building transport binding");
TransportBindingBuilder building = new TransportBindingBuilder();
building.build(rmd);
+ log.debug("MessageBuilder: TransportBinding build completed");
} else if(rpd.isSymmetricBinding()) {
- log.debug("Building SymmetricBinding");
+ log.debug("MessageBuilder: Building SymmetricBinding");
SymmetricBindingBuilder builder = new SymmetricBindingBuilder();
- builder.build(rmd);
+ try {
+ builder.build(rmd);
+ log.debug("MessageBuilder: SymmetricBinding build completed
successfully");
+ } catch (Exception e) {
+ log.debug("MessageBuilder: SymmetricBinding build FAILED: " +
e.getMessage());
+ e.printStackTrace();
+ throw e;
+ }
} else {
+ log.debug("MessageBuilder: Building AsymmetricBinding");
AsymmetricBindingBuilder builder = new AsymmetricBindingBuilder();
- builder.build(rmd);
+ try {
+ builder.build(rmd);
+ log.debug("MessageBuilder: AsymmetricBinding build completed
successfully");
+ } catch (Exception e) {
+ log.debug("MessageBuilder: AsymmetricBinding build FAILED: " +
e.getMessage());
+ e.printStackTrace();
+ throw e;
+ }
}
//TODO remove following check, we don't need this check here as we do a
check to see whether
// security header required
WSSecHeader secHeader = rmd.getSecHeader();
-
- if ( secHeader != null && secHeader.isEmpty() ) {
- secHeader.removeSecurityHeader();
+ if (log.isDebugEnabled()) {
+ log.debug("MessageBuilder: Final security header check");
+ log.debug("MessageBuilder: Security header present = " + (secHeader
!= null));
+ if (secHeader != null) {
+ boolean isEmpty = secHeader.isEmpty();
+ log.debug("MessageBuilder: Security header empty = " + isEmpty);
+ if (isEmpty) {
+ log.debug("MessageBuilder: REMOVING empty security header");
+ } else {
+ log.debug("MessageBuilder: Security header retained (has
content)");
+ }
+ } else {
+ log.debug("MessageBuilder: No security header was created!");
+ }
}
-
+
+
+ // Log the final envelope being built
+ if (log.isDebugEnabled()) {
+ try {
+ log.debug("=== MESSAGEBUILDER: Final SOAP envelope being sent
===");
+ log.debug("MessageBuilder: Action = " + msgCtx.getWSAAction());
+ log.debug("MessageBuilder: Final envelope content:");
+ log.debug(msgCtx.getEnvelope().toString());
+ log.debug("=== END SOAP envelope ===");
+ } catch (Exception e) {
+ log.debug("MessageBuilder: Could not log envelope: " +
e.getMessage());
+ }
+ }
+
/*
* Checking whether MTOMSerializable is there. If so set
optimizeElement.
* */
diff --git
a/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
b/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
index 3eb6d204..540fdf1a 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
@@ -72,11 +72,29 @@ public class RampartEngine {
private static Log tlog = LogFactory.getLog(RampartConstants.TIME_LOG);
private static ServiceNonceCache serviceNonceCache = new
ServiceNonceCache();
+
public List<WSSecurityEngineResult> process(MessageContext msgCtx)
throws WSSPolicyException,
RampartException, WSSecurityException, AxisFault {
+ if (log.isDebugEnabled()) {
+ log.debug("RampartEngine: Processing incoming message");
+ log.debug("RampartEngine: Initial SOAP envelope
received:");
+ try {
+ log.debug(msgCtx.getEnvelope().toString());
+ } catch (Exception e) {
+ log.debug("RampartEngine: Could not log initial
envelope: " + e.getMessage());
+ }
+ }
+
+ if (log.isDebugEnabled()) {
+ String timestamp =
java.time.LocalDateTime.now().format(java.time.format.DateTimeFormatter.ofPattern("yyyy-MM-dd
HH:mm:ss.SSS"));
+ log.debug("Processing message - timestamp: " +
timestamp);
+ log.debug("Action = " + (msgCtx.getOptions() != null ?
msgCtx.getOptions().getAction() : "null"));
+ log.debug("To = " + (msgCtx.getOptions() != null ?
msgCtx.getOptions().getTo() : "null"));
+ }
+
boolean dotDebug = tlog.isDebugEnabled();
-
+
log.debug("Enter process(MessageContext msgCtx)");
RampartMessageData rmd = new RampartMessageData(msgCtx, false);
@@ -238,6 +256,15 @@ public class RampartEngine {
}
if(secHeader == null) {
+ if (log.isDebugEnabled()) {
+ log.debug("RampartEngine: No security header found in
received message");
+ log.debug("RampartEngine: Received SOAP envelope:");
+ try {
+ log.debug(msgCtx.getEnvelope().toString());
+ } catch (Exception e) {
+ log.debug("RampartEngine: Could not log envelope: "
+ e.getMessage());
+ }
+ }
throw new RampartException("missingSecurityHeader");
}
@@ -417,7 +444,90 @@ public class RampartEngine {
}
}
- return engine.processSecurityHeader(rmd.getDocument(), requestData);
+ // CRITICAL FIX: Ensure WSS4J OpenSAML is initialized right before
SAML processing
+ // This addresses timing issues where initialization in
RampartMessageData isn't sufficient
+ try {
+ if (log.isDebugEnabled()) {
+ log.debug("Ensuring WSS4J OpenSAML initialization before
processSecurityHeader");
+ }
+ Class<?> openSAMLUtilClass =
Class.forName("org.apache.wss4j.common.saml.OpenSAMLUtil");
+
+ // Check state BEFORE initialization
+ java.lang.reflect.Field factoryField =
openSAMLUtilClass.getDeclaredField("unmarshallerFactory");
+ factoryField.setAccessible(true);
+ Object factoryBefore = factoryField.get(null);
+ if (log.isDebugEnabled()) {
+ log.debug("OpenSAMLUtil.unmarshallerFactory BEFORE init: " +
factoryBefore);
+ }
+
+ try {
+ java.lang.reflect.Method initMethod =
openSAMLUtilClass.getDeclaredMethod("initSamlEngine");
+ initMethod.setAccessible(true);
+ initMethod.invoke(null);
+ } catch (NoSuchMethodException e) {
+ if (log.isDebugEnabled()) {
+ log.debug("initSamlEngine method not found, will use
manual initialization");
+ }
+ }
+
+ // Check state AFTER initSamlEngine attempt
+ Object factoryAfter = factoryField.get(null);
+ if (log.isDebugEnabled()) {
+ log.debug("OpenSAMLUtil.unmarshallerFactory AFTER
initSamlEngine: " + factoryAfter);
+ }
+
+ if (factoryAfter == null) {
+ log.info("initSamlEngine failed, performing manual factory
initialization");
+
+ // Manual initialization: Get factories from properly
initialized OpenSAML and set them directly
+ org.opensaml.core.xml.io.UnmarshallerFactory
unmarshallerFactory =
org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport.getUnmarshallerFactory();
+ org.opensaml.core.xml.io.MarshallerFactory marshallerFactory =
org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport.getMarshallerFactory();
+
+ // Set the factories directly in OpenSAMLUtil static fields
+ java.lang.reflect.Field unmarshallerFactoryField =
openSAMLUtilClass.getDeclaredField("unmarshallerFactory");
+ unmarshallerFactoryField.setAccessible(true);
+ unmarshallerFactoryField.set(null, unmarshallerFactory);
+
+ java.lang.reflect.Field marshallerFactoryField =
openSAMLUtilClass.getDeclaredField("marshallerFactory");
+ marshallerFactoryField.setAccessible(true);
+ marshallerFactoryField.set(null, marshallerFactory);
+
+ // Verify manual initialization worked
+ Object factoryFinal = factoryField.get(null);
+ if (log.isDebugEnabled()) {
+ log.debug("OpenSAMLUtil.unmarshallerFactory AFTER manual
init: " + factoryFinal);
+ }
+
+ if (factoryFinal != null) {
+ log.info("Manual WSS4J OpenSAML factory initialization
successful");
+ } else {
+ log.warn("Manual factory initialization failed -
OpenSAMLUtil.unmarshallerFactory is still null");
+ }
+ } else {
+ if (log.isDebugEnabled()) {
+ log.debug("initSamlEngine worked properly");
+ }
+ }
+ } catch (Exception e) {
+ log.warn("WSS4J OpenSAML initialization failed: " +
e.getMessage(), e);
+ }
+
+ WSHandlerResult result =
engine.processSecurityHeader(rmd.getDocument(), requestData);
+
+ // DEBUG: Check OpenSAMLUtil state AFTER processSecurityHeader to see
if it gets corrupted
+ if (log.isDebugEnabled()) {
+ try {
+ Class<?> openSAMLUtilClass =
Class.forName("org.apache.wss4j.common.saml.OpenSAMLUtil");
+ java.lang.reflect.Field factoryField =
openSAMLUtilClass.getDeclaredField("unmarshallerFactory");
+ factoryField.setAccessible(true);
+ Object factoryAfterProcessing = factoryField.get(null);
+ log.debug("OpenSAMLUtil.unmarshallerFactory AFTER
processSecurityHeader: " + factoryAfterProcessing);
+ } catch (Exception e) {
+ log.debug("Error checking factory after processing: " +
e.getMessage());
+ }
+ }
+
+ return result;
}
// Check whether this a soap fault because of failure in processing the
security header
diff --git
a/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
b/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
index 58c3c7f7..e2a122f9 100644
---
a/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
+++
b/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
@@ -18,6 +18,8 @@ package org.apache.rampart;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.context.OperationContext;
@@ -68,7 +70,9 @@ import java.util.Collection;
import java.util.List;
public class RampartMessageData {
-
+
+ private static Log log = LogFactory.getLog(RampartMessageData.class);
+
/**
* Axis2 parameter name to be used in the client's axis2 xml
*/
@@ -211,6 +215,36 @@ public class RampartMessageData {
try {
+ // CRITICAL FIX: Initialize WSS4J before creating WSSConfig to
ensure OpenSAML integration works
+ // This prevents OpenSAMLUtil.unmarshallerFactory from being null
when processing SAML assertions
+ if (log.isDebugEnabled()) {
+ log.debug("WSS4J initialization starting");
+ }
+ WSSConfig.init();
+ org.apache.xml.security.Init.init();
+ if (log.isDebugEnabled()) {
+ log.debug("Basic WSS4J initialization complete");
+ }
+
+ // Initialize WSS4J's OpenSAML integration specifically
+ try {
+ if (log.isDebugEnabled()) {
+ log.debug("Starting OpenSAML initialization");
+ }
+ org.opensaml.core.config.InitializationService.initialize();
+
+ // Call WSS4J's OpenSAMLUtil initialization method
+ Class<?> openSAMLUtilClass =
Class.forName("org.apache.wss4j.common.saml.OpenSAMLUtil");
+ java.lang.reflect.Method initMethod =
openSAMLUtilClass.getDeclaredMethod("initSamlEngine");
+ initMethod.setAccessible(true);
+ initMethod.invoke(null);
+ if (log.isDebugEnabled()) {
+ log.debug("OpenSAMLUtil.initSamlEngine() called
successfully");
+ }
+ } catch (Exception e) {
+ log.warn("WSS4J OpenSAML initialization failed: " +
e.getMessage(), e);
+ }
+
// Set the WSSConfig
this.config = WSSConfig.getNewInstance();
diff --git
a/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
b/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
index 274a9331..b5124783 100644
---
a/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
+++
b/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
@@ -93,16 +93,17 @@ public abstract class BindingBuilder {
* @param rmd RampartMessageData
*/
protected void addTimestamp(RampartMessageData rmd) {
- log.debug("Adding timestamp");
+ log.debug("BindingBuilder: Adding timestamp");
WSSecTimestamp timestampBuilder = new
WSSecTimestamp(rmd.getSecHeader());
timestampBuilder.setTimeToLive(RampartUtil.getTimeToLive(rmd));
-
+
// add the Timestamp to the SOAP Enevelope
timestampBuilder.build();
+ log.info("BindingBuilder: Timestamp added with id: " +
timestampBuilder.getId());
if (log.isDebugEnabled()) {
log.debug("Timestamp id: " + timestampBuilder.getId());
}
diff --git
a/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
b/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
index b36ef39b..85b6b701 100644
---
a/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
+++
b/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
@@ -34,6 +34,7 @@ import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.message.WSSecDKEncrypt;
+import org.apache.wss4j.dom.message.WSSecHeader;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.wss4j.dom.message.WSSecEncrypt;
import org.apache.wss4j.dom.message.WSSecEncryptedKey;
@@ -67,23 +68,89 @@ public class SymmetricBindingBuilder extends BindingBuilder
{
log.debug("SymmetricBindingBuilder build invoked");
+ if (log.isDebugEnabled()) {
+ String timestamp =
java.time.LocalDateTime.now().format(java.time.format.DateTimeFormatter.ofPattern("yyyy-MM-dd
HH:mm:ss.SSS"));
+ log.debug("Starting symmetric binding build - timestamp: " +
timestamp);
+ log.debug("Action = " + (rmd.getMsgContext().getOptions() != null
? rmd.getMsgContext().getOptions().getAction() : "null"));
+ log.debug("isInitiator = " + rmd.isInitiator());
+ }
+
RampartPolicyData rpd = rmd.getPolicyData();
+
+ if (log.isDebugEnabled()) {
+ log.debug("ProtectionOrder = " + rpd.getProtectionOrder());
+ log.debug("IncludeTimestamp = " + rpd.isIncludeTimestamp());
+ }
+
if(rpd.isIncludeTimestamp()) {
+ if (log.isDebugEnabled()) {
+ log.debug("SymmetricBindingBuilder: Adding timestamp");
+ }
this.addTimestamp(rmd);
+ if (log.isDebugEnabled()) {
+ log.debug("SymmetricBindingBuilder: Timestamp added
successfully");
+ }
}
-
+
if(rmd.isInitiator()) {
+ if (log.isDebugEnabled()) {
+ log.debug("SymmetricBindingBuilder: Initializing tokens
(initiator)");
+ }
//Setup required tokens
initializeTokens(rmd);
+ if (log.isDebugEnabled()) {
+ log.debug("SymmetricBindingBuilder: Token initialization
completed");
+ }
}
-
-
-
if(SPConstants.ENCRYPT_BEFORE_SIGNING.equals(rpd.getProtectionOrder())) {
- this.doEncryptBeforeSig(rmd);
- } else {
- this.doSignBeforeEncrypt(rmd);
+
+
+ try {
+
if(SPConstants.ENCRYPT_BEFORE_SIGNING.equals(rpd.getProtectionOrder())) {
+ if (log.isDebugEnabled()) {
+ log.debug("SymmetricBindingBuilder: Doing encrypt before
sign");
+ }
+ this.doEncryptBeforeSig(rmd);
+ if (log.isDebugEnabled()) {
+ log.debug("SymmetricBindingBuilder: Encrypt before sign
completed successfully");
+ }
+ } else {
+ if (log.isDebugEnabled()) {
+ log.debug("SymmetricBindingBuilder: Doing sign before
encrypt");
+ }
+ this.doSignBeforeEncrypt(rmd);
+ if (log.isDebugEnabled()) {
+ log.debug("SymmetricBindingBuilder: Sign before encrypt
completed successfully");
+ }
+ }
+ } catch (Exception e) {
+ log.error("SymmetricBindingBuilder: ERROR in protection order
processing: " + e.getMessage(), e);
+ throw e;
}
+ // Final security header check
+ if (log.isDebugEnabled()) {
+ log.debug("=== SYMMETRICBINDINGBUILDER: Final security header
status ===");
+ WSSecHeader secHeader = rmd.getSecHeader();
+ if (secHeader != null) {
+ log.debug("SymmetricBindingBuilder: Security header exists");
+ try {
+ log.debug("SymmetricBindingBuilder: Security header
isEmpty = " + secHeader.isEmpty());
+ Element secHeaderElem =
secHeader.getSecurityHeaderElement();
+ if (secHeaderElem != null) {
+ log.debug("SymmetricBindingBuilder: Security header
element exists");
+ log.debug("SymmetricBindingBuilder: Security header
element hasChildNodes = " + secHeaderElem.hasChildNodes());
+ log.debug("SymmetricBindingBuilder: Security header
element childCount = " + secHeaderElem.getChildNodes().getLength());
+ } else {
+ log.debug("SymmetricBindingBuilder: Security header
element is NULL");
+ }
+ } catch (Exception e) {
+ log.debug("SymmetricBindingBuilder: Error checking
security header: " + e.getMessage());
+ }
+ } else {
+ log.debug("SymmetricBindingBuilder: Security header is NULL");
+ }
+ log.debug("SymmetricBindingBuilder: Build completed successfully");
+ }
log.debug("SymmetricBindingBuilder build invoked : DONE");
}
@@ -804,32 +871,80 @@ public class SymmetricBindingBuilder extends
BindingBuilder {
* @throws RampartException
*/
private void initializeTokens(RampartMessageData rmd) throws
RampartException {
-
+
+ if (log.isDebugEnabled()) {
+ String timestamp =
java.time.LocalDateTime.now().format(java.time.format.DateTimeFormatter.ofPattern("yyyy-MM-dd
HH:mm:ss.SSS"));
+ log.debug("=== SYMMETRICBINDINGBUILDER: initializeTokens ===");
+ log.debug("initializeTokens TIMESTAMP: " + timestamp);
+ }
+
RampartPolicyData rpd = rmd.getPolicyData();
-
+
MessageContext msgContext = rmd.getMsgContext();
+ if (log.isDebugEnabled()) {
+ log.debug("initializeTokens: isSymmetricBinding = " +
rpd.isSymmetricBinding());
+ log.debug("initializeTokens: isServerSide = " +
msgContext.isServerSide());
+ log.debug("initializeTokens: Action = " + (msgContext.getOptions()
!= null ? msgContext.getOptions().getAction() : "null"));
+
+ // Check for custom issued token
+ Object customTokenId = msgContext.getProperty("customIssuedToken");
+ log.debug("initializeTokens: Custom issued token = " +
customTokenId);
+ }
+
if(rpd.isSymmetricBinding() && !msgContext.isServerSide()) {
+ if (log.isDebugEnabled()) {
+ log.debug("initializeTokens: Processing symmetric binding
client-side");
+ }
if (log.isDebugEnabled()) {
log.debug("Processing symmetric binding: " +
"Setting up encryption token and signature token");
}
//Setting up encryption token and signature token
-
+
Token sigTok = rpd.getSignatureToken();
Token encrTok = rpd.getEncryptionToken();
+
+ if (log.isDebugEnabled()) {
+ log.debug("initializeTokens: SignatureToken type = " + (sigTok
!= null ? sigTok.getClass().getSimpleName() : "null"));
+ log.debug("initializeTokens: EncryptionToken type = " +
(encrTok != null ? encrTok.getClass().getSimpleName() : "null"));
+ }
+
if(sigTok instanceof IssuedToken) {
- log.debug("SignatureToken is an IssuedToken");
+ if (log.isDebugEnabled()) {
+ log.debug("initializeTokens: SignatureToken is an
IssuedToken");
+ log.debug("initializeTokens: Current
IssuedSignatureTokenId = " + rmd.getIssuedSignatureTokenId());
+ }
+
if(rmd.getIssuedSignatureTokenId() == null) {
- log.debug("No Issuedtoken found, requesting a new token");
+ if (log.isDebugEnabled()) {
+ log.debug("initializeTokens: No existing issued token
found, requesting a new token");
+ }
IssuedToken issuedToken = (IssuedToken)sigTok;
-
- String id = RampartUtil.getIssuedToken(rmd,
- issuedToken);
- rmd.setIssuedSignatureTokenId(id);
-
+ if (log.isDebugEnabled()) {
+ log.debug("initializeTokens: About to call
RampartUtil.getIssuedToken()");
+ }
+
+ try {
+ String id = RampartUtil.getIssuedToken(rmd,
issuedToken);
+ if (log.isDebugEnabled()) {
+ log.debug("initializeTokens:
RampartUtil.getIssuedToken() returned id = " + id);
+ }
+ rmd.setIssuedSignatureTokenId(id);
+ if (log.isDebugEnabled()) {
+ log.debug("initializeTokens: Set
IssuedSignatureTokenId = " + id);
+ }
+ } catch (Exception e) {
+ log.error("initializeTokens: ERROR in getIssuedToken:
" + e.getMessage(), e);
+ throw e;
+ }
+
+ } else {
+ if (log.isDebugEnabled()) {
+ log.debug("initializeTokens: Using existing
IssuedSignatureTokenId = " + rmd.getIssuedSignatureTokenId());
+ }
}
-
+
} else if(sigTok instanceof SecureConversationToken) {
log.debug("SignatureToken is a SecureConversationToken");
diff --git
a/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
b/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
index 4ab54e4f..5e37596f 100644
---
a/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
+++
b/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
@@ -73,11 +73,15 @@ public class TransportBindingBuilder extends BindingBuilder
{
if(tlog.isDebugEnabled()){
t1 = System.currentTimeMillis();
}
-
+
RampartPolicyData rpd = rmd.getPolicyData();
-
+
if (rpd.isIncludeTimestamp()) {
+ log.info("TransportBindingBuilder: Adding timestamp");
addTimestamp(rmd);
+ log.info("TransportBindingBuilder: Timestamp added successfully");
+ } else {
+ log.info("TransportBindingBuilder: No timestamp required");
}
/*
@@ -164,7 +168,9 @@ public class TransportBindingBuilder extends BindingBuilder
{
} else {
addSignatureConfirmation(rmd, null);
}
-
+
+ log.debug("TransportBindingBuilder: Build completed successfully");
+
if(tlog.isDebugEnabled()){
t1 = System.currentTimeMillis();
tlog.debug("Transport binding build took "+ (t1 - t0));
diff --git
a/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java
b/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java
index 3b8d0a4b..4703de24 100644
---
a/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java
+++
b/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java
@@ -79,9 +79,20 @@ public class RampartReceiver implements Handler {
}
public InvocationResponse invoke(MessageContext msgContext) throws
AxisFault {
-
+
+ if (mlog.isDebugEnabled()) {
+ String timestamp =
java.time.LocalDateTime.now().format(java.time.format.DateTimeFormatter.ofPattern("yyyy-MM-dd
HH:mm:ss.SSS"));
+ mlog.debug("=== RAMPARTRECEIVER: Processing incoming request ===");
+ mlog.debug("RampartReceiver TIMESTAMP: " + timestamp);
+ mlog.debug("RampartReceiver: Action = " + (msgContext.getOptions()
!= null ? msgContext.getOptions().getAction() : "null"));
+ mlog.debug("RampartReceiver: To = " + (msgContext.getOptions() !=
null ? msgContext.getOptions().getTo() : "null"));
+ }
+
if (!msgContext.isEngaged(WSSHandlerConstants.SECURITY_MODULE_NAME)) {
- return InvocationResponse.CONTINUE;
+ if (mlog.isDebugEnabled()) {
+ mlog.debug("RampartReceiver: Security module not engaged,
continuing");
+ }
+ return InvocationResponse.CONTINUE;
}
if(mlog.isDebugEnabled()){
@@ -89,16 +100,50 @@ public class RampartReceiver implements Handler {
+ msgContext.getEnvelope());
}
+ if(mlog.isDebugEnabled()){
+ mlog.debug("RampartReceiver: Processing incoming message");
+ mlog.debug("RampartReceiver: Action = " +
msgContext.getOptions().getAction());
+ mlog.debug("RampartReceiver: To = " +
msgContext.getOptions().getTo());
+ mlog.debug("RampartReceiver: Message flow = " +
(msgContext.getFLOW() == MessageContext.IN_FLOW ? "IN_FLOW" :
+
msgContext.getFLOW() == MessageContext.OUT_FLOW ? "OUT_FLOW" :
+
msgContext.getFLOW() == MessageContext.IN_FAULT_FLOW ? "IN_FAULT_FLOW" :
+
msgContext.getFLOW() == MessageContext.OUT_FAULT_FLOW ? "OUT_FAULT_FLOW" :
"UNKNOWN"));
+ try {
+ mlog.debug("RampartReceiver: Incoming envelope:");
+ mlog.debug(msgContext.getEnvelope().toString());
+ } catch (Exception e) {
+ mlog.debug("RampartReceiver: Could not log envelope: " +
e.getMessage());
+ }
+ }
+
RampartEngine engine = new RampartEngine();
List<WSSecurityEngineResult> wsResult = null;
try {
+ if(mlog.isDebugEnabled()){
+ mlog.debug("RampartReceiver: About to call
RampartEngine.process()");
+ }
wsResult = engine.process(msgContext);
+ if(mlog.isDebugEnabled()){
+ mlog.debug("RampartReceiver: RampartEngine.process() completed
successfully");
+ }
} catch (WSSecurityException e) {
+ if(mlog.isDebugEnabled()){
+ mlog.debug("RampartReceiver: WSSecurityException in
RampartEngine.process(): " + e.getMessage());
+ e.printStackTrace();
+ }
setFaultCodeAndThrowAxisFault(msgContext, e);
} catch (WSSPolicyException e) {
+ if(mlog.isDebugEnabled()){
+ mlog.debug("RampartReceiver: WSSPolicyException in
RampartEngine.process(): " + e.getMessage());
+ e.printStackTrace();
+ }
setFaultCodeAndThrowAxisFault(msgContext, e);
} catch (RampartException e) {
+ if(mlog.isDebugEnabled()){
+ mlog.debug("RampartReceiver: RampartException in
RampartEngine.process(): " + e.getMessage());
+ e.printStackTrace();
+ }
setFaultCodeAndThrowAxisFault(msgContext, e);
}
diff --git
a/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
b/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
index 5f8cc5b2..9bf2a2e2 100644
---
a/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
+++
b/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
@@ -1673,74 +1673,121 @@ public class RampartUtil {
* @return boolean true if a security header is required in the incoming
message
*/
public static boolean isSecHeaderRequired(RampartPolicyData rpd, boolean
initiator, boolean inflow ) {
-
+
+ if (log.isDebugEnabled()) {
+ String timestamp =
java.time.LocalDateTime.now().format(java.time.format.DateTimeFormatter.ofPattern("yyyy-MM-dd
HH:mm:ss.SSS"));
+ log.debug("RampartUtil.isSecHeaderRequired TIMESTAMP: " +
timestamp);
+ log.debug("RampartUtil.isSecHeaderRequired: initiator=" +
initiator + ", inflow=" + inflow);
+ }
+
// Checking for time stamp
if ( rpd.isIncludeTimestamp() ) {
+ if (log.isDebugEnabled()) {
+ log.debug("RampartUtil.isSecHeaderRequired: TRUE - timestamp
required");
+ }
return true;
- }
-
+ } else {
+ if (log.isDebugEnabled()) {
+ log.debug("RampartUtil.isSecHeaderRequired: No timestamp
required");
+ }
+ }
+
// Checking for signed parts and elements
- if (rpd.isSignBody() || rpd.getSignedParts().size() != 0 ||
+ if (rpd.isSignBody() || rpd.getSignedParts().size() != 0 ||
rpd.getSignedElements().size() != 0) {
+ if (log.isDebugEnabled()) {
+ log.debug("RampartUtil.isSecHeaderRequired: TRUE - signing
required (signBody=" + rpd.isSignBody() +
+ ", signedParts=" + rpd.getSignedParts().size() + ",
signedElements=" + rpd.getSignedElements().size() + ")");
+ }
return true;
+ } else {
+ log.debug("RampartUtil.isSecHeaderRequired: No signing required");
}
-
+
// Checking for encrypted parts and elements
- if (rpd.isEncryptBody() || rpd.getEncryptedParts().size() != 0 ||
+ if (rpd.isEncryptBody() || rpd.getEncryptedParts().size() != 0 ||
rpd.getEncryptedElements().size() != 0 ) {
+ log.debug("RampartUtil.isSecHeaderRequired: TRUE - encryption
required (encryptBody=" + rpd.isEncryptBody() +
+ ", encryptedParts=" + rpd.getEncryptedParts().size() +
", encryptedElements=" + rpd.getEncryptedElements().size() + ")");
return true;
- }
-
+ } else {
+ log.debug("RampartUtil.isSecHeaderRequired: No encryption
required");
+ }
+
// Checking for supporting tokens
SupportingToken supportingTokens;
-
- if (!initiator && inflow || initiator && !inflow ) {
-
+
+ boolean supportingTokenCondition = (!initiator && inflow) ||
(initiator && !inflow);
+ log.debug("RampartUtil.isSecHeaderRequired: Supporting token condition
(" + supportingTokenCondition + ") = (!initiator && inflow) || (initiator &&
!inflow) = " +
+ "(!" + initiator + " && " + inflow + ") || (" + initiator +
" && !" + inflow + ")");
+
+ if (supportingTokenCondition) {
+
List<SupportingToken> supportingToks =
rpd.getSupportingTokensList();
+ log.debug("RampartUtil.isSecHeaderRequired: SupportingTokensList
size = " + (supportingToks != null ? supportingToks.size() : "null"));
for (SupportingToken supportingTok : supportingToks) {
if (supportingTok != null && supportingTok.getTokens().size()
!= 0) {
+ log.debug("RampartUtil.isSecHeaderRequired: TRUE -
supporting tokens found");
return true;
}
}
-
+
supportingTokens = rpd.getSignedSupportingTokens();
if (supportingTokens != null &&
supportingTokens.getTokens().size() != 0) {
+ log.debug("RampartUtil.isSecHeaderRequired: TRUE - signed
supporting tokens found");
return true;
}
-
+
supportingTokens = rpd.getEndorsingSupportingTokens();
if (supportingTokens != null &&
supportingTokens.getTokens().size() != 0) {
+ log.debug("RampartUtil.isSecHeaderRequired: TRUE - endorsing
supporting tokens found");
return true;
}
-
+
supportingTokens = rpd.getSignedEndorsingSupportingTokens();
if (supportingTokens != null &&
supportingTokens.getTokens().size() != 0) {
+ log.debug("RampartUtil.isSecHeaderRequired: TRUE - signed
endorsing supporting tokens found");
return true;
}
-
+
supportingTokens = rpd.getEncryptedSupportingTokens();
if (supportingTokens != null &&
supportingTokens.getTokens().size() != 0) {
+ log.debug("RampartUtil.isSecHeaderRequired: TRUE - encrypted
supporting tokens found");
return true;
}
-
+
supportingTokens = rpd.getSignedEncryptedSupportingTokens();
if (supportingTokens != null &&
supportingTokens.getTokens().size() != 0) {
+ log.debug("RampartUtil.isSecHeaderRequired: TRUE - signed
encrypted supporting tokens found");
return true;
}
-
+
supportingTokens = rpd.getEndorsingEncryptedSupportingTokens();
if (supportingTokens != null &&
supportingTokens.getTokens().size() != 0) {
+ log.debug("RampartUtil.isSecHeaderRequired: TRUE - endorsing
encrypted supporting tokens found");
return true;
}
-
+
supportingTokens =
rpd.getSignedEndorsingEncryptedSupportingTokens();
if (supportingTokens != null &&
supportingTokens.getTokens().size() != 0) {
+ log.debug("RampartUtil.isSecHeaderRequired: TRUE - signed
endorsing encrypted supporting tokens found");
return true;
}
+
+ log.debug("RampartUtil.isSecHeaderRequired: No supporting tokens
found despite condition being true");
+ } else {
+ log.debug("RampartUtil.isSecHeaderRequired: Supporting token
condition is false, skipping token checks");
+ }
+
+ if (log.isDebugEnabled()) {
+ log.debug("RampartUtil.isSecHeaderRequired: FALSE - no security
header requirements found");
+ log.debug("RampartUtil: includeTimestamp = " +
rpd.isIncludeTimestamp());
+ log.debug("RampartUtil: signBody = " + rpd.isSignBody());
+ log.debug("RampartUtil: signedParts.size = " +
rpd.getSignedParts().size());
+ log.debug("RampartUtil: signedElements.size = " +
rpd.getSignedElements().size());
}
-
return false;
-
+
}
public static void handleEncryptedSignedHeaders(List<WSEncryptionPart>
encryptedParts,
diff --git
a/modules/rampart-core/src/main/resources/org/apache/rampart/errors.properties
b/modules/rampart-core/src/main/resources/org/apache/rampart/errors.properties
index 1231c2c4..cf5ed2b4 100644
---
a/modules/rampart-core/src/main/resources/org/apache/rampart/errors.properties
+++
b/modules/rampart-core/src/main/resources/org/apache/rampart/errors.properties
@@ -69,7 +69,7 @@ noSecurityToken = Missing security token
noSecurityResults= No security processing results from the incoming message
missingEncryptedKeyInRequest=There was no EncryptedKey in the request message
rampartConigMissing = Please include configured RampartConfiguration assertion
in policy
-missingSecurityHeader = Missing wsse:Security header in request
+missingSecurityHeader = Unable to locate or process wsse:Security header in
request (header may be missing, malformed, or processing failed due to
configuration/dependency issues)
missingSOAPHeader = SOAP header missing
clientAuthRequired= Service requires SSL mutual authentication
diff --git a/modules/rampart-integration/src/test/resources/log4j.properties
b/modules/rampart-integration/src/test/resources/log4j.properties
deleted file mode 100644
index b81a5b4b..00000000
--- a/modules/rampart-integration/src/test/resources/log4j.properties
+++ /dev/null
@@ -1,31 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
-log4j.rootCategory=ERROR, CONSOLE
-
-log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
-log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
-log4j.appender.CONSOLE.layout.ConversionPattern=%d %-5p %c - %m%n
-
-log4j.appender.JETTY=org.apache.log4j.ConsoleAppender
-log4j.appender.JETTY.layout=org.apache.log4j.PatternLayout
-log4j.appender.JETTY.layout.ConversionPattern=[%C{1}] - %m%n
-
-log4j.category.org.apache.axis2.integration.JettyServer=INFO, JETTY
-log4j.additivity.org.apache.axis2.integration.JettyServer = false
diff --git a/modules/rampart-samples/README.txt
b/modules/rampart-samples/README.txt
index 6a3d3767..d0b8b7ba 100644
--- a/modules/rampart-samples/README.txt
+++ b/modules/rampart-samples/README.txt
@@ -12,10 +12,19 @@ This directory contains three sub directories:
- keys - The keystore files that contains the keys used by the samples
Please use Apache Ant with the build.xml file available in the top level
directory
-to copy all jars and mars to required places.
+to copy all jars and mars to required places. Simply execute the ant command
with
+no arguments.
- - Please copy log4j.jar to AXIS2_HOME/lib directory before trying out
samples.
+AXIS2_HOME must be set as an environment variable for the ant command to copy
the
+Rampart jars to AXIS2_HOME/lib.
- - Please follow the instructions on endorsing the default JAXP
implementation
- available in README.txt of this distribution before invoking
- Sample 08.(Issuing a SAML 2.0 Token)
+The policy samples each have an Ant target for both the client and server
+(SimpleHTTPServer from the Axis2 test suite) i.e. they need to run in separate
shells from the samples dir.
+
+For example, in one shell (repeat for samples 1-9):
+
+ant -buildfile policy/build.xml service.01
+
+Then in another shell:
+
+ant -buildfile policy/build.xml client.01
diff --git a/modules/rampart-samples/policy/build.xml
b/modules/rampart-samples/policy/build.xml
index ec42927a..ff60ff1c 100644
--- a/modules/rampart-samples/policy/build.xml
+++ b/modules/rampart-samples/policy/build.xml
@@ -32,18 +32,22 @@
<property name="sample.services.url"
value="http://localhost:${client.port}/axis2/services"/>
<property environment="env"/>
-
+
<property name="lib.dir" value="${env.AXIS2_HOME}/lib"/>
-
+
<property name="vmargs" value=""/>
-
+
<path id="runtime.classpath">
<fileset dir="${lib.dir}">
<include name="**/*.jar"/>
</fileset>
+ <!-- Include distribution lib directory if it exists (when running
from distribution) -->
+ <fileset dir="../../lib" erroronmissingdir="false">
+ <include name="**/*.jar"/>
+ </fileset>
<pathelement location="${env.AXIS2_HOME}/conf"/>
</path>
-
+
<target name="check.dependency" unless="env.AXIS2_HOME">
<echo message="AXIS2_HOME must be set"/>
</target>
diff --git a/modules/rampart-samples/policy/sample01/README.txt
b/modules/rampart-samples/policy/sample01/README.txt
index dd875945..ba148764 100644
--- a/modules/rampart-samples/policy/sample01/README.txt
+++ b/modules/rampart-samples/policy/sample01/README.txt
@@ -13,6 +13,13 @@ The policy included in the services.xml file has the
following comment :
If you uncomment this and deploy the service you will see the following error
message :
org.apache.axis2.AxisFault: Expected transport is "https" but incoming
transport found : "http"
-You can find a complete tutorial on transport level
-security here:
-http://wso2.org/library/3190
\ No newline at end of file
+For more information on transport level security with Apache Rampart,
+please refer to:
+- Apache Rampart Quick Start Guide: ../../../src/site/xdoc/quick-start.xml
+- Apache Rampart Configuration Guide:
../../../src/site/xdoc/rampartconfig-guide.xml
+
+The original WSO2 tutorial (http://wso2.org/library/3190) is no longer
available at that URL.
+For current WSO2 documentation that may contain similar content, check:
+- WSO2 Documentation: https://wso2.com/documentation/
+- WSO2 Technical Docs: https://docs.wso2.com/
+- WSO2 GitHub: https://github.com/wso2
\ No newline at end of file
diff --git a/modules/rampart-samples/policy/sample05/README.txt
b/modules/rampart-samples/policy/sample05/README.txt
index 3093c680..cb6ad6ef 100644
--- a/modules/rampart-samples/policy/sample05/README.txt
+++ b/modules/rampart-samples/policy/sample05/README.txt
@@ -3,9 +3,12 @@ WS-Trust - RST - Resquest Security Token Service - Issuing a
SAML token - issuin
When using this sample with the TCPMon to monitor the soap messages, you have
to use the
correct URL in the client code before build the sample 05.
-There is a known bug in OpenSAML-1.1.jar, which is used for implementing SAML
1.1 support in Rampart.
-So before you run this sample, please download the patched OpenSAML jar from
here[1], and replace it
-with the OpenSAML-1.1.jar in your $AXIS2_HOME/lib.
+This sample demonstrates WS-Trust RST (Request Security Token) for issuing
SAML tokens.
-[1] -
http://dist.wso2.org/maven2/opensaml/opensaml/1.1.406/opensaml-1.1.406.jar
+Note: This sample now uses OpenSAML 4.3.2 which is included with the current
Rampart distribution.
+The historical reference to OpenSAML 1.1.406 from WSO2's Maven repository is
no longer needed
+as the OpenSAML library has been significantly updated and the old bug has
been resolved.
+
+For current OpenSAML documentation, please refer to:
+- OpenSAML Documentation:
https://wiki.shibboleth.net/confluence/display/OS30/Home
diff --git
a/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/Client.java
b/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/Client.java
index a40f96b0..7857f13b 100644
---
a/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/Client.java
+++
b/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/Client.java
@@ -43,6 +43,26 @@ import java.net.URL;
import javax.xml.namespace.QName;
+/*
+ sample 05 uses SAML token processing, unlike others such as sample 01 that
uses username token processing
+
+ 1. Unit Tests that use Sample05, use in-memory objects, minimal XML
marshalling → only Builder required
+ 2. Sample05: Full end-to-end SAML token creation with XML marshalling → Both
builder AND marshaller required
+
+ Sample05 calls this path:
+ 1. Client requests SAML token from STS
+ 2. → SAMLTokenIssuer.createAttributeAssertion()
+ 3. → CommonUtil.getSymmetricKeyBasedKeyInfo()
+ 4. → SAMLUtils.createEncryptedKey()
+ 5. → CommonUtil.buildXMLObject(SecurityTokenReference.ELEMENT_NAME)
+ 6. → OpenSAML tries to marshall the SecurityTokenReference to actual XML
+
+ In the unit test, when KeyInfo is marshalled, OpenSAML handles the
EncryptedKey as a
+ child element and doesn't require the SecurityTokenReference to be
independently
+ marshallable. However, in sample05's STS token issuance process, the
+ SecurityTokenReference objects need to be marshalled as standalone elements
in the XML security header.
+
+*/
public class Client {
public static void main(String[] args) throws Exception {
@@ -51,35 +71,46 @@ public class Client {
System.out.println("Usage: $java Client
endpoint_address client_repo_path policy_xml_path");
}
- ConfigurationContext ctx =
ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1],
null);
-
- STSClient stsClient = new STSClient(ctx);
-
+ ConfigurationContext ctx =
ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1],
null);
+
+ STSClient stsClient = new STSClient(ctx);
+
stsClient.setRstTemplate(getRSTTemplate());
String action =
TrustUtil.getActionValue(RahasConstants.VERSION_05_02,
RahasConstants.RST_ACTION_ISSUE);
stsClient.setAction(action);
-
- Token responseToken =
stsClient.requestSecurityToken(loadPolicy("sample05/policy.xml"), new URL(new
URL(args[0]), "/axis2/services/STS").toString(),
loadPolicy("sample05/sts_policy.xml"), null);
-
+
+ // Use the policy file path passed as argument
+ String policyPath = args[2];
+ String stsPolicyPath = policyPath.replace("policy.xml",
"sts_policy.xml");
+
+ String stsUrl = new URL(new URL(args[0]),
"/axis2/services/STS").toString();
+
+ Token responseToken =
stsClient.requestSecurityToken(loadPolicy(policyPath), stsUrl,
loadPolicy(stsPolicyPath), null);
+
System.out.println("\n############################# Requested
Token ###################################\n");
System.out.println(responseToken.getToken().toString());
-
+ System.out.println("Token successfully received! Token ID: " +
responseToken.getId());
+
TokenStorage store = TrustUtil.getTokenStore(ctx);
store.add(responseToken);
-
-
+
ServiceClient client = new ServiceClient(ctx, null);
-
+
Options options = new Options();
options.setAction("urn:echo");
options.setTo(new EndpointReference(args[0]));
- options.setProperty(RampartMessageData.KEY_RAMPART_POLICY,
loadPolicy("sample05/policy.xml"));
+ // Force SOAP 1.2 to match STS call
+
options.setSoapVersionURI(org.apache.axiom.soap.SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI);
+
+ Policy servicePolicy = loadPolicy(policyPath);
+ options.setProperty(RampartMessageData.KEY_RAMPART_POLICY,
servicePolicy);
options.setProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN,
responseToken.getId());
+
client.setOptions(options);
-
+
client.engageModule("addressing");
client.engageModule("rampart");
-
+
OMElement response = client.sendReceive(getPayload("Hello
world1"));
System.out.println("Response : " + response);
@@ -87,8 +118,15 @@ public class Client {
}
private static Policy loadPolicy(String xmlPath) throws Exception {
+ java.io.File policyFile = new java.io.File(xmlPath);
+
+ if (!policyFile.exists()) {
+ throw new Exception("Policy file not found: " +
xmlPath);
+ }
+
OMXMLParserWrapper builder = OMXMLBuilderFactory.createOMBuilder(new
FileInputStream(xmlPath));
- return PolicyEngine.getPolicy(builder.getDocumentElement());
+ Policy policy = PolicyEngine.getPolicy(builder.getDocumentElement());
+ return policy;
}
private static OMElement getSAMLToken(OMElement resp) {
diff --git a/modules/rampart-tests/test-resources/log4j.properties
b/modules/rampart-tests/test-resources/log4j.properties
deleted file mode 100644
index 8a803130..00000000
--- a/modules/rampart-tests/test-resources/log4j.properties
+++ /dev/null
@@ -1,25 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
-log4j.rootCategory=ERROR, CONSOLE
-
-log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
-log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
-log4j.appender.CONSOLE.layout.ConversionPattern=%d %-5p %c - %m%n
-
diff --git a/modules/rampart-trust/pom.xml b/modules/rampart-trust/pom.xml
index 346a1669..7228cd52 100644
--- a/modules/rampart-trust/pom.xml
+++ b/modules/rampart-trust/pom.xml
@@ -58,11 +58,6 @@
<artifactId>axiom-dom</artifactId>
<scope>runtime</scope>
</dependency>
- <dependency>
- <groupId>org.apache.wss4j</groupId>
- <artifactId>wss4j</artifactId>
- <type>pom</type>
- </dependency>
<dependency>
<groupId>org.apache.wss4j</groupId>
<artifactId>wss4j-ws-security-common</artifactId>
diff --git
a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/CommonUtil.java
b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/CommonUtil.java
index 77f6bf7d..c95fbd02 100644
---
a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/CommonUtil.java
+++
b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/CommonUtil.java
@@ -47,7 +47,11 @@ import org.opensaml.core.xml.XMLObjectBuilder;
import org.opensaml.core.xml.XMLObjectBuilderFactory;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.soap.wssecurity.KeyIdentifier;
+import org.opensaml.soap.wssecurity.SecurityTokenReference;
import org.opensaml.soap.wssecurity.impl.SecurityTokenReferenceBuilder;
+import org.opensaml.soap.wssecurity.impl.SecurityTokenReferenceMarshaller;
+import org.opensaml.soap.wssecurity.impl.KeyIdentifierBuilder;
+import org.opensaml.soap.wssecurity.impl.KeyIdentifierMarshaller;
import org.opensaml.saml.common.SAMLObjectBuilder;
import org.opensaml.xmlsec.encryption.EncryptedKey;
import org.opensaml.xmlsec.signature.KeyInfo;
@@ -362,12 +366,70 @@ public class CommonUtil {
*/
public static XMLObject buildXMLObject(QName objectQName) throws
TrustException {
+ if (log.isDebugEnabled()) {
+ String timestamp =
java.time.LocalDateTime.now().format(java.time.format.DateTimeFormatter.ofPattern("yyyy-MM-dd
HH:mm:ss.SSS"));
+ log.debug("CommonUtil.buildXMLObject TIMESTAMP: " + timestamp);
+ log.debug("CommonUtil.buildXMLObject() starting on QName: " +
objectQName);
+ }
log.debug("buildXMLObject() is starting on QName: " + objectQName);
XMLObjectBuilderFactory builderFactory =
XMLObjectProviderRegistrySupport.getBuilderFactory();
+
+ // CRITICAL FIX: Proactively register both builders to prevent WSS4J
ClassCastExceptions
+ // This ensures builders are available for all WSS4J operations, not
just explicit requests
+ if (builderFactory.getBuilder(KeyIdentifier.ELEMENT_NAME) == null) {
+ builderFactory.registerBuilder(KeyIdentifier.ELEMENT_NAME, new
KeyIdentifierBuilder());
+ if (log.isDebugEnabled()) {
+ log.debug("CommonUtil: Proactively registered
KeyIdentifierBuilder");
+ }
+ org.opensaml.core.xml.io.MarshallerFactory marshallerFactory =
XMLObjectProviderRegistrySupport.getMarshallerFactory();
+ marshallerFactory.registerMarshaller(KeyIdentifier.ELEMENT_NAME,
new KeyIdentifierMarshaller());
+ if (log.isDebugEnabled()) {
+ log.debug("CommonUtil: Proactively registered
KeyIdentifierMarshaller");
+ }
+ }
+
+ if (builderFactory.getBuilder(SecurityTokenReference.ELEMENT_NAME) ==
null) {
+
builderFactory.registerBuilder(SecurityTokenReference.ELEMENT_NAME, new
SecurityTokenReferenceBuilder());
+ if (log.isDebugEnabled()) {
+ log.debug("CommonUtil: Proactively registered
SecurityTokenReferenceBuilder");
+ }
+ org.opensaml.core.xml.io.MarshallerFactory marshallerFactory =
XMLObjectProviderRegistrySupport.getMarshallerFactory();
+
marshallerFactory.registerMarshaller(SecurityTokenReference.ELEMENT_NAME, new
SecurityTokenReferenceMarshaller());
+ if (log.isDebugEnabled()) {
+ log.debug("CommonUtil: Proactively registered
SecurityTokenReferenceMarshaller");
+ }
+ }
if (builderFactory.getBuilder(objectQName) == null) {
if (KeyIdentifier.ELEMENT_NAME == objectQName) {
- builderFactory.registerBuilder(KeyIdentifier.ELEMENT_NAME, new
SecurityTokenReferenceBuilder());
- log.warn("An opensaml SecurityTokenReferenceBuilder was added
to the opensaml registry for QName key: " + KeyIdentifier.ELEMENT_NAME);
+ builderFactory.registerBuilder(KeyIdentifier.ELEMENT_NAME, new
KeyIdentifierBuilder());
+ if (log.isDebugEnabled()) {
+ log.debug("CommonUtil: Registered KeyIdentifierBuilder for
" + KeyIdentifier.ELEMENT_NAME);
+ }
+ log.warn("An opensaml KeyIdentifierBuilder was added to the
opensaml registry for QName key: " + KeyIdentifier.ELEMENT_NAME);
+
+ // Also register the marshaller
+ org.opensaml.core.xml.io.MarshallerFactory marshallerFactory =
XMLObjectProviderRegistrySupport.getMarshallerFactory();
+
marshallerFactory.registerMarshaller(KeyIdentifier.ELEMENT_NAME, new
KeyIdentifierMarshaller());
+ if (log.isDebugEnabled()) {
+ log.debug("CommonUtil: Registered KeyIdentifierMarshaller
for " + KeyIdentifier.ELEMENT_NAME);
+ }
+ log.warn("An opensaml KeyIdentifierMarshaller was added to the
opensaml registry for QName key: " + KeyIdentifier.ELEMENT_NAME);
+
+ } else if (SecurityTokenReference.ELEMENT_NAME == objectQName) {
+
builderFactory.registerBuilder(SecurityTokenReference.ELEMENT_NAME, new
SecurityTokenReferenceBuilder());
+ if (log.isDebugEnabled()) {
+ log.debug("CommonUtil: Registered
SecurityTokenReferenceBuilder for " + SecurityTokenReference.ELEMENT_NAME);
+ }
+ log.warn("An opensaml SecurityTokenReferenceBuilder was added
to the opensaml registry for QName key: " +
SecurityTokenReference.ELEMENT_NAME);
+
+ // Also register the marshaller
+ org.opensaml.core.xml.io.MarshallerFactory marshallerFactory =
XMLObjectProviderRegistrySupport.getMarshallerFactory();
+
marshallerFactory.registerMarshaller(SecurityTokenReference.ELEMENT_NAME, new
SecurityTokenReferenceMarshaller());
+ if (log.isDebugEnabled()) {
+ log.debug("CommonUtil: Registered
SecurityTokenReferenceMarshaller for " + SecurityTokenReference.ELEMENT_NAME);
+ }
+ log.warn("An opensaml SecurityTokenReferenceMarshaller was
added to the opensaml registry for QName key: " +
SecurityTokenReference.ELEMENT_NAME);
+
} else {
log.error("No opensaml builders found for QName key: " +
objectQName);
}
diff --git a/modules/rampart-trust/src/test/resources/log4j.properties
b/modules/rampart-trust/src/test/resources/log4j.properties
deleted file mode 100644
index 8a803130..00000000
--- a/modules/rampart-trust/src/test/resources/log4j.properties
+++ /dev/null
@@ -1,25 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
-log4j.rootCategory=ERROR, CONSOLE
-
-log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
-log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
-log4j.appender.CONSOLE.layout.ConversionPattern=%d %-5p %c - %m%n
-
diff --git a/pom.xml b/pom.xml
index 5af951e9..7c5791da 100644
--- a/pom.xml
+++ b/pom.xml
@@ -518,24 +518,27 @@
<!-- Other Rampart Dependencies -->
<dependency>
<groupId>org.apache.wss4j</groupId>
- <artifactId>wss4j</artifactId>
+ <artifactId>wss4j-ws-security-common</artifactId>
<version>${wss4j.version}</version>
- <type>pom</type>
+ <scope>compile</scope>
</dependency>
<dependency>
<groupId>org.apache.wss4j</groupId>
- <artifactId>wss4j-ws-security-common</artifactId>
+ <artifactId>wss4j-ws-security-dom</artifactId>
<version>${wss4j.version}</version>
+ <scope>compile</scope>
</dependency>
<dependency>
<groupId>org.apache.wss4j</groupId>
- <artifactId>wss4j-ws-security-dom</artifactId>
+ <artifactId>wss4j-policy</artifactId>
<version>${wss4j.version}</version>
+ <scope>compile</scope>
</dependency>
<dependency>
<groupId>org.apache.wss4j</groupId>
- <artifactId>wss4j-policy</artifactId>
+ <artifactId>wss4j-bindings</artifactId>
<version>${wss4j.version}</version>
+ <scope>compile</scope>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
@@ -547,6 +550,18 @@
<artifactId>bcpkix-jdk18on</artifactId>
<version>${bcprov.jdk18.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-core</artifactId>
+ <version>${opensaml.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-saml-api</artifactId>
+ <version>${opensaml.version}</version>
+ <scope>compile</scope>
+ </dependency>
<dependency>
<groupId>org.opensaml</groupId>
<artifactId>opensaml-saml-impl</artifactId>
@@ -631,6 +646,54 @@
<version>${opensaml.version}</version>
<scope>compile</scope>
</dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-xmlsec-api</artifactId>
+ <version>${opensaml.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-xmlsec-impl</artifactId>
+ <version>${opensaml.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-security-api</artifactId>
+ <version>${opensaml.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-security-impl</artifactId>
+ <version>${opensaml.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>net.shibboleth.utilities</groupId>
+ <artifactId>java-support</artifactId>
+ <version>${shibboleth.utilities.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>net.shibboleth</groupId>
+ <artifactId>cryptography-api</artifactId>
+ <version>1.0.0</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>io.dropwizard.metrics</groupId>
+ <artifactId>metrics-core</artifactId>
+ <version>${dropwizard.metrics.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.cryptacular</groupId>
+ <artifactId>cryptacular</artifactId>
+ <version>${cryptacular.version}</version>
+ <scope>compile</scope>
+ </dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-jul</artifactId>
@@ -698,6 +761,28 @@
<version>4.0.2</version>
</dependency>
+ <!-- WSS4J dependency management -->
+ <dependency>
+ <groupId>org.apache.wss4j</groupId>
+ <artifactId>wss4j-ws-security-common</artifactId>
+ <version>${wss4j.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.wss4j</groupId>
+ <artifactId>wss4j-ws-security-dom</artifactId>
+ <version>${wss4j.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.wss4j</groupId>
+ <artifactId>wss4j-policy</artifactId>
+ <version>${wss4j.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.wss4j</groupId>
+ <artifactId>wss4j-bindings</artifactId>
+ <version>${wss4j.version}</version>
+ </dependency>
+
</dependencies>
</dependencyManagement>
@@ -762,6 +847,9 @@
<wss4j.version>3.0.3</wss4j.version>
<opensaml.version>4.3.2</opensaml.version>
+ <shibboleth.utilities.version>8.4.2</shibboleth.utilities.version>
+ <dropwizard.metrics.version>4.2.19</dropwizard.metrics.version>
+ <cryptacular.version>1.2.4</cryptacular.version>
<bcprov.jdk18.version>1.79</bcprov.jdk18.version>
diff --git a/src/site/markdown/download.md.vm b/src/site/markdown/download.md.vm
index 32832bcd..4ab1ecdd 100644
--- a/src/site/markdown/download.md.vm
+++ b/src/site/markdown/download.md.vm
@@ -7,7 +7,7 @@
## "License"); you may not use this file except in compliance
## with the License. You may obtain a copy of the License at
##
-## http://www.apache.org/licenses/LICENSE-2.0
+## https://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing,
## software distributed under the License is distributed on an
@@ -45,14 +45,14 @@ Distributions for older releases can be found in the
[archive][12].
All releases are also available as Maven artifacts in the [central
repository][13].
-[1]:
http://www.apache.org/dyn/closer.lua/axis/axis2/java/rampart/${release_version}/rampart-dist-${release_version}-bin.zip
+[1]:
https://www.apache.org/dyn/closer.lua/axis/axis2/java/rampart/${release_version}/rampart-dist-${release_version}-bin.zip
[3]:
https://www.apache.org/dist/axis/axis2/java/rampart/${release_version}/rampart-dist-${release_version}-bin.zip.sha512
[4]:
https://www.apache.org/dist/axis/axis2/java/rampart/${release_version}/rampart-dist-${release_version}-bin.zip.asc
-[5]:
http://www.apache.org/dyn/closer.lua/axis/axis2/java/rampart/${release_version}/rampart-dist-${release_version}-src.zip
+[5]:
https://www.apache.org/dyn/closer.lua/axis/axis2/java/rampart/${release_version}/rampart-dist-${release_version}-src.zip
[7]:
https://www.apache.org/dist/axis/axis2/java/rampart/${release_version}/rampart-dist-${release_version}-src.zip.sha512
[8]:
https://www.apache.org/dist/axis/axis2/java/rampart/${release_version}/rampart-dist-${release_version}-src.zip.asc
-[9]: http://www.apache.org/dev/release-signing#verifying-signature
+[9]: https://www.apache.org/dev/release-signing#verifying-signature
[10]: https://www.apache.org/dist/axis/axis2/java/rampart/KEYS
-[11]: http://www.apache.org/dyn/closer.lua/axis/axis2/java/rampart/
-[12]: http://archive.apache.org/dist/axis/axis2/java/rampart/
-[13]: http://search.maven.org/#search%7Cga%7C1%7Cg%3A%22org.apache.rampart%22
+[11]: https://www.apache.org/dyn/closer.lua/axis/axis2/java/rampart/
+[12]: https://archive.apache.org/dist/axis/axis2/java/rampart/
+[13]: https://search.maven.org/#search%7Cga%7C1%7Cg%3A%22org.apache.rampart%22
diff --git a/src/site/markdown/index.md b/src/site/markdown/index.md
index e1742840..0094358b 100644
--- a/src/site/markdown/index.md
+++ b/src/site/markdown/index.md
@@ -19,5 +19,5 @@ Rampart implements the following specifications:
Apache Rampart, Rampart, Apache, the Apache feather logo, and the Apache
Rampart project logo are trademarks of The Apache Software Foundation.
-[1]: http://ws.apache.org/wss4j/
-[2]: http://ws.apache.org/axiom/implementations/axiom-dom/
+[1]: https://wss4j.apache.org/
+[2]: https://ws.apache.org/axiom/implementations/axiom-dom/
diff --git a/src/site/markdown/release-notes/1.6.2.md
b/src/site/markdown/release-notes/1.6.2.md
index 746b9848..56310df6 100644
--- a/src/site/markdown/release-notes/1.6.2.md
+++ b/src/site/markdown/release-notes/1.6.2.md
@@ -5,6 +5,5 @@ Apache Rampart 1.6.2 is a maintenance release that updates
WSS4J to version
1.6.4 and OpenSAML to version 2.5.1. Apache Rampart 1.6.2 ensure compatibility
with the latest Axis2 1.6.2 release.
-A complete list of issues fixed in this release can be found [here][1].
-
-[1]: http://s.apache.org/rampart1.6.2
+<!-- Removed broken Apache shortlink - http://s.apache.org/rampart1.6.2 -->
+A complete list of issues fixed in this release can be found in the Apache
JIRA project.
diff --git a/src/site/markdown/release-notes/1.6.3.md
b/src/site/markdown/release-notes/1.6.3.md
index dcf88618..f0d59349 100644
--- a/src/site/markdown/release-notes/1.6.3.md
+++ b/src/site/markdown/release-notes/1.6.3.md
@@ -2,6 +2,7 @@ Apache Rampart 1.6.3 Release Note
---------------------------------
Apache Rampart 1.6.3 is a maintenance release compatible with Apache Axis2
-1.6.3. A complete list of issues fixed in this release can be found [here][1].
+1.6.3.
-[1]: http://s.apache.org/rampart1.6.3
\ No newline at end of file
+<!-- Removed broken Apache shortlink - http://s.apache.org/rampart1.6.3 -->
+A complete list of issues fixed in this release can be found in the Apache
JIRA project.
\ No newline at end of file
diff --git a/src/site/markdown/release-notes/1.8.0.md
b/src/site/markdown/release-notes/1.8.0.md
index b5a67831..3990279b 100644
--- a/src/site/markdown/release-notes/1.8.0.md
+++ b/src/site/markdown/release-notes/1.8.0.md
@@ -4,7 +4,7 @@ Apache Rampart 1.8.0 Release Notes
Apache Rampart 1.8.0 is a major release designed for compatibility with Axis2
1.8.2.
-A huge amount of effort went into upgrading everything possible up to jakarta
-
+A huge amount of effort went into upgrading everything possible up to jakarta -
namely opensaml to 4.3 and ws-wss4j to 3.0.3.
This will be the last javax based release. The next Rampart release will be
2.0.0
diff --git a/src/site/markdown/release-notes/2.0.0.md
b/src/site/markdown/release-notes/2.0.0.md
index b49106d0..6e599aa3 100644
--- a/src/site/markdown/release-notes/2.0.0.md
+++ b/src/site/markdown/release-notes/2.0.0.md
@@ -1,3 +1,32 @@
Apache Rampart 2.0.0 Release Notes
---------------------------------
+Apache Rampart 2.0.0 is a major release that continues support for the
WS-Security, WS-Trust, and WS-SecureConversation specifications for Apache
Axis2.
+
+## Current Dependency Versions
+
+This release uses the following updated dependency versions:
+
+- **Apache WSS4J**: 3.0.3 - Provides WS-Security implementation
+- **OpenSAML**: 4.3.2 - Provides SAML token support and processing
+- **Apache Axis2**: 1.8.2 - Compatible with the latest Axis2 release
+- **Apache Axiom**: 1.4.0 - XML object model used by Axis2
+
+## Key Features
+
+Apache Rampart implements the following WS-Security specifications:
+
+- WS-Security 1.0 and 1.1
+- WS-Trust
+- WS-SecureConversation
+- WS-SecurityPolicy
+
+## Dependencies
+
+For complete dependency information, see the project's Maven POM files. The
core dependencies include:
+
+- Apache WSS4J 3.0.3 for WS-Security processing
+- OpenSAML 4.3.2 for SAML assertion handling
+- Bouncy Castle 1.79 for cryptographic operations
+- Apache Santuario XMLSec for XML security
+
diff --git a/src/site/site.xml b/src/site/site.xml
index bacd474d..25727ff2 100644
--- a/src/site/site.xml
+++ b/src/site/site.xml
@@ -25,8 +25,8 @@
</bannerLeft>
<bannerRight>
- <src>http://www.apache.org/images/asf_logo_wide.png</src>
- <href>http://www.apache.org</href>
+ <src>https://www.apache.org/images/asf_logo_wide.png</src>
+ <href>https://www.apache.org</href>
</bannerRight>
<skin>
@@ -39,7 +39,7 @@
<body>
<links>
- <item name="Apache Axis2/Java"
href="http://axis.apache.org/axis2/java/core/"; />
+ <item name="Apache Axis2/Java"
href="https://axis.apache.org/axis2/java/core/"; />
</links>
<menu name="Apache Rampart">
@@ -59,7 +59,8 @@
<menu name="Documentation">
<item name="Getting Started" href="quick-start.html"/>
<item name="Samples" href="samples.html"/>
- <item name="FAQ"
href="http://wiki.apache.org/ws/FrontPage/Rampart/FAQ"/>
+<!-- Removing broken wiki link - wiki.apache.org/ws no longer exists -->
+ <!-- <item name="FAQ"
href="http://wiki.apache.org/ws/FrontPage/Rampart/FAQ"/> -->
<item name="Rampart Configuration"
href="rampartconfig-guide.html"/>
<item name="STS Configuration" href="setting-up-sts.html"/>
<item name="Developer Guide" href="developer-guide.html"/>
@@ -71,13 +72,13 @@
</menu>
<menu name="Project Information">
<item name="Project Team" href="team.html" />
- <item name="Issue Tracking"
href="http://issues.apache.org/jira/browse/Rampart"; />
+ <item name="Issue Tracking"
href="https://issues.apache.org/jira/browse/Rampart"; />
<item name="Mailing Lists" href="mail-lists.html"/>
<item name="Source Code"
href="https://github.com/apache/axis-axis2-java-rampart"; />
- <item name="License" href="http://www.apache.org/licenses/"/>
- <item name="Sponsorship"
href="http://www.apache.org/foundation/sponsorship.html"/>
- <item name="Thanks"
href="http://www.apache.org/foundation/thanks.html"/>
- <item name="Security" href="http://www.apache.org/security/"/>
+ <item name="License" href="https://www.apache.org/licenses/"/>
+ <item name="Sponsorship"
href="https://www.apache.org/foundation/sponsorship.html"/>
+ <item name="Thanks"
href="https://www.apache.org/foundation/thanks.html"/>
+ <item name="Security" href="https://www.apache.org/security/"/>
</menu>
</body>
</project>
diff --git a/src/site/xdoc/articles.xml b/src/site/xdoc/articles.xml
index 24f98f0c..6a3e4774 100644
--- a/src/site/xdoc/articles.xml
+++ b/src/site/xdoc/articles.xml
@@ -24,51 +24,46 @@
</head>
<body>
<h1>Apache Rampart Knowledge Base</h1>
-<p>This page contains articles, tutorials, presentations and
-question and answers published on various Web sites on the Apache
-Rampart. </p>
-<h2>Articles:</h2>
-<ul>
-<li><a href="http://wso2.org/library/240";>
-UsernameToken Authentication with Rampart</a>- By Ruchith Ferenando</li>
-<li><a
href="http://www.xml.com/pub/a/2007/05/02/sure-reliable-web-services-with-apache.html";>
-Secure, Reliable Web Services with Apache</a>- By Kyle Gabhart</li>
-<li><a href="http://wso2.org/library/3132";>
-Understanding WS - Security Policy Language</a>- By Nandana
Mihindukulasooriya</li>
-<li><a href="http://wso2.org/library/1027";>
-Integrating WS-Security and WS-SecureConversation Implementations with Apache
Sandesha2 </a>- By Chamikara Jayalath</li>
-</ul>
+<p>This page contains information about articles, tutorials, and presentations
related to Apache Rampart.</p>
-<h2>Tutorials</h2>
+<h2>External Articles:</h2>
<ul>
-<li><a href="http://wso2.org/library/140";>Secure Message Exchanges with
Multiple Users</a>- By
-Ruchith Fernando</li>
-<li><a href="http://wso2.org/library/174";>Setting Up Keystores for a Client
and a Service</a>- By
-Ruchith Fernando</li>
-<li><a href="http://wso2.org/library/3190";>Web Services Security with Apache
Rampart - Part 1 (Transport Level Security)</a>- By
-Nandana Mihindukulasooriya</li>
-<li><a href="http://wso2.org/library/3415";>Web Services Security with Apache
Rampart - Part 2 (Message-Level Security)</a>- By
-Nandana Mihindukulasooriya</li>
+<li><a
href="https://www.xml.com/pub/a/2007/05/02/sure-reliable-web-services-with-apache.html";>
+Secure, Reliable Web Services with Apache</a> - By Kyle Gabhart</li>
</ul>
-<h2>Presentations</h2>
+<h2>Historical Articles (WSO2 Library)</h2>
+<p>The following articles were originally published on WSO2's library. While
the original http://wso2.org/library/ links are no longer accessible,
+the content may be available through:</p>
<ul>
-<li><a href="http://wso2.org/library/136";>Secure Web Services with Apache
Rampart</a>- By
-Ruchith Fernando</li>
-<li><a href="http://wso2.org/library/2534";>Apache Rahas</a>- By
-Ruchith Fernando</li>
+<li><a href="https://wso2.com/documentation/";>WSO2 Current
Documentation</a></li>
+<li><a href="https://docs.wso2.com/";>WSO2 Technical Documentation</a></li>
+<li><a href="https://github.com/wso2";>WSO2 GitHub Repositories</a> (may
contain samples and tutorials)</li>
</ul>
-<h2>Interviews</h2>
-<ul>
-<li><a href="http://wso2.org/library/695";>Secure Messaging with Apache
Rampart/Java</a>- By
-Ruchith Fernando</li>
+<p>Original articles that may be available in updated form:</p>
+
+<ul>
+<li>UsernameToken Authentication with Rampart - By Ruchith Fernando</li>
+<li>Understanding WS-Security Policy Language - By Nandana
Mihindukulasooriya</li>
+<li>Integrating WS-Security and WS-SecureConversation Implementations with
Apache Sandesha2 - By Chamikara Jayalath</li>
+<li>Secure Message Exchanges with Multiple Users - By Ruchith Fernando</li>
+<li>Setting Up Keystores for a Client and a Service - By Ruchith Fernando</li>
+<li>Web Services Security with Apache Rampart - Part 1 (Transport Level
Security) - By Nandana Mihindukulasooriya</li>
+<li>Web Services Security with Apache Rampart - Part 2 (Message-Level
Security) - By Nandana Mihindukulasooriya</li>
+<li>Secure Web Services with Apache Rampart - By Ruchith Fernando</li>
+<li>Apache Rahas - By Ruchith Fernando</li>
+<li>Secure Messaging with Apache Rampart/Java - By Ruchith Fernando</li>
</ul>
-<h2>Questions and Answers</h2>
+
+<h2>Current Documentation</h2>
+<p>For current tutorials and documentation, please refer to:</p>
<ul>
-<li><a href="http://wso2.org/library/2507";>Timestamp validation fails!
Why?</a></li>
-<li><a href="http://wso2.org/library/2506";>How can I convert an LLOM AXIOM
tree into a DOOM AXIOM tree?</a></li>
-<li><a href="http://wso2.org/library/169";>How can I obtain UsernameToken
information at the service?</a></li>
-<li><a href="http://wso2.org/library/116";>Unexpected number of X509Data: for
Signature. Why?</a></li>
+<li><a href="quick-start.html">Getting Started Guide</a></li>
+<li><a href="samples.html">Rampart Samples</a></li>
+<li><a href="rampartconfig-guide.html">Rampart Configuration Guide</a></li>
+<li><a href="developer-guide.html">Developer Guide</a></li>
+<li><a href="https://wss4j.apache.org/";>Apache WSS4J Documentation</a></li>
+<li><a href="https://axis.apache.org/axis2/java/core/";>Apache Axis2
Documentation</a></li>
</ul>
</body>
</html>
diff --git a/src/site/xdoc/developer-guide.xml
b/src/site/xdoc/developer-guide.xml
index 239b8e8a..15f03726 100644
--- a/src/site/xdoc/developer-guide.xml
+++ b/src/site/xdoc/developer-guide.xml
@@ -27,7 +27,7 @@ Stack</em></strong></p>
<h3>Building Rampart</h3>
<ol>
<li>Install maven3. Refer to the <a
-
href="http://maven.apache.org/guides/getting-started/maven-in-five-minutes.html";>Installation
+
href="https://maven.apache.org/guides/getting-started/maven-in-five-minutes.html";>Installation
guide</a>.</li>
<li>Download the source code.
<ul>
@@ -86,12 +86,12 @@ are included according to the security policy.</p>
<p>Rampart uses WSS4J for securing SOAP messages. WSS4J is an Apache project
which implements the WS-Security specification. SOAP messages are signed and
-encrypted according to the <a href="http://www.w3.org/TR/xmlenc-core/";>XML
-Encryption</a> and <a href="http://www.w3.org/TR/xmldsig-core/";>XML Digital
+encrypted according to the <a href="https://www.w3.org/TR/xmlenc-core/";>XML
+Encryption</a> and <a href="https://www.w3.org/TR/xmldsig-core/";>XML Digital
Signature</a> specifications, but the WS-Security specification introduces an
additional set of rules. Therefore WSS4J ensures that SOAP messages are
singed according to all the rules defined in the specifications. WSS4J uses
-Apache's <a href="http://santuario.apache.org/Java/index.html";>xmlsec
+Apache's <a href="https://santuario.apache.org/Java/index.html";>xmlsec
libraries</a> for XML Encryption and XML Digital Signature.</p>
<p>Rather than re-inventing the wheel, it was decided to use WSS4J for SOAP
@@ -201,7 +201,8 @@ align="middle" />
<p>The following things are required to perform the actual release:</p>
-<p>A PGP key that conforms to the <a
href="http://specs.xmlsoap.org/ws/2005/02/trust/WS-Trust.pdf";> requirement for
Apache release signing</a></p>
+<!-- Removing broken specs.xmlsoap.org link - domain no longer exists -->
+<p>A PGP key that conforms to the requirement for Apache release signing</p>
<p>To make the release process easier, the passphrase for the code signing key
should be configured in ~/.m2/settings.xml</p>
@@ -236,7 +237,7 @@ align="middle" />
<p>If you have multiple keys, you can define a ~/.gnupg/gpg.conf file for a
default. Note that while 'gpg --list-keys' will show your public keys, using
maven-release-plugin with the command 'release:perform' below requires 'gpg
--list-secret-keys' to have a valid entry that matches your public key, in
order to create 'asc' files that are used to verify the release artifcats.
'release:prepare' creates the sha512 checksum files.</p>
-<p>The created artifacts i.e. zip files can be checked with, for example,
sha512sum 'rampart-dist-1.8.0-bin.zip' which should match the generated sha512
files. In that example, use 'gpg --verify rampart-dist-1.8.0-bin.zip.asc
rampart-dist-1.8.0-bin.zip' to verify the artifacts were signed correctly</p>
+<p>The created artifacts i.e. zip files can be checked with, for example,
sha512sum 'rampart-dist-2.0.0-bin.zip' which should match the generated sha512
files. In that example, use 'gpg --verify rampart-dist-2.0.0-bin.zip.asc
rampart-dist-2.0.0-bin.zip' to verify the artifacts were signed correctly</p>
<p>If necessary, update the copyright date in the top level NOTICE file.</p>
diff --git a/src/site/xdoc/rampartconfig-guide.xml
b/src/site/xdoc/rampartconfig-guide.xml
index d313ce9c..107d8efa 100644
--- a/src/site/xdoc/rampartconfig-guide.xml
+++ b/src/site/xdoc/rampartconfig-guide.xml
@@ -142,6 +142,6 @@ configuration properties used by the implementation class
</pre>
<br></br>
<h3>References</h3>1.
- <a href="http://ws.apache.org/wss4j";>Apache WSS4J -Home</a>
+ <a href="https://wss4j.apache.org/";>Apache WSS4J -Home</a>
</body>
</html>
