[prev in list] [next in list] [prev in thread] [next in thread]
List: xmlrpc-user
Subject: Re: PROPOSAL to merge Rampart, CXF, swssf AssertionBuilder and
From: Marc Giger <giger () apache ! org>
Date: 2011-11-22 16:06:59
Message-ID: 20111122170659.42a5f93c () rigi ! itserve ! ch
[Download RAW message or body]
Hi Colm,
On Tue, 22 Nov 2011 14:43:22 +0000
Colm O hEigeartaigh <coheigea@apache.org> wrote:
> Hi Marc,
>
> Are you still planning on building a common code-base for CXF &
> Rampart as per your previous mail?
Yes that's still my goal because swssf can/will use the common code-base too.
The swssf policy engine needs just a little bit refactoring (the rampart-policy code \
refactoring is the first part of it) to fully support the new policy code.
As you already know, swssf emits security-policy relevant events in realtime which \
will be asserted also in realtime (if possible).
To simplify things further CXF (and rampart perhaps too) could then use the swssf \
assertion-engine to verify the policy also with the DOM-WSS (WSS4J) impl. The only \
difference is that the validation will not occur in realtime as with swssf.
As example:
When swssf hits an X509Token it will emit a X509TokenSecurityEvent. This event will \
be feeded to the policy engine. The policy engine throws an Exception when the \
assertions cannot be fullfilled. So WSS4j-DOM could also emit a \
X509TokenSecurityEvent when it processed the X509Token. The X509SecurityEvent could \
also be created from the WSResultVector and then hand over to the policy engine for \
verification. But in every case I think both implementation could use finally the \
same PolicyEngine.
> If so wouldn't it be better to
> create a new module in WSS4J that both projects could use?
Yes, why not. WS-Sec-Policy is all around WSS minus some special things like \
Transport binding. Perhaps my explanation above will help to find the best way to \
go. It's just a matter of minutes to move the rampart-policy module to WSS4J because \
it has no deps to other rampart code.
Thanks
Marc
>
> Colm.
>
> On Tue, Nov 22, 2011 at 1:50 PM, Marc Giger <giger@apache.org> wrote:
> > Hi all
> >
> > I have now a bigger patch for rampart ready with the following changes and new \
> > features:
> > - Axiom dependency removed. Just the axiom api is still there because of Neethi:
> > [INFO] ------------------------------------------------------------------------
> > [INFO] Building Rampart - Policy
> > [INFO] task-segment: [dependency:tree]
> > [INFO] ------------------------------------------------------------------------
> > [INFO] [dependency:tree {execution: default-cli}]
> > [INFO] org.apache.rampart:rampart-policy:jar:1.7.0-SNAPSHOT
> > [INFO] +- org.apache.neethi:neethi:jar:3.0.2-SNAPSHOT:compile
> > [INFO] | \- org.codehaus.woodstox:woodstox-core-asl:jar:4.0.8:compile
> > [INFO] | +- javax.xml.stream:stax-api:jar:1.0-2:compile
> > [INFO] | \- org.codehaus.woodstox:stax2-api:jar:3.0.2:compile
> > [INFO] +- commons-lang:commons-lang:jar:2.3:compile
> > [INFO] +- org.apache.ws.commons.axiom:axiom-api:jar:1.2.13-SNAPSHOT:test
> > [INFO] | +- org.apache.geronimo.specs:geronimo-activation_1.1_spec:jar:1.0.2:test
> > [INFO] | +- org.apache.geronimo.specs:geronimo-javamail_1.4_spec:jar:1.6:test
> > [INFO] | +- commons-logging:commons-logging:jar:1.1.1:test
> > [INFO] | +- jaxen:jaxen:jar:1.1.3:test
> > [INFO] | +- org.apache.geronimo.specs:geronimo-stax-api_1.0_spec:jar:1.0.1:test
> > [INFO] | \- org.apache.james:apache-mime4j-core:jar:0.8-SNAPSHOT:test
> > [INFO] +- xmlunit:xmlunit:jar:1.3:test
> > [INFO] \- junit:junit:jar:3.8.2:test
> > [INFO] ------------------------------------------------------------------------
> > [INFO] BUILD SUCCESSFUL
> > [INFO] ------------------------------------------------------------------------
> >
> >
> > - Complete Support (if I didn't miss something) of WS-Sec-Pol 1.1, 1.2 and 1.3
> > - Support of nested Policies with multiple alternatives
> > - The complete Rampart-Project builds and successfully runs all the tests.
> > - A lot of additional tests for the rampart-policy module to test the Policy \
> > building
> > - ...
> >
> > If someone branches the rampart-trunk and gives me rw access to it I will commit
> > the changes. After this you can review it and merge it back to the trunk.
> >
> > Kind regards
> >
> > Marc
> >
> >
> >
> > Some stats:
> >
> > [INFO] ------------------------------------------------------------------------
> > [INFO] Reactor Summary:
> > [INFO] ------------------------------------------------------------------------
> > [INFO] Apache Rampart ........................................ SUCCESS [0.954s]
> > [INFO] Rampart - Policy ...................................... SUCCESS [4.365s]
> > [INFO] Rampart - Trust ....................................... SUCCESS [4.932s]
> > [INFO] Rampart - Core ........................................ SUCCESS [1.427s]
> > [INFO] Rampart - Test Suite .................................. SUCCESS [4.489s]
> > [INFO] Rampart - Mar ......................................... SUCCESS [0.271s]
> > [INFO] Rampart - Trust-Mar ................................... SUCCESS [0.291s]
> > [INFO] Rampart - Integration ................................. SUCCESS \
> > [3:18.602s] [INFO] \
> > ------------------------------------------------------------------------ [INFO] \
> > ------------------------------------------------------------------------ [INFO] \
> > BUILD SUCCESSFUL [INFO] \
> > ------------------------------------------------------------------------
> >
> > Lines added (incl. tests): ~14589
> > Lines deleted: ~13602
> >
> >
> > Changelist:
> > A modules/rampart-policy/src/test
> > A modules/rampart-policy/src/test/java
> > A modules/rampart-policy/src/test/java/org
> > A modules/rampart-policy/src/test/java/org/apache
> > A modules/rampart-policy/src/test/java/org/apache/ws
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/HttpsTokenTest.java
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/SignedElementsTest.java
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/PolicyNormalizationTest.java
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/EncryptedPartsTest.java
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/SecurityContextTokenTest.java
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/RequiredElementsTest.java
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/KerberosTokenTest.java
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/LayoutTest.java
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/Wss11Test.java
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/UsernameTokenTest.java
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/SecureConversationTokenTest.java
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/Trust13Test.java
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/ContentEncryptedElementsTest.java
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/KeyValueTokenTest.java
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/TransportBindingTest.java
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/RequiredPartsTest.java
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/EncryptedElementsTest.java
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/AbstractTestBase.java
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/AlgorithmSuiteTest.java
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/SpnegoContextTokenTest.java
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/InitiatorTokenTest.java
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/X509TokenTest.java
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/SymmetricBindingTest.java
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/AsymmetricBindingTest.java
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/Wss10Test.java
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/Trust10Test.java
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/SignedPartsTest.java
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/RecipientTokenTest.java
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/RelTokenTest.java
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/SamlTokenTest.java
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/IssuedTokenTest.java
> > A modules/rampart-policy/src/test/java/org/apache/ws/secpolicy/tests/SupportingTokensTest.java
> > A modules/rampart-policy/src/test/resources
> > A modules/rampart-policy/src/test/resources/policy
> > A modules/rampart-policy/src/test/resources/policy/WSP15_432-serialized.xml
> > A modules/rampart-policy/src/test/resources/policy/model
> > A modules/rampart-policy/src/test/resources/policy/model/sp11
> > A modules/rampart-policy/src/test/resources/policy/model/sp11/Trust10.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp11/normalized
> > A modules/rampart-policy/src/test/resources/policy/model/sp11/normalized/Trust10.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp11/serialized
> > A modules/rampart-policy/src/test/resources/policy/model/sp11/serialized/Trust10.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/UsernameToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/SecureConversationToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/RecipientToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/RelToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/SignedParts.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/KeyValueToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/EncryptedElements.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/RequiredParts.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/SamlToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/IssuedToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/AlgorithmSuite.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/HttpsToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/normalized
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/UsernameToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/SecureConversationToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/SignedParts.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/RecipientToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/RelToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/Trust13.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/ContentEncryptedElements.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/KeyValueToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/TransportBinding.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/RequiredParts.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/EncryptedElements.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/SamlToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/IssuedToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/SupportingTokens.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/AlgorithmSuite.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/SpnegoContextToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/InitiatorToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/HttpsToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/X509Token.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/SignedElements.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/EncryptedParts.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/SymmetricBinding.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/AsymmetricBinding.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/Wss10.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/SecurityContextToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/KerberosToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/RequiredElements.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/Layout.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/normalized/Wss11.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/X509Token.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/EncryptedParts.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/AsymmetricBinding.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/Layout.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/KerberosToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/RequiredElements.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/SecurityContextToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/ContentEncryptedElements.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/Trust13.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/TransportBinding.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/serialized
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/UsernameToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/SecureConversationToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/SignedParts.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/RecipientToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/RelToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/Trust13.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/ContentEncryptedElements.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/KeyValueToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/TransportBinding.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/RequiredParts.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/EncryptedElements.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/SamlToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/IssuedToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/SupportingTokens.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/AlgorithmSuite.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/SpnegoContextToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/InitiatorToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/HttpsToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/X509Token.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/SignedElements.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/EncryptedParts.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/SymmetricBinding.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/AsymmetricBinding.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/Wss10.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/SecurityContextToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/KerberosToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/RequiredElements.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/Layout.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/serialized/Wss11.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/SupportingTokens.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/SpnegoContextToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/InitiatorToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/SignedElements.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/SymmetricBinding.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/Wss10.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp12/Wss11.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp13
> > A modules/rampart-policy/src/test/resources/policy/model/sp13/UsernameToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp13/SignedParts.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp13/Trust13.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp13/normalized
> > A modules/rampart-policy/src/test/resources/policy/model/sp13/normalized/UsernameToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp13/normalized/SignedParts.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp13/normalized/Trust13.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp13/normalized/SignedElements.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp13/normalized/EncryptedParts.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp13/SignedElements.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp13/EncryptedParts.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp13/serialized
> > A modules/rampart-policy/src/test/resources/policy/model/sp13/serialized/UsernameToken.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp13/serialized/SignedParts.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp13/serialized/Trust13.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp13/serialized/SignedElements.xml
> > A modules/rampart-policy/src/test/resources/policy/model/sp13/serialized/EncryptedParts.xml
> > A modules/rampart-policy/src/test/resources/policy/WSP15_432-normalized.xml
> > A modules/rampart-policy/src/test/resources/policy/WSP15_432-compact.xml
> > D modules/rampart-policy/src/main/java/META-INF
> > D modules/rampart-policy/src/main/java/META-INF/services
> > D modules/rampart-policy/src/main/java/META-INF/services/org.apache.neethi.builders.AssertionBuilder
> > MM modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPConstants.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SymmetricAsymmetricBindingBase.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedParts.java
> > MM modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignatureToken.java
> > MM modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/HttpsToken.java
> > A + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractToken.java
> > A + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractTokenWrapper.java
> > A + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedElements.java
> > A modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/EncryptedParts.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Binding.java
> > A + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Attachments.java
> > MM modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RequiredElements.java
> > MM modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Layout.java
> > A + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/KerberosToken.java
> > MM modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SecurityContextToken.java
> > A modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SupportingTokenType.java
> > MM modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Wss11.java
> > A + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/InitiatorEncryptionToken.java
> > MM modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/UsernameToken.java
> > MM modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SecureConversationToken.java
> > MM modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSecurityAssertion.java
> > A modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/XPath.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java
> > MM modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Trust13.java
> > MM modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/ContentEncryptedElements.java
> > A + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/InitiatorSignatureToken.java
> > A + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/KeyValueToken.java
> > MM modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportBinding.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmWrapper.java
> > A + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSymmetricAsymmetricBinding.java
> > A modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/EncryptedElements.java
> > MM modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RequiredParts.java
> > MM modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/EncryptionToken.java
> > A + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RecipientEncryptionToken.java
> > A + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractBinding.java
> > R modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java
> > A + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SpnegoContextToken.java
> > MM modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/InitiatorToken.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractConfigurableSecurityAssertion.java
> > A + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RecipientSignatureToken.java
> > MM modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/X509Token.java
> > MM modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SymmetricBinding.java
> > MM modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AsymmetricBinding.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SupportingToken.java
> > MM modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Wss10.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Token.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TokenWrapper.java
> > MM modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Trust10.java
> > A modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RelToken.java
> > MM modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RecipientToken.java
> > A + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedParts.java
> > MM modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/ProtectionToken.java
> > MM modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Header.java
> > MM modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/IssuedToken.java
> > A + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SamlToken.java
> > MM modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportToken.java
> > A + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SupportingTokens.java
> > MM modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP11Constants.java
> > MM modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP12Constants.java
> > A modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP13Constants.java
> > A modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPUtils.java
> > A modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/AssertionState.java
> > A + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders
> > A + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/EncryptionTokenBuilder.java
> > MM + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SupportingTokensBuilder.java
> > A + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SpnegoContextTokenBuilder.java
> > A + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SignatureTokenBuilder.java
> > MM + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/InitiatorTokenBuilder.java
> > A + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/RecipientSignatureTokenBuilder.java
> > MM + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SignedElementsBuilder.java
> > MM + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SymmetricBindingBuilder.java
> > MM + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/WSS10Builder.java
> > A + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/InitiatorEncryptionTokenBuilder.java
> > MM + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/WSS11Builder.java
> > MM + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/UsernameTokenBuilder.java
> > MM + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SecureConversationTokenBuilder.java
> > A + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/RelTokenBuilder.java
> > MM + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/RecipientTokenBuilder.java
> > MM + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SignedPartsBuilder.java
> > A + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/KeyValueTokenBuilder.java
> > MM + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/ProtectionTokenBuilder.java
> > MM + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/RequiredPartsBuilder.java
> > MM + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/EncryptedElementsBuilder.java
> > A + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SamlTokenBuilder.java
> > MM + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/IssuedTokenBuilder.java
> > MM + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/TransportTokenBuilder.java
> > A + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/RecipientEncryptionTokenBuilder.java
> > MM + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/AlgorithmSuiteBuilder.java
> > MM + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/HttpsTokenBuilder.java
> > MM + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/X509TokenBuilder.java
> > MM + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/EncryptedPartsBuilder.java
> > MM + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/AsymmetricBindingBuilder.java
> > A + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/KerberosTokenBuilder.java
> > MM + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SecurityContextTokenBuilder.java
> > MM + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/RequiredElementsBuilder.java
> > MM + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/LayoutBuilder.java
> > A + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/Trust10Builder.java
> > MM + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/ContentEncryptedElementsBuilder.java
> > A + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/InitiatorSignatureTokenBuilder.java
> > MM + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/Trust13Builder.java
> > MM + modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/TransportBindingBuilder.java
> > MM modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/WSSPolicyException.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/Constants.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/EncryptedElementsBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/TransportTokenBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/IssuedTokenBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SupportingTokensBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/AlgorithmSuiteBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/InitiatorTokenBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/X509TokenBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SignedElementsBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/EncryptedPartsBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SymmetricBindingBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/AsymmetricBindingBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/WSS10Builder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/LayoutBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/RequiredElementsBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SecurityContextTokenBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/WSS11Builder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/UsernameTokenBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SecureConversationTokenBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/Trust10Builder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SignedPartsBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/RecipientTokenBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/ProtectionTokenBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/TransportBindingBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/EncryptedElementsBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/RequiredPartsBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/TransportTokenBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/IssuedTokenBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SupportingTokensBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/AlgorithmSuiteBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/HttpsTokenBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/InitiatorTokenBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/X509TokenBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SignedElementsBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SymmetricBindingBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/EncryptedPartsBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/AsymmetricBindingBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/RequiredElementsBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SecurityContextTokenBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/LayoutBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/WSS10Builder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/WSS11Builder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/UsernameTokenBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SecureConversationTokenBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/RecipientTokenBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SignedPartsBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/ContentEncryptedElementsBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/Trust13Builder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/ProtectionTokenBuilder.java
> > D modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/TransportBindingBuilder.java
> > A modules/rampart-policy/src/main/resources
> > A + modules/rampart-policy/src/main/resources/META-INF
> > M + modules/rampart-policy/src/main/resources/META-INF/services/org.apache.neethi.builders.AssertionBuilder
> > M modules/rampart-policy/pom.xml
> > M modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
> > M modules/rampart-trust/pom.xml
> > M modules/rampart-tests/src/test/java/org/apache/ws/secpolicy/model/SecpolicyModelTest.java
> > M modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
> > M modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
> > M modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
> > M modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
> > M modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java
> > M modules/rampart-core/src/main/java/org/apache/rampart/policy/SupportingPolicyData.java
> > M modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java
> > M modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
> > M modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
> > M modules/rampart-core/src/main/java/org/apache/rampart/handler/PostDispatchVerificationHandler.java
> > M pom.xml
> >
> >
> >
> >
> > On Thu, 10 Nov 2011 20:02:48 +0100
> > Marc Giger <giger@apache.org> wrote:
> >
> > > Dear WS-devs,
> > >
> > > At the moment there are at least 4 AssertionBuilder and 3 Assertion classes per \
> > > WS-Security-Policy-Assertion. The original Rampart ones, the CXF ones lent by \
> > > rampart and my classes (swssf) lent by Rampart. All of you, which did \
> > > contribute to the policy implementations, know how much time it takes to \
> > > implement it and how complicated it can be.
> > >
> > > The attached patch is a first try/draft/proposal to to get rid of this overhead \
> > > so that we can use a common code base. It is of course not intended for \
> > > inclusion but to start a discussion about requirements.
> > > The provided patch should show you
> > > - the support of neested policies and its normalization (attached is a sample \
> > > policy in compact form and its normalized version which was normalized with the \
> > > code in the patch)
> > > - the simplification of the multiple Policy-Versions handling
> > > - generic (simple) method and class to do the final assert of an alternative
> > >
> > > The axis/rampart developers will note that the builders are using the W3C-DOM \
> > > implementation instead of the axiom framework. The rationale is that no \
> > > additional dependencies are needed, DOM is an official standard and we aren't \
> > > in a "hot-path" (Normally the policy will be build once during the whole \
> > > runtime). So, this shouldn't be a big deal.
> > > There is an alternative to the proposed concept. Build the policy without the \
> > > builders and call the concrete builders during normalization or during other \
> > > structural changes. The primitive assertion objects can be hold behind the \
> > > scene to allow structural changes all the time.
> > >
> > > Before I invest more time I want to make sure the asf-dev-community is in favor \
> > > and the result will be accepted.
> > > What do you think?
> > >
> > > I agree [ ]
> > > I disagree [ ]
> > > I don't care [ ]
> > > What do you want?, it is perfect as it is! [ ]
> > >
> > > I'm willing to help [ ]
> > >
> > > Comments/notes/concerns/objections/ideas?
> > >
> > > Please share your opinion!
> > >
> > > Thanks
> > >
> > > Marc
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: dev-help@ws.apache.org
> >
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: dev-help@ws.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic