Examples of com.sun.xml.wss.impl.callback.DynamicPolicyCallback

• com.sun.xml.wss.impl.callback.DynamicPolicyCallback
  Callback implementation for dynamic policy resolution. A DynamicPolicy Callback is made by the XWS-runtime to allow the application/Handler to decide the incoming/outgoing SecurityPolicy at runtime.

  When the SecurityPolicy set on the Callback is a DynamicSecurityPolicy then the CallbackHandler is currently expected to set a com.sun.xml.wss.impl.configuration.MessagePolicy instance as the resolved policy. The MessagePolicy instance can contain policies generated by the PolicyGenerator obtained from the DynamicSecurityPolicy.

        AuthenticationTokenPolicy authPolicy = new AuthenticationTokenPolicy();
        AuthenticationTokenPolicy.SAMLAssertionBinding samlPolicy =
                (AuthenticationTokenPolicy.SAMLAssertionBinding) authPolicy.newSAMLAssertionFeatureBinding();
        samlPolicy.setAssertion(assertion);

        DynamicPolicyCallback dynamicCallback =
                new DynamicPolicyCallback(samlPolicy, null);
        //let runtime properties be visible here
//        if (!isDefaultHandler) {
        ProcessingContext.copy(dynamicCallback.getRuntimeProperties(), context);
//        } else {
//            dynamicCallback.getRuntimeProperties().
//                    put(MessageConstants.AUTH_SUBJECT, context.get(MessageConstants.AUTH_SUBJECT));
//        }
        try {

        AuthenticationTokenPolicy.SAMLAssertionBinding samlPolicy =
                (AuthenticationTokenPolicy.SAMLAssertionBinding) authPolicy.newSAMLAssertionFeatureBinding();
        samlPolicy.setAuthorityBinding(binding);
        samlPolicy.setAssertionId(assertionId);

        DynamicPolicyCallback dynamicCallback =
                new DynamicPolicyCallback(samlPolicy, null);
        //let runtime props be visible here
//        if (!isDefaultHandler) {
            ProcessingContext.copy(dynamicCallback.getRuntimeProperties(), context);
//        }
        try {
            Callback[] callbacks = new Callback[]{dynamicCallback};
            callbackHandler.handle(callbacks);
        } catch (Exception e) {

    public AuthenticationTokenPolicy.SAMLAssertionBinding populateSAMLPolicy(Map fpcontext, AuthenticationTokenPolicy.SAMLAssertionBinding policy,
            DynamicApplicationContext context)
            throws XWSSecurityException {

        DynamicPolicyCallback dynamicCallback =
                new DynamicPolicyCallback(policy, context);
        if (context != null /* && !isDefaultHandler*/) {
            ProcessingContext.copy(dynamicCallback.getRuntimeProperties(), fpcontext);
        }
        try {
            Callback[] callbacks = new Callback[]{dynamicCallback};
            callbackHandler.handle(callbacks);
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0237_FAILED_DYNAMIC_POLICY_CALLBACK(), e);
            throw new XWSSecurityException(e);
        }
        return (AuthenticationTokenPolicy.SAMLAssertionBinding) dynamicCallback.getSecurityPolicy();
    }

                getTrustStore(cb.getRuntimeProperties());
                cb.setValidator(certValidator);


            } else if (callbacks[i] instanceof DynamicPolicyCallback) {
                DynamicPolicyCallback dp = (DynamicPolicyCallback) callbacks[i];
                SecurityPolicy policy = dp.getSecurityPolicy();
                if (policy instanceof AuthenticationTokenPolicy.SAMLAssertionBinding) {
                    AuthenticationTokenPolicy.SAMLAssertionBinding samlBinding =
                            (AuthenticationTokenPolicy.SAMLAssertionBinding) ((AuthenticationTokenPolicy.SAMLAssertionBinding) policy).clone();

                    if ((samlBinding.getAssertion() == null) && (samlBinding.getAuthorityBinding() == null) && (samlBinding.getAssertionReader() == null)) {
                        populateAssertion(samlBinding, dp);
                    } else if (samlBinding.getAssertion() != null || samlBinding.getAssertionReader() != null) {
                        Subject subj =
                                (Subject) dp.getRuntimeProperties().get(MessageConstants.AUTH_SUBJECT);
                        validateSAMLAssertion(samlBinding, subj, dp.getRuntimeProperties());
                    } else if ((samlBinding.getAuthorityBinding() != null) && (samlBinding.getAssertionId() != null)) {
                        locateSAMLAssertion(samlBinding, dp.getRuntimeProperties());
                    } else {
                        log.log(Level.SEVERE, LogStringsMessages.WSS_1506_INVALID_SAML_POLICY());
                        throw new UnsupportedCallbackException(null, "SAML Assertion not present in the Policy");
                    }
                }

        AuthenticationTokenPolicy authPolicy = new AuthenticationTokenPolicy();
        AuthenticationTokenPolicy.SAMLAssertionBinding samlPolicy =
                (AuthenticationTokenPolicy.SAMLAssertionBinding) authPolicy.newSAMLAssertionFeatureBinding();
        samlPolicy.setAssertion(assertion);

        DynamicPolicyCallback dynamicCallback =
                new DynamicPolicyCallback(samlPolicy, null);
//        if (!isDefaultHandler) {
            ProcessingContext.copy(dynamicCallback.getRuntimeProperties(), context);
//        } else {
            if (context.get(MessageConstants.AUTH_SUBJECT) == null) {
            dynamicCallback.getRuntimeProperties().
                    put(MessageConstants.AUTH_SUBJECT, getSubject(context));
            }
//        }
        try {
            Callback[] callbacks = new Callback[]{dynamicCallback};

                getTrustStore(cb.getRuntimeProperties());
                cb.setValidator(certValidator);


            } else if (callbacks[i] instanceof DynamicPolicyCallback) {
                DynamicPolicyCallback dp = (DynamicPolicyCallback) callbacks[i];
                SecurityPolicy policy = dp.getSecurityPolicy();
                if (policy instanceof AuthenticationTokenPolicy.SAMLAssertionBinding) {
                    AuthenticationTokenPolicy.SAMLAssertionBinding samlBinding =
                            (AuthenticationTokenPolicy.SAMLAssertionBinding) ((AuthenticationTokenPolicy.SAMLAssertionBinding) policy).clone();

                    if ((samlBinding.getAssertion() == null) && (samlBinding.getAuthorityBinding() == null) && (samlBinding.getAssertionReader() == null)) {
                        populateAssertion(samlBinding, dp);
                    } else if (samlBinding.getAssertion() != null || samlBinding.getAssertionReader() != null) {
                        Subject subj =
                                (Subject) dp.getRuntimeProperties().get(MessageConstants.AUTH_SUBJECT);
                        validateSAMLAssertion(samlBinding, subj, dp.getRuntimeProperties());
                    } else if ((samlBinding.getAuthorityBinding() != null) && (samlBinding.getAssertionId() != null)) {
                        locateSAMLAssertion(samlBinding, dp.getRuntimeProperties());
                    } else {
                        log.log(Level.SEVERE, LogStringsMessages.WSS_1506_INVALID_SAML_POLICY());
                        throw new UnsupportedCallbackException(null, "SAML Assertion not present in the Policy");
                    }
                }

                dynamicContext.setMessageIdentifier(context.getMessageIdentifier());
                dynamicContext.inBoundMessage(true);
                ProcessingContext.copy(dynamicContext.getRuntimeProperties(), context.getExtraneousProperties());

                // make dynamic policy callback
                DynamicPolicyCallback dpCallback = new DynamicPolicyCallback(policy, dynamicContext);
                HarnessUtil.makeDynamicPolicyCallback(dpCallback,
                        context.getSecurityEnvironment().getCallbackHandler());


                SecurityPolicy result = dpCallback.getSecurityPolicy();
                fpContext.setSecurityPolicy(result);
                fpContext.setMode(FilterProcessingContext.ADHOC);

                if (PolicyTypeUtil.messagePolicy(result)) {
                    processMessagePolicy(fpContext);

            dynamicContext.setMessageIdentifier(fpContext.getMessageIdentifier());
            dynamicContext.inBoundMessage(true);
            ProcessingContext.copy(dynamicContext.getRuntimeProperties(), fpContext.getExtraneousProperties());

            // make dynamic policy callback
            DynamicPolicyCallback dpCallback = new DynamicPolicyCallback(policy, dynamicContext);
            HarnessUtil.makeDynamicPolicyCallback(
                    dpCallback, fpContext.getSecurityEnvironment().getCallbackHandler());

            if (!(PolicyTypeUtil.messagePolicy(dpCallback.getSecurityPolicy()))) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0271_FAILEDTO_RESOLVE_POLICY());
                throw new XWSSecurityException("Policy has to resolve to MessagePolicy");
            } else {
                mPolicy = (MessagePolicy) dpCallback.getSecurityPolicy();
            }

        } else if (PolicyTypeUtil.declarativeSecurityConfiguration(policy)) {

            DeclarativeSecurityConfiguration dsc = (DeclarativeSecurityConfiguration) policy;

            dynamicContext.setMessageIdentifier (context.getMessageIdentifier ());
            dynamicContext.inBoundMessage (false);
            ProcessingContext.copy (dynamicContext.getRuntimeProperties(), context.getExtraneousProperties());

            // make dynamic policy callback
            DynamicPolicyCallback dpCallback = new DynamicPolicyCallback (policy, dynamicContext);
            try {
               HarnessUtil.makeDynamicPolicyCallback(dpCallback,
                          handler.getCallbackHandler());

            } catch (Exception e) {
               log.log(Level.SEVERE, LogStringsMessages.WSS_0237_FAILED_DYNAMIC_POLICY_CALLBACK(), e);
               throw new XWSSecurityException (e);
            }

            SecurityPolicy result = dpCallback.getSecurityPolicy ();
            fpContext.setSecurityPolicy (result);

            if (PolicyTypeUtil.messagePolicy(result)) {
                processMessagePolicy (fpContext);
            } else

                    DynamicApplicationContext dynamicContext =
                            new DynamicApplicationContext(context.getPolicyContext());

                    dynamicContext.setMessageIdentifier(context.getMessageIdentifier());
                    dynamicContext.inBoundMessage(true);
                    DynamicPolicyCallback dynamicCallback =
                            new DynamicPolicyCallback(userNamePolicy, dynamicContext);
                    ProcessingContext.copy(dynamicContext.getRuntimeProperties(), context.getExtraneousProperties());
                    HarnessUtil.makeDynamicPolicyCallback(dynamicCallback,
                            context.getSecurityEnvironment().getCallbackHandler());

                    policy.setFeatureBinding((AuthenticationTokenPolicy.UsernameTokenBinding)dynamicCallback.getSecurityPolicy());
                    //context.setSecurityPolicy(policy);
                } catch (Exception e) {
                   log.log(Level.SEVERE, LogStringsMessages.WSS_1427_ERROR_ADHOC(),e);
                    throw new XWSSecurityException(e);
                }