From c3e47253d91b09e4c5d6fb2537841b1bb6c96d0e Mon Sep 17 00:00:00 2001 From: Berksan Ates Date: Tue, 15 Mar 2022 10:00:15 -0500 Subject: [PATCH 1/6] Changes are moved to CXF 3.4 CXF 3.4.3 original --- .../jaxws/interceptors/SwAOutInterceptor.java | 330 +++++++++ .../cxf/ws/policy/PolicyEngineImpl.java | 678 ++++++++++++++++++ .../PolicyVerificationInInterceptor.java | 121 ++++ 3 files changed, 1129 insertions(+) create mode 100644 dev/com.ibm.ws.org.apache.cxf.cxf.rt.frontend.jaxws.3.2/src/org/apache/cxf/jaxws/interceptors/SwAOutInterceptor.java create mode 100644 dev/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.3.2/src/org/apache/cxf/ws/policy/PolicyEngineImpl.java create mode 100644 dev/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.3.2/src/org/apache/cxf/ws/policy/PolicyVerificationInInterceptor.java diff --git a/dev/com.ibm.ws.org.apache.cxf.cxf.rt.frontend.jaxws.3.2/src/org/apache/cxf/jaxws/interceptors/SwAOutInterceptor.java b/dev/com.ibm.ws.org.apache.cxf.cxf.rt.frontend.jaxws.3.2/src/org/apache/cxf/jaxws/interceptors/SwAOutInterceptor.java new file mode 100644 index 000000000000..6b70a47f04af --- /dev/null +++ b/dev/com.ibm.ws.org.apache.cxf.cxf.rt.frontend.jaxws.3.2/src/org/apache/cxf/jaxws/interceptors/SwAOutInterceptor.java @@ -0,0 +1,330 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.jaxws.interceptors; +import java.awt.Component; +import java.awt.Graphics; +import java.awt.Image; +import java.awt.MediaTracker; +import java.awt.image.BufferedImage; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.lang.reflect.Method; +import java.nio.charset.StandardCharsets; +import java.security.AccessController; +import java.security.PrivilegedExceptionAction; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.UUID; +import java.util.concurrent.ConcurrentHashMap; +import java.util.logging.Logger; + +import javax.activation.DataHandler; +import javax.activation.DataSource; +import javax.imageio.ImageIO; +import javax.imageio.ImageWriter; +import javax.imageio.stream.ImageOutputStream; +import javax.xml.bind.JAXBContext; +import javax.xml.stream.XMLStreamException; +import javax.xml.stream.XMLStreamWriter; +import javax.xml.transform.Source; +import javax.xml.transform.stream.StreamSource; + +import org.apache.cxf.attachment.AttachmentImpl; +import org.apache.cxf.attachment.ByteDataSource; +import org.apache.cxf.binding.soap.SoapMessage; +import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor; +import org.apache.cxf.binding.soap.model.SoapBodyInfo; +import org.apache.cxf.common.logging.LogUtils; +import org.apache.cxf.databinding.DataBinding; +import org.apache.cxf.helpers.CastUtils; +import org.apache.cxf.helpers.IOUtils; +import org.apache.cxf.helpers.LoadingByteArrayOutputStream; +import org.apache.cxf.interceptor.AttachmentOutInterceptor; +import org.apache.cxf.interceptor.Fault; +import org.apache.cxf.jaxb.JAXBDataBinding; +import org.apache.cxf.message.Attachment; +import org.apache.cxf.message.Exchange; +import org.apache.cxf.message.Message; +import org.apache.cxf.phase.Phase; +import org.apache.cxf.service.Service; +import org.apache.cxf.service.model.BindingMessageInfo; +import org.apache.cxf.service.model.BindingOperationInfo; +import org.apache.cxf.service.model.MessagePartInfo; +import org.apache.cxf.staxutils.StaxUtils; + +public class SwAOutInterceptor extends AbstractSoapInterceptor { + private static final Logger LOG = LogUtils.getL7dLogger(SwAOutInterceptor.class); + + private static final Map SWA_REF_METHOD + = new ConcurrentHashMap<>(4, 0.75f, 2); + private static final Set SWA_REF_NO_METHOD + = Collections.newSetFromMap(new ConcurrentHashMap(4, 0.75f, 2)); + + AttachmentOutInterceptor attachOut = new AttachmentOutInterceptor(); + + public SwAOutInterceptor() { + super(Phase.PRE_LOGICAL); + addAfter(HolderOutInterceptor.class.getName()); + addBefore(WrapperClassOutInterceptor.class.getName()); + } + + private boolean callSWARefMethod(final JAXBContext ctx) { + String cname = ctx.getClass().getName(); + Method m = SWA_REF_METHOD.get(cname); + if (m == null && !SWA_REF_NO_METHOD.contains(cname)) { + try { + m = AccessController.doPrivileged(new PrivilegedExceptionAction() { + + public Method run() throws Exception { + Method hasSwaRefMethod = ctx.getClass().getMethod("hasSwaRef", new Class[0]); + if (!hasSwaRefMethod.isAccessible()) { + hasSwaRefMethod.setAccessible(true); + } + return hasSwaRefMethod; + } + }); + if (m == null) { + SWA_REF_NO_METHOD.add(cname); + } else { + SWA_REF_METHOD.put(cname, m); + } + } catch (Exception e) { + //ignore + } + } + try { + if (m != null) { + return (Boolean)m.invoke(ctx); + } + } catch (Exception e) { + //ignore + } + return false; + } + + public void handleMessage(SoapMessage message) throws Fault { + Exchange ex = message.getExchange(); + BindingOperationInfo bop = ex.getBindingOperationInfo(); + if (bop == null) { + return; + } + + if (bop.isUnwrapped()) { + bop = bop.getWrappedOperation(); + } + + boolean client = isRequestor(message); + BindingMessageInfo bmi = client ? bop.getInput() : bop.getOutput(); + + if (bmi == null) { + return; + } + + SoapBodyInfo sbi = bmi.getExtensor(SoapBodyInfo.class); + + if (sbi == null || sbi.getAttachments() == null || sbi.getAttachments().isEmpty()) { + Service s = ex.getService(); + DataBinding db = s.getDataBinding(); + if (db instanceof JAXBDataBinding + && hasSwaRef((JAXBDataBinding) db)) { + setupAttachmentOutput(message); + } + return; + } + processAttachments(message, sbi); + } + protected void processAttachments(SoapMessage message, SoapBodyInfo sbi) { + Collection atts = setupAttachmentOutput(message); + List outObjects = CastUtils.cast(message.getContent(List.class)); + + for (MessagePartInfo mpi : sbi.getAttachments()) { + String partName = mpi.getConcreteName().getLocalPart(); + String ct = (String) mpi.getProperty(Message.CONTENT_TYPE); + + String id = new StringBuilder().append(partName) + .append('=') + .append(UUID.randomUUID()) + .append("@apache.org").toString(); + + // this assumes things are in order... + int idx = mpi.getIndex(); + Object o = outObjects.get(idx); + + if (o == null) { + continue; + } + outObjects.set(idx, null); + DataHandler dh = null; + + // This code could probably be refactored out somewhere... + if (o instanceof Source) { + dh = new DataHandler(createDataSource((Source)o, ct)); + } else if (o instanceof Image) { + final Image img = (Image)o; + final String contentType = ct; + dh = new DataHandler(o, ct) { + @Override + public InputStream getInputStream() throws IOException { + LoadingByteArrayOutputStream bout = new LoadingByteArrayOutputStream(); + writeTo(bout); + return bout.createInputStream(); + } + @Override + public void writeTo(OutputStream out) throws IOException { + ImageWriter writer = null; + Iterator writers = ImageIO.getImageWritersByMIMEType(contentType); + if (writers.hasNext()) { + writer = writers.next(); + } + if (writer != null) { + BufferedImage bimg = convertToBufferedImage(img); + ImageOutputStream iout = ImageIO.createImageOutputStream(out); + writer.setOutput(iout); + writer.write(bimg); + writer.dispose(); + iout.flush(); + out.flush(); + } + } + }; + + } else if (o instanceof DataHandler) { + dh = (DataHandler) o; + ct = dh.getContentType(); + + try { + if ("text/xml".equals(ct) + && dh.getContent() instanceof Source) { + dh = new DataHandler(createDataSource((Source)dh.getContent(), ct)); + } + } catch (IOException e) { + //ignore, use same dh + } + } else if (o instanceof byte[]) { + if (ct == null) { + ct = "application/octet-stream"; + } + dh = new DataHandler(new ByteDataSource((byte[])o, ct)); + } else if (o instanceof String) { + if (ct == null) { + ct = "text/plain; charset=\'UTF-8\'"; + } + dh = new DataHandler(new ByteDataSource(((String)o).getBytes(StandardCharsets.UTF_8), ct)); + } else { + throw new Fault(new org.apache.cxf.common.i18n.Message("ATTACHMENT_NOT_SUPPORTED", + LOG, o.getClass())); + } + + AttachmentImpl att = new AttachmentImpl(id); + att.setDataHandler(dh); + att.setHeader("Content-Type", ct); + att.setHeader("Content-ID", "<" + id + ">"); + atts.add(att); + } + } + + protected boolean hasSwaRef(JAXBDataBinding db) { + JAXBContext context = db.getContext(); + return callSWARefMethod(context); + } + + private DataSource createDataSource(Source o, String ct) { + DataSource ds = null; + + if (o instanceof StreamSource) { + StreamSource src = (StreamSource)o; + try { + if (src.getInputStream() != null) { + try (ByteArrayOutputStream bos = new ByteArrayOutputStream(2048)) { + IOUtils.copy(src.getInputStream(), bos, 1024); + ds = new ByteDataSource(bos.toByteArray(), ct); + } + } else { + ds = new ByteDataSource(IOUtils.toString(src.getReader()).getBytes(StandardCharsets.UTF_8), + ct); + } + } catch (IOException e) { + throw new Fault(e); + } + } else { + ByteArrayOutputStream bwriter = new ByteArrayOutputStream(); + XMLStreamWriter writer = null; + try { + writer = StaxUtils.createXMLStreamWriter(bwriter); + StaxUtils.copy(o, writer); + writer.flush(); + ds = new ByteDataSource(bwriter.toByteArray(), ct); + } catch (XMLStreamException e1) { + throw new Fault(e1); + } finally { + StaxUtils.close(writer); + } + } + return ds; + } + + private BufferedImage convertToBufferedImage(Image image) throws IOException { + if (image instanceof BufferedImage) { + return (BufferedImage)image; + } + + // Wait until the image is completely loaded + MediaTracker tracker = new MediaTracker(new Component() { + private static final long serialVersionUID = 6412221228374321325L; + }); + tracker.addImage(image, 0); + try { + tracker.waitForAll(); + } catch (InterruptedException e) { + throw new Fault(e); + } + + // Create a BufferedImage so we can write it out later + BufferedImage bufImage = new BufferedImage( + image.getWidth(null), + image.getHeight(null), + BufferedImage.TYPE_INT_ARGB); + + Graphics g = bufImage.createGraphics(); + g.drawImage(image, 0, 0, null); + return bufImage; + } + + private Collection setupAttachmentOutput(SoapMessage message) { + // We have attachments, so add the interceptor + message.getInterceptorChain().add(attachOut); + // We should probably come up with another property for this + message.put(AttachmentOutInterceptor.WRITE_ATTACHMENTS, Boolean.TRUE); + + + Collection atts = message.getAttachments(); + if (atts == null) { + atts = new ArrayList<>(); + message.setAttachments(atts); + } + return atts; + } +} diff --git a/dev/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.3.2/src/org/apache/cxf/ws/policy/PolicyEngineImpl.java b/dev/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.3.2/src/org/apache/cxf/ws/policy/PolicyEngineImpl.java new file mode 100644 index 000000000000..6944ff320727 --- /dev/null +++ b/dev/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.3.2/src/org/apache/cxf/ws/policy/PolicyEngineImpl.java @@ -0,0 +1,678 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.ws.policy; + +import java.util.*; +import java.util.concurrent.CopyOnWriteArrayList; +import java.util.logging.Level; +import java.util.logging.Logger; + +import javax.annotation.Resource; +import javax.xml.namespace.QName; + +import org.apache.cxf.Bus; +import org.apache.cxf.common.injection.NoJSR250Annotations; +import org.apache.cxf.common.logging.LogUtils; +import org.apache.cxf.configuration.ConfiguredBeanLocator; +import org.apache.cxf.extension.BusExtension; +import org.apache.cxf.helpers.CastUtils; +import org.apache.cxf.message.Message; +import org.apache.cxf.service.factory.FactoryBeanListener; +import org.apache.cxf.service.factory.FactoryBeanListenerManager; +import org.apache.cxf.service.model.BindingFaultInfo; +import org.apache.cxf.service.model.BindingMessageInfo; +import org.apache.cxf.service.model.BindingOperationInfo; +import org.apache.cxf.service.model.EndpointInfo; +import org.apache.cxf.service.model.ServiceInfo; +import org.apache.cxf.transport.Conduit; +import org.apache.cxf.transport.Destination; +import org.apache.cxf.ws.policy.selector.MinimalAlternativeSelector; +import org.apache.neethi.Assertion; +import org.apache.neethi.Constants; +import org.apache.neethi.Policy; +import org.apache.neethi.PolicyComponent; +import org.apache.neethi.PolicyOperator; +import org.apache.neethi.PolicyReference; +import org.apache.neethi.PolicyRegistry; + +/** + * + */ +@NoJSR250Annotations(unlessNull = "bus") +public class PolicyEngineImpl implements PolicyEngine, BusExtension { + private static final Logger LOG = LogUtils.getL7dLogger(PolicyEngineImpl.class); + + + private static final String POLICY_INFO_REQUEST_SERVER = "policy-engine-info-serve-request"; + private static final String POLICY_INFO_FAULT_SERVER = "policy-engine-info-serve-fault"; + private static final String POLICY_INFO_RESPONSE_SERVER = "policy-engine-info-serve-response"; + private static final String POLICY_INFO_ENDPOINT_SERVER = "policy-engine-info-serve-rendpoint"; + + private static final String POLICY_INFO_REQUEST_CLIENT = "policy-engine-info-client-request"; + private static final String POLICY_INFO_FAULT_CLIENT = "policy-engine-info-client-fault"; + private static final String POLICY_INFO_RESPONSE_CLIENT = "policy-engine-info-client-response"; + private static final String POLICY_INFO_ENDPOINT_CLIENT = "policy-engine-info-client-endpoint"; + + private Bus bus; + private PolicyRegistry registry; + private Collection policyProviders; + private Collection preSetPolicyProviders = new LinkedList<>(); + private Policy busPolicy; + private boolean enabled = true; + private Boolean ignoreUnknownAssertions; + private boolean addedBusInterceptors; + private AlternativeSelector alternativeSelector; + + + public PolicyEngineImpl() { + init(); + } + public PolicyEngineImpl(boolean en) { + enabled = en; + init(); + } + public PolicyEngineImpl(Bus b) { + init(); + setBus(b); + } + + // configuration + + public boolean isEnabled() { + return enabled; + } + + @Resource + public final void setBus(Bus b) { + if (this.bus == b) { + //avoid bus init twice through injection + return; + } + bus = b; + addBusInterceptors(); + FactoryBeanListenerManager fblm = bus.getExtension(FactoryBeanListenerManager.class); + if (fblm != null) { + for (FactoryBeanListener l : fblm.getListeners()) { + if (l instanceof PolicyAnnotationListener) { + return; + } + } + fblm.addListener(new PolicyAnnotationListener(bus)); + } + } + + public Bus getBus() { + return bus; + } + @Override + public void addPolicy(Policy p) { + if (busPolicy == null) { + busPolicy = p; + } else { + busPolicy = busPolicy.merge(p); + } + } + + + public void setPolicyProviders(Collection p) { + policyProviders = new CopyOnWriteArrayList<>(p); + } + + public synchronized void addPolicyProvider(PolicyProvider p) { + if (policyProviders != null) { + policyProviders.add(p); + } else { + preSetPolicyProviders.add(p); + } + } + public synchronized Collection getPolicyProviders() { + if (policyProviders == null) { + policyProviders = new CopyOnWriteArrayList<>(); + if (bus != null) { + ConfiguredBeanLocator loc = bus.getExtension(ConfiguredBeanLocator.class); + if (loc != null) { + loc.getBeansOfType(PolicyProvider.class); + } + } + policyProviders.addAll(preSetPolicyProviders); + preSetPolicyProviders = null; + } + return policyProviders; + } + + public void setRegistry(PolicyRegistry r) { + registry = r; + } + + public PolicyRegistry getRegistry() { + return registry; + } + + public synchronized void setEnabled(boolean e) { + enabled = e; + if (enabled && !addedBusInterceptors) { + addBusInterceptors(); + } else if (!enabled && addedBusInterceptors) { + removeBusInterceptors(); + } + } + + public synchronized AlternativeSelector getAlternativeSelector() { + if (alternativeSelector == null && enabled) { + alternativeSelector = new MinimalAlternativeSelector(); + } + return alternativeSelector; + } + + public void setAlternativeSelector(AlternativeSelector as) { + alternativeSelector = as; + } + + public boolean isIgnoreUnknownAssertions() { + return ignoreUnknownAssertions == null || ignoreUnknownAssertions; + } + + public void setIgnoreUnknownAssertions(boolean ignore) { + ignoreUnknownAssertions = ignore; + } + + // BusExtension interface + + + public Class getRegistrationType() { + return PolicyEngine.class; + } + + // PolicyEngine interface + + public EffectivePolicy getEffectiveClientRequestPolicy(EndpointInfo ei, BindingOperationInfo boi, + Conduit c, Message m) { + EffectivePolicy effectivePolicy = (EffectivePolicy)boi.getProperty(POLICY_INFO_REQUEST_CLIENT); + if (effectivePolicy == null) { + synchronized (ei) { + effectivePolicy = (EffectivePolicy)boi.getProperty(POLICY_INFO_REQUEST_CLIENT); + if (null == effectivePolicy) { + EffectivePolicyImpl epi = createOutPolicyInfo(); + Assertor assertor = PolicyUtils.createAsserter(c); + epi.initialise(ei, boi, this, assertor, true, true, m); + if (m != null) { + boi.setProperty(POLICY_INFO_REQUEST_CLIENT, epi); + } + effectivePolicy = epi; + } + } + } + return effectivePolicy; + } + + public void setEffectiveClientRequestPolicy(EndpointInfo ei, BindingOperationInfo boi, + EffectivePolicy ep) { + boi.setProperty(POLICY_INFO_REQUEST_CLIENT, ep); + } + + public EffectivePolicy getEffectiveServerResponsePolicy(EndpointInfo ei, + BindingOperationInfo boi, + Destination d, + List> incoming, + Message m) { + if (incoming == null) { + EffectivePolicy effectivePolicy = (EffectivePolicy)boi.getProperty(POLICY_INFO_RESPONSE_SERVER); + if (effectivePolicy == null) { + synchronized (ei) { + effectivePolicy = (EffectivePolicy)boi.getProperty(POLICY_INFO_RESPONSE_SERVER); + if (null == effectivePolicy) { + EffectivePolicyImpl epi = createOutPolicyInfo(); + Assertor assertor = PolicyUtils.createAsserter(d); + epi.initialise(ei, boi, this, assertor, false, false, null); + if (m != null) { + boi.setProperty(POLICY_INFO_RESPONSE_SERVER, epi); + } + effectivePolicy = epi; + } + } + } + return effectivePolicy; + } + EffectivePolicyImpl epi = createOutPolicyInfo(); + Assertor assertor = PolicyUtils.createAsserter(d); + epi.initialise(ei, boi, this, assertor, incoming, m); + return epi; + } + + public void setEffectiveServerResponsePolicy(EndpointInfo ei, BindingOperationInfo boi, + EffectivePolicy ep) { + boi.setProperty(POLICY_INFO_RESPONSE_SERVER, ep); + } + + public EffectivePolicy getEffectiveServerFaultPolicy(EndpointInfo ei, + BindingOperationInfo boi, + BindingFaultInfo bfi, + Destination d, + Message m) { + + if (bfi == null) { + EffectivePolicyImpl epi = createOutPolicyInfo(); + Assertor assertor = PolicyUtils.createAsserter(d); + epi.initialise(ei, boi, null, this, assertor, m); + return epi; + } + bfi = mapToWrappedBindingFaultInfo(bfi); + EffectivePolicy effectivePolicy = (EffectivePolicy)bfi.getProperty(POLICY_INFO_FAULT_SERVER); + if (effectivePolicy == null) { + synchronized (ei) { + effectivePolicy = (EffectivePolicy)bfi.getProperty(POLICY_INFO_FAULT_SERVER); + if (null == effectivePolicy) { + EffectivePolicyImpl epi = createOutPolicyInfo(); + Assertor assertor = PolicyUtils.createAsserter(d); + epi.initialise(ei, boi, bfi, this, assertor, m); + if (m != null) { + bfi.setProperty(POLICY_INFO_FAULT_SERVER, epi); + } + effectivePolicy = epi; + } + } + } + return effectivePolicy; + } + + private BindingFaultInfo mapToWrappedBindingFaultInfo(BindingFaultInfo bfi) { + BindingOperationInfo boi = bfi.getBindingOperation(); + if (boi != null && boi.isUnwrapped()) { + boi = boi.getWrappedOperation(); + for (BindingFaultInfo bf2 : boi.getFaults()) { + if (bf2.getFaultInfo().getName().equals(bfi.getFaultInfo().getName())) { + return bf2; + } + } + } + return bfi; + } + public void setEffectiveServerFaultPolicy(EndpointInfo ei, BindingFaultInfo bfi, EffectivePolicy ep) { + bfi.setProperty(POLICY_INFO_FAULT_SERVER, ep); + } + + public EndpointPolicy getClientEndpointPolicy(EndpointInfo ei, Conduit conduit, Message m) { + Assertor assertor = PolicyUtils.createAsserter(conduit); + return getEndpointPolicy(ei, true, assertor, m); + } + + public EndpointPolicy getServerEndpointPolicy(EndpointInfo ei, Destination destination, Message m) { + Assertor assertor = PolicyUtils.createAsserter(destination); + return getEndpointPolicy(ei, false, assertor, m); + } + + private EndpointPolicy getEndpointPolicy(//NOPMD + EndpointInfo ei, + boolean isRequestor, + Assertor assertor, + Message m) { + return createEndpointPolicyInfo(ei, isRequestor, assertor, m); + } + + public void setClientEndpointPolicy(EndpointInfo ei, EndpointPolicy ep) { + ei.setProperty(POLICY_INFO_ENDPOINT_CLIENT, ep); + } + + public void setServerEndpointPolicy(EndpointInfo ei, EndpointPolicy ep) { + ei.setProperty(POLICY_INFO_ENDPOINT_SERVER, ep); + } + + public EffectivePolicy getEffectiveServerRequestPolicy(EndpointInfo ei, + BindingOperationInfo boi, + Message m) { + EffectivePolicy effectivePolicy = (EffectivePolicy)boi.getProperty(POLICY_INFO_REQUEST_SERVER); + if (effectivePolicy == null) { + synchronized (ei) { + effectivePolicy = (EffectivePolicy)boi.getProperty(POLICY_INFO_REQUEST_SERVER); + if (null == effectivePolicy) { + EffectivePolicyImpl epi = createOutPolicyInfo(); + epi.initialise(ei, boi, this, false, true, m); + if (m != null) { + boi.setProperty(POLICY_INFO_REQUEST_SERVER, epi); + } + effectivePolicy = epi; + } + } + } + return effectivePolicy; + } + + public void setEffectiveServerRequestPolicy(EndpointInfo ei, BindingOperationInfo boi, + EffectivePolicy ep) { + boi.setProperty(POLICY_INFO_REQUEST_SERVER, ep); + } + + public EffectivePolicy getEffectiveClientResponsePolicy(EndpointInfo ei, + BindingOperationInfo boi, + Message m) { + EffectivePolicy effectivePolicy = (EffectivePolicy)boi.getProperty(POLICY_INFO_RESPONSE_CLIENT); + if (effectivePolicy == null) { + synchronized (ei) { + effectivePolicy = (EffectivePolicy)boi.getProperty(POLICY_INFO_RESPONSE_CLIENT); + if (null == effectivePolicy) { + EffectivePolicyImpl epi = createOutPolicyInfo(); + epi.initialise(ei, boi, this, true, false, m); + if (m != null) { + boi.setProperty(POLICY_INFO_RESPONSE_CLIENT, epi); + } + effectivePolicy = epi; + } + } + } + return effectivePolicy; + } + + public void setEffectiveClientResponsePolicy(EndpointInfo ei, BindingOperationInfo boi, + EffectivePolicy ep) { + boi.setProperty(POLICY_INFO_RESPONSE_CLIENT, ep); + } + + public EffectivePolicy getEffectiveClientFaultPolicy(EndpointInfo ei, + BindingOperationInfo boi, + BindingFaultInfo bfi, + Message m) { + EffectivePolicy effectivePolicy = null; + if (bfi != null) { + effectivePolicy = (EffectivePolicy)bfi.getProperty(POLICY_INFO_FAULT_CLIENT); + } + if (effectivePolicy == null) { + synchronized (ei) { + if (bfi != null) { + effectivePolicy = (EffectivePolicy)bfi.getProperty(POLICY_INFO_FAULT_CLIENT); + } + if (null == effectivePolicy) { + EffectivePolicyImpl epi = createOutPolicyInfo(); + epi.initialisePolicy(ei, boi, bfi, this, m); + if (bfi != null) { + bfi.setProperty(POLICY_INFO_FAULT_CLIENT, epi); + } + effectivePolicy = epi; + } + } + } + return effectivePolicy; + } + + public void setEffectiveClientFaultPolicy(EndpointInfo ei, BindingFaultInfo bfi, EffectivePolicy ep) { + bfi.setProperty(POLICY_INFO_FAULT_CLIENT, ep); + } + + // implementation + + protected final void init() { + registry = new PolicyRegistryImpl(); + } + + + + public synchronized void removeBusInterceptors() { + bus.getInInterceptors().remove(PolicyInInterceptor.INSTANCE); + bus.getOutInterceptors().remove(PolicyOutInterceptor.INSTANCE); + bus.getInFaultInterceptors().remove(ClientPolicyInFaultInterceptor.INSTANCE); + bus.getOutFaultInterceptors().remove(ServerPolicyOutFaultInterceptor.INSTANCE); + bus.getInFaultInterceptors().remove(PolicyVerificationInFaultInterceptor.INSTANCE); + addedBusInterceptors = false; + } + + public final synchronized void addBusInterceptors() { + if (null == bus || !enabled) { + return; + } + + if (ignoreUnknownAssertions != null) { + AssertionBuilderRegistry abr = bus.getExtension(AssertionBuilderRegistry.class); + if (null != abr) { + abr.setIgnoreUnknownAssertions(ignoreUnknownAssertions); + } + } + + bus.getInInterceptors().add(PolicyInInterceptor.INSTANCE); + bus.getOutInterceptors().add(PolicyOutInterceptor.INSTANCE); + bus.getInFaultInterceptors().add(ClientPolicyInFaultInterceptor.INSTANCE); + bus.getOutFaultInterceptors().add(ServerPolicyOutFaultInterceptor.INSTANCE); + bus.getInFaultInterceptors().add(PolicyVerificationInFaultInterceptor.INSTANCE); + + addedBusInterceptors = true; + } + + Policy getAggregatedServicePolicy(ServiceInfo si, Message m) { + if (si == null) { + return new Policy(); + } + Policy aggregated = busPolicy; + for (PolicyProvider pp : getPolicyProviders()) { + Policy p = pp.getEffectivePolicy(si, m); + if (null == aggregated) { + aggregated = p; + } else if (p != null) { + aggregated = aggregated.merge(p); + } + } + return aggregated == null ? new Policy() : aggregated; + } + + Policy getAggregatedEndpointPolicy(EndpointInfo ei, Message m) { + Policy aggregated = null; + for (PolicyProvider pp : getPolicyProviders()) { + Policy p = pp.getEffectivePolicy(ei, m); + if (null == aggregated) { + aggregated = p; + } else if (p != null) { + aggregated = aggregated.merge(p); + } + } + return aggregated == null ? new Policy() : aggregated; + } + + Policy getAggregatedOperationPolicy(BindingOperationInfo boi, Message m) { + Policy aggregated = null; + for (PolicyProvider pp : getPolicyProviders()) { + Policy p = pp.getEffectivePolicy(boi, m); + if (null == aggregated) { + aggregated = p; + } else if (p != null) { + aggregated = aggregated.merge(p); + } + } + return aggregated == null ? new Policy() : aggregated; + } + + Policy getAggregatedMessagePolicy(BindingMessageInfo bmi, Message m) { + Policy aggregated = null; + for (PolicyProvider pp : getPolicyProviders()) { + Policy p = pp.getEffectivePolicy(bmi, m); + if (null == aggregated) { + aggregated = p; + } else if (p != null) { + aggregated = aggregated.merge(p); + } + } + return aggregated == null ? new Policy() : aggregated; + } + + Policy getAggregatedFaultPolicy(BindingFaultInfo bfi, Message m) { + Policy aggregated = null; + for (PolicyProvider pp : getPolicyProviders()) { + Policy p = pp.getEffectivePolicy(bfi, m); + if (null == aggregated) { + aggregated = p; + } else if (p != null) { + aggregated = aggregated.merge(p); + } + } + return aggregated == null ? new Policy() : aggregated; + } + + /** + * Return a collection of all assertions used in the given policy component, + * optionally including optional assertions. + * The policy need not be normalised, so any policy references will have to be resolved. + * @param pc the policy component + * @param includeOptional flag indicating if optional assertions should be included + * @return the assertions + */ + Collection getAssertions(PolicyComponent pc, boolean includeOptional) { + + Collection assertions = new ArrayList<>(); + + if (Constants.TYPE_ASSERTION == pc.getType()) { + Assertion a = (Assertion)pc; + if (includeOptional || !a.isOptional()) { + assertions.add(a); + } + } else { + addAssertions(pc, includeOptional, assertions); + } + return assertions; + } + Collection getAssertions(EffectivePolicy pc, boolean includeOptional) { + if (pc == null || pc.getChosenAlternative() == null) { + return null; + } + Collection assertions = new ArrayList<>(); + for (Assertion assertion : pc.getChosenAlternative()) { + if (Constants.TYPE_ASSERTION == assertion.getType()) { + if (includeOptional || !assertion.isOptional()) { + assertions.add(assertion); + } + } else { + addAssertions(assertion, includeOptional, assertions); + } + } + return assertions; + } + + void addAssertions(PolicyComponent pc, boolean includeOptional, + Collection assertions) { + + if (Constants.TYPE_ASSERTION == pc.getType()) { + Assertion a = (Assertion)pc; + if (includeOptional || !a.isOptional()) { + assertions.add((Assertion)pc); + } + return; + } + + if (Constants.TYPE_POLICY_REF == pc.getType()) { + PolicyReference pr = (PolicyReference)pc; + pc = pr.normalize(registry, false); + } + + PolicyOperator po = (PolicyOperator)pc; + + List pcs = CastUtils.cast(po.getPolicyComponents(), PolicyComponent.class); + for (PolicyComponent child : pcs) { + addAssertions(child, includeOptional, assertions); + } + } + + /** + * Return the vocabulary of a policy component, i.e. the set of QNames of + * the assertions used in the componente, duplicates removed. + * @param pc the policy component + * @param includeOptional flag indicating if optional assertions should be included + * @return the vocabulary + */ + Set getVocabulary(PolicyComponent pc, boolean includeOptional) { + Collection assertions = getAssertions(pc, includeOptional); + Set vocabulary = new HashSet<>(); + for (Assertion a : assertions) { + vocabulary.add(a.getName()); + } + return vocabulary; + } + + EndpointPolicy createEndpointPolicyInfo(EndpointInfo ei, + boolean isRequestor, + Assertor assertor, + Message m) { + EndpointPolicy ep = (EndpointPolicy)ei.getProperty(isRequestor + ? POLICY_INFO_ENDPOINT_CLIENT : POLICY_INFO_ENDPOINT_SERVER); + if (ep == null) { + synchronized (ei) { + ep = (EndpointPolicy)ei.getProperty(isRequestor + ? POLICY_INFO_ENDPOINT_CLIENT : POLICY_INFO_ENDPOINT_SERVER); + if (ep == null) { + EndpointPolicyImpl epi = new EndpointPolicyImpl(ei, this, isRequestor, assertor); + epi.initialize(m); + if (m != null) { + ei.setProperty(isRequestor ? POLICY_INFO_ENDPOINT_CLIENT : POLICY_INFO_ENDPOINT_SERVER, epi); + } + ep = epi; + } + } + } + return ep; + } + + + /** + * Check if a given list of assertions can potentially be supported by + * interceptors or by an already installed assertor (a conduit or transport + * that implements the Assertor interface). + * + * @param alternative the policy alternative + * @param assertor the assertor + * @return true iff the alternative can be supported + */ + public boolean supportsAlternative(Collection alternative, + Assertor assertor, + Message m) { + PolicyInterceptorProviderRegistry pipr = + bus.getExtension(PolicyInterceptorProviderRegistry.class); + final boolean doLog = LOG.isLoggable(Level.FINE); + for (PolicyComponent pc : alternative) { + if (pc instanceof Assertion) { + Assertion a = (Assertion)pc; + if (!a.isOptional()) { + if (null != assertor && assertor.canAssert(a.getName())) { + continue; + } + Set s = pipr.get(a.getName()); + if (s.isEmpty()) { + if (doLog) { + LOG.fine("Alternative " + a.getName() + " is not supported"); + } + return false; + } + for (PolicyInterceptorProvider p : s) { + if (!p.configurationPresent(m, a)) { + if (doLog) { + LOG.fine("Alternative " + a.getName() + " is not supported"); + } + return false; + } + } + } + } else { + return false; + } + } + return true; + } + + + // for test + EffectivePolicyImpl createOutPolicyInfo() { + return new EffectivePolicyImpl(); + } + + +} diff --git a/dev/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.3.2/src/org/apache/cxf/ws/policy/PolicyVerificationInInterceptor.java b/dev/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.3.2/src/org/apache/cxf/ws/policy/PolicyVerificationInInterceptor.java new file mode 100644 index 000000000000..e19ac2c1c973 --- /dev/null +++ b/dev/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.3.2/src/org/apache/cxf/ws/policy/PolicyVerificationInInterceptor.java @@ -0,0 +1,121 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.ws.policy; + +import java.util.List; +import java.util.logging.Level; +import java.util.logging.Logger; + +import javax.xml.namespace.QName; + +import org.apache.cxf.Bus; +import org.apache.cxf.common.logging.LogUtils; +import org.apache.cxf.endpoint.Endpoint; +import org.apache.cxf.interceptor.Fault; +import org.apache.cxf.message.Exchange; +import org.apache.cxf.message.Message; +import org.apache.cxf.message.MessageUtils; +import org.apache.cxf.phase.Phase; +import org.apache.cxf.service.model.BindingOperationInfo; +import org.apache.cxf.service.model.EndpointInfo; +import org.apache.neethi.Assertion; + +/** + * + */ +public class PolicyVerificationInInterceptor extends AbstractPolicyInterceptor { + public static final PolicyVerificationInInterceptor INSTANCE = new PolicyVerificationInInterceptor(); + + private static final Logger LOG = LogUtils.getL7dLogger(PolicyVerificationInInterceptor.class); + + public PolicyVerificationInInterceptor() { + super(Phase.PRE_INVOKE); + } + + /** + * Determines the effective policy, and checks if one of its alternatives + * is supported. + * + * @param message + * @throws PolicyException if none of the alternatives is supported + */ + protected void handle(Message message) { + + AssertionInfoMap aim = message.get(AssertionInfoMap.class); + if (null == aim) { + return; + } + + Exchange exchange = message.getExchange(); + BindingOperationInfo boi = exchange.getBindingOperationInfo(); + if (null == boi) { + LOG.fine("No binding operation info."); + return; + } + + Endpoint e = exchange.getEndpoint(); + if (null == e) { + LOG.fine("No endpoint."); + return; + } + + Bus bus = exchange.getBus(); + PolicyEngine pe = bus.getExtension(PolicyEngine.class); + if (null == pe) { + return; + } + + if (MessageUtils.isPartialResponse(message)) { + LOG.fine("Not verifying policies on inbound partial response."); + return; + } + + getTransportAssertions(message); + + EffectivePolicy effectivePolicy = message.get(EffectivePolicy.class); + if (effectivePolicy == null) { + EndpointInfo ei = e.getEndpointInfo(); + if (MessageUtils.isRequestor(message)) { + effectivePolicy = pe.getEffectiveClientResponsePolicy(ei, boi, message); + } else { + effectivePolicy = pe.getEffectiveServerRequestPolicy(ei, boi, message); + } + } + try { + List> usedAlternatives = aim.checkEffectivePolicy(effectivePolicy.getPolicy()); + if (usedAlternatives != null && !usedAlternatives.isEmpty() && message.getExchange() != null) { + message.getExchange().put("ws-policy.validated.alternatives", usedAlternatives); + } + } catch (PolicyException ex) { + LOG.log(Level.SEVERE, "Inbound policy verification failed: " + ex.getMessage()); + //To check if there is ws addressing policy violation and throw WSA specific + //exception to pass jaxws2.2 tests + if (ex.getMessage().indexOf("Addressing") > -1) { + throw new Fault("A required header representing a Message Addressing Property " + + "is not present", LOG) + .setFaultCode(new QName("http://www.w3.org/2005/08/addressing", + "MessageAddressingHeaderRequired")); + } + throw ex; + } + LOG.fine("Verified policies for inbound message."); + } + +} From a378fc22512087ee9de39dff340dd0ddb86ce076 Mon Sep 17 00:00:00 2001 From: Berksan Ates Date: Mon, 21 Mar 2022 13:02:21 -0500 Subject: [PATCH 2/6] Migrated property changes --- .../jaxws/interceptors/SwAOutInterceptor.java | 62 ++++++++++++++++++- .../cxf/ws/policy/PolicyEngineImpl.java | 24 +++++++ .../PolicyVerificationInInterceptor.java | 24 ++++++- 3 files changed, 107 insertions(+), 3 deletions(-) diff --git a/dev/com.ibm.ws.org.apache.cxf.cxf.rt.frontend.jaxws.3.2/src/org/apache/cxf/jaxws/interceptors/SwAOutInterceptor.java b/dev/com.ibm.ws.org.apache.cxf.cxf.rt.frontend.jaxws.3.2/src/org/apache/cxf/jaxws/interceptors/SwAOutInterceptor.java index 6b70a47f04af..ce6a0ffc2be7 100644 --- a/dev/com.ibm.ws.org.apache.cxf.cxf.rt.frontend.jaxws.3.2/src/org/apache/cxf/jaxws/interceptors/SwAOutInterceptor.java +++ b/dev/com.ibm.ws.org.apache.cxf.cxf.rt.frontend.jaxws.3.2/src/org/apache/cxf/jaxws/interceptors/SwAOutInterceptor.java @@ -39,6 +39,7 @@ import java.util.Set; import java.util.UUID; import java.util.concurrent.ConcurrentHashMap; +import java.util.logging.Level; import java.util.logging.Logger; import javax.activation.DataHandler; @@ -68,6 +69,7 @@ import org.apache.cxf.message.Attachment; import org.apache.cxf.message.Exchange; import org.apache.cxf.message.Message; +import org.apache.cxf.message.MessageUtils; import org.apache.cxf.phase.Phase; import org.apache.cxf.service.Service; import org.apache.cxf.service.model.BindingMessageInfo; @@ -83,6 +85,24 @@ public class SwAOutInterceptor extends AbstractSoapInterceptor { private static final Set SWA_REF_NO_METHOD = Collections.newSetFromMap(new ConcurrentHashMap(4, 0.75f, 2)); +// Begin copied over from CXF 2.6.2 + private static boolean skipHasSwaRef; + + static { + + String skipSwaRef = System.getProperty("cxf.multipart.attachment"); + LOG.log(Level.FINE, "cxf.multipart.attachment property is set to " + skipSwaRef); + + if (skipSwaRef != null + && skipSwaRef.trim().length() > 0 + && skipSwaRef.trim().equalsIgnoreCase("false")) { + skipHasSwaRef = true; + } else { + skipHasSwaRef = false; + } + + }// End copied over from CXF 2.6.2 + AttachmentOutInterceptor attachOut = new AttachmentOutInterceptor(); public SwAOutInterceptor() { @@ -142,7 +162,14 @@ public void handleMessage(SoapMessage message) throws Fault { if (bmi == null) { return; } - +// Begin copied over from CXF 2.6.2 + Boolean newAttachment = false; + Message exOutMsg = ex.getOutMessage(); + if (exOutMsg != null) { + newAttachment = MessageUtils.isTrue(exOutMsg.getContextualProperty("cxf.add.attachments")); + LOG.log(Level.FINE, "Request context attachment property: cxf.add.attachments is set to: " + newAttachment); + } // End copied over from CXF 2.6.2 + SoapBodyInfo sbi = bmi.getExtensor(SoapBodyInfo.class); if (sbi == null || sbi.getAttachments() == null || sbi.getAttachments().isEmpty()) { @@ -150,7 +177,18 @@ public void handleMessage(SoapMessage message) throws Fault { DataBinding db = s.getDataBinding(); if (db instanceof JAXBDataBinding && hasSwaRef((JAXBDataBinding) db)) { - setupAttachmentOutput(message); + Boolean includeAttachs = false; + Message exInpMsg = ex.getInMessage(); + LOG.log(Level.FINE, "Exchange Input message: " + exInpMsg); + if (exInpMsg != null) { + includeAttachs = MessageUtils.isTrue(exInpMsg.getContextualProperty("cxf.add.attachments")); + } + LOG.log(Level.FINE, "Add attachments message property: cxf.add.attachments value is " + includeAttachs); + if (!skipHasSwaRef || includeAttachs || newAttachment) { + setupAttachmentOutput(message); + } else { + skipAttachmentOutput(message); + } } return; } @@ -327,4 +365,24 @@ private Collection setupAttachmentOutput(SoapMessage message) { } return atts; } + +// Begin copied over from CXF 2.6.2 + private Collection skipAttachmentOutput(SoapMessage message) { + + Collection atts = message.getAttachments(); + + LOG.log(Level.FINE, "skipAttachmentOutput: getAttachments returned " + atts); + + if (atts != null) { + // We have attachments, so add the interceptor + message.getInterceptorChain().add(attachOut); + // We should probably come up with another property for this + message.put(AttachmentOutInterceptor.WRITE_ATTACHMENTS, Boolean.TRUE); + } else { + atts = new ArrayList(); + message.setAttachments(atts); + } + + return atts; + }// End copied over from CXF 2.6.2 } diff --git a/dev/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.3.2/src/org/apache/cxf/ws/policy/PolicyEngineImpl.java b/dev/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.3.2/src/org/apache/cxf/ws/policy/PolicyEngineImpl.java index 6944ff320727..b1bf99cb7660 100644 --- a/dev/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.3.2/src/org/apache/cxf/ws/policy/PolicyEngineImpl.java +++ b/dev/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.3.2/src/org/apache/cxf/ws/policy/PolicyEngineImpl.java @@ -79,6 +79,22 @@ public class PolicyEngineImpl implements PolicyEngine, BusExtension { private Boolean ignoreUnknownAssertions; private boolean addedBusInterceptors; private AlternativeSelector alternativeSelector; + + private static boolean ignoreUnsupportedPolicy; + + static { + + String skipPolicyCheck = System.getProperty("cxf.ignore.unsupported.policy"); + LOG.log(Level.FINE, "cxf.ignore.unsupported.policy property is set to " + skipPolicyCheck); + + if (skipPolicyCheck != null + && skipPolicyCheck.trim().length() > 0 + && skipPolicyCheck.trim().equalsIgnoreCase("true")) { + ignoreUnsupportedPolicy = true; + } else { + ignoreUnsupportedPolicy = false; + } + } public PolicyEngineImpl() { @@ -645,10 +661,18 @@ public boolean supportsAlternative(Collection alterna if (null != assertor && assertor.canAssert(a.getName())) { continue; } + Set s = pipr.get(a.getName()); if (s.isEmpty()) { if (doLog) { LOG.fine("Alternative " + a.getName() + " is not supported"); + if (ignoreUnsupportedPolicy) { + LOG.fine("WARNING: Unsupported policy assertions will be ignored because " + + "property cxf.ignore.unsupported.policy is set to true."); + return true; + } else { + return false; + } } return false; } diff --git a/dev/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.3.2/src/org/apache/cxf/ws/policy/PolicyVerificationInInterceptor.java b/dev/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.3.2/src/org/apache/cxf/ws/policy/PolicyVerificationInInterceptor.java index e19ac2c1c973..1715937f02e2 100644 --- a/dev/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.3.2/src/org/apache/cxf/ws/policy/PolicyVerificationInInterceptor.java +++ b/dev/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.3.2/src/org/apache/cxf/ws/policy/PolicyVerificationInInterceptor.java @@ -45,6 +45,20 @@ public class PolicyVerificationInInterceptor extends AbstractPolicyInterceptor { private static final Logger LOG = LogUtils.getL7dLogger(PolicyVerificationInInterceptor.class); + private static boolean ignoreUnsupportedPolicy; + + static { + + String skipPolicyCheck = System.getProperty("cxf.ignore.unsupported.policy"); + LOG.log(Level.FINE, "cxf.ignore.unsupported.policy property is set to " + skipPolicyCheck); + + if (skipPolicyCheck != null + && skipPolicyCheck.trim().length() > 0 + && skipPolicyCheck.trim().equalsIgnoreCase("true")) { + ignoreUnsupportedPolicy = true; + } + } + public PolicyVerificationInInterceptor() { super(Phase.PRE_INVOKE); } @@ -99,7 +113,15 @@ protected void handle(Message message) { } } try { - List> usedAlternatives = aim.checkEffectivePolicy(effectivePolicy.getPolicy()); + List> usedAlternatives = null; + + if (ignoreUnsupportedPolicy) { + LOG.fine("WARNING: checkEffectivePolicy will not be called because " + + "property cxf.ignore.unsupported.policy is set to true."); + } else { + usedAlternatives = aim.checkEffectivePolicy(effectivePolicy.getPolicy()); + } + if (usedAlternatives != null && !usedAlternatives.isEmpty() && message.getExchange() != null) { message.getExchange().put("ws-policy.validated.alternatives", usedAlternatives); } From 5b108a90d6f3181989b189217127bb6f61a608e5 Mon Sep 17 00:00:00 2001 From: Berksan Ates Date: Tue, 22 Mar 2022 20:31:13 -0500 Subject: [PATCH 3/6] FAT issues due to changes are resolved --- .../wssecurity/fat/cxf/x509migtoken/CxfX509MigTests.java | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/dev/com.ibm.ws.wssecurity_fat.wsscxf.1/fat/src/com/ibm/ws/wssecurity/fat/cxf/x509migtoken/CxfX509MigTests.java b/dev/com.ibm.ws.wssecurity_fat.wsscxf.1/fat/src/com/ibm/ws/wssecurity/fat/cxf/x509migtoken/CxfX509MigTests.java index 9ec0f1c69a33..aa75f1a4d059 100644 --- a/dev/com.ibm.ws.wssecurity_fat.wsscxf.1/fat/src/com/ibm/ws/wssecurity/fat/cxf/x509migtoken/CxfX509MigTests.java +++ b/dev/com.ibm.ws.wssecurity_fat.wsscxf.1/fat/src/com/ibm/ws/wssecurity/fat/cxf/x509migtoken/CxfX509MigTests.java @@ -2939,6 +2939,7 @@ public void testBadCxfX509AsymIssuerSerialMigService() throws Exception { */ @Test + @AllowedFFDC(value = { "org.apache.cxf.ws.policy.PolicyException" }, repeatAction = { JakartaEE9Action.ID }) public void testBadCxfX509AsymThumbprintMigService() throws Exception { String thisMethod = "testCxfX509AsymThumbprintMigService"; methodFull = "testBadCxfX509AsymThumbprintMigService"; @@ -2969,6 +2970,7 @@ public void testBadCxfX509AsymThumbprintMigService() throws Exception { */ @Test + @AllowedFFDC(value = { "org.apache.cxf.ws.policy.PolicyException" }, repeatAction = { JakartaEE9Action.ID }) public void testBadCxfX509AsymProtectTokensMigService() throws Exception { String thisMethod = "testCxfX509AsymProtectTokensMigService"; methodFull = "testBadCxfX509AsymProtectTokensMigService"; @@ -3030,6 +3032,7 @@ public void testBadCxfX509TransportEndrosingMigServiceHttps() throws Exception { */ @Test + @AllowedFFDC(value = { "org.apache.cxf.ws.policy.PolicyException" }, repeatAction = { JakartaEE9Action.ID }) public void testBadCxfX509TransportEndrosingSP11MigServiceHttps() throws Exception { String thisMethod = "testCxfX509TransportEndorsingSP11MigService"; methodFull = "testBadCxfX509TransportEndorsingSP11MigServiceHttps"; @@ -3151,6 +3154,7 @@ public void testBadCxfX509TransportSignedEndrosingEncryptedMigServiceHttps() thr */ @Test + @AllowedFFDC(value = { "org.apache.cxf.ws.policy.PolicyException" }, repeatAction = { JakartaEE9Action.ID }) public void testBadCxfX509TransportSupportingSignedMigServiceHttps() throws Exception { String thisMethod = "testCxfX509TransportSupportingSignedMigService"; methodFull = "testBadCxfX509TransportSupportingSignedMigServiceHttps"; @@ -3180,6 +3184,7 @@ public void testBadCxfX509TransportSupportingSignedMigServiceHttps() throws Exce */ @Test + @AllowedFFDC(value = { "org.apache.cxf.ws.policy.PolicyException" }, repeatAction = { JakartaEE9Action.ID }) public void testBadCxfX509TransportKVTMigServiceHttps() throws Exception { String thisMethod = "testCxfX509TransportKVTMigService"; methodFull = "testBadCxfX509TransportKVTMigServiceHttps"; @@ -3240,6 +3245,7 @@ public void testBadCxfX509AsymmetricSignatureMigService() throws Exception { */ @Test + @AllowedFFDC(value = { "org.apache.cxf.ws.policy.PolicyException" }, repeatAction = { JakartaEE9Action.ID }) public void testBadCxfX509AsymmetricSignatureSP11MigService() throws Exception { String thisMethod = "testCxfX509AsymmetricSignatureSP11MigService"; methodFull = "testBadCxfX509AsymmetricSignatureSP11MigService"; @@ -3270,6 +3276,7 @@ public void testBadCxfX509AsymmetricSignatureSP11MigService() throws Exception { */ @Test + @AllowedFFDC(value = { "org.apache.cxf.ws.policy.PolicyException" }, repeatAction = { JakartaEE9Action.ID }) public void testBadCxfX509AsymmetricEncryptionMigService() throws Exception { String thisMethod = "testCxfX509AsymmetricEncryptionMigService"; methodFull = "testBadCxfX509AsymmetricEncryptionMigService"; @@ -3317,6 +3324,7 @@ public void testBadCxfX509AsymmetricEncryptionMigService() throws Exception { */ @Test + @AllowedFFDC(value = { "org.apache.cxf.ws.policy.PolicyException" }, repeatAction = { JakartaEE9Action.ID }) public void testBadWsComplexService() throws Exception { String thisMethod = "testBadWsComplexService"; methodFull = "testBadWsComplexService"; @@ -3448,6 +3456,7 @@ protected void testRoutine( * **/ @Test + @AllowedFFDC(value = { "org.apache.cxf.ws.policy.PolicyException" }, repeatAction = { JakartaEE9Action.ID }) public void testBadAsymSignatureConfirmService() throws Exception { String thisMethod = "testBadAsymSignatureConfirmService"; methodFull = "testBadAsymSignatureConfirmService"; From 5718072ac54788bb710de791b3d7df6fa99aff74 Mon Sep 17 00:00:00 2001 From: Berksan Ates Date: Wed, 23 Mar 2022 17:20:33 -0500 Subject: [PATCH 4/6] Another FAT issue is resolved --- dev/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.3.2/bnd.bnd | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dev/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.3.2/bnd.bnd b/dev/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.3.2/bnd.bnd index c5896f6b3025..7bc6e4faf8a0 100644 --- a/dev/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.3.2/bnd.bnd +++ b/dev/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.3.2/bnd.bnd @@ -10,7 +10,8 @@ #******************************************************************************* -include= jar:${fileuri;${repo;org.apache.cxf:cxf-rt-ws-policy;3.4.3;EXACT}}!/META-INF/MANIFEST.MF,bnd.overrides -instrument.disabled: false +instrument.disabled: true +instrument.ffdc: false cxfVersion=3.4.3 From 67f5491abb296be0b7e74d5334f813579e9594a0 Mon Sep 17 00:00:00 2001 From: Berksan Ates Date: Thu, 24 Mar 2022 11:50:36 -0500 Subject: [PATCH 5/6] Creation of unnecessary FFDC is solved with a better way --- .../bnd.overrides | 1 + .../bnd.overrides | 1 + .../wssecurity/fat/cxf/x509migtoken/CxfX509MigTests.java | 9 --------- 3 files changed, 2 insertions(+), 9 deletions(-) diff --git a/dev/com.ibm.ws.org.apache.cxf.cxf.rt.frontend.jaxws.3.2/bnd.overrides b/dev/com.ibm.ws.org.apache.cxf.cxf.rt.frontend.jaxws.3.2/bnd.overrides index 4ab00dbf2b68..2d15ef74ade3 100644 --- a/dev/com.ibm.ws.org.apache.cxf.cxf.rt.frontend.jaxws.3.2/bnd.overrides +++ b/dev/com.ibm.ws.org.apache.cxf.cxf.rt.frontend.jaxws.3.2/bnd.overrides @@ -35,6 +35,7 @@ Import-Package: \ javax.xml.bind.*;version=!,\ javax.xml.ws.*;version="[2.3,3)", \ org.apache.cxf.*;version="[3.2.4,4)",\ + com.ibm.ws.ffdc,\ * DynamicImport-Package: com.ibm.ws.jaxws.client diff --git a/dev/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.3.2/bnd.overrides b/dev/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.3.2/bnd.overrides index 658b7d323041..6e960cb78400 100644 --- a/dev/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.3.2/bnd.overrides +++ b/dev/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.3.2/bnd.overrides @@ -32,6 +32,7 @@ javax.xml.bind;version=!,\ javax.xml.bind.annotation;version=!,\ javax.xml.bind.annotation.adapters;version=!,\ javax.xml.bind.attachment;version=!,\ +com.ibm.ws.ffdc, \ * Export-Package: \ diff --git a/dev/com.ibm.ws.wssecurity_fat.wsscxf.1/fat/src/com/ibm/ws/wssecurity/fat/cxf/x509migtoken/CxfX509MigTests.java b/dev/com.ibm.ws.wssecurity_fat.wsscxf.1/fat/src/com/ibm/ws/wssecurity/fat/cxf/x509migtoken/CxfX509MigTests.java index aa75f1a4d059..9ec0f1c69a33 100644 --- a/dev/com.ibm.ws.wssecurity_fat.wsscxf.1/fat/src/com/ibm/ws/wssecurity/fat/cxf/x509migtoken/CxfX509MigTests.java +++ b/dev/com.ibm.ws.wssecurity_fat.wsscxf.1/fat/src/com/ibm/ws/wssecurity/fat/cxf/x509migtoken/CxfX509MigTests.java @@ -2939,7 +2939,6 @@ public void testBadCxfX509AsymIssuerSerialMigService() throws Exception { */ @Test - @AllowedFFDC(value = { "org.apache.cxf.ws.policy.PolicyException" }, repeatAction = { JakartaEE9Action.ID }) public void testBadCxfX509AsymThumbprintMigService() throws Exception { String thisMethod = "testCxfX509AsymThumbprintMigService"; methodFull = "testBadCxfX509AsymThumbprintMigService"; @@ -2970,7 +2969,6 @@ public void testBadCxfX509AsymThumbprintMigService() throws Exception { */ @Test - @AllowedFFDC(value = { "org.apache.cxf.ws.policy.PolicyException" }, repeatAction = { JakartaEE9Action.ID }) public void testBadCxfX509AsymProtectTokensMigService() throws Exception { String thisMethod = "testCxfX509AsymProtectTokensMigService"; methodFull = "testBadCxfX509AsymProtectTokensMigService"; @@ -3032,7 +3030,6 @@ public void testBadCxfX509TransportEndrosingMigServiceHttps() throws Exception { */ @Test - @AllowedFFDC(value = { "org.apache.cxf.ws.policy.PolicyException" }, repeatAction = { JakartaEE9Action.ID }) public void testBadCxfX509TransportEndrosingSP11MigServiceHttps() throws Exception { String thisMethod = "testCxfX509TransportEndorsingSP11MigService"; methodFull = "testBadCxfX509TransportEndorsingSP11MigServiceHttps"; @@ -3154,7 +3151,6 @@ public void testBadCxfX509TransportSignedEndrosingEncryptedMigServiceHttps() thr */ @Test - @AllowedFFDC(value = { "org.apache.cxf.ws.policy.PolicyException" }, repeatAction = { JakartaEE9Action.ID }) public void testBadCxfX509TransportSupportingSignedMigServiceHttps() throws Exception { String thisMethod = "testCxfX509TransportSupportingSignedMigService"; methodFull = "testBadCxfX509TransportSupportingSignedMigServiceHttps"; @@ -3184,7 +3180,6 @@ public void testBadCxfX509TransportSupportingSignedMigServiceHttps() throws Exce */ @Test - @AllowedFFDC(value = { "org.apache.cxf.ws.policy.PolicyException" }, repeatAction = { JakartaEE9Action.ID }) public void testBadCxfX509TransportKVTMigServiceHttps() throws Exception { String thisMethod = "testCxfX509TransportKVTMigService"; methodFull = "testBadCxfX509TransportKVTMigServiceHttps"; @@ -3245,7 +3240,6 @@ public void testBadCxfX509AsymmetricSignatureMigService() throws Exception { */ @Test - @AllowedFFDC(value = { "org.apache.cxf.ws.policy.PolicyException" }, repeatAction = { JakartaEE9Action.ID }) public void testBadCxfX509AsymmetricSignatureSP11MigService() throws Exception { String thisMethod = "testCxfX509AsymmetricSignatureSP11MigService"; methodFull = "testBadCxfX509AsymmetricSignatureSP11MigService"; @@ -3276,7 +3270,6 @@ public void testBadCxfX509AsymmetricSignatureSP11MigService() throws Exception { */ @Test - @AllowedFFDC(value = { "org.apache.cxf.ws.policy.PolicyException" }, repeatAction = { JakartaEE9Action.ID }) public void testBadCxfX509AsymmetricEncryptionMigService() throws Exception { String thisMethod = "testCxfX509AsymmetricEncryptionMigService"; methodFull = "testBadCxfX509AsymmetricEncryptionMigService"; @@ -3324,7 +3317,6 @@ public void testBadCxfX509AsymmetricEncryptionMigService() throws Exception { */ @Test - @AllowedFFDC(value = { "org.apache.cxf.ws.policy.PolicyException" }, repeatAction = { JakartaEE9Action.ID }) public void testBadWsComplexService() throws Exception { String thisMethod = "testBadWsComplexService"; methodFull = "testBadWsComplexService"; @@ -3456,7 +3448,6 @@ protected void testRoutine( * **/ @Test - @AllowedFFDC(value = { "org.apache.cxf.ws.policy.PolicyException" }, repeatAction = { JakartaEE9Action.ID }) public void testBadAsymSignatureConfirmService() throws Exception { String thisMethod = "testBadAsymSignatureConfirmService"; methodFull = "testBadAsymSignatureConfirmService"; From 26bf5ae5a42ca488221b53d480a706421f0bcf96 Mon Sep 17 00:00:00 2001 From: Berksan Ates Date: Thu, 24 Mar 2022 13:27:55 -0500 Subject: [PATCH 6/6] Liberty change added --- .../cxf/jaxws/interceptors/SwAOutInterceptor.java | 15 ++++++++------- .../apache/cxf/ws/policy/PolicyEngineImpl.java | 6 ++++-- .../policy/PolicyVerificationInInterceptor.java | 6 ++++-- 3 files changed, 16 insertions(+), 11 deletions(-) diff --git a/dev/com.ibm.ws.org.apache.cxf.cxf.rt.frontend.jaxws.3.2/src/org/apache/cxf/jaxws/interceptors/SwAOutInterceptor.java b/dev/com.ibm.ws.org.apache.cxf.cxf.rt.frontend.jaxws.3.2/src/org/apache/cxf/jaxws/interceptors/SwAOutInterceptor.java index ce6a0ffc2be7..29829b79c135 100644 --- a/dev/com.ibm.ws.org.apache.cxf.cxf.rt.frontend.jaxws.3.2/src/org/apache/cxf/jaxws/interceptors/SwAOutInterceptor.java +++ b/dev/com.ibm.ws.org.apache.cxf.cxf.rt.frontend.jaxws.3.2/src/org/apache/cxf/jaxws/interceptors/SwAOutInterceptor.java @@ -85,7 +85,7 @@ public class SwAOutInterceptor extends AbstractSoapInterceptor { private static final Set SWA_REF_NO_METHOD = Collections.newSetFromMap(new ConcurrentHashMap(4, 0.75f, 2)); -// Begin copied over from CXF 2.6.2 +// Liberty change begin migration of behaviour from CXF 2.6.2 private static boolean skipHasSwaRef; static { @@ -101,7 +101,7 @@ public class SwAOutInterceptor extends AbstractSoapInterceptor { skipHasSwaRef = false; } - }// End copied over from CXF 2.6.2 + }// Liberty change end AttachmentOutInterceptor attachOut = new AttachmentOutInterceptor(); @@ -162,13 +162,13 @@ public void handleMessage(SoapMessage message) throws Fault { if (bmi == null) { return; } -// Begin copied over from CXF 2.6.2 +// Liberty change begin migration of behaviour from CXF 2.6.2 Boolean newAttachment = false; Message exOutMsg = ex.getOutMessage(); if (exOutMsg != null) { newAttachment = MessageUtils.isTrue(exOutMsg.getContextualProperty("cxf.add.attachments")); LOG.log(Level.FINE, "Request context attachment property: cxf.add.attachments is set to: " + newAttachment); - } // End copied over from CXF 2.6.2 + } // Liberty change end SoapBodyInfo sbi = bmi.getExtensor(SoapBodyInfo.class); @@ -177,6 +177,7 @@ public void handleMessage(SoapMessage message) throws Fault { DataBinding db = s.getDataBinding(); if (db instanceof JAXBDataBinding && hasSwaRef((JAXBDataBinding) db)) { + // Liberty change begin migration of behaviour from CXF 2.6.2 Boolean includeAttachs = false; Message exInpMsg = ex.getInMessage(); LOG.log(Level.FINE, "Exchange Input message: " + exInpMsg); @@ -188,7 +189,7 @@ && hasSwaRef((JAXBDataBinding) db)) { setupAttachmentOutput(message); } else { skipAttachmentOutput(message); - } + } // Liberty change end } return; } @@ -366,7 +367,7 @@ private Collection setupAttachmentOutput(SoapMessage message) { return atts; } -// Begin copied over from CXF 2.6.2 +// Liberty change begin migration of behaviour from CXF 2.6.2 private Collection skipAttachmentOutput(SoapMessage message) { Collection atts = message.getAttachments(); @@ -384,5 +385,5 @@ private Collection skipAttachmentOutput(SoapMessage message) { } return atts; - }// End copied over from CXF 2.6.2 + }// Liberty change end } diff --git a/dev/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.3.2/src/org/apache/cxf/ws/policy/PolicyEngineImpl.java b/dev/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.3.2/src/org/apache/cxf/ws/policy/PolicyEngineImpl.java index b1bf99cb7660..1daa04c1f135 100644 --- a/dev/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.3.2/src/org/apache/cxf/ws/policy/PolicyEngineImpl.java +++ b/dev/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.3.2/src/org/apache/cxf/ws/policy/PolicyEngineImpl.java @@ -80,6 +80,7 @@ public class PolicyEngineImpl implements PolicyEngine, BusExtension { private boolean addedBusInterceptors; private AlternativeSelector alternativeSelector; + // Liberty change begin migration of behaviour from CXF 2.6.2 private static boolean ignoreUnsupportedPolicy; static { @@ -94,7 +95,7 @@ public class PolicyEngineImpl implements PolicyEngine, BusExtension { } else { ignoreUnsupportedPolicy = false; } - } + } // Liberty change end public PolicyEngineImpl() { @@ -666,13 +667,14 @@ public boolean supportsAlternative(Collection alterna if (s.isEmpty()) { if (doLog) { LOG.fine("Alternative " + a.getName() + " is not supported"); + // Liberty change begin migration of behaviour from CXF 2.6.2 if (ignoreUnsupportedPolicy) { LOG.fine("WARNING: Unsupported policy assertions will be ignored because " + "property cxf.ignore.unsupported.policy is set to true."); return true; } else { return false; - } + } // Liberty change end } return false; } diff --git a/dev/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.3.2/src/org/apache/cxf/ws/policy/PolicyVerificationInInterceptor.java b/dev/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.3.2/src/org/apache/cxf/ws/policy/PolicyVerificationInInterceptor.java index 1715937f02e2..475a83a1029b 100644 --- a/dev/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.3.2/src/org/apache/cxf/ws/policy/PolicyVerificationInInterceptor.java +++ b/dev/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.3.2/src/org/apache/cxf/ws/policy/PolicyVerificationInInterceptor.java @@ -45,6 +45,7 @@ public class PolicyVerificationInInterceptor extends AbstractPolicyInterceptor { private static final Logger LOG = LogUtils.getL7dLogger(PolicyVerificationInInterceptor.class); + // Liberty change begin migration of behaviour from CXF 2.6.2 private static boolean ignoreUnsupportedPolicy; static { @@ -57,7 +58,7 @@ public class PolicyVerificationInInterceptor extends AbstractPolicyInterceptor { && skipPolicyCheck.trim().equalsIgnoreCase("true")) { ignoreUnsupportedPolicy = true; } - } + }// Liberty change end public PolicyVerificationInInterceptor() { super(Phase.PRE_INVOKE); @@ -113,6 +114,7 @@ protected void handle(Message message) { } } try { + // Liberty change begin migration of behaviour from CXF 2.6.2 List> usedAlternatives = null; if (ignoreUnsupportedPolicy) { @@ -120,7 +122,7 @@ protected void handle(Message message) { + "property cxf.ignore.unsupported.policy is set to true."); } else { usedAlternatives = aim.checkEffectivePolicy(effectivePolicy.getPolicy()); - } + }// Liberty change end if (usedAlternatives != null && !usedAlternatives.isEmpty() && message.getExchange() != null) { message.getExchange().put("ws-policy.validated.alternatives", usedAlternatives);