Big update to fix samples 1 thru 9. Also fix or remove a bunch of old http links
diff --git a/modules/distribution/bin.xml b/modules/distribution/bin.xml
index 0e76918..1733500 100644
--- a/modules/distribution/bin.xml
+++ b/modules/distribution/bin.xml
@@ -15,23 +15,37 @@
<dependencySet>
<outputDirectory>lib</outputDirectory>
<includes>
- <include>org.apache.wss4j:wss4j:jar</include>
<include>org.apache.wss4j:wss4j-ws-security-common:jar</include>
<include>org.apache.wss4j:wss4j-ws-security-dom:jar</include>
+ <include>org.apache.wss4j:wss4j-ws-security-stax:jar</include>
<include>org.apache.wss4j:wss4j-policy:jar</include>
+ <include>org.apache.wss4j:wss4j-bindings:jar</include>
<include>org.bouncycastle:bcprov-jdk18on:jar</include>
<include>org.apache.rampart:rampart-core:jar</include>
<include>org.apache.rampart:rampart-policy:jar</include>
<include>org.apache.rampart:rampart-trust:jar</include>
- <include>org.opensaml:opensaml:jar</include>
+ <include>org.opensaml:opensaml-core:jar</include>
+ <include>org.opensaml:opensaml-saml-api:jar</include>
+ <include>org.opensaml:opensaml-saml-impl:jar</include>
<include>org.opensaml:opensaml-soap-impl:jar</include>
<include>org.opensaml:opensaml-soap-api:jar</include>
<include>org.opensaml:opensaml-xacml-impl:jar</include>
<include>org.opensaml:opensaml-xacml-api:jar</include>
+ <include>org.opensaml:opensaml-xmlsec-api:jar</include>
+ <include>org.opensaml:opensaml-xmlsec-impl:jar</include>
+ <include>org.opensaml:opensaml-security-api:jar</include>
+ <include>org.opensaml:opensaml-security-impl:jar</include>
+ <include>net.shibboleth.utilities:java-support:jar</include>
+ <include>net.shibboleth:cryptography-api:jar</include>
+ <include>io.dropwizard.metrics:metrics-core:jar</include>
+ <include>org.cryptacular:cryptacular:jar</include>
<include>org.apache.santuario:xmlsec:jar</include>
<include>org.owasp.esapi:esapi:jar</include>
<include>org.slf4j:slf4j-api:jar</include>
- <include>org.slf4j:jcl-over-slf4j:jar</include>
+ <include>org.apache.logging.log4j:log4j-jcl:jar</include>
+ <include>org.apache.logging.log4j:log4j-slf4j-impl:jar</include>
+ <include>org.apache.logging.log4j:log4j-core:jar</include>
+ <include>org.apache.logging.log4j:log4j-api:jar</include>
<include>velocity:velocity:jar</include>
<include>commons-lang:commons-lang:jar</include>
</includes>
@@ -54,6 +68,22 @@
<directory>src/main/files</directory>
<outputDirectory>.</outputDirectory>
</fileSet>
+ <fileSet>
+ <directory>src/main/resources</directory>
+ <outputDirectory>lib</outputDirectory>
+ <includes>
+ <include>log4j2.xml</include>
+ <include>commons-logging.properties</include>
+ </includes>
+ </fileSet>
+ <fileSet>
+ <directory>src/main/resources</directory>
+ <outputDirectory>conf</outputDirectory>
+ <includes>
+ <include>log4j2.xml</include>
+ <include>commons-logging.properties</include>
+ </includes>
+ </fileSet>
</fileSets>
<files>
diff --git a/modules/distribution/pom.xml b/modules/distribution/pom.xml
index 032d878..21731b1 100644
--- a/modules/distribution/pom.xml
+++ b/modules/distribution/pom.xml
@@ -143,10 +143,40 @@
<type>pom</type>
<scope>import</scope>
</dependency>
+ <!-- Log4j2 Commons Logging bridge - replaces commons-logging -->
<dependency>
- <groupId>commons-logging</groupId>
- <artifactId>commons-logging</artifactId>
- <version>1.2</version>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-jcl</artifactId>
+ <version>2.18.0</version>
+ <exclusions>
+ <exclusion>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <!-- SLF4J-Log4j2 bridge for third-party libraries -->
+ <dependency>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-slf4j-impl</artifactId>
+ <version>2.18.0</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>jcl-over-slf4j</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <!-- Log4j2 core implementation -->
+ <dependency>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-core</artifactId>
+ <version>2.18.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-api</artifactId>
+ <version>2.18.0</version>
</dependency>
</dependencies>
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java
index 2eb64de..e4b3450 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java
@@ -29,6 +29,8 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.RahasConstants;
+import org.apache.rahas.Token;
+import org.apache.rahas.TokenStorage;
import org.apache.rahas.TrustUtil;
import org.apache.rampart.builder.AsymmetricBindingBuilder;
import org.apache.rampart.builder.SymmetricBindingBuilder;
@@ -50,29 +52,111 @@
import javax.xml.namespace.QName;
public class MessageBuilder {
-
+
private static Log log = LogFactory.getLog(MessageBuilder.class);
+ private static final String VERSION_ID = "2025-11-01-MESSAGEBUILDER-DEBUG-v2";
public void build(MessageContext msgCtx) throws WSSPolicyException,
RampartException, WSSecurityException, AxisFault {
+ // Log key message context properties that affect security header creation
+ Object rampartPolicy = msgCtx.getOptions().getProperty(RampartMessageData.KEY_RAMPART_POLICY);
+ Object customToken = msgCtx.getOptions().getProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN);
+
+ if (log.isDebugEnabled()) {
+ String timestamp = java.time.LocalDateTime.now().format(java.time.format.DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss.SSS"));
+ log.debug("=== MESSAGEBUILDER: Starting build for message ===");
+ log.debug("MessageBuilder TIMESTAMP: " + timestamp);
+ log.debug("MessageBuilder VERSION: " + VERSION_ID);
+ log.debug("MessageBuilder: Action = " + msgCtx.getOptions().getAction());
+ log.debug("MessageBuilder: To = " + msgCtx.getOptions().getTo());
+ log.debug("MessageBuilder: Message flow = " + (msgCtx.getFLOW() == MessageContext.IN_FLOW ? "IN_FLOW" :
+ msgCtx.getFLOW() == MessageContext.OUT_FLOW ? "OUT_FLOW" :
+ msgCtx.getFLOW() == MessageContext.IN_FAULT_FLOW ? "IN_FAULT_FLOW" :
+ msgCtx.getFLOW() == MessageContext.OUT_FAULT_FLOW ? "OUT_FAULT_FLOW" : "UNKNOWN"));
+
+ log.debug("MessageBuilder: RampartPolicy property = " + (rampartPolicy != null ? "present" : "null"));
+ log.debug("MessageBuilder: CustomIssuedToken property = " + (customToken != null ? customToken : "null"));
+ }
+
Axis2Util.useDOOM(true);
-
+
RampartMessageData rmd = new RampartMessageData(msgCtx, true);
-
-
+
+
RampartPolicyData rpd = rmd.getPolicyData();
- if(rpd == null || isSecurityValidationFault(msgCtx) ||
- !RampartUtil.isSecHeaderRequired(rpd, rmd.isInitiator(),false)) {
-
+ log.debug("MessageBuilder: PolicyData available = " + (rpd != null));
+ if (rpd != null) {
+ log.debug("MessageBuilder: Policy has SupportingTokens = " + (rpd.getSupportingTokens() != null));
+ log.debug("MessageBuilder: Policy binding type = " +
+ (rpd.isTransportBinding() ? "Transport" :
+ rpd.isSymmetricBinding() ? "Symmetric" :
+ rpd.isAsymmetricBinding() ? "Asymmetric" : "Unknown"));
+ log.debug("MessageBuilder: EncryptionToken = " + (rpd.getEncryptionToken() != null ? rpd.getEncryptionToken().getClass().getSimpleName() : "null"));
+ log.debug("MessageBuilder: SignatureToken = " + (rpd.getSignatureToken() != null ? rpd.getSignatureToken().getClass().getSimpleName() : "null"));
+
+ // Log additional custom issued token details
+ log.debug("MessageBuilder: Custom issued token present = " + (customToken != null));
+ if (customToken != null) {
+ log.debug("MessageBuilder: Custom issued token value = " + customToken);
+ }
+
+ // Check token storage
+ try {
+ TokenStorage tokenStorage = rmd.getTokenStorage();
+ log.debug("MessageBuilder: TokenStorage available = " + (tokenStorage != null));
+ if (tokenStorage != null && customToken != null) {
+ Token token = tokenStorage.getToken((String)customToken);
+ log.debug("MessageBuilder: Token found in storage = " + (token != null));
+ if (token != null) {
+ log.debug("MessageBuilder: Token ID = " + token.getId());
+ log.debug("MessageBuilder: Token has secret = " + (token.getSecret() != null));
+ }
+ }
+ } catch (Exception e) {
+ log.debug("MessageBuilder: Error checking token storage: " + e.getMessage());
+ }
+ }
+ log.debug("MessageBuilder: isInitiator = " + rmd.isInitiator());
+ log.debug("MessageBuilder: isSecurityValidationFault = " + isSecurityValidationFault(msgCtx));
+
+ boolean secHeaderRequired = rpd != null ? RampartUtil.isSecHeaderRequired(rpd, rmd.isInitiator(),false) : false;
+ if (log.isDebugEnabled()) {
+ log.debug("MessageBuilder: isSecHeaderRequired = " + secHeaderRequired);
+ }
+
+ if(rpd == null || isSecurityValidationFault(msgCtx) || !secHeaderRequired) {
+ log.warn("MessageBuilder: EARLY RETURN - No security header will be added");
+ log.warn("MessageBuilder: rpd null = " + (rpd == null));
+ log.warn("MessageBuilder: validation fault = " + isSecurityValidationFault(msgCtx));
+ log.warn("MessageBuilder: sec header not required = " + !secHeaderRequired);
+ if (rpd != null && !secHeaderRequired) {
+ log.warn("MessageBuilder: Policy exists but sec header not required - diagnosing policy");
+ log.warn("MessageBuilder: isInitiator = " + rmd.isInitiator());
+ log.warn("MessageBuilder: Policy binding type = " +
+ (rpd.isTransportBinding() ? "Transport" :
+ rpd.isSymmetricBinding() ? "Symmetric" :
+ rpd.isAsymmetricBinding() ? "Asymmetric" : "Unknown"));
+ log.warn("MessageBuilder: Policy includeTimestamp = " + rpd.isIncludeTimestamp());
+ }
+
WSSecHeader secHeader = rmd.getSecHeader();
-
+
if ( secHeader != null && secHeader.isEmpty() ) {
secHeader.removeSecurityHeader();
}
-
+
return;
}
+
+ if (log.isDebugEnabled()) {
+ log.debug("MessageBuilder: PROCEEDING to add security header");
+ log.debug("MessageBuilder: isInitiator = " + rmd.isInitiator());
+ log.debug("MessageBuilder: Policy binding type = " +
+ (rpd.isTransportBinding() ? "Transport" :
+ rpd.isSymmetricBinding() ? "Symmetric" :
+ rpd.isAsymmetricBinding() ? "Asymmetric" : "Unknown"));
+ }
//Copy the RECV_RESULTS if available
if(!rmd.isInitiator()) {
@@ -134,27 +218,68 @@
}
if(rpd.isTransportBinding()) {
- log.debug("Building transport binding");
+ log.debug("MessageBuilder: Building transport binding");
TransportBindingBuilder building = new TransportBindingBuilder();
building.build(rmd);
+ log.debug("MessageBuilder: TransportBinding build completed");
} else if(rpd.isSymmetricBinding()) {
- log.debug("Building SymmetricBinding");
+ log.debug("MessageBuilder: Building SymmetricBinding");
SymmetricBindingBuilder builder = new SymmetricBindingBuilder();
- builder.build(rmd);
+ try {
+ builder.build(rmd);
+ log.debug("MessageBuilder: SymmetricBinding build completed successfully");
+ } catch (Exception e) {
+ log.debug("MessageBuilder: SymmetricBinding build FAILED: " + e.getMessage());
+ e.printStackTrace();
+ throw e;
+ }
} else {
+ log.debug("MessageBuilder: Building AsymmetricBinding");
AsymmetricBindingBuilder builder = new AsymmetricBindingBuilder();
- builder.build(rmd);
+ try {
+ builder.build(rmd);
+ log.debug("MessageBuilder: AsymmetricBinding build completed successfully");
+ } catch (Exception e) {
+ log.debug("MessageBuilder: AsymmetricBinding build FAILED: " + e.getMessage());
+ e.printStackTrace();
+ throw e;
+ }
}
//TODO remove following check, we don't need this check here as we do a check to see whether
// security header required
WSSecHeader secHeader = rmd.getSecHeader();
-
- if ( secHeader != null && secHeader.isEmpty() ) {
- secHeader.removeSecurityHeader();
+ if (log.isDebugEnabled()) {
+ log.debug("MessageBuilder: Final security header check");
+ log.debug("MessageBuilder: Security header present = " + (secHeader != null));
+ if (secHeader != null) {
+ boolean isEmpty = secHeader.isEmpty();
+ log.debug("MessageBuilder: Security header empty = " + isEmpty);
+ if (isEmpty) {
+ log.debug("MessageBuilder: REMOVING empty security header");
+ } else {
+ log.debug("MessageBuilder: Security header retained (has content)");
+ }
+ } else {
+ log.debug("MessageBuilder: No security header was created!");
+ }
}
-
+
+
+ // Log the final envelope being built
+ if (log.isDebugEnabled()) {
+ try {
+ log.debug("=== MESSAGEBUILDER: Final SOAP envelope being sent ===");
+ log.debug("MessageBuilder: Action = " + msgCtx.getWSAAction());
+ log.debug("MessageBuilder: Final envelope content:");
+ log.debug(msgCtx.getEnvelope().toString());
+ log.debug("=== END SOAP envelope ===");
+ } catch (Exception e) {
+ log.debug("MessageBuilder: Could not log envelope: " + e.getMessage());
+ }
+ }
+
/*
* Checking whether MTOMSerializable is there. If so set optimizeElement.
* */
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java b/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
index 3eb6d20..540fdf1 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
@@ -72,11 +72,29 @@
private static Log tlog = LogFactory.getLog(RampartConstants.TIME_LOG);
private static ServiceNonceCache serviceNonceCache = new ServiceNonceCache();
+
public List<WSSecurityEngineResult> process(MessageContext msgCtx) throws WSSPolicyException,
RampartException, WSSecurityException, AxisFault {
+ if (log.isDebugEnabled()) {
+ log.debug("RampartEngine: Processing incoming message");
+ log.debug("RampartEngine: Initial SOAP envelope received:");
+ try {
+ log.debug(msgCtx.getEnvelope().toString());
+ } catch (Exception e) {
+ log.debug("RampartEngine: Could not log initial envelope: " + e.getMessage());
+ }
+ }
+
+ if (log.isDebugEnabled()) {
+ String timestamp = java.time.LocalDateTime.now().format(java.time.format.DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss.SSS"));
+ log.debug("Processing message - timestamp: " + timestamp);
+ log.debug("Action = " + (msgCtx.getOptions() != null ? msgCtx.getOptions().getAction() : "null"));
+ log.debug("To = " + (msgCtx.getOptions() != null ? msgCtx.getOptions().getTo() : "null"));
+ }
+
boolean dotDebug = tlog.isDebugEnabled();
-
+
log.debug("Enter process(MessageContext msgCtx)");
RampartMessageData rmd = new RampartMessageData(msgCtx, false);
@@ -238,6 +256,15 @@
}
if(secHeader == null) {
+ if (log.isDebugEnabled()) {
+ log.debug("RampartEngine: No security header found in received message");
+ log.debug("RampartEngine: Received SOAP envelope:");
+ try {
+ log.debug(msgCtx.getEnvelope().toString());
+ } catch (Exception e) {
+ log.debug("RampartEngine: Could not log envelope: " + e.getMessage());
+ }
+ }
throw new RampartException("missingSecurityHeader");
}
@@ -417,7 +444,90 @@
}
}
- return engine.processSecurityHeader(rmd.getDocument(), requestData);
+ // CRITICAL FIX: Ensure WSS4J OpenSAML is initialized right before SAML processing
+ // This addresses timing issues where initialization in RampartMessageData isn't sufficient
+ try {
+ if (log.isDebugEnabled()) {
+ log.debug("Ensuring WSS4J OpenSAML initialization before processSecurityHeader");
+ }
+ Class<?> openSAMLUtilClass = Class.forName("org.apache.wss4j.common.saml.OpenSAMLUtil");
+
+ // Check state BEFORE initialization
+ java.lang.reflect.Field factoryField = openSAMLUtilClass.getDeclaredField("unmarshallerFactory");
+ factoryField.setAccessible(true);
+ Object factoryBefore = factoryField.get(null);
+ if (log.isDebugEnabled()) {
+ log.debug("OpenSAMLUtil.unmarshallerFactory BEFORE init: " + factoryBefore);
+ }
+
+ try {
+ java.lang.reflect.Method initMethod = openSAMLUtilClass.getDeclaredMethod("initSamlEngine");
+ initMethod.setAccessible(true);
+ initMethod.invoke(null);
+ } catch (NoSuchMethodException e) {
+ if (log.isDebugEnabled()) {
+ log.debug("initSamlEngine method not found, will use manual initialization");
+ }
+ }
+
+ // Check state AFTER initSamlEngine attempt
+ Object factoryAfter = factoryField.get(null);
+ if (log.isDebugEnabled()) {
+ log.debug("OpenSAMLUtil.unmarshallerFactory AFTER initSamlEngine: " + factoryAfter);
+ }
+
+ if (factoryAfter == null) {
+ log.info("initSamlEngine failed, performing manual factory initialization");
+
+ // Manual initialization: Get factories from properly initialized OpenSAML and set them directly
+ org.opensaml.core.xml.io.UnmarshallerFactory unmarshallerFactory = org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport.getUnmarshallerFactory();
+ org.opensaml.core.xml.io.MarshallerFactory marshallerFactory = org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport.getMarshallerFactory();
+
+ // Set the factories directly in OpenSAMLUtil static fields
+ java.lang.reflect.Field unmarshallerFactoryField = openSAMLUtilClass.getDeclaredField("unmarshallerFactory");
+ unmarshallerFactoryField.setAccessible(true);
+ unmarshallerFactoryField.set(null, unmarshallerFactory);
+
+ java.lang.reflect.Field marshallerFactoryField = openSAMLUtilClass.getDeclaredField("marshallerFactory");
+ marshallerFactoryField.setAccessible(true);
+ marshallerFactoryField.set(null, marshallerFactory);
+
+ // Verify manual initialization worked
+ Object factoryFinal = factoryField.get(null);
+ if (log.isDebugEnabled()) {
+ log.debug("OpenSAMLUtil.unmarshallerFactory AFTER manual init: " + factoryFinal);
+ }
+
+ if (factoryFinal != null) {
+ log.info("Manual WSS4J OpenSAML factory initialization successful");
+ } else {
+ log.warn("Manual factory initialization failed - OpenSAMLUtil.unmarshallerFactory is still null");
+ }
+ } else {
+ if (log.isDebugEnabled()) {
+ log.debug("initSamlEngine worked properly");
+ }
+ }
+ } catch (Exception e) {
+ log.warn("WSS4J OpenSAML initialization failed: " + e.getMessage(), e);
+ }
+
+ WSHandlerResult result = engine.processSecurityHeader(rmd.getDocument(), requestData);
+
+ // DEBUG: Check OpenSAMLUtil state AFTER processSecurityHeader to see if it gets corrupted
+ if (log.isDebugEnabled()) {
+ try {
+ Class<?> openSAMLUtilClass = Class.forName("org.apache.wss4j.common.saml.OpenSAMLUtil");
+ java.lang.reflect.Field factoryField = openSAMLUtilClass.getDeclaredField("unmarshallerFactory");
+ factoryField.setAccessible(true);
+ Object factoryAfterProcessing = factoryField.get(null);
+ log.debug("OpenSAMLUtil.unmarshallerFactory AFTER processSecurityHeader: " + factoryAfterProcessing);
+ } catch (Exception e) {
+ log.debug("Error checking factory after processing: " + e.getMessage());
+ }
+ }
+
+ return result;
}
// Check whether this a soap fault because of failure in processing the security header
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java b/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
index 58c3c7f..e2a122f 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
@@ -18,6 +18,8 @@
import org.apache.axiom.om.OMElement;
import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.context.OperationContext;
@@ -68,7 +70,9 @@
import java.util.List;
public class RampartMessageData {
-
+
+ private static Log log = LogFactory.getLog(RampartMessageData.class);
+
/**
* Axis2 parameter name to be used in the client's axis2 xml
*/
@@ -211,6 +215,36 @@
try {
+ // CRITICAL FIX: Initialize WSS4J before creating WSSConfig to ensure OpenSAML integration works
+ // This prevents OpenSAMLUtil.unmarshallerFactory from being null when processing SAML assertions
+ if (log.isDebugEnabled()) {
+ log.debug("WSS4J initialization starting");
+ }
+ WSSConfig.init();
+ org.apache.xml.security.Init.init();
+ if (log.isDebugEnabled()) {
+ log.debug("Basic WSS4J initialization complete");
+ }
+
+ // Initialize WSS4J's OpenSAML integration specifically
+ try {
+ if (log.isDebugEnabled()) {
+ log.debug("Starting OpenSAML initialization");
+ }
+ org.opensaml.core.config.InitializationService.initialize();
+
+ // Call WSS4J's OpenSAMLUtil initialization method
+ Class<?> openSAMLUtilClass = Class.forName("org.apache.wss4j.common.saml.OpenSAMLUtil");
+ java.lang.reflect.Method initMethod = openSAMLUtilClass.getDeclaredMethod("initSamlEngine");
+ initMethod.setAccessible(true);
+ initMethod.invoke(null);
+ if (log.isDebugEnabled()) {
+ log.debug("OpenSAMLUtil.initSamlEngine() called successfully");
+ }
+ } catch (Exception e) {
+ log.warn("WSS4J OpenSAML initialization failed: " + e.getMessage(), e);
+ }
+
// Set the WSSConfig
this.config = WSSConfig.getNewInstance();
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
index 274a933..b512478 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
@@ -93,16 +93,17 @@
* @param rmd RampartMessageData
*/
protected void addTimestamp(RampartMessageData rmd) {
- log.debug("Adding timestamp");
+ log.debug("BindingBuilder: Adding timestamp");
WSSecTimestamp timestampBuilder = new WSSecTimestamp(rmd.getSecHeader());
timestampBuilder.setTimeToLive(RampartUtil.getTimeToLive(rmd));
-
+
// add the Timestamp to the SOAP Enevelope
timestampBuilder.build();
+ log.info("BindingBuilder: Timestamp added with id: " + timestampBuilder.getId());
if (log.isDebugEnabled()) {
log.debug("Timestamp id: " + timestampBuilder.getId());
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
index b36ef39..85b6b70 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
@@ -34,6 +34,7 @@
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.message.WSSecDKEncrypt;
+import org.apache.wss4j.dom.message.WSSecHeader;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.wss4j.dom.message.WSSecEncrypt;
import org.apache.wss4j.dom.message.WSSecEncryptedKey;
@@ -67,23 +68,89 @@
log.debug("SymmetricBindingBuilder build invoked");
- RampartPolicyData rpd = rmd.getPolicyData();
- if(rpd.isIncludeTimestamp()) {
- this.addTimestamp(rmd);
- }
-
- if(rmd.isInitiator()) {
- //Setup required tokens
- initializeTokens(rmd);
- }
-
-
- if(SPConstants.ENCRYPT_BEFORE_SIGNING.equals(rpd.getProtectionOrder())) {
- this.doEncryptBeforeSig(rmd);
- } else {
- this.doSignBeforeEncrypt(rmd);
+ if (log.isDebugEnabled()) {
+ String timestamp = java.time.LocalDateTime.now().format(java.time.format.DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss.SSS"));
+ log.debug("Starting symmetric binding build - timestamp: " + timestamp);
+ log.debug("Action = " + (rmd.getMsgContext().getOptions() != null ? rmd.getMsgContext().getOptions().getAction() : "null"));
+ log.debug("isInitiator = " + rmd.isInitiator());
}
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ if (log.isDebugEnabled()) {
+ log.debug("ProtectionOrder = " + rpd.getProtectionOrder());
+ log.debug("IncludeTimestamp = " + rpd.isIncludeTimestamp());
+ }
+
+ if(rpd.isIncludeTimestamp()) {
+ if (log.isDebugEnabled()) {
+ log.debug("SymmetricBindingBuilder: Adding timestamp");
+ }
+ this.addTimestamp(rmd);
+ if (log.isDebugEnabled()) {
+ log.debug("SymmetricBindingBuilder: Timestamp added successfully");
+ }
+ }
+
+ if(rmd.isInitiator()) {
+ if (log.isDebugEnabled()) {
+ log.debug("SymmetricBindingBuilder: Initializing tokens (initiator)");
+ }
+ //Setup required tokens
+ initializeTokens(rmd);
+ if (log.isDebugEnabled()) {
+ log.debug("SymmetricBindingBuilder: Token initialization completed");
+ }
+ }
+
+
+ try {
+ if(SPConstants.ENCRYPT_BEFORE_SIGNING.equals(rpd.getProtectionOrder())) {
+ if (log.isDebugEnabled()) {
+ log.debug("SymmetricBindingBuilder: Doing encrypt before sign");
+ }
+ this.doEncryptBeforeSig(rmd);
+ if (log.isDebugEnabled()) {
+ log.debug("SymmetricBindingBuilder: Encrypt before sign completed successfully");
+ }
+ } else {
+ if (log.isDebugEnabled()) {
+ log.debug("SymmetricBindingBuilder: Doing sign before encrypt");
+ }
+ this.doSignBeforeEncrypt(rmd);
+ if (log.isDebugEnabled()) {
+ log.debug("SymmetricBindingBuilder: Sign before encrypt completed successfully");
+ }
+ }
+ } catch (Exception e) {
+ log.error("SymmetricBindingBuilder: ERROR in protection order processing: " + e.getMessage(), e);
+ throw e;
+ }
+
+ // Final security header check
+ if (log.isDebugEnabled()) {
+ log.debug("=== SYMMETRICBINDINGBUILDER: Final security header status ===");
+ WSSecHeader secHeader = rmd.getSecHeader();
+ if (secHeader != null) {
+ log.debug("SymmetricBindingBuilder: Security header exists");
+ try {
+ log.debug("SymmetricBindingBuilder: Security header isEmpty = " + secHeader.isEmpty());
+ Element secHeaderElem = secHeader.getSecurityHeaderElement();
+ if (secHeaderElem != null) {
+ log.debug("SymmetricBindingBuilder: Security header element exists");
+ log.debug("SymmetricBindingBuilder: Security header element hasChildNodes = " + secHeaderElem.hasChildNodes());
+ log.debug("SymmetricBindingBuilder: Security header element childCount = " + secHeaderElem.getChildNodes().getLength());
+ } else {
+ log.debug("SymmetricBindingBuilder: Security header element is NULL");
+ }
+ } catch (Exception e) {
+ log.debug("SymmetricBindingBuilder: Error checking security header: " + e.getMessage());
+ }
+ } else {
+ log.debug("SymmetricBindingBuilder: Security header is NULL");
+ }
+ log.debug("SymmetricBindingBuilder: Build completed successfully");
+ }
log.debug("SymmetricBindingBuilder build invoked : DONE");
}
@@ -804,32 +871,80 @@
* @throws RampartException
*/
private void initializeTokens(RampartMessageData rmd) throws RampartException {
-
+
+ if (log.isDebugEnabled()) {
+ String timestamp = java.time.LocalDateTime.now().format(java.time.format.DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss.SSS"));
+ log.debug("=== SYMMETRICBINDINGBUILDER: initializeTokens ===");
+ log.debug("initializeTokens TIMESTAMP: " + timestamp);
+ }
+
RampartPolicyData rpd = rmd.getPolicyData();
-
+
MessageContext msgContext = rmd.getMsgContext();
+ if (log.isDebugEnabled()) {
+ log.debug("initializeTokens: isSymmetricBinding = " + rpd.isSymmetricBinding());
+ log.debug("initializeTokens: isServerSide = " + msgContext.isServerSide());
+ log.debug("initializeTokens: Action = " + (msgContext.getOptions() != null ? msgContext.getOptions().getAction() : "null"));
+
+ // Check for custom issued token
+ Object customTokenId = msgContext.getProperty("customIssuedToken");
+ log.debug("initializeTokens: Custom issued token = " + customTokenId);
+ }
+
if(rpd.isSymmetricBinding() && !msgContext.isServerSide()) {
if (log.isDebugEnabled()) {
+ log.debug("initializeTokens: Processing symmetric binding client-side");
+ }
+ if (log.isDebugEnabled()) {
log.debug("Processing symmetric binding: " +
"Setting up encryption token and signature token");
}
//Setting up encryption token and signature token
-
+
Token sigTok = rpd.getSignatureToken();
Token encrTok = rpd.getEncryptionToken();
+
+ if (log.isDebugEnabled()) {
+ log.debug("initializeTokens: SignatureToken type = " + (sigTok != null ? sigTok.getClass().getSimpleName() : "null"));
+ log.debug("initializeTokens: EncryptionToken type = " + (encrTok != null ? encrTok.getClass().getSimpleName() : "null"));
+ }
+
if(sigTok instanceof IssuedToken) {
- log.debug("SignatureToken is an IssuedToken");
+ if (log.isDebugEnabled()) {
+ log.debug("initializeTokens: SignatureToken is an IssuedToken");
+ log.debug("initializeTokens: Current IssuedSignatureTokenId = " + rmd.getIssuedSignatureTokenId());
+ }
+
if(rmd.getIssuedSignatureTokenId() == null) {
- log.debug("No Issuedtoken found, requesting a new token");
+ if (log.isDebugEnabled()) {
+ log.debug("initializeTokens: No existing issued token found, requesting a new token");
+ }
IssuedToken issuedToken = (IssuedToken)sigTok;
-
- String id = RampartUtil.getIssuedToken(rmd,
- issuedToken);
- rmd.setIssuedSignatureTokenId(id);
-
+ if (log.isDebugEnabled()) {
+ log.debug("initializeTokens: About to call RampartUtil.getIssuedToken()");
+ }
+
+ try {
+ String id = RampartUtil.getIssuedToken(rmd, issuedToken);
+ if (log.isDebugEnabled()) {
+ log.debug("initializeTokens: RampartUtil.getIssuedToken() returned id = " + id);
+ }
+ rmd.setIssuedSignatureTokenId(id);
+ if (log.isDebugEnabled()) {
+ log.debug("initializeTokens: Set IssuedSignatureTokenId = " + id);
+ }
+ } catch (Exception e) {
+ log.error("initializeTokens: ERROR in getIssuedToken: " + e.getMessage(), e);
+ throw e;
+ }
+
+ } else {
+ if (log.isDebugEnabled()) {
+ log.debug("initializeTokens: Using existing IssuedSignatureTokenId = " + rmd.getIssuedSignatureTokenId());
+ }
}
-
+
} else if(sigTok instanceof SecureConversationToken) {
log.debug("SignatureToken is a SecureConversationToken");
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
index 4ab54e4..5e37596 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
@@ -73,11 +73,15 @@
if(tlog.isDebugEnabled()){
t1 = System.currentTimeMillis();
}
-
+
RampartPolicyData rpd = rmd.getPolicyData();
-
+
if (rpd.isIncludeTimestamp()) {
+ log.info("TransportBindingBuilder: Adding timestamp");
addTimestamp(rmd);
+ log.info("TransportBindingBuilder: Timestamp added successfully");
+ } else {
+ log.info("TransportBindingBuilder: No timestamp required");
}
/*
@@ -164,7 +168,9 @@
} else {
addSignatureConfirmation(rmd, null);
}
-
+
+ log.debug("TransportBindingBuilder: Build completed successfully");
+
if(tlog.isDebugEnabled()){
t1 = System.currentTimeMillis();
tlog.debug("Transport binding build took "+ (t1 - t0));
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java
index 3b8d0a4..4703de2 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java
@@ -79,9 +79,20 @@
}
public InvocationResponse invoke(MessageContext msgContext) throws AxisFault {
-
+
+ if (mlog.isDebugEnabled()) {
+ String timestamp = java.time.LocalDateTime.now().format(java.time.format.DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss.SSS"));
+ mlog.debug("=== RAMPARTRECEIVER: Processing incoming request ===");
+ mlog.debug("RampartReceiver TIMESTAMP: " + timestamp);
+ mlog.debug("RampartReceiver: Action = " + (msgContext.getOptions() != null ? msgContext.getOptions().getAction() : "null"));
+ mlog.debug("RampartReceiver: To = " + (msgContext.getOptions() != null ? msgContext.getOptions().getTo() : "null"));
+ }
+
if (!msgContext.isEngaged(WSSHandlerConstants.SECURITY_MODULE_NAME)) {
- return InvocationResponse.CONTINUE;
+ if (mlog.isDebugEnabled()) {
+ mlog.debug("RampartReceiver: Security module not engaged, continuing");
+ }
+ return InvocationResponse.CONTINUE;
}
if(mlog.isDebugEnabled()){
@@ -89,16 +100,50 @@
+ msgContext.getEnvelope());
}
+ if(mlog.isDebugEnabled()){
+ mlog.debug("RampartReceiver: Processing incoming message");
+ mlog.debug("RampartReceiver: Action = " + msgContext.getOptions().getAction());
+ mlog.debug("RampartReceiver: To = " + msgContext.getOptions().getTo());
+ mlog.debug("RampartReceiver: Message flow = " + (msgContext.getFLOW() == MessageContext.IN_FLOW ? "IN_FLOW" :
+ msgContext.getFLOW() == MessageContext.OUT_FLOW ? "OUT_FLOW" :
+ msgContext.getFLOW() == MessageContext.IN_FAULT_FLOW ? "IN_FAULT_FLOW" :
+ msgContext.getFLOW() == MessageContext.OUT_FAULT_FLOW ? "OUT_FAULT_FLOW" : "UNKNOWN"));
+ try {
+ mlog.debug("RampartReceiver: Incoming envelope:");
+ mlog.debug(msgContext.getEnvelope().toString());
+ } catch (Exception e) {
+ mlog.debug("RampartReceiver: Could not log envelope: " + e.getMessage());
+ }
+ }
+
RampartEngine engine = new RampartEngine();
List<WSSecurityEngineResult> wsResult = null;
try {
+ if(mlog.isDebugEnabled()){
+ mlog.debug("RampartReceiver: About to call RampartEngine.process()");
+ }
wsResult = engine.process(msgContext);
+ if(mlog.isDebugEnabled()){
+ mlog.debug("RampartReceiver: RampartEngine.process() completed successfully");
+ }
} catch (WSSecurityException e) {
+ if(mlog.isDebugEnabled()){
+ mlog.debug("RampartReceiver: WSSecurityException in RampartEngine.process(): " + e.getMessage());
+ e.printStackTrace();
+ }
setFaultCodeAndThrowAxisFault(msgContext, e);
} catch (WSSPolicyException e) {
+ if(mlog.isDebugEnabled()){
+ mlog.debug("RampartReceiver: WSSPolicyException in RampartEngine.process(): " + e.getMessage());
+ e.printStackTrace();
+ }
setFaultCodeAndThrowAxisFault(msgContext, e);
} catch (RampartException e) {
+ if(mlog.isDebugEnabled()){
+ mlog.debug("RampartReceiver: RampartException in RampartEngine.process(): " + e.getMessage());
+ e.printStackTrace();
+ }
setFaultCodeAndThrowAxisFault(msgContext, e);
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java b/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
index 5f8cc5b..9bf2a2e 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
@@ -1673,74 +1673,121 @@
* @return boolean true if a security header is required in the incoming message
*/
public static boolean isSecHeaderRequired(RampartPolicyData rpd, boolean initiator, boolean inflow ) {
-
+
+ if (log.isDebugEnabled()) {
+ String timestamp = java.time.LocalDateTime.now().format(java.time.format.DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss.SSS"));
+ log.debug("RampartUtil.isSecHeaderRequired TIMESTAMP: " + timestamp);
+ log.debug("RampartUtil.isSecHeaderRequired: initiator=" + initiator + ", inflow=" + inflow);
+ }
+
// Checking for time stamp
if ( rpd.isIncludeTimestamp() ) {
+ if (log.isDebugEnabled()) {
+ log.debug("RampartUtil.isSecHeaderRequired: TRUE - timestamp required");
+ }
return true;
- }
-
- // Checking for signed parts and elements
- if (rpd.isSignBody() || rpd.getSignedParts().size() != 0 ||
- rpd.getSignedElements().size() != 0) {
- return true;
+ } else {
+ if (log.isDebugEnabled()) {
+ log.debug("RampartUtil.isSecHeaderRequired: No timestamp required");
+ }
}
-
- // Checking for encrypted parts and elements
- if (rpd.isEncryptBody() || rpd.getEncryptedParts().size() != 0 ||
- rpd.getEncryptedElements().size() != 0 ) {
+
+ // Checking for signed parts and elements
+ if (rpd.isSignBody() || rpd.getSignedParts().size() != 0 ||
+ rpd.getSignedElements().size() != 0) {
+ if (log.isDebugEnabled()) {
+ log.debug("RampartUtil.isSecHeaderRequired: TRUE - signing required (signBody=" + rpd.isSignBody() +
+ ", signedParts=" + rpd.getSignedParts().size() + ", signedElements=" + rpd.getSignedElements().size() + ")");
+ }
return true;
- }
-
+ } else {
+ log.debug("RampartUtil.isSecHeaderRequired: No signing required");
+ }
+
+ // Checking for encrypted parts and elements
+ if (rpd.isEncryptBody() || rpd.getEncryptedParts().size() != 0 ||
+ rpd.getEncryptedElements().size() != 0 ) {
+ log.debug("RampartUtil.isSecHeaderRequired: TRUE - encryption required (encryptBody=" + rpd.isEncryptBody() +
+ ", encryptedParts=" + rpd.getEncryptedParts().size() + ", encryptedElements=" + rpd.getEncryptedElements().size() + ")");
+ return true;
+ } else {
+ log.debug("RampartUtil.isSecHeaderRequired: No encryption required");
+ }
+
// Checking for supporting tokens
SupportingToken supportingTokens;
-
- if (!initiator && inflow || initiator && !inflow ) {
-
+
+ boolean supportingTokenCondition = (!initiator && inflow) || (initiator && !inflow);
+ log.debug("RampartUtil.isSecHeaderRequired: Supporting token condition (" + supportingTokenCondition + ") = (!initiator && inflow) || (initiator && !inflow) = " +
+ "(!" + initiator + " && " + inflow + ") || (" + initiator + " && !" + inflow + ")");
+
+ if (supportingTokenCondition) {
+
List<SupportingToken> supportingToks = rpd.getSupportingTokensList();
+ log.debug("RampartUtil.isSecHeaderRequired: SupportingTokensList size = " + (supportingToks != null ? supportingToks.size() : "null"));
for (SupportingToken supportingTok : supportingToks) {
if (supportingTok != null && supportingTok.getTokens().size() != 0) {
+ log.debug("RampartUtil.isSecHeaderRequired: TRUE - supporting tokens found");
return true;
}
}
-
+
supportingTokens = rpd.getSignedSupportingTokens();
if (supportingTokens != null && supportingTokens.getTokens().size() != 0) {
+ log.debug("RampartUtil.isSecHeaderRequired: TRUE - signed supporting tokens found");
return true;
}
-
+
supportingTokens = rpd.getEndorsingSupportingTokens();
if (supportingTokens != null && supportingTokens.getTokens().size() != 0) {
+ log.debug("RampartUtil.isSecHeaderRequired: TRUE - endorsing supporting tokens found");
return true;
}
-
+
supportingTokens = rpd.getSignedEndorsingSupportingTokens();
if (supportingTokens != null && supportingTokens.getTokens().size() != 0) {
+ log.debug("RampartUtil.isSecHeaderRequired: TRUE - signed endorsing supporting tokens found");
return true;
}
-
+
supportingTokens = rpd.getEncryptedSupportingTokens();
if (supportingTokens != null && supportingTokens.getTokens().size() != 0) {
+ log.debug("RampartUtil.isSecHeaderRequired: TRUE - encrypted supporting tokens found");
return true;
}
-
+
supportingTokens = rpd.getSignedEncryptedSupportingTokens();
if (supportingTokens != null && supportingTokens.getTokens().size() != 0) {
+ log.debug("RampartUtil.isSecHeaderRequired: TRUE - signed encrypted supporting tokens found");
return true;
}
-
+
supportingTokens = rpd.getEndorsingEncryptedSupportingTokens();
if (supportingTokens != null && supportingTokens.getTokens().size() != 0) {
+ log.debug("RampartUtil.isSecHeaderRequired: TRUE - endorsing encrypted supporting tokens found");
return true;
}
-
+
supportingTokens = rpd.getSignedEndorsingEncryptedSupportingTokens();
if (supportingTokens != null && supportingTokens.getTokens().size() != 0) {
+ log.debug("RampartUtil.isSecHeaderRequired: TRUE - signed endorsing encrypted supporting tokens found");
return true;
}
+
+ log.debug("RampartUtil.isSecHeaderRequired: No supporting tokens found despite condition being true");
+ } else {
+ log.debug("RampartUtil.isSecHeaderRequired: Supporting token condition is false, skipping token checks");
}
-
+
+ if (log.isDebugEnabled()) {
+ log.debug("RampartUtil.isSecHeaderRequired: FALSE - no security header requirements found");
+ log.debug("RampartUtil: includeTimestamp = " + rpd.isIncludeTimestamp());
+ log.debug("RampartUtil: signBody = " + rpd.isSignBody());
+ log.debug("RampartUtil: signedParts.size = " + rpd.getSignedParts().size());
+ log.debug("RampartUtil: signedElements.size = " + rpd.getSignedElements().size());
+ }
return false;
-
+
}
public static void handleEncryptedSignedHeaders(List<WSEncryptionPart> encryptedParts,
diff --git a/modules/rampart-core/src/main/resources/org/apache/rampart/errors.properties b/modules/rampart-core/src/main/resources/org/apache/rampart/errors.properties
index 1231c2c..cf5ed2b 100644
--- a/modules/rampart-core/src/main/resources/org/apache/rampart/errors.properties
+++ b/modules/rampart-core/src/main/resources/org/apache/rampart/errors.properties
@@ -69,7 +69,7 @@
noSecurityResults= No security processing results from the incoming message
missingEncryptedKeyInRequest=There was no EncryptedKey in the request message
rampartConigMissing = Please include configured RampartConfiguration assertion in policy
-missingSecurityHeader = Missing wsse:Security header in request
+missingSecurityHeader = Unable to locate or process wsse:Security header in request (header may be missing, malformed, or processing failed due to configuration/dependency issues)
missingSOAPHeader = SOAP header missing
clientAuthRequired= Service requires SSL mutual authentication
diff --git a/modules/rampart-integration/src/test/resources/log4j.properties b/modules/rampart-integration/src/test/resources/log4j.properties
deleted file mode 100644
index b81a5b4..0000000
--- a/modules/rampart-integration/src/test/resources/log4j.properties
+++ /dev/null
@@ -1,31 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
-log4j.rootCategory=ERROR, CONSOLE
-
-log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
-log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
-log4j.appender.CONSOLE.layout.ConversionPattern=%d %-5p %c - %m%n
-
-log4j.appender.JETTY=org.apache.log4j.ConsoleAppender
-log4j.appender.JETTY.layout=org.apache.log4j.PatternLayout
-log4j.appender.JETTY.layout.ConversionPattern=[%C{1}] - %m%n
-
-log4j.category.org.apache.axis2.integration.JettyServer=INFO, JETTY
-log4j.additivity.org.apache.axis2.integration.JettyServer = false
diff --git a/modules/rampart-samples/README.txt b/modules/rampart-samples/README.txt
index 6a3d376..d0b8b7b 100644
--- a/modules/rampart-samples/README.txt
+++ b/modules/rampart-samples/README.txt
@@ -12,10 +12,19 @@
- keys - The keystore files that contains the keys used by the samples
Please use Apache Ant with the build.xml file available in the top level directory
-to copy all jars and mars to required places.
+to copy all jars and mars to required places. Simply execute the ant command with
+no arguments.
- - Please copy log4j.jar to AXIS2_HOME/lib directory before trying out samples.
+AXIS2_HOME must be set as an environment variable for the ant command to copy the
+Rampart jars to AXIS2_HOME/lib.
- - Please follow the instructions on endorsing the default JAXP implementation
- available in README.txt of this distribution before invoking
- Sample 08.(Issuing a SAML 2.0 Token)
+The policy samples each have an Ant target for both the client and server
+(SimpleHTTPServer from the Axis2 test suite) i.e. they need to run in separate shells from the samples dir.
+
+For example, in one shell (repeat for samples 1-9):
+
+ant -buildfile policy/build.xml service.01
+
+Then in another shell:
+
+ant -buildfile policy/build.xml client.01
diff --git a/modules/rampart-samples/policy/build.xml b/modules/rampart-samples/policy/build.xml
index ec42927..ff60ff1 100644
--- a/modules/rampart-samples/policy/build.xml
+++ b/modules/rampart-samples/policy/build.xml
@@ -32,18 +32,22 @@
<property name="sample.services.url" value="http://localhost:${client.port}/axis2/services"/>
<property environment="env"/>
-
+
<property name="lib.dir" value="${env.AXIS2_HOME}/lib"/>
-
+
<property name="vmargs" value=""/>
-
+
<path id="runtime.classpath">
<fileset dir="${lib.dir}">
<include name="**/*.jar"/>
</fileset>
+ <!-- Include distribution lib directory if it exists (when running from distribution) -->
+ <fileset dir="../../lib" erroronmissingdir="false">
+ <include name="**/*.jar"/>
+ </fileset>
<pathelement location="${env.AXIS2_HOME}/conf"/>
</path>
-
+
<target name="check.dependency" unless="env.AXIS2_HOME">
<echo message="AXIS2_HOME must be set"/>
</target>
diff --git a/modules/rampart-samples/policy/sample01/README.txt b/modules/rampart-samples/policy/sample01/README.txt
index dd87594..ba14876 100644
--- a/modules/rampart-samples/policy/sample01/README.txt
+++ b/modules/rampart-samples/policy/sample01/README.txt
@@ -13,6 +13,13 @@
If you uncomment this and deploy the service you will see the following error message :
org.apache.axis2.AxisFault: Expected transport is "https" but incoming transport found : "http"
-You can find a complete tutorial on transport level
-security here:
-http://wso2.org/library/3190
\ No newline at end of file
+For more information on transport level security with Apache Rampart,
+please refer to:
+- Apache Rampart Quick Start Guide: ../../../src/site/xdoc/quick-start.xml
+- Apache Rampart Configuration Guide: ../../../src/site/xdoc/rampartconfig-guide.xml
+
+The original WSO2 tutorial (http://wso2.org/library/3190) is no longer available at that URL.
+For current WSO2 documentation that may contain similar content, check:
+- WSO2 Documentation: https://wso2.com/documentation/
+- WSO2 Technical Docs: https://docs.wso2.com/
+- WSO2 GitHub: https://github.com/wso2
\ No newline at end of file
diff --git a/modules/rampart-samples/policy/sample05/README.txt b/modules/rampart-samples/policy/sample05/README.txt
index 3093c68..cb6ad6e 100644
--- a/modules/rampart-samples/policy/sample05/README.txt
+++ b/modules/rampart-samples/policy/sample05/README.txt
@@ -3,9 +3,12 @@
When using this sample with the TCPMon to monitor the soap messages, you have to use the
correct URL in the client code before build the sample 05.
-There is a known bug in OpenSAML-1.1.jar, which is used for implementing SAML 1.1 support in Rampart.
-So before you run this sample, please download the patched OpenSAML jar from here[1], and replace it
-with the OpenSAML-1.1.jar in your $AXIS2_HOME/lib.
+This sample demonstrates WS-Trust RST (Request Security Token) for issuing SAML tokens.
-[1] - http://dist.wso2.org/maven2/opensaml/opensaml/1.1.406/opensaml-1.1.406.jar
+Note: This sample now uses OpenSAML 4.3.2 which is included with the current Rampart distribution.
+The historical reference to OpenSAML 1.1.406 from WSO2's Maven repository is no longer needed
+as the OpenSAML library has been significantly updated and the old bug has been resolved.
+
+For current OpenSAML documentation, please refer to:
+- OpenSAML Documentation: https://wiki.shibboleth.net/confluence/display/OS30/Home
diff --git a/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/Client.java b/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/Client.java
index a40f96b..7857f13 100644
--- a/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/Client.java
+++ b/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/Client.java
@@ -43,6 +43,26 @@
import javax.xml.namespace.QName;
+/*
+ sample 05 uses SAML token processing, unlike others such as sample 01 that uses username token processing
+
+ 1. Unit Tests that use Sample05, use in-memory objects, minimal XML marshalling → only Builder required
+ 2. Sample05: Full end-to-end SAML token creation with XML marshalling → Both builder AND marshaller required
+
+ Sample05 calls this path:
+ 1. Client requests SAML token from STS
+ 2. → SAMLTokenIssuer.createAttributeAssertion()
+ 3. → CommonUtil.getSymmetricKeyBasedKeyInfo()
+ 4. → SAMLUtils.createEncryptedKey()
+ 5. → CommonUtil.buildXMLObject(SecurityTokenReference.ELEMENT_NAME)
+ 6. → OpenSAML tries to marshall the SecurityTokenReference to actual XML
+
+ In the unit test, when KeyInfo is marshalled, OpenSAML handles the EncryptedKey as a
+ child element and doesn't require the SecurityTokenReference to be independently
+ marshallable. However, in sample05's STS token issuance process, the
+ SecurityTokenReference objects need to be marshalled as standalone elements in the XML security header.
+
+*/
public class Client {
public static void main(String[] args) throws Exception {
@@ -51,35 +71,46 @@
System.out.println("Usage: $java Client endpoint_address client_repo_path policy_xml_path");
}
- ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], null);
-
- STSClient stsClient = new STSClient(ctx);
-
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], null);
+
+ STSClient stsClient = new STSClient(ctx);
+
stsClient.setRstTemplate(getRSTTemplate());
String action = TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE);
stsClient.setAction(action);
-
- Token responseToken = stsClient.requestSecurityToken(loadPolicy("sample05/policy.xml"), new URL(new URL(args[0]), "/axis2/services/STS").toString(), loadPolicy("sample05/sts_policy.xml"), null);
-
+
+ // Use the policy file path passed as argument
+ String policyPath = args[2];
+ String stsPolicyPath = policyPath.replace("policy.xml", "sts_policy.xml");
+
+ String stsUrl = new URL(new URL(args[0]), "/axis2/services/STS").toString();
+
+ Token responseToken = stsClient.requestSecurityToken(loadPolicy(policyPath), stsUrl, loadPolicy(stsPolicyPath), null);
+
System.out.println("\n############################# Requested Token ###################################\n");
System.out.println(responseToken.getToken().toString());
-
+ System.out.println("Token successfully received! Token ID: " + responseToken.getId());
+
TokenStorage store = TrustUtil.getTokenStore(ctx);
store.add(responseToken);
-
-
+
ServiceClient client = new ServiceClient(ctx, null);
-
+
Options options = new Options();
options.setAction("urn:echo");
options.setTo(new EndpointReference(args[0]));
- options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy("sample05/policy.xml"));
+ // Force SOAP 1.2 to match STS call
+ options.setSoapVersionURI(org.apache.axiom.soap.SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI);
+
+ Policy servicePolicy = loadPolicy(policyPath);
+ options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, servicePolicy);
options.setProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN, responseToken.getId());
+
client.setOptions(options);
-
+
client.engageModule("addressing");
client.engageModule("rampart");
-
+
OMElement response = client.sendReceive(getPayload("Hello world1"));
System.out.println("Response : " + response);
@@ -87,8 +118,15 @@
}
private static Policy loadPolicy(String xmlPath) throws Exception {
+ java.io.File policyFile = new java.io.File(xmlPath);
+
+ if (!policyFile.exists()) {
+ throw new Exception("Policy file not found: " + xmlPath);
+ }
+
OMXMLParserWrapper builder = OMXMLBuilderFactory.createOMBuilder(new FileInputStream(xmlPath));
- return PolicyEngine.getPolicy(builder.getDocumentElement());
+ Policy policy = PolicyEngine.getPolicy(builder.getDocumentElement());
+ return policy;
}
private static OMElement getSAMLToken(OMElement resp) {
diff --git a/modules/rampart-tests/test-resources/log4j.properties b/modules/rampart-tests/test-resources/log4j.properties
deleted file mode 100644
index 8a80313..0000000
--- a/modules/rampart-tests/test-resources/log4j.properties
+++ /dev/null
@@ -1,25 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
-log4j.rootCategory=ERROR, CONSOLE
-
-log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
-log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
-log4j.appender.CONSOLE.layout.ConversionPattern=%d %-5p %c - %m%n
-
diff --git a/modules/rampart-trust/pom.xml b/modules/rampart-trust/pom.xml
index 346a166..7228cd5 100644
--- a/modules/rampart-trust/pom.xml
+++ b/modules/rampart-trust/pom.xml
@@ -60,11 +60,6 @@
</dependency>
<dependency>
<groupId>org.apache.wss4j</groupId>
- <artifactId>wss4j</artifactId>
- <type>pom</type>
- </dependency>
- <dependency>
- <groupId>org.apache.wss4j</groupId>
<artifactId>wss4j-ws-security-common</artifactId>
</dependency>
<dependency>
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/CommonUtil.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/CommonUtil.java
index 77f6bf7..c95fbd0 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/CommonUtil.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/CommonUtil.java
@@ -47,7 +47,11 @@
import org.opensaml.core.xml.XMLObjectBuilderFactory;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.soap.wssecurity.KeyIdentifier;
+import org.opensaml.soap.wssecurity.SecurityTokenReference;
import org.opensaml.soap.wssecurity.impl.SecurityTokenReferenceBuilder;
+import org.opensaml.soap.wssecurity.impl.SecurityTokenReferenceMarshaller;
+import org.opensaml.soap.wssecurity.impl.KeyIdentifierBuilder;
+import org.opensaml.soap.wssecurity.impl.KeyIdentifierMarshaller;
import org.opensaml.saml.common.SAMLObjectBuilder;
import org.opensaml.xmlsec.encryption.EncryptedKey;
import org.opensaml.xmlsec.signature.KeyInfo;
@@ -362,12 +366,70 @@
*/
public static XMLObject buildXMLObject(QName objectQName) throws TrustException {
+ if (log.isDebugEnabled()) {
+ String timestamp = java.time.LocalDateTime.now().format(java.time.format.DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss.SSS"));
+ log.debug("CommonUtil.buildXMLObject TIMESTAMP: " + timestamp);
+ log.debug("CommonUtil.buildXMLObject() starting on QName: " + objectQName);
+ }
log.debug("buildXMLObject() is starting on QName: " + objectQName);
XMLObjectBuilderFactory builderFactory = XMLObjectProviderRegistrySupport.getBuilderFactory();
+
+ // CRITICAL FIX: Proactively register both builders to prevent WSS4J ClassCastExceptions
+ // This ensures builders are available for all WSS4J operations, not just explicit requests
+ if (builderFactory.getBuilder(KeyIdentifier.ELEMENT_NAME) == null) {
+ builderFactory.registerBuilder(KeyIdentifier.ELEMENT_NAME, new KeyIdentifierBuilder());
+ if (log.isDebugEnabled()) {
+ log.debug("CommonUtil: Proactively registered KeyIdentifierBuilder");
+ }
+ org.opensaml.core.xml.io.MarshallerFactory marshallerFactory = XMLObjectProviderRegistrySupport.getMarshallerFactory();
+ marshallerFactory.registerMarshaller(KeyIdentifier.ELEMENT_NAME, new KeyIdentifierMarshaller());
+ if (log.isDebugEnabled()) {
+ log.debug("CommonUtil: Proactively registered KeyIdentifierMarshaller");
+ }
+ }
+
+ if (builderFactory.getBuilder(SecurityTokenReference.ELEMENT_NAME) == null) {
+ builderFactory.registerBuilder(SecurityTokenReference.ELEMENT_NAME, new SecurityTokenReferenceBuilder());
+ if (log.isDebugEnabled()) {
+ log.debug("CommonUtil: Proactively registered SecurityTokenReferenceBuilder");
+ }
+ org.opensaml.core.xml.io.MarshallerFactory marshallerFactory = XMLObjectProviderRegistrySupport.getMarshallerFactory();
+ marshallerFactory.registerMarshaller(SecurityTokenReference.ELEMENT_NAME, new SecurityTokenReferenceMarshaller());
+ if (log.isDebugEnabled()) {
+ log.debug("CommonUtil: Proactively registered SecurityTokenReferenceMarshaller");
+ }
+ }
if (builderFactory.getBuilder(objectQName) == null) {
if (KeyIdentifier.ELEMENT_NAME == objectQName) {
- builderFactory.registerBuilder(KeyIdentifier.ELEMENT_NAME, new SecurityTokenReferenceBuilder());
- log.warn("An opensaml SecurityTokenReferenceBuilder was added to the opensaml registry for QName key: " + KeyIdentifier.ELEMENT_NAME);
+ builderFactory.registerBuilder(KeyIdentifier.ELEMENT_NAME, new KeyIdentifierBuilder());
+ if (log.isDebugEnabled()) {
+ log.debug("CommonUtil: Registered KeyIdentifierBuilder for " + KeyIdentifier.ELEMENT_NAME);
+ }
+ log.warn("An opensaml KeyIdentifierBuilder was added to the opensaml registry for QName key: " + KeyIdentifier.ELEMENT_NAME);
+
+ // Also register the marshaller
+ org.opensaml.core.xml.io.MarshallerFactory marshallerFactory = XMLObjectProviderRegistrySupport.getMarshallerFactory();
+ marshallerFactory.registerMarshaller(KeyIdentifier.ELEMENT_NAME, new KeyIdentifierMarshaller());
+ if (log.isDebugEnabled()) {
+ log.debug("CommonUtil: Registered KeyIdentifierMarshaller for " + KeyIdentifier.ELEMENT_NAME);
+ }
+ log.warn("An opensaml KeyIdentifierMarshaller was added to the opensaml registry for QName key: " + KeyIdentifier.ELEMENT_NAME);
+
+ } else if (SecurityTokenReference.ELEMENT_NAME == objectQName) {
+ builderFactory.registerBuilder(SecurityTokenReference.ELEMENT_NAME, new SecurityTokenReferenceBuilder());
+ if (log.isDebugEnabled()) {
+ log.debug("CommonUtil: Registered SecurityTokenReferenceBuilder for " + SecurityTokenReference.ELEMENT_NAME);
+ }
+ log.warn("An opensaml SecurityTokenReferenceBuilder was added to the opensaml registry for QName key: " + SecurityTokenReference.ELEMENT_NAME);
+
+ // Also register the marshaller
+ org.opensaml.core.xml.io.MarshallerFactory marshallerFactory = XMLObjectProviderRegistrySupport.getMarshallerFactory();
+ marshallerFactory.registerMarshaller(SecurityTokenReference.ELEMENT_NAME, new SecurityTokenReferenceMarshaller());
+ if (log.isDebugEnabled()) {
+ log.debug("CommonUtil: Registered SecurityTokenReferenceMarshaller for " + SecurityTokenReference.ELEMENT_NAME);
+ }
+ log.warn("An opensaml SecurityTokenReferenceMarshaller was added to the opensaml registry for QName key: " + SecurityTokenReference.ELEMENT_NAME);
+
} else {
log.error("No opensaml builders found for QName key: " + objectQName);
}
diff --git a/modules/rampart-trust/src/test/resources/log4j.properties b/modules/rampart-trust/src/test/resources/log4j.properties
deleted file mode 100644
index 8a80313..0000000
--- a/modules/rampart-trust/src/test/resources/log4j.properties
+++ /dev/null
@@ -1,25 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
-log4j.rootCategory=ERROR, CONSOLE
-
-log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
-log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
-log4j.appender.CONSOLE.layout.ConversionPattern=%d %-5p %c - %m%n
-
diff --git a/pom.xml b/pom.xml
index 5af951e..7c5791d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -518,24 +518,27 @@
<!-- Other Rampart Dependencies -->
<dependency>
<groupId>org.apache.wss4j</groupId>
- <artifactId>wss4j</artifactId>
- <version>${wss4j.version}</version>
- <type>pom</type>
- </dependency>
- <dependency>
- <groupId>org.apache.wss4j</groupId>
<artifactId>wss4j-ws-security-common</artifactId>
<version>${wss4j.version}</version>
+ <scope>compile</scope>
</dependency>
<dependency>
<groupId>org.apache.wss4j</groupId>
<artifactId>wss4j-ws-security-dom</artifactId>
<version>${wss4j.version}</version>
+ <scope>compile</scope>
</dependency>
<dependency>
<groupId>org.apache.wss4j</groupId>
<artifactId>wss4j-policy</artifactId>
<version>${wss4j.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.wss4j</groupId>
+ <artifactId>wss4j-bindings</artifactId>
+ <version>${wss4j.version}</version>
+ <scope>compile</scope>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
@@ -549,6 +552,18 @@
</dependency>
<dependency>
<groupId>org.opensaml</groupId>
+ <artifactId>opensaml-core</artifactId>
+ <version>${opensaml.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-saml-api</artifactId>
+ <version>${opensaml.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
<artifactId>opensaml-saml-impl</artifactId>
<version>${opensaml.version}</version>
<scope>compile</scope>
@@ -632,6 +647,54 @@
<scope>compile</scope>
</dependency>
<dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-xmlsec-api</artifactId>
+ <version>${opensaml.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-xmlsec-impl</artifactId>
+ <version>${opensaml.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-security-api</artifactId>
+ <version>${opensaml.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-security-impl</artifactId>
+ <version>${opensaml.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>net.shibboleth.utilities</groupId>
+ <artifactId>java-support</artifactId>
+ <version>${shibboleth.utilities.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>net.shibboleth</groupId>
+ <artifactId>cryptography-api</artifactId>
+ <version>1.0.0</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>io.dropwizard.metrics</groupId>
+ <artifactId>metrics-core</artifactId>
+ <version>${dropwizard.metrics.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.cryptacular</groupId>
+ <artifactId>cryptacular</artifactId>
+ <version>${cryptacular.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-jul</artifactId>
<version>2.24.1</version>
@@ -698,6 +761,28 @@
<version>4.0.2</version>
</dependency>
+ <!-- WSS4J dependency management -->
+ <dependency>
+ <groupId>org.apache.wss4j</groupId>
+ <artifactId>wss4j-ws-security-common</artifactId>
+ <version>${wss4j.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.wss4j</groupId>
+ <artifactId>wss4j-ws-security-dom</artifactId>
+ <version>${wss4j.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.wss4j</groupId>
+ <artifactId>wss4j-policy</artifactId>
+ <version>${wss4j.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.wss4j</groupId>
+ <artifactId>wss4j-bindings</artifactId>
+ <version>${wss4j.version}</version>
+ </dependency>
+
</dependencies>
</dependencyManagement>
@@ -762,6 +847,9 @@
<wss4j.version>3.0.3</wss4j.version>
<opensaml.version>4.3.2</opensaml.version>
+ <shibboleth.utilities.version>8.4.2</shibboleth.utilities.version>
+ <dropwizard.metrics.version>4.2.19</dropwizard.metrics.version>
+ <cryptacular.version>1.2.4</cryptacular.version>
<bcprov.jdk18.version>1.79</bcprov.jdk18.version>
diff --git a/src/site/markdown/download.md.vm b/src/site/markdown/download.md.vm
index 32832bc..4ab1ecd 100644
--- a/src/site/markdown/download.md.vm
+++ b/src/site/markdown/download.md.vm
@@ -7,7 +7,7 @@
## "License"); you may not use this file except in compliance
## with the License. You may obtain a copy of the License at
##
-## http://www.apache.org/licenses/LICENSE-2.0
+## https://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing,
## software distributed under the License is distributed on an
@@ -45,14 +45,14 @@
All releases are also available as Maven artifacts in the [central repository][13].
-[1]: http://www.apache.org/dyn/closer.lua/axis/axis2/java/rampart/${release_version}/rampart-dist-${release_version}-bin.zip
+[1]: https://www.apache.org/dyn/closer.lua/axis/axis2/java/rampart/${release_version}/rampart-dist-${release_version}-bin.zip
[3]: https://www.apache.org/dist/axis/axis2/java/rampart/${release_version}/rampart-dist-${release_version}-bin.zip.sha512
[4]: https://www.apache.org/dist/axis/axis2/java/rampart/${release_version}/rampart-dist-${release_version}-bin.zip.asc
-[5]: http://www.apache.org/dyn/closer.lua/axis/axis2/java/rampart/${release_version}/rampart-dist-${release_version}-src.zip
+[5]: https://www.apache.org/dyn/closer.lua/axis/axis2/java/rampart/${release_version}/rampart-dist-${release_version}-src.zip
[7]: https://www.apache.org/dist/axis/axis2/java/rampart/${release_version}/rampart-dist-${release_version}-src.zip.sha512
[8]: https://www.apache.org/dist/axis/axis2/java/rampart/${release_version}/rampart-dist-${release_version}-src.zip.asc
-[9]: http://www.apache.org/dev/release-signing#verifying-signature
+[9]: https://www.apache.org/dev/release-signing#verifying-signature
[10]: https://www.apache.org/dist/axis/axis2/java/rampart/KEYS
-[11]: http://www.apache.org/dyn/closer.lua/axis/axis2/java/rampart/
-[12]: http://archive.apache.org/dist/axis/axis2/java/rampart/
-[13]: http://search.maven.org/#search%7Cga%7C1%7Cg%3A%22org.apache.rampart%22
+[11]: https://www.apache.org/dyn/closer.lua/axis/axis2/java/rampart/
+[12]: https://archive.apache.org/dist/axis/axis2/java/rampart/
+[13]: https://search.maven.org/#search%7Cga%7C1%7Cg%3A%22org.apache.rampart%22
diff --git a/src/site/markdown/index.md b/src/site/markdown/index.md
index e174284..0094358 100644
--- a/src/site/markdown/index.md
+++ b/src/site/markdown/index.md
@@ -19,5 +19,5 @@
Apache Rampart, Rampart, Apache, the Apache feather logo, and the Apache Rampart project logo are trademarks of The Apache Software Foundation.
-[1]: http://ws.apache.org/wss4j/
-[2]: http://ws.apache.org/axiom/implementations/axiom-dom/
+[1]: https://wss4j.apache.org/
+[2]: https://ws.apache.org/axiom/implementations/axiom-dom/
diff --git a/src/site/markdown/release-notes/1.6.2.md b/src/site/markdown/release-notes/1.6.2.md
index 746b984..56310df 100644
--- a/src/site/markdown/release-notes/1.6.2.md
+++ b/src/site/markdown/release-notes/1.6.2.md
@@ -5,6 +5,5 @@
1.6.4 and OpenSAML to version 2.5.1. Apache Rampart 1.6.2 ensure compatibility
with the latest Axis2 1.6.2 release.
-A complete list of issues fixed in this release can be found [here][1].
-
-[1]: http://s.apache.org/rampart1.6.2
+<!-- Removed broken Apache shortlink - http://s.apache.org/rampart1.6.2 -->
+A complete list of issues fixed in this release can be found in the Apache JIRA project.
diff --git a/src/site/markdown/release-notes/1.6.3.md b/src/site/markdown/release-notes/1.6.3.md
index dcf8861..f0d5934 100644
--- a/src/site/markdown/release-notes/1.6.3.md
+++ b/src/site/markdown/release-notes/1.6.3.md
@@ -2,6 +2,7 @@
---------------------------------
Apache Rampart 1.6.3 is a maintenance release compatible with Apache Axis2
-1.6.3. A complete list of issues fixed in this release can be found [here][1].
+1.6.3.
-[1]: http://s.apache.org/rampart1.6.3
\ No newline at end of file
+<!-- Removed broken Apache shortlink - http://s.apache.org/rampart1.6.3 -->
+A complete list of issues fixed in this release can be found in the Apache JIRA project.
\ No newline at end of file
diff --git a/src/site/markdown/release-notes/1.8.0.md b/src/site/markdown/release-notes/1.8.0.md
index b5a6783..3990279 100644
--- a/src/site/markdown/release-notes/1.8.0.md
+++ b/src/site/markdown/release-notes/1.8.0.md
@@ -4,7 +4,7 @@
Apache Rampart 1.8.0 is a major release designed for compatibility with Axis2
1.8.2.
-A huge amount of effort went into upgrading everything possible up to jakarta -
+A huge amount of effort went into upgrading everything possible up to jakarta -
namely opensaml to 4.3 and ws-wss4j to 3.0.3.
This will be the last javax based release. The next Rampart release will be 2.0.0
diff --git a/src/site/markdown/release-notes/2.0.0.md b/src/site/markdown/release-notes/2.0.0.md
index b49106d..6e599aa 100644
--- a/src/site/markdown/release-notes/2.0.0.md
+++ b/src/site/markdown/release-notes/2.0.0.md
@@ -1,3 +1,32 @@
Apache Rampart 2.0.0 Release Notes
---------------------------------
+Apache Rampart 2.0.0 is a major release that continues support for the WS-Security, WS-Trust, and WS-SecureConversation specifications for Apache Axis2.
+
+## Current Dependency Versions
+
+This release uses the following updated dependency versions:
+
+- **Apache WSS4J**: 3.0.3 - Provides WS-Security implementation
+- **OpenSAML**: 4.3.2 - Provides SAML token support and processing
+- **Apache Axis2**: 1.8.2 - Compatible with the latest Axis2 release
+- **Apache Axiom**: 1.4.0 - XML object model used by Axis2
+
+## Key Features
+
+Apache Rampart implements the following WS-Security specifications:
+
+- WS-Security 1.0 and 1.1
+- WS-Trust
+- WS-SecureConversation
+- WS-SecurityPolicy
+
+## Dependencies
+
+For complete dependency information, see the project's Maven POM files. The core dependencies include:
+
+- Apache WSS4J 3.0.3 for WS-Security processing
+- OpenSAML 4.3.2 for SAML assertion handling
+- Bouncy Castle 1.79 for cryptographic operations
+- Apache Santuario XMLSec for XML security
+
diff --git a/src/site/site.xml b/src/site/site.xml
index bacd474..25727ff 100644
--- a/src/site/site.xml
+++ b/src/site/site.xml
@@ -25,8 +25,8 @@
</bannerLeft>
<bannerRight>
- <src>http://www.apache.org/images/asf_logo_wide.png</src>
- <href>http://www.apache.org</href>
+ <src>https://www.apache.org/images/asf_logo_wide.png</src>
+ <href>https://www.apache.org</href>
</bannerRight>
<skin>
@@ -39,7 +39,7 @@
<body>
<links>
- <item name="Apache Axis2/Java" href="http://axis.apache.org/axis2/java/core/" />
+ <item name="Apache Axis2/Java" href="https://axis.apache.org/axis2/java/core/" />
</links>
<menu name="Apache Rampart">
@@ -59,7 +59,8 @@
<menu name="Documentation">
<item name="Getting Started" href="quick-start.html"/>
<item name="Samples" href="samples.html"/>
- <item name="FAQ" href="http://wiki.apache.org/ws/FrontPage/Rampart/FAQ"/>
+<!-- Removing broken wiki link - wiki.apache.org/ws no longer exists -->
+ <!-- <item name="FAQ" href="http://wiki.apache.org/ws/FrontPage/Rampart/FAQ"/> -->
<item name="Rampart Configuration" href="rampartconfig-guide.html"/>
<item name="STS Configuration" href="setting-up-sts.html"/>
<item name="Developer Guide" href="developer-guide.html"/>
@@ -71,13 +72,13 @@
</menu>
<menu name="Project Information">
<item name="Project Team" href="team.html" />
- <item name="Issue Tracking" href="http://issues.apache.org/jira/browse/Rampart" />
+ <item name="Issue Tracking" href="https://issues.apache.org/jira/browse/Rampart" />
<item name="Mailing Lists" href="mail-lists.html"/>
<item name="Source Code" href="https://github.com/apache/axis-axis2-java-rampart" />
- <item name="License" href="http://www.apache.org/licenses/"/>
- <item name="Sponsorship" href="http://www.apache.org/foundation/sponsorship.html"/>
- <item name="Thanks" href="http://www.apache.org/foundation/thanks.html"/>
- <item name="Security" href="http://www.apache.org/security/"/>
+ <item name="License" href="https://www.apache.org/licenses/"/>
+ <item name="Sponsorship" href="https://www.apache.org/foundation/sponsorship.html"/>
+ <item name="Thanks" href="https://www.apache.org/foundation/thanks.html"/>
+ <item name="Security" href="https://www.apache.org/security/"/>
</menu>
</body>
</project>
diff --git a/src/site/xdoc/articles.xml b/src/site/xdoc/articles.xml
index 24f98f0..6a3e477 100644
--- a/src/site/xdoc/articles.xml
+++ b/src/site/xdoc/articles.xml
@@ -24,51 +24,46 @@
</head>
<body>
<h1>Apache Rampart Knowledge Base</h1>
-<p>This page contains articles, tutorials, presentations and
-question and answers published on various Web sites on the Apache
-Rampart. </p>
-<h2>Articles:</h2>
-<ul>
-<li><a href="http://wso2.org/library/240">
-UsernameToken Authentication with Rampart</a>- By Ruchith Ferenando</li>
-<li><a href="http://www.xml.com/pub/a/2007/05/02/sure-reliable-web-services-with-apache.html">
-Secure, Reliable Web Services with Apache</a>- By Kyle Gabhart</li>
-<li><a href="http://wso2.org/library/3132">
-Understanding WS - Security Policy Language</a>- By Nandana Mihindukulasooriya</li>
-<li><a href="http://wso2.org/library/1027">
-Integrating WS-Security and WS-SecureConversation Implementations with Apache Sandesha2 </a>- By Chamikara Jayalath</li>
-</ul>
+<p>This page contains information about articles, tutorials, and presentations related to Apache Rampart.</p>
-<h2>Tutorials</h2>
+<h2>External Articles:</h2>
<ul>
-<li><a href="http://wso2.org/library/140">Secure Message Exchanges with Multiple Users</a>- By
-Ruchith Fernando</li>
-<li><a href="http://wso2.org/library/174">Setting Up Keystores for a Client and a Service</a>- By
-Ruchith Fernando</li>
-<li><a href="http://wso2.org/library/3190">Web Services Security with Apache Rampart - Part 1 (Transport Level Security)</a>- By
-Nandana Mihindukulasooriya</li>
-<li><a href="http://wso2.org/library/3415">Web Services Security with Apache Rampart - Part 2 (Message-Level Security)</a>- By
-Nandana Mihindukulasooriya</li>
+<li><a href="https://www.xml.com/pub/a/2007/05/02/sure-reliable-web-services-with-apache.html">
+Secure, Reliable Web Services with Apache</a> - By Kyle Gabhart</li>
</ul>
-<h2>Presentations</h2>
+<h2>Historical Articles (WSO2 Library)</h2>
+<p>The following articles were originally published on WSO2's library. While the original http://wso2.org/library/ links are no longer accessible,
+the content may be available through:</p>
<ul>
-<li><a href="http://wso2.org/library/136">Secure Web Services with Apache Rampart</a>- By
-Ruchith Fernando</li>
-<li><a href="http://wso2.org/library/2534">Apache Rahas</a>- By
-Ruchith Fernando</li>
+<li><a href="https://wso2.com/documentation/">WSO2 Current Documentation</a></li>
+<li><a href="https://docs.wso2.com/">WSO2 Technical Documentation</a></li>
+<li><a href="https://github.com/wso2">WSO2 GitHub Repositories</a> (may contain samples and tutorials)</li>
</ul>
-<h2>Interviews</h2>
-<ul>
-<li><a href="http://wso2.org/library/695">Secure Messaging with Apache Rampart/Java</a>- By
-Ruchith Fernando</li>
-</ul>
-<h2>Questions and Answers</h2>
+<p>Original articles that may be available in updated form:</p>
+
<ul>
-<li><a href="http://wso2.org/library/2507">Timestamp validation fails! Why?</a></li>
-<li><a href="http://wso2.org/library/2506">How can I convert an LLOM AXIOM tree into a DOOM AXIOM tree?</a></li>
-<li><a href="http://wso2.org/library/169">How can I obtain UsernameToken information at the service?</a></li>
-<li><a href="http://wso2.org/library/116">Unexpected number of X509Data: for Signature. Why?</a></li>
+<li>UsernameToken Authentication with Rampart - By Ruchith Fernando</li>
+<li>Understanding WS-Security Policy Language - By Nandana Mihindukulasooriya</li>
+<li>Integrating WS-Security and WS-SecureConversation Implementations with Apache Sandesha2 - By Chamikara Jayalath</li>
+<li>Secure Message Exchanges with Multiple Users - By Ruchith Fernando</li>
+<li>Setting Up Keystores for a Client and a Service - By Ruchith Fernando</li>
+<li>Web Services Security with Apache Rampart - Part 1 (Transport Level Security) - By Nandana Mihindukulasooriya</li>
+<li>Web Services Security with Apache Rampart - Part 2 (Message-Level Security) - By Nandana Mihindukulasooriya</li>
+<li>Secure Web Services with Apache Rampart - By Ruchith Fernando</li>
+<li>Apache Rahas - By Ruchith Fernando</li>
+<li>Secure Messaging with Apache Rampart/Java - By Ruchith Fernando</li>
+</ul>
+
+<h2>Current Documentation</h2>
+<p>For current tutorials and documentation, please refer to:</p>
+<ul>
+<li><a href="quick-start.html">Getting Started Guide</a></li>
+<li><a href="samples.html">Rampart Samples</a></li>
+<li><a href="rampartconfig-guide.html">Rampart Configuration Guide</a></li>
+<li><a href="developer-guide.html">Developer Guide</a></li>
+<li><a href="https://wss4j.apache.org/">Apache WSS4J Documentation</a></li>
+<li><a href="https://axis.apache.org/axis2/java/core/">Apache Axis2 Documentation</a></li>
</ul>
</body>
</html>
diff --git a/src/site/xdoc/developer-guide.xml b/src/site/xdoc/developer-guide.xml
index 239b8e8..15f0372 100644
--- a/src/site/xdoc/developer-guide.xml
+++ b/src/site/xdoc/developer-guide.xml
@@ -27,7 +27,7 @@
<h3>Building Rampart</h3>
<ol>
<li>Install maven3. Refer to the <a
- href="http://maven.apache.org/guides/getting-started/maven-in-five-minutes.html">Installation
+ href="https://maven.apache.org/guides/getting-started/maven-in-five-minutes.html">Installation
guide</a>.</li>
<li>Download the source code.
<ul>
@@ -86,12 +86,12 @@
<p>Rampart uses WSS4J for securing SOAP messages. WSS4J is an Apache project
which implements the WS-Security specification. SOAP messages are signed and
-encrypted according to the <a href="http://www.w3.org/TR/xmlenc-core/">XML
-Encryption</a> and <a href="http://www.w3.org/TR/xmldsig-core/">XML Digital
+encrypted according to the <a href="https://www.w3.org/TR/xmlenc-core/">XML
+Encryption</a> and <a href="https://www.w3.org/TR/xmldsig-core/">XML Digital
Signature</a> specifications, but the WS-Security specification introduces an
additional set of rules. Therefore WSS4J ensures that SOAP messages are
singed according to all the rules defined in the specifications. WSS4J uses
-Apache's <a href="http://santuario.apache.org/Java/index.html">xmlsec
+Apache's <a href="https://santuario.apache.org/Java/index.html">xmlsec
libraries</a> for XML Encryption and XML Digital Signature.</p>
<p>Rather than re-inventing the wheel, it was decided to use WSS4J for SOAP
@@ -201,7 +201,8 @@
<p>The following things are required to perform the actual release:</p>
-<p>A PGP key that conforms to the <a href="http://specs.xmlsoap.org/ws/2005/02/trust/WS-Trust.pdf"> requirement for Apache release signing</a></p>
+<!-- Removing broken specs.xmlsoap.org link - domain no longer exists -->
+<p>A PGP key that conforms to the requirement for Apache release signing</p>
<p>To make the release process easier, the passphrase for the code signing key should be configured in ~/.m2/settings.xml</p>
@@ -236,7 +237,7 @@
<p>If you have multiple keys, you can define a ~/.gnupg/gpg.conf file for a default. Note that while 'gpg --list-keys' will show your public keys, using maven-release-plugin with the command 'release:perform' below requires 'gpg --list-secret-keys' to have a valid entry that matches your public key, in order to create 'asc' files that are used to verify the release artifcats. 'release:prepare' creates the sha512 checksum files.</p>
-<p>The created artifacts i.e. zip files can be checked with, for example, sha512sum 'rampart-dist-1.8.0-bin.zip' which should match the generated sha512 files. In that example, use 'gpg --verify rampart-dist-1.8.0-bin.zip.asc rampart-dist-1.8.0-bin.zip' to verify the artifacts were signed correctly</p>
+<p>The created artifacts i.e. zip files can be checked with, for example, sha512sum 'rampart-dist-2.0.0-bin.zip' which should match the generated sha512 files. In that example, use 'gpg --verify rampart-dist-2.0.0-bin.zip.asc rampart-dist-2.0.0-bin.zip' to verify the artifacts were signed correctly</p>
<p>If necessary, update the copyright date in the top level NOTICE file.</p>
diff --git a/src/site/xdoc/rampartconfig-guide.xml b/src/site/xdoc/rampartconfig-guide.xml
index d313ce9..107d8ef 100644
--- a/src/site/xdoc/rampartconfig-guide.xml
+++ b/src/site/xdoc/rampartconfig-guide.xml
@@ -142,6 +142,6 @@
</pre>
<br></br>
<h3>References</h3>1.
- <a href="http://ws.apache.org/wss4j">Apache WSS4J -Home</a>
+ <a href="https://wss4j.apache.org/">Apache WSS4J -Home</a>
</body>
</html>
