Thu, 31 Aug 2017 15:18:52 +0800
merge
aoqi@0 | 1 | /* |
aoqi@0 | 2 | * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. |
aoqi@0 | 3 | * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
aoqi@0 | 4 | * |
aoqi@0 | 5 | * This code is free software; you can redistribute it and/or modify it |
aoqi@0 | 6 | * under the terms of the GNU General Public License version 2 only, as |
aoqi@0 | 7 | * published by the Free Software Foundation. Oracle designates this |
aoqi@0 | 8 | * particular file as subject to the "Classpath" exception as provided |
aoqi@0 | 9 | * by Oracle in the LICENSE file that accompanied this code. |
aoqi@0 | 10 | * |
aoqi@0 | 11 | * This code is distributed in the hope that it will be useful, but WITHOUT |
aoqi@0 | 12 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
aoqi@0 | 13 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
aoqi@0 | 14 | * version 2 for more details (a copy is included in the LICENSE file that |
aoqi@0 | 15 | * accompanied this code). |
aoqi@0 | 16 | * |
aoqi@0 | 17 | * You should have received a copy of the GNU General Public License version |
aoqi@0 | 18 | * 2 along with this work; if not, write to the Free Software Foundation, |
aoqi@0 | 19 | * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
aoqi@0 | 20 | * |
aoqi@0 | 21 | * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
aoqi@0 | 22 | * or visit www.oracle.com if you need additional information or have any |
aoqi@0 | 23 | * questions. |
aoqi@0 | 24 | */ |
aoqi@0 | 25 | |
aoqi@0 | 26 | package com.sun.xml.internal.ws.policy.jaxws; |
aoqi@0 | 27 | |
aoqi@0 | 28 | import com.sun.xml.internal.ws.api.policy.ModelUnmarshaller; |
aoqi@0 | 29 | import com.sun.xml.internal.ws.policy.PolicyException; |
aoqi@0 | 30 | import com.sun.xml.internal.ws.policy.privateutil.PolicyLogger; |
aoqi@0 | 31 | import com.sun.xml.internal.ws.policy.sourcemodel.PolicySourceModel; |
aoqi@0 | 32 | import com.sun.xml.internal.ws.policy.sourcemodel.wspolicy.NamespaceVersion; |
aoqi@0 | 33 | import com.sun.xml.internal.ws.policy.sourcemodel.wspolicy.XmlToken; |
aoqi@0 | 34 | import com.sun.xml.internal.ws.resources.PolicyMessages; |
aoqi@0 | 35 | |
aoqi@0 | 36 | import java.io.StringReader; |
aoqi@0 | 37 | import java.util.HashSet; |
aoqi@0 | 38 | import java.util.Set; |
aoqi@0 | 39 | import javax.xml.namespace.QName; |
aoqi@0 | 40 | import javax.xml.stream.XMLStreamConstants; |
aoqi@0 | 41 | import javax.xml.stream.XMLStreamException; |
aoqi@0 | 42 | import javax.xml.stream.XMLStreamReader; |
aoqi@0 | 43 | import javax.xml.ws.WebServiceException; |
aoqi@0 | 44 | |
aoqi@0 | 45 | /** |
aoqi@0 | 46 | * Provides methods to unmarshal policies from a XMLStreamReader safely |
aoqi@0 | 47 | * |
aoqi@0 | 48 | * @author Fabian Ritzmann |
aoqi@0 | 49 | */ |
aoqi@0 | 50 | public class SafePolicyReader { |
aoqi@0 | 51 | |
aoqi@0 | 52 | private static final PolicyLogger LOGGER = PolicyLogger.getLogger(SafePolicyReader.class); |
aoqi@0 | 53 | |
aoqi@0 | 54 | // urls of xml docs policies were read from |
aoqi@0 | 55 | private final Set<String> urlsRead = new HashSet<String>(); |
aoqi@0 | 56 | |
aoqi@0 | 57 | private final Set<String> qualifiedPolicyUris = new HashSet<String>(); |
aoqi@0 | 58 | |
aoqi@0 | 59 | |
aoqi@0 | 60 | public final class PolicyRecord { |
aoqi@0 | 61 | PolicyRecord next; |
aoqi@0 | 62 | PolicySourceModel policyModel; |
aoqi@0 | 63 | Set<String> unresolvedURIs; |
aoqi@0 | 64 | private String uri; |
aoqi@0 | 65 | |
aoqi@0 | 66 | PolicyRecord() { |
aoqi@0 | 67 | // nothing to initialize |
aoqi@0 | 68 | } |
aoqi@0 | 69 | |
aoqi@0 | 70 | PolicyRecord insert(final PolicyRecord insertedRec) { |
aoqi@0 | 71 | if (null==insertedRec.unresolvedURIs || insertedRec.unresolvedURIs.isEmpty()) { |
aoqi@0 | 72 | insertedRec.next = this; |
aoqi@0 | 73 | return insertedRec; |
aoqi@0 | 74 | } |
aoqi@0 | 75 | final PolicyRecord head = this; |
aoqi@0 | 76 | PolicyRecord oneBeforeCurrent = null; |
aoqi@0 | 77 | PolicyRecord current; |
aoqi@0 | 78 | for (current = head ; null != current.next ; ) { |
aoqi@0 | 79 | if ((null != current.unresolvedURIs) && current.unresolvedURIs.contains(insertedRec.uri)) { |
aoqi@0 | 80 | if (null == oneBeforeCurrent) { |
aoqi@0 | 81 | insertedRec.next = current; |
aoqi@0 | 82 | return insertedRec; |
aoqi@0 | 83 | } else { // oneBeforeCurrent != null |
aoqi@0 | 84 | oneBeforeCurrent.next = insertedRec; |
aoqi@0 | 85 | insertedRec.next = current; |
aoqi@0 | 86 | return head; |
aoqi@0 | 87 | } // end-if-else oneBeforeCurrent == null |
aoqi@0 | 88 | }// end-if current record depends on inserted one |
aoqi@0 | 89 | if (insertedRec.unresolvedURIs.remove(current.uri) && (insertedRec.unresolvedURIs.isEmpty())) { |
aoqi@0 | 90 | insertedRec.next = current.next; |
aoqi@0 | 91 | current.next = insertedRec; |
aoqi@0 | 92 | return head; |
aoqi@0 | 93 | } // end-if one of unresolved URIs resolved by current record and thus unresolvedURIs empty |
aoqi@0 | 94 | oneBeforeCurrent = current; |
aoqi@0 | 95 | current = current.next; |
aoqi@0 | 96 | } // end for (current = head; null!=current.next; ) |
aoqi@0 | 97 | insertedRec.next = null; |
aoqi@0 | 98 | current.next = insertedRec; |
aoqi@0 | 99 | return head; |
aoqi@0 | 100 | } |
aoqi@0 | 101 | |
aoqi@0 | 102 | /** |
aoqi@0 | 103 | * Set the URI that identifies the policy. |
aoqi@0 | 104 | * |
aoqi@0 | 105 | * @param uri The fully qualified URI of the policy. May be a relative URI |
aoqi@0 | 106 | * if JAX-WS did not pass on any system id. |
aoqi@0 | 107 | * @param id The short ID of the policy. Used for error reporting. |
aoqi@0 | 108 | * @throws PolicyException If there already is a policy recorded with the |
aoqi@0 | 109 | * same id. |
aoqi@0 | 110 | */ |
aoqi@0 | 111 | public void setUri(final String uri, final String id) throws PolicyException { |
aoqi@0 | 112 | if (qualifiedPolicyUris.contains(uri)) { |
aoqi@0 | 113 | throw LOGGER.logSevereException(new PolicyException(PolicyMessages.WSP_1020_DUPLICATE_ID(id))); |
aoqi@0 | 114 | } |
aoqi@0 | 115 | this.uri = uri; |
aoqi@0 | 116 | qualifiedPolicyUris.add(uri); |
aoqi@0 | 117 | } |
aoqi@0 | 118 | |
aoqi@0 | 119 | public String getUri() { |
aoqi@0 | 120 | return this.uri; |
aoqi@0 | 121 | } |
aoqi@0 | 122 | |
aoqi@0 | 123 | @Override |
aoqi@0 | 124 | public String toString() { |
aoqi@0 | 125 | String result = uri; |
aoqi@0 | 126 | if (null!=next) { |
aoqi@0 | 127 | result += "->" + next.toString(); |
aoqi@0 | 128 | } |
aoqi@0 | 129 | return result; |
aoqi@0 | 130 | } |
aoqi@0 | 131 | } |
aoqi@0 | 132 | |
aoqi@0 | 133 | |
aoqi@0 | 134 | /** |
aoqi@0 | 135 | * Reads a policy expression from the XML stream. |
aoqi@0 | 136 | * |
aoqi@0 | 137 | * The XMLStreamReader should be in START_ELEMENT state and point to the policy element. |
aoqi@0 | 138 | * The content of the stream is copied and then the copy is unmarshalled. The result |
aoqi@0 | 139 | * is returned as a PolicyRecord. |
aoqi@0 | 140 | * |
aoqi@0 | 141 | * @param reader The XMLStreamReader should be in START_ELEMENT state and point to the policy element. |
aoqi@0 | 142 | * @param baseUrl The system id of the document read by the reader. |
aoqi@0 | 143 | * @return The policy that was read from the XML stream. |
aoqi@0 | 144 | */ |
aoqi@0 | 145 | public PolicyRecord readPolicyElement(final XMLStreamReader reader, final String baseUrl) { |
aoqi@0 | 146 | if ((null == reader) || (!reader.isStartElement())) { |
aoqi@0 | 147 | return null; |
aoqi@0 | 148 | } |
aoqi@0 | 149 | final StringBuffer elementCode = new StringBuffer(); |
aoqi@0 | 150 | final PolicyRecord policyRec = new PolicyRecord(); |
aoqi@0 | 151 | final QName elementName = reader.getName(); |
aoqi@0 | 152 | boolean insidePolicyReferenceAttr; |
aoqi@0 | 153 | int depth = 0; |
aoqi@0 | 154 | try{ |
aoqi@0 | 155 | do { |
aoqi@0 | 156 | switch (reader.getEventType()) { |
aoqi@0 | 157 | case XMLStreamConstants.START_ELEMENT: // process start of next element |
aoqi@0 | 158 | QName curName = reader.getName(); |
aoqi@0 | 159 | insidePolicyReferenceAttr = NamespaceVersion.resolveAsToken(curName) == XmlToken.PolicyReference; |
aoqi@0 | 160 | if (elementName.equals(curName)) { // it is our element ! |
aoqi@0 | 161 | depth++; // we are then deeper |
aoqi@0 | 162 | } |
aoqi@0 | 163 | final StringBuffer xmlnsCode = new StringBuffer(); // take care about namespaces as well |
aoqi@0 | 164 | final Set<String> tmpNsSet = new HashSet<String>(); |
aoqi@0 | 165 | if ((null == curName.getPrefix()) || ("".equals(curName.getPrefix()))) { // no prefix |
aoqi@0 | 166 | elementCode |
aoqi@0 | 167 | .append('<') // start tag |
aoqi@0 | 168 | .append(curName.getLocalPart()); |
aoqi@0 | 169 | xmlnsCode |
aoqi@0 | 170 | .append(" xmlns=\"") |
aoqi@0 | 171 | .append(curName.getNamespaceURI()) |
aoqi@0 | 172 | .append('"'); |
aoqi@0 | 173 | |
aoqi@0 | 174 | } else { // prefix presented |
aoqi@0 | 175 | elementCode |
aoqi@0 | 176 | .append('<') // start tag |
aoqi@0 | 177 | .append(curName.getPrefix()) |
aoqi@0 | 178 | .append(':') |
aoqi@0 | 179 | .append(curName.getLocalPart()); |
aoqi@0 | 180 | xmlnsCode |
aoqi@0 | 181 | .append(" xmlns:") |
aoqi@0 | 182 | .append(curName.getPrefix()) |
aoqi@0 | 183 | .append("=\"") |
aoqi@0 | 184 | .append(curName.getNamespaceURI()) |
aoqi@0 | 185 | .append('"'); |
aoqi@0 | 186 | tmpNsSet.add(curName.getPrefix()); |
aoqi@0 | 187 | } |
aoqi@0 | 188 | final int attrCount = reader.getAttributeCount(); // process element attributes |
aoqi@0 | 189 | final StringBuffer attrCode = new StringBuffer(); |
aoqi@0 | 190 | for (int i=0; i < attrCount; i++) { |
aoqi@0 | 191 | boolean uriAttrFlg = false; |
aoqi@0 | 192 | if (insidePolicyReferenceAttr && "URI".equals( |
aoqi@0 | 193 | reader.getAttributeName(i).getLocalPart())) { // PolicyReference found |
aoqi@0 | 194 | uriAttrFlg = true; |
aoqi@0 | 195 | if (null == policyRec.unresolvedURIs) { // first such URI found |
aoqi@0 | 196 | policyRec.unresolvedURIs = new HashSet<String>(); // initialize URIs set |
aoqi@0 | 197 | } |
aoqi@0 | 198 | policyRec.unresolvedURIs.add( // add the URI |
aoqi@0 | 199 | relativeToAbsoluteUrl(reader.getAttributeValue(i), baseUrl)); |
aoqi@0 | 200 | } // end-if PolicyReference attribute found |
aoqi@0 | 201 | if ("xmlns".equals(reader.getAttributePrefix(i)) && tmpNsSet.contains(reader.getAttributeLocalName(i))) { |
aoqi@0 | 202 | continue; // do not append already defined ns |
aoqi@0 | 203 | } |
aoqi@0 | 204 | if ((null == reader.getAttributePrefix(i)) || ("".equals(reader.getAttributePrefix(i)))) { // no attribute prefix |
aoqi@0 | 205 | attrCode |
aoqi@0 | 206 | .append(' ') |
aoqi@0 | 207 | .append(reader.getAttributeLocalName(i)) |
aoqi@0 | 208 | .append("=\"") |
aoqi@0 | 209 | .append(uriAttrFlg ? relativeToAbsoluteUrl(reader.getAttributeValue(i), baseUrl) : reader.getAttributeValue(i)) |
aoqi@0 | 210 | .append('"'); |
aoqi@0 | 211 | } else { // prefix`presented |
aoqi@0 | 212 | attrCode |
aoqi@0 | 213 | .append(' ') |
aoqi@0 | 214 | .append(reader.getAttributePrefix(i)) |
aoqi@0 | 215 | .append(':') |
aoqi@0 | 216 | .append(reader.getAttributeLocalName(i)) |
aoqi@0 | 217 | .append("=\"") |
aoqi@0 | 218 | .append(uriAttrFlg ? relativeToAbsoluteUrl(reader.getAttributeValue(i), baseUrl) : reader.getAttributeValue(i)) |
aoqi@0 | 219 | .append('"'); |
aoqi@0 | 220 | if (!tmpNsSet.contains(reader.getAttributePrefix(i))) { |
aoqi@0 | 221 | xmlnsCode |
aoqi@0 | 222 | .append(" xmlns:") |
aoqi@0 | 223 | .append(reader.getAttributePrefix(i)) |
aoqi@0 | 224 | .append("=\"") |
aoqi@0 | 225 | .append(reader.getAttributeNamespace(i)) |
aoqi@0 | 226 | .append('"'); |
aoqi@0 | 227 | tmpNsSet.add(reader.getAttributePrefix(i)); |
aoqi@0 | 228 | } // end if prefix already processed |
aoqi@0 | 229 | } |
aoqi@0 | 230 | } // end foreach attr |
aoqi@0 | 231 | elementCode |
aoqi@0 | 232 | .append(xmlnsCode) // complete the start element tag |
aoqi@0 | 233 | .append(attrCode) |
aoqi@0 | 234 | .append('>'); |
aoqi@0 | 235 | break; |
aoqi@0 | 236 | //case XMLStreamConstants.ATTRIBUTE: Unreachable (I hope ;-) |
aoqi@0 | 237 | // break; |
aoqi@0 | 238 | //case XMLStreamConstants.NAMESPACE: Unreachable (I hope ;-) |
aoqi@0 | 239 | // break; |
aoqi@0 | 240 | case XMLStreamConstants.END_ELEMENT: |
aoqi@0 | 241 | curName = reader.getName(); |
aoqi@0 | 242 | if (elementName.equals(curName)) { // it is our element ! |
aoqi@0 | 243 | depth--; // go up |
aoqi@0 | 244 | } |
aoqi@0 | 245 | elementCode |
aoqi@0 | 246 | .append("</") // append appropriate XML code |
aoqi@0 | 247 | .append("".equals(curName.getPrefix())?"":curName.getPrefix()+':') |
aoqi@0 | 248 | .append(curName.getLocalPart()) |
aoqi@0 | 249 | .append('>'); // complete the end element tag |
aoqi@0 | 250 | break; |
aoqi@0 | 251 | case XMLStreamConstants.CHARACTERS: |
aoqi@0 | 252 | elementCode.append(reader.getText()); // append text data |
aoqi@0 | 253 | break; |
aoqi@0 | 254 | case XMLStreamConstants.CDATA: |
aoqi@0 | 255 | elementCode |
aoqi@0 | 256 | .append("<![CDATA[") // append CDATA delimiters |
aoqi@0 | 257 | .append(reader.getText()) |
aoqi@0 | 258 | .append("]]>"); |
aoqi@0 | 259 | break; |
aoqi@0 | 260 | case XMLStreamConstants.COMMENT: // Ignore any comments |
aoqi@0 | 261 | break; |
aoqi@0 | 262 | case XMLStreamConstants.SPACE: // Ignore spaces as well |
aoqi@0 | 263 | break; |
aoqi@0 | 264 | } |
aoqi@0 | 265 | if (reader.hasNext() && depth>0) { |
aoqi@0 | 266 | reader.next(); |
aoqi@0 | 267 | } |
aoqi@0 | 268 | } while (XMLStreamConstants.END_DOCUMENT!=reader.getEventType() && depth>0); |
aoqi@0 | 269 | policyRec.policyModel = ModelUnmarshaller.getUnmarshaller().unmarshalModel( |
aoqi@0 | 270 | new StringReader(elementCode.toString())); |
aoqi@0 | 271 | if (null != policyRec.policyModel.getPolicyId()) { |
aoqi@0 | 272 | policyRec.setUri(baseUrl + "#" + policyRec.policyModel.getPolicyId(), policyRec.policyModel.getPolicyId()); |
aoqi@0 | 273 | } else if (policyRec.policyModel.getPolicyName() != null) { |
aoqi@0 | 274 | policyRec.setUri(policyRec.policyModel.getPolicyName(), policyRec.policyModel.getPolicyName()); |
aoqi@0 | 275 | } |
aoqi@0 | 276 | } catch(Exception e) { |
aoqi@0 | 277 | throw LOGGER.logSevereException(new WebServiceException(PolicyMessages.WSP_1013_EXCEPTION_WHEN_READING_POLICY_ELEMENT(elementCode.toString()), e)); |
aoqi@0 | 278 | } |
aoqi@0 | 279 | urlsRead.add(baseUrl); |
aoqi@0 | 280 | return policyRec; |
aoqi@0 | 281 | } |
aoqi@0 | 282 | |
aoqi@0 | 283 | |
aoqi@0 | 284 | public Set<String> getUrlsRead() { |
aoqi@0 | 285 | return this.urlsRead; |
aoqi@0 | 286 | } |
aoqi@0 | 287 | |
aoqi@0 | 288 | |
aoqi@0 | 289 | /** |
aoqi@0 | 290 | * Reads policy reference element <wsp:PolicyReference/> and returns referenced policy URI as String |
aoqi@0 | 291 | * |
aoqi@0 | 292 | * @param reader The XMLStreamReader should be in START_ELEMENT state and point to the PolicyReference element. |
aoqi@0 | 293 | * @return The URI contained in the PolicyReference |
aoqi@0 | 294 | */ |
aoqi@0 | 295 | public String readPolicyReferenceElement(final XMLStreamReader reader) { |
aoqi@0 | 296 | try { |
aoqi@0 | 297 | if (NamespaceVersion.resolveAsToken(reader.getName()) == XmlToken.PolicyReference) { // "PolicyReference" element interests me |
aoqi@0 | 298 | for (int i = 0; i < reader.getAttributeCount(); i++) { |
aoqi@0 | 299 | if (XmlToken.resolveToken(reader.getAttributeName(i).getLocalPart()) == XmlToken.Uri) { |
aoqi@0 | 300 | final String uriValue = reader.getAttributeValue(i); |
aoqi@0 | 301 | reader.next(); |
aoqi@0 | 302 | return uriValue; |
aoqi@0 | 303 | } |
aoqi@0 | 304 | } |
aoqi@0 | 305 | } |
aoqi@0 | 306 | reader.next(); |
aoqi@0 | 307 | return null; |
aoqi@0 | 308 | } catch(XMLStreamException e) { |
aoqi@0 | 309 | throw LOGGER.logSevereException(new WebServiceException(PolicyMessages.WSP_1001_XML_EXCEPTION_WHEN_PROCESSING_POLICY_REFERENCE(), e)); |
aoqi@0 | 310 | } |
aoqi@0 | 311 | } |
aoqi@0 | 312 | |
aoqi@0 | 313 | |
aoqi@0 | 314 | /** |
aoqi@0 | 315 | * Utility method to construct an absolute URL from a relative URI and a base URL. |
aoqi@0 | 316 | * |
aoqi@0 | 317 | * If the relativeUri already is an absolute URL, the method returns the relativeUri. |
aoqi@0 | 318 | * |
aoqi@0 | 319 | * @param relativeUri The relative URI |
aoqi@0 | 320 | * @param baseUri The base URL |
aoqi@0 | 321 | * @return The relative URI appended to the base URL. If relativeUri already is |
aoqi@0 | 322 | * an absolute URL, the method returns the relativeUri. |
aoqi@0 | 323 | */ |
aoqi@0 | 324 | public static String relativeToAbsoluteUrl(final String relativeUri, final String baseUri) { |
aoqi@0 | 325 | if ('#' != relativeUri.charAt(0)) { // TODO: escaped char could be an issue? |
aoqi@0 | 326 | return relativeUri; // absolute already |
aoqi@0 | 327 | } |
aoqi@0 | 328 | return (null == baseUri) ? relativeUri : baseUri + relativeUri; |
aoqi@0 | 329 | } |
aoqi@0 | 330 | |
aoqi@0 | 331 | } |