You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2011/01/10 18:06:06 UTC
svn commit: r1057283 - in /cxf/branches/2.3.x-fixes/rt/ws/security: pom.xml
src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
Author: coheigea
Date: Mon Jan 10 17:06:06 2011
New Revision: 1057283
URL: http://svn.apache.org/viewvc?rev=1057283&view=rev
Log:
[CXF-3236] - Add support for an Issued Token extracted from a SAML assertion
- Upgrading to use WSS4J 1.5.11-SNAPSHOT temporarily, which will be released soon.
Modified:
cxf/branches/2.3.x-fixes/rt/ws/security/pom.xml
cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
Modified: cxf/branches/2.3.x-fixes/rt/ws/security/pom.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.3.x-fixes/rt/ws/security/pom.xml?rev=1057283&r1=1057282&r2=1057283&view=diff
==============================================================================
--- cxf/branches/2.3.x-fixes/rt/ws/security/pom.xml (original)
+++ cxf/branches/2.3.x-fixes/rt/ws/security/pom.xml Mon Jan 10 17:06:06 2011
@@ -91,7 +91,7 @@
<dependency>
<groupId>org.apache.ws.security</groupId>
<artifactId>wss4j</artifactId>
- <version>1.5.10</version>
+ <version>1.5.11-SNAPSHOT</version>
<exclusions>
<exclusion>
<groupId>axis</groupId>
Modified: cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java?rev=1057283&r1=1057282&r2=1057283&view=diff
==============================================================================
--- cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java (original)
+++ cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java Mon Jan 10 17:06:06 2011
@@ -19,6 +19,7 @@
package org.apache.cxf.ws.security.policy.interceptors;
+import java.security.Principal;
import java.util.Arrays;
import java.util.Collection;
import java.util.Vector;
@@ -47,6 +48,9 @@ import org.apache.cxf.ws.security.trust.
import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor;
import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor;
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
+import org.apache.ws.security.CustomTokenPrincipal;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
@@ -216,13 +220,10 @@ public class IssuedTokenInterceptorProvi
(WSHandlerResult) results.get(i);
Vector wsSecEngineResults = rResult.getResults();
-
- for (int j = 0; j < wsSecEngineResults.size(); j++) {
- //WSSecurityEngineResult wser =
- // (WSSecurityEngineResult) wsSecEngineResults.get(j);
- //Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
- //how to find if it's due to an IssuedToken?
+ SecurityToken token = findIssuedToken(wsSecEngineResults);
+ if (token != null) {
found = true;
+ message.getExchange().put(SecurityConstants.TOKEN, token);
}
}
}
@@ -237,5 +238,34 @@ public class IssuedTokenInterceptorProvi
}
}
}
+
+ private SecurityToken findIssuedToken(Vector wsSecEngineResults) {
+ for (int j = 0; j < wsSecEngineResults.size(); j++) {
+ WSSecurityEngineResult wser =
+ (WSSecurityEngineResult) wsSecEngineResults.get(j);
+ Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
+ if (actInt.intValue() == WSConstants.SIGN) {
+ Principal principal =
+ (Principal)wser.get(WSSecurityEngineResult.TAG_PRINCIPAL);
+ if (principal instanceof CustomTokenPrincipal) {
+ CustomTokenPrincipal customPrincipal =
+ (CustomTokenPrincipal)principal;
+ byte[] secretKey =
+ (byte[])wser.get(WSSecurityEngineResult.TAG_DECRYPTED_KEY);
+ if (secretKey != null) {
+ SecurityToken token =
+ new SecurityToken(
+ customPrincipal.getName(),
+ (java.util.Calendar)null,
+ (java.util.Calendar)null
+ );
+ token.setSecret(secretKey);
+ return token;
+ }
+ }
+ }
+ }
+ return null;
+ }
}
}
Re: svn commit: r1057283 - in /cxf/branches/2.3.x-fixes/rt/ws/security: pom.xml src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
Posted by Daniel Kulp <dk...@apache.org>.
On Tuesday 11 January 2011 8:02:27 pm David Valeri wrote:
> It doesn't matter as WSS4J does not seem to deploy nightly snapshots to the
> Apache repository. At least that has been the case up until now [1]
>
> It would be nice if the nightly snapshots were deployed from Hudson.
I believe they are:
https://hudson.apache.org/hudson/view/S-Z/view/WS/
is setup to do a deploy.
> [1]
> http://people.apache.org/maven-snapshot-repository/org/apache/ws/security/w
> ss4j/
They wouldn't go there though. They've been moved to Nexus. See:
https://repository.apache.org/content/groups/snapshots-group/org/apache/ws/security/wss4j/
Dan
>
> On Tue, Jan 11, 2011 at 12:11 PM, Daniel Kulp <dk...@apache.org> wrote:
> > On Tuesday 11 January 2011 10:44:49 am Glen Mazza wrote:
> > > On 10.01.2011 12:06, coheigea@apache.org wrote:
> > > > Author: coheigea
> > > > Date: Mon Jan 10 17:06:06 2011
> > > > New Revision: 1057283
> > > >
> > > > URL: http://svn.apache.org/viewvc?rev=1057283&view=rev
> > > > Log:
> > > > [CXF-3236] - Add support for an Issued Token extracted from a SAML
> > > > assertion
> > > >
> > > > - Upgrading to use WSS4J 1.5.11-SNAPSHOT temporarily, which will be
> > > > released soon.
> > >
> > > I understand this is a short-term change, but does upgrading to
> > > 1.5.11-SNAPSHOT end up breaking the build for anyone who hasn't
> > > downloaded and build WSS4J first? Or do we have the SNAPSHOT repo
> > > listed in the CXF project POMs someplace?
> >
> > I know on trunk, we have the snapshot repo there as we're using a
> > snapshot of
> > XmlSchema there. I'll need to double check on 2.3.x.
> >
> >
> >
> > --
> > Daniel Kulp
> > dkulp@apache.org
> > http://dankulp.com/blog
--
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog
Re: svn commit: r1057283 - in /cxf/branches/2.3.x-fixes/rt/ws/security:
pom.xml src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
Posted by David Valeri <dv...@apache.org>.
It doesn't matter as WSS4J does not seem to deploy nightly snapshots to the
Apache repository. At least that has been the case up until now [1]
It would be nice if the nightly snapshots were deployed from Hudson.
[1]
http://people.apache.org/maven-snapshot-repository/org/apache/ws/security/wss4j/
On Tue, Jan 11, 2011 at 12:11 PM, Daniel Kulp <dk...@apache.org> wrote:
> On Tuesday 11 January 2011 10:44:49 am Glen Mazza wrote:
> > On 10.01.2011 12:06, coheigea@apache.org wrote:
> > > Author: coheigea
> > > Date: Mon Jan 10 17:06:06 2011
> > > New Revision: 1057283
> > >
> > > URL: http://svn.apache.org/viewvc?rev=1057283&view=rev
> > > Log:
> > > [CXF-3236] - Add support for an Issued Token extracted from a SAML
> > > assertion
> > >
> > > - Upgrading to use WSS4J 1.5.11-SNAPSHOT temporarily, which will be
> > > released soon.
> >
> > I understand this is a short-term change, but does upgrading to
> > 1.5.11-SNAPSHOT end up breaking the build for anyone who hasn't
> > downloaded and build WSS4J first? Or do we have the SNAPSHOT repo
> > listed in the CXF project POMs someplace?
>
> I know on trunk, we have the snapshot repo there as we're using a snapshot
> of
> XmlSchema there. I'll need to double check on 2.3.x.
>
>
>
> --
> Daniel Kulp
> dkulp@apache.org
> http://dankulp.com/blog
>
Re: svn commit: r1057283 - in /cxf/branches/2.3.x-fixes/rt/ws/security: pom.xml src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
Posted by Daniel Kulp <dk...@apache.org>.
On Tuesday 11 January 2011 10:44:49 am Glen Mazza wrote:
> On 10.01.2011 12:06, coheigea@apache.org wrote:
> > Author: coheigea
> > Date: Mon Jan 10 17:06:06 2011
> > New Revision: 1057283
> >
> > URL: http://svn.apache.org/viewvc?rev=1057283&view=rev
> > Log:
> > [CXF-3236] - Add support for an Issued Token extracted from a SAML
> > assertion
> >
> > - Upgrading to use WSS4J 1.5.11-SNAPSHOT temporarily, which will be
> > released soon.
>
> I understand this is a short-term change, but does upgrading to
> 1.5.11-SNAPSHOT end up breaking the build for anyone who hasn't
> downloaded and build WSS4J first? Or do we have the SNAPSHOT repo
> listed in the CXF project POMs someplace?
I know on trunk, we have the snapshot repo there as we're using a snapshot of
XmlSchema there. I'll need to double check on 2.3.x.
--
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog
Re: svn commit: r1057283 - in /cxf/branches/2.3.x-fixes/rt/ws/security:
pom.xml src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
Posted by Glen Mazza <gl...@gmail.com>.
On 10.01.2011 12:06, coheigea@apache.org wrote:
> Author: coheigea
> Date: Mon Jan 10 17:06:06 2011
> New Revision: 1057283
>
> URL: http://svn.apache.org/viewvc?rev=1057283&view=rev
> Log:
> [CXF-3236] - Add support for an Issued Token extracted from a SAML assertion
> - Upgrading to use WSS4J 1.5.11-SNAPSHOT temporarily, which will be released soon.
>
I understand this is a short-term change, but does upgrading to
1.5.11-SNAPSHOT end up breaking the build for anyone who hasn't
downloaded and build WSS4J first? Or do we have the SNAPSHOT repo
listed in the CXF project POMs someplace?
Thanks,
Glen