You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-commits@axis.apache.org by ve...@apache.org on 2014/07/28 20:50:28 UTC
svn commit: r1614122 - in /axis/axis2/java/rampart/branches/1_6: ./
modules/distribution/ modules/rampart-core/
modules/rampart-core/src/main/java/org/apache/rampart/
modules/rampart-core/src/main/java/org/apache/rampart/util/
modules/rampart-integrati...
Author: veithen
Date: Mon Jul 28 18:50:28 2014
New Revision: 1614122
URL: http://svn.apache.org/r1614122
Log:
RAMPART-415: Merged r1610243, r1610817 and r1611122 to the 1.6 branch.
Added:
axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/resources/rampart/policy/35.xml
- copied unchanged from r1611122, axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/policy/35.xml
axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/resources/rampart/services-35.xml
- copied unchanged from r1611122, axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/services-35.xml
Modified:
axis/axis2/java/rampart/branches/1_6/ (props changed)
axis/axis2/java/rampart/branches/1_6/build.xml
axis/axis2/java/rampart/branches/1_6/modules/distribution/bin.xml
axis/axis2/java/rampart/branches/1_6/modules/distribution/pom.xml
axis/axis2/java/rampart/branches/1_6/modules/rampart-core/pom.xml
axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/pom.xml
axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
axis/axis2/java/rampart/branches/1_6/modules/rampart-trust/pom.xml
axis/axis2/java/rampart/branches/1_6/pom.xml
Propchange: axis/axis2/java/rampart/branches/1_6/
------------------------------------------------------------------------------
Merged /axis/axis2/java/rampart/trunk:r1610243,1610817,1611122
Modified: axis/axis2/java/rampart/branches/1_6/build.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/1_6/build.xml?rev=1614122&r1=1614121&r2=1614122&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/1_6/build.xml (original)
+++ axis/axis2/java/rampart/branches/1_6/build.xml Mon Jul 28 18:50:28 2014
@@ -106,7 +106,7 @@
</target>
<target name="copy-bc-jar-15" unless="${jdk14.present}">
- <copy todir="${dir.dist.bin}/lib" file="${dir.mvn2.repo}/bouncycastle/bcprov-jdk15/${version.bcprov15}/bcprov-jdk15-${version.bcprov15}.jar"/>
+ <copy todir="${dir.dist.bin}/lib" file="${dir.mvn2.repo}/org/bouncycastle/bcprov-jdk15on/${version.bcprov15}/bcprov-jdk15on-${version.bcprov15}.jar"/>
</target>
<target name="src-dist" depends="init">
Modified: axis/axis2/java/rampart/branches/1_6/modules/distribution/bin.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/1_6/modules/distribution/bin.xml?rev=1614122&r1=1614121&r2=1614122&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/1_6/modules/distribution/bin.xml (original)
+++ axis/axis2/java/rampart/branches/1_6/modules/distribution/bin.xml Mon Jul 28 18:50:28 2014
@@ -18,7 +18,7 @@
<include>org.apache.santuario:xmlsec:jar</include>
<include>opensaml:opensaml:jar</include>
<include>org.apache.ws.security:wss4j:jar</include>
- <include>bouncycastle:bcprov-jdk15:jar</include>
+ <include>org.bouncycastle:bcprov-jdk15on:jar</include>
<include>org.apache.rampart:rampart-core:jar</include>
<include>org.apache.rampart:rampart-policy:jar</include>
<include>org.apache.rampart:rampart-trust:jar</include>
Modified: axis/axis2/java/rampart/branches/1_6/modules/distribution/pom.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/1_6/modules/distribution/pom.xml?rev=1614122&r1=1614121&r2=1614122&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/1_6/modules/distribution/pom.xml (original)
+++ axis/axis2/java/rampart/branches/1_6/modules/distribution/pom.xml Mon Jul 28 18:50:28 2014
@@ -113,8 +113,8 @@
<version>${project.version}</version>
</dependency>
<dependency>
- <groupId>bouncycastle</groupId>
- <artifactId>bcprov-jdk15</artifactId>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
<version>${bcprov.jdk15.version}</version>
</dependency>
<dependency>
Modified: axis/axis2/java/rampart/branches/1_6/modules/rampart-core/pom.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/1_6/modules/rampart-core/pom.xml?rev=1614122&r1=1614121&r2=1614122&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/1_6/modules/rampart-core/pom.xml (original)
+++ axis/axis2/java/rampart/branches/1_6/modules/rampart-core/pom.xml Mon Jul 28 18:50:28 2014
@@ -81,8 +81,8 @@
<artifactId>wss4j</artifactId>
</dependency>
<dependency>
- <groupId>bouncycastle</groupId>
- <artifactId>bcprov-jdk15</artifactId>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.opensaml</groupId>
Modified: axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java?rev=1614122&r1=1614121&r2=1614122&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java (original)
+++ axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java Mon Jul 28 18:50:28 2014
@@ -32,6 +32,7 @@ import org.apache.rampart.saml.SAMLAsser
import org.apache.rampart.util.Axis2Util;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.secpolicy.model.UsernameToken;
import org.apache.ws.security.*;
import org.apache.ws.security.components.crypto.Crypto;
@@ -114,6 +115,19 @@ public class RampartEngine {
t0 = System.currentTimeMillis();
}
+ //wss4j does not allow username tokens with no password per default, see https://issues.apache.org/jira/browse/WSS-420
+ //configure it to allow them explicitly if at least one username token assertion with no password requirement is found
+ if (!rmd.isInitiator()) {
+ Collection<UsernameToken> usernameTokens = RampartUtil.getUsernameTokens(rpd);
+ for (UsernameToken usernameTok : usernameTokens) {
+ if (usernameTok.isNoPassword()) {
+ log.debug("Found UsernameToken with no password assertion in policy, configuring ws security processing to allow username tokens without password." );
+ engine.getWssConfig().setAllowUsernameTokenNoPassword(true);
+ break;
+ }
+ }
+ }
+
String actorValue = secHeader.getAttributeValue(new QName(rmd
.getSoapConstants().getEnvelopeURI(), "actor"));
Modified: axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java?rev=1614122&r1=1614121&r2=1614122&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java (original)
+++ axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java Mon Jul 28 18:50:28 2014
@@ -1454,7 +1454,12 @@ public class RampartUtil {
String encrKeyId = (String) wsSecEngineResult.get(WSSecurityEngineResult.TAG_ID);
if (actInt == WSConstants.ENCR &&
encrKeyId != null) {
- return encrKeyId;
+ if (encrKeyId.length() > 0) {
+ return encrKeyId;
+ }
+ else if (log.isDebugEnabled()) {
+ log.debug("Found encryption security processing result with empty id, skipping it: " + wsSecEngineResult);
+ }
}
}
}
@@ -1906,4 +1911,60 @@ public class RampartUtil {
QName value = code.getValueAsQName();
return value == null ? false : value.getNamespaceURI().equals(WSConstants.WSSE_NS);
}
+
+ /**
+ * @param rpd Rampart policy data instance. Must not be null.
+ * @return A collection of all {@link UsernameToken} supporting token assertions in the specified Rampart policy instance. The method will check the following lists:
+ * <ul>
+ * <li>{@link RampartPolicyData#getSupportingTokensList()}</li>
+ * <li>{@link RampartPolicyData#getSignedSupportingTokens()}</li>
+ * <li>{@link RampartPolicyData#getSignedEndorsingSupportingTokens()}</li>
+ * <li>{@link RampartPolicyData#getEndorsingSupportingTokens()}</li>
+ * <li>{@link RampartPolicyData#getEncryptedSupportingTokens()}</li>
+ * <li>{@link RampartPolicyData#getSignedEncryptedSupportingTokens()}</li>
+ * <li>{@link RampartPolicyData#getEndorsingEncryptedSupportingTokens()}</li>
+ * <li>{@link RampartPolicyData#getSignedEndorsingEncryptedSupportingTokens()}</li>
+ * </ul>
+ */
+ public static Collection<UsernameToken> getUsernameTokens(RampartPolicyData rpd) {
+ Collection<UsernameToken> usernameTokens = new ArrayList<UsernameToken>();
+
+ List<SupportingToken> supportingToks = rpd.getSupportingTokensList();
+ for (SupportingToken suppTok : supportingToks) {
+ usernameTokens.addAll(getUsernameTokens(suppTok));
+ }
+
+ usernameTokens.addAll(getUsernameTokens(rpd.getSignedSupportingTokens()));
+ usernameTokens.addAll(getUsernameTokens(rpd.getSignedEndorsingSupportingTokens()));
+ usernameTokens.addAll(getUsernameTokens(rpd.getEndorsingSupportingTokens()));
+ usernameTokens.addAll(getUsernameTokens(rpd.getEncryptedSupportingTokens()));
+ usernameTokens.addAll(getUsernameTokens(rpd.getSignedEncryptedSupportingTokens()));
+ usernameTokens.addAll(getUsernameTokens(rpd.getEndorsingEncryptedSupportingTokens()));
+ usernameTokens.addAll(getUsernameTokens(rpd.getSignedEndorsingEncryptedSupportingTokens()));
+
+ return usernameTokens;
+ }
+
+ /**
+ * @param suppTok The {@link SupportingToken} assertion to check for username tokens.
+ * @return A collection of all tokens in the specified <code>suppTok</code> SupportingToken assertion which are instances of {@link UsernameToken}.
+ * If the specified <code>suppTok</code> SupportingToken assertion is <code>null</code>, an empty collection will be returned.
+ */
+ public static Collection<UsernameToken> getUsernameTokens(SupportingToken suppTok) {
+
+ if (suppTok == null) {
+ return new ArrayList<UsernameToken>();
+ }
+
+ Collection<UsernameToken> usernameTokens = new ArrayList<UsernameToken>();
+ ArrayList tokens = suppTok.getTokens();
+ for (Iterator iter = tokens.iterator(); iter.hasNext();) {
+ org.apache.ws.secpolicy.model.Token token = (org.apache.ws.secpolicy.model.Token) iter.next();
+ if (token instanceof UsernameToken) {
+ usernameTokens.add((UsernameToken)token);
+ }
+ }
+
+ return usernameTokens;
+ }
}
Modified: axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/pom.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/pom.xml?rev=1614122&r1=1614121&r2=1614122&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/pom.xml (original)
+++ axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/pom.xml Mon Jul 28 18:50:28 2014
@@ -563,6 +563,10 @@
<!-- Service 34 -->
<copy overwrite="yes" file="src/test/resources/rampart/services-34.xml" tofile="target/temp-ramp/META-INF/services.xml" />
<jar jarfile="target/test-resources/rampart_service_repo/services/SecureService34.aar" basedir="target/temp-ramp" />
+
+ <!-- Service 35 -->
+ <copy overwrite="yes" file="src/test/resources/rampart/services-35.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService35.aar" basedir="target/temp-ramp" />
<!-- Service SC-1 -->
Modified: axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java?rev=1614122&r1=1614121&r2=1614122&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java (original)
+++ axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java Mon Jul 28 18:50:28 2014
@@ -96,7 +96,7 @@ public class RampartTest extends TestCas
"Unlimited Strength Jurisdiction Policy !!!");
}
- for (int i = 1; i <= 34; i++) { //<-The number of tests we have
+ for (int i = 1; i <= 35; i++) { //<-The number of tests we have
if(!basic256Supported && (i == 3 || i == 4 || i == 5)) {
//Skip the Basic256 tests
continue;
Modified: axis/axis2/java/rampart/branches/1_6/modules/rampart-trust/pom.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/1_6/modules/rampart-trust/pom.xml?rev=1614122&r1=1614121&r2=1614122&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/1_6/modules/rampart-trust/pom.xml (original)
+++ axis/axis2/java/rampart/branches/1_6/modules/rampart-trust/pom.xml Mon Jul 28 18:50:28 2014
@@ -91,8 +91,8 @@
<artifactId>wss4j</artifactId>
</dependency>
<dependency>
- <groupId>bouncycastle</groupId>
- <artifactId>bcprov-jdk15</artifactId>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.opensaml</groupId>
Modified: axis/axis2/java/rampart/branches/1_6/pom.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/1_6/pom.xml?rev=1614122&r1=1614121&r2=1614122&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/1_6/pom.xml (original)
+++ axis/axis2/java/rampart/branches/1_6/pom.xml Mon Jul 28 18:50:28 2014
@@ -272,8 +272,8 @@
<version>${wss4j.version}</version>
</dependency>
<dependency>
- <groupId>bouncycastle</groupId>
- <artifactId>bcprov-jdk15</artifactId>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
<version>${bcprov.jdk15.version}</version>
</dependency>
<dependency>
@@ -424,10 +424,10 @@
<axis2.version>1.6.3-SNAPSHOT</axis2.version>
<axiom.version>1.2.14</axiom.version>
- <wss4j.version>1.6.4</wss4j.version>
+ <wss4j.version>1.6.16</wss4j.version>
<opensaml.version>2.5.1-1</opensaml.version>
- <bcprov.jdk15.version>140</bcprov.jdk15.version>
+ <bcprov.jdk15.version>1.49</bcprov.jdk15.version>
<!-- distribution properties -->
<dist.dir>rampart-${project.version}</dist.dir>