You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/04/14 15:42:43 UTC
[1/2] cxf git commit: Introducing new security constants to be shared
between SOAP + REST code
Repository: cxf
Updated Branches:
refs/heads/master 5f5db6440 -> 5faf18226
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
index 345e237..34d7cb1 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
@@ -151,7 +151,7 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor {
private SecurityContext createSecurityContext(Message msg,
SamlAssertionWrapper samlAssertion) {
String roleAttributeName =
- (String)msg.getContextualProperty(SecurityConstants.SAML_ROLE_ATTRIBUTENAME);
+ (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_ROLE_ATTRIBUTENAME, msg);
if (roleAttributeName == null || roleAttributeName.length() == 0) {
roleAttributeName = WSS4JInInterceptor.SAML_ROLE_ATTRIBUTENAME_DEFAULT;
}
@@ -198,7 +198,7 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor {
WSDocInfo wsDocInfo = new WSDocInfo(tokenElement.getOwnerDocument());
RequestData data = new CXFRequestData();
- Object o = message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
+ Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, message);
try {
data.setCallbackHandler(SecurityUtils.getCallbackHandler(o));
} catch (Exception ex) {
@@ -389,7 +389,8 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor {
protected WSSecUsernameToken addUsernameToken(SoapMessage message, UsernameToken token) {
- String userName = (String)message.getContextualProperty(SecurityConstants.USERNAME);
+ String userName =
+ (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message);
WSSConfig wssConfig = (WSSConfig)message.getContextualProperty(WSSConfig.class.getName());
if (wssConfig == null) {
wssConfig = WSSConfig.getNewInstance();
@@ -406,7 +407,8 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor {
return utBuilder;
}
- String password = (String)message.getContextualProperty(SecurityConstants.PASSWORD);
+ String password =
+ (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.PASSWORD, message);
if (StringUtils.isEmpty(password)) {
password = getPassword(userName, token, WSPasswordCallback.USERNAME_TOKEN, message);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
index 111c93f..bed0c11 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
@@ -265,7 +265,8 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
*isn't available
*/
boolean enableRevocation = reqData.isRevocationEnabled()
- || MessageUtils.isTrue(msg.getContextualProperty(SecurityConstants.ENABLE_REVOCATION));
+ || MessageUtils.isTrue(SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENABLE_REVOCATION,
+ msg));
reqData.setEnableRevocation(enableRevocation);
Element soapBody = SAAJUtils.getBody(doc);
@@ -337,10 +338,12 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
private void configureAudienceRestriction(SoapMessage msg, RequestData reqData) {
// Add Audience Restrictions for SAML
- boolean enableAudienceRestriction =
- MessageUtils.getContextualBoolean(msg,
- SecurityConstants.AUDIENCE_RESTRICTION_VALIDATION,
- true);
+ boolean enableAudienceRestriction = true;
+ String audRestrValStr =
+ (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.AUDIENCE_RESTRICTION_VALIDATION, msg);
+ if (audRestrValStr != null) {
+ enableAudienceRestriction = Boolean.parseBoolean(audRestrValStr);
+ }
if (enableAudienceRestriction) {
List<String> audiences = new ArrayList<>();
if (msg.getContextualProperty(org.apache.cxf.message.Message.REQUEST_URL) != null) {
@@ -395,11 +398,13 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
// Try to get Crypto Provider from message context properties.
// It gives a possibility to use external Crypto Provider
//
- Crypto encCrypto = (Crypto)msg.getContextualProperty(SecurityConstants.ENCRYPT_CRYPTO);
+ Crypto encCrypto =
+ (Crypto)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_CRYPTO, msg);
if (encCrypto != null) {
reqData.setDecCrypto(encCrypto);
}
- Crypto sigCrypto = (Crypto)msg.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
+ Crypto sigCrypto =
+ (Crypto)SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_CRYPTO, msg);
if (sigCrypto != null) {
reqData.setSigVerCrypto(sigCrypto);
}
@@ -503,9 +508,17 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
}
results.add(0, wsResult);
- Boolean allowUnsignedSamlPrincipals =
- MessageUtils.getContextualBoolean(msg,
- SecurityConstants.ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL, false);
+ String allowUnsigned =
+ (String)SecurityUtils.getSecurityPropertyValue(
+ SecurityConstants.ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL, msg
+ );
+ boolean allowUnsignedSamlPrincipals = Boolean.parseBoolean(allowUnsigned);
+ boolean useJAASSubject = true;
+ String useJAASSubjectStr =
+ (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.SC_FROM_JAAS_SUBJECT, msg);
+ if (useJAASSubjectStr != null) {
+ useJAASSubject = Boolean.parseBoolean(useJAASSubjectStr);
+ }
for (int i = wsResult.getResults().size() - 1; i >= 0; i--) {
WSSecurityEngineResult o = wsResult.getResults().get(i);
@@ -513,8 +526,6 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
Integer action = (Integer)o.get(WSSecurityEngineResult.TAG_ACTION);
final Principal p = (Principal)o.get(WSSecurityEngineResult.TAG_PRINCIPAL);
final Subject subject = (Subject)o.get(WSSecurityEngineResult.TAG_SUBJECT);
- final boolean useJAASSubject = MessageUtils
- .getContextualBoolean(msg, SecurityConstants.SC_FROM_JAAS_SUBJECT, true);
final Object binarySecurity = o.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
final boolean isValidSamlToken = action == WSConstants.ST_SIGNED
@@ -577,8 +588,8 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
}
if (receivedAssertion instanceof SamlAssertionWrapper) {
- String roleAttributeName = (String)msg.getContextualProperty(
- SecurityConstants.SAML_ROLE_ATTRIBUTENAME);
+ String roleAttributeName = (String)SecurityUtils.getSecurityPropertyValue(
+ SecurityConstants.SAML_ROLE_ATTRIBUTENAME, msg);
if (roleAttributeName == null || roleAttributeName.length() == 0) {
roleAttributeName = SAML_ROLE_ATTRIBUTENAME_DEFAULT;
}
@@ -656,8 +667,9 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
}
protected CallbackHandler getCallback(RequestData reqData) throws WSSecurityException {
- Object o = ((SoapMessage)reqData.getMsgContext())
- .getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
+ Object o =
+ SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER,
+ (SoapMessage)reqData.getMsgContext());
CallbackHandler cbHandler = null;
try {
cbHandler = SecurityUtils.getCallbackHandler(o);
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
index dc9289f..dbfd391 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
@@ -39,6 +39,7 @@ import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.interceptor.StaxInInterceptor;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.phase.Phase;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
import org.apache.wss4j.common.ConfigurationConstants;
@@ -245,7 +246,7 @@ public class WSS4JStaxInInterceptor extends AbstractWSS4JStaxInterceptor {
}
boolean enableRevocation =
- MessageUtils.isTrue(msg.getContextualProperty(SecurityConstants.ENABLE_REVOCATION));
+ MessageUtils.isTrue(SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENABLE_REVOCATION, msg));
securityProperties.setEnableRevocation(enableRevocation);
// Crypto loading only applies for Map
@@ -293,10 +294,12 @@ public class WSS4JStaxInInterceptor extends AbstractWSS4JStaxInterceptor {
private void configureAudienceRestriction(SoapMessage msg, WSSSecurityProperties securityProperties) {
// Add Audience Restrictions for SAML
- boolean enableAudienceRestriction =
- MessageUtils.getContextualBoolean(msg,
- SecurityConstants.AUDIENCE_RESTRICTION_VALIDATION,
- true);
+ boolean enableAudienceRestriction = true;
+ String audRestrStr =
+ (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.AUDIENCE_RESTRICTION_VALIDATION, msg);
+ if (audRestrStr != null) {
+ enableAudienceRestriction = Boolean.parseBoolean(audRestrStr);
+ }
if (enableAudienceRestriction) {
List<String> audiences = new ArrayList<String>();
if (msg.getContextualProperty(org.apache.cxf.message.Message.REQUEST_URL) != null) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
index 2de2d57..0de353f 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
@@ -39,6 +39,7 @@ import org.apache.cxf.message.Exchange;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.wss4j.common.ConfigurationConstants;
import org.apache.wss4j.common.WSSPolicyException;
@@ -210,15 +211,17 @@ public class WSS4JStaxOutInterceptor extends AbstractWSS4JStaxInterceptor {
SoapMessage msg, OutboundSecurityContext outboundSecurityContext,
WSSSecurityProperties securityProperties
) throws WSSecurityException {
- String user = (String)msg.getContextualProperty(SecurityConstants.USERNAME);
+ String user = (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, msg);
if (user != null) {
securityProperties.setTokenUser(user);
}
- String sigUser = (String)msg.getContextualProperty(SecurityConstants.SIGNATURE_USERNAME);
+ String sigUser =
+ (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_USERNAME, msg);
if (sigUser != null) {
securityProperties.setSignatureUser(sigUser);
}
- String encUser = (String)msg.getContextualProperty(SecurityConstants.ENCRYPT_USERNAME);
+ String encUser =
+ (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_USERNAME, msg);
if (encUser != null) {
securityProperties.setEncryptionUser(encUser);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index 3a2e995..bb4aa46 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -726,7 +726,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
return null;
}
- String userName = (String)message.getContextualProperty(SecurityConstants.USERNAME);
+ String userName = (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message);
if (!StringUtils.isEmpty(userName)) {
WSSecUsernameToken utBuilder = new WSSecUsernameToken();
utBuilder.setIdAllocator(wssConfig.getIdAllocator());
@@ -737,7 +737,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
utBuilder.setUserInfo(userName, null);
utBuilder.setPasswordType(null);
} else {
- String password = (String)message.getContextualProperty(SecurityConstants.PASSWORD);
+ String password =
+ (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.PASSWORD, message);
if (StringUtils.isEmpty(password)) {
password = getPassword(userName, token, WSPasswordCallback.USERNAME_TOKEN);
}
@@ -776,13 +777,14 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
return null;
}
- String userName = (String)message.getContextualProperty(SecurityConstants.USERNAME);
+ String userName = (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message);
if (!StringUtils.isEmpty(userName)) {
WSSecUsernameToken utBuilder = new WSSecUsernameToken();
utBuilder.setIdAllocator(wssConfig.getIdAllocator());
utBuilder.setWsTimeSource(wssConfig.getCurrentTime());
- String password = (String)message.getContextualProperty(SecurityConstants.PASSWORD);
+ String password =
+ (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.PASSWORD, message);
if (StringUtils.isEmpty(password)) {
password = getPassword(userName, token, WSPasswordCallback.USERNAME_TOKEN);
}
@@ -813,7 +815,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
//
// Get the SAML CallbackHandler
//
- Object o = message.getContextualProperty(SecurityConstants.SAML_CALLBACK_HANDLER);
+ Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_CALLBACK_HANDLER, message);
if (o == null) {
SecurityToken securityToken = getSecurityToken();
@@ -855,7 +857,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
String issuerName = samlCallback.getIssuerKeyName();
if (issuerName == null) {
String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
- issuerName = (String)message.getContextualProperty(userNameKey);
+ issuerName = (String)SecurityUtils.getSecurityPropertyValue(userNameKey, message);
}
String password = samlCallback.getIssuerKeyPassword();
if (password == null) {
@@ -918,7 +920,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
public String getPassword(String userName, Assertion info, int usage) {
//Then try to get the password from the given callback handler
- Object o = message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
+ Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, message);
CallbackHandler handler = null;
try {
handler = SecurityUtils.getCallbackHandler(o);
@@ -1397,7 +1399,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
private X509Certificate getEncryptCert(Crypto crypto, String encrUser) throws WSSecurityException {
// Check for prepared encryption certificate
- X509Certificate encrCert = (X509Certificate)message.getContextualProperty(SecurityConstants.ENCRYPT_CERT);
+ X509Certificate encrCert =
+ (X509Certificate)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_CERT, message);
if (encrCert != null) {
return encrCert;
}
@@ -1420,11 +1423,16 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
public Crypto getEncryptionCrypto(AbstractTokenWrapper wrapper) throws WSSecurityException {
Crypto crypto = getCrypto(wrapper, SecurityConstants.ENCRYPT_CRYPTO,
SecurityConstants.ENCRYPT_PROPERTIES);
- boolean enableRevocation = MessageUtils.isTrue(
- message.getContextualProperty(SecurityConstants.ENABLE_REVOCATION));
+ boolean enableRevocation = false;
+ String enableRevStr =
+ (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENABLE_REVOCATION, message);
+ if (enableRevStr != null) {
+ enableRevocation = Boolean.parseBoolean(enableRevStr);
+ }
if (enableRevocation && crypto != null) {
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
- String encrUser = (String)message.getContextualProperty(SecurityConstants.ENCRYPT_USERNAME);
+ String encrUser =
+ (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_USERNAME, message);
if (encrUser == null) {
try {
encrUser = crypto.getDefaultX509Identifier();
@@ -1447,12 +1455,12 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
String cryptoKey,
String propKey
) throws WSSecurityException {
- Crypto crypto = (Crypto)message.getContextualProperty(cryptoKey);
+ Crypto crypto = (Crypto)SecurityUtils.getSecurityPropertyValue(cryptoKey, message);
if (crypto != null) {
return crypto;
}
- Object o = message.getContextualProperty(propKey);
+ Object o = SecurityUtils.getSecurityPropertyValue(propKey, message);
if (o == null) {
return null;
}
@@ -1483,7 +1491,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
return passwordEncryptor;
}
- Object o = message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
+ Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, message);
try {
CallbackHandler callbackHandler = SecurityUtils.getCallbackHandler(o);
if (callbackHandler != null) {
@@ -1547,15 +1555,16 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
public String setEncryptionUser(WSSecEncryptedKey encrKeyBuilder, AbstractTokenWrapper token,
boolean sign, Crypto crypto) {
// Check for prepared certificate property
- X509Certificate encrCert = (X509Certificate)message.getContextualProperty(SecurityConstants.ENCRYPT_CERT);
+ X509Certificate encrCert =
+ (X509Certificate)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_CERT, message);
if (encrCert != null) {
encrKeyBuilder.setUseThisCert(encrCert);
return null;
}
- String encrUser = (String)message.getContextualProperty(sign
- ? SecurityConstants.SIGNATURE_USERNAME
- : SecurityConstants.ENCRYPT_USERNAME);
+ String key = sign ? SecurityConstants.SIGNATURE_USERNAME : SecurityConstants.ENCRYPT_USERNAME;
+ String encrUser = (String)SecurityUtils.getSecurityPropertyValue(key, message);
+
if (crypto != null && (encrUser == null || "".equals(encrUser))) {
try {
encrUser = crypto.getDefaultX509Identifier();
@@ -1767,7 +1776,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
if (!endorse) {
message.getExchange().put(SecurityConstants.SIGNATURE_CRYPTO, crypto);
}
- String user = (String)message.getContextualProperty(userNameKey);
+ String user = (String)SecurityUtils.getSecurityPropertyValue(userNameKey, message);
if (StringUtils.isEmpty(user)) {
if (crypto != null) {
try {
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
index 1c4d3c2..9483fff 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
@@ -162,10 +162,11 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa
// Check if a CallbackHandler was specified
if (properties.getCallbackHandler() == null) {
- String password = (String)message.getContextualProperty(SecurityConstants.PASSWORD);
+ String password =
+ (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.PASSWORD, message);
if (password != null) {
String username =
- (String)message.getContextualProperty(SecurityConstants.USERNAME);
+ (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message);
UTCallbackHandler callbackHandler = new UTCallbackHandler(username, password);
properties.setCallbackHandler(callbackHandler);
}
@@ -285,7 +286,7 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa
//
// Get the SAML CallbackHandler
//
- Object o = message.getContextualProperty(SecurityConstants.SAML_CALLBACK_HANDLER);
+ Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_CALLBACK_HANDLER, message);
try {
CallbackHandler handler = SecurityUtils.getCallbackHandler(o);
if (handler == null) {
@@ -536,9 +537,9 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa
}
properties.setSignatureCanonicalizationAlgorithm(
binding.getAlgorithmSuite().getC14n().getValue());
- String sigUser = (String)message.getContextualProperty(userNameKey);
+ String sigUser = (String)SecurityUtils.getSecurityPropertyValue(userNameKey, message);
if (sigUser == null) {
- sigUser = (String)message.getContextualProperty(SecurityConstants.USERNAME);
+ sigUser = (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message);
}
if (sigUser != null && properties.getSignatureUser() == null) {
properties.setSignatureUser(sigUser);
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
index f610239..43af2fb 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
@@ -30,6 +30,7 @@ import javax.xml.soap.SOAPException;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
@@ -377,9 +378,10 @@ public class StaxAsymmetricBindingHandler extends AbstractStaxBindingHandler {
properties.setEncryptionSymAlgorithm(
algorithmSuite.getAlgorithmSuiteType().getEncryption());
- String encUser = (String)message.getContextualProperty(SecurityConstants.ENCRYPT_USERNAME);
+ String encUser =
+ (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_USERNAME, message);
if (encUser == null) {
- encUser = (String)message.getContextualProperty(SecurityConstants.USERNAME);
+ encUser = (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message);
}
if (encUser != null && properties.getEncryptionUser() == null) {
properties.setEncryptionUser(encUser);
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
index b4dce04..39c60e3 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
@@ -32,6 +32,7 @@ import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.MessageUtils;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
@@ -470,9 +471,10 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler {
properties.setEncryptionSymAlgorithm(
algorithmSuite.getAlgorithmSuiteType().getEncryption());
- String encUser = (String)message.getContextualProperty(SecurityConstants.ENCRYPT_USERNAME);
+ String encUser =
+ (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_USERNAME, message);
if (encUser == null) {
- encUser = (String)message.getContextualProperty(SecurityConstants.USERNAME);
+ encUser = (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message);
}
if (encUser != null && properties.getEncryptionUser() == null) {
properties.setEncryptionUser(encUser);
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
index 8423500..6d7f9ac 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
@@ -31,9 +31,9 @@ import javax.xml.soap.SOAPMessage;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
@@ -566,7 +566,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
String uname = crypto.getX509Identifier(secTok.getX509Certificate());
if (uname == null) {
String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
- uname = (String)message.getContextualProperty(userNameKey);
+ uname = (String)SecurityUtils.getSecurityPropertyValue(userNameKey, message);
}
String password = getPassword(uname, token, WSPasswordCallback.SIGNATURE);
if (password == null) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/provider/CryptoProviderUtils.java
----------------------------------------------------------------------
diff --git a/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/provider/CryptoProviderUtils.java b/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/provider/CryptoProviderUtils.java
index 6d46d08..d855d2e 100644
--- a/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/provider/CryptoProviderUtils.java
+++ b/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/provider/CryptoProviderUtils.java
@@ -35,7 +35,7 @@ final class CryptoProviderUtils {
}
public static Properties loadKeystoreProperties(Message message, String propKey) {
- Object o = message.getContextualProperty(propKey);
+ Object o = SecurityUtils.getSecurityPropertyValue(propKey, message);
if (o == null) {
throw new CryptoProviderException("Keystore properties path is not defined");
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlCallbackHandler.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlCallbackHandler.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlCallbackHandler.java
index d178cb7..d9168c2 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlCallbackHandler.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlCallbackHandler.java
@@ -34,8 +34,8 @@ import org.apache.cxf.message.Message;
import org.apache.cxf.phase.PhaseInterceptorChain;
import org.apache.cxf.rs.security.common.CryptoLoader;
import org.apache.cxf.rs.security.common.SecurityUtils;
+import org.apache.cxf.rt.security.SecurityConstants;
import org.apache.cxf.rt.security.saml.claims.SAMLClaim;
-import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.saml.SAMLCallback;
import org.apache.wss4j.common.saml.bean.ActionBean;
[2/2] cxf git commit: Introducing new security constants to be shared
between SOAP + REST code
Posted by co...@apache.org.
Introducing new security constants to be shared between SOAP + REST code
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5faf1822
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5faf1822
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5faf1822
Branch: refs/heads/master
Commit: 5faf182264c64bd3c0abc0addc9746b64492c864
Parents: 5f5db64
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Apr 14 14:41:59 2015 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Apr 14 14:41:59 2015 +0100
----------------------------------------------------------------------
.../grants/saml/Saml2BearerGrantHandler.java | 2 +-
.../saml/sso/AbstractServiceProviderFilter.java | 5 +-
rt/rs/security/xml/pom.xml | 8 +-
.../cxf/rs/security/common/CryptoLoader.java | 5 +-
.../cxf/rs/security/common/SecurityUtils.java | 19 +-
.../rs/security/saml/AbstractSamlInHandler.java | 30 ++-
.../apache/cxf/rs/security/saml/SAMLUtils.java | 2 +-
.../security/xml/AbstractXmlEncInHandler.java | 3 +-
.../security/xml/AbstractXmlSigInHandler.java | 2 +-
.../rs/security/xml/XmlEncOutInterceptor.java | 6 +-
.../rs/security/xml/XmlSecInInterceptor.java | 2 +-
.../rs/security/xml/XmlSecOutInterceptor.java | 5 +-
.../rs/security/xml/XmlSigOutInterceptor.java | 3 +-
.../cxf/rt/security/SecurityConstants.java | 211 +++++++++++++++++++
.../cxf/rt/security/utils/SecurityUtils.java | 12 ++
.../cxf/ws/security/SecurityConstants.java | 166 ++-------------
.../cxf/ws/security/kerberos/KerberosUtils.java | 2 +-
.../SpnegoContextTokenInInterceptor.java | 2 +-
.../SpnegoContextTokenOutInterceptor.java | 2 +-
.../ws/security/trust/AbstractSTSClient.java | 3 +
.../trust/AuthPolicyValidatingInterceptor.java | 3 +-
.../cxf/ws/security/trust/STSLoginModule.java | 4 +-
.../delegation/WSSUsernameCallbackHandler.java | 4 +-
.../wss4j/AbstractTokenInterceptor.java | 2 +-
.../wss4j/AbstractWSS4JInterceptor.java | 16 +-
.../wss4j/AbstractWSS4JStaxInterceptor.java | 9 +-
.../wss4j/BinarySecurityTokenInterceptor.java | 2 +-
.../wss4j/PolicyBasedWSS4JInInterceptor.java | 26 +--
.../PolicyBasedWSS4JStaxInInterceptor.java | 25 +--
.../PolicyBasedWSS4JStaxOutInterceptor.java | 25 +--
.../ws/security/wss4j/SamlTokenInterceptor.java | 14 +-
.../wss4j/StaxSecurityContextInInterceptor.java | 5 +-
.../wss4j/UsernameTokenInterceptor.java | 10 +-
.../ws/security/wss4j/WSS4JInInterceptor.java | 44 ++--
.../security/wss4j/WSS4JStaxInInterceptor.java | 13 +-
.../security/wss4j/WSS4JStaxOutInterceptor.java | 9 +-
.../policyhandlers/AbstractBindingBuilder.java | 47 +++--
.../AbstractStaxBindingHandler.java | 11 +-
.../StaxAsymmetricBindingHandler.java | 6 +-
.../StaxSymmetricBindingHandler.java | 6 +-
.../policyhandlers/TransportBindingHandler.java | 4 +-
.../crypto/provider/CryptoProviderUtils.java | 2 +-
.../security/saml/SamlCallbackHandler.java | 2 +-
43 files changed, 469 insertions(+), 310 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
index 6a29910..94d49aa 100644
--- a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
+++ b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
@@ -52,11 +52,11 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
import org.apache.cxf.rs.security.saml.authorization.SecurityContextProvider;
import org.apache.cxf.rs.security.saml.authorization.SecurityContextProviderImpl;
+import org.apache.cxf.rt.security.SecurityConstants;
import org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext;
import org.apache.cxf.security.SecurityContext;
import org.apache.cxf.security.transport.TLSSessionInfo;
import org.apache.cxf.staxutils.StaxUtils;
-import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.wss4j.common.saml.SAMLKeyInfo;
import org.apache.wss4j.common.saml.SAMLUtil;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
index b4afac4..ac64188 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
@@ -54,11 +54,12 @@ import org.apache.cxf.rs.security.saml.SAMLUtils;
import org.apache.cxf.rs.security.saml.assertion.Subject;
import org.apache.cxf.rs.security.saml.sso.state.RequestState;
import org.apache.cxf.rs.security.saml.sso.state.ResponseState;
+import org.apache.cxf.rt.security.SecurityConstants;
import org.apache.cxf.rt.security.claims.ClaimCollection;
import org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.security.SecurityContext;
import org.apache.cxf.staxutils.StaxUtils;
-import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.wss4j.common.saml.OpenSAMLUtil;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.opensaml.saml.saml2.core.AuthnRequest;
@@ -188,7 +189,7 @@ public abstract class AbstractServiceProviderFilter extends AbstractSSOSpHandler
if (name != null) {
String roleAttributeName =
- (String)m.getContextualProperty(SecurityConstants.SAML_ROLE_ATTRIBUTENAME);
+ (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_ROLE_ATTRIBUTENAME, m);
if (roleAttributeName == null || roleAttributeName.length() == 0) {
roleAttributeName = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role";
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/rs/security/xml/pom.xml
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/pom.xml b/rt/rs/security/xml/pom.xml
index 6b7589c..9f23405 100644
--- a/rt/rs/security/xml/pom.xml
+++ b/rt/rs/security/xml/pom.xml
@@ -46,11 +46,15 @@
<artifactId>cxf-rt-frontend-jaxrs</artifactId>
<version>${project.version}</version>
</dependency>
- <!-- replace with wss4j, santario and opensaml deps -->
<dependency>
<groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-ws-security</artifactId>
+ <artifactId>cxf-rt-security-saml</artifactId>
<version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.apache.wss4j</groupId>
+ <artifactId>wss4j-ws-security-dom</artifactId>
+ <version>${cxf.wss4j.version}</version>
+ </dependency>
</dependencies>
</project>
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/CryptoLoader.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/CryptoLoader.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/CryptoLoader.java
index 62dae7b..005940f 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/CryptoLoader.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/CryptoLoader.java
@@ -52,12 +52,13 @@ public class CryptoLoader {
String cryptoKey,
String propKey)
throws IOException, WSSecurityException {
- Crypto crypto = (Crypto)message.getContextualProperty(cryptoKey);
+ Crypto crypto =
+ (Crypto)org.apache.cxf.rt.security.utils.SecurityUtils.getSecurityPropertyValue(cryptoKey, message);
if (crypto != null) {
return crypto;
}
- Object o = message.getContextualProperty(propKey);
+ Object o = org.apache.cxf.rt.security.utils.SecurityUtils.getSecurityPropertyValue(propKey, message);
if (o == null) {
return null;
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java
index 06b3462..d8db9ed 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java
@@ -33,7 +33,7 @@ import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
-import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.rt.security.SecurityConstants;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.crypto.Merlin;
@@ -56,9 +56,16 @@ public final class SecurityUtils {
Message requestMessage = outMessage != null && MessageUtils.isRequestor(outMessage)
? outMessage : m;
+
+ Object encryptionProperties =
+ org.apache.cxf.rt.security.utils.SecurityUtils.getSecurityPropertyValue(
+ SecurityConstants.ENCRYPT_PROPERTIES, m);
+ Object signatureProperties =
+ org.apache.cxf.rt.security.utils.SecurityUtils.getSecurityPropertyValue(
+ SecurityConstants.SIGNATURE_PROPERTIES, m);
+
return "POST".equals((String)requestMessage.get(Message.HTTP_REQUEST_METHOD))
- && m.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES) != null
- && m.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES) != null;
+ && encryptionProperties != null && signatureProperties != null;
}
public static X509Certificate loadX509Certificate(Crypto crypto, Element certNode)
@@ -108,7 +115,8 @@ public final class SecurityUtils {
}
public static String getUserName(Message message, Crypto crypto, String userNameKey) {
- String user = (String)message.getContextualProperty(userNameKey);
+ String user =
+ (String)org.apache.cxf.rt.security.utils.SecurityUtils.getSecurityPropertyValue(userNameKey, message);
return getUserName(crypto, user);
}
@@ -151,7 +159,8 @@ public final class SecurityUtils {
Class<?> callingClass,
String callbackProperty) throws WSSecurityException {
//Then try to get the password from the given callback handler
- Object o = message.getContextualProperty(callbackProperty);
+ Object o =
+ org.apache.cxf.rt.security.utils.SecurityUtils.getSecurityPropertyValue(callbackProperty, message);
try {
return org.apache.cxf.rt.security.utils.SecurityUtils.getCallbackHandler(o);
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
index 1e87629..9b672e0 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
@@ -41,17 +41,15 @@ import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.jaxrs.utils.ExceptionUtils;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.rs.security.common.CryptoLoader;
import org.apache.cxf.rs.security.common.SecurityUtils;
import org.apache.cxf.rs.security.saml.authorization.SecurityContextProvider;
import org.apache.cxf.rs.security.saml.authorization.SecurityContextProviderImpl;
import org.apache.cxf.rs.security.xml.AbstractXmlSecInHandler;
+import org.apache.cxf.rt.security.SecurityConstants;
import org.apache.cxf.security.SecurityContext;
import org.apache.cxf.security.transport.TLSSessionInfo;
import org.apache.cxf.staxutils.StaxUtils;
-import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.wss4j.common.ConfigurationConstants;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.WSProviderConfig;
import org.apache.wss4j.common.ext.WSSecurityException;
@@ -142,8 +140,16 @@ public abstract class AbstractSamlInHandler implements ContainerRequestFilter {
} catch (IOException ex) {
throwFault("Crypto can not be loaded", ex);
}
- data.setEnableRevocation(MessageUtils.isTrue(
- message.getContextualProperty(ConfigurationConstants.ENABLE_REVOCATION)));
+
+ boolean enableRevocation = false;
+ String enableRevocationStr =
+ (String)org.apache.cxf.rt.security.utils.SecurityUtils.getSecurityPropertyValue(
+ SecurityConstants.ENABLE_REVOCATION, message);
+ if (enableRevocationStr != null) {
+ enableRevocation = Boolean.parseBoolean(enableRevocationStr);
+ }
+ data.setEnableRevocation(enableRevocation);
+
Signature sig = assertion.getSignature();
WSDocInfo docInfo = new WSDocInfo(sig.getDOM().getOwnerDocument());
@@ -184,12 +190,16 @@ public abstract class AbstractSamlInHandler implements ContainerRequestFilter {
protected void configureAudienceRestriction(Message msg, RequestData reqData) {
// Add Audience Restrictions for SAML
- boolean enableAudienceRestriction =
- MessageUtils.getContextualBoolean(msg,
- SecurityConstants.AUDIENCE_RESTRICTION_VALIDATION,
- false);
+ boolean enableAudienceRestriction = false;
+ String audRestrStr =
+ (String)org.apache.cxf.rt.security.utils.SecurityUtils.getSecurityPropertyValue(
+ SecurityConstants.AUDIENCE_RESTRICTION_VALIDATION, msg);
+ if (audRestrStr != null) {
+ enableAudienceRestriction = Boolean.parseBoolean(audRestrStr);
+ }
+
if (enableAudienceRestriction) {
- List<String> audiences = new ArrayList<String>();
+ List<String> audiences = new ArrayList<>();
if (msg.getContextualProperty(org.apache.cxf.message.Message.REQUEST_URL) != null) {
audiences.add((String)msg.getContextualProperty(org.apache.cxf.message.Message.REQUEST_URL));
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
index 7660337..52fc057 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
@@ -31,7 +31,7 @@ import org.apache.cxf.message.Message;
import org.apache.cxf.rs.security.common.CryptoLoader;
import org.apache.cxf.rs.security.common.SecurityUtils;
import org.apache.cxf.rs.security.saml.assertion.Subject;
-import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.rt.security.SecurityConstants;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.saml.SAMLCallback;
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
index 31e0431..70025d8 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
@@ -32,16 +32,15 @@ import javax.xml.stream.XMLStreamReader;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-
import org.apache.cxf.common.util.Base64Exception;
import org.apache.cxf.common.util.Base64Utility;
import org.apache.cxf.message.Message;
import org.apache.cxf.rs.security.common.CryptoLoader;
import org.apache.cxf.rs.security.common.SecurityUtils;
import org.apache.cxf.rs.security.common.TrustValidator;
+import org.apache.cxf.rt.security.SecurityConstants;
import org.apache.cxf.staxutils.StaxUtils;
import org.apache.cxf.staxutils.W3CDOMStreamReader;
-import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.KeyUtils;
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java
index 9d52f58..88d7270 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java
@@ -37,9 +37,9 @@ import org.apache.cxf.message.Message;
import org.apache.cxf.rs.security.common.CryptoLoader;
import org.apache.cxf.rs.security.common.SecurityUtils;
import org.apache.cxf.rs.security.common.TrustValidator;
+import org.apache.cxf.rt.security.SecurityConstants;
import org.apache.cxf.security.SecurityContext;
import org.apache.cxf.staxutils.W3CDOMStreamReader;
-import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.xml.security.exceptions.XMLSecurityException;
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
index c2aa6ef..9753f43 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
@@ -41,7 +41,7 @@ import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.rs.security.common.CryptoLoader;
import org.apache.cxf.rs.security.common.SecurityUtils;
-import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.rt.security.SecurityConstants;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.token.DOMX509Data;
@@ -111,7 +111,9 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
if (encryptSymmetricKey) {
X509Certificate receiverCert = null;
- String userName = (String)message.getContextualProperty(SecurityConstants.ENCRYPT_USERNAME);
+ String userName =
+ (String)org.apache.cxf.rt.security.utils.SecurityUtils.getSecurityPropertyValue(
+ SecurityConstants.ENCRYPT_USERNAME, message);
if (SecurityUtils.USE_REQUEST_SIGNATURE_CERT.equals(userName)
&& !MessageUtils.isRequestor(message)) {
receiverCert =
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
index 9576bb9..1e76b85 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
@@ -49,8 +49,8 @@ import org.apache.cxf.phase.Phase;
import org.apache.cxf.rs.security.common.CryptoLoader;
import org.apache.cxf.rs.security.common.SecurityUtils;
import org.apache.cxf.rs.security.common.TrustValidator;
+import org.apache.cxf.rt.security.SecurityConstants;
import org.apache.cxf.staxutils.StaxUtils;
-import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.ext.WSPasswordCallback;
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
index 41be15a..123f59f 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
@@ -46,7 +46,7 @@ import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.apache.cxf.rs.security.common.CryptoLoader;
import org.apache.cxf.rs.security.common.SecurityUtils;
-import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.rt.security.SecurityConstants;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
@@ -159,7 +159,8 @@ public class XmlSecOutInterceptor extends AbstractPhaseInterceptor<Message> {
if (encryptSymmetricKey) {
X509Certificate sendingCert = null;
String userName =
- (String)message.getContextualProperty(SecurityConstants.ENCRYPT_USERNAME);
+ (String)org.apache.cxf.rt.security.utils.SecurityUtils.getSecurityPropertyValue(
+ SecurityConstants.ENCRYPT_USERNAME, message);
if (SecurityUtils.USE_REQUEST_SIGNATURE_CERT.equals(userName)
&& !MessageUtils.isRequestor(message)) {
sendingCert =
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
index 05800c6..e7891db 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
@@ -36,14 +36,13 @@ import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.rs.security.common.CryptoLoader;
import org.apache.cxf.rs.security.common.SecurityUtils;
-import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.rt.security.SecurityConstants;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.utils.Constants;
-
import org.opensaml.xmlsec.signature.support.SignatureConstants;
//TODO: Make sure that enveloped signatures can be applied to individual
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java b/rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java
new file mode 100644
index 0000000..4ad1e1b
--- /dev/null
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java
@@ -0,0 +1,211 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rt.security;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * This class contains some configuration tags that can be used to configure various security properties. These
+ * tags are shared between the SOAP stack (WS-SecurityPolicy configuration), as well as the REST stack (JAX-RS
+ * XML Security).
+ *
+ * The configuration tags largely relate to properties for signing, encryption as well as SAML tokens. Most of
+ * the signing/encryption tags refer to Apache WSS4J "Crypto" objects, which are used by both stacks to control
+ * how certificates/keys are retrieved, etc.
+ *
+ * More specific configuration tags for WS-SecurityPolicy are configured in the SecurityConstants
+ * class in the cxf-rt-ws-security module, which extends this class.
+ */
+public class SecurityConstants {
+
+ //
+ // User properties
+ //
+
+ /**
+ * The user's name. It is used as follows:
+ * a) As the name in the UsernameToken for WS-Security.
+ * b) As the alias name in the keystore to get the user's cert and private key for signature
+ * if {@link SIGNATURE_USERNAME} is not set.
+ * c) As the alias name in the keystore to get the user's public key for encryption if
+ * {@link ENCRYPT_USERNAME} is not set.
+ */
+ public static final String USERNAME = "security.username";
+
+ /**
+ * The user's password when a {@link CALLBACK_HANDLER} is not defined.
+ */
+ public static final String PASSWORD = "security.password";
+
+ /**
+ * The user's name for signature. It is used as the alias name in the keystore to get the user's cert
+ * and private key for signature. If this is not defined, then {@link USERNAME} is used instead. If
+ * that is also not specified, it uses the the default alias set in the properties file referenced by
+ * {@link SIGNATURE_PROPERTIES}. If that's also not set, and the keystore only contains a single key,
+ * that key will be used.
+ */
+ public static final String SIGNATURE_USERNAME = "security.signature.username";
+
+ /**
+ * The user's name for encryption. It is used as the alias name in the keystore to get the user's public
+ * key for encryption. If this is not defined, then {@link USERNAME} is used instead. If
+ * that is also not specified, it uses the the default alias set in the properties file referenced by
+ * {@link ENCRYPT_PROPERTIES}. If that's also not set, and the keystore only contains a single key,
+ * that key will be used.
+ *
+ * For the WS-Security web service provider, the "useReqSigCert" keyword can be used to accept (encrypt to)
+ * any client whose public key is in the service's truststore (defined in {@link ENCRYPT_PROPERTIES}).
+ */
+ public static final String ENCRYPT_USERNAME = "security.encryption.username";
+
+ //
+ // Callback class and Crypto properties
+ //
+
+ /**
+ * The CallbackHandler implementation class used to obtain passwords, for both outbound and inbound
+ * requests. The value of this tag must be either:
+ * a) The class name of a {@link javax.security.auth.callback.CallbackHandler} instance, which must
+ * be accessible via the classpath.
+ * b) A {@link javax.security.auth.callback.CallbackHandler} instance.
+ */
+ public static final String CALLBACK_HANDLER = "security.callback-handler";
+
+ /**
+ * The SAML CallbackHandler implementation class used to construct SAML Assertions. The value of this
+ * tag must be either:
+ * a) The class name of a {@link javax.security.auth.callback.CallbackHandler} instance, which must
+ * be accessible via the classpath.
+ * b) A {@link javax.security.auth.callback.CallbackHandler} instance.
+ */
+ public static final String SAML_CALLBACK_HANDLER = "security.saml-callback-handler";
+
+ /**
+ * The Crypto property configuration to use for signature, if {@link SIGNATURE_CRYPTO} is not set instead.
+ * The value of this tag must be either:
+ * a) A Java Properties object that contains the Crypto configuration.
+ * b) The path of the Crypto property file that contains the Crypto configuration.
+ * c) A URL that points to the Crypto property file that contains the Crypto configuration.
+ */
+ public static final String SIGNATURE_PROPERTIES = "security.signature.properties";
+
+ /**
+ * The Crypto property configuration to use for encryption, if {@link ENCRYPT_CRYPTO} is not set instead.
+ * The value of this tag must be either:
+ * a) A Java Properties object that contains the Crypto configuration.
+ * b) The path of the Crypto property file that contains the Crypto configuration.
+ * c) A URL that points to the Crypto property file that contains the Crypto configuration.
+ */
+ public static final String ENCRYPT_PROPERTIES = "security.encryption.properties";
+
+ /**
+ * A Crypto object to be used for signature. If this is not defined then the
+ * {@link SIGNATURE_PROPERTIES} is used instead.
+ */
+ public static final String SIGNATURE_CRYPTO = "security.signature.crypto";
+
+ /**
+ * A Crypto object to be used for encryption. If this is not defined then the
+ * {@link ENCRYPT_PROPERTIES} is used instead.
+ */
+ public static final String ENCRYPT_CRYPTO = "security.encryption.crypto";
+
+ /**
+ * A message property for prepared X509 certificate to be used for encryption.
+ * If this is not defined, then the certificate will be either loaded from the
+ * keystore {@link ENCRYPT_PROPERTIES} or extracted from request (when WS-Security is used and
+ * if {@link ENCRYPT_USERNAME} has value "useReqSigCert").
+ */
+ public static final String ENCRYPT_CERT = "security.encryption.certificate";
+
+ //
+ // Boolean Security configuration tags, e.g. the value should be "true" or "false".
+ //
+
+ /**
+ * Whether to enable Certificate Revocation List (CRL) checking or not when verifying trust
+ * in a certificate. The default value is "false".
+ */
+ public static final String ENABLE_REVOCATION = "security.enableRevocation";
+
+ /**
+ * Whether to allow unsigned saml assertions as SecurityContext Principals. The default is false.
+ */
+ public static final String ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL =
+ "security.enable.unsigned-saml-assertion.principal";
+
+ /**
+ * Whether to validate the SubjectConfirmation requirements of a received SAML Token
+ * (sender-vouches or holder-of-key). The default is true.
+ */
+ public static final String VALIDATE_SAML_SUBJECT_CONFIRMATION =
+ "security.validate.saml.subject.conf";
+
+ /**
+ * Set this to "false" if security context must not be created from JAAS Subject.
+ *
+ * The default value is "true".
+ */
+ public static final String SC_FROM_JAAS_SUBJECT = "security.sc.jaas-subject";
+
+ /**
+ * Enable SAML AudienceRestriction validation. If this is set to "true", then IF the
+ * SAML Token contains Audience Restriction URIs, one of them must match either the
+ * request URL or the Service QName. The default is "true".
+ */
+ public static final String AUDIENCE_RESTRICTION_VALIDATION = "security.validate.audience-restriction";
+
+ //
+ // Non-boolean WS-Security Configuration parameters
+ //
+
+ /**
+ * The attribute URI of the SAML AttributeStatement where the role information is stored.
+ * The default is "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role".
+ */
+ public static final String SAML_ROLE_ATTRIBUTENAME = "security.saml-role-attributename";
+
+ /**
+ * A comma separated String of regular expressions which will be applied to the subject DN of
+ * the certificate used for signature validation, after trust verification of the certificate
+ * chain associated with the certificate.
+ */
+ public static final String SUBJECT_CERT_CONSTRAINTS = "security.subject.cert.constraints";
+
+ public static final Set<String> COMMON_PROPERTIES;
+
+ static {
+ Set<String> s = new HashSet<>(Arrays.asList(new String[] {
+ USERNAME, PASSWORD, SIGNATURE_USERNAME, ENCRYPT_USERNAME,
+ CALLBACK_HANDLER, SAML_CALLBACK_HANDLER, SIGNATURE_PROPERTIES,
+ SIGNATURE_CRYPTO, ENCRYPT_PROPERTIES, ENCRYPT_CRYPTO,
+ ENABLE_REVOCATION, SUBJECT_CERT_CONSTRAINTS, ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL,
+ AUDIENCE_RESTRICTION_VALIDATION
+ }));
+ COMMON_PROPERTIES = Collections.unmodifiableSet(s);
+ }
+
+ protected SecurityConstants() {
+ // complete
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java b/rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java
index d86f115..2c040fc 100644
--- a/rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java
@@ -161,4 +161,16 @@ public final class SecurityUtils {
return null;
}
+
+ /**
+ * Get the security property value for the given property. It also checks for the older "ws-"* property
+ * values.
+ */
+ public static Object getSecurityPropertyValue(String property, Message message) {
+ Object value = message.getContextualProperty(property);
+ if (value != null) {
+ return value;
+ }
+ return message.getContextualProperty("ws-" + property);
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
index 805d69e..4080167 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
@@ -28,116 +28,19 @@ import java.util.Set;
* Configuration tags used to configure the WS-SecurityPolicy layer. Some of them are also
* used by the non WS-SecurityPolicy approach in the WSS4J(Out|In)Interceptors.
*/
-public final class SecurityConstants {
+public final class SecurityConstants extends org.apache.cxf.rt.security.SecurityConstants {
//
// User properties
//
/**
- * The user's name. It is used differently by each of the WS-Security functions:
- * a) It is used as the name in the UsernameToken
- * b) It is used as the alias name in the keystore to get the user's cert and private key for signature
- * if {@link SIGNATURE_USERNAME} is not set.
- * c) It is used as the alias name in the keystore to get the user's public key for encryption if
- * {@link ENCRYPT_USERNAME} is not set.
- */
- public static final String USERNAME = "ws-security.username";
-
- /**
- * The user's password when a {@link CALLBACK_HANDLER} is not defined. It is currently only used for
- * the case of adding a password to a UsernameToken.
- */
- public static final String PASSWORD = "ws-security.password";
-
- /**
- * The user's name for signature. It is used as the alias name in the keystore to get the user's cert
- * and private key for signature. If this is not defined, then {@link USERNAME} is used instead. If
- * that is also not specified, it uses the the default alias set in the properties file referenced by
- * {@link SIGNATURE_PROPERTIES}. If that's also not set, and the keystore only contains a single key,
- * that key will be used.
- */
- public static final String SIGNATURE_USERNAME = "ws-security.signature.username";
-
- /**
- * The user's name for encryption. It is used as the alias name in the keystore to get the user's public
- * key for encryption. If this is not defined, then {@link USERNAME} is used instead. If
- * that is also not specified, it uses the the default alias set in the properties file referenced by
- * {@link ENCRYPT_PROPERTIES}. If that's also not set, and the keystore only contains a single key,
- * that key will be used.
- *
- * For the web service provider, the "useReqSigCert" keyword can be used to accept (encrypt to) any
- * client whose public key is in the service's truststore (defined in {@link ENCRYPT_PROPERTIES}).
- */
- public static final String ENCRYPT_USERNAME = "ws-security.encryption.username";
-
- /**
* The actor or role name of the wsse:Security header. If this parameter
* is omitted, the actor name is not set.
*/
public static final String ACTOR = "ws-security.actor";
//
- // Callback class and Crypto properties
- //
-
- /**
- * The CallbackHandler implementation class used to obtain passwords, for both outbound and inbound
- * requests. The value of this tag must be either:
- * a) The class name of a {@link javax.security.auth.callback.CallbackHandler} instance, which must
- * be accessible via the classpath.
- * b) A {@link javax.security.auth.callback.CallbackHandler} instance.
- */
- public static final String CALLBACK_HANDLER = "ws-security.callback-handler";
-
- /**
- * The SAML CallbackHandler implementation class used to construct SAML Assertions. The value of this
- * tag must be either:
- * a) The class name of a {@link javax.security.auth.callback.CallbackHandler} instance, which must
- * be accessible via the classpath.
- * b) A {@link javax.security.auth.callback.CallbackHandler} instance.
- */
- public static final String SAML_CALLBACK_HANDLER = "ws-security.saml-callback-handler";
-
- /**
- * The Crypto property configuration to use for signature, if {@link SIGNATURE_CRYPTO} is not set instead.
- * The value of this tag must be either:
- * a) A Java Properties object that contains the Crypto configuration.
- * b) The path of the Crypto property file that contains the Crypto configuration.
- * c) A URL that points to the Crypto property file that contains the Crypto configuration.
- */
- public static final String SIGNATURE_PROPERTIES = "ws-security.signature.properties";
-
- /**
- * The Crypto property configuration to use for encryption, if {@link ENCRYPT_CRYPTO} is not set instead.
- * The value of this tag must be either:
- * a) A Java Properties object that contains the Crypto configuration.
- * b) The path of the Crypto property file that contains the Crypto configuration.
- * c) A URL that points to the Crypto property file that contains the Crypto configuration.
- */
- public static final String ENCRYPT_PROPERTIES = "ws-security.encryption.properties";
-
- /**
- * A Crypto object to be used for signature. If this is not defined then the
- * {@link SIGNATURE_PROPERTIES} is used instead.
- */
- public static final String SIGNATURE_CRYPTO = "ws-security.signature.crypto";
-
- /**
- * A Crypto object to be used for encryption. If this is not defined then the
- * {@link ENCRYPT_PROPERTIES} is used instead.
- */
- public static final String ENCRYPT_CRYPTO = "ws-security.encryption.crypto";
-
- /**
- * A message property for prepared X509 certificate to be used for encryption.
- * If this is not defined, then the certificate will be either loaded from the
- * keystore {@link ENCRYPT_PROPERTIES} or extracted from request
- * (if {@link ENCRYPT_USERNAME} has value "useReqSigCert").
- */
- public static final String ENCRYPT_CERT = "ws-security.encryption.certificate";
-
- //
// Boolean WS-Security configuration tags, e.g. the value should be "true" or "false".
//
@@ -146,12 +49,6 @@ public final class SecurityConstants {
*/
public static final String VALIDATE_TOKEN = "ws-security.validate.token";
- /**
- * Whether to enable Certificate Revocation List (CRL) checking or not when verifying trust
- * in a certificate. The default value is "false".
- */
- public static final String ENABLE_REVOCATION = "ws-security.enableRevocation";
-
// WebLogic and WCF always encrypt UsernameTokens whenever possible
//See: http://e-docs.bea.com/wls/docs103/webserv_intro/interop.html
//Be default, we will encrypt as well for interop reasons. However, this
@@ -170,12 +67,6 @@ public final class SecurityConstants {
public static final String IS_BSP_COMPLIANT = "ws-security.is-bsp-compliant";
/**
- * Whether to allow unsigned saml assertions as SecurityContext Principals. The default is false.
- */
- public static final String ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL =
- "ws-security.enable.unsigned-saml-assertion.principal";
-
- /**
* Whether to cache UsernameToken nonces. The default value is "true" for message recipients, and
* "false" for message initiators. Set it to true to cache for both cases. Set this to "false" to
* not cache UsernameToken nonces. Note that caching only applies when either a UsernameToken
@@ -194,22 +85,6 @@ public final class SecurityConstants {
public static final String ENABLE_TIMESTAMP_CACHE = "ws-security.enable.timestamp.cache";
/**
- * Whether to cache SAML2 Token Identifiers, if the token contains a "OneTimeUse" Condition.
- * The default value is "true" for message recipients, and "false" for message initiators.
- * Set it to true to cache for both cases. Set this to "false" to not cache SAML2 Token Identifiers.
- * Note that caching only applies when either a "SamlToken" policy is in effect, or
- * else that a SAML action has been configured for the non-security-policy case.
- */
- public static final String ENABLE_SAML_ONE_TIME_USE_CACHE = "ws-security.enable.saml.cache";
-
- /**
- * Whether to validate the SubjectConfirmation requirements of a received SAML Token
- * (sender-vouches or holder-of-key). The default is true.
- */
- public static final String VALIDATE_SAML_SUBJECT_CONFIRMATION =
- "ws-security.validate.saml.subject.conf";
-
- /**
* Whether to enable streaming WS-Security. If set to false (the default), the old DOM
* implementation is used. If set to true, the new streaming (StAX) implementation is used.
*/
@@ -231,21 +106,16 @@ public final class SecurityConstants {
* The default value is "true" which included the SOAP mustUnderstand header.
*/
public static final String MUST_UNDERSTAND = "ws-security.must-understand";
-
- /**
- * Set this to "false" if security context must not be created from JAAS Subject.
- *
- * The default value is "true".
- */
- public static final String SC_FROM_JAAS_SUBJECT = "ws-security.sc.jaas-subject";
/**
- * Enable SAML AudienceRestriction validation. If this is set to "true", then IF the
- * SAML Token contains Audience Restriction URIs, one of them must match either the
- * request URL or the Service QName. The default is "true".
+ * Whether to cache SAML2 Token Identifiers, if the token contains a "OneTimeUse" Condition.
+ * The default value is "true" for message recipients, and "false" for message initiators.
+ * Set it to true to cache for both cases. Set this to "false" to not cache SAML2 Token Identifiers.
+ * Note that caching only applies when either a "SamlToken" policy is in effect, or
+ * else that a SAML action has been configured for the non-security-policy case.
*/
- public static final String AUDIENCE_RESTRICTION_VALIDATION = "ws-security.validate.audience-restriction";
-
+ public static final String ENABLE_SAML_ONE_TIME_USE_CACHE = "ws-security.enable.saml.cache";
+
//
// Non-boolean WS-Security Configuration parameters
//
@@ -277,12 +147,6 @@ public final class SecurityConstants {
public static final String USERNAMETOKEN_FUTURE_TTL = "ws-security.usernametoken.futureTimeToLive";
/**
- * The attribute URI of the SAML AttributeStatement where the role information is stored.
- * The default is "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role".
- */
- public static final String SAML_ROLE_ATTRIBUTENAME = "ws-security.saml-role-attributename";
-
- /**
* The SpnegoClientAction implementation to use for SPNEGO. This allows the user to plug in
* a different implementation to obtain a service ticket.
*/
@@ -306,8 +170,7 @@ public final class SecurityConstants {
* This holds a reference to a ReplayCache instance used to cache SAML2 Token Identifiers, when
* the token has a "OneTimeUse" Condition. The default instance that is used is the EHCacheReplayCache.
*/
- public static final String SAML_ONE_TIME_USE_CACHE_INSTANCE =
- "ws-security.saml.cache.instance";
+ public static final String SAML_ONE_TIME_USE_CACHE_INSTANCE = "ws-security.saml.cache.instance";
/**
* Set this property to point to a configuration file for the underlying caching implementation.
@@ -336,13 +199,6 @@ public final class SecurityConstants {
public static final String CACHE_IDENTIFIER = "ws-security.cache.identifier";
/**
- * A comma separated String of regular expressions which will be applied to the subject DN of
- * the certificate used for signature validation, after trust verification of the certificate
- * chain associated with the certificate.
- */
- public static final String SUBJECT_CERT_CONSTRAINTS = "ws-security.subject.cert.constraints";
-
- /**
* The Subject Role Classifier to use. If one of the WSS4J Validators returns a JAAS Subject
* from Validation, then the WSS4JInInterceptor will attempt to create a SecurityContext
* based on this Subject. If this value is not specified, then it tries to get roles using
@@ -661,6 +517,10 @@ public final class SecurityConstants {
KERBEROS_REQUEST_CREDENTIAL_DELEGATION, ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL,
AUDIENCE_RESTRICTION_VALIDATION, POLICY_VALIDATOR_MAP
}));
+ for (String commonProperty : COMMON_PROPERTIES) {
+ s.add(commonProperty);
+ s.add("ws-" + commonProperty);
+ }
ALL_PROPERTIES = Collections.unmodifiableSet(s);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java
index f5e9c28..6cb4955 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java
@@ -49,7 +49,7 @@ public final class KerberosUtils {
try {
CallbackHandler callbackHandler =
SecurityUtils.getCallbackHandler(
- message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER)
+ SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, message)
);
client.setCallbackHandler(callbackHandler);
} catch (Exception ex) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java
index d7346a6..ff630d7 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java
@@ -296,7 +296,7 @@ class SpnegoContextTokenInInterceptor extends AbstractPhaseInterceptor<SoapMessa
(String)message.getContextualProperty(SecurityConstants.KERBEROS_SPN);
CallbackHandler callbackHandler =
SecurityUtils.getCallbackHandler(
- message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER)
+ SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, message)
);
SpnegoTokenContext spnegoToken = new SpnegoTokenContext();
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
index a2608b1..57d9b90 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
@@ -112,7 +112,7 @@ class SpnegoContextTokenOutInterceptor extends AbstractPhaseInterceptor<SoapMess
try {
CallbackHandler callbackHandler =
SecurityUtils.getCallbackHandler(
- message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER)
+ SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, message)
);
spnegoToken.retrieveServiceTicket(jaasContext, callbackHandler, kerberosSpn);
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
index 3603a46..a9678a1 100755
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
@@ -1554,6 +1554,9 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv
protected CallbackHandler createHandler() {
Object o = getProperty(SecurityConstants.CALLBACK_HANDLER);
+ if (o == null) {
+ o = getProperty("ws-" + SecurityConstants.CALLBACK_HANDLER);
+ }
try {
return SecurityUtils.getCallbackHandler(o);
} catch (Exception e) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AuthPolicyValidatingInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AuthPolicyValidatingInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AuthPolicyValidatingInterceptor.java
index 061febd..c1613c4 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AuthPolicyValidatingInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AuthPolicyValidatingInterceptor.java
@@ -35,6 +35,7 @@ import org.apache.cxf.phase.Phase;
import org.apache.cxf.rt.security.claims.ClaimCollection;
import org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext;
import org.apache.cxf.rt.security.saml.utils.SAMLUtils;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.security.SecurityContext;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
@@ -133,7 +134,7 @@ public class AuthPolicyValidatingInterceptor extends AbstractPhaseInterceptor<Me
}
if (samlAssertion != null) {
String roleAttributeName =
- (String)msg.getContextualProperty(SecurityConstants.SAML_ROLE_ATTRIBUTENAME);
+ (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_ROLE_ATTRIBUTENAME, msg);
if (roleAttributeName == null || roleAttributeName.length() == 0) {
roleAttributeName = WSS4JInInterceptor.SAML_ROLE_ATTRIBUTENAME_DEFAULT;
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSLoginModule.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSLoginModule.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSLoginModule.java
index 0410e49..3793f18 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSLoginModule.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSLoginModule.java
@@ -54,6 +54,7 @@ import org.apache.cxf.message.Message;
import org.apache.cxf.phase.PhaseInterceptorChain;
import org.apache.cxf.rt.security.claims.ClaimCollection;
import org.apache.cxf.rt.security.saml.utils.SAMLUtils;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.tokenstore.EHCacheTokenStore;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
@@ -365,7 +366,8 @@ public class STSLoginModule implements LoginModule {
String roleAttributeName = null;
if (msg != null) {
roleAttributeName =
- (String)msg.getContextualProperty(SecurityConstants.SAML_ROLE_ATTRIBUTENAME);
+ (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_ROLE_ATTRIBUTENAME,
+ msg);
}
if (roleAttributeName == null || roleAttributeName.length() == 0) {
roleAttributeName = WSS4JInInterceptor.SAML_ROLE_ATTRIBUTENAME_DEFAULT;
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/delegation/WSSUsernameCallbackHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/delegation/WSSUsernameCallbackHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/delegation/WSSUsernameCallbackHandler.java
index a954ee2..a7c0559 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/delegation/WSSUsernameCallbackHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/delegation/WSSUsernameCallbackHandler.java
@@ -27,9 +27,9 @@ import javax.security.auth.callback.UnsupportedCallbackException;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
-
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.message.Message;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.wss4j.dom.message.token.UsernameToken;
@@ -48,7 +48,7 @@ public class WSSUsernameCallbackHandler implements CallbackHandler {
Message message = callback.getCurrentMessage();
String username =
- (String)message.getContextualProperty(SecurityConstants.USERNAME);
+ (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message);
if (username != null) {
Node contentNode = message.getContent(Node.class);
Document doc = null;
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java
index 5bd393a..489e0c2 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java
@@ -177,7 +177,7 @@ public abstract class AbstractTokenInterceptor extends AbstractSoapInterceptor {
//Then try to get the password from the given callback handler
CallbackHandler handler = null;
try {
- Object o = message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
+ Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, message);
handler = SecurityUtils.getCallbackHandler(o);
if (handler == null) {
policyNotAsserted(info, "No callback handler and no password available", message);
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
index 5d96f2d..58a38b1 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
@@ -33,6 +33,7 @@ import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.phase.PhaseInterceptor;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.wss4j.common.ConfigurationConstants;
import org.apache.wss4j.common.crypto.Crypto;
@@ -98,7 +99,7 @@ public abstract class AbstractWSS4JInterceptor extends WSHandler implements Soap
}
public Object getProperty(Object msgContext, String key) {
- Object obj = ((Message)msgContext).getContextualProperty(key);
+ Object obj = SecurityUtils.getSecurityPropertyValue(key, (Message)msgContext);
if (obj == null) {
obj = getOption(key);
}
@@ -173,16 +174,19 @@ public abstract class AbstractWSS4JInterceptor extends WSHandler implements Soap
}
String certConstraints =
- (String)msg.getContextualProperty(SecurityConstants.SUBJECT_CERT_CONSTRAINTS);
+ (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.SUBJECT_CERT_CONSTRAINTS, msg);
if (certConstraints != null) {
msg.put(WSHandlerConstants.SIG_SUBJECT_CERT_CONSTRAINTS, certConstraints);
}
// Now set SAML SenderVouches + Holder Of Key requirements
- boolean validateSAMLSubjectConf =
- MessageUtils.getContextualBoolean(
- msg, SecurityConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION, true
- );
+ String valSAMLSubjectConf =
+ (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION,
+ msg);
+ boolean validateSAMLSubjectConf = true;
+ if (valSAMLSubjectConf != null) {
+ validateSAMLSubjectConf = Boolean.parseBoolean(valSAMLSubjectConf);
+ }
msg.put(
WSHandlerConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION,
Boolean.toString(validateSAMLSubjectConf)
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
index bed078f..46de15d 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
@@ -146,14 +146,15 @@ public abstract class AbstractWSS4JStaxInterceptor implements SoapInterceptor,
}
String certConstraints =
- (String)msg.getContextualProperty(SecurityConstants.SUBJECT_CERT_CONSTRAINTS);
+ (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.SUBJECT_CERT_CONSTRAINTS, msg);
if (certConstraints != null && !"".equals(certConstraints)) {
securityProperties.setSubjectCertConstraints(convertCertConstraints(certConstraints));
}
// Now set SAML SenderVouches + Holder Of Key requirements
String validateSAMLSubjectConf =
- (String)msg.getContextualProperty(SecurityConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION);
+ (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION,
+ msg);
if (validateSAMLSubjectConf != null) {
securityProperties.setValidateSamlSubjectConfirmation(Boolean.valueOf(validateSAMLSubjectConf));
}
@@ -192,7 +193,7 @@ public abstract class AbstractWSS4JStaxInterceptor implements SoapInterceptor,
protected void configureCallbackHandler(
SoapMessage soapMessage, WSSSecurityProperties securityProperties
) throws WSSecurityException {
- Object o = soapMessage.getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
+ Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, soapMessage);
CallbackHandler callbackHandler = null;
try {
callbackHandler = SecurityUtils.getCallbackHandler(o);
@@ -266,7 +267,7 @@ public abstract class AbstractWSS4JStaxInterceptor implements SoapInterceptor,
}
public Object getProperty(Object msgContext, String key) {
- Object obj = ((Message)msgContext).getContextualProperty(key);
+ Object obj = SecurityUtils.getSecurityPropertyValue(key, (Message)msgContext);
if (obj == null) {
obj = getOption(key);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java
index e57780a..d086673 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java
@@ -104,7 +104,7 @@ public class BinarySecurityTokenInterceptor extends AbstractTokenInterceptor {
throws WSSecurityException {
WSDocInfo wsDocInfo = new WSDocInfo(tokenElement.getOwnerDocument());
RequestData data = new CXFRequestData();
- Object o = message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
+ Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, message);
try {
data.setCallbackHandler(SecurityUtils.getCallbackHandler(o));
} catch (Exception ex) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
index 6b09107..f271d28 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
@@ -30,11 +30,11 @@ import javax.xml.soap.SOAPException;
import javax.xml.stream.XMLStreamException;
import org.w3c.dom.Element;
-
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.MessageUtils;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
@@ -119,13 +119,13 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor {
action = addToAction(action, "Signature", true);
action = addToAction(action, "Encrypt", true);
- Object s = message.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
+ Object s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_CRYPTO, message);
if (s == null) {
- s = message.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
+ s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_PROPERTIES, message);
}
- Object e = message.getContextualProperty(SecurityConstants.ENCRYPT_CRYPTO);
+ Object e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_CRYPTO, message);
if (e == null) {
- e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
+ e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_PROPERTIES, message);
}
Crypto encrCrypto = getEncryptionCrypto(e, message, data);
@@ -157,13 +157,13 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor {
) throws WSSecurityException {
action = addToAction(action, "Signature", true);
action = addToAction(action, "Encrypt", true);
- Object s = message.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
+ Object s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_CRYPTO, message);
if (s == null) {
- s = message.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
+ s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_PROPERTIES, message);
}
- Object e = message.getContextualProperty(SecurityConstants.ENCRYPT_CRYPTO);
+ Object e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_CRYPTO, message);
if (e == null) {
- e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
+ e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_PROPERTIES, message);
}
Crypto encrCrypto = getEncryptionCrypto(e, message, data);
@@ -264,13 +264,13 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor {
action = addToAction(action, "Signature", true);
action = addToAction(action, "Encrypt", true);
- Object s = message.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
+ Object s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_CRYPTO, message);
if (s == null) {
- s = message.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
+ s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_PROPERTIES, message);
}
- Object e = message.getContextualProperty(SecurityConstants.ENCRYPT_CRYPTO);
+ Object e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_CRYPTO, message);
if (e == null) {
- e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
+ e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_PROPERTIES, message);
}
Crypto encrCrypto = getEncryptionCrypto(e, message, data);
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
index 2a133ce..f75f3c0 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
@@ -36,6 +36,7 @@ import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.service.model.BindingInfo;
import org.apache.cxf.service.model.BindingOperationInfo;
import org.apache.cxf.service.model.EndpointInfo;
@@ -92,13 +93,13 @@ public class PolicyBasedWSS4JStaxInInterceptor extends WSS4JStaxInInterceptor {
return;
}
- Object s = message.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
+ Object s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_CRYPTO, message);
if (s == null) {
- s = message.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
+ s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_PROPERTIES, message);
}
- Object e = message.getContextualProperty(SecurityConstants.ENCRYPT_CRYPTO);
+ Object e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_CRYPTO, message);
if (e == null) {
- e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
+ e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_PROPERTIES, message);
}
Crypto encrCrypto = getEncryptionCrypto(e, message, securityProperties);
@@ -149,13 +150,13 @@ public class PolicyBasedWSS4JStaxInInterceptor extends WSS4JStaxInInterceptor {
securityEvents.add(httpsTokenSecurityEvent);
}
- Object s = message.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
+ Object s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_CRYPTO, message);
if (s == null) {
- s = message.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
+ s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_PROPERTIES, message);
}
- Object e = message.getContextualProperty(SecurityConstants.ENCRYPT_CRYPTO);
+ Object e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_CRYPTO, message);
if (e == null) {
- e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
+ e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_PROPERTIES, message);
}
Crypto encrCrypto = getEncryptionCrypto(e, message, securityProperties);
@@ -197,13 +198,13 @@ public class PolicyBasedWSS4JStaxInInterceptor extends WSS4JStaxInInterceptor {
return;
}
- Object s = message.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
+ Object s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_CRYPTO, message);
if (s == null) {
- s = message.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
+ s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_PROPERTIES, message);
}
- Object e = message.getContextualProperty(SecurityConstants.ENCRYPT_CRYPTO);
+ Object e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_CRYPTO, message);
if (e == null) {
- e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
+ e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_PROPERTIES, message);
}
Crypto encrCrypto = getEncryptionCrypto(e, message, securityProperties);
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
index 9ec4040..640bcb2 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
@@ -22,6 +22,7 @@ package org.apache.cxf.ws.security.wss4j;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.MessageUtils;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
@@ -62,13 +63,13 @@ public class PolicyBasedWSS4JStaxOutInterceptor extends WSS4JStaxOutInterceptor
private void checkAsymmetricBinding(
SoapMessage message, WSSSecurityProperties securityProperties
) throws WSSecurityException {
- Object s = message.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
+ Object s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_CRYPTO, message);
if (s == null) {
- s = message.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
+ s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_PROPERTIES, message);
}
- Object e = message.getContextualProperty(SecurityConstants.ENCRYPT_CRYPTO);
+ Object e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_CRYPTO, message);
if (e == null) {
- e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
+ e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_PROPERTIES, message);
}
Crypto encrCrypto = getEncryptionCrypto(e, message, securityProperties);
@@ -93,13 +94,13 @@ public class PolicyBasedWSS4JStaxOutInterceptor extends WSS4JStaxOutInterceptor
private void checkTransportBinding(
SoapMessage message, WSSSecurityProperties securityProperties
) throws WSSecurityException {
- Object s = message.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
+ Object s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_CRYPTO, message);
if (s == null) {
- s = message.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
+ s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_PROPERTIES, message);
}
- Object e = message.getContextualProperty(SecurityConstants.ENCRYPT_CRYPTO);
+ Object e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_CRYPTO, message);
if (e == null) {
- e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
+ e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_PROPERTIES, message);
}
Crypto encrCrypto = getEncryptionCrypto(e, message, securityProperties);
@@ -124,13 +125,13 @@ public class PolicyBasedWSS4JStaxOutInterceptor extends WSS4JStaxOutInterceptor
private void checkSymmetricBinding(
SoapMessage message, WSSSecurityProperties securityProperties
) throws WSSecurityException {
- Object s = message.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
+ Object s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_CRYPTO, message);
if (s == null) {
- s = message.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
+ s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_PROPERTIES, message);
}
- Object e = message.getContextualProperty(SecurityConstants.ENCRYPT_CRYPTO);
+ Object e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_CRYPTO, message);
if (e == null) {
- e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
+ e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_PROPERTIES, message);
}
Crypto encrCrypto = getEncryptionCrypto(e, message, securityProperties);
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
index 526e96d..409ef76 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
@@ -172,7 +172,7 @@ public class SamlTokenInterceptor extends AbstractTokenInterceptor {
WSDocInfo wsDocInfo = new WSDocInfo(tokenElement.getOwnerDocument());
RequestData data = new CXFRequestData();
- Object o = message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
+ Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, message);
try {
data.setCallbackHandler(SecurityUtils.getCallbackHandler(o));
} catch (Exception ex) {
@@ -228,7 +228,8 @@ public class SamlTokenInterceptor extends AbstractTokenInterceptor {
//
// Get the SAML CallbackHandler
//
- Object o = message.getContextualProperty(SecurityConstants.SAML_CALLBACK_HANDLER);
+ Object o =
+ SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_CALLBACK_HANDLER, message);
CallbackHandler handler = null;
if (o instanceof CallbackHandler) {
@@ -265,11 +266,12 @@ public class SamlTokenInterceptor extends AbstractTokenInterceptor {
String issuerName = samlCallback.getIssuerKeyName();
if (issuerName == null) {
String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
- issuerName = (String)message.getContextualProperty(userNameKey);
+ issuerName = (String)SecurityUtils.getSecurityPropertyValue(userNameKey, message);
}
String password = samlCallback.getIssuerKeyPassword();
if (password == null) {
- password = (String)message.getContextualProperty(SecurityConstants.PASSWORD);
+ password =
+ (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.PASSWORD, message);
if (StringUtils.isEmpty(password)) {
password =
getPassword(issuerName, token, WSPasswordCallback.SIGNATURE, message);
@@ -301,12 +303,12 @@ public class SamlTokenInterceptor extends AbstractTokenInterceptor {
String propKey,
SoapMessage message
) throws WSSecurityException {
- Crypto crypto = (Crypto)message.getContextualProperty(cryptoKey);
+ Crypto crypto = (Crypto)SecurityUtils.getSecurityPropertyValue(cryptoKey, message);
if (crypto != null) {
return crypto;
}
- Object o = message.getContextualProperty(propKey);
+ Object o = SecurityUtils.getSecurityPropertyValue(propKey, message);
if (o == null) {
return null;
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java
index 9f7d7b1..2249335 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java
@@ -35,6 +35,7 @@ import org.apache.cxf.phase.Phase;
import org.apache.cxf.rt.security.claims.ClaimCollection;
import org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext;
import org.apache.cxf.rt.security.saml.utils.SAMLUtils;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.security.SecurityContext;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.wss4j.common.ext.WSSecurityException;
@@ -118,8 +119,8 @@ public class StaxSecurityContextInInterceptor extends AbstractPhaseInterceptor<S
Object receivedAssertion = null;
if (event.getSecurityEventType() == WSSecurityEventConstants.SamlToken) {
- String roleAttributeName = (String)msg.getContextualProperty(
- SecurityConstants.SAML_ROLE_ATTRIBUTENAME);
+ String roleAttributeName = (String)SecurityUtils.getSecurityPropertyValue(
+ SecurityConstants.SAML_ROLE_ATTRIBUTENAME, msg);
if (roleAttributeName == null || roleAttributeName.length() == 0) {
roleAttributeName = SAML_ROLE_ATTRIBUTENAME_DEFAULT;
}