You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/02/20 15:42:21 UTC
svn commit: r1448193 - in
/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security:
policy/builders/ policy/interceptors/ policy/model/ trust/
Author: coheigea
Date: Wed Feb 20 14:42:21 2013
New Revision: 1448193
URL: http://svn.apache.org/r1448193
Log:
[CXF-4843] - STSClient always uses "old" WS-Policy namespace for AppliesTo
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/HttpsTokenBuilder.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/IssuedTokenBuilder.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/KerberosTokenBuilder.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/KeyValueTokenBuilder.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SamlTokenBuilder.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SecureConversationTokenBuilder.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SecurityContextTokenBuilder.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SpnegoContextTokenBuilder.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/UsernameTokenBuilder.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/X509TokenBuilder.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/Token.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/HttpsTokenBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/HttpsTokenBuilder.java?rev=1448193&r1=1448192&r2=1448193&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/HttpsTokenBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/HttpsTokenBuilder.java Wed Feb 20 14:42:21 2013
@@ -81,6 +81,7 @@ public class HttpsTokenBuilder implement
if (polEl == null) {
LOG.warning("sp:HttpsToken/wsp:Policy should have a value!");
} else {
+ httpsToken.setPolicy(polEl);
Element child = DOMUtils.getFirstElement(polEl);
if (child != null) {
if (SP12Constants.HTTP_BASIC_AUTHENTICATION.equals(DOMUtils.getElementQName(child))) {
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/IssuedTokenBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/IssuedTokenBuilder.java?rev=1448193&r1=1448192&r2=1448193&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/IssuedTokenBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/IssuedTokenBuilder.java Wed Feb 20 14:42:21 2013
@@ -86,6 +86,7 @@ public class IssuedTokenBuilder implemen
foundPolicy = true;
Policy policy = builder.getPolicy(child);
policy = policy.normalize(builder.getPolicyRegistry(), false);
+ issuedToken.setPolicy(child);
for (Iterator<List<Assertion>> iterator = policy.getAlternatives(); iterator.hasNext();) {
processAlternative(iterator.next(), issuedToken);
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/KerberosTokenBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/KerberosTokenBuilder.java?rev=1448193&r1=1448192&r2=1448193&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/KerberosTokenBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/KerberosTokenBuilder.java Wed Feb 20 14:42:21 2013
@@ -64,6 +64,7 @@ public class KerberosTokenBuilder implem
String ln = child.getLocalName();
if (org.apache.neethi.Constants.ELEM_POLICY.equals(ln)) {
foundPolicy = true;
+ kerberosToken.setPolicy(child);
NodeList policyChildren = child.getChildNodes();
if (policyChildren != null) {
for (int i = 0; i < policyChildren.getLength(); i++) {
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/KeyValueTokenBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/KeyValueTokenBuilder.java?rev=1448193&r1=1448192&r2=1448193&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/KeyValueTokenBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/KeyValueTokenBuilder.java Wed Feb 20 14:42:21 2013
@@ -66,6 +66,8 @@ public class KeyValueTokenBuilder implem
"sp:KeyValueToken/wsp:Policy must have a value"
);
}
+
+ token.setPolicy(polEl);
Element child = DOMUtils.getFirstElement(polEl);
if (child != null) {
QName qname = new QName(child.getNamespaceURI(), child.getLocalName());
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SamlTokenBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SamlTokenBuilder.java?rev=1448193&r1=1448192&r2=1448193&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SamlTokenBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SamlTokenBuilder.java Wed Feb 20 14:42:21 2013
@@ -64,6 +64,7 @@ public class SamlTokenBuilder implements
String ln = child.getLocalName();
if (org.apache.neethi.Constants.ELEM_POLICY.equals(ln)) {
foundPolicy = true;
+ samlToken.setPolicy(child);
NodeList policyChildren = child.getChildNodes();
if (policyChildren != null) {
for (int i = 0; i < policyChildren.getLength(); i++) {
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SecureConversationTokenBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SecureConversationTokenBuilder.java?rev=1448193&r1=1448192&r2=1448193&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SecureConversationTokenBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SecureConversationTokenBuilder.java Wed Feb 20 14:42:21 2013
@@ -68,6 +68,7 @@ public class SecureConversationTokenBuil
QName qn = DOMUtils.getElementQName(elem);
if (Constants.isPolicyElement(qn)) {
foundPolicy = true;
+ conversationToken.setPolicy(elem);
if (DOMUtils.getFirstChildWithName(elem,
consts.getNamespace(),
SPConstants.REQUIRE_DERIVED_KEYS) != null) {
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SecurityContextTokenBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SecurityContextTokenBuilder.java?rev=1448193&r1=1448192&r2=1448193&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SecurityContextTokenBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SecurityContextTokenBuilder.java Wed Feb 20 14:42:21 2013
@@ -53,33 +53,34 @@ public class SecurityContextTokenBuilder
contextToken.setInclusion(consts.getInclusionFromAttributeValue(includeAttr));
}
- element = PolicyConstants.findPolicyElement(element);
- if (element == null && consts != SP11Constants.INSTANCE) {
+ Element policyElement = PolicyConstants.findPolicyElement(element);
+ if (policyElement == null && consts != SP11Constants.INSTANCE) {
throw new IllegalArgumentException(
"sp:SecurityContextToken/wsp:Policy must have a value"
);
}
- if (element != null) {
- if (DOMUtils.getFirstChildWithName(element,
+ if (policyElement != null) {
+ contextToken.setPolicy(policyElement);
+ if (DOMUtils.getFirstChildWithName(policyElement,
consts.getNamespace(),
SPConstants.REQUIRE_DERIVED_KEYS) != null) {
contextToken.setDerivedKeys(true);
}
- if (DOMUtils.getFirstChildWithName(element,
+ if (DOMUtils.getFirstChildWithName(policyElement,
consts.getNamespace(),
SPConstants.REQUIRE_EXTERNAL_URI_REFERENCE) != null) {
contextToken.setRequireExternalUriRef(true);
}
- if (DOMUtils.getFirstChildWithName(element,
+ if (DOMUtils.getFirstChildWithName(policyElement,
consts.getNamespace(),
SPConstants.SC10_SECURITY_CONTEXT_TOKEN) != null) {
contextToken.setSc10SecurityContextToken(true);
}
- if (DOMUtils.getFirstChildWithName(element,
+ if (DOMUtils.getFirstChildWithName(policyElement,
consts.getNamespace(),
SPConstants.SC13_SECURITY_CONTEXT_TOKEN) != null) {
contextToken.setSc13SecurityContextToken(true);
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SpnegoContextTokenBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SpnegoContextTokenBuilder.java?rev=1448193&r1=1448192&r2=1448193&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SpnegoContextTokenBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SpnegoContextTokenBuilder.java Wed Feb 20 14:42:21 2013
@@ -68,6 +68,7 @@ public class SpnegoContextTokenBuilder i
QName qn = DOMUtils.getElementQName(elem);
if (Constants.isPolicyElement(qn)) {
foundPolicy = true;
+ spnegoContextToken.setPolicy(elem);
if (DOMUtils.getFirstChildWithName(elem, consts.getNamespace(),
SPConstants.REQUIRE_DERIVED_KEYS) != null) {
spnegoContextToken.setDerivedKeys(true);
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/UsernameTokenBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/UsernameTokenBuilder.java?rev=1448193&r1=1448192&r2=1448193&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/UsernameTokenBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/UsernameTokenBuilder.java Wed Feb 20 14:42:21 2013
@@ -65,6 +65,7 @@ public class UsernameTokenBuilder implem
);
}
if (polEl != null) {
+ usernameToken.setPolicy(polEl);
NodeList children = polEl.getChildNodes();
if (children != null) {
for (int i = 0; i < children.getLength(); i++) {
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/X509TokenBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/X509TokenBuilder.java?rev=1448193&r1=1448192&r2=1448193&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/X509TokenBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/X509TokenBuilder.java Wed Feb 20 14:42:21 2013
@@ -70,6 +70,7 @@ public class X509TokenBuilder implements
}
if (policyElement != null) {
+ x509Token.setPolicy(policyElement);
if (DOMUtils.getFirstChildWithName(policyElement, consts.getRequiredDerivedKeys()) != null) {
x509Token.setDerivedKeys(true);
} else if (DOMUtils.getFirstChildWithName(policyElement,
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java?rev=1448193&r1=1448192&r2=1448193&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java Wed Feb 20 14:42:21 2013
@@ -343,6 +343,10 @@ public class IssuedTokenInterceptorProvi
client.setTrust(getTrust10(aim));
client.setTrust(getTrust13(aim));
client.setTemplate(itok.getRstTemplate());
+ Element policy = itok.getPolicy();
+ if (policy != null && policy.getNamespaceURI() != null) {
+ client.setWspNamespace(policy.getNamespaceURI());
+ }
if (maps != null && maps.getNamespaceURI() != null) {
client.setAddressingNamespace(maps.getNamespaceURI());
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/Token.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/Token.java?rev=1448193&r1=1448192&r2=1448193&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/Token.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/Token.java Wed Feb 20 14:42:21 2013
@@ -18,6 +18,8 @@
*/
package org.apache.cxf.ws.security.policy.model;
+import org.w3c.dom.Element;
+
import org.apache.cxf.ws.security.policy.SPConstants;
import org.apache.cxf.ws.security.policy.SPConstants.IncludeTokenType;
@@ -40,6 +42,11 @@ public abstract class Token extends Abst
private String issuerName;
/**
+ * A reference to the DOM wsp:Policy child Element
+ */
+ private Element policy;
+
+ /**
* A Reference to a parent SupportingToken assertion
*/
private SupportingToken supportingToken;
@@ -116,4 +123,12 @@ public abstract class Token extends Abst
public void setSupportingToken(SupportingToken supportingToken) {
this.supportingToken = supportingToken;
}
+
+ public Element getPolicy() {
+ return policy;
+ }
+
+ public void setPolicy(Element policy) {
+ this.policy = policy;
+ }
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java?rev=1448193&r1=1448192&r2=1448193&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java Wed Feb 20 14:42:21 2013
@@ -91,6 +91,7 @@ import org.apache.cxf.ws.policy.PolicyCo
import org.apache.cxf.ws.policy.PolicyEngine;
import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion;
import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.policy.SPConstants;
import org.apache.cxf.ws.security.policy.model.AlgorithmSuite;
import org.apache.cxf.ws.security.policy.model.Binding;
import org.apache.cxf.ws.security.policy.model.Header;
@@ -158,6 +159,7 @@ public abstract class AbstractSTSClient
protected AlgorithmSuite algorithmSuite;
protected String namespace = STSUtils.WST_NS_05_12;
protected String addressingNamespace = "http://www.w3.org/2005/08/addressing";
+ protected String wspNamespace = SPConstants.P_NS;
protected Object onBehalfOf;
protected boolean enableAppliesTo = true;
@@ -1177,8 +1179,12 @@ public abstract class AbstractSTSClient
protected void addAppliesTo(XMLStreamWriter writer, String appliesTo) throws XMLStreamException {
if (appliesTo != null && addressingNamespace != null) {
- writer.writeStartElement("wsp", "AppliesTo", "http://schemas.xmlsoap.org/ws/2004/09/policy");
- writer.writeNamespace("wsp", "http://schemas.xmlsoap.org/ws/2004/09/policy");
+ String policyNS = wspNamespace;
+ if (policyNS == null) {
+ policyNS = "http://schemas.xmlsoap.org/ws/2004/09/policy";
+ }
+ writer.writeStartElement("wsp", "AppliesTo", policyNS);
+ writer.writeNamespace("wsp", policyNS);
writer.writeStartElement("wsa", "EndpointReference", addressingNamespace);
writer.writeNamespace("wsa", addressingNamespace);
writer.writeStartElement("wsa", "Address", addressingNamespace);
@@ -1581,4 +1587,12 @@ public abstract class AbstractSTSClient
return crypto;
}
}
+
+ public String getWspNamespace() {
+ return wspNamespace;
+ }
+
+ public void setWspNamespace(String wspNamespace) {
+ this.wspNamespace = wspNamespace;
+ }
}