You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2009/07/08 22:27:04 UTC
svn commit: r792294 - in /cxf/branches/2.2.x-fixes: ./
rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/
systests/src/test/resources/wsdl_systest/
Author: dkulp
Date: Wed Jul 8 20:27:04 2009
New Revision: 792294
URL: http://svn.apache.org/viewvc?rev=792294&view=rev
Log:
Merged revisions 792265 via svnmerge from
https://svn.apache.org/repos/asf/cxf/trunk
........
r792265 | dkulp | 2009-07-08 15:02:30 -0400 (Wed, 08 Jul 2009) | 1 line
[CXF-2334] Support for the RequiredElements/RequiredParts assertions
........
Modified:
cxf/branches/2.2.x-fixes/ (props changed)
cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
cxf/branches/2.2.x-fixes/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl
Propchange: cxf/branches/2.2.x-fixes/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Jul 8 20:27:04 2009
@@ -1 +1 @@
-/cxf/trunk:782728-782730,783097,783294,783396,784059,784181-784184,784893,784895,785279-785282,785468,785621,785624,785651,785734,785866,786142,786271-786272,786395,786512,786514,786582-786583,786638,786647,786850,787200,787269,787277-787279,787290-787291,787305,787323,787366,787849,788030,788060,788187,788444,788451,788703,788752,788774,788819-788820,789013,789371,789387,789420,789527-789530,789704-789705,789788,789811,789896-789901,790074,790094,790134,790188,790294,790553,790637-790644,790868,791301,791354,791538,791753,791947,792007,792096,792183,792261-792264
+/cxf/trunk:782728-782730,783097,783294,783396,784059,784181-784184,784893,784895,785279-785282,785468,785621,785624,785651,785734,785866,786142,786271-786272,786395,786512,786514,786582-786583,786638,786647,786850,787200,787269,787277-787279,787290-787291,787305,787323,787366,787849,788030,788060,788187,788444,788451,788703,788752,788774,788819-788820,789013,789371,789387,789420,789527-789530,789704-789705,789788,789811,789896-789901,790074,790094,790134,790188,790294,790553,790637-790644,790868,791301,791354,791538,791753,791947,792007,792096,792183,792261-792265
Propchange: cxf/branches/2.2.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.
Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java?rev=792294&r1=792293&r2=792294&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java Wed Jul 8 20:27:04 2009
@@ -49,6 +49,8 @@
ASSERTION_TYPES.add(SP12Constants.USERNAME_TOKEN);
ASSERTION_TYPES.add(SP12Constants.TRANSPORT_TOKEN);
ASSERTION_TYPES.add(SP12Constants.SIGNED_PARTS);
+ ASSERTION_TYPES.add(SP12Constants.REQUIRED_PARTS);
+ ASSERTION_TYPES.add(SP12Constants.REQUIRED_ELEMENTS);
ASSERTION_TYPES.add(SP12Constants.ENCRYPTED_PARTS);
ASSERTION_TYPES.add(SP12Constants.ENCRYPTED_ELEMENTS);
ASSERTION_TYPES.add(SP12Constants.SIGNED_ELEMENTS);
Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=792294&r1=792293&r2=792294&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java Wed Jul 8 20:27:04 2009
@@ -32,10 +32,12 @@
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
+import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPMessage;
import javax.xml.stream.XMLStreamException;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import org.w3c.dom.Element;
@@ -60,6 +62,8 @@
import org.apache.cxf.ws.security.policy.model.AsymmetricBinding;
import org.apache.cxf.ws.security.policy.model.ContentEncryptedElements;
import org.apache.cxf.ws.security.policy.model.Header;
+import org.apache.cxf.ws.security.policy.model.RequiredElements;
+import org.apache.cxf.ws.security.policy.model.RequiredParts;
import org.apache.cxf.ws.security.policy.model.SignedEncryptedElements;
import org.apache.cxf.ws.security.policy.model.SignedEncryptedParts;
import org.apache.cxf.ws.security.policy.model.SymmetricBinding;
@@ -519,6 +523,8 @@
assertXPathTokens(aim, SP12Constants.ENCRYPTED_ELEMENTS, encrypted, msg, doc, "encrypted", false);
assertXPathTokens(aim, SP12Constants.CONTENT_ENCRYPTED_ELEMENTS, encrypted, msg,
doc, "encrypted", true);
+
+ assertHeadersExists(aim, msg, doc);
assertAsymetricBinding(aim, msg, doc, prots, hasDerivedKeys);
assertSymetricBinding(aim, msg, doc, prots, hasDerivedKeys);
@@ -539,6 +545,51 @@
super.doResults(msg, actor, doc, results);
}
+ private void assertHeadersExists(AssertionInfoMap aim, SoapMessage msg, SOAPMessage doc)
+ throws SOAPException {
+
+ SOAPHeader header = doc.getSOAPHeader();
+ Collection<AssertionInfo> ais = aim.get(SP12Constants.REQUIRED_PARTS);
+ if (ais != null) {
+ for (AssertionInfo ai : ais) {
+ RequiredParts rp = (RequiredParts)ai.getAssertion();
+ ai.setAsserted(true);
+ for (Header h : rp.getHeaders()) {
+ if (header == null || !header.getChildElements(h.getQName()).hasNext()) {
+ ai.setNotAsserted("No header element of name " + h.getQName() + " found.");
+ }
+ }
+ }
+ }
+ ais = aim.get(SP12Constants.REQUIRED_ELEMENTS);
+ if (ais != null) {
+ for (AssertionInfo ai : ais) {
+ RequiredElements rp = (RequiredElements)ai.getAssertion();
+ ai.setAsserted(true);
+ Map<String, String> namespaces = rp.getDeclaredNamespaces();
+ XPathFactory factory = XPathFactory.newInstance();
+ for (String expression : rp.getXPathExpressions()) {
+ XPath xpath = factory.newXPath();
+ if (namespaces != null) {
+ xpath.setNamespaceContext(new MapNamespaceContext(namespaces));
+ }
+ NodeList list;
+ try {
+ list = (NodeList)xpath.evaluate(expression,
+ header,
+ XPathConstants.NODESET);
+ if (list.getLength() == 0) {
+ ai.setNotAsserted("No header element matching XPath " + expression + " found.");
+ }
+ } catch (XPathExpressionException e) {
+ ai.setNotAsserted("Invalid XPath expression " + expression + " " + e.getMessage());
+ }
+ }
+ }
+ }
+
+ }
+
private boolean assertSymetricBinding(AssertionInfoMap aim,
SoapMessage message,
SOAPMessage doc,
@@ -586,7 +637,7 @@
Protections prots,
boolean derived) {
Collection<AssertionInfo> ais = aim.get(SP12Constants.ASYMMETRIC_BINDING);
- if (ais == null) {
+ if (ais == null) {
return true;
}
for (AssertionInfo ai : ais) {
Modified: cxf/branches/2.2.x-fixes/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl?rev=792294&r1=792293&r2=792294&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl (original)
+++ cxf/branches/2.2.x-fixes/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl Wed Jul 8 20:27:04 2009
@@ -392,6 +392,14 @@
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:XPath xmlns:example1="http://cxf.apache.org/policytest/DoubleIt">//example1:DoubleIt/numberToDouble</sp:XPath>
</sp:EncryptedElements>
+ <sp:RequiredElements
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:XPath xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">wsse:Security</sp:XPath>
+ </sp:RequiredElements>
+ <sp:RequiredParts
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Header Name="Security" Namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>
+ </sp:RequiredParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>