You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/09/30 16:38:44 UTC
svn commit: r1527598 - in /cxf/trunk:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/
systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/
systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509...
Author: coheigea
Date: Mon Sep 30 14:38:44 2013
New Revision: 1527598
URL: http://svn.apache.org/r1527598
Log:
Added support for outbound streaming XPath
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/BindingPropertiesTest.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/StaxBindingPropertiesTest.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/xkms/DoubleItXKMS.wsdl
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java?rev=1527598&r1=1527597&r2=1527598&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java Mon Sep 30 14:38:44 2013
@@ -68,6 +68,8 @@ import org.apache.wss4j.policy.model.Abs
import org.apache.wss4j.policy.model.AbstractToken;
import org.apache.wss4j.policy.model.AbstractTokenWrapper;
import org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType;
+import org.apache.wss4j.policy.model.ContentEncryptedElements;
+import org.apache.wss4j.policy.model.EncryptedElements;
import org.apache.wss4j.policy.model.EncryptedParts;
import org.apache.wss4j.policy.model.Header;
import org.apache.wss4j.policy.model.IssuedToken;
@@ -77,6 +79,7 @@ import org.apache.wss4j.policy.model.Lay
import org.apache.wss4j.policy.model.Layout.LayoutType;
import org.apache.wss4j.policy.model.SamlToken;
import org.apache.wss4j.policy.model.SamlToken.SamlTokenType;
+import org.apache.wss4j.policy.model.SignedElements;
import org.apache.wss4j.policy.model.SignedParts;
import org.apache.wss4j.policy.model.SupportingTokens;
import org.apache.wss4j.policy.model.SymmetricBinding;
@@ -86,6 +89,8 @@ import org.apache.wss4j.policy.model.Wss
import org.apache.wss4j.policy.model.Wss11;
import org.apache.wss4j.policy.model.X509Token;
import org.apache.wss4j.policy.model.X509Token.TokenType;
+import org.apache.wss4j.policy.model.XPath;
+import org.apache.wss4j.policy.stax.PolicyUtils;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.impl.securityToken.KerberosClientSecurityToken;
import org.apache.xml.security.stax.ext.SecurePart;
@@ -902,7 +907,7 @@ public abstract class AbstractStaxBindin
*/
protected List<SecurePart> getSignedParts() throws SOAPException {
SignedParts parts = null;
- // SignedElements elements = null;
+ SignedElements elements = null;
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.SIGNED_PARTS);
@@ -912,7 +917,7 @@ public abstract class AbstractStaxBindin
ai.setAsserted(true);
}
}
- /*
+
ais = getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ELEMENTS);
if (!ais.isEmpty()) {
for (AssertionInfo ai : ais) {
@@ -920,7 +925,6 @@ public abstract class AbstractStaxBindin
ai.setAsserted(true);
}
}
- */
List<SecurePart> signedParts = new ArrayList<SecurePart>();
if (parts != null) {
@@ -941,7 +945,16 @@ public abstract class AbstractStaxBindin
}
}
- // TODO Elements
+ if (elements != null && elements.getXPaths() != null) {
+ for (XPath xPath : elements.getXPaths()) {
+ List<QName> qnames = PolicyUtils.getElementPath(xPath);
+ if (!qnames.isEmpty()) {
+ SecurePart securePart =
+ new SecurePart(qnames.get(qnames.size() - 1), Modifier.Element);
+ signedParts.add(securePart);
+ }
+ }
+ }
return signedParts;
}
@@ -951,7 +964,8 @@ public abstract class AbstractStaxBindin
*/
protected List<SecurePart> getEncryptedParts() throws SOAPException {
EncryptedParts parts = null;
- // EncryptedElements elements = null;
+ EncryptedElements elements = null;
+ ContentEncryptedElements celements = null;
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.ENCRYPTED_PARTS);
@@ -961,7 +975,7 @@ public abstract class AbstractStaxBindin
ai.setAsserted(true);
}
}
- /*
+
ais = getAllAssertionsByLocalname(aim, SPConstants.ENCRYPTED_ELEMENTS);
if (!ais.isEmpty()) {
for (AssertionInfo ai : ais) {
@@ -969,15 +983,14 @@ public abstract class AbstractStaxBindin
ai.setAsserted(true);
}
}
- */
- /*ais = getAllAssertionsByLocalname(aim, SPConstants.CONTENT_ENCRYPTED_ELEMENTS);
+ ais = getAllAssertionsByLocalname(aim, SPConstants.CONTENT_ENCRYPTED_ELEMENTS);
if (!ais.isEmpty()) {
for (AssertionInfo ai : ais) {
celements = (ContentEncryptedElements)ai.getAssertion();
ai.setAsserted(true);
}
- }*/
+ }
List<SecurePart> encryptedParts = new ArrayList<SecurePart>();
if (parts != null) {
@@ -998,7 +1011,27 @@ public abstract class AbstractStaxBindin
}
}
- // TODO Elements
+ if (elements != null && elements.getXPaths() != null) {
+ for (XPath xPath : elements.getXPaths()) {
+ List<QName> qnames = PolicyUtils.getElementPath(xPath);
+ if (!qnames.isEmpty()) {
+ SecurePart securePart =
+ new SecurePart(qnames.get(qnames.size() - 1), Modifier.Element);
+ encryptedParts.add(securePart);
+ }
+ }
+ }
+
+ if (celements != null && celements.getXPaths() != null) {
+ for (XPath xPath : celements.getXPaths()) {
+ List<QName> qnames = PolicyUtils.getElementPath(xPath);
+ if (!qnames.isEmpty()) {
+ SecurePart securePart =
+ new SecurePart(qnames.get(qnames.size() - 1), Modifier.Content);
+ encryptedParts.add(securePart);
+ }
+ }
+ }
return encryptedParts;
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java?rev=1527598&r1=1527597&r2=1527598&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java Mon Sep 30 14:38:44 2013
@@ -20,10 +20,12 @@
package org.apache.cxf.ws.security.wss4j.policyhandlers;
import java.util.Collection;
+import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
+import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
import org.apache.cxf.binding.soap.SoapMessage;
@@ -50,6 +52,8 @@ import org.apache.wss4j.policy.model.Tra
import org.apache.wss4j.policy.model.TransportToken;
import org.apache.wss4j.policy.model.UsernameToken;
import org.apache.wss4j.policy.model.X509Token;
+import org.apache.wss4j.policy.model.XPath;
+import org.apache.wss4j.policy.stax.PolicyUtils;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
@@ -345,22 +349,16 @@ public class StaxTransportBindingHandler
optionalParts += "{Element}{" + head.getNamespace() + "}" + head.getName() + ";";
}
}
- /*
- * TODO
- if (signedElements != null) {
- // Handle SignedElements
- try {
- result.addAll(
- this.getElements(
- "Element", signedElements.getXPaths(), found, true
- )
- );
- } catch (XPathExpressionException e) {
- LOG.log(Level.FINE, e.getMessage(), e);
- // REVISIT
+
+ // Handle SignedElements
+ if (signedElements != null && signedElements.getXPaths() != null) {
+ for (XPath xPath : signedElements.getXPaths()) {
+ List<QName> qnames = PolicyUtils.getElementPath(xPath);
+ if (!qnames.isEmpty()) {
+ parts += "{Element}" + qnames.get(qnames.size() - 1) + ";";
+ }
}
}
- */
properties.put(ConfigurationConstants.SIGNATURE_PARTS, parts);
properties.put(ConfigurationConstants.OPTIONAL_SIGNATURE_PARTS, optionalParts);
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/BindingPropertiesTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/BindingPropertiesTest.java?rev=1527598&r1=1527597&r2=1527598&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/BindingPropertiesTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/BindingPropertiesTest.java Mon Sep 30 14:38:44 2013
@@ -81,9 +81,9 @@ public class BindingPropertiesTest exten
// DOM
port.doubleIt(25);
- // TODO - XPath support Streaming
- // SecurityTestUtil.enableStreaming(port);
- // port.doubleIt(25);
+ // Streaming
+ SecurityTestUtil.enableStreaming(port);
+ port.doubleIt(25);
// This should fail, as OnlySignEntireHeadersAndBody is specified
portQName = new QName(NAMESPACE, "DoubleItOnlySignPort");
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/StaxBindingPropertiesTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/StaxBindingPropertiesTest.java?rev=1527598&r1=1527597&r2=1527598&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/StaxBindingPropertiesTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/StaxBindingPropertiesTest.java Mon Sep 30 14:38:44 2013
@@ -60,9 +60,7 @@ public class StaxBindingPropertiesTest e
}
// Child of Body is signed which conflicts with the OnlySignEntireHeadersAndBody property
- // TODO Support for streaming XPath
@org.junit.Test
- @org.junit.Ignore
public void testOnlySignEntireHeadersAndBody() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
@@ -83,9 +81,9 @@ public class StaxBindingPropertiesTest e
// DOM
port.doubleIt(25);
- // TODO - XPath support Streaming
- // SecurityTestUtil.enableStreaming(port);
- // port.doubleIt(25);
+ // Streaming
+ SecurityTestUtil.enableStreaming(port);
+ port.doubleIt(25);
// This should fail, as OnlySignEntireHeadersAndBody is specified
portQName = new QName(NAMESPACE, "DoubleItOnlySignPort");
@@ -97,7 +95,7 @@ public class StaxBindingPropertiesTest e
port.doubleIt(25);
fail("Failure expected on OnlySignEntireHeadersAndBody property");
} catch (javax.xml.ws.soap.SOAPFaultException ex) {
- String error = "OnlySignEntireHeadersAndBody does not match the requirements";
+ String error = "OnlySignEntireHeadersAndBody not fulfilled";
assertTrue(ex.getMessage().contains(error));
}
@@ -107,7 +105,7 @@ public class StaxBindingPropertiesTest e
port.doubleIt(25);
fail("Failure expected on OnlySignEntireHeadersAndBody property");
} catch (javax.xml.ws.soap.SOAPFaultException ex) {
- // String error = "OnlySignEntireHeadersAndBody does not match the requirements";
+ // String error = "OnlySignEntireHeadersAndBody not fulfilled";
// assertTrue(ex.getMessage().contains(error));
}
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java?rev=1527598&r1=1527597&r2=1527598&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java Mon Sep 30 14:38:44 2013
@@ -894,9 +894,9 @@ public class X509TokenTest extends Abstr
// DOM
x509Port.doubleIt(25);
- // Streaming - TODO SignedElements not supported
- // SecurityTestUtil.enableStreaming(x509Port);
- // x509Port.doubleIt(25);
+ // Streaming
+ SecurityTestUtil.enableStreaming(x509Port);
+ x509Port.doubleIt(25);
((java.io.Closeable)x509Port).close();
bus.shutdown(true);
Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl?rev=1527598&r1=1527597&r2=1527598&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl Mon Sep 30 14:38:44 2013
@@ -134,7 +134,9 @@
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedElements>
- <sp:XPath>//*[local-name()='DoubleIt']</sp:XPath>
+ <sp:XPath xmlns:dns="http://www.example.org/schema/DoubleIt"
+ xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
+ >/soap:Envelope/soap:Body/dns:DoubleIt</sp:XPath>
</sp:SignedElements>
</wsp:All>
</wsp:ExactlyOne>
Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl?rev=1527598&r1=1527597&r2=1527598&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl Mon Sep 30 14:38:44 2013
@@ -1422,7 +1422,8 @@
<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
<sp:SignedElements>
- <sp:XPath>//*[local-name()='ReplyTo']</sp:XPath>
+ <sp:XPath xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
+ >/soap:Envelope/soap:Header/wsaws:ReplyTo</sp:XPath>
</sp:SignedElements>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
@@ -1486,7 +1487,8 @@
<wsp:ExactlyOne>
<wsp:All>
<sp:ContentEncryptedElements>
- <sp:XPath>//*[local-name()='Body']</sp:XPath>
+ <sp:XPath xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
+ >/soap:Envelope/soap:Body</sp:XPath>
</sp:ContentEncryptedElements>
<sp:SignedParts>
<sp:Body/>
@@ -1519,7 +1521,8 @@
<wsp:ExactlyOne>
<wsp:All>
<sp:ContentEncryptedElements>
- <sp:XPath>//*[local-name()='Body']</sp:XPath>
+ <sp:XPath xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
+ >/soap:Envelope/soap:Body</sp:XPath>
</sp:ContentEncryptedElements>
<sp:SignedParts>
<sp:Body/>
Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/xkms/DoubleItXKMS.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/xkms/DoubleItXKMS.wsdl?rev=1527598&r1=1527597&r2=1527598&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/xkms/DoubleItXKMS.wsdl (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/xkms/DoubleItXKMS.wsdl Mon Sep 30 14:38:44 2013
@@ -171,7 +171,8 @@
<wsp:ExactlyOne>
<wsp:All>
<sp:ContentEncryptedElements>
- <sp:XPath>//*[local-name()='Body']</sp:XPath>
+ <sp:XPath xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
+ >/soap:Envelope/soap:Body</sp:XPath>
</sp:ContentEncryptedElements>
<sp:SignedParts>
<sp:Body/>
@@ -195,7 +196,8 @@
<wsp:ExactlyOne>
<wsp:All>
<sp:ContentEncryptedElements>
- <sp:XPath>//*[local-name()='Body']</sp:XPath>
+ <sp:XPath xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
+ >/soap:Envelope/soap:Body</sp:XPath>
</sp:ContentEncryptedElements>
<sp:SignedParts>
<sp:Body/>