You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by gi...@apache.org on 2013/07/30 11:57:58 UTC
svn commit: r1508366 - /webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java

Author: giger
Date: Tue Jul 30 09:57:58 2013
New Revision: 1508366

URL: http://svn.apache.org/r1508366
Log:
WSS-470 - AsymmetricBinding + ProtectTokens validation not working 

Modified:
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java?rev=1508366&r1=1508365&r2=1508366&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java Tue Jul 30 09:57:58 2013
@@ -217,8 +217,8 @@ public class InboundWSSecurityContextImp
             boolean signsTimestamp = signsElement(tokenSecurityEvent, timestampElementPath, securityEventDeque);
 
             List<QName> usernameTokenElementPath = new ArrayList<QName>(4);
-            timestampElementPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
-            timestampElementPath.add(WSSConstants.TAG_wsse_UsernameToken);
+            usernameTokenElementPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+            usernameTokenElementPath.add(WSSConstants.TAG_wsse_UsernameToken);
             boolean encryptsUsernameToken = encryptsElement(tokenSecurityEvent, usernameTokenElementPath, securityEventDeque);
 
             boolean transportSecurityActive = Boolean.TRUE == get(WSSConstants.TRANSPORT_SECURITY_ACTIVE);
@@ -291,14 +291,14 @@ public class InboundWSSecurityContextImp
             TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent =
                     getTokenSecurityEvent(messageSignatureToken, tokenSecurityEvents);
             if (tokenSecurityEvent != null) {
-                supportingTokens.remove(tokenSecurityEvent);
-                signedSupportingTokens.remove(tokenSecurityEvent);
-                endorsingSupportingTokens.remove(tokenSecurityEvent);
-                signedEndorsingSupportingTokens.remove(tokenSecurityEvent);
-                signedEncryptedSupportingTokens.remove(tokenSecurityEvent);
-                encryptedSupportingTokens.remove(tokenSecurityEvent);
-                endorsingEncryptedSupportingTokens.remove(tokenSecurityEvent);
-                signedEndorsingEncryptedSupportingTokens.remove(tokenSecurityEvent);
+                removeTokenSecurityEvent(tokenSecurityEvent, supportingTokens);
+                removeTokenSecurityEvent(tokenSecurityEvent, signedSupportingTokens);
+                removeTokenSecurityEvent(tokenSecurityEvent, endorsingSupportingTokens);
+                removeTokenSecurityEvent(tokenSecurityEvent, signedEndorsingSupportingTokens);
+                removeTokenSecurityEvent(tokenSecurityEvent, signedEncryptedSupportingTokens);
+                removeTokenSecurityEvent(tokenSecurityEvent, encryptedSupportingTokens);
+                removeTokenSecurityEvent(tokenSecurityEvent, endorsingEncryptedSupportingTokens);
+                removeTokenSecurityEvent(tokenSecurityEvent, signedEndorsingEncryptedSupportingTokens);
                 messageSignatureTokens = addTokenSecurityEvent(tokenSecurityEvent, messageSignatureTokens);
             }
         }
@@ -341,6 +341,17 @@ public class InboundWSSecurityContextImp
         setTokenUsage(signedEndorsingEncryptedSupportingTokens, WSSecurityTokenConstants.TokenUsage_SignedEndorsingEncryptedSupportingTokens);
     }
 
+    private void removeTokenSecurityEvent(TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent,
+                                          List<TokenSecurityEvent<? extends InboundSecurityToken>> tokenSecurityEventList) {
+        for (int i = 0; i < tokenSecurityEventList.size(); i++) {
+            TokenSecurityEvent<? extends InboundSecurityToken> securityEvent = tokenSecurityEventList.get(i);
+            if (securityEvent.getSecurityToken().getId().equals(tokenSecurityEvent.getSecurityToken().getId())) {
+                tokenSecurityEventList.remove(securityEvent);
+                return;
+            }
+        }
+    }
+
     private List<TokenSecurityEvent<? extends InboundSecurityToken>> addTokenSecurityEvent(
             TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent,
             List<TokenSecurityEvent<? extends InboundSecurityToken>> tokenSecurityEventList) {