You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/10/23 14:49:44 UTC
[cxf] branch 3.1.x-fixes updated (e3e66a0 -> e909686)
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a change to branch 3.1.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git.
from e3e66a0 Recording .gitmergeinfo Changes
new 3f5742f CXF-7536 - Add a STRTransform when signing a SAML Token via a SignedElements policy
new e909686 Recording .gitmergeinfo Changes
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.gitmergeinfo | 1 +
.../policyhandlers/AbstractBindingBuilder.java | 33 ++++++++++++++++++----
2 files changed, 28 insertions(+), 6 deletions(-)
--
To stop receiving notification emails like this one, please contact
['"commits@cxf.apache.org" <co...@cxf.apache.org>'].
[cxf] 02/02: Recording .gitmergeinfo Changes
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.1.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit e90968677cefa304cd2c9499247acdfa081f119d
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Mon Oct 23 15:01:28 2017 +0100
Recording .gitmergeinfo Changes
---
.gitmergeinfo | 1 +
1 file changed, 1 insertion(+)
diff --git a/.gitmergeinfo b/.gitmergeinfo
index 2081d49..51c94e1 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -734,6 +734,7 @@ M 7476fc331f00a01851b5fbb66758818bef8ba2c4
M 74a5139520ac289d3a6d93da14573ef7501b8d1d
M 74b8db2dcc5fc60a513d9e73e258aeba99727a39
M 74cba28dbb550cfa25fa833f1593677cecd316c0
+M 76905b09c7f47b4fd9b48b53f9747984cece9a30
M 7690a1fd087aff24ad8e8e1ab2e0722e24bf3d81
M 79939ff189c0872317594690be2d85ae05958fa8
M 7aa8ebf5450c0a399e86fe5d50865fcd22849f63
--
To stop receiving notification emails like this one, please contact
"commits@cxf.apache.org" <co...@cxf.apache.org>.
[cxf] 01/02: CXF-7536 - Add a STRTransform when signing a SAML
Token via a SignedElements policy
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.1.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 3f5742fdbed560319d590d2f8d9d8e18ee0e4e68
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Mon Oct 23 14:59:06 2017 +0100
CXF-7536 - Add a STRTransform when signing a SAML Token via a SignedElements policy
# Conflicts:
# rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
---
.../policyhandlers/AbstractBindingBuilder.java | 33 ++++++++++++++++++----
1 file changed, 27 insertions(+), 6 deletions(-)
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index f835d20..e8312d2 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -216,7 +216,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
storeBytesInAttachment = false;
}
}
-
+
Element soapBody = SAAJUtils.getBody(saaj);
if (soapBody != null) {
callbackLookup = new CXFCallbackLookup(soapBody.getOwnerDocument(), soapBody);
@@ -575,7 +575,6 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
return ret;
}
-
protected void handleUsernameTokenSupportingToken(
UsernameToken token, boolean endorse, boolean encryptedToken, List<SupportingToken> ret
) throws WSSecurityException {
@@ -1380,6 +1379,11 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
List<WSEncryptionPart> result = new ArrayList<>();
if (xpaths != null && !xpaths.isEmpty()) {
+ boolean useSTRTransform =
+ MessageUtils.getContextualBoolean(
+ message, SecurityConstants.USE_STR_TRANSFORM, true
+ );
+
XPathFactory factory = XPathFactory.newInstance();
for (org.apache.wss4j.policy.model.XPath xPath : xpaths) {
XPath xpath = factory.newXPath();
@@ -1401,10 +1405,27 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
if (!found.contains(el)) {
found.add(el);
- String id = setIdOnElement(el, forceId);
- WSEncryptionPart part =
- new WSEncryptionPart(id, encryptionModifier);
- part.setElement(el);
+ WSEncryptionPart part = null;
+ boolean saml1 = WSS4JConstants.SAML_NS.equals(el.getNamespaceURI())
+ && "Assertion".equals(el.getLocalName());
+ boolean saml2 = WSS4JConstants.SAML2_NS.equals(el.getNamespaceURI())
+ && "Assertion".equals(el.getLocalName());
+
+ if (useSTRTransform && (saml1 || saml2)) {
+ String id = saml2 ? el.getAttributeNS(null, "ID")
+ : el.getAttributeNS(null, "AssertionID");
+ SecurityTokenReference secRef =
+ createSTRForSamlAssertion(el.getOwnerDocument(), id, saml1, false);
+ Element clone = cloneElement(secRef.getElement());
+ addSupportingElement(clone);
+ part = new WSEncryptionPart("STRTransform", null, "Element");
+ part.setId(secRef.getID());
+ part.setElement(clone);
+ } else {
+ String id = setIdOnElement(el, forceId);
+ part = new WSEncryptionPart(id, encryptionModifier);
+ part.setElement(el);
+ }
part.setXpath(xPath.getXPath());
result.add(part);
--
To stop receiving notification emails like this one, please contact
"commits@cxf.apache.org" <co...@cxf.apache.org>.