You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/04/04 11:06:49 UTC

[2/3] cxf git commit: CXF-7314 - Custom BinarySecurityTokens are not used to set up the security context

CXF-7314 - Custom BinarySecurityTokens are not used to set up the security context

# Conflicts:
#	rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c799670d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c799670d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c799670d

Branch: refs/heads/3.1.x-fixes
Commit: c799670d4bca30c7a1b316b378c8bfce90a7eeb7
Parents: e2fd915
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Apr 4 11:24:57 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Apr 4 12:05:45 2017 +0100

----------------------------------------------------------------------
 .../DefaultWSS4JSecurityContextCreator.java     | 29 +++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/c799670d/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java
index 7855d0e..2cbebd7 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java
@@ -40,10 +40,11 @@ import org.apache.cxf.rt.security.utils.SecurityUtils;
 import org.apache.cxf.security.SecurityContext;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.common.token.PKIPathSecurity;
+import org.apache.wss4j.common.token.X509Security;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
 import org.apache.wss4j.dom.handler.WSHandlerResult;
-import org.apache.wss4j.dom.message.token.KerberosSecurity;
 
 /**
  * The default implementation to create a SecurityContext from a set of WSS4J processing results.
@@ -93,6 +94,7 @@ public class DefaultWSS4JSecurityContextCreator implements WSS4JSecurityContextC
             List<WSSecurityEngineResult> foundResults = actionResults.get(resultPriority);
             if (foundResults != null && !foundResults.isEmpty()) {
                 for (WSSecurityEngineResult result : foundResults) {
+<<<<<<< HEAD
                     final Object binarySecurity = result.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
                     PublicKey publickey = 
                         (PublicKey)result.get(WSSecurityEngineResult.TAG_PUBLIC_KEY);
@@ -107,12 +109,37 @@ public class DefaultWSS4JSecurityContextCreator implements WSS4JSecurityContextC
                     if (context != null) {
                         msg.put(SecurityContext.class, context);
                         return;
+=======
+
+                    if (!skipResult(resultPriority, result)) {
+                        SecurityContext context = createSecurityContext(msg, useJAASSubject, result);
+                        if (context != null) {
+                            msg.put(SecurityContext.class, context);
+                            return;
+                        }
+>>>>>>> d1b8ff6... CXF-7314 - Custom BinarySecurityTokens are not used to set up the security context
                     }
                 }
             }
         }
     }
+<<<<<<< HEAD
     
+=======
+
+    private boolean skipResult(Integer resultPriority, WSSecurityEngineResult result) {
+        Object binarySecurity = result.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
+        PublicKey publickey =
+            (PublicKey)result.get(WSSecurityEngineResult.TAG_PUBLIC_KEY);
+        X509Certificate cert =
+            (X509Certificate)result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+
+        return resultPriority == WSConstants.BST
+            && (binarySecurity instanceof X509Security || binarySecurity instanceof PKIPathSecurity)
+            || resultPriority == WSConstants.SIGN && publickey == null && cert == null;
+    }
+
+>>>>>>> d1b8ff6... CXF-7314 - Custom BinarySecurityTokens are not used to set up the security context
     protected SecurityContext createSecurityContext(
         SoapMessage msg, boolean useJAASSubject, WSSecurityEngineResult wsResult
     ) {