You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/03/13 12:07:51 UTC
[10/10] cxf git commit: Merge branch 'opensaml-3.0-port'
Merge branch 'opensaml-3.0-port'
Conflicts:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureConfirmationTest.java
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e47f87b1
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e47f87b1
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e47f87b1
Branch: refs/heads/master
Commit: e47f87b16a3215bd5040788bbc898cc8b13c101b
Parents: 26762a7 fc78cd3
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Mar 13 11:07:28 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Mar 13 11:07:28 2015 +0000
----------------------------------------------------------------------
.../src/main/release/samples/sts/pom.xml | 38 -------
parent/pom.xml | 8 +-
pom.xml | 8 ++
.../grants/saml/Saml2BearerGrantHandler.java | 5 +-
.../oauth2/saml/SamlOAuthValidator.java | 14 +--
...AbstractRequestAssertionConsumerHandler.java | 15 ++-
.../saml/sso/AbstractServiceProviderFilter.java | 2 +-
.../security/saml/sso/AuthnRequestBuilder.java | 2 +-
.../saml/sso/DefaultAuthnRequestBuilder.java | 14 +--
.../saml/sso/SAMLProtocolResponseValidator.java | 98 +++++++----------
.../saml/sso/SAMLSSOResponseValidator.java | 22 ++--
.../saml/sso/SamlPostBindingFilter.java | 21 ++--
.../saml/sso/SamlRedirectBindingFilter.java | 2 +-
.../saml/sso/SamlpRequestComponentBuilder.java | 25 +++--
.../saml/sso/AuthnRequestBuilderTest.java | 14 +--
.../security/saml/sso/SAML2CallbackHandler.java | 4 +-
.../sso/SAML2PResponseComponentBuilder.java | 23 ++--
.../saml/sso/SAMLResponseValidatorTest.java | 28 +++--
.../saml/sso/SAMLSSOResponseValidatorTest.java | 24 ++--
.../rs/security/saml/AbstractSamlInHandler.java | 5 +-
.../apache/cxf/rs/security/saml/SAMLUtils.java | 4 +-
.../rs/security/xml/XmlSecOutInterceptor.java | 2 +-
.../rs/security/xml/XmlSigOutInterceptor.java | 4 +-
rt/security/pom.xml | 22 ++++
.../apache/cxf/rt/security/saml/SAMLUtils.java | 14 +--
.../AbstractXACMLAuthorizingInterceptor.java | 34 +++---
.../security/xacml/RequestComponentBuilder.java | 7 +-
.../xacml/SamlRequestComponentBuilder.java | 13 ++-
.../rt/security/saml/SamlCallbackHandler.java | 6 +-
.../apache/cxf/rt/security/xacml/DummyPDP.java | 11 +-
.../security/xacml/XACMLRequestBuilderTest.java | 16 +--
rt/ws/security/pom.xml | 10 --
.../SecureConversationInInterceptor.java | 5 +-
.../SpnegoContextTokenInInterceptor.java | 3 +
.../ws/security/tokenstore/SecurityToken.java | 30 ++---
.../wss4j/AbstractWSS4JInterceptor.java | 15 +--
.../wss4j/AttachmentCallbackHandler.java | 13 +--
.../wss4j/BinarySecurityTokenInterceptor.java | 36 +-----
.../ws/security/wss4j/CXFCallbackLookup.java | 50 +++++++++
.../cxf/ws/security/wss4j/CXFRequestData.java | 78 +++++++++++++
.../wss4j/PolicyBasedWSS4JOutInterceptor.java | 27 +++--
.../ws/security/wss4j/SamlTokenInterceptor.java | 52 ++-------
.../wss4j/UsernameTokenInterceptor.java | 55 +---------
.../ws/security/wss4j/WSS4JInInterceptor.java | 109 +++----------------
.../ws/security/wss4j/WSS4JOutInterceptor.java | 13 +--
.../cxf/ws/security/wss4j/WSS4JUtils.java | 13 ++-
.../policyhandlers/AbstractBindingBuilder.java | 60 ++++++----
.../AbstractStaxBindingHandler.java | 6 +-
.../AsymmetricBindingHandler.java | 15 ++-
.../policyhandlers/SymmetricBindingHandler.java | 20 ++--
.../policyhandlers/TransportBindingHandler.java | 17 ++-
.../DefaultClaimsPolicyValidator.java | 20 ++--
.../IssuedTokenPolicyValidator.java | 2 +-
.../SamlTokenPolicyValidator.java | 2 +-
.../wss4j/AbstractPolicySecurityTest.java | 10 +-
.../wss4j/SignatureConfirmationTest.java | 11 +-
.../cxf/ws/security/wss4j/WSS4JInOutTest.java | 26 +++--
.../wss4j/saml/SAML1CallbackHandler.java | 4 +-
.../wss4j/saml/SAML2CallbackHandler.java | 4 +-
.../apache/cxf/sts/claims/ClaimsManager.java | 24 ++--
.../cxf/sts/operation/AbstractOperation.java | 6 +-
.../apache/cxf/sts/request/RequestParser.java | 6 +-
.../token/delegation/SAMLDelegationHandler.java | 8 +-
.../sts/token/provider/SAMLTokenProvider.java | 2 +-
.../cxf/sts/token/provider/SCTProvider.java | 3 +
.../sts/token/provider/SamlCallbackHandler.java | 6 +-
.../cxf/sts/token/renewer/SAMLTokenRenewer.java | 22 ++--
.../sts/token/validator/SAMLTokenValidator.java | 10 +-
.../cxf/sts/common/CustomClaimsHandler.java | 13 ++-
.../cxf/sts/token/provider/SAMLClaimsTest.java | 4 +-
.../systest/sts/batch/SAMLBatchUnitTest.java | 2 +-
.../cxf/systest/sts/claims/ClaimsValidator.java | 23 ++--
.../systest/sts/claims/StaxClaimsValidator.java | 22 ++--
.../sts/realms/DifferentRealmValidator.java | 2 +-
.../sts/secure_conv/SCTSAMLTokenProvider.java | 2 +-
.../sts/bearer/Saml2CallbackHandler.java | 4 +-
.../OnBehalfOfValidator.java | 8 +-
.../sts/sendervouches/Saml2CallbackHandler.java | 4 +-
.../sts/username_actas/ActAsValidator.java | 9 +-
services/xkms/pom.xml | 2 +-
services/xkms/xkms-client/pom.xml | 10 --
services/xkms/xkms-common/pom.xml | 10 --
systests/jaxws/pom.xml | 4 -
systests/rs-security/pom.xml | 4 -
.../security/oauth2/SamlCallbackHandler.java | 4 +-
.../security/oauth2/SamlCallbackHandler2.java | 4 +-
.../security/saml/SamlCallbackHandler.java | 6 +-
.../examples/saml/SamlCallbackHandler.java | 4 +-
.../systest/ws/saml/CustomSaml2Validator.java | 4 +-
.../ws/saml/PolicyDecisionPointMockImpl.java | 12 +-
.../ws/saml/client/SamlCallbackHandler.java | 6 +-
.../ws/saml/client/SamlRoleCallbackHandler.java | 6 +-
92 files changed, 681 insertions(+), 786 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/e47f87b1/parent/pom.xml
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/e47f87b1/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
----------------------------------------------------------------------
diff --cc rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
index ef97425,0e17843..b70f13a
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
@@@ -370,22 -346,13 +369,24 @@@ class SecureConversationInInterceptor e
if (keySize < 128 || keySize > 512) {
keySize = 256;
}
-
+
writer.writeStartElement(prefix, "RequestedSecurityToken", namespace);
- SecurityContextToken sct =
- new SecurityContextToken(NegotiationUtils.getWSCVersion(tokenType), writer.getDocument());
- WSSConfig wssConfig = WSSConfig.getNewInstance();
- sct.setID(wssConfig.getIdAllocator().createId("sctId-", sct));
-
+ SecurityContextToken sct;
+ if (tokenIdToRenew != null) {
+ ((TokenStore)exchange.get(Endpoint.class).getEndpointInfo()
+ .getProperty(TokenStore.class.getName())).remove(tokenIdToRenew);
+ sct = new SecurityContextToken(
+ NegotiationUtils.getWSCVersion(tokenType), writer.getDocument(),
+ tokenIdToRenew);
+ sct.setID(WSSConfig.getNewInstance().getIdAllocator()
+ .createSecureId("sctId-", sct.getElement()));
+ } else {
+ sct = new SecurityContextToken(
+ NegotiationUtils.getWSCVersion(tokenType), writer.getDocument());
++ sct.setID(WSSConfig.getNewInstance().getIdAllocator()
++ .createSecureId("sctId-", sct.getElement()));
+ }
+
Date created = new Date();
Date expires = new Date();
expires.setTime(created.getTime() + ttl);
@@@ -569,4 -536,4 +570,4 @@@
--}
++}
http://git-wip-us.apache.org/repos/asf/cxf/blob/e47f87b1/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/e47f87b1/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
----------------------------------------------------------------------
diff --cc rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
index e9e3c52,f5a6173..bd9ae7c
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
@@@ -236,32 -218,7 +218,7 @@@ public class UsernameTokenInterceptor e
throw WSS4JUtils.createSoapFault(message, message.getVersion(), ex);
}
}
-
+
- private Validator loadValidator(String validatorKey, SoapMessage message) throws WSSecurityException {
- Object o = message.getContextualProperty(validatorKey);
- if (o == null) {
- return null;
- }
- try {
- if (o instanceof Validator) {
- return (Validator)o;
- } else if (o instanceof Class) {
- return (Validator)((Class<?>)o).newInstance();
- } else if (o instanceof String) {
- return (Validator)ClassLoaderUtils.loadClass(o.toString(),
- UsernameTokenInterceptor.class)
- .newInstance();
- } else {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
- "Cannot load Validator: " + o);
- }
- } catch (RuntimeException t) {
- throw t;
- } catch (Exception ex) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
- }
- }
-
protected UsernameTokenPrincipal parseTokenAndCreatePrincipal(Element tokenElement, boolean bspCompliant)
throws WSSecurityException, Base64DecodingException {
BSPEnforcer bspEnforcer = new BSPEnforcer(!bspCompliant);
http://git-wip-us.apache.org/repos/asf/cxf/blob/e47f87b1/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/e47f87b1/systests/jaxws/pom.xml
----------------------------------------------------------------------