You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2017/09/19 16:03:12 UTC
[cxf] branch 3.1.x-fixes updated: [CXF-7503] Updating JOSE
interceptors to optionally check empty streams
This is an automated email from the ASF dual-hosted git repository.
sergeyb pushed a commit to branch 3.1.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/3.1.x-fixes by this push:
new 7639f1e [CXF-7503] Updating JOSE interceptors to optionally check empty streams
7639f1e is described below
commit 7639f1e5ddb30d94dbb0ca05040aab19d7dfe02a
Author: Sergey Beryozkin <sb...@gmail.com>
AuthorDate: Tue Sep 19 17:01:32 2017 +0100
[CXF-7503] Updating JOSE interceptors to optionally check empty streams
---
.../rs/security/jose/jaxrs/AbstractJweDecryptingFilter.java | 11 +++++++++++
.../security/jose/jaxrs/AbstractJweJsonDecryptingFilter.java | 9 +++++++++
.../rs/security/jose/jaxrs/AbstractJwsJsonReaderProvider.java | 11 +++++++++++
.../cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java | 10 ++++++++++
.../cxf/rs/security/jose/jaxrs/JweClientResponseFilter.java | 4 ++++
.../cxf/rs/security/jose/jaxrs/JweContainerRequestFilter.java | 4 +++-
.../rs/security/jose/jaxrs/JweJsonClientResponseFilter.java | 4 ++++
.../rs/security/jose/jaxrs/JweJsonContainerRequestFilter.java | 4 +++-
.../cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java | 3 +++
.../cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java | 3 ++-
.../rs/security/jose/jaxrs/JwsJsonClientResponseFilter.java | 3 +++
.../rs/security/jose/jaxrs/JwsJsonContainerRequestFilter.java | 3 ++-
12 files changed, 65 insertions(+), 4 deletions(-)
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweDecryptingFilter.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweDecryptingFilter.java
index 7e2f066..f19dfa0 100644
--- a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweDecryptingFilter.java
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweDecryptingFilter.java
@@ -38,6 +38,8 @@ public class AbstractJweDecryptingFilter {
private boolean validateHttpHeaders;
private JweDecryptionProvider decryption;
private String defaultMediaType;
+ private boolean checkEmptyStream;
+
protected JweDecryptionOutput decrypt(InputStream is) throws IOException {
JweCompactConsumer jwe = new JweCompactConsumer(new String(IOUtils.readBytesFromStream(is),
StandardCharsets.UTF_8));
@@ -83,4 +85,13 @@ public class AbstractJweDecryptingFilter {
public void setProtectedHttpHeaders(Set<String> protectedHttpHeaders) {
this.protectedHttpHeaders = protectedHttpHeaders;
}
+
+ public boolean isCheckEmptyStream() {
+ return checkEmptyStream;
+ }
+
+ public void setCheckEmptyStream(boolean checkEmptyStream) {
+ this.checkEmptyStream = checkEmptyStream;
+ }
+
}
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweJsonDecryptingFilter.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweJsonDecryptingFilter.java
index 9180ad9..f187bdc 100644
--- a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweJsonDecryptingFilter.java
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweJsonDecryptingFilter.java
@@ -42,6 +42,7 @@ public class AbstractJweJsonDecryptingFilter {
private JweDecryptionProvider decryption;
private String defaultMediaType;
private Map<String, Object> recipientProperties;
+ private boolean checkEmptyStream;
protected JweDecryptionOutput decrypt(InputStream is) throws IOException {
JweJsonConsumer c = new JweJsonConsumer(new String(IOUtils.readBytesFromStream(is),
StandardCharsets.UTF_8));
@@ -96,4 +97,12 @@ public class AbstractJweJsonDecryptingFilter {
public void setProtectedHttpHeaders(Set<String> protectedHttpHeaders) {
this.protectedHttpHeaders = protectedHttpHeaders;
}
+
+ public boolean isCheckEmptyStream() {
+ return checkEmptyStream;
+ }
+
+ public void setCheckEmptyStream(boolean checkEmptyStream) {
+ this.checkEmptyStream = checkEmptyStream;
+ }
}
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsJsonReaderProvider.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsJsonReaderProvider.java
index 8f2103b..0fbe040 100644
--- a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsJsonReaderProvider.java
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsJsonReaderProvider.java
@@ -42,6 +42,7 @@ public class AbstractJwsJsonReaderProvider {
private JwsSignatureVerifier sigVerifier;
private String defaultMediaType;
private Map<String, Object> entryProps;
+ private boolean checkEmptyStream;
public void setSignatureVerifier(JwsSignatureVerifier signatureVerifier) {
this.sigVerifier = signatureVerifier;
@@ -96,4 +97,14 @@ public class AbstractJwsJsonReaderProvider {
public void setProtectedHttpHeaders(Set<String> protectedHttpHeaders) {
this.protectedHttpHeaders = protectedHttpHeaders;
}
+
+ public boolean isCheckEmptyStream() {
+ return checkEmptyStream;
+ }
+
+ public void setCheckEmptyStream(boolean checkEmptyStream) {
+ this.checkEmptyStream = checkEmptyStream;
+ }
+
+
}
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java
index 124333a..fc10463 100644
--- a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java
@@ -33,6 +33,7 @@ public class AbstractJwsReaderProvider {
private JwsSignatureVerifier sigVerifier;
private String defaultMediaType;
+ private boolean checkEmptyStream;
public void setSignatureVerifier(JwsSignatureVerifier signatureVerifier) {
this.sigVerifier = signatureVerifier;
@@ -69,4 +70,13 @@ public class AbstractJwsReaderProvider {
public void setProtectedHttpHeaders(Set<String> protectedHttpHeaders) {
this.protectedHttpHeaders = protectedHttpHeaders;
}
+
+ public boolean isCheckEmptyStream() {
+ return checkEmptyStream;
+ }
+
+ public void setCheckEmptyStream(boolean checkEmptyStream) {
+ this.checkEmptyStream = checkEmptyStream;
+ }
+
}
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweClientResponseFilter.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweClientResponseFilter.java
index 4b02790..b66d07d 100644
--- a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweClientResponseFilter.java
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweClientResponseFilter.java
@@ -26,6 +26,7 @@ import javax.ws.rs.client.ClientRequestContext;
import javax.ws.rs.client.ClientResponseContext;
import javax.ws.rs.client.ClientResponseFilter;
+import org.apache.cxf.helpers.IOUtils;
import org.apache.cxf.rs.security.jose.common.JoseUtils;
import org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput;
@@ -33,6 +34,9 @@ import org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput;
public class JweClientResponseFilter extends AbstractJweDecryptingFilter implements ClientResponseFilter {
@Override
public void filter(ClientRequestContext req, ClientResponseContext res) throws IOException {
+ if (isCheckEmptyStream() && IOUtils.isEmpty(res.getEntityStream())) {
+ return;
+ }
JweDecryptionOutput out = decrypt(res.getEntityStream());
byte[] bytes = out.getContent();
res.setEntityStream(new ByteArrayInputStream(bytes));
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweContainerRequestFilter.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweContainerRequestFilter.java
index d22cc79..951c237 100644
--- a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweContainerRequestFilter.java
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweContainerRequestFilter.java
@@ -27,6 +27,7 @@ import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.PreMatching;
+import org.apache.cxf.helpers.IOUtils;
import org.apache.cxf.rs.security.jose.common.JoseUtils;
import org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput;
@@ -35,7 +36,8 @@ import org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput;
public class JweContainerRequestFilter extends AbstractJweDecryptingFilter implements ContainerRequestFilter {
@Override
public void filter(ContainerRequestContext context) throws IOException {
- if (HttpMethod.GET.equals(context.getMethod())) {
+ if (HttpMethod.GET.equals(context.getMethod())
+ || isCheckEmptyStream() && IOUtils.isEmpty(context.getEntityStream())) {
return;
}
JweDecryptionOutput out = decrypt(context.getEntityStream());
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweJsonClientResponseFilter.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweJsonClientResponseFilter.java
index 8503a70..9ee2b66 100644
--- a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweJsonClientResponseFilter.java
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweJsonClientResponseFilter.java
@@ -26,6 +26,7 @@ import javax.ws.rs.client.ClientRequestContext;
import javax.ws.rs.client.ClientResponseContext;
import javax.ws.rs.client.ClientResponseFilter;
+import org.apache.cxf.helpers.IOUtils;
import org.apache.cxf.rs.security.jose.common.JoseUtils;
import org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput;
@@ -33,6 +34,9 @@ import org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput;
public class JweJsonClientResponseFilter extends AbstractJweJsonDecryptingFilter implements ClientResponseFilter {
@Override
public void filter(ClientRequestContext req, ClientResponseContext res) throws IOException {
+ if (isCheckEmptyStream() && IOUtils.isEmpty(res.getEntityStream())) {
+ return;
+ }
JweDecryptionOutput out = decrypt(res.getEntityStream());
byte[] bytes = out.getContent();
res.setEntityStream(new ByteArrayInputStream(bytes));
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweJsonContainerRequestFilter.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweJsonContainerRequestFilter.java
index 5980b77..6373483 100644
--- a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweJsonContainerRequestFilter.java
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweJsonContainerRequestFilter.java
@@ -27,6 +27,7 @@ import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.PreMatching;
+import org.apache.cxf.helpers.IOUtils;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.rs.security.jose.common.JoseUtils;
import org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput;
@@ -37,7 +38,8 @@ import org.apache.cxf.rs.security.jose.jwe.JweException;
public class JweJsonContainerRequestFilter extends AbstractJweJsonDecryptingFilter implements ContainerRequestFilter {
@Override
public void filter(ContainerRequestContext context) throws IOException {
- if (HttpMethod.GET.equals(context.getMethod())) {
+ if (HttpMethod.GET.equals(context.getMethod())
+ || isCheckEmptyStream() && IOUtils.isEmpty(context.getEntityStream())) {
return;
}
try {
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java
index 164a0ef..ecbd49c 100644
--- a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java
@@ -36,6 +36,9 @@ import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
public class JwsClientResponseFilter extends AbstractJwsReaderProvider implements ClientResponseFilter {
@Override
public void filter(ClientRequestContext req, ClientResponseContext res) throws IOException {
+ if (isCheckEmptyStream() && IOUtils.isEmpty(res.getEntityStream())) {
+ return;
+ }
JwsCompactConsumer p = new JwsCompactConsumer(IOUtils.readStringFromStream(res.getEntityStream()));
JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier(p.getJwsHeaders());
if (!p.verifySignatureWith(theSigVerifier)) {
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java
index 3c6956d..5031005 100644
--- a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java
@@ -41,7 +41,8 @@ import org.apache.cxf.security.SecurityContext;
public class JwsContainerRequestFilter extends AbstractJwsReaderProvider implements ContainerRequestFilter {
@Override
public void filter(ContainerRequestContext context) throws IOException {
- if (HttpMethod.GET.equals(context.getMethod())) {
+ if (HttpMethod.GET.equals(context.getMethod())
+ || isCheckEmptyStream() && IOUtils.isEmpty(context.getEntityStream())) {
return;
}
JwsCompactConsumer p = new JwsCompactConsumer(IOUtils.readStringFromStream(context.getEntityStream()));
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonClientResponseFilter.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonClientResponseFilter.java
index e342577..7d6ef35 100644
--- a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonClientResponseFilter.java
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonClientResponseFilter.java
@@ -36,6 +36,9 @@ import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
public class JwsJsonClientResponseFilter extends AbstractJwsJsonReaderProvider implements ClientResponseFilter {
@Override
public void filter(ClientRequestContext req, ClientResponseContext res) throws IOException {
+ if (isCheckEmptyStream() && IOUtils.isEmpty(res.getEntityStream())) {
+ return;
+ }
JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier();
JwsJsonConsumer c = new JwsJsonConsumer(IOUtils.readStringFromStream(res.getEntityStream()));
validate(c, theSigVerifier);
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonContainerRequestFilter.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonContainerRequestFilter.java
index e4bbb03..c7845bb 100644
--- a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonContainerRequestFilter.java
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonContainerRequestFilter.java
@@ -40,7 +40,8 @@ import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
public class JwsJsonContainerRequestFilter extends AbstractJwsJsonReaderProvider implements ContainerRequestFilter {
@Override
public void filter(ContainerRequestContext context) throws IOException {
- if (HttpMethod.GET.equals(context.getMethod())) {
+ if (HttpMethod.GET.equals(context.getMethod())
+ || isCheckEmptyStream() && IOUtils.isEmpty(context.getEntityStream())) {
return;
}
JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier();
--
To stop receiving notification emails like this one, please contact
['"commits@cxf.apache.org" <co...@cxf.apache.org>'].