You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/04/04 11:05:28 UTC
cxf git commit: CXF-7314 - Custom BinarySecurityTokens are not used
to set up the security context
Repository: cxf
Updated Branches:
refs/heads/master b77e43f19 -> d1b8ff637
CXF-7314 - Custom BinarySecurityTokens are not used to set up the security context
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d1b8ff63
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d1b8ff63
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d1b8ff63
Branch: refs/heads/master
Commit: d1b8ff6374a0729752948213b7a0cdb7427085d1
Parents: b77e43f
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Apr 4 11:24:57 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Apr 4 11:24:57 2017 +0100
----------------------------------------------------------------------
.../DefaultWSS4JSecurityContextCreator.java | 36 ++++++++++++--------
1 file changed, 21 insertions(+), 15 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/d1b8ff63/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java
index 77708f5..a6fa8ef 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java
@@ -40,10 +40,11 @@ import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.security.SecurityContext;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.common.token.PKIPathSecurity;
+import org.apache.wss4j.common.token.X509Security;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.WSHandlerResult;
-import org.apache.wss4j.dom.message.token.KerberosSecurity;
/**
* The default implementation to create a SecurityContext from a set of WSS4J processing results.
@@ -94,26 +95,31 @@ public class DefaultWSS4JSecurityContextCreator implements WSS4JSecurityContextC
List<WSSecurityEngineResult> foundResults = actionResults.get(resultPriority);
if (foundResults != null && !foundResults.isEmpty()) {
for (WSSecurityEngineResult result : foundResults) {
- final Object binarySecurity = result.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
- PublicKey publickey =
- (PublicKey)result.get(WSSecurityEngineResult.TAG_PUBLIC_KEY);
- X509Certificate cert =
- (X509Certificate)result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
-
- if ((resultPriority == WSConstants.BST && !(binarySecurity instanceof KerberosSecurity))
- || (resultPriority == WSConstants.SIGN && publickey == null && cert == null)) {
- continue;
- }
- SecurityContext context = createSecurityContext(msg, useJAASSubject, result);
- if (context != null) {
- msg.put(SecurityContext.class, context);
- return;
+
+ if (!skipResult(resultPriority, result)) {
+ SecurityContext context = createSecurityContext(msg, useJAASSubject, result);
+ if (context != null) {
+ msg.put(SecurityContext.class, context);
+ return;
+ }
}
}
}
}
}
+ private boolean skipResult(Integer resultPriority, WSSecurityEngineResult result) {
+ Object binarySecurity = result.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
+ PublicKey publickey =
+ (PublicKey)result.get(WSSecurityEngineResult.TAG_PUBLIC_KEY);
+ X509Certificate cert =
+ (X509Certificate)result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+
+ return resultPriority == WSConstants.BST
+ && (binarySecurity instanceof X509Security || binarySecurity instanceof PKIPathSecurity)
+ || resultPriority == WSConstants.SIGN && publickey == null && cert == null;
+ }
+
protected SecurityContext createSecurityContext(
SoapMessage msg, boolean useJAASSubject, WSSecurityEngineResult wsResult
) {