You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/04/04 11:05:28 UTC

cxf git commit: CXF-7314 - Custom BinarySecurityTokens are not used to set up the security context

Repository: cxf
Updated Branches:
  refs/heads/master b77e43f19 -> d1b8ff637


CXF-7314 - Custom BinarySecurityTokens are not used to set up the security context


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d1b8ff63
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d1b8ff63
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d1b8ff63

Branch: refs/heads/master
Commit: d1b8ff6374a0729752948213b7a0cdb7427085d1
Parents: b77e43f
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Apr 4 11:24:57 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Apr 4 11:24:57 2017 +0100

----------------------------------------------------------------------
 .../DefaultWSS4JSecurityContextCreator.java     | 36 ++++++++++++--------
 1 file changed, 21 insertions(+), 15 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/d1b8ff63/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java
index 77708f5..a6fa8ef 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java
@@ -40,10 +40,11 @@ import org.apache.cxf.rt.security.utils.SecurityUtils;
 import org.apache.cxf.security.SecurityContext;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.common.token.PKIPathSecurity;
+import org.apache.wss4j.common.token.X509Security;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
 import org.apache.wss4j.dom.handler.WSHandlerResult;
-import org.apache.wss4j.dom.message.token.KerberosSecurity;
 
 /**
  * The default implementation to create a SecurityContext from a set of WSS4J processing results.
@@ -94,26 +95,31 @@ public class DefaultWSS4JSecurityContextCreator implements WSS4JSecurityContextC
             List<WSSecurityEngineResult> foundResults = actionResults.get(resultPriority);
             if (foundResults != null && !foundResults.isEmpty()) {
                 for (WSSecurityEngineResult result : foundResults) {
-                    final Object binarySecurity = result.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
-                    PublicKey publickey =
-                        (PublicKey)result.get(WSSecurityEngineResult.TAG_PUBLIC_KEY);
-                    X509Certificate cert =
-                        (X509Certificate)result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
-
-                    if ((resultPriority == WSConstants.BST && !(binarySecurity instanceof KerberosSecurity))
-                        || (resultPriority == WSConstants.SIGN && publickey == null && cert == null)) {
-                        continue;
-                    }
-                    SecurityContext context = createSecurityContext(msg, useJAASSubject, result);
-                    if (context != null) {
-                        msg.put(SecurityContext.class, context);
-                        return;
+
+                    if (!skipResult(resultPriority, result)) {
+                        SecurityContext context = createSecurityContext(msg, useJAASSubject, result);
+                        if (context != null) {
+                            msg.put(SecurityContext.class, context);
+                            return;
+                        }
                     }
                 }
             }
         }
     }
 
+    private boolean skipResult(Integer resultPriority, WSSecurityEngineResult result) {
+        Object binarySecurity = result.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
+        PublicKey publickey =
+            (PublicKey)result.get(WSSecurityEngineResult.TAG_PUBLIC_KEY);
+        X509Certificate cert =
+            (X509Certificate)result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+
+        return resultPriority == WSConstants.BST
+            && (binarySecurity instanceof X509Security || binarySecurity instanceof PKIPathSecurity)
+            || resultPriority == WSConstants.SIGN && publickey == null && cert == null;
+    }
+
     protected SecurityContext createSecurityContext(
         SoapMessage msg, boolean useJAASSubject, WSSecurityEngineResult wsResult
     ) {