You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cxf.apache.org by co...@apache.org on 2019/07/02 14:00:56 UTC

[cxf] branch CXF-8051 created (now 1115a4c)

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a change to branch CXF-8051
in repository https://gitbox.apache.org/repos/asf/cxf.git.


      at 1115a4c  CXF-8051 - Inline any xop Include references in a received SecurityToken if MTOM is enabled

This branch includes the following new commits:

     new 1115a4c  CXF-8051 - Inline any xop Include references in a received SecurityToken if MTOM is enabled

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[cxf] 01/01: CXF-8051 - Inline any xop Include references in a received SecurityToken if MTOM is enabled

Posted by co...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch CXF-8051
in repository https://gitbox.apache.org/repos/asf/cxf.git

commit 1115a4cf5d7a9bdf84fc542fe6a7014ec05572db
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Tue Jul 2 15:00:30 2019 +0100

    CXF-8051 - Inline any xop Include references in a received SecurityToken if MTOM is enabled
---
 .../apache/cxf/ws/security/trust/STSClient.java    | 24 ++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
index 59e343b..11b811a 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
@@ -27,10 +27,18 @@ import java.util.logging.Logger;
 import org.w3c.dom.Element;
 
 import org.apache.cxf.Bus;
+import org.apache.cxf.attachment.AttachmentUtil;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.phase.PhaseInterceptorChain;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.XMLUtils;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
 
 /**
  * A extension of AbstractSTSClient to communicate with an STS and return a SecurityToken
@@ -62,6 +70,7 @@ public class STSClient extends AbstractSTSClient {
 
         SecurityToken token =
             createSecurityToken(getDocumentElement(response.getResponse()), response.getEntropy());
+        inlineAttachments(token);
 
         if (response.getCert() != null) {
             token.setX509Certificate(response.getCert(), response.getCrypto());
@@ -81,6 +90,8 @@ public class STSClient extends AbstractSTSClient {
         STSResponse response = renew(tok);
 
         SecurityToken token = createSecurityToken(getDocumentElement(response.getResponse()), null);
+        inlineAttachments(token);
+
         if (token.getTokenType() == null) {
             String tokenTypeFromTemplate = getTokenTypeFromTemplate();
             if (tokenTypeFromTemplate != null) {
@@ -100,6 +111,19 @@ public class STSClient extends AbstractSTSClient {
         return validateSecurityToken(tok, validateTokenType);
     }
 
+    private void inlineAttachments(SecurityToken token) throws WSSecurityException {
+        Message msg = PhaseInterceptorChain.getCurrentMessage();
+        if (AttachmentUtil.isMtomEnabled(msg)) {
+            Element requestedSecurityTokenElement = token.getToken();
+            if (requestedSecurityTokenElement != null) {
+                // Look for xop:Include Nodes + inline the contents
+                List<Element> includeElements =
+                    XMLUtils.findElements(requestedSecurityTokenElement.getFirstChild(), "Include", WSConstants.XOP_NS);
+                WSSecurityUtil.inlineAttachments(includeElements, new AttachmentCallbackHandler(msg), true);
+            }
+        }
+    }
+
     protected List<SecurityToken> validateSecurityToken(SecurityToken tok, String tokentype)
         throws Exception {
         STSResponse response = validate(tok, tokentype);