You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2014/01/31 16:28:50 UTC
svn commit: r1563149 -
/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
Author: coheigea
Date: Fri Jan 31 15:28:50 2014
New Revision: 1563149
URL: http://svn.apache.org/r1563149
Log:
Fix to put an Asymmetric Signature BinarySecurityToken in the right place in the security header
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java?rev=1563149&r1=1563148&r2=1563149&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java Fri Jan 31 15:28:50 2014
@@ -594,7 +594,7 @@ public class AsymmetricBindingHandler ex
// Add the BST to the security header if required
if (!attached && isTokenRequired(sigToken.getIncludeTokenType())) {
WSSecSignature sig = getSignatureBuilder(wrapper, sigToken, attached, false);
- sig.prependBSTElementToHeader(secHeader);
+ sig.appendBSTElementToHeader(secHeader);
}
return;
}
@@ -671,10 +671,9 @@ public class AsymmetricBindingHandler ex
bstPart.setElement(bstElement);
sigParts.add(bstPart);
}
+ sig.prependBSTElementToHeader(secHeader);
}
- sig.prependBSTElementToHeader(secHeader);
-
List<Reference> referenceList = sig.addReferencesToSign(sigParts, secHeader);
//Do signature
if (bottomUpElement == null) {
@@ -684,6 +683,13 @@ public class AsymmetricBindingHandler ex
}
bottomUpElement = sig.getSignatureElement();
+ if (!abinding.isProtectTokens()) {
+ Element bstElement = sig.getBinarySecurityTokenElement();
+ if (bstElement != null) {
+ secHeader.getSecurityHeader().insertBefore(bstElement, bottomUpElement);
+ }
+ }
+
signatures.add(sig.getSignatureValue());
mainSigId = sig.getId();