You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2013/04/29 23:32:16 UTC
svn commit: r1477356 - in /cxf/trunk:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/
services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/...
Author: dkulp
Date: Mon Apr 29 21:32:10 2013
New Revision: 1477356
URL: http://svn.apache.org/r1477356
Log:
[CXF-4977] Record the security context with the SCT token to be able to restore it during the real invokations
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/symmetric/SymmetricBindingTest.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java?rev=1477356&r1=1477355&r2=1477356&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java Mon Apr 29 21:32:10 2013
@@ -33,6 +33,7 @@ import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.interceptor.Interceptor;
import org.apache.cxf.message.Exchange;
import org.apache.cxf.message.Message;
+import org.apache.cxf.security.SecurityContext;
import org.apache.cxf.service.Service;
import org.apache.cxf.service.invoker.Invoker;
import org.apache.cxf.service.model.BindingOperationInfo;
@@ -264,13 +265,20 @@ final class NegotiationUtils {
(SecurityContextToken)wser.get(WSSecurityEngineResult.TAG_SECURITY_CONTEXT_TOKEN);
message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getIdentifier());
- byte[] secret = (byte[])wser.get(WSSecurityEngineResult.TAG_SECRET);
- if (secret != null) {
- SecurityToken token = new SecurityToken(tok.getIdentifier());
- token.setToken(tok.getElement());
- token.setSecret(secret);
- token.setTokenType(tok.getTokenType());
- getTokenStore(message).add(token);
+ SecurityToken token = getTokenStore(message).getToken(tok.getIdentifier());
+ if (token == null) {
+ byte[] secret = (byte[])wser.get(WSSecurityEngineResult.TAG_SECRET);
+ if (secret != null) {
+ token = new SecurityToken(tok.getIdentifier());
+ token.setToken(tok.getElement());
+ token.setSecret(secret);
+ token.setTokenType(tok.getTokenType());
+ getTokenStore(message).add(token);
+ }
+ }
+ final SecurityContext sc = token.getSecurityContext();
+ if (sc != null) {
+ message.put(SecurityContext.class, sc);
}
return true;
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java?rev=1477356&r1=1477355&r2=1477356&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java Mon Apr 29 21:32:10 2013
@@ -35,6 +35,7 @@ import org.apache.cxf.message.Exchange;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
+import org.apache.cxf.security.SecurityContext;
import org.apache.cxf.staxutils.W3CDOMStreamWriter;
import org.apache.cxf.ws.addressing.AddressingProperties;
import org.apache.cxf.ws.addressing.JAXWSAConstants;
@@ -274,9 +275,16 @@ class SecureConversationInInterceptor ex
byte[] secret = writeProofToken(prefix, namespace, writer, clientEntropy, keySize);
token.setSecret(secret);
+
+ SecurityContext sc = exchange.getInMessage().get(SecurityContext.class);
+ if (sc != null) {
+ token.setSecurityContext(sc);
+ }
+
((TokenStore)exchange.get(Endpoint.class).getEndpointInfo()
.getProperty(TokenStore.class.getName())).add(token);
+
writer.writeEndElement();
if (STSUtils.WST_NS_05_12.equals(namespace)) {
writer.writeEndElement();
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java?rev=1477356&r1=1477355&r2=1477356&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java Mon Apr 29 21:32:10 2013
@@ -30,6 +30,7 @@ import java.util.Properties;
import org.w3c.dom.Element;
import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.security.SecurityContext;
import org.apache.cxf.staxutils.StaxUtils;
import org.apache.cxf.staxutils.W3CDOMStreamWriter;
import org.apache.ws.security.WSConstants;
@@ -134,6 +135,10 @@ public class SecurityToken implements Se
* The principal of this SecurityToken
*/
private transient Principal principal;
+ /**
+ * The SecurityContext originally associated with this token
+ */
+ private transient SecurityContext securityContext;
public SecurityToken() {
@@ -489,4 +494,20 @@ public class SecurityToken implements Se
return principal;
}
+ /**
+ * Set the SecurityContext associated with this SecurityToken
+ * @param securityContext the SecurityContext associated with this SecurityToken
+ */
+ public void setSecurityContext(SecurityContext securityContext) {
+ this.securityContext = securityContext;
+ }
+
+ /**
+ * Get the SecurityContext associated with this SecurityToken
+ * @return the SecurityContext associated with this SecurityToken
+ */
+ public SecurityContext getSecurityContext() {
+ return securityContext;
+ }
+
}
Modified: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/symmetric/SymmetricBindingTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/symmetric/SymmetricBindingTest.java?rev=1477356&r1=1477355&r2=1477356&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/symmetric/SymmetricBindingTest.java (original)
+++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/symmetric/SymmetricBindingTest.java Mon Apr 29 21:32:10 2013
@@ -159,7 +159,6 @@ public class SymmetricBindingTest extend
}
@org.junit.Test
- @org.junit.Ignore
public void testUsernameTokenSAML2SecureConversation() throws Exception {
SpringBusFactory bf = new SpringBusFactory();