You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2020/03/13 09:12:41 UTC
[cxf] branch 3.3.x-fixes updated: CXF-8240 - STSClient produces
wrong element order for TokenType
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.3.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/3.3.x-fixes by this push:
new c19ce1e CXF-8240 - STSClient produces wrong element order for TokenType
c19ce1e is described below
commit c19ce1e703a6c5752baffcebd45bf9cd12b716d1
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Fri Mar 13 07:01:36 2020 +0000
CXF-8240 - STSClient produces wrong element order for TokenType
(cherry picked from commit b7a8df71b02b8d84f5591eee429edc2f02dc3632)
---
.../cxf/ws/security/trust/AbstractSTSClient.java | 35 ++++++++++++----------
1 file changed, 20 insertions(+), 15 deletions(-)
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
index eaf44b9..6302103 100755
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
@@ -807,6 +807,10 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv
sendKeyType = false;
}
+ if (sptt == null) {
+ addTokenType(writer);
+ }
+
addRequestType(requestType, writer);
if (enableAppliesTo) {
addAppliesTo(writer, appliesTo);
@@ -814,18 +818,20 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv
addClaims(writer);
+ if (isSecureConv || enableLifetime) {
+ addLifetime(writer);
+ }
+
+ // Write out renewal semantics
+ writeRenewalSemantics(writer);
+
Element onBehalfOfToken = getOnBehalfOfToken();
if (onBehalfOfToken != null) {
writer.writeStartElement("wst", "OnBehalfOf", namespace);
StaxUtils.copy(onBehalfOfToken, writer);
writer.writeEndElement();
}
- if (sptt == null) {
- addTokenType(writer);
- }
- if (isSecureConv || enableLifetime) {
- addLifetime(writer);
- }
+
if (keyTypeTemplate == null) {
keyTypeTemplate = writeKeyType(writer, keyType);
}
@@ -863,9 +869,6 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv
writer.writeEndElement();
}
- // Write out renewal semantics
- writeRenewalSemantics(writer);
-
Element customElement = getCustomContent();
if (customElement != null) {
StaxUtils.copy(customElement, writer);
@@ -1075,14 +1078,15 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv
tokenType = STSUtils.getTokenTypeSCT(namespace);
}
+ if (sptt == null) {
+ addTokenType(writer);
+ }
+
addRequestType("/Renew", writer);
if (enableAppliesTo) {
addAppliesTo(writer, tok.getIssuerAddress());
}
- if (sptt == null) {
- addTokenType(writer);
- }
if (isSecureConv || enableLifetime) {
addLifetime(writer);
}
@@ -1151,14 +1155,15 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv
W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
writer.writeStartElement("wst", "RequestSecurityToken", namespace);
writer.writeNamespace("wst", namespace);
- writer.writeStartElement("wst", "RequestType", namespace);
- writer.writeCharacters(namespace + "/Validate");
- writer.writeEndElement();
writer.writeStartElement("wst", "TokenType", namespace);
writer.writeCharacters(tokentype);
writer.writeEndElement();
+ writer.writeStartElement("wst", "RequestType", namespace);
+ writer.writeCharacters(namespace + "/Validate");
+ writer.writeEndElement();
+
if (tokentype.endsWith("/RSTR/Status")) {
addClaims(writer);