You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2012/10/22 11:58:26 UTC
svn commit: r1400819 - in /cxf/branches/2.6.x-fixes:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl
Author: coheigea
Date: Mon Oct 22 09:58:26 2012
New Revision: 1400819
URL: http://svn.apache.org/viewvc?rev=1400819&view=rev
Log:
Merged revisions 1400809 via git cherry-pick from
https://svn.apache.org/repos/asf/cxf/trunk
........
r1400809 | coheigea | 2012-10-22 10:06:26 +0100 (Mon, 22 Oct 2012) | 2 lines
[CXF-4587] - Signature Confirmation does not work with TransportBinding and EndorsingSupportingToken
........
Modified:
cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl
Modified: cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=1400819&r1=1400818&r2=1400819&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java (original)
+++ cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java Mon Oct 22 09:58:26 2012
@@ -118,9 +118,9 @@ public class TransportBindingHandler ext
}
- private static void addSig(List<byte[]> signatureValues, byte[] val) {
- if (val != null) {
- signatureValues.add(val);
+ private void addSig(byte[] val) {
+ if (val != null && val.length > 0) {
+ signatures.add(val);
}
}
@@ -216,7 +216,6 @@ public class TransportBindingHandler ext
*/
private void handleEndorsingSupportingTokens() throws Exception {
Collection<AssertionInfo> ais;
- List<byte[]> signatureValues = new ArrayList<byte[]>();
ais = aim.get(SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
if (ais != null) {
@@ -227,7 +226,7 @@ public class TransportBindingHandler ext
}
if (sgndSuppTokens != null) {
for (Token token : sgndSuppTokens.getTokens()) {
- handleEndorsingToken(token, sgndSuppTokens, signatureValues);
+ handleEndorsingToken(token, sgndSuppTokens);
}
}
}
@@ -242,7 +241,7 @@ public class TransportBindingHandler ext
if (endSuppTokens != null) {
for (Token token : endSuppTokens.getTokens()) {
- handleEndorsingToken(token, endSuppTokens, signatureValues);
+ handleEndorsingToken(token, endSuppTokens);
}
}
}
@@ -256,7 +255,7 @@ public class TransportBindingHandler ext
if (endSuppTokens != null) {
for (Token token : endSuppTokens.getTokens()) {
- handleEndorsingToken(token, endSuppTokens, signatureValues);
+ handleEndorsingToken(token, endSuppTokens);
}
}
}
@@ -270,37 +269,28 @@ public class TransportBindingHandler ext
if (endSuppTokens != null) {
for (Token token : endSuppTokens.getTokens()) {
- handleEndorsingToken(token, endSuppTokens, signatureValues);
+ handleEndorsingToken(token, endSuppTokens);
}
}
}
}
private void handleEndorsingToken(
- Token token, SupportingToken wrapper, List<byte[]> signatureValues
+ Token token, SupportingToken wrapper
) throws Exception {
if (token instanceof IssuedToken
|| token instanceof SecureConversationToken
|| token instanceof SecurityContextToken
|| token instanceof KerberosToken) {
- addSig(
- signatureValues,
- doIssuedTokenSignature(token, wrapper)
- );
+ addSig(doIssuedTokenSignature(token, wrapper));
} else if (token instanceof X509Token
|| token instanceof KeyValueToken) {
- addSig(
- signatureValues,
- doX509TokenSignature(token, wrapper)
- );
+ addSig(doX509TokenSignature(token, wrapper));
} else if (token instanceof SamlToken) {
AssertionWrapper assertionWrapper = addSamlToken((SamlToken)token);
assertionWrapper.toDOM(saaj.getSOAPPart());
storeAssertionAsSecurityToken(assertionWrapper);
- addSig(
- signatureValues,
- doIssuedTokenSignature(token, wrapper)
- );
+ addSig(doIssuedTokenSignature(token, wrapper));
} else if (token instanceof UsernameToken) {
// Create a UsernameToken object for derived keys and store the security token
WSSecUsernameToken usernameToken = addDKUsernameToken((UsernameToken)token, true);
@@ -316,10 +306,7 @@ public class TransportBindingHandler ext
getTokenStore().add(tempTok);
message.setContextualProperty(SecurityConstants.TOKEN_ID, tempTok.getId());
- addSig(
- signatureValues,
- doIssuedTokenSignature(token, wrapper)
- );
+ addSig(doIssuedTokenSignature(token, wrapper));
}
}
Modified: cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl?rev=1400819&r1=1400818&r2=1400819&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl (original)
+++ cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl Mon Oct 22 09:58:26 2012
@@ -498,6 +498,11 @@
</sp:SamlToken>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>