You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/10/23 14:49:45 UTC
[cxf] 01/02: CXF-7536 - Add a STRTransform when signing a SAML
Token via a SignedElements policy
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.1.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 3f5742fdbed560319d590d2f8d9d8e18ee0e4e68
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Mon Oct 23 14:59:06 2017 +0100
CXF-7536 - Add a STRTransform when signing a SAML Token via a SignedElements policy
# Conflicts:
# rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
---
.../policyhandlers/AbstractBindingBuilder.java | 33 ++++++++++++++++++----
1 file changed, 27 insertions(+), 6 deletions(-)
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index f835d20..e8312d2 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -216,7 +216,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
storeBytesInAttachment = false;
}
}
-
+
Element soapBody = SAAJUtils.getBody(saaj);
if (soapBody != null) {
callbackLookup = new CXFCallbackLookup(soapBody.getOwnerDocument(), soapBody);
@@ -575,7 +575,6 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
return ret;
}
-
protected void handleUsernameTokenSupportingToken(
UsernameToken token, boolean endorse, boolean encryptedToken, List<SupportingToken> ret
) throws WSSecurityException {
@@ -1380,6 +1379,11 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
List<WSEncryptionPart> result = new ArrayList<>();
if (xpaths != null && !xpaths.isEmpty()) {
+ boolean useSTRTransform =
+ MessageUtils.getContextualBoolean(
+ message, SecurityConstants.USE_STR_TRANSFORM, true
+ );
+
XPathFactory factory = XPathFactory.newInstance();
for (org.apache.wss4j.policy.model.XPath xPath : xpaths) {
XPath xpath = factory.newXPath();
@@ -1401,10 +1405,27 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
if (!found.contains(el)) {
found.add(el);
- String id = setIdOnElement(el, forceId);
- WSEncryptionPart part =
- new WSEncryptionPart(id, encryptionModifier);
- part.setElement(el);
+ WSEncryptionPart part = null;
+ boolean saml1 = WSS4JConstants.SAML_NS.equals(el.getNamespaceURI())
+ && "Assertion".equals(el.getLocalName());
+ boolean saml2 = WSS4JConstants.SAML2_NS.equals(el.getNamespaceURI())
+ && "Assertion".equals(el.getLocalName());
+
+ if (useSTRTransform && (saml1 || saml2)) {
+ String id = saml2 ? el.getAttributeNS(null, "ID")
+ : el.getAttributeNS(null, "AssertionID");
+ SecurityTokenReference secRef =
+ createSTRForSamlAssertion(el.getOwnerDocument(), id, saml1, false);
+ Element clone = cloneElement(secRef.getElement());
+ addSupportingElement(clone);
+ part = new WSEncryptionPart("STRTransform", null, "Element");
+ part.setId(secRef.getID());
+ part.setElement(clone);
+ } else {
+ String id = setIdOnElement(el, forceId);
+ part = new WSEncryptionPart(id, encryptionModifier);
+ part.setElement(el);
+ }
part.setXpath(xPath.getXPath());
result.add(part);
--
To stop receiving notification emails like this one, please contact
"commits@cxf.apache.org" <co...@cxf.apache.org>.