You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/06/14 16:49:35 UTC

svn commit: r1493101 - in /cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security: SecurityConstants.java wss4j/AbstractWSS4JStaxInterceptor.java wss4j/PolicyBasedWSS4JOutInterceptor.java

Author: coheigea
Date: Fri Jun 14 14:49:35 2013
New Revision: 1493101

URL: http://svn.apache.org/r1493101
Log:
[CXF-5056] - EndorsingSupportingTokens with both transport security and message layer security applied

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=1493101&r1=1493100&r2=1493101&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java Fri Jun 14 14:49:35 2013
@@ -445,7 +445,15 @@ public final class SecurityConstants {
      * c) A CallbackHandler object to use to obtain the token
      */
     public static final String STS_TOKEN_ON_BEHALF_OF = "ws-security.sts.token.on-behalf-of";
-    
+
+    /**
+     * Set this to "false" in order to remove the SOAP mustUnderstand header from security headers generated based on
+     * a WS-SecurityPolicy.
+     *
+     * The default value is "true" which included the SOAP mustUnderstand header.
+     */
+    public static final String MUST_UNDERSTAND = "ws-security.must-understand";
+
     //
     // Internal tags
     //
@@ -472,7 +480,7 @@ public final class SecurityConstants {
             STS_TOKEN_DO_CANCEL, CACHE_ISSUED_TOKEN_IN_ENDPOINT,
             DISABLE_STS_CLIENT_WSMEX_CALL_USING_EPR_ADDRESS, STS_TOKEN_CRYPTO,
             STS_TOKEN_PROPERTIES, STS_TOKEN_USERNAME, STS_TOKEN_ACT_AS, STS_TOKEN_ON_BEHALF_OF,
-            TOKEN, TOKEN_ID, SUBJECT_ROLE_CLASSIFIER, SUBJECT_ROLE_CLASSIFIER_TYPE
+            TOKEN, TOKEN_ID, SUBJECT_ROLE_CLASSIFIER, SUBJECT_ROLE_CLASSIFIER_TYPE, MUST_UNDERSTAND
         }));
         ALL_PROPERTIES = Collections.unmodifiableSet(s);
     }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java?rev=1493101&r1=1493100&r2=1493101&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java Fri Jun 14 14:49:35 2013
@@ -153,6 +153,21 @@ public abstract class AbstractWSS4JStaxI
                                validateSAMLSubjectConf);
             }
         }
+        
+        String actor = (String)msg.getContextualProperty(SecurityConstants.ACTOR);
+        if (actor != null) {
+            if (securityProperties != null) {
+                securityProperties.setActor(actor);
+            } else {
+                properties.put(ConfigurationConstants.ACTOR, actor);
+            }
+        }
+        
+        boolean mustUnderstand = 
+            MessageUtils.getContextualBoolean(msg, SecurityConstants.MUST_UNDERSTAND, true);
+        if (properties != null) {
+            properties.put(ConfigurationConstants.MUST_UNDERSTAND, Boolean.toString(mustUnderstand));
+        }
     }
     
     protected void configureCallbackHandler(SoapMessage soapMessage) throws WSSecurityException {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java?rev=1493101&r1=1493100&r2=1493101&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java Fri Jun 14 14:49:35 2013
@@ -106,8 +106,11 @@ public class PolicyBasedWSS4JOutIntercep
             Collection<AssertionInfo> ais;
             SOAPMessage saaj = message.getContent(SOAPMessage.class);
 
-            boolean mustUnderstand = true;
-            String actor = null;
+            boolean mustUnderstand = 
+                MessageUtils.getContextualBoolean(
+                    message, SecurityConstants.MUST_UNDERSTAND, true
+                );
+            String actor = (String)message.getContextualProperty(SecurityConstants.ACTOR);
             
             AssertionInfoMap aim = message.get(AssertionInfoMap.class);
             // extract Assertion information