You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2011/12/20 18:41:59 UTC
svn commit: r1221366 [2/2] - in /cxf/trunk:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/
rt/ws/secu...
Copied: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java (from r1221333, cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java?p2=cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java&p1=cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java&r1=1221333&r2=1221366&rev=1221366&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java Tue Dec 20 17:41:59 2011
@@ -20,12 +20,12 @@
package org.apache.cxf.ws.security.policy.interceptors;
import java.util.Collection;
-import java.util.Map;
+
+import javax.security.auth.callback.CallbackHandler;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.interceptor.Fault;
-import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.apache.cxf.ws.addressing.AddressingProperties;
@@ -33,131 +33,97 @@ import org.apache.cxf.ws.policy.Assertio
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.policy.SP12Constants;
-import org.apache.cxf.ws.security.policy.model.SecureConversationToken;
import org.apache.cxf.ws.security.policy.model.Trust10;
import org.apache.cxf.ws.security.policy.model.Trust13;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.trust.STSClient;
import org.apache.cxf.ws.security.trust.STSUtils;
-import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.spnego.SpnegoTokenContext;
+import org.apache.ws.security.util.Base64;
-class SecureConversationOutInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
- public SecureConversationOutInterceptor() {
+class SpnegoContextTokenOutInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
+ public SpnegoContextTokenOutInterceptor() {
super(Phase.PREPARE_SEND);
}
public void handleMessage(SoapMessage message) throws Fault {
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
// extract Assertion information
if (aim != null) {
- Collection<AssertionInfo> ais = aim.get(SP12Constants.SECURE_CONVERSATION_TOKEN);
+ Collection<AssertionInfo> ais = aim.get(SP12Constants.SPNEGO_CONTEXT_TOKEN);
if (ais == null || ais.isEmpty()) {
return;
}
if (isRequestor(message)) {
- SecureConversationToken itok = (SecureConversationToken)ais.iterator()
- .next().getAssertion();
-
SecurityToken tok = (SecurityToken)message.getContextualProperty(SecurityConstants.TOKEN);
if (tok == null) {
String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
if (tokId != null) {
- tok = SecureConversationTokenInterceptorProvider
- .getTokenStore(message).getToken(tokId);
+ tok = NegotiationUtils.getTokenStore(message).getToken(tokId);
}
}
if (tok == null) {
- tok = issueToken(message, aim, itok);
- } else {
- renewToken(message, aim, tok, itok);
+ tok = issueToken(message, aim);
}
if (tok != null) {
for (AssertionInfo ai : ais) {
ai.setAsserted(true);
}
- message.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID,
- tok.getId());
- message.getExchange().put(SecurityConstants.TOKEN_ID,
- tok.getId());
- SecureConversationTokenInterceptorProvider.getTokenStore(message).add(tok);
-
+ message.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID, tok.getId());
+ message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getId());
+ NegotiationUtils.getTokenStore(message).add(tok);
}
} else {
- //server side should be checked on the way in
+ // server side should be checked on the way in
for (AssertionInfo ai : ais) {
ai.setAsserted(true);
- }
+ }
}
}
}
- private void renewToken(SoapMessage message,
- AssertionInfoMap aim,
- SecurityToken tok,
- SecureConversationToken itok) {
- if (tok.getState() != SecurityToken.State.EXPIRED) {
- return;
- }
+ private SecurityToken issueToken(SoapMessage message, AssertionInfoMap aim) {
+ //
+ // Get a SPNEGO token
+ //
+ String jaasContext =
+ (String)message.getContextualProperty(SecurityConstants.KERBEROS_JAAS_CONTEXT_NAME);
+ String kerberosSpn =
+ (String)message.getContextualProperty(SecurityConstants.KERBEROS_SPN);
+ CallbackHandler callbackHandler =
+ NegotiationUtils.getCallbackHandler(
+ message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER), this.getClass()
+ );
- STSClient client = STSUtils.getClient(message, "sct");
- AddressingProperties maps =
- (AddressingProperties)message
- .get("javax.xml.ws.addressing.context.outbound");
- if (maps == null) {
- maps = (AddressingProperties)message
- .get("javax.xml.ws.addressing.context");
- } else if (maps.getAction().getValue().endsWith("Renew")) {
- return;
+ SpnegoTokenContext spnegoToken = new SpnegoTokenContext();
+ try {
+ spnegoToken.retrieveServiceTicket(jaasContext, callbackHandler, kerberosSpn);
+ } catch (WSSecurityException e) {
+ throw new Fault(e);
}
- synchronized (client) {
- try {
- SecureConversationTokenInterceptorProvider.setupClient(client, message, aim, itok, true);
-
- String s = message
- .getContextualProperty(Message.ENDPOINT_ADDRESS).toString();
- client.setLocation(s);
-
- Map<String, Object> ctx = client.getRequestContext();
- ctx.put(SecurityConstants.TOKEN, tok);
- if (maps != null) {
- client.setAddressingNamespace(maps.getNamespaceURI());
- }
- client.renewSecurityToken(tok);
- } catch (RuntimeException e) {
- throw e;
- } catch (Exception e) {
- throw new Fault(e);
- } finally {
- client.setTrust((Trust10)null);
- client.setTrust((Trust13)null);
- client.setTemplate(null);
- client.setLocation(null);
- client.setAddressingNamespace(null);
- }
- }
- }
- private SecurityToken issueToken(SoapMessage message,
- AssertionInfoMap aim,
- SecureConversationToken itok) {
- STSClient client = STSUtils.getClient(message, "sct");
+
+ //
+ // Now initiate WS-Trust exchange
+ //
+ STSClient client = STSUtils.getClient(message, "spnego");
AddressingProperties maps =
- (AddressingProperties)message
- .get("javax.xml.ws.addressing.context.outbound");
+ (AddressingProperties)message.get("javax.xml.ws.addressing.context.outbound");
if (maps == null) {
- maps = (AddressingProperties)message
- .get("javax.xml.ws.addressing.context");
+ maps = (AddressingProperties)message.get("javax.xml.ws.addressing.context");
}
synchronized (client) {
try {
- String s = SecureConversationTokenInterceptorProvider
- .setupClient(client, message, aim, itok, false);
-
- SecurityToken tok = null;
+ String s = SpnegoTokenInterceptorProvider.setupClient(client, message, aim);
if (maps != null) {
client.setAddressingNamespace(maps.getNamespaceURI());
}
- tok = client.requestSecurityToken(s);
- tok.setTokenType(WSConstants.WSC_SCT);
+ SecurityToken tok = client.requestSecurityToken(s, Base64.encode(spnegoToken.getToken()));
+
+ byte[] wrappedTok = spnegoToken.unwrapKey(tok.getSecret());
+ tok.setSecret(wrappedTok);
+ spnegoToken.clear();
+
return tok;
} catch (RuntimeException e) {
throw e;
@@ -172,5 +138,5 @@ class SecureConversationOutInterceptor e
}
}
}
-
+
}
\ No newline at end of file
Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoTokenInterceptorProvider.java?rev=1221366&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoTokenInterceptorProvider.java (added)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoTokenInterceptorProvider.java Tue Dec 20 17:41:59 2011
@@ -0,0 +1,102 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.policy.interceptors;
+
+import java.util.Arrays;
+import java.util.Map;
+import java.util.logging.Logger;
+
+import org.apache.cxf.binding.soap.Soap11;
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.ws.policy.AbstractPolicyInterceptorProvider;
+import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.policy.SP11Constants;
+import org.apache.cxf.ws.security.policy.SP12Constants;
+import org.apache.cxf.ws.security.policy.model.AlgorithmSuite;
+import org.apache.cxf.ws.security.trust.STSClient;
+import org.apache.neethi.All;
+import org.apache.neethi.ExactlyOne;
+import org.apache.neethi.Policy;
+import org.apache.ws.security.WSSConfig;
+
+/**
+ *
+ */
+public class SpnegoTokenInterceptorProvider extends AbstractPolicyInterceptorProvider {
+ static final Logger LOG = LogUtils.getL7dLogger(SpnegoTokenInterceptorProvider.class);
+
+ public SpnegoTokenInterceptorProvider() {
+ super(Arrays.asList(SP11Constants.SPNEGO_CONTEXT_TOKEN, SP12Constants.SPNEGO_CONTEXT_TOKEN));
+ this.getOutInterceptors().add(new SpnegoContextTokenOutInterceptor());
+ this.getOutFaultInterceptors().add(new SpnegoContextTokenOutInterceptor());
+ this.getInInterceptors().add(new SpnegoContextTokenInInterceptor());
+ this.getInFaultInterceptors().add(new SpnegoContextTokenInInterceptor());
+ }
+
+ static String setupClient(STSClient client, SoapMessage message, AssertionInfoMap aim) {
+ client.setTrust(NegotiationUtils.getTrust10(aim));
+ client.setTrust(NegotiationUtils.getTrust13(aim));
+
+ Policy p = new Policy();
+ ExactlyOne ea = new ExactlyOne();
+ p.addPolicyComponent(ea);
+ All all = new All();
+ all.addPolicyComponent(NegotiationUtils.getAddressingPolicy(aim, false));
+ ea.addPolicyComponent(all);
+
+ client.setPolicy(p);
+ client.setSoap11(message.getVersion() == Soap11.getInstance());
+ client.setSpnego(true);
+
+ WSSConfig config = WSSConfig.getNewInstance();
+ String context = config.getIdAllocator().createSecureId("_", null);
+ client.setContext(context);
+
+ String s = message.getContextualProperty(Message.ENDPOINT_ADDRESS).toString();
+ client.setLocation(s);
+ AlgorithmSuite suite = NegotiationUtils.getAlgorithmSuite(aim);
+ if (suite != null) {
+ client.setAlgorithmSuite(suite);
+ int x = suite.getMaximumSymmetricKeyLength();
+ if (x < 256) {
+ client.setKeySize(x);
+ }
+ }
+
+ Map<String, Object> ctx = client.getRequestContext();
+ mapSecurityProps(message, ctx);
+
+ return s;
+ }
+
+ private static void mapSecurityProps(Message message, Map<String, Object> ctx) {
+ for (String s : SecurityConstants.ALL_PROPERTIES) {
+ Object v = message.getContextualProperty(s);
+ if (v != null) {
+ ctx.put(s, v);
+ }
+ }
+ }
+
+
+}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SpnegoContextToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SpnegoContextToken.java?rev=1221366&r1=1221365&r2=1221366&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SpnegoContextToken.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SpnegoContextToken.java Tue Dec 20 17:41:59 2011
@@ -40,7 +40,7 @@ public class SpnegoContextToken extends
}
public QName getName() {
- return SP12Constants.INSTANCE.getKerberosToken();
+ return SP12Constants.INSTANCE.getSpnegoContextToken();
}
/**
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=1221366&r1=1221365&r2=1221366&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java Tue Dec 20 17:41:59 2011
@@ -122,8 +122,10 @@ import org.apache.ws.security.components
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.conversation.dkalgo.P_SHA1;
import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.message.token.BinarySecurity;
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.processor.EncryptedKeyProcessor;
+import org.apache.ws.security.processor.X509Util;
import org.apache.ws.security.util.Base64;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.ws.security.util.XmlSchemaDateFormat;
@@ -160,6 +162,7 @@ public class STSClient implements Config
protected boolean useCertificateForConfirmationKeyInfo;
protected boolean isSecureConv;
+ protected boolean isSpnego;
protected boolean enableLifetime;
protected int ttl = 300;
@@ -281,6 +284,14 @@ public class STSClient implements Config
this.isSecureConv = secureConv;
}
+ public boolean isSpnego() {
+ return isSpnego;
+ }
+
+ public void setSpnego(boolean spnego) {
+ this.isSpnego = spnego;
+ }
+
public boolean isEnableAppliesTo() {
return enableAppliesTo;
}
@@ -358,6 +369,10 @@ public class STSClient implements Config
this.tokenType = tokenType;
}
+ public String getTokenType() {
+ return tokenType;
+ }
+
public void setSendKeyType(boolean sendKeyType) {
this.sendKeyType = sendKeyType;
}
@@ -558,15 +573,24 @@ public class STSClient implements Config
}
public SecurityToken requestSecurityToken(String appliesTo) throws Exception {
+ return requestSecurityToken(appliesTo, null);
+ }
+
+ public SecurityToken requestSecurityToken(String appliesTo, String binaryExchange) throws Exception {
String action = null;
if (isSecureConv) {
action = namespace + "/RST/SCT";
}
- return requestSecurityToken(appliesTo, action, "/Issue", null);
+ return requestSecurityToken(appliesTo, action, "/Issue", null, binaryExchange);
+ }
+
+ public SecurityToken requestSecurityToken(String appliesTo, String action, String requestType,
+ SecurityToken target) throws Exception {
+ return requestSecurityToken(appliesTo, action, requestType, target, null);
}
public SecurityToken requestSecurityToken(String appliesTo, String action, String requestType,
- SecurityToken target) throws Exception {
+ SecurityToken target, String binaryExchange) throws Exception {
createClient();
BindingOperationInfo boi = findOperation("/RST/Issue");
@@ -612,6 +636,11 @@ public class STSClient implements Config
writer.writeEndElement();
}
}
+
+ if (isSpnego) {
+ tokenType = STSUtils.getTokenTypeSCT(namespace);
+ sendKeyType = false;
+ }
addRequestType(requestType, writer);
if (enableAppliesTo) {
@@ -649,6 +678,8 @@ public class STSClient implements Config
crypto = createCrypto(false);
cert = getCert(crypto);
writeElementsForRSTPublicKey(writer, cert);
+ } else if (isSpnego) {
+ addKeySize(keySize, writer);
}
if (target != null) {
@@ -660,6 +691,10 @@ public class STSClient implements Config
StaxUtils.copy(el, writer);
writer.writeEndElement();
}
+
+ if (binaryExchange != null) {
+ addBinaryExchange(binaryExchange, writer);
+ }
Element actAsSecurityToken = getActAsToken();
if (actAsSecurityToken != null) {
@@ -727,9 +762,7 @@ public class STSClient implements Config
byte[] requestorEntropy = null;
if (!wroteKeySize && (!isSecureConv || keySize != 256)) {
- writer.writeStartElement("wst", "KeySize", namespace);
- writer.writeCharacters(Integer.toString(keySize));
- writer.writeEndElement();
+ addKeySize(keySize, writer);
}
if (requiresEntropy) {
@@ -786,6 +819,23 @@ public class STSClient implements Config
writer.writeEndElement();
writer.writeEndElement();
}
+
+ protected void addBinaryExchange(
+ String binaryExchange,
+ W3CDOMStreamWriter writer
+ ) throws XMLStreamException {
+ writer.writeStartElement("wst", "BinaryExchange", namespace);
+ writer.writeAttribute("EncodingType", BinarySecurity.BASE64_ENCODING);
+ writer.writeAttribute("ValueType", namespace + "/spnego");
+ writer.writeCharacters(binaryExchange);
+ writer.writeEndElement();
+ }
+
+ protected void addKeySize(int keysize, W3CDOMStreamWriter writer) throws XMLStreamException {
+ writer.writeStartElement("wst", "KeySize", namespace);
+ writer.writeCharacters(Integer.toString(keysize));
+ writer.writeEndElement();
+ }
protected void addRequestType(String requestType, W3CDOMStreamWriter writer) throws XMLStreamException {
writer.writeStartElement("wst", "RequestType", namespace);
@@ -1212,21 +1262,42 @@ public class STSClient implements Config
}
protected byte[] decryptKey(Element child) throws TrustException, WSSecurityException {
- try {
- EncryptedKeyProcessor proc = new EncryptedKeyProcessor();
- WSDocInfo docInfo = new WSDocInfo(child.getOwnerDocument());
- RequestData data = new RequestData();
- data.setWssConfig(WSSConfig.getNewInstance());
- data.setDecCrypto(createCrypto(true));
- data.setCallbackHandler(createHandler());
- List<WSSecurityEngineResult> result =
- proc.handleToken(child, data, docInfo);
- return
- (byte[])result.get(0).get(
- WSSecurityEngineResult.TAG_SECRET
- );
- } catch (IOException e) {
- throw new TrustException("ENCRYPTED_KEY_ERROR", LOG, e);
+ String encryptionAlgorithm = X509Util.getEncAlgo(child);
+ // For the SPNEGO case just return the decoded cipher value and decrypt it later
+ if (encryptionAlgorithm != null && encryptionAlgorithm.endsWith("spnego#GSS_Wrap")) {
+ // Get the CipherValue
+ Element tmpE =
+ WSSecurityUtil.getDirectChildElement(child, "CipherData", WSConstants.ENC_NS);
+ byte[] cipherValue = null;
+ if (tmpE != null) {
+ tmpE =
+ WSSecurityUtil.getDirectChildElement(tmpE, "CipherValue", WSConstants.ENC_NS);
+ if (tmpE != null) {
+ String content = DOMUtils.getContent(tmpE);
+ cipherValue = Base64.decode(content);
+ }
+ }
+ if (cipherValue == null) {
+ throw new WSSecurityException(WSSecurityException.INVALID_SECURITY, "noCipher");
+ }
+ return cipherValue;
+ } else {
+ try {
+ EncryptedKeyProcessor proc = new EncryptedKeyProcessor();
+ WSDocInfo docInfo = new WSDocInfo(child.getOwnerDocument());
+ RequestData data = new RequestData();
+ data.setWssConfig(WSSConfig.getNewInstance());
+ data.setDecCrypto(createCrypto(true));
+ data.setCallbackHandler(createHandler());
+ List<WSSecurityEngineResult> result =
+ proc.handleToken(child, data, docInfo);
+ return
+ (byte[])result.get(0).get(
+ WSSecurityEngineResult.TAG_SECRET
+ );
+ } catch (IOException e) {
+ throw new TrustException("ENCRYPTED_KEY_ERROR", LOG, e);
+ }
}
}
@@ -1318,7 +1389,7 @@ public class STSClient implements Config
if (id == null && rur != null) {
id = this.getIDFromSTR(rur);
}
- if (id == null) {
+ if (id == null && rst != null) {
id = rst.getAttributeNS(WSConstants.WSU_NS, "Id");
}
return id;
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=1221366&r1=1221365&r2=1221366&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java Tue Dec 20 17:41:59 2011
@@ -441,15 +441,6 @@ public class PolicyBasedWSS4JInIntercept
}
}
- /*
- WSSecurityEngineResult tsResult = WSSecurityUtil.fetchActionResult(results, WSConstants.TS);
- Element timestamp = null;
- if (tsResult != null) {
- Timestamp ts = (Timestamp)tsResult.get(WSSecurityEngineResult.TAG_TIMESTAMP);
- timestamp = ts.getElement();
- }
- */
-
//
// Check policies
//
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=1221366&r1=1221365&r2=1221366&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java Tue Dec 20 17:41:59 2011
@@ -43,6 +43,7 @@ import org.apache.cxf.ws.security.policy
import org.apache.cxf.ws.security.policy.model.KerberosToken;
import org.apache.cxf.ws.security.policy.model.SecureConversationToken;
import org.apache.cxf.ws.security.policy.model.SecurityContextToken;
+import org.apache.cxf.ws.security.policy.model.SpnegoContextToken;
import org.apache.cxf.ws.security.policy.model.SymmetricBinding;
import org.apache.cxf.ws.security.policy.model.Token;
import org.apache.cxf.ws.security.policy.model.TokenWrapper;
@@ -155,10 +156,11 @@ public class SymmetricBindingHandler ext
//SecureConversationToken
String tokenId = null;
SecurityToken tok = null;
- if (encryptionToken instanceof IssuedToken || encryptionToken instanceof KerberosToken) {
- tok = getSecurityToken();
- } else if (encryptionToken instanceof SecureConversationToken
- || encryptionToken instanceof SecurityContextToken) {
+ if (encryptionToken instanceof IssuedToken
+ || encryptionToken instanceof KerberosToken
+ || encryptionToken instanceof SecureConversationToken
+ || encryptionToken instanceof SecurityContextToken
+ || encryptionToken instanceof SpnegoContextToken) {
tok = getSecurityToken();
} else if (encryptionToken instanceof X509Token) {
if (isRequestor()) {
@@ -274,9 +276,10 @@ public class SymmetricBindingHandler ext
SecurityToken sigTok = null;
if (sigToken != null) {
if (sigToken instanceof SecureConversationToken
- || sigToken instanceof SecurityContextToken) {
- sigTok = getSecurityToken();
- } else if (sigToken instanceof IssuedToken || sigToken instanceof KerberosToken) {
+ || sigToken instanceof SecurityContextToken
+ || sigToken instanceof IssuedToken
+ || sigToken instanceof KerberosToken
+ || sigToken instanceof SpnegoContextToken) {
sigTok = getSecurityToken();
} else if (sigToken instanceof X509Token) {
if (isRequestor()) {
@@ -528,7 +531,7 @@ public class SymmetricBindingHandler ext
encr.setEncryptSymmKey(false);
encr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
- if (encrToken instanceof IssuedToken) {
+ if (encrToken instanceof IssuedToken || encrToken instanceof SpnegoContextToken) {
//Setting the AttachedReference or the UnattachedReference according to the flag
Element ref;
if (attached) {
Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/client/client.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/client/client.xml?rev=1221366&r1=1221365&r2=1221366&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/client/client.xml (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/client/client.xml Tue Dec 20 17:41:59 2011
@@ -47,13 +47,8 @@
<entry key="ws-security.encryption.properties"
value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/>
<entry key="ws-security.encryption.username" value="bob"/>
- <entry key="ws-security.kerberos.client">
- <bean class="org.apache.cxf.ws.security.kerberos.KerberosClient">
- <constructor-arg ref="cxf"/>
- <property name="contextName" value="alice"/>
- <property name="serviceName" value="bob@service.ws.apache.org"/>
- </bean>
- </entry>
+ <entry key="ws-security.kerberos.jaas.context" value="alice" />
+ <entry key="ws-security.kerberos.spn" value="bob@service.ws.apache.org" />
</jaxws:properties>
</jaxws:client>
@@ -63,13 +58,8 @@
<entry key="ws-security.encryption.properties"
value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/>
<entry key="ws-security.encryption.username" value="bob"/>
- <entry key="ws-security.kerberos.client">
- <bean class="org.apache.cxf.ws.security.kerberos.KerberosClient">
- <constructor-arg ref="cxf"/>
- <property name="contextName" value="alice"/>
- <property name="serviceName" value="bob@service.ws.apache.org"/>
- </bean>
- </entry>
+ <entry key="ws-security.kerberos.jaas.context" value="alice" />
+ <entry key="ws-security.kerberos.spn" value="bob@service.ws.apache.org" />
</jaxws:properties>
</jaxws:client>
Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/server/server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/server/server.xml?rev=1221366&r1=1221365&r2=1221366&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/server/server.xml (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/server/server.xml Tue Dec 20 17:41:59 2011
@@ -46,12 +46,6 @@
</cxf:features>
</cxf:bus>
- <bean id="kerberosValidator"
- class="org.apache.ws.security.validate.KerberosTokenValidator">
- <property name="contextName" value="bob"/>
- <property name="serviceName" value="bob@service.ws.apache.org"/>
- </bean>
-
<jaxws:endpoint
id="SpnegoOverSymmetric"
address="http://localhost:${testutil.ports.Server}/DoubleItSpnegoSymmetric"
@@ -62,7 +56,7 @@
wsdlLocation="org/apache/cxf/systest/ws/spnego/DoubleItSpnego.wsdl">
<jaxws:properties>
- <entry key="ws-security.bst.validator" value-ref="kerberosValidator"/>
+ <entry key="ws-security.kerberos.jaas.context" value="bob" />
</jaxws:properties>
</jaxws:endpoint>
@@ -77,7 +71,7 @@
wsdlLocation="org/apache/cxf/systest/ws/spnego/DoubleItSpnego.wsdl">
<jaxws:properties>
- <entry key="ws-security.bst.validator" value-ref="kerberosValidator"/>
+ <entry key="ws-security.kerberos.jaas.context" value="bob" />
</jaxws:properties>
</jaxws:endpoint>