You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-commits@axis.apache.org by mu...@apache.org on 2010/12/23 06:49:51 UTC
svn commit: r1052172 - in
/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart:
PolicyBasedResultsValidator.java util/Axis2Util.java
Author: muthulee
Date: Thu Dec 23 05:49:51 2010
New Revision: 1052172
URL: http://svn.apache.org/viewvc?rev=1052172&view=rev
Log:
Applying the patch by Todd Wolff to fix RAMPART-278. Thank you Todd.
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java
Modified: axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java?rev=1052172&r1=1052171&r2=1052172&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java Thu Dec 23 05:49:51 2010
@@ -31,6 +31,7 @@ import org.apache.ws.security.message.to
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
import org.jaxen.XPath;
import org.jaxen.JaxenException;
@@ -555,16 +556,34 @@ public class PolicyBasedResultsValidator
Vector actuallySigned = new Vector();
if (actionResults != null) {
for (int j = 0; j < actionResults.length; j++) {
+
WSSecurityEngineResult actionResult = actionResults[j];
- Set signedIDs = (Set) actionResult
- .get(WSSecurityEngineResult.TAG_SIGNED_ELEMENT_IDS);
- for (Iterator i = signedIDs.iterator(); i.hasNext();) {
- String e = (String) i.next();
-
- Element element = WSSecurityUtil.findElementById(envelope, e,
- WSConstants.WSU_NS);
- actuallySigned.add(element);
+ List wsDataRefs = (List)actionResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+
+ // if header was encrypted before it was signed, protected
+ // element is 'EncryptedHeader.' the actual element is
+ // first child element
+
+ for (Iterator k = wsDataRefs.iterator(); k.hasNext();) {
+ WSDataRef wsDataRef = (WSDataRef)k.next();
+ Element protectedElement = wsDataRef.getProtectedElement();
+ if (protectedElement.getLocalName().equals("EncryptedHeader")) {
+ NodeList nodeList = protectedElement.getChildNodes();
+ for (int x = 0; x < nodeList.getLength(); x++) {
+ if (nodeList.item(x).getNodeType() == Node.ELEMENT_NODE) {
+ String ns = ((Element)nodeList.item(x)).getNamespaceURI();
+ String ln = ((Element)nodeList.item(x)).getLocalName();
+ actuallySigned.add(new QName(ns,ln));
+ break;
+ }
+ }
+ } else {
+ String ns = protectedElement.getNamespaceURI();
+ String ln = protectedElement.getLocalName();
+ actuallySigned.add(new QName(ns,ln));
+ }
}
+
}
}
@@ -573,15 +592,15 @@ public class PolicyBasedResultsValidator
if (wsep.getType() == WSConstants.PART_TYPE_BODY) {
- Element body;
+ QName bodyQName;
if (WSConstants.URI_SOAP11_ENV.equals(envelope.getNamespaceURI())) {
- body = WSSecurityUtil.findBodyElement(rmd.getDocument(), new SOAP11Constants());
+ bodyQName = new SOAP11Constants().getBodyQName();
} else {
- body = WSSecurityUtil.findBodyElement(rmd.getDocument(), new SOAP12Constants());
+ bodyQName = new SOAP12Constants().getBodyQName();
}
- if (!actuallySigned.contains(body) && !rmd.getPolicyData().isSignBodyOptional()) {
+ if (!actuallySigned.contains(bodyQName) && !rmd.getPolicyData().isSignBodyOptional()) {
// soap body is not signed
throw new RampartException("bodyNotSigned");
}
@@ -591,6 +610,7 @@ public class PolicyBasedResultsValidator
Element element = (Element) WSSecurityUtil.findElement(
envelope, wsep.getName(), wsep.getNamespace() );
+
if( element == null ) {
// The signedpart header or element we are checking is not present in
// soap envelope - this is allowed
@@ -598,7 +618,7 @@ public class PolicyBasedResultsValidator
}
// header or the element present in soap envelope - verify that it is part of signature
- if( actuallySigned.contains( element) ) {
+ if( actuallySigned.contains( new QName(element.getNamespaceURI(), element.getLocalName())) ) {
continue;
}
Modified: axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java?rev=1052172&r1=1052171&r2=1052172&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java Thu Dec 23 05:49:51 2010
@@ -205,7 +205,9 @@ public class Axis2Util {
OMNamespace ns = (OMNamespace) nsIter.next();
header.declareNamespace(ns);
}
- Iterator children = element.getChildElements();
+ // retrieve all child nodes (including any text nodes)
+ // and re-attach to header block
+ Iterator children = element.getChildren();
while (children.hasNext()) {
OMNode child = (OMNode)children.next();
child.detach();