You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/10/18 16:54:22 UTC
svn commit: r1533476 - in
/cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security:
policy/interceptors/ wss4j/ wss4j/policyhandlers/
Author: coheigea
Date: Fri Oct 18 14:54:21 2013
New Revision: 1533476
URL: http://svn.apache.org/r1533476
Log:
Partially fixing SecureConversation cancelling functionality
Conflicts:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
Modified:
cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
Modified: cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java?rev=1533476&r1=1533475&r2=1533476&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java (original)
+++ cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java Fri Oct 18 14:54:21 2013
@@ -70,13 +70,13 @@ import org.apache.ws.security.message.to
* This is a collection of utility methods for use in negotiation exchanges such as WS-SecureConversation
* and WS-Trust for SPNEGO.
*/
-final class NegotiationUtils {
+public final class NegotiationUtils {
private NegotiationUtils() {
// complete
}
- static Trust10 getTrust10(AssertionInfoMap aim) {
+ public static Trust10 getTrust10(AssertionInfoMap aim) {
Collection<AssertionInfo> ais = aim.get(SP12Constants.TRUST_10);
if (ais == null || ais.isEmpty()) {
ais = aim.get(SP11Constants.TRUST_10);
@@ -87,7 +87,7 @@ final class NegotiationUtils {
return (Trust10)ais.iterator().next().getAssertion();
}
- static Trust13 getTrust13(AssertionInfoMap aim) {
+ public static Trust13 getTrust13(AssertionInfoMap aim) {
Collection<AssertionInfo> ais = aim.get(SP12Constants.TRUST_13);
if (ais == null || ais.isEmpty()) {
return null;
@@ -95,7 +95,11 @@ final class NegotiationUtils {
return (Trust13)ais.iterator().next().getAssertion();
}
- static TokenStore getTokenStore(Message message) {
+ public static TokenStore getTokenStore(Message message) {
+ return getTokenStore(message, true);
+ }
+
+ public static TokenStore getTokenStore(Message message, boolean create) {
EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
synchronized (info) {
TokenStore tokenStore =
@@ -103,7 +107,7 @@ final class NegotiationUtils {
if (tokenStore == null) {
tokenStore = (TokenStore)info.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
}
- if (tokenStore == null) {
+ if (create && tokenStore == null) {
TokenStoreFactory tokenStoreFactory = TokenStoreFactory.newInstance();
String cacheKey = SecurityConstants.TOKEN_STORE_CACHE_INSTANCE;
if (info.getName() != null) {
@@ -116,7 +120,7 @@ final class NegotiationUtils {
}
}
- static Assertion getAddressingPolicy(AssertionInfoMap aim, boolean optional) {
+ public static Assertion getAddressingPolicy(AssertionInfoMap aim, boolean optional) {
Collection<AssertionInfo> lst = aim.get(MetadataConstants.USING_ADDRESSING_2004_QNAME);
Assertion assertion = null;
if (null != lst && !lst.isEmpty()) {
@@ -144,7 +148,7 @@ final class NegotiationUtils {
return assertion;
}
- static AlgorithmSuite getAlgorithmSuite(AssertionInfoMap aim) {
+ public static AlgorithmSuite getAlgorithmSuite(AssertionInfoMap aim) {
Binding transport = null;
Collection<AssertionInfo> ais = aim.get(SP12Constants.TRANSPORT_BINDING);
if (ais != null) {
@@ -172,7 +176,7 @@ final class NegotiationUtils {
return null;
}
- static int getWSCVersion(String tokenTypeValue) throws ConversationException {
+ public static int getWSCVersion(String tokenTypeValue) throws ConversationException {
if (tokenTypeValue == null) {
return ConversationConstants.DEFAULT_VERSION;
}
@@ -186,7 +190,7 @@ final class NegotiationUtils {
}
}
- static void recalcEffectivePolicy(
+ public static void recalcEffectivePolicy(
SoapMessage message,
String namespace,
Policy policy,
@@ -247,7 +251,7 @@ final class NegotiationUtils {
/**
* Return true on successfully parsing a SecurityContextToken result
*/
- static boolean parseSCTResult(SoapMessage message) {
+ public static boolean parseSCTResult(SoapMessage message) {
List<WSHandlerResult> results =
CastUtils.cast((List<?>)message.get(WSHandlerConstants.RECV_RESULTS));
if (results == null) {
@@ -279,7 +283,7 @@ final class NegotiationUtils {
return false;
}
- static CallbackHandler getCallbackHandler(Object o, Class<?> clazz) {
+ public static CallbackHandler getCallbackHandler(Object o, Class<?> clazz) {
CallbackHandler handler = null;
if (o instanceof CallbackHandler) {
handler = (CallbackHandler)o;
Modified: cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java?rev=1533476&r1=1533475&r2=1533476&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java (original)
+++ cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java Fri Oct 18 14:54:21 2013
@@ -40,6 +40,7 @@ import org.apache.cxf.staxutils.W3CDOMSt
import org.apache.cxf.ws.addressing.AddressingProperties;
import org.apache.cxf.ws.addressing.AttributedURIType;
import org.apache.cxf.ws.addressing.JAXWSAConstants;
+import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.cxf.ws.security.trust.STSUtils;
@@ -160,6 +161,8 @@ abstract class STSInvoker implements Inv
TokenStore store = (TokenStore)exchange.get(Endpoint.class).getEndpointInfo()
.getProperty(TokenStore.class.getName());
store.remove(cancelToken.getId());
+ // Put the token on the out message so that we can sign the response
+ exchange.getEndpoint().put(SecurityConstants.TOKEN, cancelToken);
writer.writeEmptyElement(prefix, "RequestedTokenCancelled", namespace);
writer.writeEndElement();
@@ -230,6 +233,7 @@ abstract class STSInvoker implements Inv
ref.setValueType(refValueType);
}
SecurityTokenReference str = new SecurityTokenReference(writer.getDocument());
+ str.addWSSENamespace();
str.setReference(ref);
writer.getCurrentNode().appendChild(str.getElement());
Modified: cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java?rev=1533476&r1=1533475&r2=1533476&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java (original)
+++ cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java Fri Oct 18 14:54:21 2013
@@ -140,7 +140,11 @@ class SecureConversationInInterceptor ex
SymmetricBinding binding = new SymmetricBinding(SP12Constants.INSTANCE, pbuilder);
binding.setIncludeTimestamp(true);
ProtectionToken token = new ProtectionToken(SP12Constants.INSTANCE, pbuilder);
- token.setToken(new SecureConversationToken(SP12Constants.INSTANCE));
+
+ SecureConversationToken scToken =
+ new SecureConversationToken(SP12Constants.INSTANCE);
+ scToken.setInclusion(SP12Constants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT);
+ token.setToken(scToken);
binding.setProtectionToken(token);
binding.setEntireHeadersAndBodySignatures(true);
Modified: cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1533476&r1=1533475&r2=1533476&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java (original)
+++ cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java Fri Oct 18 14:54:21 2013
@@ -46,7 +46,6 @@ import javax.xml.transform.dom.DOMSource
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-
import org.apache.cxf.binding.soap.SoapFault;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.SoapVersion;
@@ -67,6 +66,7 @@ import org.apache.cxf.security.LoginSecu
import org.apache.cxf.security.SecurityContext;
import org.apache.cxf.staxutils.StaxUtils;
import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.policy.interceptors.NegotiationUtils;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.ws.security.CustomTokenPrincipal;
@@ -657,8 +657,8 @@ public class WSS4JInInterceptor extends
} catch (WSSecurityException sec) {
Endpoint ep = ((SoapMessage)reqData.getMsgContext()).getExchange().get(Endpoint.class);
if (ep != null && ep.getEndpointInfo() != null) {
- TokenStore store = (TokenStore)ep.getEndpointInfo()
- .getProperty(TokenStore.class.getName());
+ TokenStore store =
+ NegotiationUtils.getTokenStore((SoapMessage)reqData.getMsgContext(), false);
if (store != null) {
return new TokenStoreCallbackHandler(null, store);
}
@@ -669,7 +669,8 @@ public class WSS4JInInterceptor extends
}
Endpoint ep = ((SoapMessage)reqData.getMsgContext()).getExchange().get(Endpoint.class);
if (ep != null && ep.getEndpointInfo() != null) {
- TokenStore store = (TokenStore)ep.getEndpointInfo().getProperty(TokenStore.class.getName());
+ TokenStore store =
+ NegotiationUtils.getTokenStore((SoapMessage)reqData.getMsgContext(), false);
if (store != null) {
return new TokenStoreCallbackHandler(cbHandler, store);
}
Modified: cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1533476&r1=1533475&r2=1533476&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java (original)
+++ cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Fri Oct 18 14:54:21 2013
@@ -52,7 +52,6 @@ import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
-
import org.apache.cxf.Bus;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.saaj.SAAJUtils;
@@ -76,6 +75,7 @@ import org.apache.cxf.ws.policy.PolicyEx
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.policy.SP12Constants;
import org.apache.cxf.ws.security.policy.SPConstants;
+import org.apache.cxf.ws.security.policy.interceptors.NegotiationUtils;
import org.apache.cxf.ws.security.policy.model.AsymmetricBinding;
import org.apache.cxf.ws.security.policy.model.Binding;
import org.apache.cxf.ws.security.policy.model.ContentEncryptedElements;
@@ -99,7 +99,6 @@ import org.apache.cxf.ws.security.policy
import org.apache.cxf.ws.security.policy.model.X509Token;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
-import org.apache.cxf.ws.security.tokenstore.TokenStoreFactory;
import org.apache.neethi.Assertion;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
@@ -130,7 +129,6 @@ import org.apache.ws.security.message.to
import org.apache.ws.security.saml.ext.AssertionWrapper;
import org.apache.ws.security.saml.ext.SAMLParms;
import org.apache.ws.security.util.WSSecurityUtil;
-
import org.opensaml.common.SAMLVersion;
/**
@@ -363,24 +361,7 @@ public abstract class AbstractBindingBui
}
protected final TokenStore getTokenStore() {
- EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
- synchronized (info) {
- TokenStore tokenStore =
- (TokenStore)message.getContextualProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
- if (tokenStore == null) {
- tokenStore = (TokenStore)info.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
- }
- if (tokenStore == null) {
- TokenStoreFactory tokenStoreFactory = TokenStoreFactory.newInstance();
- String cacheKey = SecurityConstants.TOKEN_STORE_CACHE_INSTANCE;
- if (info.getName() != null) {
- cacheKey += "-" + info.getName().toString().hashCode();
- }
- tokenStore = tokenStoreFactory.newTokenStore(cacheKey, message);
- info.setProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, tokenStore);
- }
- return tokenStore;
- }
+ return NegotiationUtils.getTokenStore(message);
}
protected WSSecTimestamp createTimestamp() {