You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2019/07/19 10:08:31 UTC
[cxf] branch master updated (e438cd4 -> 9ab0d27)
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git.
from e438cd4 Adding a new configuration tag to control XOP Include for WS-SecurityPolicy
new 4391fe4 Simplifying WSS4J unit tests
new 9ab0d27 CXF-8077 - WSS4JInInterceptor is not thread safe
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../cxf/ws/security/wss4j/WSS4JInInterceptor.java | 17 +++----
.../ws/security/wss4j/AbstractSecurityTest.java | 17 +------
.../security/wss4j/SignatureConfirmationTest.java | 34 ++-----------
.../cxf/ws/security/wss4j/WSS4JFaultCodeTest.java | 56 ++--------------------
.../cxf/ws/security/wss4j/WSS4JInOutTest.java | 30 +-----------
5 files changed, 17 insertions(+), 137 deletions(-)
[cxf] 02/02: CXF-8077 - WSS4JInInterceptor is not thread safe
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 9ab0d2766695a2ba9f1ed1ca042b5d2a42eb4fd9
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Fri Jul 19 11:08:02 2019 +0100
CXF-8077 - WSS4JInInterceptor is not thread safe
---
.../cxf/ws/security/wss4j/WSS4JInInterceptor.java | 17 +++++++----------
1 file changed, 7 insertions(+), 10 deletions(-)
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
index ef9958e..127bba2 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
@@ -109,7 +109,8 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
/**
*
*/
- private WSSecurityEngine secEngineOverride;
+ private WSSConfig defaultConfig;
+
public WSS4JInInterceptor() {
super();
@@ -161,8 +162,7 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
}
}
- secEngineOverride = new WSSecurityEngine();
- secEngineOverride.setWssConfig(config);
+ defaultConfig = config;
}
/**
@@ -696,15 +696,12 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
/**
* @return the WSSecurityEngine in use by this interceptor.
- * This engine is defined to be the secEngineOverride
- * instance, if defined in this class (and supplied through
- * construction); otherwise, it is taken to be the default
- * WSSecEngine instance (currently defined in the WSHandler
- * base class).
*/
protected WSSecurityEngine getSecurityEngine(boolean utWithCallbacks) {
- if (secEngineOverride != null) {
- return secEngineOverride;
+ if (defaultConfig != null) {
+ WSSecurityEngine engine = new WSSecurityEngine();
+ engine.setWssConfig(defaultConfig);
+ return engine;
}
if (!utWithCallbacks) {
[cxf] 01/02: Simplifying WSS4J unit tests
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 4391fe49021f18af6d29da79865b0066f1f45ba8
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Fri Jul 19 10:07:49 2019 +0100
Simplifying WSS4J unit tests
---
.../ws/security/wss4j/AbstractSecurityTest.java | 17 +------
.../security/wss4j/SignatureConfirmationTest.java | 34 ++-----------
.../cxf/ws/security/wss4j/WSS4JFaultCodeTest.java | 56 ++--------------------
.../cxf/ws/security/wss4j/WSS4JInOutTest.java | 30 +-----------
4 files changed, 10 insertions(+), 127 deletions(-)
diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractSecurityTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractSecurityTest.java
index a39c672..2b99cf4 100644
--- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractSecurityTest.java
+++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractSecurityTest.java
@@ -26,14 +26,11 @@ import java.util.List;
import java.util.Map;
import javax.xml.namespace.QName;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.soap.MessageFactory;
import javax.xml.soap.SOAPConstants;
import javax.xml.soap.SOAPMessage;
import javax.xml.soap.SOAPPart;
-import javax.xml.stream.XMLStreamReader;
import javax.xml.stream.XMLStreamWriter;
import org.w3c.dom.Document;
@@ -43,7 +40,6 @@ import org.apache.cxf.binding.soap.Soap11;
import org.apache.cxf.binding.soap.SoapHeader;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.saaj.SAAJStreamWriter;
-import org.apache.cxf.helpers.DOMUtils.NullResolver;
import org.apache.cxf.message.Exchange;
import org.apache.cxf.message.ExchangeImpl;
import org.apache.cxf.message.MessageImpl;
@@ -136,18 +132,7 @@ public abstract class AbstractSecurityTest extends AbstractCXFTest {
}
byte[] docbytes = getMessageBytes(doc);
- XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes));
-
- DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
-
- dbf.setValidating(false);
- dbf.setIgnoringComments(false);
- dbf.setIgnoringElementContentWhitespace(true);
- dbf.setNamespaceAware(true);
-
- DocumentBuilder db = dbf.newDocumentBuilder();
- db.setEntityResolver(new NullResolver());
- doc = StaxUtils.read(db, reader, false);
+ doc = StaxUtils.read(new ByteArrayInputStream(docbytes));
WSS4JInInterceptor inHandler = new WSS4JInInterceptor(inProperties);
diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureConfirmationTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureConfirmationTest.java
index 1f270d2..1746449 100644
--- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureConfirmationTest.java
+++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureConfirmationTest.java
@@ -22,16 +22,12 @@ import java.io.ByteArrayInputStream;
import java.util.List;
import java.util.Set;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.soap.SOAPMessage;
-import javax.xml.stream.XMLStreamReader;
import org.w3c.dom.Document;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.helpers.CastUtils;
-import org.apache.cxf.helpers.DOMUtils.NullResolver;
import org.apache.cxf.message.Exchange;
import org.apache.cxf.message.ExchangeImpl;
import org.apache.cxf.message.MessageImpl;
@@ -85,7 +81,6 @@ public class SignatureConfirmationTest extends AbstractSecurityTest {
assertValid("//wsse:Security", doc);
assertValid("//wsse:Security/ds:Signature", doc);
- byte[] docbytes = getMessageBytes(doc);
//
// Save the signature for future confirmation
//
@@ -93,18 +88,8 @@ public class SignatureConfirmationTest extends AbstractSecurityTest {
assertNotNull(sigv);
assertFalse(sigv.isEmpty());
- XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes));
-
- DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
-
- dbf.setValidating(false);
- dbf.setIgnoringComments(false);
- dbf.setIgnoringElementContentWhitespace(true);
- dbf.setNamespaceAware(true);
-
- DocumentBuilder db = dbf.newDocumentBuilder();
- db.setEntityResolver(new NullResolver());
- doc = StaxUtils.read(db, reader, false);
+ byte[] docbytes = getMessageBytes(doc);
+ doc = StaxUtils.read(new ByteArrayInputStream(docbytes));
WSS4JInInterceptor inHandler = new WSS4JInInterceptor();
@@ -154,20 +139,7 @@ public class SignatureConfirmationTest extends AbstractSecurityTest {
// assertValid("//wsse:Security/wsse11:SignatureConfirmation", doc);
byte[] docbytes = getMessageBytes(doc);
- // System.out.println(new String(docbytes));
-
- XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes));
-
- DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
-
- dbf.setValidating(false);
- dbf.setIgnoringComments(false);
- dbf.setIgnoringElementContentWhitespace(true);
- dbf.setNamespaceAware(true);
-
- DocumentBuilder db = dbf.newDocumentBuilder();
- db.setEntityResolver(new NullResolver());
- doc = StaxUtils.read(db, reader, false);
+ doc = StaxUtils.read(new ByteArrayInputStream(docbytes));
WSS4JInInterceptor inHandler = new WSS4JInInterceptor();
diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JFaultCodeTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JFaultCodeTest.java
index 569de66..bd556c6 100644
--- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JFaultCodeTest.java
+++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JFaultCodeTest.java
@@ -21,17 +21,13 @@ package org.apache.cxf.ws.security.wss4j;
import java.io.ByteArrayInputStream;
import javax.xml.namespace.QName;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.soap.SOAPConstants;
import javax.xml.soap.SOAPMessage;
-import javax.xml.stream.XMLStreamReader;
import org.w3c.dom.Document;
import org.apache.cxf.binding.soap.SoapFault;
import org.apache.cxf.binding.soap.SoapMessage;
-import org.apache.cxf.helpers.DOMUtils.NullResolver;
import org.apache.cxf.message.Exchange;
import org.apache.cxf.message.ExchangeImpl;
import org.apache.cxf.message.MessageImpl;
@@ -67,18 +63,7 @@ public class WSS4JFaultCodeTest extends AbstractSecurityTest {
doc = saajMsg.getSOAPPart();
byte[] docbytes = getMessageBytes(doc);
- XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes));
-
- DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
-
- dbf.setValidating(false);
- dbf.setIgnoringComments(false);
- dbf.setIgnoringElementContentWhitespace(true);
- dbf.setNamespaceAware(true);
-
- DocumentBuilder db = dbf.newDocumentBuilder();
- db.setEntityResolver(new NullResolver());
- doc = StaxUtils.read(db, reader, false);
+ doc = StaxUtils.read(new ByteArrayInputStream(docbytes));
WSS4JInInterceptor inHandler = new WSS4JInInterceptor();
@@ -127,18 +112,7 @@ public class WSS4JFaultCodeTest extends AbstractSecurityTest {
assertValid("//wsse:Security", doc);
byte[] docbytes = getMessageBytes(doc);
- XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes));
-
- DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
-
- dbf.setValidating(false);
- dbf.setIgnoringComments(false);
- dbf.setIgnoringElementContentWhitespace(true);
- dbf.setNamespaceAware(true);
-
- DocumentBuilder db = dbf.newDocumentBuilder();
- db.setEntityResolver(new NullResolver());
- doc = StaxUtils.read(db, reader, false);
+ doc = StaxUtils.read(new ByteArrayInputStream(docbytes));
WSS4JInInterceptor inHandler = new WSS4JInInterceptor();
@@ -187,18 +161,7 @@ public class WSS4JFaultCodeTest extends AbstractSecurityTest {
assertValid("//wsse:Security", doc);
byte[] docbytes = getMessageBytes(doc);
- XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes));
-
- DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
-
- dbf.setValidating(false);
- dbf.setIgnoringComments(false);
- dbf.setIgnoringElementContentWhitespace(true);
- dbf.setNamespaceAware(true);
-
- DocumentBuilder db = dbf.newDocumentBuilder();
- db.setEntityResolver(new NullResolver());
- doc = StaxUtils.read(db, reader, false);
+ doc = StaxUtils.read(new ByteArrayInputStream(docbytes));
WSS4JInInterceptor inHandler = new WSS4JInInterceptor();
@@ -234,18 +197,7 @@ public class WSS4JFaultCodeTest extends AbstractSecurityTest {
doc = saajMsg.getSOAPPart();
byte[] docbytes = getMessageBytes(doc);
- XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes));
-
- DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
-
- dbf.setValidating(false);
- dbf.setIgnoringComments(false);
- dbf.setIgnoringElementContentWhitespace(true);
- dbf.setNamespaceAware(true);
-
- DocumentBuilder db = dbf.newDocumentBuilder();
- db.setEntityResolver(new NullResolver());
- doc = StaxUtils.read(db, reader, false);
+ doc = StaxUtils.read(new ByteArrayInputStream(docbytes));
WSS4JInInterceptor inHandler = new WSS4JInInterceptor();
diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java
index 9b9ee5e..2eac5fd 100644
--- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java
+++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java
@@ -29,10 +29,7 @@ import java.util.SortedSet;
import java.util.TreeSet;
import javax.xml.namespace.QName;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.soap.SOAPMessage;
-import javax.xml.stream.XMLStreamReader;
import org.w3c.dom.Document;
@@ -40,7 +37,6 @@ import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor;
import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor;
import org.apache.cxf.helpers.CastUtils;
-import org.apache.cxf.helpers.DOMUtils.NullResolver;
import org.apache.cxf.interceptor.Interceptor;
import org.apache.cxf.message.Exchange;
import org.apache.cxf.message.ExchangeImpl;
@@ -297,18 +293,7 @@ public class WSS4JInOutTest extends AbstractSecurityTest {
assertValid("//wsse:Security/ds:Signature", doc);
byte[] docbytes = getMessageBytes(doc);
- XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes));
-
- DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
-
- dbf.setValidating(false);
- dbf.setIgnoringComments(false);
- dbf.setIgnoringElementContentWhitespace(true);
- dbf.setNamespaceAware(true);
-
- DocumentBuilder db = dbf.newDocumentBuilder();
- db.setEntityResolver(new NullResolver());
- doc = StaxUtils.read(db, reader, false);
+ doc = StaxUtils.read(new ByteArrayInputStream(docbytes));
final Map<String, Object> properties = new HashMap<>();
properties.put(
@@ -356,18 +341,7 @@ public class WSS4JInOutTest extends AbstractSecurityTest {
assertValid("//wsse:Security/ds:Signature", doc);
byte[] docbytes = getMessageBytes(doc);
- XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes));
-
- DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
-
- dbf.setValidating(false);
- dbf.setIgnoringComments(false);
- dbf.setIgnoringElementContentWhitespace(true);
- dbf.setNamespaceAware(true);
-
- DocumentBuilder db = dbf.newDocumentBuilder();
- db.setEntityResolver(new NullResolver());
- doc = StaxUtils.read(db, reader, false);
+ doc = StaxUtils.read(new ByteArrayInputStream(docbytes));
final Map<String, Object> properties = new HashMap<>();
final Map<QName, Object> customMap = new HashMap<>();