You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2013/05/22 11:49:32 UTC
svn commit: r1485135 - in
/webservices/wss4j/trunk/ws-security-policy-stax/src:
main/java/org/apache/wss4j/policy/stax/
test/java/org/apache/wss4j/policy/stax/test/
Author: coheigea
Date: Wed May 22 09:49:31 2013
New Revision: 1485135
URL: http://svn.apache.org/r1485135
Log:
Only enforce token policies that are targetted at recipients + initiators
Modified:
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyEnforcer.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyEnforcerFactory.java
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AbstractPolicyTestBase.java
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/VulnerabliltyVectorsTest.java
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyEnforcer.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyEnforcer.java?rev=1485135&r1=1485134&r2=1485135&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyEnforcer.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyEnforcer.java Wed May 22 09:49:31 2013
@@ -36,7 +36,9 @@ import org.apache.neethi.PolicyContainin
import org.apache.neethi.PolicyOperator;
import org.apache.neethi.builders.PrimitiveAssertion;
import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.policy.SPConstants;
import org.apache.wss4j.policy.WSSPolicyException;
+import org.apache.wss4j.policy.SPConstants.IncludeTokenType;
import org.apache.wss4j.policy.model.AbstractBinding;
import org.apache.wss4j.policy.model.AbstractSecurityAssertion;
import org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding;
@@ -120,8 +122,9 @@ public class PolicyEnforcer implements S
private final Deque<SecurityEvent> securityEventQueue = new LinkedList<SecurityEvent>();
private boolean operationSecurityEventOccured = false;
+ private boolean initiator;
- public PolicyEnforcer(List<OperationPolicy> operationPolicies, String soapAction) throws WSSPolicyException {
+ public PolicyEnforcer(List<OperationPolicy> operationPolicies, String soapAction, boolean initiator) throws WSSPolicyException {
this.operationPolicies = operationPolicies;
assertionStateMap = new LinkedList<Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>>();
failedAssertionStateMap = new LinkedList<Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>>();
@@ -132,6 +135,7 @@ public class PolicyEnforcer implements S
buildAssertionStateMap(effectivePolicy.getPolicy(), assertionStateMap);
}
}
+ this.initiator = initiator;
}
private OperationPolicy findPolicyBySOAPAction(List<OperationPolicy> operationPolicies, String soapAction) {
@@ -229,6 +233,19 @@ public class PolicyEnforcer implements S
protected List<Assertable> getAssertableForAssertion(AbstractSecurityAssertion abstractSecurityAssertion) throws WSSPolicyException {
List<Assertable> assertableList = new LinkedList<Assertable>();
+ if (abstractSecurityAssertion instanceof AbstractToken) {
+ // Don't return a Token that is not required
+ SPConstants.IncludeTokenType includeTokenType =
+ ((AbstractToken)abstractSecurityAssertion).getIncludeTokenType();
+ if (initiator
+ && includeTokenType == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT) {
+ return assertableList;
+ } else if (!initiator
+ && includeTokenType == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR) {
+ return assertableList;
+ }
+ }
+
if (abstractSecurityAssertion instanceof ContentEncryptedElements) {
//initialized with asserted=true because it could be that parent elements are encrypted and therefore these element are also encrypted
//the test if it is really encrypted is done via the PolicyInputProcessor which emits EncryptedElementEvents for unencrypted elements with the unencrypted flag
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyEnforcerFactory.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyEnforcerFactory.java?rev=1485135&r1=1485134&r2=1485135&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyEnforcerFactory.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyEnforcerFactory.java Wed May 22 09:49:31 2013
@@ -416,7 +416,7 @@ public class PolicyEnforcerFactory {
}
}
- public PolicyEnforcer newPolicyEnforcer(String soapAction) throws WSSPolicyException {
- return new PolicyEnforcer(this.operationPolicies, soapAction);
+ public PolicyEnforcer newPolicyEnforcer(String soapAction, boolean initiator) throws WSSPolicyException {
+ return new PolicyEnforcer(this.operationPolicies, soapAction, initiator);
}
}
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AbstractPolicyTestBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AbstractPolicyTestBase.java?rev=1485135&r1=1485134&r2=1485135&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AbstractPolicyTestBase.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AbstractPolicyTestBase.java Wed May 22 09:49:31 2013
@@ -91,7 +91,7 @@ public class AbstractPolicyTestBase exte
element.appendChild(policyNode);
}
PolicyEnforcerFactory policyEnforcerFactory = PolicyEnforcerFactory.newInstance(document, customAssertionBuilders);
- PolicyEnforcer policyEnforcer = policyEnforcerFactory.newPolicyEnforcer("");
+ PolicyEnforcer policyEnforcer = policyEnforcerFactory.newPolicyEnforcer("", false);
return policyEnforcer;
}
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/VulnerabliltyVectorsTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/VulnerabliltyVectorsTest.java?rev=1485135&r1=1485134&r2=1485135&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/VulnerabliltyVectorsTest.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/VulnerabliltyVectorsTest.java Wed May 22 09:49:31 2013
@@ -74,7 +74,7 @@ public class VulnerabliltyVectorsTest ex
inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
PolicyEnforcerFactory policyEnforcerFactory = PolicyEnforcerFactory.newInstance(this.getClass().getClassLoader().getResource("testdata/wsdl/actionSpoofing.wsdl"));
- PolicyEnforcer policyEnforcer = policyEnforcerFactory.newPolicyEnforcer("emptyPolicy");
+ PolicyEnforcer policyEnforcer = policyEnforcerFactory.newPolicyEnforcer("emptyPolicy", false);
inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, inSecurityProperties));
try {
@@ -126,7 +126,7 @@ public class VulnerabliltyVectorsTest ex
inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
PolicyEnforcerFactory policyEnforcerFactory = PolicyEnforcerFactory.newInstance(this.getClass().getClassLoader().getResource("testdata/wsdl/actionSpoofing.wsdl"));
- PolicyEnforcer policyEnforcer = policyEnforcerFactory.newPolicyEnforcer("goodPolicy");
+ PolicyEnforcer policyEnforcer = policyEnforcerFactory.newPolicyEnforcer("goodPolicy", false);
inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, inSecurityProperties));
try {