You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/02/24 17:30:12 UTC
[1/2] cxf git commit: Picking up some WSS4J trunk changes
Repository: cxf
Updated Branches:
refs/heads/opensaml-3.0-port 2426a0879 -> 773722540
Picking up some WSS4J trunk changes
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/80d7128a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/80d7128a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/80d7128a
Branch: refs/heads/opensaml-3.0-port
Commit: 80d7128a3ba1944a603c73e5e908d86c9bf27648
Parents: 2426a08
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Feb 24 14:40:10 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Feb 24 14:40:10 2015 +0000
----------------------------------------------------------------------
.../org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/80d7128a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
index cff4c53..b8c71a7 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
@@ -273,13 +273,14 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
|| MessageUtils.isTrue(msg.getContextualProperty(SecurityConstants.ENABLE_REVOCATION));
reqData.setEnableRevocation(enableRevocation);
- Element elem = WSSecurityUtil.getSecurityHeader(doc.getSOAPPart(), actor);
+ Element elem =
+ WSSecurityUtil.getSecurityHeader(doc.getSOAPHeader(), actor, version.getVersion() != 1.1);
List<WSSecurityEngineResult> wsResult = engine.processSecurityHeader(
elem, reqData
);
- if (wsResult != null && !wsResult.isEmpty()) { // security header found
+ if (!wsResult.isEmpty()) { // security header found
if (reqData.getWssConfig().isEnableSignatureConfirmation()) {
checkSignatureConfirmation(reqData, wsResult);
}
@@ -294,9 +295,6 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
wsResult, utWithCallbacks
);
} else { // no security header found
- // Create an empty result list to pass into the required validation
- // methods.
- wsResult = new ArrayList<WSSecurityEngineResult>();
if (doc.getSOAPPart().getEnvelope().getBody().hasFault() && isRequestor(msg)) {
LOG.warning("The request is a SOAP Fault, but it is not secured");
// We allow lax action matching here for backwards compatibility
[2/2] cxf git commit: Using a new CXFCallbackLookup
Posted by co...@apache.org.
Using a new CXFCallbackLookup
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/77372254
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/77372254
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/77372254
Branch: refs/heads/opensaml-3.0-port
Commit: 7737225402d3a7b2e669ee8ecf54de10af686f20
Parents: 80d7128
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Feb 24 16:02:16 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Feb 24 16:02:16 2015 +0000
----------------------------------------------------------------------
.../ws/security/wss4j/CXFCallbackLookup.java | 50 ++++++++++++++++++++
.../wss4j/PolicyBasedWSS4JOutInterceptor.java | 27 ++++++-----
.../ws/security/wss4j/WSS4JInInterceptor.java | 5 ++
.../policyhandlers/AbstractBindingBuilder.java | 23 +++++++--
.../AsymmetricBindingHandler.java | 5 +-
.../policyhandlers/SymmetricBindingHandler.java | 11 +++--
.../policyhandlers/TransportBindingHandler.java | 5 +-
7 files changed, 107 insertions(+), 19 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/77372254/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CXFCallbackLookup.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CXFCallbackLookup.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CXFCallbackLookup.java
new file mode 100644
index 0000000..be8dbe0
--- /dev/null
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CXFCallbackLookup.java
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.ws.security.wss4j;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import org.apache.wss4j.dom.message.DOMCallbackLookup;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
+
+/**
+ * This class uses a DOM-based approach to locate Elements that are referenced via an Id.
+ */
+public class CXFCallbackLookup extends DOMCallbackLookup {
+
+ private Document doc;
+ private Element soapBody;
+
+ public CXFCallbackLookup(Document doc, Element soapBody) {
+ super(doc);
+ this.soapBody = soapBody;
+ }
+
+ /**
+ * Get the SOAP Body
+ */
+ @Override
+ public Element getSOAPBody() {
+ if (soapBody != null) {
+ return soapBody;
+ }
+ return WSSecurityUtil.findBodyElement(doc);
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/77372254/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
index 98a6330..54faf7e 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
@@ -120,7 +120,6 @@ public class PolicyBasedWSS4JOutInterceptor extends AbstractPhaseInterceptor<Soa
}
private void handleMessageInternal(SoapMessage message) throws Fault {
- Collection<AssertionInfo> ais;
SOAPMessage saaj = message.getContent(SOAPMessage.class);
boolean mustUnderstand =
@@ -133,7 +132,7 @@ public class PolicyBasedWSS4JOutInterceptor extends AbstractPhaseInterceptor<Soa
// extract Assertion information
if (aim != null) {
AbstractBinding transport = null;
- ais = getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
+ Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
if (!ais.isEmpty()) {
for (AssertionInfo ai : ais) {
transport = (AbstractBinding)ai.getAssertion();
@@ -191,15 +190,21 @@ public class PolicyBasedWSS4JOutInterceptor extends AbstractPhaseInterceptor<Soa
transport.getAlgorithmSuite().setAsymmetricSignature(asymSignatureAlgorithm);
}
- if (transport instanceof TransportBinding) {
- new TransportBindingHandler(config, (TransportBinding)transport, saaj,
- secHeader, aim, message).handleBinding();
- } else if (transport instanceof SymmetricBinding) {
- new SymmetricBindingHandler(config, (SymmetricBinding)transport, saaj,
- secHeader, aim, message).handleBinding();
- } else {
- new AsymmetricBindingHandler(config, (AsymmetricBinding)transport, saaj,
- secHeader, aim, message).handleBinding();
+ try {
+ if (transport instanceof TransportBinding) {
+ new TransportBindingHandler(config, (TransportBinding)transport, saaj,
+ secHeader, aim, message).handleBinding();
+ } else if (transport instanceof SymmetricBinding) {
+ new SymmetricBindingHandler(config, (SymmetricBinding)transport, saaj,
+ secHeader, aim, message).handleBinding();
+ } else {
+ new AsymmetricBindingHandler(config, (AsymmetricBinding)transport, saaj,
+ secHeader, aim, message).handleBinding();
+ }
+ } catch (SOAPException e) {
+ throw new SoapFault(
+ new Message("SECURITY_FAILED", LOG), e, message.getVersion().getSender()
+ );
}
if (el.getFirstChild() == null) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/77372254/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
index b8c71a7..4e20831 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
@@ -273,6 +273,11 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
|| MessageUtils.isTrue(msg.getContextualProperty(SecurityConstants.ENABLE_REVOCATION));
reqData.setEnableRevocation(enableRevocation);
+ Element soapBody = SAAJUtils.getBody(doc);
+ if (soapBody != null) {
+ engine.setCallbackLookup(new CXFCallbackLookup(soapBody.getOwnerDocument(), soapBody));
+ }
+
Element elem =
WSSecurityUtil.getSecurityHeader(doc.getSOAPHeader(), actor, version.getVersion() != 1.1);
http://git-wip-us.apache.org/repos/asf/cxf/blob/77372254/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index a6cd14a..6e62d0a 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -71,6 +71,7 @@ import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler;
+import org.apache.cxf.ws.security.wss4j.CXFCallbackLookup;
import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
import org.apache.cxf.wsdl.WSDLConstants;
import org.apache.neethi.Assertion;
@@ -95,6 +96,7 @@ import org.apache.wss4j.dom.WSSecurityEngineResult;
import org.apache.wss4j.dom.bsp.BSPEnforcer;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.handler.WSHandlerResult;
+import org.apache.wss4j.dom.message.CallbackLookup;
import org.apache.wss4j.dom.message.WSSecBase;
import org.apache.wss4j.dom.message.WSSecDKSign;
import org.apache.wss4j.dom.message.WSSecEncryptedKey;
@@ -169,6 +171,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
protected Element bstElement;
protected Element lastEncryptedKeyElement;
+ protected final CallbackLookup callbackLookup;
+
private Element lastSupportingTokenElement;
private Element lastDerivedKeyElement;
@@ -182,7 +186,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
SOAPMessage saaj,
WSSecHeader secHeader,
AssertionInfoMap aim,
- SoapMessage message) {
+ SoapMessage message) throws SOAPException {
super(message);
this.wssConfig = config;
this.binding = binding;
@@ -190,6 +194,13 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
this.secHeader = secHeader;
this.saaj = saaj;
message.getExchange().put(WSHandlerConstants.SEND_SIGV, signatures);
+
+ Element soapBody = SAAJUtils.getBody(saaj);
+ if (soapBody != null) {
+ callbackLookup = new CXFCallbackLookup(soapBody.getOwnerDocument(), soapBody);
+ } else {
+ callbackLookup = null;
+ }
}
protected void insertAfter(Element child, Element sib) {
@@ -450,7 +461,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
getSignedParts(suppTokens))
);
} else {
- WSSecSignature sig = new WSSecSignature(wssConfig);
+ WSSecSignature sig = new WSSecSignature(wssConfig);
+ sig.setCallbackLookup(callbackLookup);
sig.setX509Certificate(secToken.getX509Certificate());
sig.setCustomTokenId(id);
sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
@@ -1375,6 +1387,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
protected WSSecEncryptedKey getEncryptedKeyBuilder(AbstractTokenWrapper wrapper,
AbstractToken token) throws WSSecurityException {
WSSecEncryptedKey encrKey = new WSSecEncryptedKey(wssConfig);
+ encrKey.setCallbackLookup(callbackLookup);
Crypto crypto = getEncryptionCrypto(wrapper);
message.getExchange().put(SecurityConstants.ENCRYPT_CRYPTO, crypto);
setKeyIdentifierType(encrKey, wrapper, token);
@@ -1668,6 +1681,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
AbstractTokenWrapper wrapper, AbstractToken token, boolean attached, boolean endorse
) throws WSSecurityException {
WSSecSignature sig = new WSSecSignature(wssConfig);
+ sig.setCallbackLookup(callbackLookup);
sig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
checkForX509PkiPath(sig, token);
if (token instanceof IssuedToken || token instanceof SamlToken) {
@@ -1881,7 +1895,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
throws WSSecurityException {
Document doc = saaj.getSOAPPart();
- WSSecDKSign dkSign = new WSSecDKSign(wssConfig);
+ WSSecDKSign dkSign = new WSSecDKSign(wssConfig);
+ dkSign.setCallbackLookup(callbackLookup);
//Check whether it is security policy 1.2 and use the secure conversation accordingly
if (policyToken.getVersion() == SPConstants.SPVersion.SP11) {
@@ -1964,6 +1979,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
Document doc = saaj.getSOAPPart();
WSSecSignature sig = new WSSecSignature(wssConfig);
+ sig.setCallbackLookup(callbackLookup);
+
// If a EncryptedKeyToken is used, set the correct value type to
// be used in the wsse:Reference in ds:KeyInfo
if (policyToken instanceof X509Token) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/77372254/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index ddacef4..fc3aa8b 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -90,7 +90,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
SOAPMessage saaj,
WSSecHeader secHeader,
AssertionInfoMap aim,
- SoapMessage message) {
+ SoapMessage message) throws SOAPException {
super(config, binding, saaj, secHeader, aim, message);
this.abinding = binding;
protectionOrder = binding.getProtectionOrder();
@@ -452,6 +452,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
if (encrToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
try {
WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(wssConfig);
+ dkEncr.setCallbackLookup(callbackLookup);
if (recToken.getToken().getVersion() == SPConstants.SPVersion.SP11) {
dkEncr.setWscVersion(ConversationConstants.VERSION_05_02);
}
@@ -480,6 +481,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
} else {
try {
WSSecEncrypt encr = new WSSecEncrypt(wssConfig);
+ encr.setCallbackLookup(callbackLookup);
encr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
encr.setDocument(saaj.getSOAPPart());
@@ -615,6 +617,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
setupEncryptedKey(wrapper, sigToken);
WSSecDKSign dkSign = new WSSecDKSign(wssConfig);
+ dkSign.setCallbackLookup(callbackLookup);
if (wrapper.getToken().getVersion() == SPConstants.SPVersion.SP11) {
dkSign.setWscVersion(ConversationConstants.VERSION_05_02);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/77372254/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index 8fa9972..c04597c 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -27,6 +27,7 @@ import java.util.logging.Level;
import javax.xml.crypto.dsig.Reference;
import javax.xml.namespace.QName;
+import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
import org.w3c.dom.Document;
@@ -81,15 +82,15 @@ import org.apache.wss4j.policy.model.X509Token;
*
*/
public class SymmetricBindingHandler extends AbstractBindingBuilder {
- SymmetricBinding sbinding;
- TokenStore tokenStore;
+ private final SymmetricBinding sbinding;
+ private final TokenStore tokenStore;
public SymmetricBindingHandler(WSSConfig config,
SymmetricBinding binding,
SOAPMessage saaj,
WSSecHeader secHeader,
AssertionInfoMap aim,
- SoapMessage message) {
+ SoapMessage message) throws SOAPException {
super(config, binding, saaj, secHeader, aim, message);
this.sbinding = binding;
tokenStore = getTokenStore();
@@ -398,6 +399,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
boolean atEnd) {
try {
WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(wssConfig);
+ dkEncr.setCallbackLookup(callbackLookup);
if (recToken.getToken().getVersion() == SPConstants.SPVersion.SP11) {
dkEncr.setWscVersion(ConversationConstants.VERSION_05_02);
}
@@ -511,6 +513,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
} else {
try {
WSSecEncrypt encr = new WSSecEncrypt(wssConfig);
+ encr.setCallbackLookup(callbackLookup);
encr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
String encrTokId = encrTok.getId();
if (attached) {
@@ -622,6 +625,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
boolean included) throws WSSecurityException {
Document doc = saaj.getSOAPPart();
WSSecDKSign dkSign = new WSSecDKSign(wssConfig);
+ dkSign.setCallbackLookup(callbackLookup);
if (policyAbstractTokenWrapper.getToken().getVersion() == SPConstants.SPVersion.SP11) {
dkSign.setWscVersion(ConversationConstants.VERSION_05_02);
}
@@ -747,6 +751,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
return doSignatureDK(sigs, policyAbstractTokenWrapper, policyToken, tok, included);
} else {
WSSecSignature sig = new WSSecSignature(wssConfig);
+ sig.setCallbackLookup(callbackLookup);
sig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
// If a EncryptedKeyToken is used, set the correct value type to
// be used in the wsse:Reference in ds:KeyInfo
http://git-wip-us.apache.org/repos/asf/cxf/blob/77372254/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
index 5ec749e..1f8a21c 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
@@ -87,7 +87,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
SOAPMessage saaj,
WSSecHeader secHeader,
AssertionInfoMap aim,
- SoapMessage message) {
+ SoapMessage message) throws SOAPException {
super(config, binding, saaj, secHeader, aim, message);
this.tbinding = binding;
}
@@ -364,6 +364,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
encrKey.appendToHeader(secHeader);
WSSecDKSign dkSig = new WSSecDKSign(wssConfig);
+ dkSig.setCallbackLookup(callbackLookup);
if (wrapper.getToken().getVersion() == SPConstants.SPVersion.SP11) {
dkSig.setWscVersion(ConversationConstants.VERSION_05_02);
}
@@ -452,6 +453,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
) throws Exception {
//Do Signature with derived keys
WSSecDKSign dkSign = new WSSecDKSign(wssConfig);
+ dkSign.setCallbackLookup(callbackLookup);
AlgorithmSuite algorithmSuite = tbinding.getAlgorithmSuite();
//Setting the AttachedReference or the UnattachedReference according to the flag
@@ -501,6 +503,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
List<WSEncryptionPart> sigParts
) throws Exception {
WSSecSignature sig = new WSSecSignature(wssConfig);
+ sig.setCallbackLookup(callbackLookup);
//Setting the AttachedReference or the UnattachedReference according to the flag
Element ref;