You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2014/01/24 16:45:50 UTC
svn commit: r1561039 - in /cxf/trunk:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/
services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/binarysecurityt...
Author: coheigea
Date: Fri Jan 24 15:45:49 2014
New Revision: 1561039
URL: http://svn.apache.org/r1561039
Log:
Update following WSS4J change
Removed:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSPolicyException.java
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/binarysecuritytoken/BinarySecurityTokenTest.java
cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/usernametoken/UsernameTokenTest.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java?rev=1561039&r1=1561038&r2=1561039&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java Fri Jan 24 15:45:49 2014
@@ -53,6 +53,7 @@ import org.apache.cxf.ws.policy.Assertio
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.policy.EffectivePolicy;
import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.wss4j.common.WSSPolicyException;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.ext.WSSecurityException;
@@ -61,7 +62,6 @@ import org.apache.wss4j.dom.handler.WSHa
import org.apache.wss4j.policy.SP11Constants;
import org.apache.wss4j.policy.SP12Constants;
import org.apache.wss4j.policy.SPConstants;
-import org.apache.wss4j.policy.WSSPolicyException;
import org.apache.wss4j.policy.model.AlgorithmSuite;
import org.apache.wss4j.policy.stax.OperationPolicy;
import org.apache.wss4j.policy.stax.PolicyEnforcer;
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1561039&r1=1561038&r2=1561039&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java Fri Jan 24 15:45:49 2014
@@ -801,10 +801,7 @@ public class WSS4JInInterceptor extends
private SoapFault
createSoapFault(SoapVersion version, WSSecurityException e) {
SoapFault fault;
- String errorMessage = WSS4JUtils.getSafeExceptionMessage(e);
- if (errorMessage == null) {
- errorMessage = e.getMessage();
- }
+ String errorMessage = e.getSafeExceptionMessage();
javax.xml.namespace.QName faultCode = e.getFaultCode();
if (version.getVersion() == 1.1 && faultCode != null) {
fault = new SoapFault(errorMessage, e, faultCode);
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java?rev=1561039&r1=1561038&r2=1561039&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java Fri Jan 24 15:45:49 2014
@@ -45,11 +45,11 @@ import org.apache.cxf.ws.security.Securi
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.wss4j.common.ConfigurationConstants;
+import org.apache.wss4j.common.WSSPolicyException;
import org.apache.wss4j.common.cache.ReplayCache;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.policy.WSSPolicyException;
import org.apache.wss4j.stax.ConfigurationConverter;
import org.apache.wss4j.stax.WSSec;
import org.apache.wss4j.stax.ext.InboundWSSec;
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java?rev=1561039&r1=1561038&r2=1561039&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java Fri Jan 24 15:45:49 2014
@@ -40,9 +40,9 @@ import org.apache.cxf.phase.Phase;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.wss4j.common.ConfigurationConstants;
+import org.apache.wss4j.common.WSSPolicyException;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.policy.WSSPolicyException;
import org.apache.wss4j.stax.ConfigurationConverter;
import org.apache.wss4j.stax.WSSec;
import org.apache.wss4j.stax.ext.OutboundWSSec;
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java?rev=1561039&r1=1561038&r2=1561039&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java Fri Jan 24 15:45:49 2014
@@ -24,7 +24,6 @@ import java.security.Key;
import java.util.Date;
import javax.crypto.SecretKey;
-import javax.xml.namespace.QName;
import org.apache.cxf.Bus;
import org.apache.cxf.binding.soap.SoapMessage;
@@ -41,8 +40,6 @@ import org.apache.cxf.ws.security.tokens
import org.apache.cxf.ws.security.tokenstore.TokenStoreFactory;
import org.apache.wss4j.common.cache.ReplayCache;
import org.apache.wss4j.common.cache.ReplayCacheFactory;
-import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.xml.security.exceptions.XMLSecurityException;
@@ -53,21 +50,6 @@ import org.apache.xml.security.exception
*/
public final class WSS4JUtils {
- // FAULT error messages
- public static final String UNSUPPORTED_TOKEN_ERR = "An unsupported token was provided";
- public static final String UNSUPPORTED_ALGORITHM_ERR =
- "An unsupported signature or encryption algorithm was used";
- public static final String INVALID_SECURITY_ERR =
- "An error was discovered processing the <wsse:Security> header.";
- public static final String INVALID_SECURITY_TOKEN_ERR =
- "An invalid security token was provided";
- public static final String FAILED_AUTHENTICATION_ERR =
- "The security token could not be authenticated or authorized";
- public static final String FAILED_CHECK_ERR = "The signature or decryption was invalid";
- public static final String SECURITY_TOKEN_UNAVAILABLE_ERR =
- "Referenced security token could not be retrieved";
- public static final String MESSAGE_EXPIRED_ERR = "The message has expired";
-
private WSS4JUtils() {
// complete
}
@@ -231,40 +213,4 @@ public final class WSS4JUtils {
}
- /**
- * Map a WSSecurityException FaultCode to a standard error String, so as not to leak
- * internal configuration to an attacker.
- */
- public static String getSafeExceptionMessage(WSSecurityException ex) {
- // Allow a Replay Attack message to be returned, otherwise it could be confusing
- // for clients who don't understand the default caching functionality of WSS4J/CXF
- if (ex.getMessage() != null && ex.getMessage().contains("replay attack")) {
- return ex.getMessage();
- }
-
- String errorMessage = null;
- QName faultCode = ex.getFaultCode();
- if (WSConstants.UNSUPPORTED_SECURITY_TOKEN.equals(faultCode)) {
- errorMessage = UNSUPPORTED_TOKEN_ERR;
- } else if (WSConstants.UNSUPPORTED_ALGORITHM.equals(faultCode)) {
- errorMessage = UNSUPPORTED_ALGORITHM_ERR;
- } else if (WSConstants.INVALID_SECURITY.equals(faultCode)) {
- errorMessage = INVALID_SECURITY_ERR;
- } else if (WSConstants.INVALID_SECURITY_TOKEN.equals(faultCode)) {
- errorMessage = INVALID_SECURITY_TOKEN_ERR;
- } else if (WSConstants.FAILED_AUTHENTICATION.equals(faultCode)) {
- errorMessage = FAILED_AUTHENTICATION_ERR;
- } else if (WSConstants.FAILED_CHECK.equals(faultCode)) {
- errorMessage = FAILED_CHECK_ERR;
- } else if (WSConstants.SECURITY_TOKEN_UNAVAILABLE.equals(faultCode)) {
- errorMessage = SECURITY_TOKEN_UNAVAILABLE_ERR;
- } else if (WSConstants.MESSAGE_EXPIRED.equals(faultCode)) {
- errorMessage = MESSAGE_EXPIRED_ERR;
- } else {
- // Default
- errorMessage = INVALID_SECURITY_ERR;
- }
- return errorMessage;
-
- }
}
Modified: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/binarysecuritytoken/BinarySecurityTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/binarysecuritytoken/BinarySecurityTokenTest.java?rev=1561039&r1=1561038&r2=1561039&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/binarysecuritytoken/BinarySecurityTokenTest.java (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/binarysecuritytoken/BinarySecurityTokenTest.java Fri Jan 24 15:45:49 2014
@@ -159,7 +159,7 @@ public class BinarySecurityTokenTest ext
String message = fault.getMessage();
assertTrue(message.contains("STS Authentication failed")
|| message.contains("Validation of security token failed")
- || message.contains("PolicyViolationException"));
+ || message.contains("The security token could not be authenticated or authorized"));
}
((java.io.Closeable)asymmetricBSTPort).close();
Modified: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/usernametoken/UsernameTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/usernametoken/UsernameTokenTest.java?rev=1561039&r1=1561038&r2=1561039&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/usernametoken/UsernameTokenTest.java (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/usernametoken/UsernameTokenTest.java Fri Jan 24 15:45:49 2014
@@ -158,7 +158,7 @@ public class UsernameTokenTest extends A
String message = fault.getMessage();
assertTrue(message.contains("STS Authentication failed")
|| message.contains("Validation of security token failed")
- || message.contains("PolicyViolationException"));
+ || message.contains("The security token could not be authenticated or authorized"));
}
((java.io.Closeable)transportUTPort).close();