You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by gi...@apache.org on 2013/07/11 19:42:53 UTC
svn commit: r1502295 -
/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyInputProcessor.java
Author: giger
Date: Thu Jul 11 17:42:53 2013
New Revision: 1502295
URL: http://svn.apache.org/r1502295
Log:
do not rely on soap:Envelope end element but use the doFinal() method for the final policy verification
Modified:
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyInputProcessor.java
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyInputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyInputProcessor.java?rev=1502295&r1=1502294&r2=1502295&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyInputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyInputProcessor.java Thu Jul 11 17:42:53 2013
@@ -30,7 +30,6 @@ import org.apache.wss4j.stax.securityEve
import org.apache.wss4j.stax.securityEvent.SignedPartSecurityEvent;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.*;
-import org.apache.xml.security.stax.ext.stax.XMLSecEndElement;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.ext.stax.XMLSecStartElement;
import org.apache.xml.security.stax.securityEvent.ContentEncryptedElementSecurityEvent;
@@ -115,18 +114,6 @@ public class PolicyInputProcessor extend
policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
}
break;
- case XMLStreamConstants.END_ELEMENT:
- XMLSecEndElement xmlSecEndElement = xmlSecEvent.asEndElement();
- //ns mismatch should be detected by the xml parser so a local-name equality check should be enough
- if (xmlSecEndElement.getDocumentLevel() == 1
- && xmlSecEvent.asEndElement().getName().getLocalPart().equals(WSSConstants.TAG_soap_Envelope_LocalName)) {
- try {
- policyEnforcer.doFinal();
- } catch (WSSPolicyException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
- }
- }
- break;
}
//if transport security is active, every element is encrypted/signed
@@ -156,6 +143,16 @@ public class PolicyInputProcessor extend
return xmlSecEvent;
}
+ @Override
+ public void doFinal(InputProcessorChain inputProcessorChain) throws XMLStreamException, XMLSecurityException {
+ try {
+ policyEnforcer.doFinal();
+ } catch (WSSPolicyException e) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
+ }
+ super.doFinal(inputProcessorChain);
+ }
+
private void testSignaturePolicy(XMLSecEvent xmlSecEvent, List<QName> elementPath) throws WSSecurityException {
if (xmlSecEvent.getEventType() == XMLStreamConstants.START_ELEMENT) {
final int documentLevel = elementPath.size();