You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cxf.apache.org by co...@apache.org on 2020/08/19 08:43:36 UTC

[cxf] branch master updated (a8fc2af -> dba634e)

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git.


    from a8fc2af  fixed Maven warning for duplicate junit dependency definition
     new f330a85  Switching SSLContext test to TLSv1.1
     new dba634e  CXF-8327 - UsernameTokenInterceptor doesn't set soap:actor

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java | 10 +++++++++-
 .../cxf/systest/https/ciphersuites/CipherSuitesTest.java       |  2 +-
 .../src/test/resources/org/apache/cxf/systest/ws/ut/client.xml |  1 +
 .../src/test/resources/org/apache/cxf/systest/ws/ut/server.xml |  3 ++-
 .../resources/org/apache/cxf/systest/ws/ut/stax-server.xml     |  3 ++-
 5 files changed, 15 insertions(+), 4 deletions(-)

[cxf] 02/02: CXF-8327 - UsernameTokenInterceptor doesn't set soap:actor

Posted by co...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git

commit dba634e03ff0d20d165ff1acf85c29cac0bac70e
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Aug 19 09:40:42 2020 +0100

    CXF-8327 - UsernameTokenInterceptor doesn't set soap:actor
---
 .../apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java | 10 +++++++++-
 .../src/test/resources/org/apache/cxf/systest/ws/ut/client.xml |  1 +
 .../src/test/resources/org/apache/cxf/systest/ws/ut/server.xml |  3 ++-
 .../resources/org/apache/cxf/systest/ws/ut/stax-server.xml     |  3 ++-
 4 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java
index 20a29a3..b39c84a 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java
@@ -149,12 +149,16 @@ public abstract class AbstractTokenInterceptor extends AbstractSoapInterceptor {
     }
 
     protected Header findSecurityHeader(SoapMessage message, boolean create) {
+        String actor = (String)message.getContextualProperty(SecurityConstants.ACTOR);
         for (Header h : message.getHeaders()) {
             QName n = h.getName();
             if ("Security".equals(n.getLocalPart())
                 && (n.getNamespaceURI().equals(WSS4JConstants.WSSE_NS)
                     || n.getNamespaceURI().equals(WSS4JConstants.WSSE11_NS))) {
-                return h;
+                String receivedActor = ((SoapHeader)h).getActor();
+                if (actor == null || actor.equalsIgnoreCase(receivedActor)) {
+                    return h;
+                }
             }
         }
         if (!create) {
@@ -163,8 +167,12 @@ public abstract class AbstractTokenInterceptor extends AbstractSoapInterceptor {
         Document doc = DOMUtils.getEmptyDocument();
         Element el = doc.createElementNS(WSS4JConstants.WSSE_NS, "wsse:Security");
         el.setAttributeNS(WSS4JConstants.XMLNS_NS, "xmlns:wsse", WSS4JConstants.WSSE_NS);
+
         SoapHeader sh = new SoapHeader(new QName(WSS4JConstants.WSSE_NS, "Security"), el);
         sh.setMustUnderstand(true);
+        if (actor != null && actor.length() > 0) {
+            sh.setActor(actor);
+        }
         message.getHeaders().add(sh);
         return sh;
     }
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/client.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/client.xml
index e60b8c3..97d416d 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/client.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/client.xml
@@ -54,6 +54,7 @@
         <jaxws:properties>
             <entry key="security.username" value="Alice"/>
             <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+            <entry key="ws-security.actor" value="recipient"/>
         </jaxws:properties>
     </jaxws:client>
     <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItPlaintextSupportingSP11Port" createdFromAPI="true">
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server.xml
index 5df02b9..a270add 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server.xml
@@ -63,6 +63,7 @@
     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="PlaintextSupporting" address="https://localhost:${testutil.ports.ut.Server}/DoubleItUTPlaintextSupporting" serviceName="s:DoubleItService" endpointName="s:DoubleItPlaintextSupportingPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUt.wsdl" depends-on="tls-settings">
         <jaxws:properties>
             <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+            <entry key="ws-security.actor" value="recipient"/>
         </jaxws:properties>
     </jaxws:endpoint>
     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="PlaintextSupportingSP11" address="https://localhost:${testutil.ports.ut.Server}/DoubleItUTPlaintextSupportingSP11" serviceName="s:DoubleItService" endpointName="s:DoubleItPlaintextSupportingSP11Port" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUt.wsdl" depends-on="tls-settings">
@@ -211,4 +212,4 @@
             <ref bean="authzInterceptor2"/>
         </jaxws:inInterceptors>
     </jaxws:endpoint>
-</beans>
\ No newline at end of file
+</beans>
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/stax-server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/stax-server.xml
index 971eb32..eac32ac 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/stax-server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/stax-server.xml
@@ -65,6 +65,7 @@
     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="PlaintextSupporting" address="https://localhost:${testutil.ports.ut.StaxServer}/DoubleItUTPlaintextSupporting" serviceName="s:DoubleItService" endpointName="s:DoubleItPlaintextSupportingPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUt.wsdl" depends-on="tls-settings">
         <jaxws:properties>
             <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+            <entry key="ws-security.actor" value="recipient"/>
             <entry key="ws-security.enable.streaming" value="true"/>
         </jaxws:properties>
     </jaxws:endpoint>
@@ -224,4 +225,4 @@
             <ref bean="authzInterceptor2"/>
         </jaxws:inInterceptors>
     </jaxws:endpoint>
-</beans>
\ No newline at end of file
+</beans>

[cxf] 01/02: Switching SSLContext test to TLSv1.1

Posted by co...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git

commit f330a85c8dd3ba07913badeb72f27dd41971973d
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Aug 19 08:11:18 2020 +0100

    Switching SSLContext test to TLSv1.1
---
 .../org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
index 3fee468..48f836d 100644
--- a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
@@ -535,7 +535,7 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
         TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
         tmf.init(ts);
 
-        SSLContext sslContext = SSLContext.getInstance("TLSv1");
+        SSLContext sslContext = SSLContext.getInstance("TLSv1.1");
         sslContext.init(null, tmf.getTrustManagers(), new java.security.SecureRandom());
 
         TLSClientParameters tlsParams = new TLSClientParameters();