You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2020/08/19 08:43:36 UTC
[cxf] branch master updated (a8fc2af -> dba634e)
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git.
from a8fc2af fixed Maven warning for duplicate junit dependency definition
new f330a85 Switching SSLContext test to TLSv1.1
new dba634e CXF-8327 - UsernameTokenInterceptor doesn't set soap:actor
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java | 10 +++++++++-
.../cxf/systest/https/ciphersuites/CipherSuitesTest.java | 2 +-
.../src/test/resources/org/apache/cxf/systest/ws/ut/client.xml | 1 +
.../src/test/resources/org/apache/cxf/systest/ws/ut/server.xml | 3 ++-
.../resources/org/apache/cxf/systest/ws/ut/stax-server.xml | 3 ++-
5 files changed, 15 insertions(+), 4 deletions(-)
[cxf] 02/02: CXF-8327 - UsernameTokenInterceptor doesn't set
soap:actor
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit dba634e03ff0d20d165ff1acf85c29cac0bac70e
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Aug 19 09:40:42 2020 +0100
CXF-8327 - UsernameTokenInterceptor doesn't set soap:actor
---
.../apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java | 10 +++++++++-
.../src/test/resources/org/apache/cxf/systest/ws/ut/client.xml | 1 +
.../src/test/resources/org/apache/cxf/systest/ws/ut/server.xml | 3 ++-
.../resources/org/apache/cxf/systest/ws/ut/stax-server.xml | 3 ++-
4 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java
index 20a29a3..b39c84a 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java
@@ -149,12 +149,16 @@ public abstract class AbstractTokenInterceptor extends AbstractSoapInterceptor {
}
protected Header findSecurityHeader(SoapMessage message, boolean create) {
+ String actor = (String)message.getContextualProperty(SecurityConstants.ACTOR);
for (Header h : message.getHeaders()) {
QName n = h.getName();
if ("Security".equals(n.getLocalPart())
&& (n.getNamespaceURI().equals(WSS4JConstants.WSSE_NS)
|| n.getNamespaceURI().equals(WSS4JConstants.WSSE11_NS))) {
- return h;
+ String receivedActor = ((SoapHeader)h).getActor();
+ if (actor == null || actor.equalsIgnoreCase(receivedActor)) {
+ return h;
+ }
}
}
if (!create) {
@@ -163,8 +167,12 @@ public abstract class AbstractTokenInterceptor extends AbstractSoapInterceptor {
Document doc = DOMUtils.getEmptyDocument();
Element el = doc.createElementNS(WSS4JConstants.WSSE_NS, "wsse:Security");
el.setAttributeNS(WSS4JConstants.XMLNS_NS, "xmlns:wsse", WSS4JConstants.WSSE_NS);
+
SoapHeader sh = new SoapHeader(new QName(WSS4JConstants.WSSE_NS, "Security"), el);
sh.setMustUnderstand(true);
+ if (actor != null && actor.length() > 0) {
+ sh.setActor(actor);
+ }
message.getHeaders().add(sh);
return sh;
}
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/client.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/client.xml
index e60b8c3..97d416d 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/client.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/client.xml
@@ -54,6 +54,7 @@
<jaxws:properties>
<entry key="security.username" value="Alice"/>
<entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.actor" value="recipient"/>
</jaxws:properties>
</jaxws:client>
<jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItPlaintextSupportingSP11Port" createdFromAPI="true">
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server.xml
index 5df02b9..a270add 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server.xml
@@ -63,6 +63,7 @@
<jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="PlaintextSupporting" address="https://localhost:${testutil.ports.ut.Server}/DoubleItUTPlaintextSupporting" serviceName="s:DoubleItService" endpointName="s:DoubleItPlaintextSupportingPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUt.wsdl" depends-on="tls-settings">
<jaxws:properties>
<entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.actor" value="recipient"/>
</jaxws:properties>
</jaxws:endpoint>
<jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="PlaintextSupportingSP11" address="https://localhost:${testutil.ports.ut.Server}/DoubleItUTPlaintextSupportingSP11" serviceName="s:DoubleItService" endpointName="s:DoubleItPlaintextSupportingSP11Port" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUt.wsdl" depends-on="tls-settings">
@@ -211,4 +212,4 @@
<ref bean="authzInterceptor2"/>
</jaxws:inInterceptors>
</jaxws:endpoint>
-</beans>
\ No newline at end of file
+</beans>
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/stax-server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/stax-server.xml
index 971eb32..eac32ac 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/stax-server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/stax-server.xml
@@ -65,6 +65,7 @@
<jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="PlaintextSupporting" address="https://localhost:${testutil.ports.ut.StaxServer}/DoubleItUTPlaintextSupporting" serviceName="s:DoubleItService" endpointName="s:DoubleItPlaintextSupportingPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUt.wsdl" depends-on="tls-settings">
<jaxws:properties>
<entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.actor" value="recipient"/>
<entry key="ws-security.enable.streaming" value="true"/>
</jaxws:properties>
</jaxws:endpoint>
@@ -224,4 +225,4 @@
<ref bean="authzInterceptor2"/>
</jaxws:inInterceptors>
</jaxws:endpoint>
-</beans>
\ No newline at end of file
+</beans>
[cxf] 01/02: Switching SSLContext test to TLSv1.1
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit f330a85c8dd3ba07913badeb72f27dd41971973d
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Aug 19 08:11:18 2020 +0100
Switching SSLContext test to TLSv1.1
---
.../org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
index 3fee468..48f836d 100644
--- a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
@@ -535,7 +535,7 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ts);
- SSLContext sslContext = SSLContext.getInstance("TLSv1");
+ SSLContext sslContext = SSLContext.getInstance("TLSv1.1");
sslContext.init(null, tmf.getTrustManagers(), new java.security.SecureRandom());
TLSClientParameters tlsParams = new TLSClientParameters();