You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2020/08/19 09:28:44 UTC
[cxf] 01/02: CXF-8327 - UsernameTokenInterceptor doesn't set
soap:actor
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.3.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit e316de56f9e3d881d847302810ef99a963a48588
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Aug 19 09:40:42 2020 +0100
CXF-8327 - UsernameTokenInterceptor doesn't set soap:actor
(cherry picked from commit dba634e03ff0d20d165ff1acf85c29cac0bac70e)
---
.../apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java | 10 +++++++++-
.../src/test/resources/org/apache/cxf/systest/ws/ut/client.xml | 1 +
.../src/test/resources/org/apache/cxf/systest/ws/ut/server.xml | 3 ++-
.../resources/org/apache/cxf/systest/ws/ut/stax-server.xml | 3 ++-
4 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java
index 632dbe9..ff89e51 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java
@@ -152,12 +152,16 @@ public abstract class AbstractTokenInterceptor extends AbstractSoapInterceptor {
}
protected Header findSecurityHeader(SoapMessage message, boolean create) {
+ String actor = (String)message.getContextualProperty(SecurityConstants.ACTOR);
for (Header h : message.getHeaders()) {
QName n = h.getName();
if ("Security".equals(n.getLocalPart())
&& (n.getNamespaceURI().equals(WSS4JConstants.WSSE_NS)
|| n.getNamespaceURI().equals(WSS4JConstants.WSSE11_NS))) {
- return h;
+ String receivedActor = ((SoapHeader)h).getActor();
+ if (actor == null || actor.equalsIgnoreCase(receivedActor)) {
+ return h;
+ }
}
}
if (!create) {
@@ -166,8 +170,12 @@ public abstract class AbstractTokenInterceptor extends AbstractSoapInterceptor {
Document doc = DOMUtils.getEmptyDocument();
Element el = doc.createElementNS(WSS4JConstants.WSSE_NS, "wsse:Security");
el.setAttributeNS(WSS4JConstants.XMLNS_NS, "xmlns:wsse", WSS4JConstants.WSSE_NS);
+
SoapHeader sh = new SoapHeader(new QName(WSS4JConstants.WSSE_NS, "Security"), el);
sh.setMustUnderstand(true);
+ if (actor != null && actor.length() > 0) {
+ sh.setActor(actor);
+ }
message.getHeaders().add(sh);
return sh;
}
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/client.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/client.xml
index e60b8c3..97d416d 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/client.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/client.xml
@@ -54,6 +54,7 @@
<jaxws:properties>
<entry key="security.username" value="Alice"/>
<entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.actor" value="recipient"/>
</jaxws:properties>
</jaxws:client>
<jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItPlaintextSupportingSP11Port" createdFromAPI="true">
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server.xml
index b0b2896..0b6ea2e 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server.xml
@@ -63,6 +63,7 @@
<jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="PlaintextSupporting" address="https://localhost:${testutil.ports.ut.Server}/DoubleItUTPlaintextSupporting" serviceName="s:DoubleItService" endpointName="s:DoubleItPlaintextSupportingPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUt.wsdl" depends-on="tls-settings">
<jaxws:properties>
<entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.actor" value="recipient"/>
</jaxws:properties>
</jaxws:endpoint>
<jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="PlaintextSupportingSP11" address="https://localhost:${testutil.ports.ut.Server}/DoubleItUTPlaintextSupportingSP11" serviceName="s:DoubleItService" endpointName="s:DoubleItPlaintextSupportingSP11Port" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUt.wsdl" depends-on="tls-settings">
@@ -211,4 +212,4 @@
<ref bean="authzInterceptor2"/>
</jaxws:inInterceptors>
</jaxws:endpoint>
-</beans>
\ No newline at end of file
+</beans>
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/stax-server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/stax-server.xml
index 4f4e7b5..aacc49b 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/stax-server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/stax-server.xml
@@ -65,6 +65,7 @@
<jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="PlaintextSupporting" address="https://localhost:${testutil.ports.ut.StaxServer}/DoubleItUTPlaintextSupporting" serviceName="s:DoubleItService" endpointName="s:DoubleItPlaintextSupportingPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUt.wsdl" depends-on="tls-settings">
<jaxws:properties>
<entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.actor" value="recipient"/>
<entry key="ws-security.enable.streaming" value="true"/>
</jaxws:properties>
</jaxws:endpoint>
@@ -224,4 +225,4 @@
<ref bean="authzInterceptor2"/>
</jaxws:inInterceptors>
</jaxws:endpoint>
-</beans>
\ No newline at end of file
+</beans>