You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2016/01/07 11:54:48 UTC
svn commit: r1723510 - in /webservices/wss4j/branches/2_1_x-fixes:
build-tools/src/main/resources/
ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/
Author: coheigea
Date: Thu Jan 7 10:54:48 2016
New Revision: 1723510
URL: http://svn.apache.org/viewvc?rev=1723510&view=rev
Log:
More WSS4J checkstyle work
Modified:
webservices/wss4j/branches/2_1_x-fixes/build-tools/src/main/resources/wss4j-checkstyle.xml
webservices/wss4j/branches/2_1_x-fixes/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyEnforcer.java
webservices/wss4j/branches/2_1_x-fixes/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyEnforcerFactory.java
webservices/wss4j/branches/2_1_x-fixes/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyInputProcessor.java
Modified: webservices/wss4j/branches/2_1_x-fixes/build-tools/src/main/resources/wss4j-checkstyle.xml
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/build-tools/src/main/resources/wss4j-checkstyle.xml?rev=1723510&r1=1723509&r2=1723510&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/build-tools/src/main/resources/wss4j-checkstyle.xml (original)
+++ webservices/wss4j/branches/2_1_x-fixes/build-tools/src/main/resources/wss4j-checkstyle.xml Thu Jan 7 10:54:48 2016
@@ -74,7 +74,7 @@
<!-- Checks for Size Violations. -->
<!-- See http://checkstyle.sf.net/config_sizes.html -->
<module name="LineLength">
- <property name="max" value="120"/>
+ <property name="max" value="140"/>
<property name="ignorePattern" value="^ *\* *"/>
</module>
<module name="MethodLength">
Modified: webservices/wss4j/branches/2_1_x-fixes/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyEnforcer.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyEnforcer.java?rev=1723510&r1=1723509&r2=1723510&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyEnforcer.java (original)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyEnforcer.java Thu Jan 7 10:54:48 2016
@@ -150,7 +150,8 @@ public class PolicyEnforcer implements S
}
public PolicyEnforcer(List<OperationPolicy> operationPolicies, String soapAction, boolean initiator,
- String actorOrRole, int attachmentCount, PolicyAsserter policyAsserter) throws WSSPolicyException {
+ String actorOrRole, int attachmentCount, PolicyAsserter policyAsserter
+ ) throws WSSPolicyException {
this.operationPolicies = operationPolicies;
this.initiator = initiator;
this.actorOrRole = actorOrRole;
@@ -183,7 +184,8 @@ public class PolicyEnforcer implements S
return null;
}
- private OperationPolicy findPolicyBySOAPOperationName(List<OperationPolicy> operationPolicies, QName soapOperationName) {
+ private OperationPolicy findPolicyBySOAPOperationName(List<OperationPolicy> operationPolicies,
+ QName soapOperationName) {
Iterator<OperationPolicy> operationPolicyIterator = operationPolicies.iterator();
OperationPolicy noNamespaceOperation = null;
@@ -208,7 +210,8 @@ public class PolicyEnforcer implements S
*/
private void buildAssertionStateMap(
PolicyComponent policyComponent,
- List<Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>> assertionStateMap) throws WSSPolicyException {
+ List<Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>> assertionStateMap
+ ) throws WSSPolicyException {
if (policyComponent instanceof PolicyOperator) {
PolicyOperator policyOperator = (PolicyOperator) policyComponent;
List<PolicyComponent> policyComponents = policyOperator.getPolicyComponents();
@@ -217,20 +220,25 @@ public class PolicyEnforcer implements S
while (policyComponentIterator.hasNext()) {
PolicyComponent curPolicyComponent = policyComponentIterator.next();
if (policyOperator instanceof ExactlyOne) {
- assertionStateMap.add(new HashMap<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>());
+ assertionStateMap.add(new HashMap<SecurityEventConstants.Event,
+ Map<Assertion, List<Assertable>>>());
buildAssertionStateMap(curPolicyComponent, assertionStateMap, alternative++);
} else {
buildAssertionStateMap(curPolicyComponent, assertionStateMap);
}
}
} else {
- throw new WSSPolicyException("Invalid PolicyComponent: " + policyComponent + " " + policyComponent.getType());
+ throw new WSSPolicyException("Invalid PolicyComponent: " + policyComponent
+ + " " + policyComponent.getType());
}
}
private void buildAssertionStateMap(
PolicyComponent policyComponent,
- List<Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>> assertionStateMap, int alternative) throws WSSPolicyException {
+ List<Map<SecurityEventConstants.Event,
+ Map<Assertion, List<Assertable>>>> assertionStateMap,
+ int alternative
+ ) throws WSSPolicyException {
if (policyComponent instanceof PolicyOperator) {
PolicyOperator policyOperator = (PolicyOperator) policyComponent;
List<PolicyComponent> policyComponents = policyOperator.getPolicyComponents();
@@ -246,7 +254,8 @@ public class PolicyEnforcer implements S
Iterator<Assertable> assertableIterator = assertablesList.iterator();
while (assertableIterator.hasNext()) {
Assertable assertable = assertableIterator.next();
- final Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>> map = assertionStateMap.get(alternative);
+ final Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>> map =
+ assertionStateMap.get(alternative);
final SecurityEventConstants.Event[] securityEventType = assertable.getSecurityEventType();
for (int j = 0; j < securityEventType.length; j++) {
SecurityEventConstants.Event event = securityEventType[j];
@@ -259,14 +268,18 @@ public class PolicyEnforcer implements S
}
}
if (abstractSecurityAssertion instanceof PolicyContainingAssertion) {
- buildAssertionStateMap(((PolicyContainingAssertion) abstractSecurityAssertion).getPolicy(), assertionStateMap, alternative);
+ buildAssertionStateMap(((PolicyContainingAssertion) abstractSecurityAssertion).getPolicy(),
+ assertionStateMap, alternative);
}
} else if (!(policyComponent instanceof PrimitiveAssertion)) {
- throw new WSSPolicyException("Unsupported PolicyComponent: " + policyComponent + " type: " + policyComponent.getType());
+ throw new WSSPolicyException("Unsupported PolicyComponent: " + policyComponent
+ + " type: " + policyComponent.getType());
}
}
- private void addAssertionState(Map<Assertion, List<Assertable>> assertables, Assertion keyAssertion, Assertable assertable) {
+ private void addAssertionState(Map<Assertion, List<Assertable>> assertables,
+ Assertion keyAssertion,
+ Assertable assertable) {
List<Assertable> assertableList = assertables.get(keyAssertion);
if (assertableList == null) {
assertableList = new LinkedList<>();
@@ -274,41 +287,50 @@ public class PolicyEnforcer implements S
}
assertableList.add(assertable);
}
+
+ // Don't return a Token that is not required
+ private boolean isTokenRequired(AbstractToken token) {
+ SPConstants.IncludeTokenType includeTokenType = token.getIncludeTokenType();
+ if (includeTokenType == IncludeTokenType.INCLUDE_TOKEN_NEVER) {
+ return false;
+ } else if (initiator && includeTokenType == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT) {
+ return false;
+ } else if (initiator && includeTokenType == IncludeTokenType.INCLUDE_TOKEN_ONCE) {
+ return false;
+ } else if (!initiator && includeTokenType == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR) {
+ return false;
+ }
+ return true;
+ }
- protected List<Assertable> getAssertableForAssertion(AbstractSecurityAssertion abstractSecurityAssertion) throws WSSPolicyException {
+ protected List<Assertable> getAssertableForAssertion(AbstractSecurityAssertion abstractSecurityAssertion)
+ throws WSSPolicyException {
List<Assertable> assertableList = new LinkedList<>();
boolean tokenRequired = true;
if (abstractSecurityAssertion instanceof AbstractToken) {
- // Don't return a Token that is not required
- SPConstants.IncludeTokenType includeTokenType =
- ((AbstractToken)abstractSecurityAssertion).getIncludeTokenType();
- if (includeTokenType == IncludeTokenType.INCLUDE_TOKEN_NEVER) {
- tokenRequired = false;
- } else if (initiator && includeTokenType == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT) {
- tokenRequired = false;
- } else if (initiator && includeTokenType == IncludeTokenType.INCLUDE_TOKEN_ONCE) {
- tokenRequired = false;
- } else if (!initiator && includeTokenType == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR) {
- tokenRequired = false;
- }
+ tokenRequired = isTokenRequired((AbstractToken)abstractSecurityAssertion);
}
if (abstractSecurityAssertion instanceof ContentEncryptedElements) {
- //initialized with asserted=true because it could be that parent elements are encrypted and therefore these element are also encrypted
- //the test if it is really encrypted is done via the PolicyInputProcessor which emits EncryptedElementEvents for unencrypted elements with the unencrypted flag
+ // initialized with asserted=true because it could be that parent elements are encrypted and
+ // therefore these element are also encrypted
+ // the test if it is really encrypted is done via the PolicyInputProcessor which emits
+ // EncryptedElementEvents for unencrypted elements with the unencrypted flag
assertableList.add(new ContentEncryptedElementsAssertionState(abstractSecurityAssertion, policyAsserter, true));
} else if (abstractSecurityAssertion instanceof EncryptedParts) {
- //initialized with asserted=true with the same reason as by the EncryptedParts above
+ // initialized with asserted=true with the same reason as by the EncryptedParts above
assertableList.add(new EncryptedPartsAssertionState(abstractSecurityAssertion, policyAsserter, true, attachmentCount));
} else if (abstractSecurityAssertion instanceof EncryptedElements) {
- //initialized with asserted=true with the same reason as by the EncryptedParts above
+ // initialized with asserted=true with the same reason as by the EncryptedParts above
assertableList.add(new EncryptedElementsAssertionState(abstractSecurityAssertion, policyAsserter, true));
} else if (abstractSecurityAssertion instanceof SignedParts) {
- //initialized with asserted=true because it could be that parent elements are signed and therefore these element are also signed
- //the test if it is really signed is done via the PolicyInputProcessor which emits SignedElementEvents for unsigned elements with the unsigned flag
+ // initialized with asserted=true because it could be that parent elements are signed and
+ // therefore these element are also signed
+ // the test if it is really signed is done via the PolicyInputProcessor which emits SignedElementEvents for
+ // unsigned elements with the unsigned flag
assertableList.add(new SignedPartsAssertionState(abstractSecurityAssertion, policyAsserter, true, attachmentCount));
} else if (abstractSecurityAssertion instanceof SignedElements) {
- //initialized with asserted=true with the same reason as by the SignedParts above
+ // initialized with asserted=true with the same reason as by the SignedParts above
assertableList.add(new SignedElementsAssertionState(abstractSecurityAssertion, policyAsserter, true));
} else if (abstractSecurityAssertion instanceof RequiredElements) {
assertableList.add(new RequiredElementsAssertionState(abstractSecurityAssertion, policyAsserter, false));
@@ -325,9 +347,11 @@ public class PolicyEnforcer implements S
} else if (abstractSecurityAssertion instanceof SpnegoContextToken) {
assertableList.add(new SpnegoContextTokenAssertionState(abstractSecurityAssertion, !tokenRequired, policyAsserter, initiator));
} else if (abstractSecurityAssertion instanceof SecureConversationToken) {
- assertableList.add(new SecureConversationTokenAssertionState(abstractSecurityAssertion, !tokenRequired, policyAsserter, initiator));
+ assertableList.add(new SecureConversationTokenAssertionState(abstractSecurityAssertion, !tokenRequired,
+ policyAsserter, initiator));
} else if (abstractSecurityAssertion instanceof SecurityContextToken) {
- assertableList.add(new SecurityContextTokenAssertionState(abstractSecurityAssertion, !tokenRequired, policyAsserter, initiator));
+ assertableList.add(new SecurityContextTokenAssertionState(abstractSecurityAssertion, !tokenRequired,
+ policyAsserter, initiator));
} else if (abstractSecurityAssertion instanceof SamlToken) {
assertableList.add(new SamlTokenAssertionState(abstractSecurityAssertion, !tokenRequired, policyAsserter, initiator));
} else if (abstractSecurityAssertion instanceof RelToken) {
@@ -338,12 +362,9 @@ public class PolicyEnforcer implements S
} else if (abstractSecurityAssertion instanceof KeyValueToken) {
assertableList.add(new KeyValueTokenAssertionState(abstractSecurityAssertion, !tokenRequired, policyAsserter, initiator));
} else if (abstractSecurityAssertion instanceof AlgorithmSuite) {
- //initialized with asserted=true because we do negative matching
+ // initialized with asserted=true because we do negative matching
assertableList.add(new AlgorithmSuiteAssertionState(abstractSecurityAssertion, policyAsserter, true));
- } /*else if (abstractSecurityAssertion instanceof AsymmetricBinding) {
- } else if (abstractSecurityAssertion instanceof SymmetricBinding) {
- } else if (abstractSecurityAssertion instanceof TransportBinding) {
- } */ else if (abstractSecurityAssertion instanceof Layout) {
+ } else if (abstractSecurityAssertion instanceof Layout) {
//assertableList.add(new LayoutAssertionState(abstractSecurityAssertion, true));
String namespace = abstractSecurityAssertion.getName().getNamespaceURI();
policyAsserter.assertPolicy(new QName(namespace, SPConstants.LAYOUT_LAX));
@@ -351,17 +372,18 @@ public class PolicyEnforcer implements S
policyAsserter.assertPolicy(new QName(namespace, SPConstants.LAYOUT_LAX_TIMESTAMP_LAST));
policyAsserter.assertPolicy(new QName(namespace, SPConstants.LAYOUT_STRICT));
policyAsserter.assertPolicy(abstractSecurityAssertion);
- }
- else if (abstractSecurityAssertion instanceof AbstractBinding) {
+ } else if (abstractSecurityAssertion instanceof AbstractBinding) {
policyAsserter.assertPolicy(abstractSecurityAssertion);
AbstractBinding abstractBinding = (AbstractBinding) abstractSecurityAssertion;
if (abstractBinding instanceof AbstractSymmetricAsymmetricBinding) {
- AbstractSymmetricAsymmetricBinding abstractSymmetricAsymmetricBinding = (AbstractSymmetricAsymmetricBinding) abstractSecurityAssertion;
+ AbstractSymmetricAsymmetricBinding abstractSymmetricAsymmetricBinding =
+ (AbstractSymmetricAsymmetricBinding) abstractSecurityAssertion;
assertableList.add(new ProtectionOrderAssertionState(abstractSymmetricAsymmetricBinding, policyAsserter, true));
assertableList.add(new SignatureProtectionAssertionState(abstractSymmetricAsymmetricBinding, policyAsserter, true));
if (abstractSymmetricAsymmetricBinding.isOnlySignEntireHeadersAndBody()) {
//initialized with asserted=true because we do negative matching
- assertableList.add(new OnlySignEntireHeadersAndBodyAssertionState(abstractSecurityAssertion, policyAsserter, true, actorOrRole));
+ assertableList.add(new OnlySignEntireHeadersAndBodyAssertionState(abstractSecurityAssertion, policyAsserter,
+ true, actorOrRole));
}
assertableList.add(new TokenProtectionAssertionState(abstractSecurityAssertion, policyAsserter, true));
}
@@ -456,7 +478,8 @@ public class PolicyEnforcer implements S
policyAsserter.assertPolicy(new QName(namespace, SPConstants.REQUIRE_APPLIES_TO));
}
if (trust13.isRequireRequestSecurityTokenCollection()) {
- policyAsserter.assertPolicy(new QName(namespace, SPConstants.REQUIRE_REQUEST_SECURITY_TOKEN_COLLECTION));
+ policyAsserter.assertPolicy(new QName(namespace,
+ SPConstants.REQUIRE_REQUEST_SECURITY_TOKEN_COLLECTION));
}
if (trust13.isScopePolicy15()) {
policyAsserter.assertPolicy(new QName(namespace, SPConstants.SCOPE_POLICY_15));
@@ -465,6 +488,11 @@ public class PolicyEnforcer implements S
} else {
policyAsserter.assertPolicy(abstractSecurityAssertion);
}
+
+ /*else if (abstractSecurityAssertion instanceof AsymmetricBinding) {
+ } else if (abstractSecurityAssertion instanceof SymmetricBinding) {
+ } else if (abstractSecurityAssertion instanceof TransportBinding) {
+ } */
return assertableList;
}
@@ -476,25 +504,29 @@ public class PolicyEnforcer implements S
* @throws WSSPolicyException
*/
private void verifyPolicy(SecurityEvent securityEvent) throws WSSPolicyException, XMLSecurityException {
- {
- //We have to check the failed assertions for logging purposes firstly...
- if (!this.failedAssertionStateMap.isEmpty()) {
- Iterator<Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>> assertionStateMapIterator = this.failedAssertionStateMap.iterator();
- alternative:
+ // We have to check the failed assertions for logging purposes firstly...
+ if (!this.failedAssertionStateMap.isEmpty()) {
+ Iterator<Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>> assertionStateMapIterator =
+ this.failedAssertionStateMap.iterator();
+ alternative:
while (assertionStateMapIterator.hasNext()) {
- Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>> map = assertionStateMapIterator.next();
- //every list entry counts as an alternative...
+ Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>> map =
+ assertionStateMapIterator.next();
+ // every list entry counts as an alternative...
Map<Assertion, List<Assertable>> assertionListMap = map.get(securityEvent.getSecurityEventType());
if (assertionListMap != null && assertionListMap.size() > 0) {
- Iterator<Map.Entry<Assertion, List<Assertable>>> assertionStateIterator = assertionListMap.entrySet().iterator();
+ Iterator<Map.Entry<Assertion, List<Assertable>>> assertionStateIterator =
+ assertionListMap.entrySet().iterator();
while (assertionStateIterator.hasNext()) {
- Map.Entry<Assertion, List<Assertable>> assertionStateEntry = assertionStateIterator.next();
+ Map.Entry<Assertion, List<Assertable>> assertionStateEntry =
+ assertionStateIterator.next();
List<Assertable> assertionStates = assertionStateEntry.getValue();
Iterator<Assertable> assertableIterator = assertionStates.iterator();
while (assertableIterator.hasNext()) {
Assertable assertable = assertableIterator.next();
boolean asserted = assertable.assertEvent(securityEvent);
- //...so if one fails, continue with the next map entry and increment the notAssertedCount
+ // ...so if one fails, continue with the next map entry and
+ // increment the notAssertedCount
if (!asserted) {
continue alternative;
}
@@ -502,20 +534,21 @@ public class PolicyEnforcer implements S
}
}
}
- }
}
String assertionMessage = null;
- {
- //...and then check the remaining alternatives
- Iterator<Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>> assertionStateMapIterator = this.assertionStateMap.iterator();
- //every map entry counts as an alternative...
- alternative:
+ //...and then check the remaining alternatives
+ Iterator<Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>> assertionStateMapIterator =
+ this.assertionStateMap.iterator();
+ //every map entry counts as an alternative...
+ alternative:
while (assertionStateMapIterator.hasNext()) {
- Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>> map = assertionStateMapIterator.next();
+ Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>> map =
+ assertionStateMapIterator.next();
Map<Assertion, List<Assertable>> assertionListMap = map.get(securityEvent.getSecurityEventType());
if (assertionListMap != null && assertionListMap.size() > 0) {
- Iterator<Map.Entry<Assertion, List<Assertable>>> assertionStateIterator = assertionListMap.entrySet().iterator();
+ Iterator<Map.Entry<Assertion, List<Assertable>>> assertionStateIterator =
+ assertionListMap.entrySet().iterator();
while (assertionStateIterator.hasNext()) {
Map.Entry<Assertion, List<Assertable>> assertionStateEntry = assertionStateIterator.next();
List<Assertable> assertionStates = assertionStateEntry.getValue();
@@ -534,7 +567,6 @@ public class PolicyEnforcer implements S
}
}
}
- }
//if the assertionStateMap is empty (the size of the list is equal to the alternatives)
//then we could not satisfy any alternative
if (assertionStateMap.isEmpty() && !(faultOccurred && noSecurityHeader && initiator)) {
@@ -547,18 +579,23 @@ public class PolicyEnforcer implements S
* verifies the whole policy to try to find a satisfied alternative
*
* @throws WSSPolicyException throws when the policy is invalid
- * @throws PolicyViolationException thrown when no alternative could be satisifed
+ * @throws PolicyViolationException thrown when no alternative could be satisfied
*/
private void verifyPolicy() throws WSSPolicyException {
String assertionMessage = null;
- Iterator<Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>> assertionStateMapIterator = this.assertionStateMap.iterator();
+ Iterator<Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>> assertionStateMapIterator =
+ this.assertionStateMap.iterator();
alternative:
while (assertionStateMapIterator.hasNext()) {
- Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>> map = assertionStateMapIterator.next();
- Iterator<Map.Entry<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>> iterator = map.entrySet().iterator();
+ Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>> map =
+ assertionStateMapIterator.next();
+ Iterator<Map.Entry<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>> iterator =
+ map.entrySet().iterator();
while (iterator.hasNext()) {
- Map.Entry<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>> mapEntry = iterator.next();
- Iterator<Map.Entry<Assertion, List<Assertable>>> assertionStateIterator = mapEntry.getValue().entrySet().iterator();
+ Map.Entry<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>> mapEntry =
+ iterator.next();
+ Iterator<Map.Entry<Assertion, List<Assertable>>> assertionStateIterator =
+ mapEntry.getValue().entrySet().iterator();
while (assertionStateIterator.hasNext()) {
Map.Entry<Assertion, List<Assertable>> assertionListEntry = assertionStateIterator.next();
List<Assertable> assertableList = assertionListEntry.getValue();
@@ -590,14 +627,19 @@ public class PolicyEnforcer implements S
*/
private void verifyPolicyAfterOperationSecurityEvent() throws WSSPolicyException {
String assertionMessage = null;
- Iterator<Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>> assertionStateMapIterator = this.assertionStateMap.iterator();
+ Iterator<Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>> assertionStateMapIterator =
+ this.assertionStateMap.iterator();
alternative:
while (assertionStateMapIterator.hasNext()) {
- Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>> map = assertionStateMapIterator.next();
- Iterator<Map.Entry<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>> iterator = map.entrySet().iterator();
+ Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>> map =
+ assertionStateMapIterator.next();
+ Iterator<Map.Entry<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>> iterator =
+ map.entrySet().iterator();
while (iterator.hasNext()) {
- Map.Entry<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>> mapEntry = iterator.next();
- Iterator<Map.Entry<Assertion, List<Assertable>>> assertionStateIterator = mapEntry.getValue().entrySet().iterator();
+ Map.Entry<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>> mapEntry =
+ iterator.next();
+ Iterator<Map.Entry<Assertion, List<Assertable>>> assertionStateIterator =
+ mapEntry.getValue().entrySet().iterator();
while (assertionStateIterator.hasNext()) {
Map.Entry<Assertion, List<Assertable>> assertionListEntry = assertionStateIterator.next();
List<Assertable> assertableList = assertionListEntry.getValue();
@@ -611,19 +653,19 @@ public class PolicyEnforcer implements S
AbstractToken abstractToken = (AbstractToken) tokenAssertionState.getAssertion();
AbstractSecurityAssertion assertion = abstractToken.getParentAssertion();
//Other tokens may not be resolved yet fully therefore we skip it here
- if (assertion instanceof SupportingTokens ||
- assertable instanceof HttpsTokenAssertionState ||
- assertable instanceof RelTokenAssertionState ||
- assertable instanceof SecurityContextTokenAssertionState ||
- assertable instanceof SpnegoContextTokenAssertionState ||
- assertable instanceof UsernameTokenAssertionState) {
+ if (assertion instanceof SupportingTokens
+ || assertable instanceof HttpsTokenAssertionState
+ || assertable instanceof RelTokenAssertionState
+ || assertable instanceof SecurityContextTokenAssertionState
+ || assertable instanceof SpnegoContextTokenAssertionState
+ || assertable instanceof UsernameTokenAssertionState) {
doAssert = true;
}
- } else if (assertable instanceof TokenProtectionAssertionState ||
- assertable instanceof SignatureConfirmationAssertionState ||
- assertable instanceof IncludeTimeStampAssertionState ||
- assertable instanceof RequiredPartsAssertionState ||
- assertable instanceof SignatureProtectionAssertionState) {
+ } else if (assertable instanceof TokenProtectionAssertionState
+ || assertable instanceof SignatureConfirmationAssertionState
+ || assertable instanceof IncludeTimeStampAssertionState
+ || assertable instanceof RequiredPartsAssertionState
+ || assertable instanceof SignatureProtectionAssertionState) {
doAssert = true;
}
@@ -648,15 +690,20 @@ public class PolicyEnforcer implements S
return;
}
- Iterator<Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>> assertionStateMapIterator = this.failedAssertionStateMap.iterator();
+ Iterator<Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>> assertionStateMapIterator =
+ this.failedAssertionStateMap.iterator();
while (assertionStateMapIterator.hasNext()) {
- Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>> map = assertionStateMapIterator.next();
+ Map<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>> map =
+ assertionStateMapIterator.next();
Set<Map.Entry<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>> entrySet = map.entrySet();
- Iterator<Map.Entry<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>> entryIterator = entrySet.iterator();
+ Iterator<Map.Entry<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>>> entryIterator =
+ entrySet.iterator();
while (entryIterator.hasNext()) {
- Map.Entry<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>> eventCollectionEntry = entryIterator.next();
+ Map.Entry<SecurityEventConstants.Event, Map<Assertion, List<Assertable>>> eventCollectionEntry =
+ entryIterator.next();
Map<Assertion, List<Assertable>> assertionListMap = eventCollectionEntry.getValue();
- Iterator<Map.Entry<Assertion, List<Assertable>>> assertionStateEntryIterator = assertionListMap.entrySet().iterator();
+ Iterator<Map.Entry<Assertion, List<Assertable>>> assertionStateEntryIterator =
+ assertionListMap.entrySet().iterator();
while (assertionStateEntryIterator.hasNext()) {
Map.Entry<Assertion, List<Assertable>> entry = assertionStateEntryIterator.next();
List<Assertable> assertionStates = entry.getValue();
@@ -698,7 +745,8 @@ public class PolicyEnforcer implements S
}
if (effectivePolicy == null) {
- effectivePolicy = findPolicyBySOAPOperationName(operationPolicies, operationSecurityEvent.getOperation());
+ effectivePolicy = findPolicyBySOAPOperationName(operationPolicies,
+ operationSecurityEvent.getOperation());
if (effectivePolicy == null) {
//no policy to the operation given
effectivePolicy = new OperationPolicy(new QName(null, "NoPolicyFoundForOperation"));
Modified: webservices/wss4j/branches/2_1_x-fixes/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyEnforcerFactory.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyEnforcerFactory.java?rev=1723510&r1=1723509&r2=1723510&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyEnforcerFactory.java (original)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyEnforcerFactory.java Thu Jan 7 10:54:48 2016
@@ -98,7 +98,7 @@ import org.w3c.dom.NodeList;
*/
public class PolicyEnforcerFactory {
- protected static final transient org.slf4j.Logger log =
+ protected static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(PolicyEnforcerFactory.class);
private final List<AssertionBuilder<Element>> assertionBuilders;
@@ -107,7 +107,7 @@ public class PolicyEnforcerFactory {
private List<OperationPolicy> operationPolicies;
private final Map<Element, Policy> elementPolicyCache;
- private PolicyEnforcerFactory(List<AssertionBuilder<Element>> customAssertionBuilders) {
+ protected PolicyEnforcerFactory(List<AssertionBuilder<Element>> customAssertionBuilders) {
elementPolicyCache = new HashMap<>();
assertionBuilders = new ArrayList<>();
@@ -163,7 +163,8 @@ public class PolicyEnforcerFactory {
return newInstance(wsdlUrl, null);
}
- public static PolicyEnforcerFactory newInstance(URL wsdlUrl, List<AssertionBuilder<Element>> customAssertionBuilders)
+ public static PolicyEnforcerFactory newInstance(URL wsdlUrl,
+ List<AssertionBuilder<Element>> customAssertionBuilders)
throws WSSPolicyException {
PolicyEnforcerFactory policyEnforcerFactory = new PolicyEnforcerFactory(customAssertionBuilders);
@@ -175,7 +176,8 @@ public class PolicyEnforcerFactory {
return newInstance(document, null);
}
- public static PolicyEnforcerFactory newInstance(Document document, List<AssertionBuilder<Element>> customAssertionBuilders)
+ public static PolicyEnforcerFactory newInstance(Document document,
+ List<AssertionBuilder<Element>> customAssertionBuilders)
throws WSSPolicyException {
PolicyEnforcerFactory policyEnforcerFactory = new PolicyEnforcerFactory(customAssertionBuilders);
@@ -262,7 +264,8 @@ public class PolicyEnforcerFactory {
return operationPolicyList;
}
- private Policy getPolicy(Service service, Port port, Binding binding, BindingOperation bindingOperation, Operation operation) throws WSSPolicyException {
+ private Policy getPolicy(Service service, Port port, Binding binding,
+ BindingOperation bindingOperation, Operation operation) throws WSSPolicyException {
List<Policy> policies = new ArrayList<>();
Policy servicePolicy = findPolicies(service);
@@ -361,15 +364,18 @@ public class PolicyEnforcerFactory {
for (int i = 0; i < extensibilityElements.size(); i++) {
ExtensibilityElement extensibilityElement = extensibilityElements.get(i);
if (extensibilityElement instanceof UnknownExtensibilityElement) {
- UnknownExtensibilityElement unknownExtensibilityElement = (UnknownExtensibilityElement) extensibilityElement;
+ UnknownExtensibilityElement unknownExtensibilityElement =
+ (UnknownExtensibilityElement) extensibilityElement;
if (unknownExtensibilityElement.getElementType().getLocalPart().equals("PolicyReference")) {
String uri = unknownExtensibilityElement.getElement().getAttributeNS(null, "URI").substring(1);
- NodeList policyNodeList = unknownExtensibilityElement.getElement().getOwnerDocument().getElementsByTagNameNS("*", "Policy");
+ NodeList policyNodeList =
+ unknownExtensibilityElement.getElement().getOwnerDocument().getElementsByTagNameNS("*",
+ "Policy");
boolean found = false;
for (int j = 0; j < policyNodeList.getLength(); j++) {
Element element = (Element) policyNodeList.item(j);
- String refUri = element.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
+ String refUri = element.getAttributeNS(WSSConstants.NS_WSU10, "Id");
if (refUri != null && refUri.equals(uri)) {
found = true;
Policy policy = parsePolicy(element);
@@ -422,7 +428,8 @@ public class PolicyEnforcerFactory {
* creates a new PolicyEnforcer instance
* @param soapAction The requested soapAction of the actual request
* @param initiator Boolean flag to tell the engine if it is running in client or server mode
- * @param roleOrActor The actor or role of the security processing. Must be set to the same value as WSSSecurityProperties#setActor()
+ * @param roleOrActor The actor or role of the security processing. Must be set to the same value
+ * as WSSSecurityProperties#setActor()
* @param attachmentCount The number of Attachments received in the message
* @return the newly created PolicyEnforcer instance
* @throws WSSPolicyException
Modified: webservices/wss4j/branches/2_1_x-fixes/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyInputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyInputProcessor.java?rev=1723510&r1=1723509&r2=1723510&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyInputProcessor.java (original)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyInputProcessor.java Thu Jan 7 10:54:48 2016
@@ -186,12 +186,11 @@ public class PolicyInputProcessor extend
= new EncryptedPartSecurityEvent(null, false, null);
encryptedPartSecurityEvent.setElementPath(elementPath);
policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
- }
- //the body element has documentLevel 2 but we have to use 3 because
- //the body element itself is never encrypted but child elements are. So we
- //test for the body child element.
- else if (documentLevel == 3 && WSSUtils.isInSOAPBody(elementPath)) {
-
+ } else if (documentLevel == 3 && WSSUtils.isInSOAPBody(elementPath)) {
+ //the body element has documentLevel 2 but we have to use 3 because
+ //the body element itself is never encrypted but child elements are. So we
+ //test for the body child element.
+
EncryptedPartSecurityEvent encryptedPartSecurityEvent
= new EncryptedPartSecurityEvent(null, false, null);
encryptedPartSecurityEvent.setElementPath(elementPath);
@@ -249,7 +248,8 @@ public class PolicyInputProcessor extend
protected void init(InputProcessorChain inputProcessorChain) {
if (!this.initDone) {
this.initDone = true;
- this.transportSecurityActive = Boolean.TRUE == inputProcessorChain.getSecurityContext().get(WSSConstants.TRANSPORT_SECURITY_ACTIVE);
+ this.transportSecurityActive =
+ Boolean.TRUE == inputProcessorChain.getSecurityContext().get(WSSConstants.TRANSPORT_SECURITY_ACTIVE);
inputProcessorChain.getSecurityContext().put(WSSConstants.PROP_ALLOW_RSA15_KEYTRANSPORT_ALGORITHM, Boolean.TRUE);
inputProcessorChain.getSecurityContext().put(WSSConstants.PROP_ALLOW_USERNAMETOKEN_NOPASSWORD, Boolean.TRUE.toString());
}