You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2018/03/08 10:08:28 UTC
svn commit: r1826196 - in /webservices/wss4j/branches/2_1_x-fixes:
ws-security-common/src/main/java/org/apache/wss4j/common/util/
ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/
ws-security-stax/src/main/java/org/apache/wss4j...
Author: coheigea
Date: Thu Mar 8 10:08:27 2018
New Revision: 1826196
URL: http://svn.apache.org/viewvc?rev=1826196&view=rev
Log:
A few fixes relating to XMLUtils
Modified:
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/util/XMLUtils.java
webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java
Modified: webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/util/XMLUtils.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/util/XMLUtils.java?rev=1826196&r1=1826195&r2=1826196&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/util/XMLUtils.java (original)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/util/XMLUtils.java Thu Mar 8 10:08:27 2018
@@ -25,6 +25,7 @@ import java.io.OutputStream;
import java.util.ArrayList;
import java.util.List;
+import javax.xml.XMLConstants;
import javax.xml.transform.Source;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
@@ -137,6 +138,7 @@ public final class XMLUtils {
DOMSource source = new DOMSource(element);
StreamResult result = new StreamResult(out);
TransformerFactory transFactory = TransformerFactory.newInstance();
+ transFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
Transformer transformer = transFactory.newTransformer();
transformer.transform(source, result);
}
Modified: webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java?rev=1826196&r1=1826195&r2=1826196&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java (original)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java Thu Mar 8 10:08:27 2018
@@ -32,7 +32,7 @@ import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import javax.xml.namespace.QName;
-import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.stream.XMLStreamConstants;
import javax.xml.stream.XMLStreamException;
@@ -83,6 +83,7 @@ import org.apache.xml.security.stax.secu
import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityTokenConstants.TokenUsage;
+import org.apache.xml.security.utils.XMLUtils;
import org.apache.xml.security.stax.securityToken.SecurityTokenFactory;
import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
import org.opensaml.security.credential.BasicCredential;
@@ -100,13 +101,10 @@ import org.w3c.dom.Node;
*/
public class SAMLTokenInputHandler extends AbstractInputSecurityHeaderHandler {
- private static final DocumentBuilderFactory DOC_BUILDER_FACTORY = DocumentBuilderFactory.newInstance();
-
private static final List<QName> SAML1_TOKEN_PATH = new ArrayList<>(WSSConstants.WSSE_SECURITY_HEADER_PATH);
private static final List<QName> SAML2_TOKEN_PATH = new ArrayList<>(WSSConstants.WSSE_SECURITY_HEADER_PATH);
static {
- DOC_BUILDER_FACTORY.setNamespaceAware(true);
SAML1_TOKEN_PATH.add(WSSConstants.TAG_SAML_ASSERTION);
SAML2_TOKEN_PATH.add(WSSConstants.TAG_SAML2_ASSERTION);
}
@@ -446,9 +444,11 @@ public class SAMLTokenInputHandler exten
@Override
protected <T> T parseStructure(Deque<XMLSecEvent> eventDeque, int index, XMLSecurityProperties securityProperties)
throws XMLSecurityException {
- Document document;
+ Document document = null;
try {
- document = DOC_BUILDER_FACTORY.newDocumentBuilder().newDocument();
+ DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
+ document = db.newDocument();
+ XMLUtils.repoolDocumentBuilder(db);
} catch (ParserConfigurationException e) {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
}
Modified: webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java?rev=1826196&r1=1826195&r2=1826196&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java (original)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java Thu Mar 8 10:08:27 2018
@@ -444,6 +444,7 @@ public class SAMLTokenOutputProcessor ex
try {
DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
outputDOMElement(samlAssertionWrapper.toDOM(db.newDocument()), subOutputProcessorChain);
+ XMLUtils.repoolDocumentBuilder(db);
} catch (ParserConfigurationException ex) {
LOG.debug("Error writing out SAML Assertion", ex);
throw new XMLSecurityException(ex);