You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2018/03/08 10:08:28 UTC

svn commit: r1826196 - in /webservices/wss4j/branches/2_1_x-fixes: ws-security-common/src/main/java/org/apache/wss4j/common/util/ ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/ ws-security-stax/src/main/java/org/apache/wss4j...

Author: coheigea
Date: Thu Mar  8 10:08:27 2018
New Revision: 1826196

URL: http://svn.apache.org/viewvc?rev=1826196&view=rev
Log:
A few fixes relating to XMLUtils

Modified:
    webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/util/XMLUtils.java
    webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
    webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java

Modified: webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/util/XMLUtils.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/util/XMLUtils.java?rev=1826196&r1=1826195&r2=1826196&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/util/XMLUtils.java (original)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/util/XMLUtils.java Thu Mar  8 10:08:27 2018
@@ -25,6 +25,7 @@ import java.io.OutputStream;
 import java.util.ArrayList;
 import java.util.List;
 
+import javax.xml.XMLConstants;
 import javax.xml.transform.Source;
 import javax.xml.transform.Transformer;
 import javax.xml.transform.TransformerException;
@@ -137,6 +138,7 @@ public final class XMLUtils {
         DOMSource source = new DOMSource(element);
         StreamResult result = new StreamResult(out);
         TransformerFactory transFactory = TransformerFactory.newInstance();
+        transFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
         Transformer transformer = transFactory.newTransformer();
         transformer.transform(source, result);
     }

Modified: webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java?rev=1826196&r1=1826195&r2=1826196&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java (original)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java Thu Mar  8 10:08:27 2018
@@ -32,7 +32,7 @@ import javax.xml.bind.JAXBElement;
 import javax.xml.bind.JAXBException;
 import javax.xml.bind.Unmarshaller;
 import javax.xml.namespace.QName;
-import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.stream.XMLStreamConstants;
 import javax.xml.stream.XMLStreamException;
@@ -83,6 +83,7 @@ import org.apache.xml.security.stax.secu
 import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
 import org.apache.xml.security.stax.securityToken.SecurityToken;
 import org.apache.xml.security.stax.securityToken.SecurityTokenConstants.TokenUsage;
+import org.apache.xml.security.utils.XMLUtils;
 import org.apache.xml.security.stax.securityToken.SecurityTokenFactory;
 import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
 import org.opensaml.security.credential.BasicCredential;
@@ -100,13 +101,10 @@ import org.w3c.dom.Node;
  */
 public class SAMLTokenInputHandler extends AbstractInputSecurityHeaderHandler {
 
-    private static final DocumentBuilderFactory DOC_BUILDER_FACTORY = DocumentBuilderFactory.newInstance();
-
     private static final List<QName> SAML1_TOKEN_PATH = new ArrayList<>(WSSConstants.WSSE_SECURITY_HEADER_PATH);
     private static final List<QName> SAML2_TOKEN_PATH = new ArrayList<>(WSSConstants.WSSE_SECURITY_HEADER_PATH);
 
     static {
-        DOC_BUILDER_FACTORY.setNamespaceAware(true);
         SAML1_TOKEN_PATH.add(WSSConstants.TAG_SAML_ASSERTION);
         SAML2_TOKEN_PATH.add(WSSConstants.TAG_SAML2_ASSERTION);
     }
@@ -446,9 +444,11 @@ public class SAMLTokenInputHandler exten
     @Override
     protected <T> T parseStructure(Deque<XMLSecEvent> eventDeque, int index, XMLSecurityProperties securityProperties)
             throws XMLSecurityException {
-        Document document;
+        Document document = null;
         try {
-            document = DOC_BUILDER_FACTORY.newDocumentBuilder().newDocument();
+            DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
+            document = db.newDocument();
+            XMLUtils.repoolDocumentBuilder(db);
         } catch (ParserConfigurationException e) {
             throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
         }

Modified: webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java?rev=1826196&r1=1826195&r2=1826196&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java (original)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java Thu Mar  8 10:08:27 2018
@@ -444,6 +444,7 @@ public class SAMLTokenOutputProcessor ex
                 try {
                     DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
                     outputDOMElement(samlAssertionWrapper.toDOM(db.newDocument()), subOutputProcessorChain);
+                    XMLUtils.repoolDocumentBuilder(db);
                 } catch (ParserConfigurationException ex) {
                     LOG.debug("Error writing out SAML Assertion", ex);
                     throw new XMLSecurityException(ex);