You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2016/11/28 10:04:34 UTC
svn commit: r1771698 - in /webservices/wss4j/trunk:
ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/
ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/
ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/proces...
Author: coheigea
Date: Mon Nov 28 10:04:33 2016
New Revision: 1771698
URL: http://svn.apache.org/viewvc?rev=1771698&view=rev
Log:
Finished Findbugs sweep
Modified:
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyInputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DecryptInputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SecurityTokenReferenceInputHandler.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/CustomTokenOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosServiceSecurityTokenImpl.java
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyInputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyInputProcessor.java?rev=1771698&r1=1771697&r2=1771698&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyInputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyInputProcessor.java Mon Nov 28 10:04:33 2016
@@ -104,18 +104,16 @@ public class PolicyInputProcessor extend
XMLSecEvent xmlSecEvent = inputProcessorChain.processEvent();
List<QName> elementPath = null;
- switch (xmlSecEvent.getEventType()) {
- case XMLStreamConstants.START_ELEMENT:
- XMLSecStartElement xmlSecStartElement = xmlSecEvent.asStartElement();
- int documentLevel = xmlSecStartElement.getDocumentLevel();
- //test for required elements
- if (documentLevel > 3) {
- RequiredElementSecurityEvent requiredElementSecurityEvent = new RequiredElementSecurityEvent();
- elementPath = xmlSecStartElement.getElementPath();
- requiredElementSecurityEvent.setElementPath(elementPath);
- policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
- }
- break;
+ if (XMLStreamConstants.START_ELEMENT == xmlSecEvent.getEventType()) {
+ XMLSecStartElement xmlSecStartElement = xmlSecEvent.asStartElement();
+ int documentLevel = xmlSecStartElement.getDocumentLevel();
+ //test for required elements
+ if (documentLevel > 3) {
+ RequiredElementSecurityEvent requiredElementSecurityEvent = new RequiredElementSecurityEvent();
+ elementPath = xmlSecStartElement.getElementPath();
+ requiredElementSecurityEvent.setElementPath(elementPath);
+ policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
+ }
}
//if transport security is active, every element is encrypted/signed
@@ -249,7 +247,7 @@ public class PolicyInputProcessor extend
if (!this.initDone) {
this.initDone = true;
this.transportSecurityActive =
- Boolean.TRUE == inputProcessorChain.getSecurityContext().get(WSSConstants.TRANSPORT_SECURITY_ACTIVE);
+ Boolean.TRUE.equals(inputProcessorChain.getSecurityContext().get(WSSConstants.TRANSPORT_SECURITY_ACTIVE));
inputProcessorChain.getSecurityContext().put(WSSConstants.PROP_ALLOW_RSA15_KEYTRANSPORT_ALGORITHM, Boolean.TRUE);
inputProcessorChain.getSecurityContext().put(WSSConstants.PROP_ALLOW_USERNAMETOKEN_NOPASSWORD, Boolean.TRUE.toString());
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java?rev=1771698&r1=1771697&r2=1771698&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java Mon Nov 28 10:04:33 2016
@@ -286,7 +286,7 @@ public class InboundWSSecurityContextImp
usernameTokenElementPath.add(WSSConstants.TAG_WSSE_USERNAME_TOKEN);
boolean encryptsUsernameToken = encryptsElement(tokenSecurityEvent, usernameTokenElementPath, securityEventDeque);
- boolean transportSecurityActive = Boolean.TRUE == get(WSSConstants.TRANSPORT_SECURITY_ACTIVE);
+ boolean transportSecurityActive = Boolean.TRUE.equals(get(WSSConstants.TRANSPORT_SECURITY_ACTIVE));
List<InboundSecurityToken> encryptingSecurityTokens =
isEncryptedToken(tokenSecurityEvent, securityEventDeque, httpsTokenSecurityEvent);
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DecryptInputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DecryptInputProcessor.java?rev=1771698&r1=1771697&r2=1771698&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DecryptInputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DecryptInputProcessor.java Mon Nov 28 10:04:33 2016
@@ -345,7 +345,7 @@ public class DecryptInputProcessor exten
}
}
- private final class DeferredAttachment {
+ private static final class DeferredAttachment {
private EncryptedDataType encryptedDataType;
private Cipher cipher;
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java?rev=1771698&r1=1771697&r2=1771698&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java Mon Nov 28 10:04:33 2016
@@ -533,7 +533,7 @@ public class SAMLTokenInputHandler exten
* which can not be done until the whole soap-header is processed and we know that the whole soap-body
* is signed.
*/
- class SAMLTokenVerifierInputProcessor extends AbstractInputProcessor implements SecurityEventListener {
+ static class SAMLTokenVerifierInputProcessor extends AbstractInputProcessor implements SecurityEventListener {
private SamlAssertionWrapper samlAssertionWrapper;
private SecurityTokenProvider<InboundSecurityToken> securityTokenProvider;
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SecurityTokenReferenceInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SecurityTokenReferenceInputHandler.java?rev=1771698&r1=1771697&r2=1771698&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SecurityTokenReferenceInputHandler.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SecurityTokenReferenceInputHandler.java Mon Nov 28 10:04:33 2016
@@ -98,7 +98,7 @@ public class SecurityTokenReferenceInput
}
}
- class InternalSecurityTokenReferenceInputProcessor extends AbstractInputProcessor {
+ static class InternalSecurityTokenReferenceInputProcessor extends AbstractInputProcessor {
private final String securityTokenReferenceId;
private final QName attribute;
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java?rev=1771698&r1=1771697&r2=1771698&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java Mon Nov 28 10:04:33 2016
@@ -137,7 +137,7 @@ public class BinarySecurityTokenOutputPr
outputProcessorChain.processEvent(xmlSecEvent);
}
- class FinalBinarySecurityTokenOutputProcessor extends AbstractOutputProcessor {
+ static class FinalBinarySecurityTokenOutputProcessor extends AbstractOutputProcessor {
private final OutboundSecurityToken securityToken;
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/CustomTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/CustomTokenOutputProcessor.java?rev=1771698&r1=1771697&r2=1771698&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/CustomTokenOutputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/CustomTokenOutputProcessor.java Mon Nov 28 10:04:33 2016
@@ -80,7 +80,7 @@ public class CustomTokenOutputProcessor
outputProcessorChain.processEvent(xmlSecEvent);
}
- class FinalUnknownTokenOutputProcessor extends AbstractOutputProcessor {
+ static class FinalUnknownTokenOutputProcessor extends AbstractOutputProcessor {
private final Element token;
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java?rev=1771698&r1=1771697&r2=1771698&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java Mon Nov 28 10:04:33 2016
@@ -189,7 +189,7 @@ public class DerivedKeyTokenOutputProces
outputProcessorChain.processEvent(xmlSecEvent);
}
- class FinalDerivedKeyTokenOutputProcessor extends AbstractOutputProcessor {
+ static class FinalDerivedKeyTokenOutputProcessor extends AbstractOutputProcessor {
private final OutboundSecurityToken securityToken;
private final int offset;
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java?rev=1771698&r1=1771697&r2=1771698&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java Mon Nov 28 10:04:33 2016
@@ -137,7 +137,7 @@ public class SecurityContextTokenOutputP
outputProcessorChain.processEvent(xmlSecEvent);
}
- class FinalSecurityContextTokenOutputProcessor extends AbstractOutputProcessor {
+ static class FinalSecurityContextTokenOutputProcessor extends AbstractOutputProcessor {
private final OutboundSecurityToken securityToken;
private final String identifier;
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java?rev=1771698&r1=1771697&r2=1771698&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java Mon Nov 28 10:04:33 2016
@@ -147,7 +147,7 @@ public class UsernameTokenOutputProcesso
outputProcessorChain.processEvent(xmlSecEvent);
}
- class FinalUsernameTokenOutputProcessor extends AbstractOutputProcessor {
+ static class FinalUsernameTokenOutputProcessor extends AbstractOutputProcessor {
private String wsuId = null;
private byte[] nonceValue = null;
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosServiceSecurityTokenImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosServiceSecurityTokenImpl.java?rev=1771698&r1=1771697&r2=1771698&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosServiceSecurityTokenImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosServiceSecurityTokenImpl.java Mon Nov 28 10:04:33 2016
@@ -182,4 +182,22 @@ public class KerberosServiceSecurityToke
public Principal getPrincipal() throws WSSecurityException {
return principal;
}
+
+ /**
+ * Get the KerberosTokenDecoder instance used to extract a session key from the received Kerberos
+ * token.
+ * @return the KerberosTokenDecoder instance used to extract a session key
+ */
+ public KerberosTokenDecoder getKerberosTokenDecoder() {
+ return kerberosTokenDecoder;
+ }
+
+ /**
+ * Set the KerberosTokenDecoder instance used to extract a session key from the received Kerberos
+ * token.
+ * @param kerberosTokenDecoder the KerberosTokenDecoder instance used to extract a session key
+ */
+ public void setKerberosTokenDecoder(KerberosTokenDecoder kerberosTokenDecoder) {
+ this.kerberosTokenDecoder = kerberosTokenDecoder;
+ }
}