You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/05/15 13:18:58 UTC

svn commit: r1482767 - in /cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security: policy/interceptors/HttpsTokenInterceptorProvider.java wss4j/AbstractTokenInterceptor.java

Author: coheigea
Date: Wed May 15 11:18:57 2013
New Revision: 1482767

URL: http://svn.apache.org/r1482767
Log:
Fixed a bug with the HttpsTokenInterceptorProvider + don't run DOM specific token interceptors when using StaX.

Modified:
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java?rev=1482767&r1=1482766&r2=1482767&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java Wed May 15 11:18:57 2013
@@ -272,11 +272,16 @@ public class HttpsTokenInterceptorProvid
                 TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);                
                 if (tlsInfo != null) {
                     if (token.getAuthenticationType() 
-                        == HttpsToken.AuthenticationType.RequireClientCertificate
-                        && (tlsInfo.getPeerCertificates() == null 
-                            || tlsInfo.getPeerCertificates().length == 0)) {
-                        asserted = false;
-                    } else {
+                        == HttpsToken.AuthenticationType.RequireClientCertificate) {
+                        if (tlsInfo.getPeerCertificates() == null 
+                            || tlsInfo.getPeerCertificates().length == 0) {
+                            asserted = false;
+                        } else {
+                            NegotiationUtils.assertPolicy(aim, SPConstants.REQUIRE_CLIENT_CERTIFICATE);
+                        }
+                    }
+                    
+                    if (tlsInfo.getPeerCertificates() != null && tlsInfo.getPeerCertificates().length > 0) {
                         httpsTokenSecurityEvent.setAuthenticationType(
                             HttpsTokenSecurityEvent.AuthenticationType.HttpsClientCertificateAuthentication
                         );
@@ -284,7 +289,13 @@ public class HttpsTokenInterceptorProvid
                             new HttpsSecurityTokenImpl((X509Certificate)tlsInfo.getPeerCertificates()[0]);
                         httpsSecurityToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_MainSignature);
                         httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
-                        NegotiationUtils.assertPolicy(aim, SPConstants.REQUIRE_CLIENT_CERTIFICATE);
+                    } else {
+                        httpsTokenSecurityEvent.setAuthenticationType(
+                            HttpsTokenSecurityEvent.AuthenticationType.HttpsNoAuthentication
+                        );
+                        HttpsSecurityTokenImpl httpsSecurityToken = new HttpsSecurityTokenImpl();
+                        httpsSecurityToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_MainSignature);
+                        httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
                     }
                 } else {
                     asserted = false;

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java?rev=1482767&r1=1482766&r2=1482767&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java Wed May 15 11:18:57 2013
@@ -73,6 +73,7 @@ public abstract class AbstractTokenInter
         super(Phase.PRE_PROTOCOL);
         addAfter(PolicyBasedWSS4JOutInterceptor.class.getName());
         addAfter(PolicyBasedWSS4JInInterceptor.class.getName());
+        addAfter(PolicyBasedWSS4JStaxInInterceptor.class.getName());
     }
     
     public Set<QName> getUnderstoodHeaders() {
@@ -81,6 +82,12 @@ public abstract class AbstractTokenInter
 
     public void handleMessage(SoapMessage message) throws Fault {
 
+        boolean enableStax = 
+            MessageUtils.isTrue(message.getContextualProperty(SecurityConstants.ENABLE_STREAMING_SECURITY));
+        if (enableStax) {
+            return;
+        }
+        
         boolean isReq = MessageUtils.isRequestor(message);
         boolean isOut = MessageUtils.isOutbound(message);