You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/05/15 13:18:58 UTC
svn commit: r1482767 - in
/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security:
policy/interceptors/HttpsTokenInterceptorProvider.java
wss4j/AbstractTokenInterceptor.java
Author: coheigea
Date: Wed May 15 11:18:57 2013
New Revision: 1482767
URL: http://svn.apache.org/r1482767
Log:
Fixed a bug with the HttpsTokenInterceptorProvider + don't run DOM specific token interceptors when using StaX.
Modified:
cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java
Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java?rev=1482767&r1=1482766&r2=1482767&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java Wed May 15 11:18:57 2013
@@ -272,11 +272,16 @@ public class HttpsTokenInterceptorProvid
TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);
if (tlsInfo != null) {
if (token.getAuthenticationType()
- == HttpsToken.AuthenticationType.RequireClientCertificate
- && (tlsInfo.getPeerCertificates() == null
- || tlsInfo.getPeerCertificates().length == 0)) {
- asserted = false;
- } else {
+ == HttpsToken.AuthenticationType.RequireClientCertificate) {
+ if (tlsInfo.getPeerCertificates() == null
+ || tlsInfo.getPeerCertificates().length == 0) {
+ asserted = false;
+ } else {
+ NegotiationUtils.assertPolicy(aim, SPConstants.REQUIRE_CLIENT_CERTIFICATE);
+ }
+ }
+
+ if (tlsInfo.getPeerCertificates() != null && tlsInfo.getPeerCertificates().length > 0) {
httpsTokenSecurityEvent.setAuthenticationType(
HttpsTokenSecurityEvent.AuthenticationType.HttpsClientCertificateAuthentication
);
@@ -284,7 +289,13 @@ public class HttpsTokenInterceptorProvid
new HttpsSecurityTokenImpl((X509Certificate)tlsInfo.getPeerCertificates()[0]);
httpsSecurityToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_MainSignature);
httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
- NegotiationUtils.assertPolicy(aim, SPConstants.REQUIRE_CLIENT_CERTIFICATE);
+ } else {
+ httpsTokenSecurityEvent.setAuthenticationType(
+ HttpsTokenSecurityEvent.AuthenticationType.HttpsNoAuthentication
+ );
+ HttpsSecurityTokenImpl httpsSecurityToken = new HttpsSecurityTokenImpl();
+ httpsSecurityToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_MainSignature);
+ httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
}
} else {
asserted = false;
Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java?rev=1482767&r1=1482766&r2=1482767&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java Wed May 15 11:18:57 2013
@@ -73,6 +73,7 @@ public abstract class AbstractTokenInter
super(Phase.PRE_PROTOCOL);
addAfter(PolicyBasedWSS4JOutInterceptor.class.getName());
addAfter(PolicyBasedWSS4JInInterceptor.class.getName());
+ addAfter(PolicyBasedWSS4JStaxInInterceptor.class.getName());
}
public Set<QName> getUnderstoodHeaders() {
@@ -81,6 +82,12 @@ public abstract class AbstractTokenInter
public void handleMessage(SoapMessage message) throws Fault {
+ boolean enableStax =
+ MessageUtils.isTrue(message.getContextualProperty(SecurityConstants.ENABLE_STREAMING_SECURITY));
+ if (enableStax) {
+ return;
+ }
+
boolean isReq = MessageUtils.isRequestor(message);
boolean isOut = MessageUtils.isOutbound(message);