You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/04/01 19:05:10 UTC
cxf git commit: Picking up latest WSS4J changes
Repository: cxf
Updated Branches:
refs/heads/master 02a35f0bf -> 2616fd041
Picking up latest WSS4J changes
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2616fd04
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2616fd04
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2616fd04
Branch: refs/heads/master
Commit: 2616fd04151e5bb7b8a31428f8a9fd0c957dfb48
Parents: 02a35f0
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Sat Mar 28 15:38:42 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Apr 1 18:04:59 2015 +0100
----------------------------------------------------------------------
.../wss4j/BinarySecurityTokenInterceptor.java | 6 +++--
.../wss4j/PolicyBasedWSS4JInInterceptor.java | 16 +++++++------
.../ws/security/wss4j/SamlTokenInterceptor.java | 13 +++++++---
.../wss4j/UsernameTokenInterceptor.java | 6 +++--
.../ws/security/wss4j/WSS4JInInterceptor.java | 25 ++++++++++----------
.../cxf/sts/request/RequestParserUnitTest.java | 19 +++++++--------
.../token/renewer/SAMLTokenRenewerPOPTest.java | 14 +++++++----
7 files changed, 57 insertions(+), 42 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/2616fd04/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java
index 7c3e1ef..b28cddc 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java
@@ -21,10 +21,10 @@ package org.apache.cxf.ws.security.wss4j;
import java.security.Principal;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.List;
import org.w3c.dom.Element;
-
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.headers.Header;
import org.apache.cxf.helpers.CastUtils;
@@ -76,7 +76,9 @@ public class BinarySecurityTokenInterceptor extends AbstractTokenInterceptor {
results = new ArrayList<>();
message.put(WSHandlerConstants.RECV_RESULTS, results);
}
- WSHandlerResult rResult = new WSHandlerResult(null, bstResults);
+ WSHandlerResult rResult =
+ new WSHandlerResult(null, bstResults,
+ Collections.singletonMap(WSConstants.BST, bstResults));
results.add(0, rResult);
assertTokens(message);
http://git-wip-us.apache.org/repos/asf/cxf/blob/2616fd04/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
index f417a5e..683ea34 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
@@ -80,6 +80,7 @@ import org.apache.wss4j.dom.WSDataRef;
import org.apache.wss4j.dom.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
+import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.message.token.Timestamp;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.wss4j.policy.SP11Constants;
@@ -596,7 +597,7 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor {
String actor,
Element soapHeader,
Element soapBody,
- List<WSSecurityEngineResult> results,
+ WSHandlerResult results,
boolean utWithCallbacks
) throws SOAPException, XMLStreamException, WSSecurityException {
//
@@ -607,7 +608,7 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor {
actions.add(WSConstants.UT_SIGN);
actions.add(WSConstants.ST_SIGNED);
List<WSSecurityEngineResult> signedResults =
- WSSecurityUtil.fetchAllActionResults(results, actions);
+ WSSecurityUtil.fetchAllActionResults(results.getResults(), actions);
Collection<WSDataRef> signed = new HashSet<>();
for (WSSecurityEngineResult result : signedResults) {
List<WSDataRef> sl =
@@ -620,7 +621,7 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor {
}
List<WSSecurityEngineResult> encryptResults =
- WSSecurityUtil.fetchAllActionResults(results, WSConstants.ENCR);
+ WSSecurityUtil.fetchAllActionResults(results.getResults(), WSConstants.ENCR);
Collection<WSDataRef> encrypted = new HashSet<>();
for (WSSecurityEngineResult result : encryptResults) {
List<WSDataRef> sl =
@@ -644,7 +645,7 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor {
parameters.setAssertionInfoMap(aim);
parameters.setMessage(msg);
parameters.setSoapBody(soapBody);
- parameters.setResults(results);
+ parameters.setResults(results.getResults());
parameters.setSignedResults(signedResults);
parameters.setEncryptedResults(encryptResults);
parameters.setUtWithCallbacks(utWithCallbacks);
@@ -653,18 +654,19 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor {
utActions.add(WSConstants.UT);
utActions.add(WSConstants.UT_NOPASSWORD);
List<WSSecurityEngineResult> utResults =
- WSSecurityUtil.fetchAllActionResults(results, utActions);
+ WSSecurityUtil.fetchAllActionResults(results.getResults(), utActions);
parameters.setUsernameTokenResults(utResults);
final List<Integer> samlActions = new ArrayList<>(2);
samlActions.add(WSConstants.ST_SIGNED);
samlActions.add(WSConstants.ST_UNSIGNED);
List<WSSecurityEngineResult> samlResults =
- WSSecurityUtil.fetchAllActionResults(results, samlActions);
+ WSSecurityUtil.fetchAllActionResults(results.getResults(), samlActions);
parameters.setSamlResults(samlResults);
// Store the timestamp element
- WSSecurityEngineResult tsResult = WSSecurityUtil.fetchActionResult(results, WSConstants.TS);
+ WSSecurityEngineResult tsResult =
+ WSSecurityUtil.fetchActionResult(results.getResults(), WSConstants.TS);
Element timestamp = null;
if (tsResult != null) {
Timestamp ts = (Timestamp)tsResult.get(WSSecurityEngineResult.TAG_TIMESTAMP);
http://git-wip-us.apache.org/repos/asf/cxf/blob/2616fd04/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
index a184732..d00288f 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
@@ -24,6 +24,7 @@ import java.security.Principal;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Collection;
+import java.util.Collections;
import java.util.List;
import java.util.Properties;
@@ -31,7 +32,6 @@ import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import org.w3c.dom.Element;
-
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.common.util.StringUtils;
@@ -99,8 +99,6 @@ public class SamlTokenInterceptor extends AbstractTokenInterceptor {
results = new ArrayList<>();
message.put(WSHandlerConstants.RECV_RESULTS, results);
}
- WSHandlerResult rResult = new WSHandlerResult(null, samlResults);
- results.add(0, rResult);
boolean signed = false;
for (WSSecurityEngineResult result : samlResults) {
@@ -113,6 +111,15 @@ public class SamlTokenInterceptor extends AbstractTokenInterceptor {
}
assertTokens(message, SPConstants.SAML_TOKEN, signed);
+ Integer key = WSConstants.ST_UNSIGNED;
+ if (signed) {
+ key = WSConstants.ST_SIGNED;
+ }
+ WSHandlerResult rResult =
+ new WSHandlerResult(null, samlResults,
+ Collections.singletonMap(key, samlResults));
+ results.add(0, rResult);
+
// Check version against policy
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
for (AssertionInfo ai
http://git-wip-us.apache.org/repos/asf/cxf/blob/2616fd04/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
index 4bec8ae..59f7005 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
@@ -22,13 +22,13 @@ package org.apache.cxf.ws.security.wss4j;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collection;
+import java.util.Collections;
import java.util.List;
import java.util.Set;
import javax.security.auth.Subject;
import org.w3c.dom.Element;
-
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.headers.Header;
@@ -181,7 +181,9 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor {
results = new ArrayList<>();
message.put(WSHandlerConstants.RECV_RESULTS, results);
}
- WSHandlerResult rResult = new WSHandlerResult(null, v);
+
+ WSHandlerResult rResult =
+ new WSHandlerResult(null, v, Collections.singletonMap(action, v));
results.add(0, rResult);
assertTokens(message, principal, false);
http://git-wip-us.apache.org/repos/asf/cxf/blob/2616fd04/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
index e749834..aa4794b 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
@@ -244,6 +244,7 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
if (actor == null) {
actor = (String)msg.getContextualProperty(SecurityConstants.ACTOR);
}
+ reqData.setActor(actor);
// Configure replay caching
configureReplayCaches(reqData, actions, msg);
@@ -276,16 +277,15 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
Element elem =
WSSecurityUtil.getSecurityHeader(doc.getSOAPHeader(), actor, version.getVersion() != 1.1);
- List<WSSecurityEngineResult> wsResult = engine.processSecurityHeader(
- elem, reqData
- );
+ WSHandlerResult wsResult = engine.processSecurityHeader(elem, reqData);
- if (!wsResult.isEmpty()) { // security header found
+ if (!(wsResult.getResults() == null || wsResult.getResults().isEmpty())) {
+ // security header found
if (reqData.getWssConfig().isEnableSignatureConfirmation()) {
- checkSignatureConfirmation(reqData, wsResult);
+ checkSignatureConfirmation(reqData, wsResult.getResults());
}
- checkActions(msg, reqData, wsResult, actions, SAAJUtils.getBody(doc));
+ checkActions(msg, reqData, wsResult.getResults(), actions, SAAJUtils.getBody(doc));
doResults(
msg, actor,
SAAJUtils.getHeader(doc),
@@ -310,7 +310,7 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
SAAJUtils.getBody(doc),
wsResult);
} else {
- checkActions(msg, reqData, wsResult, actions, SAAJUtils.getBody(doc));
+ checkActions(msg, reqData, wsResult.getResults(), actions, SAAJUtils.getBody(doc));
doResults(msg, actor,
SAAJUtils.getHeader(doc),
SAAJUtils.getBody(doc),
@@ -490,7 +490,7 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
String actor,
Element soapHeader,
Element soapBody,
- List<WSSecurityEngineResult> wsResult
+ WSHandlerResult wsResult
) throws SOAPException, XMLStreamException, WSSecurityException {
doResults(msg, actor, soapHeader, soapBody, wsResult, false);
}
@@ -500,7 +500,7 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
String actor,
Element soapHeader,
Element soapBody,
- List<WSSecurityEngineResult> wsResult,
+ WSHandlerResult wsResult,
boolean utWithCallbacks
) throws SOAPException, XMLStreamException, WSSecurityException {
/*
@@ -512,15 +512,14 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
results = new LinkedList<>();
msg.put(WSHandlerConstants.RECV_RESULTS, results);
}
- WSHandlerResult rResult = new WSHandlerResult(actor, wsResult);
- results.add(0, rResult);
+ results.add(0, wsResult);
Boolean allowUnsignedSamlPrincipals =
MessageUtils.getContextualBoolean(msg,
SecurityConstants.ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL, false);
- for (int i = wsResult.size() - 1; i >= 0; i--) {
- WSSecurityEngineResult o = wsResult.get(i);
+ for (int i = wsResult.getResults().size() - 1; i >= 0; i--) {
+ WSSecurityEngineResult o = wsResult.getResults().get(i);
Integer action = (Integer)o.get(WSSecurityEngineResult.TAG_ACTION);
final Principal p = (Principal)o.get(WSSecurityEngineResult.TAG_PRINCIPAL);
http://git-wip-us.apache.org/repos/asf/cxf/blob/2616fd04/services/sts/sts-core/src/test/java/org/apache/cxf/sts/request/RequestParserUnitTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/request/RequestParserUnitTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/request/RequestParserUnitTest.java
index 65bb9c8..72ce349 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/request/RequestParserUnitTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/request/RequestParserUnitTest.java
@@ -44,7 +44,6 @@ import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.WSSecurityEngine;
-import org.apache.wss4j.dom.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.handler.WSHandlerResult;
@@ -141,10 +140,10 @@ public class RequestParserUnitTest extends org.junit.Assert {
RequestData reqData = new RequestData();
reqData.setCallbackHandler(new PasswordCallbackHandler());
- List<WSSecurityEngineResult> engineResultList =
+ WSHandlerResult results =
securityEngine.processSecurityHeader(secHeaderElement, reqData);
- List<WSHandlerResult> resultsList = new ArrayList<WSHandlerResult>();
- resultsList.add(new WSHandlerResult("actor", engineResultList));
+ List<WSHandlerResult> resultsList = new ArrayList<>();
+ resultsList.add(results);
msgContext.put(WSHandlerConstants.RECV_RESULTS, resultsList);
RequestRequirements requestRequirements = parser.parseRequest(request, wsContext, null, null);
@@ -172,10 +171,10 @@ public class RequestParserUnitTest extends org.junit.Assert {
RequestData reqData = new RequestData();
reqData.setCallbackHandler(new PasswordCallbackHandler());
- List<WSSecurityEngineResult> engineResultList =
+ WSHandlerResult results =
securityEngine.processSecurityHeader(secHeaderElement, reqData);
- List<WSHandlerResult> resultsList = new ArrayList<WSHandlerResult>();
- resultsList.add(new WSHandlerResult("actor", engineResultList));
+ List<WSHandlerResult> resultsList = new ArrayList<>();
+ resultsList.add(results);
msgContext.put(WSHandlerConstants.RECV_RESULTS, resultsList);
RequestRequirements requestRequirements = parser.parseRequest(request, wsContext, null, null);
@@ -204,10 +203,10 @@ public class RequestParserUnitTest extends org.junit.Assert {
reqData.setSigVerCrypto(getCrypto());
reqData.setCallbackHandler(new PasswordCallbackHandler());
- List<WSSecurityEngineResult> engineResultList =
+ WSHandlerResult results =
securityEngine.processSecurityHeader(secHeaderElement, reqData);
- List<WSHandlerResult> resultsList = new ArrayList<WSHandlerResult>();
- resultsList.add(new WSHandlerResult("actor", engineResultList));
+ List<WSHandlerResult> resultsList = new ArrayList<>();
+ resultsList.add(results);
msgContext.put(WSHandlerConstants.RECV_RESULTS, resultsList);
RequestRequirements requestRequirements = parser.parseRequest(request, wsContext, null, null);
http://git-wip-us.apache.org/repos/asf/cxf/blob/2616fd04/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerPOPTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerPOPTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerPOPTest.java
index a068209..e75e79d 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerPOPTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerPOPTest.java
@@ -19,6 +19,7 @@
package org.apache.cxf.sts.token.renewer;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Properties;
@@ -28,7 +29,6 @@ import javax.xml.ws.WebServiceContext;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-
import org.apache.cxf.jaxws.context.WebServiceContextImpl;
import org.apache.cxf.jaxws.context.WrappedMessageContext;
import org.apache.cxf.message.MessageImpl;
@@ -139,8 +139,10 @@ public class SAMLTokenRenewerPOPTest extends org.junit.Assert {
);
signedResults.add(signedResult);
- List<WSHandlerResult> handlerResults = new ArrayList<WSHandlerResult>();
- WSHandlerResult handlerResult = new WSHandlerResult(null, signedResults);
+ List<WSHandlerResult> handlerResults = new ArrayList<>();
+ WSHandlerResult handlerResult =
+ new WSHandlerResult(null, signedResults,
+ Collections.singletonMap(WSConstants.SIGN, signedResults));
handlerResults.add(handlerResult);
WebServiceContext context = validatorParameters.getWebServiceContext();
@@ -214,8 +216,10 @@ public class SAMLTokenRenewerPOPTest extends org.junit.Assert {
);
signedResults.add(signedResult);
- List<WSHandlerResult> handlerResults = new ArrayList<WSHandlerResult>();
- WSHandlerResult handlerResult = new WSHandlerResult(null, signedResults);
+ List<WSHandlerResult> handlerResults = new ArrayList<>();
+ WSHandlerResult handlerResult =
+ new WSHandlerResult(null, signedResults,
+ Collections.singletonMap(WSConstants.SIGN, signedResults));
handlerResults.add(handlerResult);
WebServiceContext context = validatorParameters.getWebServiceContext();