You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2020/12/11 07:11:55 UTC
[ws-wss4j] branch master updated: SANTUARIO-555 Made order of
output processors in a chain deterministic and intuitive (#15)
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
The following commit(s) were added to refs/heads/master by this push:
new b631d7b SANTUARIO-555 Made order of output processors in a chain deterministic and intuitive (#15)
b631d7b is described below
commit b631d7bbb217a23695a8672f9fe1584fe08e7f78
Author: Peter De Maeyer <pe...@gmail.com>
AuthorDate: Fri Dec 11 08:11:45 2020 +0100
SANTUARIO-555 Made order of output processors in a chain deterministic and intuitive (#15)
---
.gitignore | 3 +
.../output/BinarySecurityTokenOutputProcessor.java | 9 +--
.../output/CustomTokenOutputProcessor.java | 2 +-
.../output/DerivedKeyTokenOutputProcessor.java | 2 +-
.../processor/output/EncryptOutputProcessor.java | 4 +-
.../output/EncryptedKeyOutputProcessor.java | 12 +--
.../processor/output/SAMLTokenOutputProcessor.java | 5 +-
.../SecurityContextTokenOutputProcessor.java | 2 +-
.../processor/output/TimestampOutputProcessor.java | 1 -
.../output/UsernameTokenOutputProcessor.java | 5 +-
.../output/WSSSignatureEndingOutputProcessor.java | 2 +-
.../output/WSSSignatureOutputProcessor.java | 4 +-
.../org/apache/wss4j/stax/setup/OutboundWSSec.java | 87 ++++++++++++----------
13 files changed, 75 insertions(+), 63 deletions(-)
diff --git a/.gitignore b/.gitignore
index 52eff50..3a1cddb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,3 +8,6 @@ target/
velocity.log
.pmdruleset.xml
+# IntelliJ
+/.idea/
+**/*.iml
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
index f39efb4..c640675 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
@@ -94,7 +94,7 @@ public class BinarySecurityTokenOutputProcessor extends AbstractOutputProcessor
FinalBinarySecurityTokenOutputProcessor finalBinarySecurityTokenOutputProcessor =
new FinalBinarySecurityTokenOutputProcessor(securityToken);
finalBinarySecurityTokenOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
- finalBinarySecurityTokenOutputProcessor.setAction(getAction());
+ finalBinarySecurityTokenOutputProcessor.setAction(getAction(), getActionOrder());
finalBinarySecurityTokenOutputProcessor.addBeforeProcessor(WSSSignatureOutputProcessor.class);
finalBinarySecurityTokenOutputProcessor.init(outputProcessorChain);
securityToken.setProcessor(finalBinarySecurityTokenOutputProcessor);
@@ -104,7 +104,7 @@ public class BinarySecurityTokenOutputProcessor extends AbstractOutputProcessor
FinalBinarySecurityTokenOutputProcessor finalBinarySecurityTokenOutputProcessor =
new FinalBinarySecurityTokenOutputProcessor(securityToken);
finalBinarySecurityTokenOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
- finalBinarySecurityTokenOutputProcessor.setAction(getAction());
+ finalBinarySecurityTokenOutputProcessor.setAction(getAction(), getActionOrder());
finalBinarySecurityTokenOutputProcessor.addBeforeProcessor(WSSSignatureOutputProcessor.class);
finalBinarySecurityTokenOutputProcessor.init(outputProcessorChain);
securityToken.setProcessor(finalBinarySecurityTokenOutputProcessor);
@@ -115,7 +115,7 @@ public class BinarySecurityTokenOutputProcessor extends AbstractOutputProcessor
FinalBinarySecurityTokenOutputProcessor finalBinarySecurityTokenOutputProcessor =
new FinalBinarySecurityTokenOutputProcessor(securityToken);
finalBinarySecurityTokenOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
- finalBinarySecurityTokenOutputProcessor.setAction(getAction());
+ finalBinarySecurityTokenOutputProcessor.setAction(getAction(), getActionOrder());
finalBinarySecurityTokenOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class);
finalBinarySecurityTokenOutputProcessor.init(outputProcessorChain);
securityToken.setProcessor(finalBinarySecurityTokenOutputProcessor);
@@ -125,9 +125,8 @@ public class BinarySecurityTokenOutputProcessor extends AbstractOutputProcessor
FinalBinarySecurityTokenOutputProcessor finalBinarySecurityTokenOutputProcessor =
new FinalBinarySecurityTokenOutputProcessor(securityToken);
finalBinarySecurityTokenOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
- finalBinarySecurityTokenOutputProcessor.setAction(getAction());
+ finalBinarySecurityTokenOutputProcessor.setAction(getAction(), getActionOrder());
finalBinarySecurityTokenOutputProcessor.addBeforeProcessor(WSSSignatureOutputProcessor.class);
- finalBinarySecurityTokenOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class);
finalBinarySecurityTokenOutputProcessor.init(outputProcessorChain);
securityToken.setProcessor(finalBinarySecurityTokenOutputProcessor);
}
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/CustomTokenOutputProcessor.java b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/CustomTokenOutputProcessor.java
index f630c35..56df538 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/CustomTokenOutputProcessor.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/CustomTokenOutputProcessor.java
@@ -70,7 +70,7 @@ public class CustomTokenOutputProcessor extends AbstractOutputProcessor {
FinalUnknownTokenOutputProcessor outputProcessor =
new FinalUnknownTokenOutputProcessor(customToken);
outputProcessor.setXMLSecurityProperties(getSecurityProperties());
- outputProcessor.setAction(getAction());
+ outputProcessor.setAction(getAction(), getActionOrder());
outputProcessor.addBeforeProcessor(WSSSignatureOutputProcessor.class);
outputProcessor.addBeforeProcessor(EncryptedKeyOutputProcessor.class);
outputProcessor.init(outputProcessorChain);
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
index 2657ba3..94cbb18 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
@@ -182,7 +182,7 @@ public class DerivedKeyTokenOutputProcessor extends AbstractOutputProcessor {
((WSSSecurityProperties)getSecurityProperties()).isUse200512Namespace(),
wrappingSecurityToken.getSha1Identifier());
finalDerivedKeyTokenOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
- finalDerivedKeyTokenOutputProcessor.setAction(getAction());
+ finalDerivedKeyTokenOutputProcessor.setAction(getAction(), getActionOrder());
if (wrappingSecurityToken.getProcessor() != null) {
finalDerivedKeyTokenOutputProcessor.addBeforeProcessor(wrappingSecurityToken.getProcessor().getClass());
} else {
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
index b3fe485..a61293b 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
@@ -81,7 +81,7 @@ public class EncryptOutputProcessor extends AbstractEncryptOutputProcessor {
super.init(outputProcessorChain);
EncryptEndingOutputProcessor encryptEndingOutputProcessor = new EncryptEndingOutputProcessor();
encryptEndingOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
- encryptEndingOutputProcessor.setAction(getAction());
+ encryptEndingOutputProcessor.setAction(getAction(), getActionOrder());
encryptEndingOutputProcessor.init(outputProcessorChain);
}
@@ -129,7 +129,7 @@ public class EncryptOutputProcessor extends AbstractEncryptOutputProcessor {
securityToken
);
internalEncryptionOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
- internalEncryptionOutputProcessor.setAction(getAction());
+ internalEncryptionOutputProcessor.setAction(getAction(), getActionOrder());
internalEncryptionOutputProcessor.init(outputProcessorChain);
setActiveInternalEncryptionOutputProcessor(internalEncryptionOutputProcessor);
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java
index 3b5c66f..41c4d5f 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java
@@ -109,7 +109,7 @@ public class EncryptedKeyOutputProcessor extends AbstractOutputProcessor {
FinalEncryptedKeyOutputProcessor finalEncryptedKeyOutputProcessor =
new FinalEncryptedKeyOutputProcessor(encryptedKeySecurityToken);
finalEncryptedKeyOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
- finalEncryptedKeyOutputProcessor.setAction(getAction());
+ finalEncryptedKeyOutputProcessor.setAction(getAction(), getActionOrder());
XMLSecurityConstants.Action action = getAction();
if (WSSConstants.ENCRYPTION.equals(action)) {
if (wrappingSecurityToken.getProcessor() != null) {
@@ -122,7 +122,7 @@ public class EncryptedKeyOutputProcessor extends AbstractOutputProcessor {
if (getSecurityProperties().getActions().indexOf(WSSConstants.ENCRYPTION)
< getSecurityProperties().getActions().indexOf(WSSConstants.SIGNATURE)) {
finalEncryptedKeyOutputProcessor.addBeforeProcessor(WSSSignatureOutputProcessor.class);
- finalEncryptedKeyOutputProcessor.setAction(WSSConstants.SIGNATURE);
+ finalEncryptedKeyOutputProcessor.setAction(WSSConstants.SIGNATURE, getActionOrder());
}
finalEncryptedKeyOutputProcessor.setOutputReferenceList(false);
finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
@@ -130,7 +130,7 @@ public class EncryptedKeyOutputProcessor extends AbstractOutputProcessor {
ReferenceListOutputProcessor referenceListOutputProcessor = new ReferenceListOutputProcessor();
referenceListOutputProcessor.addBeforeProcessor(finalEncryptedKeyOutputProcessor.getClass());
referenceListOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
- referenceListOutputProcessor.setAction(getAction());
+ referenceListOutputProcessor.setAction(getAction(), getActionOrder());
referenceListOutputProcessor.init(outputProcessorChain);
} else {
finalEncryptedKeyOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class);
@@ -154,7 +154,7 @@ public class EncryptedKeyOutputProcessor extends AbstractOutputProcessor {
//hint for the headerReordering processor where to place the EncryptedKey
if (getSecurityProperties().getActions().indexOf(WSSConstants.ENCRYPTION_WITH_DERIVED_KEY)
< getSecurityProperties().getActions().indexOf(WSSConstants.SIGNATURE_WITH_DERIVED_KEY)) {
- finalEncryptedKeyOutputProcessor.setAction(WSSConstants.SIGNATURE_WITH_DERIVED_KEY);
+ finalEncryptedKeyOutputProcessor.setAction(WSSConstants.SIGNATURE_WITH_DERIVED_KEY, getActionOrder());
}
finalEncryptedKeyOutputProcessor.setOutputReferenceList(false);
finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
@@ -165,7 +165,7 @@ public class EncryptedKeyOutputProcessor extends AbstractOutputProcessor {
ReferenceListOutputProcessor referenceListOutputProcessor = new ReferenceListOutputProcessor();
referenceListOutputProcessor.addBeforeProcessor(finalEncryptedKeyOutputProcessor.getClass());
referenceListOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
- referenceListOutputProcessor.setAction(getAction());
+ referenceListOutputProcessor.setAction(getAction(), getActionOrder());
referenceListOutputProcessor.init(outputProcessorChain);
} else {
finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
@@ -187,7 +187,7 @@ public class EncryptedKeyOutputProcessor extends AbstractOutputProcessor {
FinalEncryptedKeyOutputProcessor(OutboundSecurityToken securityToken) throws XMLSecurityException {
super();
- this.addAfterProcessor(FinalEncryptedKeyOutputProcessor.class);
+ this.addAfterProcessor(EncryptedKeyOutputProcessor.class);
this.securityToken = securityToken;
}
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java
index ccc3d86..6eab257 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java
@@ -70,6 +70,7 @@ public class SAMLTokenOutputProcessor extends AbstractOutputProcessor {
public SAMLTokenOutputProcessor() throws XMLSecurityException {
super();
+ addBeforeProcessor(BinarySecurityTokenOutputProcessor.class);
addBeforeProcessor(WSSSignatureOutputProcessor.class);
}
@@ -137,6 +138,7 @@ public class SAMLTokenOutputProcessor extends AbstractOutputProcessor {
finalSAMLTokenOutputProcessor = new FinalSAMLTokenOutputProcessor(securityToken, samlAssertionWrapper,
securityTokenReferenceId, senderVouches, includeSTR);
+ finalSAMLTokenOutputProcessor.setAction(getAction(), getActionOrder());
securityToken.setProcessor(finalSAMLTokenOutputProcessor);
@@ -207,7 +209,7 @@ public class SAMLTokenOutputProcessor extends AbstractOutputProcessor {
}
finalSAMLTokenOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
- finalSAMLTokenOutputProcessor.setAction(action);
+ finalSAMLTokenOutputProcessor.setAction(action, getActionOrder());
finalSAMLTokenOutputProcessor.init(outputProcessorChain);
if (includeSTR) {
@@ -434,6 +436,7 @@ public class SAMLTokenOutputProcessor extends AbstractOutputProcessor {
super();
this.addAfterProcessor(UsernameTokenOutputProcessor.class);
this.addAfterProcessor(SAMLTokenOutputProcessor.class);
+ this.addBeforeProcessor(WSSSignatureOutputProcessor.class);
this.samlAssertionWrapper = samlAssertionWrapper;
this.securityTokenReferenceId = securityTokenReferenceId;
this.senderVouches = senderVouches;
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java
index 7df5123..ab0390d 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java
@@ -108,7 +108,7 @@ public class SecurityContextTokenOutputProcessor extends AbstractOutputProcessor
new FinalSecurityContextTokenOutputProcessor(securityContextSecurityToken, identifier,
((WSSSecurityProperties)getSecurityProperties()).isUse200512Namespace());
finalSecurityContextTokenOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
- finalSecurityContextTokenOutputProcessor.setAction(getAction());
+ finalSecurityContextTokenOutputProcessor.setAction(getAction(), getActionOrder());
XMLSecurityConstants.Action action = getAction();
if (WSSConstants.SIGNATURE_WITH_DERIVED_KEY.equals(action)) {
outputProcessorChain.getSecurityContext().put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_DERIVED_KEY, wsuId);
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/TimestampOutputProcessor.java b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/TimestampOutputProcessor.java
index 062b8be..a740d08 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/TimestampOutputProcessor.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/TimestampOutputProcessor.java
@@ -38,7 +38,6 @@ public class TimestampOutputProcessor extends AbstractOutputProcessor {
public TimestampOutputProcessor() throws XMLSecurityException {
super();
- addBeforeProcessor(UsernameTokenOutputProcessor.class);
addBeforeProcessor(WSSSignatureOutputProcessor.class);
addBeforeProcessor(EncryptOutputProcessor.class);
}
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
index 8d1538c..f4136da 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
@@ -48,7 +48,6 @@ public class UsernameTokenOutputProcessor extends AbstractOutputProcessor {
public UsernameTokenOutputProcessor() throws XMLSecurityException {
super();
- addAfterProcessor(TimestampOutputProcessor.class);
addBeforeProcessor(WSSSignatureOutputProcessor.class);
addBeforeProcessor(EncryptOutputProcessor.class);
}
@@ -137,8 +136,9 @@ public class UsernameTokenOutputProcessor extends AbstractOutputProcessor {
}
final FinalUsernameTokenOutputProcessor finalUsernameTokenOutputProcessor =
new FinalUsernameTokenOutputProcessor(wsuId, nonceValue, password, createdStr, salt, derivedIterations, getAction());
+ getBeforeProcessors().forEach(finalUsernameTokenOutputProcessor::addBeforeProcessor);
finalUsernameTokenOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
- finalUsernameTokenOutputProcessor.setAction(getAction());
+ finalUsernameTokenOutputProcessor.setAction(getAction(), getActionOrder());
finalUsernameTokenOutputProcessor.init(outputProcessorChain);
} finally {
@@ -163,7 +163,6 @@ public class UsernameTokenOutputProcessor extends AbstractOutputProcessor {
throws XMLSecurityException {
super();
this.addAfterProcessor(UsernameTokenOutputProcessor.class);
- this.addAfterProcessor(UsernameTokenOutputProcessor.class);
this.wsuId = wsuId;
this.nonceValue = nonceValue;
this.password = password;
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java
index 8da2188..23dad40 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java
@@ -66,7 +66,7 @@ public class WSSSignatureEndingOutputProcessor extends AbstractSignatureEndingOu
this.signedInfoProcessor = new SignedInfoProcessor(signatureAlgorithm, signatureId, xmlSecStartElement);
this.signedInfoProcessor.setXMLSecurityProperties(getSecurityProperties());
- this.signedInfoProcessor.setAction(getAction());
+ this.signedInfoProcessor.setAction(getAction(), getActionOrder());
this.signedInfoProcessor.addAfterProcessor(WSSSignatureEndingOutputProcessor.class);
this.signedInfoProcessor.init(outputProcessorChain);
return this.signedInfoProcessor;
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureOutputProcessor.java b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureOutputProcessor.java
index 1c27c80..ea98e32 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureOutputProcessor.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureOutputProcessor.java
@@ -70,7 +70,7 @@ public class WSSSignatureOutputProcessor extends AbstractSignatureOutputProcesso
super.init(outputProcessorChain);
WSSSignatureEndingOutputProcessor signatureEndingOutputProcessor = new WSSSignatureEndingOutputProcessor(this);
signatureEndingOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
- signatureEndingOutputProcessor.setAction(getAction());
+ signatureEndingOutputProcessor.setAction(getAction(), getActionOrder());
signatureEndingOutputProcessor.init(outputProcessorChain);
}
@@ -129,7 +129,7 @@ public class WSSSignatureOutputProcessor extends AbstractSignatureOutputProcesso
InternalSignatureOutputProcessor internalSignatureOutputProcessor =
new InternalWSSSignatureOutputProcessor(signaturePartDef, xmlSecStartElement);
internalSignatureOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
- internalSignatureOutputProcessor.setAction(getAction());
+ internalSignatureOutputProcessor.setAction(getAction(), getActionOrder());
internalSignatureOutputProcessor.addAfterProcessor(WSSSignatureOutputProcessor.class);
internalSignatureOutputProcessor.addBeforeProcessor(WSSSignatureEndingOutputProcessor.class);
internalSignatureOutputProcessor.init(outputProcessorChain);
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/OutboundWSSec.java b/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/OutboundWSSec.java
index a19cbac..0efef73 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/OutboundWSSec.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/OutboundWSSec.java
@@ -175,7 +175,7 @@ public class OutboundWSSec {
try {
final SecurityHeaderOutputProcessor securityHeaderOutputProcessor = new SecurityHeaderOutputProcessor();
- initializeOutputProcessor(outputProcessorChain, securityHeaderOutputProcessor, null);
+ initializeOutputProcessor(outputProcessorChain, securityHeaderOutputProcessor, null, -1);
ConfiguredAction configuredAction = configureActions(outputProcessorChain);
@@ -206,15 +206,15 @@ public class OutboundWSSec {
}
final SecurityHeaderReorderProcessor securityHeaderReorderProcessor = new SecurityHeaderReorderProcessor();
- initializeOutputProcessor(outputProcessorChain, securityHeaderReorderProcessor, null);
+ initializeOutputProcessor(outputProcessorChain, securityHeaderReorderProcessor, null, -1);
if (output instanceof OutputStream) {
final FinalOutputProcessor finalOutputProcessor = new FinalOutputProcessor((OutputStream) output, encoding);
- initializeOutputProcessor(outputProcessorChain, finalOutputProcessor, null);
+ initializeOutputProcessor(outputProcessorChain, finalOutputProcessor, null, -1);
} else if (output instanceof XMLStreamWriter) {
final FinalOutputProcessor finalOutputProcessor = new FinalOutputProcessor((XMLStreamWriter) output);
- initializeOutputProcessor(outputProcessorChain, finalOutputProcessor, null);
+ initializeOutputProcessor(outputProcessorChain, finalOutputProcessor, null, -1);
} else {
throw new IllegalArgumentException(output + " is not supported as output");
@@ -227,9 +227,17 @@ public class OutboundWSSec {
private void initializeOutputProcessor(
OutputProcessorChainImpl outputProcessorChain, OutputProcessor outputProcessor,
- XMLSecurityConstants.Action action) throws XMLSecurityException {
+ XMLSecurityConstants.Action action, int actionOrder) throws XMLSecurityException {
+ if (actionOrder > -1) {
+ outputProcessor.addAfterProcessor(TimestampOutputProcessor.class);
+ outputProcessor.addAfterProcessor(UsernameTokenOutputProcessor.class);
+ outputProcessor.addAfterProcessor(SignatureConfirmationOutputProcessor.class);
+ outputProcessor.addAfterProcessor(CustomTokenOutputProcessor.class);
+ outputProcessor.addAfterProcessor(BinarySecurityTokenOutputProcessor.class);
+ outputProcessor.addAfterProcessor(SAMLTokenOutputProcessor.class);
+ }
outputProcessor.setXMLSecurityProperties(securityProperties);
- outputProcessor.setAction(action);
+ outputProcessor.setAction(action, actionOrder);
outputProcessor.init(outputProcessorChain);
}
@@ -587,63 +595,63 @@ public class OutboundWSSec {
}
}
+ int actionOrder = -1;
for (XMLSecurityConstants.Action action : securityProperties.getActions()) {
if (WSSConstants.TIMESTAMP.equals(action)) {
final TimestampOutputProcessor timestampOutputProcessor = new TimestampOutputProcessor();
- initializeOutputProcessor(outputProcessorChain, timestampOutputProcessor, action);
-
+ initializeOutputProcessor(outputProcessorChain, timestampOutputProcessor, action, -1);
} else if (WSSConstants.SIGNATURE.equals(action)) {
configuredAction.signatureAction = true;
final BinarySecurityTokenOutputProcessor binarySecurityTokenOutputProcessor =
new BinarySecurityTokenOutputProcessor();
- initializeOutputProcessor(outputProcessorChain, binarySecurityTokenOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain, binarySecurityTokenOutputProcessor, action, -1);
final WSSSignatureOutputProcessor signatureOutputProcessor = new WSSSignatureOutputProcessor();
- initializeOutputProcessor(outputProcessorChain, signatureOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain, signatureOutputProcessor, action, ++actionOrder);
} else if (WSSConstants.ENCRYPTION.equals(action)) {
configuredAction.encryptionAction = true;
-
EncryptedKeyOutputProcessor encryptedKeyOutputProcessor = null;
+ ++actionOrder;
if (securityProperties.isEncryptSymmetricEncryptionKey()) {
final BinarySecurityTokenOutputProcessor binarySecurityTokenOutputProcessor =
new BinarySecurityTokenOutputProcessor();
- initializeOutputProcessor(outputProcessorChain, binarySecurityTokenOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain, binarySecurityTokenOutputProcessor, action, -1);
encryptedKeyOutputProcessor = new EncryptedKeyOutputProcessor();
- initializeOutputProcessor(outputProcessorChain, encryptedKeyOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain, encryptedKeyOutputProcessor, action, actionOrder);
}
final EncryptOutputProcessor encryptOutputProcessor = new EncryptOutputProcessor();
- initializeOutputProcessor(outputProcessorChain, encryptOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain, encryptOutputProcessor, action, actionOrder);
if (encryptedKeyOutputProcessor == null) {
final ReferenceListOutputProcessor referenceListOutputProcessor = new ReferenceListOutputProcessor();
referenceListOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class);
- initializeOutputProcessor(outputProcessorChain, referenceListOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain, referenceListOutputProcessor, action, actionOrder);
}
} else if (WSSConstants.USERNAMETOKEN.equals(action)) {
final UsernameTokenOutputProcessor usernameTokenOutputProcessor = new UsernameTokenOutputProcessor();
- initializeOutputProcessor(outputProcessorChain, usernameTokenOutputProcessor, action);
-
+ initializeOutputProcessor(outputProcessorChain, usernameTokenOutputProcessor, action, -1);
} else if (WSSConstants.USERNAMETOKEN_SIGNED.equals(action)) {
final UsernameTokenOutputProcessor usernameTokenOutputProcessor = new UsernameTokenOutputProcessor();
- initializeOutputProcessor(outputProcessorChain, usernameTokenOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain, usernameTokenOutputProcessor, action, -1);
final WSSSignatureOutputProcessor signatureOutputProcessor = new WSSSignatureOutputProcessor();
- initializeOutputProcessor(outputProcessorChain, signatureOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain, signatureOutputProcessor, action, ++actionOrder);
} else if (WSSConstants.SIGNATURE_CONFIRMATION.equals(action)) {
final SignatureConfirmationOutputProcessor signatureConfirmationOutputProcessor =
new SignatureConfirmationOutputProcessor();
- initializeOutputProcessor(outputProcessorChain, signatureConfirmationOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain, signatureConfirmationOutputProcessor, action, -1);
} else if (WSSConstants.SIGNATURE_WITH_DERIVED_KEY.equals(action)) {
+ ++actionOrder;
if (securityProperties.getDerivedKeyTokenReference() == WSSConstants.DerivedKeyTokenReference.EncryptedKey) {
if (derivedSignatureButNotDerivedEncryption) {
final EncryptedKeyOutputProcessor encryptedKeyOutputProcessor = new EncryptedKeyOutputProcessor();
- initializeOutputProcessor(outputProcessorChain, encryptedKeyOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain, encryptedKeyOutputProcessor, action, actionOrder);
}
configuredAction.encryptionAction = true;
configuredAction.derivedEncryption = true;
@@ -651,7 +659,7 @@ public class OutboundWSSec {
== WSSConstants.DerivedKeyTokenReference.SecurityContextToken) {
final SecurityContextTokenOutputProcessor securityContextTokenOutputProcessor =
new SecurityContextTokenOutputProcessor();
- initializeOutputProcessor(outputProcessorChain, securityContextTokenOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain, securityContextTokenOutputProcessor, action, -1);
configuredAction.signatureAction = true;
configuredAction.derivedSignature = true;
} else {
@@ -660,10 +668,10 @@ public class OutboundWSSec {
}
final DerivedKeyTokenOutputProcessor derivedKeyTokenOutputProcessor = new DerivedKeyTokenOutputProcessor();
- initializeOutputProcessor(outputProcessorChain, derivedKeyTokenOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain, derivedKeyTokenOutputProcessor, action, -1);
final WSSSignatureOutputProcessor signatureOutputProcessor = new WSSSignatureOutputProcessor();
- initializeOutputProcessor(outputProcessorChain, signatureOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain, signatureOutputProcessor, action, actionOrder);
} else if (WSSConstants.ENCRYPTION_WITH_DERIVED_KEY.equals(action)) {
configuredAction.encryptionAction = true;
@@ -671,39 +679,40 @@ public class OutboundWSSec {
EncryptedKeyOutputProcessor encryptedKeyOutputProcessor = null;
+ ++actionOrder;
if (securityProperties.getDerivedKeyTokenReference() == WSSConstants.DerivedKeyTokenReference.EncryptedKey) {
encryptedKeyOutputProcessor = new EncryptedKeyOutputProcessor();
- initializeOutputProcessor(outputProcessorChain, encryptedKeyOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain, encryptedKeyOutputProcessor, action, actionOrder);
} else if (securityProperties.getDerivedKeyTokenReference()
== WSSConstants.DerivedKeyTokenReference.SecurityContextToken) {
final SecurityContextTokenOutputProcessor securityContextTokenOutputProcessor =
new SecurityContextTokenOutputProcessor();
- initializeOutputProcessor(outputProcessorChain, securityContextTokenOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain, securityContextTokenOutputProcessor, action, actionOrder);
}
final DerivedKeyTokenOutputProcessor derivedKeyTokenOutputProcessor = new DerivedKeyTokenOutputProcessor();
- initializeOutputProcessor(outputProcessorChain, derivedKeyTokenOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain, derivedKeyTokenOutputProcessor, action, actionOrder);
final EncryptOutputProcessor encryptOutputProcessor = new EncryptOutputProcessor();
- initializeOutputProcessor(outputProcessorChain, encryptOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain, encryptOutputProcessor, action, actionOrder);
if (encryptedKeyOutputProcessor == null) {
final ReferenceListOutputProcessor referenceListOutputProcessor = new ReferenceListOutputProcessor();
referenceListOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class);
- initializeOutputProcessor(outputProcessorChain, referenceListOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain, referenceListOutputProcessor, action, actionOrder);
}
} else if (WSSConstants.SAML_TOKEN_SIGNED.equals(action)) {
configuredAction.signatureAction = true;
configuredAction.signedSAML = true;
final BinarySecurityTokenOutputProcessor binarySecurityTokenOutputProcessor =
new BinarySecurityTokenOutputProcessor();
- initializeOutputProcessor(outputProcessorChain, binarySecurityTokenOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain, binarySecurityTokenOutputProcessor, action, -1);
final SAMLTokenOutputProcessor samlTokenOutputProcessor = new SAMLTokenOutputProcessor();
- initializeOutputProcessor(outputProcessorChain, samlTokenOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain, samlTokenOutputProcessor, action, -1);
final WSSSignatureOutputProcessor signatureOutputProcessor = new WSSSignatureOutputProcessor();
- initializeOutputProcessor(outputProcessorChain, signatureOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain, signatureOutputProcessor, action, ++actionOrder);
if (securityProperties.getDocumentCreator() == null) {
try {
@@ -715,7 +724,7 @@ public class OutboundWSSec {
} else if (WSSConstants.SAML_TOKEN_UNSIGNED.equals(action)) {
final SAMLTokenOutputProcessor samlTokenOutputProcessor = new SAMLTokenOutputProcessor();
- initializeOutputProcessor(outputProcessorChain, samlTokenOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain, samlTokenOutputProcessor, action, -1);
if (securityProperties.getDocumentCreator() == null) {
try {
@@ -729,28 +738,28 @@ public class OutboundWSSec {
configuredAction.signatureKerberos = true;
final BinarySecurityTokenOutputProcessor kerberosTokenOutputProcessor =
new BinarySecurityTokenOutputProcessor();
- initializeOutputProcessor(outputProcessorChain, kerberosTokenOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain, kerberosTokenOutputProcessor, action, -1);
final WSSSignatureOutputProcessor signatureOutputProcessor = new WSSSignatureOutputProcessor();
- initializeOutputProcessor(outputProcessorChain, signatureOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain, signatureOutputProcessor, action, ++actionOrder);
} else if (WSSConstants.ENCRYPTION_WITH_KERBEROS_TOKEN.equals(action)) {
configuredAction.kerberos = true;
configuredAction.encryptionKerberos = true;
final BinarySecurityTokenOutputProcessor kerberosTokenOutputProcessor =
new BinarySecurityTokenOutputProcessor();
- initializeOutputProcessor(outputProcessorChain, kerberosTokenOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain, kerberosTokenOutputProcessor, action, -1);
final EncryptOutputProcessor encryptOutputProcessor = new EncryptOutputProcessor();
- initializeOutputProcessor(outputProcessorChain, encryptOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain, encryptOutputProcessor, action, ++actionOrder);
} else if (WSSConstants.KERBEROS_TOKEN.equals(action)) {
configuredAction.kerberos = true;
final BinarySecurityTokenOutputProcessor kerberosTokenOutputProcessor =
new BinarySecurityTokenOutputProcessor();
- initializeOutputProcessor(outputProcessorChain, kerberosTokenOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain, kerberosTokenOutputProcessor, action, -1);
} else if (WSSConstants.CUSTOM_TOKEN.equals(action)) {
final CustomTokenOutputProcessor unknownTokenOutputProcessor =
new CustomTokenOutputProcessor();
- initializeOutputProcessor(outputProcessorChain, unknownTokenOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain, unknownTokenOutputProcessor, action, -1);
}
}