You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2011/03/18 18:19:41 UTC
svn commit: r1082979 - in
/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security:
SecurityConstants.java wss4j/AbstractWSS4JInterceptor.java
wss4j/WSS4JInInterceptor.java wss4j/WSS4JOutInterceptor.java
Author: coheigea
Date: Fri Mar 18 17:19:40 2011
New Revision: 1082979
URL: http://svn.apache.org/viewvc?rev=1082979&view=rev
Log:
Added some new configuration tags for BSP compliance and Future TTL for Timestamp processing.
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=1082979&r1=1082978&r2=1082979&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java Fri Mar 18 17:19:40 2011
@@ -64,6 +64,22 @@ public final class SecurityConstants {
public static final String ALWAYS_ENCRYPT_UT = "ws-security.username-token.always.encrypted";
/**
+ * Whether to ensure compliance with the Basic Security Profile (BSP) 1.1 or not. The
+ * default value is "true".
+ */
+ public static final String IS_BSP_COMPLIANT = "ws-security.is-bsp-compliant";
+
+ /**
+ * This configuration tag specifies the time in seconds in the future within which
+ * the Created time of an incoming Timestamp is valid. WSS4J rejects by default any
+ * timestamp which is "Created" in the future, and so there could potentially be
+ * problems in a scenario where a client's clock is slightly askew. The default
+ * value for this parameter is "0", meaning that no future-created Timestamps are
+ * allowed.
+ */
+ public static final String TIMESTAMP_FUTURE_TTL = "ws-security.timestamp.futureTimeToLive";
+
+ /**
* WCF's trust server sometimes will encrypt the token in the response IN ADDITION TO
* the full security on the message. These properties control the way the STS client
* will decrypt the EncryptedData elements in the response
@@ -92,7 +108,7 @@ public final class SecurityConstants {
STS_TOKEN_DO_CANCEL, TIMESTAMP_TTL, ALWAYS_ENCRYPT_UT,
STS_TOKEN_ACT_AS, STS_TOKEN_USERNAME, STS_TOKEN_USE_CERT_FOR_KEYINFO,
SAML1_TOKEN_VALIDATOR, SAML2_TOKEN_VALIDATOR, TIMESTAMP_TOKEN_VALIDATOR,
- SIGNATURE_TOKEN_VALIDATOR
+ SIGNATURE_TOKEN_VALIDATOR, IS_BSP_COMPLIANT, TIMESTAMP_FUTURE_TTL
}));
ALL_PROPERTIES = Collections.unmodifiableSet(s);
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java?rev=1082979&r1=1082978&r2=1082979&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java Fri Mar 18 17:19:40 2011
@@ -38,12 +38,14 @@ import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.phase.PhaseInterceptor;
import org.apache.cxf.resource.ResourceManager;
+import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.handler.WSHandler;
+import org.apache.ws.security.handler.WSHandlerConstants;
public abstract class AbstractWSS4JInterceptor extends WSHandler implements SoapInterceptor,
PhaseInterceptor<SoapMessage> {
@@ -154,6 +156,18 @@ public abstract class AbstractWSS4JInter
protected boolean isRequestor(SoapMessage message) {
return MessageUtils.isRequestor(message);
}
+
+ protected void translateProperties(SoapMessage msg) {
+ String bspCompliant = (String)msg.getContextualProperty(SecurityConstants.IS_BSP_COMPLIANT);
+ if (bspCompliant != null) {
+ setProperty(WSHandlerConstants.IS_BSP_COMPLIANT, bspCompliant);
+ }
+ String futureTTL =
+ (String)msg.getContextualProperty(SecurityConstants.TIMESTAMP_FUTURE_TTL);
+ if (futureTTL != null) {
+ setProperty(WSHandlerConstants.TTL_FUTURE_TIMESTAMP, futureTTL);
+ }
+ }
@Override
protected Crypto loadCryptoFromPropertiesFile(
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1082979&r1=1082978&r2=1082979&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java Fri Mar 18 17:19:40 2011
@@ -175,6 +175,7 @@ public class WSS4JInInterceptor extends
boolean utWithCallbacks =
MessageUtils.getContextualBoolean(msg, SecurityConstants.VALIDATE_TOKEN, true);
+ translateProperties(msg);
RequestData reqData = new CXFRequestData();
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java?rev=1082979&r1=1082978&r2=1082979&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java Fri Mar 18 17:19:40 2011
@@ -164,6 +164,7 @@ public class WSS4JOutInterceptor extends
}
SoapVersion version = mc.getVersion();
RequestData reqData = new RequestData();
+ translateProperties(mc);
reqData.setMsgContext(mc);