You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2011/03/18 18:19:41 UTC

svn commit: r1082979 - in /cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security: SecurityConstants.java wss4j/AbstractWSS4JInterceptor.java wss4j/WSS4JInInterceptor.java wss4j/WSS4JOutInterceptor.java

Author: coheigea
Date: Fri Mar 18 17:19:40 2011
New Revision: 1082979

URL: http://svn.apache.org/viewvc?rev=1082979&view=rev
Log:
Added some new configuration tags for BSP compliance and Future TTL for Timestamp processing.

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=1082979&r1=1082978&r2=1082979&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java Fri Mar 18 17:19:40 2011
@@ -64,6 +64,22 @@ public final class SecurityConstants {
     public static final String ALWAYS_ENCRYPT_UT = "ws-security.username-token.always.encrypted";
     
     /**
+     * Whether to ensure compliance with the Basic Security Profile (BSP) 1.1 or not. The
+     * default value is "true".
+     */
+    public static final String IS_BSP_COMPLIANT = "ws-security.is-bsp-compliant";
+    
+    /**
+     * This configuration tag specifies the time in seconds in the future within which
+     * the Created time of an incoming Timestamp is valid. WSS4J rejects by default any
+     * timestamp which is "Created" in the future, and so there could potentially be
+     * problems in a scenario where a client's clock is slightly askew. The default
+     * value for this parameter is "0", meaning that no future-created Timestamps are
+     * allowed.
+     */
+    public static final String TIMESTAMP_FUTURE_TTL = "ws-security.timestamp.futureTimeToLive";
+    
+    /**
      * WCF's trust server sometimes will encrypt the token in the response IN ADDITION TO
      * the full security on the message. These properties control the way the STS client
      * will decrypt the EncryptedData elements in the response
@@ -92,7 +108,7 @@ public final class SecurityConstants {
             STS_TOKEN_DO_CANCEL, TIMESTAMP_TTL, ALWAYS_ENCRYPT_UT,
             STS_TOKEN_ACT_AS, STS_TOKEN_USERNAME, STS_TOKEN_USE_CERT_FOR_KEYINFO,
             SAML1_TOKEN_VALIDATOR, SAML2_TOKEN_VALIDATOR, TIMESTAMP_TOKEN_VALIDATOR,
-            SIGNATURE_TOKEN_VALIDATOR
+            SIGNATURE_TOKEN_VALIDATOR, IS_BSP_COMPLIANT, TIMESTAMP_FUTURE_TTL
         }));
         ALL_PROPERTIES = Collections.unmodifiableSet(s);
     }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java?rev=1082979&r1=1082978&r2=1082979&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java Fri Mar 18 17:19:40 2011
@@ -38,12 +38,14 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.phase.PhaseInterceptor;
 import org.apache.cxf.resource.ResourceManager;
+import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.components.crypto.Crypto;
 import org.apache.ws.security.components.crypto.CryptoFactory;
 import org.apache.ws.security.handler.RequestData;
 import org.apache.ws.security.handler.WSHandler;
+import org.apache.ws.security.handler.WSHandlerConstants;
 
 public abstract class AbstractWSS4JInterceptor extends WSHandler implements SoapInterceptor, 
     PhaseInterceptor<SoapMessage> {
@@ -154,6 +156,18 @@ public abstract class AbstractWSS4JInter
     protected boolean isRequestor(SoapMessage message) {
         return MessageUtils.isRequestor(message);
     }  
+    
+    protected void translateProperties(SoapMessage msg) {
+        String bspCompliant = (String)msg.getContextualProperty(SecurityConstants.IS_BSP_COMPLIANT);
+        if (bspCompliant != null) {
+            setProperty(WSHandlerConstants.IS_BSP_COMPLIANT, bspCompliant);
+        }
+        String futureTTL = 
+            (String)msg.getContextualProperty(SecurityConstants.TIMESTAMP_FUTURE_TTL);
+        if (futureTTL != null) {
+            setProperty(WSHandlerConstants.TTL_FUTURE_TIMESTAMP, futureTTL);
+        }
+    }
 
     @Override
     protected Crypto loadCryptoFromPropertiesFile(

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1082979&r1=1082978&r2=1082979&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java Fri Mar 18 17:19:40 2011
@@ -175,6 +175,7 @@ public class WSS4JInInterceptor extends 
         
         boolean utWithCallbacks = 
             MessageUtils.getContextualBoolean(msg, SecurityConstants.VALIDATE_TOKEN, true);
+        translateProperties(msg);
         
         RequestData reqData = new CXFRequestData();
 

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java?rev=1082979&r1=1082978&r2=1082979&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java Fri Mar 18 17:19:40 2011
@@ -164,6 +164,7 @@ public class WSS4JOutInterceptor extends
             }
             SoapVersion version = mc.getVersion();
             RequestData reqData = new RequestData();
+            translateProperties(mc);
     
             reqData.setMsgContext(mc);