You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/02/08 12:43:19 UTC
svn commit: r1443953 - in /cxf/branches/2.7.x-fixes: parent/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/
systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/
Author: coheigea
Date: Fri Feb 8 11:43:18 2013
New Revision: 1443953
URL: http://svn.apache.org/r1443953
Log:
Upgrading to WSS4J 1.6.10-SNAPSHOT
Conflicts:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
Modified:
cxf/branches/2.7.x-fixes/parent/pom.xml
cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/DoubleItUtDerived.wsdl
Modified: cxf/branches/2.7.x-fixes/parent/pom.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/parent/pom.xml?rev=1443953&r1=1443952&r2=1443953&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/parent/pom.xml (original)
+++ cxf/branches/2.7.x-fixes/parent/pom.xml Fri Feb 8 11:43:18 2013
@@ -156,7 +156,7 @@
<cxf.woodstox.core.version>4.1.4</cxf.woodstox.core.version>
<cxf.woodstox.stax2-api.version>3.1.1</cxf.woodstox.stax2-api.version>
<cxf.wsdl4j.version>1.6.2</cxf.wsdl4j.version>
- <cxf.wss4j.version>1.6.9</cxf.wss4j.version>
+ <cxf.wss4j.version>1.6.10-SNAPSHOT</cxf.wss4j.version>
<cxf.xmlbeans.version>2.6.0</cxf.xmlbeans.version>
<cxf.xmlschema.version>2.0.3</cxf.xmlschema.version>
<cxf.xpp3.bundle.version>1.1.4c_6</cxf.xpp3.bundle.version>
Modified: cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=1443953&r1=1443952&r2=1443953&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java (original)
+++ cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java Fri Feb 8 11:43:18 2013
@@ -68,6 +68,7 @@ import org.apache.cxf.ws.security.policy
import org.apache.cxf.ws.security.policy.model.SignedEncryptedElements;
import org.apache.cxf.ws.security.policy.model.SignedEncryptedParts;
import org.apache.cxf.ws.security.policy.model.SupportingToken;
+import org.apache.cxf.ws.security.policy.model.UsernameToken;
import org.apache.cxf.ws.security.policy.model.Wss11;
import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageScope;
import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageType;
@@ -280,6 +281,21 @@ public class PolicyBasedWSS4JInIntercept
return action;
}
+ private void checkUsernameToken(
+ AssertionInfoMap aim, SoapMessage message
+ ) throws WSSecurityException {
+ Collection<AssertionInfo> ais = aim.get(SP12Constants.USERNAME_TOKEN);
+
+ if (ais != null && !ais.isEmpty()) {
+ for (AssertionInfo ai : ais) {
+ UsernameToken policy = (UsernameToken)ai.getAssertion();
+ if (policy.isNoPassword()) {
+ message.put(WSHandlerConstants.ALLOW_USERNAMETOKEN_NOPASSWORD, "true");
+ }
+ }
+ }
+ }
+
private String checkSymmetricBinding(
AssertionInfoMap aim, String action, SoapMessage message
) throws WSSecurityException {
@@ -585,6 +601,7 @@ public class PolicyBasedWSS4JInIntercept
action = checkAsymmetricBinding(aim, action, message);
action = checkSymmetricBinding(aim, action, message);
action = checkTransportBinding(aim, action, message);
+ checkUsernameToken(aim, message);
// stuff we can default to asserted and un-assert if a condition isn't met
assertPolicy(aim, SP12Constants.KEYVALUE_TOKEN);
Modified: cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java?rev=1443953&r1=1443952&r2=1443953&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java (original)
+++ cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java Fri Feb 8 11:43:18 2013
@@ -124,6 +124,7 @@ public class UsernameTokenInterceptor ex
boolean bspCompliant = isWsiBSPCompliant(message);
boolean utWithCallbacks =
MessageUtils.getContextualBoolean(message, SecurityConstants.VALIDATE_TOKEN, true);
+ boolean allowNoPassword = isAllowNoPassword(message.get(AssertionInfoMap.class));
if (utWithCallbacks) {
UsernameTokenProcessor p = new UsernameTokenProcessor();
WSDocInfo wsDocInfo = new WSDocInfo(tokenElement.getOwnerDocument());
@@ -150,6 +151,7 @@ public class UsernameTokenInterceptor ex
WSSConfig config = WSSConfig.getNewInstance();
config.setWsiBSPCompliant(bspCompliant);
+ config.setAllowUsernameTokenNoPassword(allowNoPassword);
data.setWssConfig(config);
List<WSSecurityEngineResult> results =
p.handleToken(tokenElement, data, wsDocInfo);
@@ -181,6 +183,21 @@ public class UsernameTokenInterceptor ex
return !("false".equals(bspc) || "0".equals(bspc));
}
+ private boolean isAllowNoPassword(AssertionInfoMap aim) throws WSSecurityException {
+ Collection<AssertionInfo> ais = aim.get(SP12Constants.USERNAME_TOKEN);
+
+ if (ais != null && !ais.isEmpty()) {
+ for (AssertionInfo ai : ais) {
+ UsernameToken policy = (UsernameToken)ai.getAssertion();
+ if (policy.isNoPassword()) {
+ return true;
+ }
+ }
+ }
+
+ return false;
+ }
+
protected SecurityContext createSecurityContext(final Principal p, Subject subject) {
return new DefaultSecurityContext(p, subject);
}
Modified: cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/DoubleItUtDerived.wsdl
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/DoubleItUtDerived.wsdl?rev=1443953&r1=1443952&r2=1443953&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/DoubleItUtDerived.wsdl (original)
+++ cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/DoubleItUtDerived.wsdl Fri Feb 8 11:43:18 2013
@@ -212,6 +212,7 @@
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken10/>
+ <sp:NoPassword/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
@@ -245,6 +246,7 @@
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken10/>
+ <sp:NoPassword/>
<sp:RequireDerivedKeys/>
</wsp:Policy>
</sp:UsernameToken>
@@ -279,6 +281,7 @@
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken10/>
+ <sp:NoPassword/>
<sp:RequireDerivedKeys/>
</wsp:Policy>
</sp:UsernameToken>
@@ -332,6 +335,7 @@
<wsp:Policy>
<sp:WssUsernameToken10/>
<!-- <sp:RequireDerivedKeys/> -->
+ <sp:NoPassword/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
@@ -376,6 +380,7 @@
<wsp:Policy>
<sp:WssUsernameToken10/>
<!-- <sp:RequireDerivedKeys/> -->
+ <sp:NoPassword/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
@@ -420,6 +425,7 @@
<wsp:Policy>
<sp:WssUsernameToken10/>
<!-- <sp:RequireDerivedKeys/> -->
+ <sp:NoPassword/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
@@ -464,6 +470,7 @@
<wsp:Policy>
<sp:WssUsernameToken10/>
<!-- <sp:RequireDerivedKeys/> -->
+ <sp:NoPassword/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>