You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2010/06/21 22:26:58 UTC
svn commit: r956682 - in /cxf/branches/2.2.x-fixes: ./
rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/
rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/
Author: sergeyb
Date: Mon Jun 21 20:26:58 2010
New Revision: 956682
URL: http://svn.apache.org/viewvc?rev=956682&view=rev
Log:
CXF-2754: updates for dealing with digests
Modified:
cxf/branches/2.2.x-fixes/ (props changed)
cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/UsernameTokenBuilder.java
cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java
cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/UserNameTokenAuthorizationTest.java
Propchange: cxf/branches/2.2.x-fixes/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Jun 21 20:26:58 2010
@@ -1 +1 @@
-/cxf/trunk:956088
+/cxf/trunk:956088,956658
Propchange: cxf/branches/2.2.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.
Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/UsernameTokenBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/UsernameTokenBuilder.java?rev=956682&r1=956681&r2=956682&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/UsernameTokenBuilder.java (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/UsernameTokenBuilder.java Mon Jun 21 20:26:58 2010
@@ -24,8 +24,9 @@ import java.util.List;
import javax.xml.namespace.QName;
import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
-import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.ws.policy.AssertionBuilder;
import org.apache.cxf.ws.policy.PolicyAssertion;
import org.apache.cxf.ws.policy.PolicyBuilder;
@@ -60,23 +61,29 @@ public class UsernameTokenBuilder implem
Element polEl = PolicyConstants.findPolicyElement(element);
if (polEl != null) {
- Element child = DOMUtils.getFirstElement(polEl);
- if (child != null) {
- QName qname = new QName(child.getNamespaceURI(), child.getLocalName());
- if (SPConstants.USERNAME_TOKEN10.equals(qname.getLocalPart())) {
- usernameToken.setUseUTProfile10(true);
- } else if (SPConstants.USERNAME_TOKEN11.equals(qname.getLocalPart())) {
- usernameToken.setUseUTProfile11(true);
- } else if (SP12Constants.NO_PASSWORD.equals(qname)) {
- usernameToken.setNoPassword(true);
- } else if (SP12Constants.HASH_PASSWORD.equals(qname)) {
- usernameToken.setHashPassword(true);
- } else if (SP12Constants.REQUIRE_DERIVED_KEYS.equals(qname)) {
- usernameToken.setDerivedKeys(true);
- } else if (SP12Constants.REQUIRE_EXPLICIT_DERIVED_KEYS.equals(qname)) {
- usernameToken.setExplicitDerivedKeys(true);
- } else if (SP12Constants.REQUIRE_IMPLIED_DERIVED_KEYS.equals(qname)) {
- usernameToken.setImpliedDerivedKeys(true);
+ NodeList children = polEl.getChildNodes();
+ if (children != null) {
+ for (int i = 0; i < children.getLength(); i++) {
+ Node child = children.item(i);
+ if (child instanceof Element) {
+ child = (Element)child;
+ QName qname = new QName(child.getNamespaceURI(), child.getLocalName());
+ if (SPConstants.USERNAME_TOKEN10.equals(qname.getLocalPart())) {
+ usernameToken.setUseUTProfile10(true);
+ } else if (SPConstants.USERNAME_TOKEN11.equals(qname.getLocalPart())) {
+ usernameToken.setUseUTProfile11(true);
+ } else if (SP12Constants.NO_PASSWORD.equals(qname)) {
+ usernameToken.setNoPassword(true);
+ } else if (SP12Constants.HASH_PASSWORD.equals(qname)) {
+ usernameToken.setHashPassword(true);
+ } else if (SP12Constants.REQUIRE_DERIVED_KEYS.equals(qname)) {
+ usernameToken.setDerivedKeys(true);
+ } else if (SP12Constants.REQUIRE_EXPLICIT_DERIVED_KEYS.equals(qname)) {
+ usernameToken.setExplicitDerivedKeys(true);
+ } else if (SP12Constants.REQUIRE_IMPLIED_DERIVED_KEYS.equals(qname)) {
+ usernameToken.setImpliedDerivedKeys(true);
+ }
+ }
}
}
}
Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java?rev=956682&r1=956681&r2=956682&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java Mon Jun 21 20:26:58 2010
@@ -89,7 +89,9 @@ public abstract class AbstractUsernameTo
supportDigestPasswords = support;
}
-
+ public boolean getSupportDigestPasswords() {
+ return supportDigestPasswords;
+ }
@Override
protected SecurityContext createSecurityContext(final Principal p) {
@@ -165,7 +167,11 @@ public abstract class AbstractUsernameTo
protected CallbackHandler getCallback(RequestData reqData, int doAction)
throws WSSecurityException {
- if ((doAction & WSConstants.UT) != 0 && !supportDigestPasswords) {
+ // Given that a custom UT processor is used for dealing with digests
+ // no callback handler is required when the request UT contains a digest;
+ // however a custom callback may still be needed for decrypting the encrypted UT
+
+ if ((doAction & WSConstants.UT) != 0) {
CallbackHandler pwdCallback = null;
try {
pwdCallback = super.getCallback(reqData, doAction);
@@ -184,7 +190,6 @@ public abstract class AbstractUsernameTo
return super.getSecurityEngine();
}
Map<QName, Object> profiles = new HashMap<QName, Object>(3);
- profiles.put(new QName(WSConstants.USERNAMETOKEN_NS, WSConstants.USERNAME_TOKEN_LN), this);
profiles.put(new QName(WSConstants.WSSE_NS, WSConstants.USERNAME_TOKEN_LN), this);
profiles.put(new QName(WSConstants.WSSE11_NS, WSConstants.USERNAME_TOKEN_LN), this);
return createSecurityEngine(profiles);
@@ -202,7 +207,7 @@ public abstract class AbstractUsernameTo
}
- private class DelegatingCallbackHandler implements CallbackHandler {
+ protected class DelegatingCallbackHandler implements CallbackHandler {
private CallbackHandler pwdHandler;
Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/UserNameTokenAuthorizationTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/UserNameTokenAuthorizationTest.java?rev=956682&r1=956681&r2=956682&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/UserNameTokenAuthorizationTest.java (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/UserNameTokenAuthorizationTest.java Mon Jun 21 20:26:58 2010
@@ -66,7 +66,7 @@ public class UserNameTokenAuthorizationT
wsIn.setProperty(WSHandlerConstants.SIG_PROP_FILE, "META-INF/cxf/insecurity.properties");
wsIn.setProperty(WSHandlerConstants.DEC_PROP_FILE, "META-INF/cxf/insecurity.properties");
wsIn.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, TestPwdCallback.class.getName());
-
+
service.getInInterceptors().add(wsIn);
SimpleAuthorizingInterceptor sai = new SimpleAuthorizingInterceptor();