Copied: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java (from r1221333, cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java) URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java?p2=cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java&p1=cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java&r1=1221333&r2=1221366&rev=1221366&view=diff ============================================================================== --- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java (original) +++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java Tue Dec 20 17:41:59 2011 @@ -20,12 +20,12 @@ package org.apache.cxf.ws.security.policy.interceptors; import java.util.Collection; -import java.util.Map; + +import javax.security.auth.callback.CallbackHandler; import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.endpoint.Endpoint; import org.apache.cxf.interceptor.Fault; -import org.apache.cxf.message.Message; import org.apache.cxf.phase.AbstractPhaseInterceptor; import org.apache.cxf.phase.Phase; import org.apache.cxf.ws.addressing.AddressingProperties; @@ -33,131 +33,97 @@ import org.apache.cxf.ws.policy.Assertio import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.security.SecurityConstants; import org.apache.cxf.ws.security.policy.SP12Constants; -import org.apache.cxf.ws.security.policy.model.SecureConversationToken; import org.apache.cxf.ws.security.policy.model.Trust10; import org.apache.cxf.ws.security.policy.model.Trust13; import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.cxf.ws.security.trust.STSClient; import org.apache.cxf.ws.security.trust.STSUtils; -import org.apache.ws.security.WSConstants; +import org.apache.ws.security.WSSecurityException; +import org.apache.ws.security.spnego.SpnegoTokenContext; +import org.apache.ws.security.util.Base64; -class SecureConversationOutInterceptor extends AbstractPhaseInterceptor<SoapMessage> { - public SecureConversationOutInterceptor() { +class SpnegoContextTokenOutInterceptor extends AbstractPhaseInterceptor<SoapMessage> { + public SpnegoContextTokenOutInterceptor() { super(Phase.PREPARE_SEND); } public void handleMessage(SoapMessage message) throws Fault { AssertionInfoMap aim = message.get(AssertionInfoMap.class); // extract Assertion information if (aim != null) { - Collection<AssertionInfo> ais = aim.get(SP12Constants.SECURE_CONVERSATION_TOKEN); + Collection<AssertionInfo> ais = aim.get(SP12Constants.SPNEGO_CONTEXT_TOKEN); if (ais == null || ais.isEmpty()) { return; } if (isRequestor(message)) { - SecureConversationToken itok = (SecureConversationToken)ais.iterator() - .next().getAssertion(); - SecurityToken tok = (SecurityToken)message.getContextualProperty(SecurityConstants.TOKEN); if (tok == null) { String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID); if (tokId != null) { - tok = SecureConversationTokenInterceptorProvider - .getTokenStore(message).getToken(tokId); + tok = NegotiationUtils.getTokenStore(message).getToken(tokId); } } if (tok == null) { - tok = issueToken(message, aim, itok); - } else { - renewToken(message, aim, tok, itok); + tok = issueToken(message, aim); } if (tok != null) { for (AssertionInfo ai : ais) { ai.setAsserted(true); } - message.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID, - tok.getId()); - message.getExchange().put(SecurityConstants.TOKEN_ID, - tok.getId()); - SecureConversationTokenInterceptorProvider.getTokenStore(message).add(tok); - + message.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID, tok.getId()); + message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getId()); + NegotiationUtils.getTokenStore(message).add(tok); } } else { - //server side should be checked on the way in + // server side should be checked on the way in for (AssertionInfo ai : ais) { ai.setAsserted(true); - } + } } } } - private void renewToken(SoapMessage message, - AssertionInfoMap aim, - SecurityToken tok, - SecureConversationToken itok) { - if (tok.getState() != SecurityToken.State.EXPIRED) { - return; - } + private SecurityToken issueToken(SoapMessage message, AssertionInfoMap aim) { + // + // Get a SPNEGO token + // + String jaasContext = + (String)message.getContextualProperty(SecurityConstants.KERBEROS_JAAS_CONTEXT_NAME); + String kerberosSpn = + (String)message.getContextualProperty(SecurityConstants.KERBEROS_SPN); + CallbackHandler callbackHandler = + NegotiationUtils.getCallbackHandler( + message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER), this.getClass() + ); - STSClient client = STSUtils.getClient(message, "sct"); - AddressingProperties maps = - (AddressingProperties)message - .get("javax.xml.ws.addressing.context.outbound"); - if (maps == null) { - maps = (AddressingProperties)message - .get("javax.xml.ws.addressing.context"); - } else if (maps.getAction().getValue().endsWith("Renew")) { - return; + SpnegoTokenContext spnegoToken = new SpnegoTokenContext(); + try { + spnegoToken.retrieveServiceTicket(jaasContext, callbackHandler, kerberosSpn); + } catch (WSSecurityException e) { + throw new Fault(e); } - synchronized (client) { - try { - SecureConversationTokenInterceptorProvider.setupClient(client, message, aim, itok, true); - - String s = message - .getContextualProperty(Message.ENDPOINT_ADDRESS).toString(); - client.setLocation(s); - - Map<String, Object> ctx = client.getRequestContext(); - ctx.put(SecurityConstants.TOKEN, tok); - if (maps != null) { - client.setAddressingNamespace(maps.getNamespaceURI()); - } - client.renewSecurityToken(tok); - } catch (RuntimeException e) { - throw e; - } catch (Exception e) { - throw new Fault(e); - } finally { - client.setTrust((Trust10)null); - client.setTrust((Trust13)null); - client.setTemplate(null); - client.setLocation(null); - client.setAddressingNamespace(null); - } - } - } - private SecurityToken issueToken(SoapMessage message, - AssertionInfoMap aim, - SecureConversationToken itok) { - STSClient client = STSUtils.getClient(message, "sct"); + + // + // Now initiate WS-Trust exchange + // + STSClient client = STSUtils.getClient(message, "spnego"); AddressingProperties maps = - (AddressingProperties)message - .get("javax.xml.ws.addressing.context.outbound"); + (AddressingProperties)message.get("javax.xml.ws.addressing.context.outbound"); if (maps == null) { - maps = (AddressingProperties)message - .get("javax.xml.ws.addressing.context"); + maps = (AddressingProperties)message.get("javax.xml.ws.addressing.context"); } synchronized (client) { try { - String s = SecureConversationTokenInterceptorProvider - .setupClient(client, message, aim, itok, false); - - SecurityToken tok = null; + String s = SpnegoTokenInterceptorProvider.setupClient(client, message, aim); if (maps != null) { client.setAddressingNamespace(maps.getNamespaceURI()); } - tok = client.requestSecurityToken(s); - tok.setTokenType(WSConstants.WSC_SCT); + SecurityToken tok = client.requestSecurityToken(s, Base64.encode(spnegoToken.getToken())); + + byte[] wrappedTok = spnegoToken.unwrapKey(tok.getSecret()); + tok.setSecret(wrappedTok); + spnegoToken.clear(); + return tok; } catch (RuntimeException e) { throw e; @@ -172,5 +138,5 @@ class SecureConversationOutInterceptor e } } } - + } \ No newline at end of file
Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoTokenInterceptorProvider.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoTokenInterceptorProvider.java?rev=1221366&view=auto ============================================================================== --- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoTokenInterceptorProvider.java (added) +++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoTokenInterceptorProvider.java Tue Dec 20 17:41:59 2011 @@ -0,0 +1,102 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.ws.security.policy.interceptors; + +import java.util.Arrays; +import java.util.Map; +import java.util.logging.Logger; + +import org.apache.cxf.binding.soap.Soap11; +import org.apache.cxf.binding.soap.SoapMessage; +import org.apache.cxf.common.logging.LogUtils; +import org.apache.cxf.message.Message; +import org.apache.cxf.ws.policy.AbstractPolicyInterceptorProvider; +import org.apache.cxf.ws.policy.AssertionInfoMap; +import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.policy.SP11Constants; +import org.apache.cxf.ws.security.policy.SP12Constants; +import org.apache.cxf.ws.security.policy.model.AlgorithmSuite; +import org.apache.cxf.ws.security.trust.STSClient; +import org.apache.neethi.All; +import org.apache.neethi.ExactlyOne; +import org.apache.neethi.Policy; +import org.apache.ws.security.WSSConfig; + +/** + * + */ +public class SpnegoTokenInterceptorProvider extends AbstractPolicyInterceptorProvider { + static final Logger LOG = LogUtils.getL7dLogger(SpnegoTokenInterceptorProvider.class); + + public SpnegoTokenInterceptorProvider() { + super(Arrays.asList(SP11Constants.SPNEGO_CONTEXT_TOKEN, SP12Constants.SPNEGO_CONTEXT_TOKEN)); + this.getOutInterceptors().add(new SpnegoContextTokenOutInterceptor()); + this.getOutFaultInterceptors().add(new SpnegoContextTokenOutInterceptor()); + this.getInInterceptors().add(new SpnegoContextTokenInInterceptor()); + this.getInFaultInterceptors().add(new SpnegoContextTokenInInterceptor()); + } + + static String setupClient(STSClient client, SoapMessage message, AssertionInfoMap aim) { + client.setTrust(NegotiationUtils.getTrust10(aim)); + client.setTrust(NegotiationUtils.getTrust13(aim)); + + Policy p = new Policy(); + ExactlyOne ea = new ExactlyOne(); + p.addPolicyComponent(ea); + All all = new All(); + all.addPolicyComponent(NegotiationUtils.getAddressingPolicy(aim, false)); + ea.addPolicyComponent(all); + + client.setPolicy(p); + client.setSoap11(message.getVersion() == Soap11.getInstance()); + client.setSpnego(true); + + WSSConfig config = WSSConfig.getNewInstance(); + String context = config.getIdAllocator().createSecureId("_", null); + client.setContext(context); + + String s = message.getContextualProperty(Message.ENDPOINT_ADDRESS).toString(); + client.setLocation(s); + AlgorithmSuite suite = NegotiationUtils.getAlgorithmSuite(aim); + if (suite != null) { + client.setAlgorithmSuite(suite); + int x = suite.getMaximumSymmetricKeyLength(); + if (x < 256) { + client.setKeySize(x); + } + } + + Map<String, Object> ctx = client.getRequestContext(); + mapSecurityProps(message, ctx); + + return s; + } + + private static void mapSecurityProps(Message message, Map<String, Object> ctx) { + for (String s : SecurityConstants.ALL_PROPERTIES) { + Object v = message.getContextualProperty(s); + if (v != null) { + ctx.put(s, v); + } + } + } + + +} Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SpnegoContextToken.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SpnegoContextToken.java?rev=1221366&r1=1221365&r2=1221366&view=diff ============================================================================== --- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SpnegoContextToken.java (original) +++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SpnegoContextToken.java Tue Dec 20 17:41:59 2011 @@ -40,7 +40,7 @@ public class SpnegoContextToken extends } public QName getName() { - return SP12Constants.INSTANCE.getKerberosToken(); + return SP12Constants.INSTANCE.getSpnegoContextToken(); } /** Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=1221366&r1=1221365&r2=1221366&view=diff ============================================================================== --- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java (original) +++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java Tue Dec 20 17:41:59 2011 @@ -122,8 +122,10 @@ import org.apache.ws.security.components import org.apache.ws.security.conversation.ConversationException; import org.apache.ws.security.conversation.dkalgo.P_SHA1; import org.apache.ws.security.handler.RequestData; +import org.apache.ws.security.message.token.BinarySecurity; import org.apache.ws.security.message.token.Reference; import org.apache.ws.security.processor.EncryptedKeyProcessor; +import org.apache.ws.security.processor.X509Util; import org.apache.ws.security.util.Base64; import org.apache.ws.security.util.WSSecurityUtil; import org.apache.ws.security.util.XmlSchemaDateFormat; @@ -160,6 +162,7 @@ public class STSClient implements Config protected boolean useCertificateForConfirmationKeyInfo; protected boolean isSecureConv; + protected boolean isSpnego; protected boolean enableLifetime; protected int ttl = 300; @@ -281,6 +284,14 @@ public class STSClient implements Config this.isSecureConv = secureConv; } + public boolean isSpnego() { + return isSpnego; + } + + public void setSpnego(boolean spnego) { + this.isSpnego = spnego; + } + public boolean isEnableAppliesTo() { return enableAppliesTo; } @@ -358,6 +369,10 @@ public class STSClient implements Config this.tokenType = tokenType; } + public String getTokenType() { + return tokenType; + } + public void setSendKeyType(boolean sendKeyType) { this.sendKeyType = sendKeyType; } @@ -558,15 +573,24 @@ public class STSClient implements Config } public SecurityToken requestSecurityToken(String appliesTo) throws Exception { + return requestSecurityToken(appliesTo, null); + } + + public SecurityToken requestSecurityToken(String appliesTo, String binaryExchange) throws Exception { String action = null; if (isSecureConv) { action = namespace + "/RST/SCT"; } - return requestSecurityToken(appliesTo, action, "/Issue", null); + return requestSecurityToken(appliesTo, action, "/Issue", null, binaryExchange); + } + + public SecurityToken requestSecurityToken(String appliesTo, String action, String requestType, + SecurityToken target) throws Exception { + return requestSecurityToken(appliesTo, action, requestType, target, null); } public SecurityToken requestSecurityToken(String appliesTo, String action, String requestType, - SecurityToken target) throws Exception { + SecurityToken target, String binaryExchange) throws Exception { createClient(); BindingOperationInfo boi = findOperation("/RST/Issue"); @@ -612,6 +636,11 @@ public class STSClient implements Config writer.writeEndElement(); } } + + if (isSpnego) { + tokenType = STSUtils.getTokenTypeSCT(namespace); + sendKeyType = false; + } addRequestType(requestType, writer); if (enableAppliesTo) { @@ -649,6 +678,8 @@ public class STSClient implements Config crypto = createCrypto(false); cert = getCert(crypto); writeElementsForRSTPublicKey(writer, cert); + } else if (isSpnego) { + addKeySize(keySize, writer); } if (target != null) { @@ -660,6 +691,10 @@ public class STSClient implements Config StaxUtils.copy(el, writer); writer.writeEndElement(); } + + if (binaryExchange != null) { + addBinaryExchange(binaryExchange, writer); + } Element actAsSecurityToken = getActAsToken(); if (actAsSecurityToken != null) { @@ -727,9 +762,7 @@ public class STSClient implements Config byte[] requestorEntropy = null; if (!wroteKeySize && (!isSecureConv || keySize != 256)) { - writer.writeStartElement("wst", "KeySize", namespace); - writer.writeCharacters(Integer.toString(keySize)); - writer.writeEndElement(); + addKeySize(keySize, writer); } if (requiresEntropy) { @@ -786,6 +819,23 @@ public class STSClient implements Config writer.writeEndElement(); writer.writeEndElement(); } + + protected void addBinaryExchange( + String binaryExchange, + W3CDOMStreamWriter writer + ) throws XMLStreamException { + writer.writeStartElement("wst", "BinaryExchange", namespace); + writer.writeAttribute("EncodingType", BinarySecurity.BASE64_ENCODING); + writer.writeAttribute("ValueType", namespace + "/spnego"); + writer.writeCharacters(binaryExchange); + writer.writeEndElement(); + } + + protected void addKeySize(int keysize, W3CDOMStreamWriter writer) throws XMLStreamException { + writer.writeStartElement("wst", "KeySize", namespace); + writer.writeCharacters(Integer.toString(keysize)); + writer.writeEndElement(); + } protected void addRequestType(String requestType, W3CDOMStreamWriter writer) throws XMLStreamException { writer.writeStartElement("wst", "RequestType", namespace); @@ -1212,21 +1262,42 @@ public class STSClient implements Config } protected byte[] decryptKey(Element child) throws TrustException, WSSecurityException { - try { - EncryptedKeyProcessor proc = new EncryptedKeyProcessor(); - WSDocInfo docInfo = new WSDocInfo(child.getOwnerDocument()); - RequestData data = new RequestData(); - data.setWssConfig(WSSConfig.getNewInstance()); - data.setDecCrypto(createCrypto(true)); - data.setCallbackHandler(createHandler()); - List<WSSecurityEngineResult> result = - proc.handleToken(child, data, docInfo); - return - (byte[])result.get(0).get( - WSSecurityEngineResult.TAG_SECRET - ); - } catch (IOException e) { - throw new TrustException("ENCRYPTED_KEY_ERROR", LOG, e); + String encryptionAlgorithm = X509Util.getEncAlgo(child); + // For the SPNEGO case just return the decoded cipher value and decrypt it later + if (encryptionAlgorithm != null && encryptionAlgorithm.endsWith("spnego#GSS_Wrap")) { + // Get the CipherValue + Element tmpE = + WSSecurityUtil.getDirectChildElement(child, "CipherData", WSConstants.ENC_NS); + byte[] cipherValue = null; + if (tmpE != null) { + tmpE = + WSSecurityUtil.getDirectChildElement(tmpE, "CipherValue", WSConstants.ENC_NS); + if (tmpE != null) { + String content = DOMUtils.getContent(tmpE); + cipherValue = Base64.decode(content); + } + } + if (cipherValue == null) { + throw new WSSecurityException(WSSecurityException.INVALID_SECURITY, "noCipher"); + } + return cipherValue; + } else { + try { + EncryptedKeyProcessor proc = new EncryptedKeyProcessor(); + WSDocInfo docInfo = new WSDocInfo(child.getOwnerDocument()); + RequestData data = new RequestData(); + data.setWssConfig(WSSConfig.getNewInstance()); + data.setDecCrypto(createCrypto(true)); + data.setCallbackHandler(createHandler()); + List<WSSecurityEngineResult> result = + proc.handleToken(child, data, docInfo); + return + (byte[])result.get(0).get( + WSSecurityEngineResult.TAG_SECRET + ); + } catch (IOException e) { + throw new TrustException("ENCRYPTED_KEY_ERROR", LOG, e); + } } } @@ -1318,7 +1389,7 @@ public class STSClient implements Config if (id == null && rur != null) { id = this.getIDFromSTR(rur); } - if (id == null) { + if (id == null && rst != null) { id = rst.getAttributeNS(WSConstants.WSU_NS, "Id"); } return id; Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=1221366&r1=1221365&r2=1221366&view=diff ============================================================================== --- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java (original) +++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java Tue Dec 20 17:41:59 2011 @@ -441,15 +441,6 @@ public class PolicyBasedWSS4JInIntercept } } - /* - WSSecurityEngineResult tsResult = WSSecurityUtil.fetchActionResult(results, WSConstants.TS); - Element timestamp = null; - if (tsResult != null) { - Timestamp ts = (Timestamp)tsResult.get(WSSecurityEngineResult.TAG_TIMESTAMP); - timestamp = ts.getElement(); - } - */ - // // Check policies // Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=1221366&r1=1221365&r2=1221366&view=diff ============================================================================== --- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java (original) +++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java Tue Dec 20 17:41:59 2011 @@ -43,6 +43,7 @@ import org.apache.cxf.ws.security.policy import org.apache.cxf.ws.security.policy.model.KerberosToken; import org.apache.cxf.ws.security.policy.model.SecureConversationToken; import org.apache.cxf.ws.security.policy.model.SecurityContextToken; +import org.apache.cxf.ws.security.policy.model.SpnegoContextToken; import org.apache.cxf.ws.security.policy.model.SymmetricBinding; import org.apache.cxf.ws.security.policy.model.Token; import org.apache.cxf.ws.security.policy.model.TokenWrapper; @@ -155,10 +156,11 @@ public class SymmetricBindingHandler ext //SecureConversationToken String tokenId = null; SecurityToken tok = null; - if (encryptionToken instanceof IssuedToken || encryptionToken instanceof KerberosToken) { - tok = getSecurityToken(); - } else if (encryptionToken instanceof SecureConversationToken - || encryptionToken instanceof SecurityContextToken) { + if (encryptionToken instanceof IssuedToken + || encryptionToken instanceof KerberosToken + || encryptionToken instanceof SecureConversationToken + || encryptionToken instanceof SecurityContextToken + || encryptionToken instanceof SpnegoContextToken) { tok = getSecurityToken(); } else if (encryptionToken instanceof X509Token) { if (isRequestor()) { @@ -274,9 +276,10 @@ public class SymmetricBindingHandler ext SecurityToken sigTok = null; if (sigToken != null) { if (sigToken instanceof SecureConversationToken - || sigToken instanceof SecurityContextToken) { - sigTok = getSecurityToken(); - } else if (sigToken instanceof IssuedToken || sigToken instanceof KerberosToken) { + || sigToken instanceof SecurityContextToken + || sigToken instanceof IssuedToken + || sigToken instanceof KerberosToken + || sigToken instanceof SpnegoContextToken) { sigTok = getSecurityToken(); } else if (sigToken instanceof X509Token) { if (isRequestor()) { @@ -528,7 +531,7 @@ public class SymmetricBindingHandler ext encr.setEncryptSymmKey(false); encr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption()); - if (encrToken instanceof IssuedToken) { + if (encrToken instanceof IssuedToken || encrToken instanceof SpnegoContextToken) { //Setting the AttachedReference or the UnattachedReference according to the flag Element ref; if (attached) { Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/client/client.xml URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/client/client.xml?rev=1221366&r1=1221365&r2=1221366&view=diff ============================================================================== --- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/client/client.xml (original) +++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/client/client.xml Tue Dec 20 17:41:59 2011 @@ -47,13 +47,8 @@ <entry key="ws-security.encryption.properties" value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> <entry key="ws-security.encryption.username" value="bob"/> - <entry key="ws-security.kerberos.client"> - <bean class="org.apache.cxf.ws.security.kerberos.KerberosClient"> - <constructor-arg ref="cxf"/> - <property name="contextName" value="alice"/> - <property name="serviceName" value="[email protected]"/> - </bean> - </entry> + <entry key="ws-security.kerberos.jaas.context" value="alice" /> + <entry key="ws-security.kerberos.spn" value="[email protected]" /> </jaxws:properties> </jaxws:client> @@ -63,13 +58,8 @@ <entry key="ws-security.encryption.properties" value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> <entry key="ws-security.encryption.username" value="bob"/> - <entry key="ws-security.kerberos.client"> - <bean class="org.apache.cxf.ws.security.kerberos.KerberosClient"> - <constructor-arg ref="cxf"/> - <property name="contextName" value="alice"/> - <property name="serviceName" value="[email protected]"/> - </bean> - </entry> + <entry key="ws-security.kerberos.jaas.context" value="alice" /> + <entry key="ws-security.kerberos.spn" value="[email protected]" /> </jaxws:properties> </jaxws:client> Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/server/server.xml URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/server/server.xml?rev=1221366&r1=1221365&r2=1221366&view=diff ============================================================================== --- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/server/server.xml (original) +++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/server/server.xml Tue Dec 20 17:41:59 2011 @@ -46,12 +46,6 @@ </cxf:features> </cxf:bus> - <bean id="kerberosValidator" - class="org.apache.ws.security.validate.KerberosTokenValidator"> - <property name="contextName" value="bob"/> - <property name="serviceName" value="[email protected]"/> - </bean> - <jaxws:endpoint id="SpnegoOverSymmetric" address="http://localhost:${testutil.ports.Server}/DoubleItSpnegoSymmetric"; @@ -62,7 +56,7 @@ wsdlLocation="org/apache/cxf/systest/ws/spnego/DoubleItSpnego.wsdl"> <jaxws:properties> - <entry key="ws-security.bst.validator" value-ref="kerberosValidator"/> + <entry key="ws-security.kerberos.jaas.context" value="bob" /> </jaxws:properties> </jaxws:endpoint> @@ -77,7 +71,7 @@ wsdlLocation="org/apache/cxf/systest/ws/spnego/DoubleItSpnego.wsdl"> <jaxws:properties> - <entry key="ws-security.bst.validator" value-ref="kerberosValidator"/> + <entry key="ws-security.kerberos.jaas.context" value="bob" /> </jaxws:properties> </jaxws:endpoint>
