More refactoring
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/fc78cd31 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/fc78cd31 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/fc78cd31 Branch: refs/heads/master Commit: fc78cd31869a4e580c4d2a9e7864ae6dae8c311b Parents: e548a02 Author: Colm O hEigeartaigh <[email protected]> Authored: Thu Mar 12 14:17:35 2015 +0000 Committer: Colm O hEigeartaigh <[email protected]> Committed: Thu Mar 12 14:17:35 2015 +0000 ---------------------------------------------------------------------- .../src/main/release/samples/sts/pom.xml | 38 -------- parent/pom.xml | 6 +- rt/ws/security/pom.xml | 10 --- .../wss4j/AbstractWSS4JInterceptor.java | 15 ++-- .../wss4j/AttachmentCallbackHandler.java | 13 ++- .../wss4j/BinarySecurityTokenInterceptor.java | 36 +------- .../cxf/ws/security/wss4j/CXFRequestData.java | 78 ++++++++++++++++ .../ws/security/wss4j/SamlTokenInterceptor.java | 45 ++-------- .../wss4j/UsernameTokenInterceptor.java | 30 ++----- .../ws/security/wss4j/WSS4JInInterceptor.java | 95 ++------------------ .../ws/security/wss4j/WSS4JOutInterceptor.java | 2 +- .../cxf/ws/security/wss4j/WSS4JUtils.java | 13 +-- .../wss4j/AbstractPolicySecurityTest.java | 10 ++- .../wss4j/SignatureConfirmationTest.java | 5 -- .../cxf/ws/security/wss4j/WSS4JInOutTest.java | 26 +++--- services/xkms/xkms-client/pom.xml | 10 --- services/xkms/xkms-common/pom.xml | 10 --- systests/jaxws/pom.xml | 4 - systests/rs-security/pom.xml | 4 - 19 files changed, 146 insertions(+), 304 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/fc78cd31/distribution/src/main/release/samples/sts/pom.xml ---------------------------------------------------------------------- diff --git a/distribution/src/main/release/samples/sts/pom.xml b/distribution/src/main/release/samples/sts/pom.xml index 995383e..299d489 100644 --- a/distribution/src/main/release/samples/sts/pom.xml +++ b/distribution/src/main/release/samples/sts/pom.xml @@ -58,44 +58,6 @@ </build> <profiles> <profile> - <id>jdk15</id> - <activation> - <jdk>1.5</jdk> - </activation> - <build> - <plugins> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-dependency-plugin</artifactId> - <executions> - <execution> - <id>create-endorsed-dir</id> - <phase>validate</phase> - <goals> - <goal>copy</goal> - </goals> - <configuration> - <artifactItems> - <artifactItem> - <groupId>xerces</groupId> - <artifactId>xercesImpl</artifactId> - <outputDirectory>${basedir}/target/endorsed</outputDirectory> - </artifactItem> - <artifactItem> - <groupId>xml-apis</groupId> - <artifactId>xml-apis</artifactId> - <version>1.3.04</version> - <outputDirectory>${basedir}/target/endorsed</outputDirectory> - </artifactItem> - </artifactItems> - </configuration> - </execution> - </executions> - </plugin> - </plugins> - </build> - </profile> - <profile> <id>sts</id> <build> <defaultGoal>test</defaultGoal> http://git-wip-us.apache.org/repos/asf/cxf/blob/fc78cd31/parent/pom.xml ---------------------------------------------------------------------- diff --git a/parent/pom.xml b/parent/pom.xml index ce5d330..c542bde 100644 --- a/parent/pom.xml +++ b/parent/pom.xml @@ -74,7 +74,7 @@ <cxf.atmosphere.version>2.2.5</cxf.atmosphere.version> <cxf.atmosphere.version.range>[2.0,3.0)</cxf.atmosphere.version.range> <cxf.axiom.version>1.2.14</cxf.axiom.version> - <cxf.bcprov.version>1.51</cxf.bcprov.version> + <cxf.bcprov.version>1.52</cxf.bcprov.version> <cxf.cglib.bundle.version>2.2_2</cxf.cglib.bundle.version> <cxf.cglib.osgi.version>[2.1.3,3.0.0)</cxf.cglib.osgi.version> <cxf.commons-codec.version>1.10</cxf.commons-codec.version> @@ -125,8 +125,8 @@ <cxf.netty.version.range>[4,5)</cxf.netty.version.range> <cxf.oauth.bundle.version>20100527_1</cxf.oauth.bundle.version> <cxf.oauth.version>20100527</cxf.oauth.version> - <cxf.opensaml.version>3.0.0</cxf.opensaml.version> - <cxf.opensaml.osgi.version>3.0.0_1</cxf.opensaml.osgi.version> + <cxf.opensaml.version>3.1.0</cxf.opensaml.version> + <cxf.opensaml.osgi.version>3.1.0_1</cxf.opensaml.osgi.version> <cxf.rhino.version>1.7R2</cxf.rhino.version> <cxf.servlet-api.group>org.apache.geronimo.specs</cxf.servlet-api.group> <cxf.servlet-api.artifact>geronimo-servlet_3.0_spec</cxf.servlet-api.artifact> http://git-wip-us.apache.org/repos/asf/cxf/blob/fc78cd31/rt/ws/security/pom.xml ---------------------------------------------------------------------- diff --git a/rt/ws/security/pom.xml b/rt/ws/security/pom.xml index 6693f14..ed2ab38 100644 --- a/rt/ws/security/pom.xml +++ b/rt/ws/security/pom.xml @@ -88,16 +88,6 @@ <groupId>org.apache.wss4j</groupId> <artifactId>wss4j-ws-security-dom</artifactId> <version>${cxf.wss4j.version}</version> - <exclusions> - <exclusion> - <groupId>xerces</groupId> - <artifactId>xercesImpl</artifactId> - </exclusion> - <exclusion> - <groupId>xml-apis</groupId> - <artifactId>xml-apis</artifactId> - </exclusion> - </exclusions> </dependency> <dependency> <groupId>org.apache.wss4j</groupId> http://git-wip-us.apache.org/repos/asf/cxf/blob/fc78cd31/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java index e50f6ee..0c62232 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java @@ -20,6 +20,7 @@ package org.apache.cxf.ws.security.wss4j; import java.net.URI; import java.util.Collection; +import java.util.Collections; import java.util.HashSet; import java.util.Map; import java.util.Set; @@ -46,16 +47,12 @@ import org.apache.wss4j.dom.handler.WSHandlerConstants; public abstract class AbstractWSS4JInterceptor extends WSHandler implements SoapInterceptor, PhaseInterceptor<SoapMessage> { - private static final Set<QName> HEADERS = new HashSet<QName>(); - static { - HEADERS.add(new QName(WSConstants.WSSE_NS, "Security")); - HEADERS.add(new QName(WSConstants.WSSE11_NS, "Security")); - HEADERS.add(new QName(WSConstants.ENC_NS, "EncryptedData")); - } + private static final Set<QName> HEADERS = + Collections.singleton(new QName(WSConstants.WSSE_NS, "Security")); - private Map<String, Object> properties = new ConcurrentHashMap<String, Object>(); - private final Set<String> before = new HashSet<String>(); - private final Set<String> after = new HashSet<String>(); + private Map<String, Object> properties = new ConcurrentHashMap<>(); + private final Set<String> before = new HashSet<>(); + private final Set<String> after = new HashSet<>(); private String phase; private String id; http://git-wip-us.apache.org/repos/asf/cxf/blob/fc78cd31/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AttachmentCallbackHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AttachmentCallbackHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AttachmentCallbackHandler.java index 28896b3..e2e01e0 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AttachmentCallbackHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AttachmentCallbackHandler.java @@ -49,13 +49,11 @@ public class AttachmentCallbackHandler implements CallbackHandler { @Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { - for (int i = 0; i < callbacks.length; i++) { - Callback callback = callbacks[i]; + for (Callback callback : callbacks) { if (callback instanceof AttachmentRequestCallback) { AttachmentRequestCallback attachmentRequestCallback = (AttachmentRequestCallback) callback; - List<org.apache.wss4j.common.ext.Attachment> attachmentList = - new ArrayList<org.apache.wss4j.common.ext.Attachment>(); + List<org.apache.wss4j.common.ext.Attachment> attachmentList = new ArrayList<>(); attachmentRequestCallback.setAttachments(attachmentList); String attachmentId = attachmentRequestCallback.getAttachmentId(); @@ -78,11 +76,10 @@ public class AttachmentCallbackHandler implements CallbackHandler { attachmentResultCallback.getAttachment().getSourceStream()) ) ); + Map<String, String> headers = attachmentResultCallback.getAttachment().getHeaders(); - Iterator<Map.Entry<String, String>> iterator = headers.entrySet().iterator(); - while (iterator.hasNext()) { - Map.Entry<String, String> next = iterator.next(); - securedAttachment.setHeader(next.getKey(), next.getValue()); + for (Map.Entry<String, String> entry : headers.entrySet()) { + securedAttachment.setHeader(entry.getKey(), entry.getValue()); } attachments.add(securedAttachment); http://git-wip-us.apache.org/repos/asf/cxf/blob/fc78cd31/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java index b799360..7790cc1 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java @@ -23,12 +23,8 @@ import java.security.Principal; import java.util.ArrayList; import java.util.List; -import javax.security.auth.callback.CallbackHandler; -import javax.xml.namespace.QName; - import org.w3c.dom.Element; import org.apache.cxf.binding.soap.SoapMessage; -import org.apache.cxf.common.classloader.ClassLoaderUtils; import org.apache.cxf.headers.Header; import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.helpers.DOMUtils; @@ -46,7 +42,6 @@ import org.apache.wss4j.dom.handler.RequestData; import org.apache.wss4j.dom.handler.WSHandlerConstants; import org.apache.wss4j.dom.handler.WSHandlerResult; import org.apache.wss4j.dom.processor.BinarySecurityTokenProcessor; -import org.apache.wss4j.dom.validate.Validator; import org.apache.wss4j.policy.model.AbstractToken; /** @@ -76,7 +71,7 @@ public class BinarySecurityTokenInterceptor extends AbstractTokenInterceptor { List<WSHandlerResult> results = CastUtils.cast((List<?>)message .get(WSHandlerConstants.RECV_RESULTS)); if (results == null) { - results = new ArrayList<WSHandlerResult>(); + results = new ArrayList<>(); message.put(WSHandlerConstants.RECV_RESULTS, results); } WSHandlerResult rResult = new WSHandlerResult(null, bstResults); @@ -86,7 +81,6 @@ public class BinarySecurityTokenInterceptor extends AbstractTokenInterceptor { Principal principal = (Principal)bstResults.get(0).get(WSSecurityEngineResult.TAG_PRINCIPAL); - message.put(WSS4JInInterceptor.PRINCIPAL_RESULT, principal); SecurityContext sc = message.get(SecurityContext.class); if (sc == null || sc.getUserPrincipal() == null) { @@ -105,31 +99,9 @@ public class BinarySecurityTokenInterceptor extends AbstractTokenInterceptor { private List<WSSecurityEngineResult> processToken(Element tokenElement, final SoapMessage message) throws WSSecurityException { WSDocInfo wsDocInfo = new WSDocInfo(tokenElement.getOwnerDocument()); - RequestData data = new RequestData() { - public CallbackHandler getCallbackHandler() { - return getCallback(message); - } - public Validator getValidator(QName qName) throws WSSecurityException { - String key = SecurityConstants.BST_TOKEN_VALIDATOR; - Object o = message.getContextualProperty(key); - try { - if (o instanceof Validator) { - return (Validator)o; - } else if (o instanceof Class) { - return (Validator)((Class<?>)o).newInstance(); - } else if (o instanceof String) { - return (Validator)ClassLoaderUtils.loadClass(o.toString(), - BinarySecurityTokenInterceptor.class) - .newInstance(); - } - } catch (RuntimeException t) { - throw t; - } catch (Exception ex) { - throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex); - } - return super.getValidator(qName); - } - }; + RequestData data = new CXFRequestData(); + data.setCallbackHandler(getCallback(message)); + data.setMsgContext(message); data.setWssConfig(WSSConfig.getNewInstance()); BinarySecurityTokenProcessor p = new BinarySecurityTokenProcessor(); http://git-wip-us.apache.org/repos/asf/cxf/blob/fc78cd31/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CXFRequestData.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CXFRequestData.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CXFRequestData.java new file mode 100644 index 0000000..620babc --- /dev/null +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CXFRequestData.java @@ -0,0 +1,78 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.ws.security.wss4j; + +import java.util.HashMap; +import java.util.Map; + +import javax.xml.namespace.QName; + +import org.apache.cxf.binding.soap.SoapMessage; +import org.apache.cxf.common.classloader.ClassLoaderUtils; +import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.wss4j.common.ext.WSSecurityException; +import org.apache.wss4j.dom.WSSecurityEngine; +import org.apache.wss4j.dom.handler.RequestData; +import org.apache.wss4j.dom.validate.Validator; + +public class CXFRequestData extends RequestData { + + private static Map<QName, String> validatorKeys = new HashMap<>(); + + static { + validatorKeys.put(WSSecurityEngine.SAML_TOKEN, SecurityConstants.SAML1_TOKEN_VALIDATOR); + validatorKeys.put(WSSecurityEngine.SAML2_TOKEN, SecurityConstants.SAML2_TOKEN_VALIDATOR); + validatorKeys.put(WSSecurityEngine.USERNAME_TOKEN, SecurityConstants.USERNAME_TOKEN_VALIDATOR); + validatorKeys.put(WSSecurityEngine.SIGNATURE, SecurityConstants.SIGNATURE_TOKEN_VALIDATOR); + validatorKeys.put(WSSecurityEngine.TIMESTAMP, SecurityConstants.TIMESTAMP_TOKEN_VALIDATOR); + validatorKeys.put(WSSecurityEngine.BINARY_TOKEN, SecurityConstants.BST_TOKEN_VALIDATOR); + validatorKeys.put(WSSecurityEngine.SECURITY_CONTEXT_TOKEN_05_02, SecurityConstants.SCT_TOKEN_VALIDATOR); + validatorKeys.put(WSSecurityEngine.SECURITY_CONTEXT_TOKEN_05_12, SecurityConstants.SCT_TOKEN_VALIDATOR); + } + + public CXFRequestData() { + } + + public Validator getValidator(QName qName) throws WSSecurityException { + String key = validatorKeys.get(qName); + if (key != null && this.getMsgContext() != null) { + Object o = ((SoapMessage)this.getMsgContext()).getContextualProperty(key); + try { + if (o instanceof Validator) { + return (Validator)o; + } else if (o instanceof Class) { + return (Validator)((Class<?>)o).newInstance(); + } else if (o instanceof String) { + return (Validator)ClassLoaderUtils.loadClass(o.toString(), + CXFRequestData.class) + .newInstance(); + } else if (o != null) { + throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, + "Cannot load Validator: " + o); + } + } catch (RuntimeException t) { + throw t; + } catch (Exception ex) { + throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex); + } + } + return super.getValidator(qName); + } +} + http://git-wip-us.apache.org/repos/asf/cxf/blob/fc78cd31/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java index ea9d4b4..ec2e51d 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java @@ -55,14 +55,12 @@ import org.apache.wss4j.common.saml.bean.Version; import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.WSDocInfo; import org.apache.wss4j.dom.WSSConfig; -import org.apache.wss4j.dom.WSSecurityEngine; import org.apache.wss4j.dom.WSSecurityEngineResult; import org.apache.wss4j.dom.handler.RequestData; import org.apache.wss4j.dom.handler.WSHandlerConstants; import org.apache.wss4j.dom.handler.WSHandlerResult; import org.apache.wss4j.dom.processor.SAMLTokenProcessor; import org.apache.wss4j.dom.saml.DOMSAMLUtil; -import org.apache.wss4j.dom.validate.Validator; import org.apache.wss4j.policy.SPConstants; import org.apache.wss4j.policy.model.AbstractToken; import org.apache.wss4j.policy.model.SamlToken; @@ -96,7 +94,7 @@ public class SamlTokenInterceptor extends AbstractTokenInterceptor { List<WSHandlerResult> results = CastUtils.cast((List<?>)message .get(WSHandlerConstants.RECV_RESULTS)); if (results == null) { - results = new ArrayList<WSHandlerResult>(); + results = new ArrayList<>(); message.put(WSHandlerConstants.RECV_RESULTS, results); } WSHandlerResult rResult = new WSHandlerResult(null, samlResults); @@ -144,7 +142,6 @@ public class SamlTokenInterceptor extends AbstractTokenInterceptor { if (signed) { Principal principal = (Principal)samlResults.get(0).get(WSSecurityEngineResult.TAG_PRINCIPAL); - message.put(WSS4JInInterceptor.PRINCIPAL_RESULT, principal); SecurityContext sc = message.get(SecurityContext.class); if (sc == null || sc.getUserPrincipal() == null) { @@ -163,47 +160,17 @@ public class SamlTokenInterceptor extends AbstractTokenInterceptor { private List<WSSecurityEngineResult> processToken(Element tokenElement, final SoapMessage message) throws WSSecurityException { WSDocInfo wsDocInfo = new WSDocInfo(tokenElement.getOwnerDocument()); - RequestData data = new RequestData() { - public CallbackHandler getCallbackHandler() { - return getCallback(message); - } - public Validator getValidator(QName qName) throws WSSecurityException { - String key = null; - if (WSSecurityEngine.SAML_TOKEN.equals(qName)) { - key = SecurityConstants.SAML1_TOKEN_VALIDATOR; - } else if (WSSecurityEngine.SAML2_TOKEN.equals(qName)) { - key = SecurityConstants.SAML2_TOKEN_VALIDATOR; - } - if (key != null) { - Object o = message.getContextualProperty(key); - try { - if (o instanceof Validator) { - return (Validator)o; - } else if (o instanceof Class) { - return (Validator)((Class<?>)o).newInstance(); - } else if (o instanceof String) { - return (Validator)ClassLoaderUtils.loadClass(o.toString(), - SamlTokenInterceptor.class) - .newInstance(); - } - } catch (RuntimeException t) { - throw t; - } catch (Exception ex) { - throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex); - } - } - return super.getValidator(qName); - } - }; + + RequestData data = new CXFRequestData(); + data.setCallbackHandler(getCallback(message)); + data.setMsgContext(message); data.setWssConfig(WSSConfig.getNewInstance()); data.setSigVerCrypto(getCrypto(null, SecurityConstants.SIGNATURE_CRYPTO, SecurityConstants.SIGNATURE_PROPERTIES, message)); SAMLTokenProcessor p = new SAMLTokenProcessor(); - List<WSSecurityEngineResult> results = - p.handleToken(tokenElement, data, wsDocInfo); - return results; + return p.handleToken(tokenElement, data, wsDocInfo); } protected AbstractToken assertTokens(SoapMessage message) { http://git-wip-us.apache.org/repos/asf/cxf/blob/fc78cd31/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java index 96f0ac8..f5a6173 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java @@ -26,8 +26,6 @@ import java.util.List; import java.util.Set; import javax.security.auth.Subject; -import javax.security.auth.callback.CallbackHandler; -import javax.xml.namespace.QName; import org.w3c.dom.Element; import org.apache.cxf.binding.soap.SoapMessage; @@ -63,7 +61,6 @@ import org.apache.wss4j.dom.handler.WSHandlerConstants; import org.apache.wss4j.dom.handler.WSHandlerResult; import org.apache.wss4j.dom.message.WSSecUsernameToken; import org.apache.wss4j.dom.processor.UsernameTokenProcessor; -import org.apache.wss4j.dom.validate.Validator; import org.apache.wss4j.policy.SP13Constants; import org.apache.wss4j.policy.SPConstants; import org.apache.wss4j.policy.model.AbstractSecurityAssertion; @@ -168,13 +165,8 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor { return context; } - @Deprecated - protected UsernameTokenPrincipal getPrincipal(Element tokenElement, final SoapMessage message) { - return null; - } - private void storeResults(UsernameTokenPrincipal principal, SoapMessage message) { - List<WSSecurityEngineResult> v = new ArrayList<WSSecurityEngineResult>(); + List<WSSecurityEngineResult> v = new ArrayList<>(); int action = WSConstants.UT; if (principal.getPassword() == null) { action = WSConstants.UT_NOPASSWORD; @@ -183,14 +175,13 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor { List<WSHandlerResult> results = CastUtils.cast((List<?>)message .get(WSHandlerConstants.RECV_RESULTS)); if (results == null) { - results = new ArrayList<WSHandlerResult>(); + results = new ArrayList<>(); message.put(WSHandlerConstants.RECV_RESULTS, results); } WSHandlerResult rResult = new WSHandlerResult(null, v); results.add(0, rResult); assertTokens(message, principal, false); - message.put(WSS4JInInterceptor.PRINCIPAL_RESULT, principal); } protected WSSecurityEngineResult validateToken(Element tokenElement, final SoapMessage message) @@ -200,19 +191,10 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor { boolean allowNoPassword = isAllowNoPassword(message.get(AssertionInfoMap.class)); UsernameTokenProcessor p = new UsernameTokenProcessor(); WSDocInfo wsDocInfo = new WSDocInfo(tokenElement.getOwnerDocument()); - RequestData data = new RequestData() { - public CallbackHandler getCallbackHandler() { - return getCallback(message); - } - public Validator getValidator(QName qName) throws WSSecurityException { - Object validator = - message.getContextualProperty(SecurityConstants.USERNAME_TOKEN_VALIDATOR); - if (validator == null) { - return super.getValidator(qName); - } - return (Validator)validator; - } - }; + + RequestData data = new CXFRequestData(); + data.setCallbackHandler(getCallback(message)); + data.setMsgContext(message); // Configure replay caching ReplayCache nonceCache = http://git-wip-us.apache.org/repos/asf/cxf/blob/fc78cd31/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java index 79cb6da..fed1be5 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java @@ -103,9 +103,6 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { public static final String SAML_ROLE_ATTRIBUTENAME_DEFAULT = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role";; - public static final String TIMESTAMP_RESULT = "wss4j.timestamp.result"; - public static final String SIGNATURE_RESULT = "wss4j.signature.result"; - public static final String PRINCIPAL_RESULT = "wss4j.principal.result"; public static final String PROCESSOR_MAP = "wss4j.processor.map"; public static final String VALIDATOR_MAP = "wss4j.validator.map"; @@ -291,8 +288,6 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { checkSignatureConfirmation(reqData, wsResult); } - storeSignature(msg, reqData, wsResult); - storeTimestamp(msg, reqData, wsResult); checkActions(msg, reqData, wsResult, actions, SAAJUtils.getBody(doc)); doResults( msg, actor, @@ -352,7 +347,7 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { SecurityConstants.AUDIENCE_RESTRICTION_VALIDATION, true); if (enableAudienceRestriction) { - List<String> audiences = new ArrayList<String>(); + List<String> audiences = new ArrayList<>(); if (msg.getContextualProperty(org.apache.cxf.message.Message.REQUEST_URL) != null) { audiences.add((String)msg.getContextualProperty(org.apache.cxf.message.Message.REQUEST_URL)); } @@ -393,31 +388,6 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { } - private void storeSignature( - SoapMessage msg, RequestData reqData, List<WSSecurityEngineResult> wsResult - ) throws WSSecurityException { - // Extract the signature action result from the action list - List<WSSecurityEngineResult> signatureResults = - WSSecurityUtil.fetchAllActionResults(wsResult, WSConstants.SIGN); - - // Store the last signature result - if (!signatureResults.isEmpty()) { - msg.put(SIGNATURE_RESULT, signatureResults.get(signatureResults.size() - 1)); - } - } - - private void storeTimestamp( - SoapMessage msg, RequestData reqData, List<WSSecurityEngineResult> wsResult - ) throws WSSecurityException { - // Extract the timestamp action result from the action list - List<WSSecurityEngineResult> timestampResults = - WSSecurityUtil.fetchAllActionResults(wsResult, WSConstants.TS); - - if (!timestampResults.isEmpty()) { - msg.put(TIMESTAMP_RESULT, timestampResults.get(timestampResults.size() - 1)); - } - } - /** * Do whatever is necessary to determine the action for the incoming message and * do whatever other setup work is necessary. @@ -542,7 +512,7 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { */ List<WSHandlerResult> results = CastUtils.cast((List<?>)msg.get(WSHandlerConstants.RECV_RESULTS)); if (results == null) { - results = new LinkedList<WSHandlerResult>(); + results = new LinkedList<>(); msg.put(WSHandlerConstants.RECV_RESULTS, results); } WSHandlerResult rResult = new WSHandlerResult(actor, wsResult); @@ -609,7 +579,6 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { return new DefaultSecurityContext(p, subject); } } else if (p != null) { - msg.put(PRINCIPAL_RESULT, p); if (!utWithCallbacks) { WSS4JTokenConverter.convertToken(msg, p); } @@ -653,12 +622,11 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { XMLStreamReader reader = StaxUtils.createXMLStreamReader(new DOMSource(body)); // advance just past body int evt = reader.next(); - int i = 0; - while (reader.hasNext() && i < 1 - && (evt != XMLStreamConstants.END_ELEMENT || evt != XMLStreamConstants.START_ELEMENT)) { + + if (reader.hasNext() && (evt != XMLStreamConstants.END_ELEMENT || evt != XMLStreamConstants.START_ELEMENT)) { reader.next(); - i++; } + msg.setContent(XMLStreamReader.class, reader); } @@ -697,9 +665,9 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { } public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { - for (int i = 0; i < callbacks.length; i++) { - if (callbacks[i] instanceof WSPasswordCallback) { - WSPasswordCallback pc = (WSPasswordCallback)callbacks[i]; + for (Callback callback : callbacks) { + if (callback instanceof WSPasswordCallback) { + WSPasswordCallback pc = (WSPasswordCallback)callback; String id = pc.getIdentifier(); SecurityToken tok = store.getToken(id); @@ -840,51 +808,4 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { return WSS4JUtils.getReplayCache(message, booleanKey, instanceKey); } - static class CXFRequestData extends RequestData { - public CXFRequestData() { - } - - public Validator getValidator(QName qName) throws WSSecurityException { - String key = null; - if (WSSecurityEngine.SAML_TOKEN.equals(qName)) { - key = SecurityConstants.SAML1_TOKEN_VALIDATOR; - } else if (WSSecurityEngine.SAML2_TOKEN.equals(qName)) { - key = SecurityConstants.SAML2_TOKEN_VALIDATOR; - } else if (WSSecurityEngine.USERNAME_TOKEN.equals(qName)) { - key = SecurityConstants.USERNAME_TOKEN_VALIDATOR; - } else if (WSSecurityEngine.SIGNATURE.equals(qName)) { - key = SecurityConstants.SIGNATURE_TOKEN_VALIDATOR; - } else if (WSSecurityEngine.TIMESTAMP.equals(qName)) { - key = SecurityConstants.TIMESTAMP_TOKEN_VALIDATOR; - } else if (WSSecurityEngine.BINARY_TOKEN.equals(qName)) { - key = SecurityConstants.BST_TOKEN_VALIDATOR; - } else if (WSSecurityEngine.SECURITY_CONTEXT_TOKEN_05_02.equals(qName) - || WSSecurityEngine.SECURITY_CONTEXT_TOKEN_05_12.equals(qName)) { - key = SecurityConstants.SCT_TOKEN_VALIDATOR; - } - if (key != null) { - Object o = ((SoapMessage)this.getMsgContext()).getContextualProperty(key); - try { - if (o instanceof Validator) { - return (Validator)o; - } else if (o instanceof Class) { - return (Validator)((Class<?>)o).newInstance(); - } else if (o instanceof String) { - return (Validator)ClassLoaderUtils.loadClass(o.toString(), - WSS4JInInterceptor.class) - .newInstance(); - } else if (o != null) { - throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, - "Cannot load Validator: " + o); - } - } catch (RuntimeException t) { - throw t; - } catch (Exception ex) { - throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex); - } - } - return super.getValidator(qName); - } - }; - } http://git-wip-us.apache.org/repos/asf/cxf/blob/fc78cd31/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java index 8e1bb5b..8d2c402 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java @@ -312,7 +312,7 @@ public class WSS4JOutInterceptor extends AbstractWSS4JInterceptor { final Map<Integer, Object> actionMap = CastUtils.cast( (Map<?, ?>)getProperty(mc, WSS4J_ACTION_MAP)); - if (actionMap != null) { + if (actionMap != null && !actionMap.isEmpty()) { for (Map.Entry<Integer, Object> entry : actionMap.entrySet()) { Class<?> removedAction = null; http://git-wip-us.apache.org/repos/asf/cxf/blob/fc78cd31/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java index 0e891e6..d748ede 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java @@ -23,6 +23,7 @@ import java.io.InputStream; import java.net.URL; import java.security.Key; import java.util.Date; +import java.util.Map; import java.util.Properties; import javax.crypto.SecretKey; @@ -218,16 +219,16 @@ public final class WSS4JUtils { } } - for (String key : securityToken.getSecretKey().keySet()) { - Key keyObject = securityToken.getSecretKey().get(key); - if (keyObject != null) { - cachedTok.setKey(keyObject); - if (keyObject instanceof SecretKey) { - cachedTok.setSecret(keyObject.getEncoded()); + for (Map.Entry<String, Key> entry : securityToken.getSecretKey().entrySet()) { + if (entry.getValue() != null) { + cachedTok.setKey(entry.getValue()); + if (entry.getValue() instanceof SecretKey) { + cachedTok.setSecret(entry.getValue().getEncoded()); } break; } } + getTokenStore(message).add(cachedTok); return cachedTok.getId(); http://git-wip-us.apache.org/repos/asf/cxf/blob/fc78cd31/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractPolicySecurityTest.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractPolicySecurityTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractPolicySecurityTest.java index 544c32b..2a36ab9 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractPolicySecurityTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractPolicySecurityTest.java @@ -432,9 +432,13 @@ public abstract class AbstractPolicySecurityTest extends AbstractSecurityTest { } protected void verifyWss4jSigResults(SoapMessage inmsg) { - WSSecurityEngineResult result = - (WSSecurityEngineResult) inmsg.get(WSS4JInInterceptor.SIGNATURE_RESULT); - assertNotNull(result); + List<WSHandlerResult> results = + CastUtils.cast((List<?>)inmsg.get(WSHandlerConstants.RECV_RESULTS)); + assertTrue(results != null && results.size() == 1); + + List<WSSecurityEngineResult> signatureResults = + WSSecurityUtil.fetchAllActionResults(results.get(0).getResults(), WSConstants.SIGN); + assertTrue(!signatureResults.isEmpty()); } protected void verifyWss4jEncResults(SoapMessage inmsg) { http://git-wip-us.apache.org/repos/asf/cxf/blob/fc78cd31/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureConfirmationTest.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureConfirmationTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureConfirmationTest.java index 2a0cc9c..3f2e07f 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureConfirmationTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureConfirmationTest.java @@ -41,7 +41,6 @@ import org.apache.cxf.message.ExchangeImpl; import org.apache.cxf.message.MessageImpl; import org.apache.cxf.phase.PhaseInterceptor; import org.apache.cxf.staxutils.StaxUtils; -import org.apache.wss4j.dom.WSSecurityEngineResult; import org.apache.wss4j.dom.handler.WSHandlerConstants; import org.apache.wss4j.dom.handler.WSHandlerResult; @@ -130,10 +129,6 @@ public class SignatureConfirmationTest extends AbstractSecurityTest { // // Check that the inbound signature result was saved // - WSSecurityEngineResult result = - (WSSecurityEngineResult) inmsg.get(WSS4JInInterceptor.SIGNATURE_RESULT); - assertNotNull(result); - List<WSHandlerResult> sigReceived = CastUtils.cast((List<?>)inmsg.get(WSHandlerConstants.RECV_RESULTS)); assertNotNull(sigReceived); http://git-wip-us.apache.org/repos/asf/cxf/blob/fc78cd31/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java index eaa9307..c07ab6c 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java @@ -40,7 +40,6 @@ import javax.xml.stream.XMLStreamWriter; import javax.xml.transform.dom.DOMSource; import org.w3c.dom.Document; - import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor; import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor; @@ -54,6 +53,7 @@ import org.apache.cxf.message.MessageImpl; import org.apache.cxf.phase.Phase; import org.apache.cxf.phase.PhaseInterceptor; import org.apache.cxf.phase.PhaseInterceptorChain; +import org.apache.cxf.security.SecurityContext; import org.apache.cxf.staxutils.StaxUtils; import org.apache.wss4j.common.principal.UsernameTokenPrincipal; import org.apache.wss4j.dom.WSConstants; @@ -62,7 +62,6 @@ import org.apache.wss4j.dom.WSSecurityEngineResult; import org.apache.wss4j.dom.handler.WSHandlerConstants; import org.apache.wss4j.dom.handler.WSHandlerResult; import org.apache.wss4j.dom.util.WSSecurityUtil; - import org.junit.Test; @@ -246,8 +245,9 @@ public class WSS4JInOutTest extends AbstractSecurityTest { Principal utPrincipal = p1 instanceof UsernameTokenPrincipal ? p1 : p2; - Principal secContextPrincipal = (Principal)inmsg.get(WSS4JInInterceptor.PRINCIPAL_RESULT); - assertSame(secContextPrincipal, utPrincipal); + SecurityContext securityContext = inmsg.get(SecurityContext.class); + assertNotNull(securityContext); + assertSame(securityContext.getUserPrincipal(), utPrincipal); } @Test @@ -339,9 +339,11 @@ public class WSS4JInOutTest extends AbstractSecurityTest { inHandler.handleMessage(inmsg); - WSSecurityEngineResult result = - (WSSecurityEngineResult) inmsg.get(WSS4JInInterceptor.SIGNATURE_RESULT); - assertNull(result); + List<WSHandlerResult> results = getResults(inmsg); + assertTrue(results != null && results.size() == 1); + List<WSSecurityEngineResult> signatureResults = + WSSecurityUtil.fetchAllActionResults(results.get(0).getResults(), WSConstants.SIGN); + assertTrue(signatureResults.size() == 0); } @Test @@ -411,11 +413,13 @@ public class WSS4JInOutTest extends AbstractSecurityTest { inHandler.handleMessage(inmsg); - WSSecurityEngineResult result = - (WSSecurityEngineResult) inmsg.get(WSS4JInInterceptor.SIGNATURE_RESULT); - assertNotNull(result); + List<WSHandlerResult> results = getResults(inmsg); + assertTrue(results != null && results.size() == 1); + List<WSSecurityEngineResult> signatureResults = + WSSecurityUtil.fetchAllActionResults(results.get(0).getResults(), WSConstants.SIGN); + assertTrue(signatureResults.size() == 1); - Object obj = result.get("foo"); + Object obj = signatureResults.get(0).get("foo"); assertNotNull(obj); assertEquals(obj.getClass().getName(), CustomProcessor.class.getName()); } http://git-wip-us.apache.org/repos/asf/cxf/blob/fc78cd31/services/xkms/xkms-client/pom.xml ---------------------------------------------------------------------- diff --git a/services/xkms/xkms-client/pom.xml b/services/xkms/xkms-client/pom.xml index 98c2940..8b7c934 100644 --- a/services/xkms/xkms-client/pom.xml +++ b/services/xkms/xkms-client/pom.xml @@ -100,16 +100,6 @@ <groupId>org.apache.wss4j</groupId> <artifactId>wss4j-ws-security-dom</artifactId> <version>${cxf.wss4j.version}</version> - <exclusions> - <exclusion> - <groupId>xerces</groupId> - <artifactId>xercesImpl</artifactId> - </exclusion> - <exclusion> - <groupId>xml-apis</groupId> - <artifactId>xml-apis</artifactId> - </exclusion> - </exclusions> </dependency> <dependency> <groupId>org.slf4j</groupId> http://git-wip-us.apache.org/repos/asf/cxf/blob/fc78cd31/services/xkms/xkms-common/pom.xml ---------------------------------------------------------------------- diff --git a/services/xkms/xkms-common/pom.xml b/services/xkms/xkms-common/pom.xml index b8fbb62..210b122 100644 --- a/services/xkms/xkms-common/pom.xml +++ b/services/xkms/xkms-common/pom.xml @@ -46,16 +46,6 @@ <groupId>org.apache.wss4j</groupId> <artifactId>wss4j-ws-security-dom</artifactId> <version>${cxf.wss4j.version}</version> - <exclusions> - <exclusion> - <groupId>xerces</groupId> - <artifactId>xercesImpl</artifactId> - </exclusion> - <exclusion> - <groupId>xml-apis</groupId> - <artifactId>xml-apis</artifactId> - </exclusion> - </exclusions> </dependency> </dependencies> <build> http://git-wip-us.apache.org/repos/asf/cxf/blob/fc78cd31/systests/jaxws/pom.xml ---------------------------------------------------------------------- diff --git a/systests/jaxws/pom.xml b/systests/jaxws/pom.xml index 7b6dc49..193a57f 100644 --- a/systests/jaxws/pom.xml +++ b/systests/jaxws/pom.xml @@ -229,10 +229,6 @@ <artifactId>FastInfoset</artifactId> </dependency> <dependency> - <groupId>xalan</groupId> - <artifactId>xalan</artifactId> - </dependency> - <dependency> <groupId>net.java.dev.msv</groupId> <artifactId>msv-core</artifactId> <exclusions> http://git-wip-us.apache.org/repos/asf/cxf/blob/fc78cd31/systests/rs-security/pom.xml ---------------------------------------------------------------------- diff --git a/systests/rs-security/pom.xml b/systests/rs-security/pom.xml index 58e90bf..21fdf6b 100644 --- a/systests/rs-security/pom.xml +++ b/systests/rs-security/pom.xml @@ -35,10 +35,6 @@ </properties> <dependencies> <dependency> - <groupId>xalan</groupId> - <artifactId>xalan</artifactId> - </dependency> - <dependency> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-server</artifactId> </dependency>
