Repository: cxf Updated Branches: refs/heads/master 02a35f0bf -> 2616fd041
Picking up latest WSS4J changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2616fd04 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2616fd04 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2616fd04 Branch: refs/heads/master Commit: 2616fd04151e5bb7b8a31428f8a9fd0c957dfb48 Parents: 02a35f0 Author: Colm O hEigeartaigh <[email protected]> Authored: Sat Mar 28 15:38:42 2015 +0000 Committer: Colm O hEigeartaigh <[email protected]> Committed: Wed Apr 1 18:04:59 2015 +0100 ---------------------------------------------------------------------- .../wss4j/BinarySecurityTokenInterceptor.java | 6 +++-- .../wss4j/PolicyBasedWSS4JInInterceptor.java | 16 +++++++------ .../ws/security/wss4j/SamlTokenInterceptor.java | 13 +++++++--- .../wss4j/UsernameTokenInterceptor.java | 6 +++-- .../ws/security/wss4j/WSS4JInInterceptor.java | 25 ++++++++++---------- .../cxf/sts/request/RequestParserUnitTest.java | 19 +++++++-------- .../token/renewer/SAMLTokenRenewerPOPTest.java | 14 +++++++---- 7 files changed, 57 insertions(+), 42 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/2616fd04/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java index 7c3e1ef..b28cddc 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java @@ -21,10 +21,10 @@ package org.apache.cxf.ws.security.wss4j; import java.security.Principal; import java.util.ArrayList; +import java.util.Collections; import java.util.List; import org.w3c.dom.Element; - import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.headers.Header; import org.apache.cxf.helpers.CastUtils; @@ -76,7 +76,9 @@ public class BinarySecurityTokenInterceptor extends AbstractTokenInterceptor { results = new ArrayList<>(); message.put(WSHandlerConstants.RECV_RESULTS, results); } - WSHandlerResult rResult = new WSHandlerResult(null, bstResults); + WSHandlerResult rResult = + new WSHandlerResult(null, bstResults, + Collections.singletonMap(WSConstants.BST, bstResults)); results.add(0, rResult); assertTokens(message); http://git-wip-us.apache.org/repos/asf/cxf/blob/2616fd04/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java index f417a5e..683ea34 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java @@ -80,6 +80,7 @@ import org.apache.wss4j.dom.WSDataRef; import org.apache.wss4j.dom.WSSecurityEngineResult; import org.apache.wss4j.dom.handler.RequestData; import org.apache.wss4j.dom.handler.WSHandlerConstants; +import org.apache.wss4j.dom.handler.WSHandlerResult; import org.apache.wss4j.dom.message.token.Timestamp; import org.apache.wss4j.dom.util.WSSecurityUtil; import org.apache.wss4j.policy.SP11Constants; @@ -596,7 +597,7 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor { String actor, Element soapHeader, Element soapBody, - List<WSSecurityEngineResult> results, + WSHandlerResult results, boolean utWithCallbacks ) throws SOAPException, XMLStreamException, WSSecurityException { // @@ -607,7 +608,7 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor { actions.add(WSConstants.UT_SIGN); actions.add(WSConstants.ST_SIGNED); List<WSSecurityEngineResult> signedResults = - WSSecurityUtil.fetchAllActionResults(results, actions); + WSSecurityUtil.fetchAllActionResults(results.getResults(), actions); Collection<WSDataRef> signed = new HashSet<>(); for (WSSecurityEngineResult result : signedResults) { List<WSDataRef> sl = @@ -620,7 +621,7 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor { } List<WSSecurityEngineResult> encryptResults = - WSSecurityUtil.fetchAllActionResults(results, WSConstants.ENCR); + WSSecurityUtil.fetchAllActionResults(results.getResults(), WSConstants.ENCR); Collection<WSDataRef> encrypted = new HashSet<>(); for (WSSecurityEngineResult result : encryptResults) { List<WSDataRef> sl = @@ -644,7 +645,7 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor { parameters.setAssertionInfoMap(aim); parameters.setMessage(msg); parameters.setSoapBody(soapBody); - parameters.setResults(results); + parameters.setResults(results.getResults()); parameters.setSignedResults(signedResults); parameters.setEncryptedResults(encryptResults); parameters.setUtWithCallbacks(utWithCallbacks); @@ -653,18 +654,19 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor { utActions.add(WSConstants.UT); utActions.add(WSConstants.UT_NOPASSWORD); List<WSSecurityEngineResult> utResults = - WSSecurityUtil.fetchAllActionResults(results, utActions); + WSSecurityUtil.fetchAllActionResults(results.getResults(), utActions); parameters.setUsernameTokenResults(utResults); final List<Integer> samlActions = new ArrayList<>(2); samlActions.add(WSConstants.ST_SIGNED); samlActions.add(WSConstants.ST_UNSIGNED); List<WSSecurityEngineResult> samlResults = - WSSecurityUtil.fetchAllActionResults(results, samlActions); + WSSecurityUtil.fetchAllActionResults(results.getResults(), samlActions); parameters.setSamlResults(samlResults); // Store the timestamp element - WSSecurityEngineResult tsResult = WSSecurityUtil.fetchActionResult(results, WSConstants.TS); + WSSecurityEngineResult tsResult = + WSSecurityUtil.fetchActionResult(results.getResults(), WSConstants.TS); Element timestamp = null; if (tsResult != null) { Timestamp ts = (Timestamp)tsResult.get(WSSecurityEngineResult.TAG_TIMESTAMP); http://git-wip-us.apache.org/repos/asf/cxf/blob/2616fd04/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java index a184732..d00288f 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java @@ -24,6 +24,7 @@ import java.security.Principal; import java.security.cert.Certificate; import java.util.ArrayList; import java.util.Collection; +import java.util.Collections; import java.util.List; import java.util.Properties; @@ -31,7 +32,6 @@ import javax.security.auth.callback.CallbackHandler; import javax.xml.namespace.QName; import org.w3c.dom.Element; - import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.common.classloader.ClassLoaderUtils; import org.apache.cxf.common.util.StringUtils; @@ -99,8 +99,6 @@ public class SamlTokenInterceptor extends AbstractTokenInterceptor { results = new ArrayList<>(); message.put(WSHandlerConstants.RECV_RESULTS, results); } - WSHandlerResult rResult = new WSHandlerResult(null, samlResults); - results.add(0, rResult); boolean signed = false; for (WSSecurityEngineResult result : samlResults) { @@ -113,6 +111,15 @@ public class SamlTokenInterceptor extends AbstractTokenInterceptor { } assertTokens(message, SPConstants.SAML_TOKEN, signed); + Integer key = WSConstants.ST_UNSIGNED; + if (signed) { + key = WSConstants.ST_SIGNED; + } + WSHandlerResult rResult = + new WSHandlerResult(null, samlResults, + Collections.singletonMap(key, samlResults)); + results.add(0, rResult); + // Check version against policy AssertionInfoMap aim = message.get(AssertionInfoMap.class); for (AssertionInfo ai http://git-wip-us.apache.org/repos/asf/cxf/blob/2616fd04/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java index 4bec8ae..59f7005 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java @@ -22,13 +22,13 @@ package org.apache.cxf.ws.security.wss4j; import java.security.Principal; import java.util.ArrayList; import java.util.Collection; +import java.util.Collections; import java.util.List; import java.util.Set; import javax.security.auth.Subject; import org.w3c.dom.Element; - import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.headers.Header; @@ -181,7 +181,9 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor { results = new ArrayList<>(); message.put(WSHandlerConstants.RECV_RESULTS, results); } - WSHandlerResult rResult = new WSHandlerResult(null, v); + + WSHandlerResult rResult = + new WSHandlerResult(null, v, Collections.singletonMap(action, v)); results.add(0, rResult); assertTokens(message, principal, false); http://git-wip-us.apache.org/repos/asf/cxf/blob/2616fd04/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java index e749834..aa4794b 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java @@ -244,6 +244,7 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { if (actor == null) { actor = (String)msg.getContextualProperty(SecurityConstants.ACTOR); } + reqData.setActor(actor); // Configure replay caching configureReplayCaches(reqData, actions, msg); @@ -276,16 +277,15 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { Element elem = WSSecurityUtil.getSecurityHeader(doc.getSOAPHeader(), actor, version.getVersion() != 1.1); - List<WSSecurityEngineResult> wsResult = engine.processSecurityHeader( - elem, reqData - ); + WSHandlerResult wsResult = engine.processSecurityHeader(elem, reqData); - if (!wsResult.isEmpty()) { // security header found + if (!(wsResult.getResults() == null || wsResult.getResults().isEmpty())) { + // security header found if (reqData.getWssConfig().isEnableSignatureConfirmation()) { - checkSignatureConfirmation(reqData, wsResult); + checkSignatureConfirmation(reqData, wsResult.getResults()); } - checkActions(msg, reqData, wsResult, actions, SAAJUtils.getBody(doc)); + checkActions(msg, reqData, wsResult.getResults(), actions, SAAJUtils.getBody(doc)); doResults( msg, actor, SAAJUtils.getHeader(doc), @@ -310,7 +310,7 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { SAAJUtils.getBody(doc), wsResult); } else { - checkActions(msg, reqData, wsResult, actions, SAAJUtils.getBody(doc)); + checkActions(msg, reqData, wsResult.getResults(), actions, SAAJUtils.getBody(doc)); doResults(msg, actor, SAAJUtils.getHeader(doc), SAAJUtils.getBody(doc), @@ -490,7 +490,7 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { String actor, Element soapHeader, Element soapBody, - List<WSSecurityEngineResult> wsResult + WSHandlerResult wsResult ) throws SOAPException, XMLStreamException, WSSecurityException { doResults(msg, actor, soapHeader, soapBody, wsResult, false); } @@ -500,7 +500,7 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { String actor, Element soapHeader, Element soapBody, - List<WSSecurityEngineResult> wsResult, + WSHandlerResult wsResult, boolean utWithCallbacks ) throws SOAPException, XMLStreamException, WSSecurityException { /* @@ -512,15 +512,14 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { results = new LinkedList<>(); msg.put(WSHandlerConstants.RECV_RESULTS, results); } - WSHandlerResult rResult = new WSHandlerResult(actor, wsResult); - results.add(0, rResult); + results.add(0, wsResult); Boolean allowUnsignedSamlPrincipals = MessageUtils.getContextualBoolean(msg, SecurityConstants.ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL, false); - for (int i = wsResult.size() - 1; i >= 0; i--) { - WSSecurityEngineResult o = wsResult.get(i); + for (int i = wsResult.getResults().size() - 1; i >= 0; i--) { + WSSecurityEngineResult o = wsResult.getResults().get(i); Integer action = (Integer)o.get(WSSecurityEngineResult.TAG_ACTION); final Principal p = (Principal)o.get(WSSecurityEngineResult.TAG_PRINCIPAL); http://git-wip-us.apache.org/repos/asf/cxf/blob/2616fd04/services/sts/sts-core/src/test/java/org/apache/cxf/sts/request/RequestParserUnitTest.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/request/RequestParserUnitTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/request/RequestParserUnitTest.java index 65bb9c8..72ce349 100644 --- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/request/RequestParserUnitTest.java +++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/request/RequestParserUnitTest.java @@ -44,7 +44,6 @@ import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.crypto.CryptoFactory; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.dom.WSSecurityEngine; -import org.apache.wss4j.dom.WSSecurityEngineResult; import org.apache.wss4j.dom.handler.RequestData; import org.apache.wss4j.dom.handler.WSHandlerConstants; import org.apache.wss4j.dom.handler.WSHandlerResult; @@ -141,10 +140,10 @@ public class RequestParserUnitTest extends org.junit.Assert { RequestData reqData = new RequestData(); reqData.setCallbackHandler(new PasswordCallbackHandler()); - List<WSSecurityEngineResult> engineResultList = + WSHandlerResult results = securityEngine.processSecurityHeader(secHeaderElement, reqData); - List<WSHandlerResult> resultsList = new ArrayList<WSHandlerResult>(); - resultsList.add(new WSHandlerResult("actor", engineResultList)); + List<WSHandlerResult> resultsList = new ArrayList<>(); + resultsList.add(results); msgContext.put(WSHandlerConstants.RECV_RESULTS, resultsList); RequestRequirements requestRequirements = parser.parseRequest(request, wsContext, null, null); @@ -172,10 +171,10 @@ public class RequestParserUnitTest extends org.junit.Assert { RequestData reqData = new RequestData(); reqData.setCallbackHandler(new PasswordCallbackHandler()); - List<WSSecurityEngineResult> engineResultList = + WSHandlerResult results = securityEngine.processSecurityHeader(secHeaderElement, reqData); - List<WSHandlerResult> resultsList = new ArrayList<WSHandlerResult>(); - resultsList.add(new WSHandlerResult("actor", engineResultList)); + List<WSHandlerResult> resultsList = new ArrayList<>(); + resultsList.add(results); msgContext.put(WSHandlerConstants.RECV_RESULTS, resultsList); RequestRequirements requestRequirements = parser.parseRequest(request, wsContext, null, null); @@ -204,10 +203,10 @@ public class RequestParserUnitTest extends org.junit.Assert { reqData.setSigVerCrypto(getCrypto()); reqData.setCallbackHandler(new PasswordCallbackHandler()); - List<WSSecurityEngineResult> engineResultList = + WSHandlerResult results = securityEngine.processSecurityHeader(secHeaderElement, reqData); - List<WSHandlerResult> resultsList = new ArrayList<WSHandlerResult>(); - resultsList.add(new WSHandlerResult("actor", engineResultList)); + List<WSHandlerResult> resultsList = new ArrayList<>(); + resultsList.add(results); msgContext.put(WSHandlerConstants.RECV_RESULTS, resultsList); RequestRequirements requestRequirements = parser.parseRequest(request, wsContext, null, null); http://git-wip-us.apache.org/repos/asf/cxf/blob/2616fd04/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerPOPTest.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerPOPTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerPOPTest.java index a068209..e75e79d 100644 --- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerPOPTest.java +++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerPOPTest.java @@ -19,6 +19,7 @@ package org.apache.cxf.sts.token.renewer; import java.util.ArrayList; +import java.util.Collections; import java.util.Date; import java.util.List; import java.util.Properties; @@ -28,7 +29,6 @@ import javax.xml.ws.WebServiceContext; import org.w3c.dom.Document; import org.w3c.dom.Element; - import org.apache.cxf.jaxws.context.WebServiceContextImpl; import org.apache.cxf.jaxws.context.WrappedMessageContext; import org.apache.cxf.message.MessageImpl; @@ -139,8 +139,10 @@ public class SAMLTokenRenewerPOPTest extends org.junit.Assert { ); signedResults.add(signedResult); - List<WSHandlerResult> handlerResults = new ArrayList<WSHandlerResult>(); - WSHandlerResult handlerResult = new WSHandlerResult(null, signedResults); + List<WSHandlerResult> handlerResults = new ArrayList<>(); + WSHandlerResult handlerResult = + new WSHandlerResult(null, signedResults, + Collections.singletonMap(WSConstants.SIGN, signedResults)); handlerResults.add(handlerResult); WebServiceContext context = validatorParameters.getWebServiceContext(); @@ -214,8 +216,10 @@ public class SAMLTokenRenewerPOPTest extends org.junit.Assert { ); signedResults.add(signedResult); - List<WSHandlerResult> handlerResults = new ArrayList<WSHandlerResult>(); - WSHandlerResult handlerResult = new WSHandlerResult(null, signedResults); + List<WSHandlerResult> handlerResults = new ArrayList<>(); + WSHandlerResult handlerResult = + new WSHandlerResult(null, signedResults, + Collections.singletonMap(WSConstants.SIGN, signedResults)); handlerResults.add(handlerResult); WebServiceContext context = validatorParameters.getWebServiceContext();
