[CXF-6525] - Support for
http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Only
when using WSS-Policy. Thanks to Christian Koch for the patch. Tests added.
Conflicts:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6336e4a6
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6336e4a6
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6336e4a6
Branch: refs/heads/3.0.x-fixes
Commit: 6336e4a60ed6cfe5a2ab3aea78c6556a359d7c3c
Parents: 63d9858
Author: Colm O hEigeartaigh <[email protected]>
Authored: Fri Aug 7 15:39:15 2015 +0100
Committer: Colm O hEigeartaigh <[email protected]>
Committed: Fri Aug 7 15:44:29 2015 +0100
----------------------------------------------------------------------
.../cxf/ws/security/SecurityConstants.java | 16 ++++++++++-
.../policyhandlers/AbstractBindingBuilder.java | 17 +++++++++++-
.../AbstractStaxBindingHandler.java | 4 +++
.../cxf/systest/ws/swa/SWAPolicyTest.java | 29 ++++++++++++++++++++
.../apache/cxf/systest/ws/swa/DoubleItSwa.wsdl | 3 ++
.../apache/cxf/systest/ws/swa/policy-client.xml | 8 ++++++
.../apache/cxf/systest/ws/swa/policy-server.xml | 11 ++++++++
.../cxf/systest/ws/swa/stax-policy-server.xml | 12 ++++++++
8 files changed, 98 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/6336e4a6/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
----------------------------------------------------------------------
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
index 72d8f55..c00f0ae 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
@@ -252,6 +252,15 @@ public final class SecurityConstants {
* skipped. MTOM must be enabled for this to work. This only applies to
the DOM WS-Security stack.
*/
public static final String STORE_BYTES_IN_ATTACHMENT =
"ws-security.store.bytes.in.attachment";
+
+ /**
+ * This configuration flag allows the user to decide whether the default
Attachment-Complete
+ * transform or the Attachment-Content-Only transform should be used when
an Attachment is encrypted
+ * via a WS-SecurityPolicy expression. The default is "false", meaning
that the "complete"
+ * transformation is used.
+ */
+ public static final String
USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM =
+ "ws-security.swa.encryption.attachment.transform.content";
//
// Non-boolean WS-Security Configuration parameters
@@ -373,7 +382,7 @@ public final class SecurityConstants {
*/
public static final String ASYMMETRIC_SIGNATURE_ALGORITHM =
"ws-security.asymmetric.signature.algorithm";
-
+
/**
* This holds a reference to a PasswordEncryptor instance, which is used
to encrypt or
* decrypt passwords in the Merlin Crypto implementation (or any custom
Crypto implementations).
@@ -657,8 +666,13 @@ public final class SecurityConstants {
CACHE_IDENTIFIER, CACHE_ISSUED_TOKEN_IN_ENDPOINT,
PREFER_WSMEX_OVER_STS_CLIENT_CONFIG,
DELEGATED_CREDENTIAL, KERBEROS_USE_CREDENTIAL_DELEGATION,
KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM,
STS_TOKEN_IMMINENT_EXPIRY_VALUE,
+<<<<<<< HEAD
KERBEROS_REQUEST_CREDENTIAL_DELEGATION,
ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL,
AUDIENCE_RESTRICTION_VALIDATION, STORE_BYTES_IN_ATTACHMENT
+=======
+ KERBEROS_REQUEST_CREDENTIAL_DELEGATION, POLICY_VALIDATOR_MAP,
+ STORE_BYTES_IN_ATTACHMENT,
USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM
+>>>>>>> eafa719... [CXF-6525] - Support for
http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Only
when using WSS-Policy. Thanks to Christian Koch for the patch. Tests added.
}));
ALL_PROPERTIES = Collections.unmodifiableSet(s);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/6336e4a6/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index 072b2ae..f084f99 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -169,7 +169,12 @@ public abstract class AbstractBindingBuilder extends
AbstractCommonBindingHandle
protected Element topDownElement;
protected Element bstElement;
protected Element lastEncryptedKeyElement;
+<<<<<<< HEAD
+=======
+
+ protected final CallbackLookup callbackLookup;
+>>>>>>> eafa719... [CXF-6525] - Support for
http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Only
when using WSS-Policy. Thanks to Christian Koch for the patch. Tests added.
protected boolean storeBytesInAttachment;
private Element lastSupportingTokenElement;
@@ -1087,11 +1092,21 @@ public abstract class AbstractBindingBuilder extends
AbstractCommonBindingHandle
"Header");
signedParts.add(wep);
}
-
+
Attachments attachments = parts.getAttachments();
if (attachments != null) {
+<<<<<<< HEAD
WSEncryptionPart wep = new WSEncryptionPart("cid:Attachments",
"Element");
signedParts.add(wep);
+=======
+ String encModifier = "Element";
+ if (MessageUtils.getContextualBoolean(
+ message,
SecurityConstants.USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM, false)) {
+ encModifier = "Content";
+ }
+ WSEncryptionPart wep = new WSEncryptionPart("cid:Attachments",
encModifier);
+ securedParts.add(wep);
+>>>>>>> eafa719... [CXF-6525] - Support for
http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Only
when using WSS-Policy. Thanks to Christian Koch for the patch. Tests added.
}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/6336e4a6/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
----------------------------------------------------------------------
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
index fb12cbe..b1f59c3cb 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
@@ -938,6 +938,10 @@ public abstract class AbstractStaxBindingHandler extends
AbstractCommonBindingHa
Attachments attachments = parts.getAttachments();
if (attachments != null) {
SecurePart securePart = new SecurePart("cid:Attachments",
Modifier.Element);
+ if (MessageUtils.getContextualBoolean(
+ message,
SecurityConstants.USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM, false)) {
+ securePart.setModifier(Modifier.Content);
+ }
securePart.setRequired(false);
encryptedParts.add(securePart);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/6336e4a6/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/SWAPolicyTest.java
----------------------------------------------------------------------
diff --git
a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/SWAPolicyTest.java
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/SWAPolicyTest.java
index 99ef60e..0cac3cc 100644
---
a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/SWAPolicyTest.java
+++
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/SWAPolicyTest.java
@@ -176,6 +176,35 @@ public class SWAPolicyTest extends
AbstractBusClientServerTestBase {
}
@org.junit.Test
+ public void testSWAEncryptionContentPolicy() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = SWAPolicyTest.class.getResource("policy-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = SWAPolicyTest.class.getResource("DoubleItSwa.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE,
"DoubleItSWAEncryptionContentPolicyPort");
+ DoubleItSwaPortType port =
+ service.getPort(portQName, DoubleItSwaPortType.class);
+ updateAddressPort(port, test.getPort());
+
+ if (test.isStreaming()) {
+ enableStreaming(port);
+ }
+
+ DoubleIt3 doubleIt = new DoubleIt3();
+ doubleIt.setNumberToDouble(25);
+ port.doubleIt3(doubleIt, "12345".getBytes());
+
+ ((java.io.Closeable)port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
public void testSWACombinedPolicy() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
http://git-wip-us.apache.org/repos/asf/cxf/blob/6336e4a6/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/DoubleItSwa.wsdl
----------------------------------------------------------------------
diff --git
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/DoubleItSwa.wsdl
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/DoubleItSwa.wsdl
index d48f2c7..204bcc2 100644
---
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/DoubleItSwa.wsdl
+++
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/DoubleItSwa.wsdl
@@ -214,6 +214,9 @@
<wsdl:port name="DoubleItSWAEncryptionPolicyPort"
binding="tns:DoubleItEncryptionBinding">
<soap:address
location="http://localhost:9001/DoubleItSWAEncryptionPolicy"/>
</wsdl:port>
+ <wsdl:port name="DoubleItSWAEncryptionContentPolicyPort"
binding="tns:DoubleItEncryptionBinding">
+ <soap:address
location="http://localhost:9001/DoubleItSWAEncryptionContentPolicy"/>
+ </wsdl:port>
<wsdl:port name="DoubleItSWACombinedPolicyPort"
binding="tns:DoubleItCombinedBinding">
<soap:address
location="http://localhost:9001/DoubleItSWACombinedPolicy"/>
</wsdl:port>
http://git-wip-us.apache.org/repos/asf/cxf/blob/6336e4a6/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-client.xml
----------------------------------------------------------------------
diff --git
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-client.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-client.xml
index 91a20da..7bee138 100644
---
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-client.xml
+++
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-client.xml
@@ -46,6 +46,14 @@
</jaxws:properties>
</jaxws:client>
+ <jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItSWAEncryptionContentPolicyPort";
createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="security.encryption.properties"
value="bob.properties"/>
+ <entry key="security.encryption.username" value="bob"/>
+ <entry
key="ws-security.swa.encryption.attachment.transform.content" value="true"/>
+ </jaxws:properties>
+ </jaxws:client>
+
<jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItSWACombinedPolicyPort";
createdFromAPI="true">
<jaxws:properties>
<entry key="ws-security.encryption.properties"
value="bob.properties"/>
http://git-wip-us.apache.org/repos/asf/cxf/blob/6336e4a6/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-server.xml
----------------------------------------------------------------------
diff --git
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-server.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-server.xml
index 12b7180..817cf97 100644
---
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-server.xml
+++
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-server.xml
@@ -59,6 +59,17 @@
</jaxws:properties>
</jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="EncryptionContentPolicy"
+
address="http://localhost:${testutil.ports.swa.PolicyServer}/DoubleItSWAEncryptionContentPolicy";
+ serviceName="s:DoubleItService"
endpointName="s:DoubleItSWAEncryptionContentPolicyPort"
+ implementor="org.apache.cxf.systest.ws.swa.DoubleIt3Impl"
+ wsdlLocation="org/apache/cxf/systest/ws/swa/DoubleItSwa.wsdl">
+ <jaxws:properties>
+ <entry key="security.callback-handler"
value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+ <entry key="security.signature.properties" value="bob.properties"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+
<jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="CombinedPolicy"
address="http://localhost:${testutil.ports.swa.PolicyServer}/DoubleItSWACombinedPolicy";
serviceName="s:DoubleItService"
endpointName="s:DoubleItSWACombinedPolicyPort"
http://git-wip-us.apache.org/repos/asf/cxf/blob/6336e4a6/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/stax-policy-server.xml
----------------------------------------------------------------------
diff --git
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/stax-policy-server.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/stax-policy-server.xml
index b96a776..c587417 100644
---
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/stax-policy-server.xml
+++
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/stax-policy-server.xml
@@ -62,6 +62,18 @@
</jaxws:properties>
</jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="EncryptionContentPolicy"
+
address="http://localhost:${testutil.ports.swa.StaxPolicyServer}/DoubleItSWAEncryptionContentPolicy";
+ serviceName="s:DoubleItService"
endpointName="s:DoubleItSWAEncryptionContentPolicyPort"
+ implementor="org.apache.cxf.systest.ws.swa.DoubleIt3Impl"
+ wsdlLocation="org/apache/cxf/systest/ws/swa/DoubleItSwa.wsdl">
+ <jaxws:properties>
+ <entry key="security.callback-handler"
value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+ <entry key="security.signature.properties" value="bob.properties"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+
<jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="CombinedPolicy"
address="http://localhost:${testutil.ports.swa.StaxPolicyServer}/DoubleItSWACombinedPolicy";
serviceName="s:DoubleItService"
endpointName="s:DoubleItSWACombinedPolicyPort"
