Author: coheigea
Date: Tue Jul 2 14:42:08 2019
New Revision: 1862433
URL: http://svn.apache.org/viewvc?rev=1862433&view=rev
Log:
Changing some warnings to log at warn rather than fine
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/AlgorithmSuiteValidator.java
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/DateUtil.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/UsernameTokenValidator.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DecryptInputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSEncryptedKeyInputHandler.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSSignatureInputHandler.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/UsernameTokenValidatorImpl.java
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/AlgorithmSuiteValidator.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/AlgorithmSuiteValidator.java?rev=1862433&r1=1862432&r2=1862433&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/AlgorithmSuiteValidator.java
(original)
+++
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/AlgorithmSuiteValidator.java
Tue Jul 2 14:42:08 2019
@@ -56,7 +56,7 @@ public class AlgorithmSuiteValidator {
Set<String> allowedSignatureMethods =
algorithmSuite.getSignatureMethods();
if (!allowedSignatureMethods.isEmpty()
&& !allowedSignatureMethods.contains(signatureMethod)) {
- LOG.debug(
+ LOG.warn(
"SignatureMethod " + signatureMethod + " does not match
required values"
);
throw new
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
@@ -71,7 +71,7 @@ public class AlgorithmSuiteValidator {
) throws WSSecurityException {
Set<String> allowedC14nAlgorithms = algorithmSuite.getC14nAlgorithms();
if (!allowedC14nAlgorithms.isEmpty() &&
!allowedC14nAlgorithms.contains(c14nAlgorithm)) {
- LOG.debug(
+ LOG.warn(
"C14nMethod " + c14nAlgorithm + " does not match required
value"
);
throw new
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
@@ -101,7 +101,7 @@ public class AlgorithmSuiteValidator {
Set<String> allowedDigestAlgorithms =
algorithmSuite.getDigestAlgorithms();
if (!allowedDigestAlgorithms.isEmpty()
&& !allowedDigestAlgorithms.contains(digestMethod)) {
- LOG.debug(
+ LOG.warn(
"DigestMethod " + digestMethod + " does not match required
value"
);
throw new
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
@@ -115,7 +115,7 @@ public class AlgorithmSuiteValidator {
algorithmSuite.getTransformAlgorithms();
if (!allowedTransformAlgorithms.isEmpty()
&& !allowedTransformAlgorithms.contains(algorithm)) {
- LOG.debug(
+ LOG.warn(
"Transform method " + algorithm + " does not match
required value"
);
throw new
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
@@ -130,7 +130,7 @@ public class AlgorithmSuiteValidator {
Set<String> keyWrapAlgorithms = algorithmSuite.getKeyWrapAlgorithms();
if (!keyWrapAlgorithms.isEmpty()
&& !keyWrapAlgorithms.contains(keyWrapAlgorithm)) {
- LOG.debug(
+ LOG.warn(
"The Key transport method does not match the requirement"
);
throw new
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
@@ -143,7 +143,7 @@ public class AlgorithmSuiteValidator {
Set<String> encryptionMethods = algorithmSuite.getEncryptionMethods();
if (!encryptionMethods.isEmpty()
&& !encryptionMethods.contains(symmetricAlgorithm)) {
- LOG.debug(
+ LOG.warn(
"The encryption algorithm does not match the requirement"
);
throw new
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
@@ -191,7 +191,7 @@ public class AlgorithmSuiteValidator {
int modulus = ((RSAPublicKey)publicKey).getModulus().bitLength();
if (modulus < algorithmSuite.getMinimumAsymmetricKeyLength()
|| modulus > algorithmSuite.getMaximumAsymmetricKeyLength()) {
- LOG.debug(
+ LOG.warn(
"The asymmetric key length does not match the requirement"
);
throw new
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
@@ -200,13 +200,13 @@ public class AlgorithmSuiteValidator {
int length =
((DSAPublicKey)publicKey).getParams().getP().bitLength();
if (length < algorithmSuite.getMinimumAsymmetricKeyLength()
|| length > algorithmSuite.getMaximumAsymmetricKeyLength()) {
- LOG.debug(
+ LOG.warn(
"The asymmetric key length does not match the requirement"
);
throw new
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
}
} else {
- LOG.debug(
+ LOG.warn(
"An unknown public key was provided"
);
throw new
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
@@ -221,7 +221,7 @@ public class AlgorithmSuiteValidator {
) throws WSSecurityException {
if (secretKeyLength < (algorithmSuite.getMinimumSymmetricKeyLength() /
8)
|| secretKeyLength >
(algorithmSuite.getMaximumSymmetricKeyLength() / 8)) {
- LOG.debug(
+ LOG.warn(
"The symmetric key length does not match the requirement"
);
throw new
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
@@ -236,7 +236,7 @@ public class AlgorithmSuiteValidator {
) throws WSSecurityException {
int requiredKeyLength = algorithmSuite.getSignatureDerivedKeyLength();
if (requiredKeyLength > 0 && (derivedKeyLength / 8) !=
requiredKeyLength) {
- LOG.debug(
+ LOG.warn(
"The signature derived key length of " + derivedKeyLength + "
does not match"
+ "the requirement of " + requiredKeyLength
);
@@ -251,7 +251,7 @@ public class AlgorithmSuiteValidator {
) throws WSSecurityException {
int requiredKeyLength = algorithmSuite.getEncryptionDerivedKeyLength();
if (requiredKeyLength > 0 && (derivedKeyLength / 8) !=
requiredKeyLength) {
- LOG.debug(
+ LOG.warn(
"The encryption derived key length of " + derivedKeyLength + "
does not match"
+ "the requirement of " + requiredKeyLength
);
@@ -267,7 +267,7 @@ public class AlgorithmSuiteValidator {
Set<String> derivedKeyAlgorithms =
algorithmSuite.getDerivedKeyAlgorithms();
if (!derivedKeyAlgorithms.isEmpty()
&& !derivedKeyAlgorithms.contains(algorithm)) {
- LOG.debug(
+ LOG.warn(
"The Derived Key Algorithm does not match the requirement"
);
throw new
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java?rev=1862433&r1=1862432&r2=1862433&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
(original)
+++
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
Tue Jul 2 14:42:08 2019
@@ -829,13 +829,13 @@ public class SamlAssertionWrapper {
DateTime currentTime = new DateTime();
currentTime = currentTime.plusSeconds(futureTTL);
if (validFrom.isAfter(currentTime)) {
- LOG.debug("SAML Token condition (Not Before) not met");
+ LOG.warn("SAML Token condition (Not Before) not met");
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
}
}
if (validTill != null && validTill.isBeforeNow()) {
- LOG.debug("SAML Token condition (Not On Or After) not met");
+ LOG.warn("SAML Token condition (Not On Or After) not met");
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
}
}
@@ -861,7 +861,7 @@ public class SamlAssertionWrapper {
if (issueInstant != null) {
DateTime currentTime = new DateTime().plusSeconds(futureTTL);
if (issueInstant.isAfter(currentTime)) {
- LOG.debug("SAML Token IssueInstant not met");
+ LOG.warn("SAML Token IssueInstant not met");
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
}
@@ -870,7 +870,7 @@ public class SamlAssertionWrapper {
currentTime = new DateTime().minusSeconds(ttl);
if (issueInstant.isBefore(currentTime)) {
- LOG.debug("SAML Token IssueInstant not met. The assertion
was created too long ago.");
+ LOG.warn("SAML Token IssueInstant not met. The assertion
was created too long ago.");
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
}
}
@@ -987,13 +987,13 @@ public class SamlAssertionWrapper {
DateTime currentTime = new DateTime();
currentTime = currentTime.plusSeconds(futureTTL);
if (authnInstant.isAfter(currentTime)) {
- LOG.debug("SAML Token AuthnInstant not met");
+ LOG.warn("SAML Token AuthnInstant not met");
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
}
// Stale SessionNotOnOrAfter
if (sessionNotOnOrAfter != null && sessionNotOnOrAfter.isBeforeNow()) {
- LOG.debug("SAML Token SessionNotOnOrAfter not met");
+ LOG.warn("SAML Token SessionNotOnOrAfter not met");
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
}
@@ -1001,7 +1001,7 @@ public class SamlAssertionWrapper {
if (subjectLocalityAddress != null
&& !(InetAddressUtils.isIPv4Address(subjectLocalityAddress)
|| InetAddressUtils.isIPv6Address(subjectLocalityAddress))) {
- LOG.debug("SAML Token SubjectLocality address is not valid: " +
subjectLocalityAddress);
+ LOG.warn("SAML Token SubjectLocality address is not valid: " +
subjectLocalityAddress);
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
}
}
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/DateUtil.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/DateUtil.java?rev=1862433&r1=1862432&r2=1862433&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/DateUtil.java
(original)
+++
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/DateUtil.java
Tue Jul 2 14:42:08 2019
@@ -23,12 +23,12 @@ import java.time.Instant;
import java.time.format.DateTimeFormatter;
public final class DateUtil {
-
+
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(DateUtil.class);
-
+
private static final DateTimeFormatter MILLISECOND_FORMATTER =
DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'");
-
+
private static final DateTimeFormatter SECOND_FORMATTER =
DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss'Z'");
private DateUtil() {
@@ -54,20 +54,20 @@ public final class DateUtil {
Instant validCreation = Instant.now();
if (futureTimeToLive > 0) {
- validCreation = validCreation.plusSeconds((long)futureTimeToLive);
+ validCreation = validCreation.plusSeconds(futureTimeToLive);
}
// Check to see if the created time is in the future
if (created.isAfter(validCreation)) {
- LOG.debug("Validation of Created: The message was created in the
future!");
+ LOG.warn("Validation of Created: The message was created in the
future!");
return false;
}
// Calculate the time that is allowed for the message to travel
- validCreation = Instant.now().minusSeconds((long)timeToLive);
+ validCreation = Instant.now().minusSeconds(timeToLive);
// Validate the time it took the message to travel
if (created.isBefore(validCreation)) {
- LOG.debug("Validation of Created: The message was created too long
ago");
+ LOG.warn("Validation of Created: The message was created too long
ago");
return false;
}
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java?rev=1862433&r1=1862432&r2=1862433&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java
(original)
+++
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java
Tue Jul 2 14:42:08 2019
@@ -583,7 +583,7 @@ public class UsernameToken {
*/
public byte[] getDerivedKey(BSPEnforcer bspEnforcer, String rawPassword)
throws WSSecurityException {
if (rawPassword == null) {
- LOG.debug("The raw password was null");
+ LOG.warn("The raw password was null");
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java?rev=1862433&r1=1862432&r2=1862433&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
(original)
+++
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
Tue Jul 2 14:42:08 2019
@@ -570,7 +570,7 @@ public class EncryptedKeyProcessor imple
// EncryptionAlgorithm cannot be null
if (symEncAlgo == null) {
- LOG.debug("No encryption algorithm was specified in the request");
+ LOG.warn("No encryption algorithm was specified in the request");
throw new
WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM,
"badEncAlgo",
new Object[] {null});
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java?rev=1862433&r1=1862432&r2=1862433&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
(original)
+++
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
Tue Jul 2 14:42:08 2019
@@ -375,7 +375,7 @@ public class SignatureProcessor implemen
// Log the exact signature error
//
if (LOG.isDebugEnabled()) {
- LOG.debug("XML Signature verification has failed");
+ LOG.warn("XML Signature verification has failed");
boolean signatureValidationCheck =
xmlSignature.getSignatureValue().validate(context);
LOG.debug("Signature Validation check: " +
signatureValidationCheck);
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java?rev=1862433&r1=1862432&r2=1862433&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java
(original)
+++
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java
Tue Jul 2 14:42:08 2019
@@ -134,11 +134,11 @@ public class SamlAssertionValidator exte
List<String> methods = samlAssertion.getConfirmationMethods();
if (methods == null || methods.isEmpty()) {
if (requiredSubjectConfirmationMethod != null) {
- LOG.debug("A required subject confirmation method was not
present");
+ LOG.warn("A required subject confirmation method was not
present");
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
} else if (requireStandardSubjectConfirmationMethod) {
- LOG.debug("A standard subject confirmation method was not
present");
+ LOG.warn("A standard subject confirmation method was not
present");
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
}
@@ -150,13 +150,13 @@ public class SamlAssertionValidator exte
for (String method : methods) {
if (OpenSAMLUtil.isMethodHolderOfKey(method)) {
if (samlAssertion.getSubjectKeyInfo() == null) {
- LOG.debug("There is no Subject KeyInfo to match the
holder-of-key subject conf method");
+ LOG.warn("There is no Subject KeyInfo to match the
holder-of-key subject conf method");
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noKeyInSAMLToken");
}
// The assertion must have been signed for HOK
if (!signed) {
- LOG.debug("A holder-of-key assertion must be signed");
+ LOG.warn("A holder-of-key assertion must be signed");
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
}
standardMethodFound = true;
@@ -170,7 +170,7 @@ public class SamlAssertionValidator exte
|| SAML1Constants.CONF_BEARER.equals(method)) {
standardMethodFound = true;
if (requireBearerSignature && !signed) {
- LOG.debug("A Bearer Assertion was not signed");
+ LOG.warn("A Bearer Assertion was not signed");
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
}
@@ -182,13 +182,13 @@ public class SamlAssertionValidator exte
}
if (!requiredMethodFound && requiredSubjectConfirmationMethod != null)
{
- LOG.debug("A required subject confirmation method was not
present");
+ LOG.warn("A required subject confirmation method was not present");
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
}
if (!standardMethodFound && requireStandardSubjectConfirmationMethod) {
- LOG.debug("A standard subject confirmation method was not
present");
+ LOG.warn("A standard subject confirmation method was not present");
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
}
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/UsernameTokenValidator.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/UsernameTokenValidator.java?rev=1862433&r1=1862432&r2=1862433&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/UsernameTokenValidator.java
(original)
+++
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/UsernameTokenValidator.java
Tue Jul 2 14:42:08 2019
@@ -72,7 +72,7 @@ public class UsernameTokenValidator impl
LOG.debug("UsernameToken password type {}", pwType);
if (requiredPasswordType != null &&
!requiredPasswordType.equals(pwType)) {
- LOG.debug("Authentication failed as the received password type
does not "
+ LOG.warn("Authentication failed as the received password type does
not "
+ "match the required password type of: {}",
requiredPasswordType);
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
@@ -90,7 +90,7 @@ public class UsernameTokenValidator impl
verifyPlaintextPassword(usernameToken, data);
} else if (password != null) {
if (!handleCustomPasswordTypes) {
- LOG.debug("Authentication failed as
handleCustomUsernameTokenTypes is false");
+ LOG.warn("Authentication failed as
handleCustomUsernameTokenTypes is false");
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
verifyCustomPassword(usernameToken, data);
@@ -162,7 +162,7 @@ public class UsernameTokenValidator impl
}
String origPassword = pwCb.getPassword();
if (origPassword == null) {
- LOG.debug("Callback supplied no password for: {}", user);
+ LOG.warn("Callback supplied no password for: {}", user);
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
if (usernameToken.isHashed()) {
@@ -195,7 +195,7 @@ public class UsernameTokenValidator impl
boolean allowUsernameTokenDerivedKeys =
data.isAllowUsernameTokenNoPassword();
if (!allowUsernameTokenDerivedKeys) {
- LOG.debug("Authentication failed as the received UsernameToken
does not "
+ LOG.warn("Authentication failed as the received UsernameToken does
not "
+ "contain any password element");
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DecryptInputProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DecryptInputProcessor.java?rev=1862433&r1=1862432&r2=1862433&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DecryptInputProcessor.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DecryptInputProcessor.java
Tue Jul 2 14:42:08 2019
@@ -260,7 +260,7 @@ public class DecryptInputProcessor exten
String encryptionAlgorithm =
encryptedDataType.getEncryptionMethod().getAlgorithm();
if (this.getSecurityProperties().getEncryptionSymAlgorithm() != null
&&
!this.getSecurityProperties().getEncryptionSymAlgorithm().equals(encryptionAlgorithm))
{
- LOG.debug(
+ LOG.warn(
"The Key encryption method does not match the requirement"
);
throw new
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSEncryptedKeyInputHandler.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSEncryptedKeyInputHandler.java?rev=1862433&r1=1862432&r2=1862433&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSEncryptedKeyInputHandler.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSEncryptedKeyInputHandler.java
Tue Jul 2 14:42:08 2019
@@ -56,7 +56,7 @@ public class WSSEncryptedKeyInputHandler
&& encryptionMethodType != null) {
String encryptionMethod = encryptionMethodType.getAlgorithm();
if
(!securityProperties.getEncryptionKeyTransportAlgorithm().equals(encryptionMethod))
{
- LOG.debug(
+ LOG.warn(
"The Key transport method does not match the requirement"
);
throw new
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSSignatureInputHandler.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSSignatureInputHandler.java?rev=1862433&r1=1862432&r2=1862433&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSSignatureInputHandler.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSSignatureInputHandler.java
Tue Jul 2 14:42:08 2019
@@ -68,7 +68,7 @@ public class WSSSignatureInputHandler ex
String algorithm =
signatureType.getSignedInfo().getSignatureMethod().getAlgorithm();
if (securityProperties.getSignatureAlgorithm() != null
&& !securityProperties.getSignatureAlgorithm().equals(algorithm)) {
- LOG.debug(
+ LOG.warn(
"The Signature method does not match the requirement"
);
throw new
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java?rev=1862433&r1=1862432&r2=1862433&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java
Tue Jul 2 14:42:08 2019
@@ -156,11 +156,11 @@ public class SamlTokenValidatorImpl exte
List<String> methods = samlAssertion.getConfirmationMethods();
if (methods == null || methods.isEmpty()) {
if (requiredSubjectConfirmationMethod != null) {
- LOG.debug("A required subject confirmation method was not
present");
+ LOG.warn("A required subject confirmation method was not
present");
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
} else if (requireStandardSubjectConfirmationMethod) {
- LOG.debug("A standard subject confirmation method was not
present");
+ LOG.warn("A standard subject confirmation method was not
present");
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
}
@@ -173,7 +173,7 @@ public class SamlTokenValidatorImpl exte
// The assertion must have been signed for HOK
if (OpenSAMLUtil.isMethodHolderOfKey(method)) {
if (!signed) {
- LOG.debug("A holder-of-key assertion must be signed");
+ LOG.warn("A holder-of-key assertion must be signed");
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
}
@@ -188,7 +188,7 @@ public class SamlTokenValidatorImpl exte
|| SAML1Constants.CONF_BEARER.equals(method)) {
standardMethodFound = true;
if (requireBearerSignature && !signed) {
- LOG.debug("A Bearer Assertion was not signed");
+ LOG.warn("A Bearer Assertion was not signed");
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
}
@@ -200,13 +200,13 @@ public class SamlTokenValidatorImpl exte
}
if (!requiredMethodFound && requiredSubjectConfirmationMethod != null)
{
- LOG.debug("A required subject confirmation method was not
present");
+ LOG.warn("A required subject confirmation method was not present");
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
}
if (!standardMethodFound && requireStandardSubjectConfirmationMethod) {
- LOG.debug("A standard subject confirmation method was not
present");
+ LOG.warn("A standard subject confirmation method was not present");
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
}
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/UsernameTokenValidatorImpl.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/UsernameTokenValidatorImpl.java?rev=1862433&r1=1862432&r2=1862433&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/UsernameTokenValidatorImpl.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/UsernameTokenValidatorImpl.java
Tue Jul 2 14:42:08 2019
@@ -63,14 +63,14 @@ public class UsernameTokenValidatorImpl
tokenContext.getWssSecurityProperties().getUsernameTokenPasswordType();
if (requiredPasswordType != null) {
if (passwordType == null || passwordType.getType() == null) {
- LOG.debug("Authentication failed as the received password type
does not "
+ LOG.warn("Authentication failed as the received password type
does not "
+ "match the required password type of: {}",
requiredPasswordType);
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
WSSConstants.UsernameTokenPasswordType usernameTokenPasswordType =
WSSConstants.UsernameTokenPasswordType.getUsernameTokenPasswordType(passwordType.getType());
if (requiredPasswordType != usernameTokenPasswordType) {
- LOG.debug("Authentication failed as the received password type
does not "
+ LOG.warn("Authentication failed as the received password type
does not "
+ "match the required password type of: {}",
requiredPasswordType);
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
