This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
The following commit(s) were added to refs/heads/master by this push:
new 0f6820a Fixing some code scanning issues
0f6820a is described below
commit 0f6820aafe275c4789afc6731791f6f4700379e9
Author: Colm O hEigeartaigh <[email protected]>
AuthorDate: Mon Oct 19 09:58:31 2020 +0100
Fixing some code scanning issues
---
policy/src/main/java/org/apache/wss4j/policy/SPUtils.java | 2 +-
.../org/apache/wss4j/dom/message/token/KerberosSecurity.java | 2 +-
.../org/apache/wss4j/dom/processor/SAMLTokenProcessor.java | 2 +-
.../org/apache/wss4j/dom/validate/UsernameTokenValidator.java | 2 +-
.../org/apache/wss4j/policy/stax/enforcer/PolicyEnforcer.java | 10 +++++-----
.../processor/input/SecurityTokenReferenceInputHandler.java | 3 +--
.../main/java/org/apache/wss4j/stax/setup/InboundWSSec.java | 8 ++++----
7 files changed, 14 insertions(+), 15 deletions(-)
diff --git a/policy/src/main/java/org/apache/wss4j/policy/SPUtils.java
b/policy/src/main/java/org/apache/wss4j/policy/SPUtils.java
index 561da15..878bdb0 100644
--- a/policy/src/main/java/org/apache/wss4j/policy/SPUtils.java
+++ b/policy/src/main/java/org/apache/wss4j/policy/SPUtils.java
@@ -159,7 +159,7 @@ public final class SPUtils {
public static String getAttribute(Element element, QName attName) {
Attr attr;
- if (attName.getNamespaceURI() == null ||
"".equals(attName.getNamespaceURI())) {
+ if (attName.getNamespaceURI() == null ||
attName.getNamespaceURI().length() == 0) {
attr = element.getAttributeNode(attName.getLocalPart());
} else {
attr = element.getAttributeNodeNS(attName.getNamespaceURI(),
attName.getLocalPart());
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/KerberosSecurity.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/KerberosSecurity.java
index 6bbc1ed..875a92c 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/KerberosSecurity.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/KerberosSecurity.java
@@ -260,7 +260,7 @@ public class KerberosSecurity extends BinarySecurity {
}
LOG.debug("Successfully retrieved a service ticket");
- if ("".equals(getValueType())) {
+ if (getValueType().length() == 0) {
setValueType(WSConstants.WSS_GSS_KRB_V5_AP_REQ);
}
}
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java
index b27e889..5092bfd 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java
@@ -256,7 +256,7 @@ public class SAMLTokenProcessor implements Processor {
for (Object refObject : xmlSignature.getSignedInfo().getReferences()) {
Reference reference = (Reference)refObject;
- if ("".equals(reference.getURI())
+ if (reference.getURI() == null || reference.getURI().length() == 0
|| reference.getURI().equals(samlAssertion.getId())
|| reference.getURI().equals("#" + samlAssertion.getId())) {
WSDataRef ref = new WSDataRef();
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/UsernameTokenValidator.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/UsernameTokenValidator.java
index a3a0d3c..90a14a2 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/UsernameTokenValidator.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/UsernameTokenValidator.java
@@ -88,7 +88,7 @@ public class UsernameTokenValidator implements Validator {
if (usernameToken.isHashed()) {
verifyDigestPassword(usernameToken, data);
} else if (WSConstants.PASSWORD_TEXT.equals(pwType)
- || password != null && (pwType == null ||
"".equals(pwType.trim()))) {
+ || password != null && (pwType == null || pwType.trim().length()
== 0)) {
verifyPlaintextPassword(usernameToken, data);
} else if (password != null) {
if (!handleCustomPasswordTypes) {
diff --git
a/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyEnforcer.java
b/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyEnforcer.java
index 45d1ff1..ea266fc 100644
---
a/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyEnforcer.java
+++
b/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyEnforcer.java
@@ -188,12 +188,12 @@ public class PolicyEnforcer implements
SecurityEventListener {
while (operationPolicyIterator.hasNext()) {
OperationPolicy operationPolicy = operationPolicyIterator.next();
- if (operationPolicy.getOperationName() != null) {
- if
(soapOperationName.equals(operationPolicy.getOperationName())) {
+ QName operationName = operationPolicy.getOperationName();
+ if (operationName != null) {
+ if (soapOperationName.equals(operationName)) {
return operationPolicy;
- } else if
("".equals(operationPolicy.getOperationName().getNamespaceURI())
- && soapOperationName.getLocalPart().equals(
- operationPolicy.getOperationName().getLocalPart())) {
+ } else if ((operationName.getNamespaceURI() == null ||
operationName.getNamespaceURI().length() == 0)
+ &&
soapOperationName.getLocalPart().equals(operationName.getLocalPart())) {
noNamespaceOperation = operationPolicy;
}
}
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SecurityTokenReferenceInputHandler.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SecurityTokenReferenceInputHandler.java
index 1e8b61c..aaeb891 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SecurityTokenReferenceInputHandler.java
+++
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SecurityTokenReferenceInputHandler.java
@@ -162,9 +162,8 @@ public class SecurityTokenReferenceInputHandler extends
AbstractInputSecurityHea
SecurityTokenProvider<? extends
InboundSecurityToken> securityTokenProvider =
inputProcessorChain.getSecurityContext().getSecurityTokenProvider(attributeValue);
- InboundSecurityToken securityToken =
securityTokenProvider.getSecurityToken();
return this.securityToken = new
SecurityTokenReferenceImpl(
- securityToken,
+
securityTokenProvider.getSecurityToken(),
xmlSecEventList,
(WSInboundSecurityContext)
inputProcessorChain.getSecurityContext(),
securityTokenReferenceId,
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/InboundWSSec.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/InboundWSSec.java
index f62e382..bdb86eb 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/InboundWSSec.java
+++
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/InboundWSSec.java
@@ -105,7 +105,7 @@ public class InboundWSSec {
* @param xmlStreamReader The original XMLStreamReader
* @return A new XMLStreamReader which does transparently the security
processing.
* @throws XMLStreamException thrown when a streaming error occurs
- * @throws XMLSecurityException
+ * @throws WSSecurityException
*/
public XMLStreamReader processInMessage(
XMLStreamReader xmlStreamReader) throws XMLStreamException,
WSSecurityException {
@@ -127,7 +127,7 @@ public class InboundWSSec {
* @param xmlStreamReader The original XMLStreamReader
* @return A new XMLStreamReader which does transparently the security
processing.
* @throws XMLStreamException thrown when a streaming error occurs
- * @throws XMLSecurityException
+ * @throws WSSecurityException
*/
public XMLStreamReader processInMessage(
XMLStreamReader xmlStreamReader, List<SecurityEvent>
requestSecurityEvents
@@ -151,7 +151,7 @@ public class InboundWSSec {
* @param securityEventListener A SecurityEventListener to receive
security-relevant events.
* @return A new XMLStreamReader which does transparently the security
processing.
* @throws XMLStreamException thrown when a streaming error occurs
- * @throws XMLSecurityException
+ * @throws WSSecurityException
*/
public XMLStreamReader processInMessage(
XMLStreamReader xmlStreamReader, List<SecurityEvent>
requestSecurityEvents,
@@ -175,7 +175,7 @@ public class InboundWSSec {
* @param securityEventListeners A list of SecurityEventListeners to
receive security-relevant events.
* @return A new XMLStreamReader which does transparently the security
processing.
* @throws XMLStreamException thrown when a streaming error occurs
- * @throws XMLSecurityException
+ * @throws WSSecurityException
*/
public XMLStreamReader processInMessage(
XMLStreamReader xmlStreamReader, List<SecurityEvent>
requestSecurityEvents,
