This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
The following commit(s) were added to refs/heads/master by this push:
new b631d7b SANTUARIO-555 Made order of output processors in a chain
deterministic and intuitive (#15)
b631d7b is described below
commit b631d7bbb217a23695a8672f9fe1584fe08e7f78
Author: Peter De Maeyer <[email protected]>
AuthorDate: Fri Dec 11 08:11:45 2020 +0100
SANTUARIO-555 Made order of output processors in a chain deterministic and
intuitive (#15)
---
.gitignore | 3 +
.../output/BinarySecurityTokenOutputProcessor.java | 9 +--
.../output/CustomTokenOutputProcessor.java | 2 +-
.../output/DerivedKeyTokenOutputProcessor.java | 2 +-
.../processor/output/EncryptOutputProcessor.java | 4 +-
.../output/EncryptedKeyOutputProcessor.java | 12 +--
.../processor/output/SAMLTokenOutputProcessor.java | 5 +-
.../SecurityContextTokenOutputProcessor.java | 2 +-
.../processor/output/TimestampOutputProcessor.java | 1 -
.../output/UsernameTokenOutputProcessor.java | 5 +-
.../output/WSSSignatureEndingOutputProcessor.java | 2 +-
.../output/WSSSignatureOutputProcessor.java | 4 +-
.../org/apache/wss4j/stax/setup/OutboundWSSec.java | 87 ++++++++++++----------
13 files changed, 75 insertions(+), 63 deletions(-)
diff --git a/.gitignore b/.gitignore
index 52eff50..3a1cddb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,3 +8,6 @@ target/
velocity.log
.pmdruleset.xml
+# IntelliJ
+/.idea/
+**/*.iml
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
index f39efb4..c640675 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
+++
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
@@ -94,7 +94,7 @@ public class BinarySecurityTokenOutputProcessor extends
AbstractOutputProcessor
FinalBinarySecurityTokenOutputProcessor
finalBinarySecurityTokenOutputProcessor =
new
FinalBinarySecurityTokenOutputProcessor(securityToken);
finalBinarySecurityTokenOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
-
finalBinarySecurityTokenOutputProcessor.setAction(getAction());
+
finalBinarySecurityTokenOutputProcessor.setAction(getAction(),
getActionOrder());
finalBinarySecurityTokenOutputProcessor.addBeforeProcessor(WSSSignatureOutputProcessor.class);
finalBinarySecurityTokenOutputProcessor.init(outputProcessorChain);
securityToken.setProcessor(finalBinarySecurityTokenOutputProcessor);
@@ -104,7 +104,7 @@ public class BinarySecurityTokenOutputProcessor extends
AbstractOutputProcessor
FinalBinarySecurityTokenOutputProcessor
finalBinarySecurityTokenOutputProcessor =
new
FinalBinarySecurityTokenOutputProcessor(securityToken);
finalBinarySecurityTokenOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
-
finalBinarySecurityTokenOutputProcessor.setAction(getAction());
+
finalBinarySecurityTokenOutputProcessor.setAction(getAction(),
getActionOrder());
finalBinarySecurityTokenOutputProcessor.addBeforeProcessor(WSSSignatureOutputProcessor.class);
finalBinarySecurityTokenOutputProcessor.init(outputProcessorChain);
securityToken.setProcessor(finalBinarySecurityTokenOutputProcessor);
@@ -115,7 +115,7 @@ public class BinarySecurityTokenOutputProcessor extends
AbstractOutputProcessor
FinalBinarySecurityTokenOutputProcessor
finalBinarySecurityTokenOutputProcessor =
new
FinalBinarySecurityTokenOutputProcessor(securityToken);
finalBinarySecurityTokenOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
-
finalBinarySecurityTokenOutputProcessor.setAction(getAction());
+
finalBinarySecurityTokenOutputProcessor.setAction(getAction(),
getActionOrder());
finalBinarySecurityTokenOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class);
finalBinarySecurityTokenOutputProcessor.init(outputProcessorChain);
securityToken.setProcessor(finalBinarySecurityTokenOutputProcessor);
@@ -125,9 +125,8 @@ public class BinarySecurityTokenOutputProcessor extends
AbstractOutputProcessor
FinalBinarySecurityTokenOutputProcessor
finalBinarySecurityTokenOutputProcessor =
new
FinalBinarySecurityTokenOutputProcessor(securityToken);
finalBinarySecurityTokenOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
-
finalBinarySecurityTokenOutputProcessor.setAction(getAction());
+
finalBinarySecurityTokenOutputProcessor.setAction(getAction(),
getActionOrder());
finalBinarySecurityTokenOutputProcessor.addBeforeProcessor(WSSSignatureOutputProcessor.class);
-
finalBinarySecurityTokenOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class);
finalBinarySecurityTokenOutputProcessor.init(outputProcessorChain);
securityToken.setProcessor(finalBinarySecurityTokenOutputProcessor);
}
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/CustomTokenOutputProcessor.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/CustomTokenOutputProcessor.java
index f630c35..56df538 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/CustomTokenOutputProcessor.java
+++
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/CustomTokenOutputProcessor.java
@@ -70,7 +70,7 @@ public class CustomTokenOutputProcessor extends
AbstractOutputProcessor {
FinalUnknownTokenOutputProcessor outputProcessor =
new FinalUnknownTokenOutputProcessor(customToken);
outputProcessor.setXMLSecurityProperties(getSecurityProperties());
- outputProcessor.setAction(getAction());
+ outputProcessor.setAction(getAction(), getActionOrder());
outputProcessor.addBeforeProcessor(WSSSignatureOutputProcessor.class);
outputProcessor.addBeforeProcessor(EncryptedKeyOutputProcessor.class);
outputProcessor.init(outputProcessorChain);
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
index 2657ba3..94cbb18 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
+++
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
@@ -182,7 +182,7 @@ public class DerivedKeyTokenOutputProcessor extends
AbstractOutputProcessor {
((WSSSecurityProperties)getSecurityProperties()).isUse200512Namespace(),
wrappingSecurityToken.getSha1Identifier());
finalDerivedKeyTokenOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
- finalDerivedKeyTokenOutputProcessor.setAction(getAction());
+ finalDerivedKeyTokenOutputProcessor.setAction(getAction(),
getActionOrder());
if (wrappingSecurityToken.getProcessor() != null) {
finalDerivedKeyTokenOutputProcessor.addBeforeProcessor(wrappingSecurityToken.getProcessor().getClass());
} else {
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
index b3fe485..a61293b 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
+++
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
@@ -81,7 +81,7 @@ public class EncryptOutputProcessor extends
AbstractEncryptOutputProcessor {
super.init(outputProcessorChain);
EncryptEndingOutputProcessor encryptEndingOutputProcessor = new
EncryptEndingOutputProcessor();
encryptEndingOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
- encryptEndingOutputProcessor.setAction(getAction());
+ encryptEndingOutputProcessor.setAction(getAction(), getActionOrder());
encryptEndingOutputProcessor.init(outputProcessorChain);
}
@@ -129,7 +129,7 @@ public class EncryptOutputProcessor extends
AbstractEncryptOutputProcessor {
securityToken
);
internalEncryptionOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
- internalEncryptionOutputProcessor.setAction(getAction());
+ internalEncryptionOutputProcessor.setAction(getAction(),
getActionOrder());
internalEncryptionOutputProcessor.init(outputProcessorChain);
setActiveInternalEncryptionOutputProcessor(internalEncryptionOutputProcessor);
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java
index 3b5c66f..41c4d5f 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java
+++
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java
@@ -109,7 +109,7 @@ public class EncryptedKeyOutputProcessor extends
AbstractOutputProcessor {
FinalEncryptedKeyOutputProcessor finalEncryptedKeyOutputProcessor =
new
FinalEncryptedKeyOutputProcessor(encryptedKeySecurityToken);
finalEncryptedKeyOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
- finalEncryptedKeyOutputProcessor.setAction(getAction());
+ finalEncryptedKeyOutputProcessor.setAction(getAction(),
getActionOrder());
XMLSecurityConstants.Action action = getAction();
if (WSSConstants.ENCRYPTION.equals(action)) {
if (wrappingSecurityToken.getProcessor() != null) {
@@ -122,7 +122,7 @@ public class EncryptedKeyOutputProcessor extends
AbstractOutputProcessor {
if
(getSecurityProperties().getActions().indexOf(WSSConstants.ENCRYPTION)
<
getSecurityProperties().getActions().indexOf(WSSConstants.SIGNATURE)) {
finalEncryptedKeyOutputProcessor.addBeforeProcessor(WSSSignatureOutputProcessor.class);
-
finalEncryptedKeyOutputProcessor.setAction(WSSConstants.SIGNATURE);
+
finalEncryptedKeyOutputProcessor.setAction(WSSConstants.SIGNATURE,
getActionOrder());
}
finalEncryptedKeyOutputProcessor.setOutputReferenceList(false);
finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
@@ -130,7 +130,7 @@ public class EncryptedKeyOutputProcessor extends
AbstractOutputProcessor {
ReferenceListOutputProcessor referenceListOutputProcessor
= new ReferenceListOutputProcessor();
referenceListOutputProcessor.addBeforeProcessor(finalEncryptedKeyOutputProcessor.getClass());
referenceListOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
- referenceListOutputProcessor.setAction(getAction());
+ referenceListOutputProcessor.setAction(getAction(),
getActionOrder());
referenceListOutputProcessor.init(outputProcessorChain);
} else {
finalEncryptedKeyOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class);
@@ -154,7 +154,7 @@ public class EncryptedKeyOutputProcessor extends
AbstractOutputProcessor {
//hint for the headerReordering processor where to place
the EncryptedKey
if
(getSecurityProperties().getActions().indexOf(WSSConstants.ENCRYPTION_WITH_DERIVED_KEY)
<
getSecurityProperties().getActions().indexOf(WSSConstants.SIGNATURE_WITH_DERIVED_KEY))
{
-
finalEncryptedKeyOutputProcessor.setAction(WSSConstants.SIGNATURE_WITH_DERIVED_KEY);
+
finalEncryptedKeyOutputProcessor.setAction(WSSConstants.SIGNATURE_WITH_DERIVED_KEY,
getActionOrder());
}
finalEncryptedKeyOutputProcessor.setOutputReferenceList(false);
finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
@@ -165,7 +165,7 @@ public class EncryptedKeyOutputProcessor extends
AbstractOutputProcessor {
ReferenceListOutputProcessor referenceListOutputProcessor =
new ReferenceListOutputProcessor();
referenceListOutputProcessor.addBeforeProcessor(finalEncryptedKeyOutputProcessor.getClass());
referenceListOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
- referenceListOutputProcessor.setAction(getAction());
+ referenceListOutputProcessor.setAction(getAction(),
getActionOrder());
referenceListOutputProcessor.init(outputProcessorChain);
} else {
finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
@@ -187,7 +187,7 @@ public class EncryptedKeyOutputProcessor extends
AbstractOutputProcessor {
FinalEncryptedKeyOutputProcessor(OutboundSecurityToken securityToken)
throws XMLSecurityException {
super();
- this.addAfterProcessor(FinalEncryptedKeyOutputProcessor.class);
+ this.addAfterProcessor(EncryptedKeyOutputProcessor.class);
this.securityToken = securityToken;
}
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java
index ccc3d86..6eab257 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java
+++
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java
@@ -70,6 +70,7 @@ public class SAMLTokenOutputProcessor extends
AbstractOutputProcessor {
public SAMLTokenOutputProcessor() throws XMLSecurityException {
super();
+ addBeforeProcessor(BinarySecurityTokenOutputProcessor.class);
addBeforeProcessor(WSSSignatureOutputProcessor.class);
}
@@ -137,6 +138,7 @@ public class SAMLTokenOutputProcessor extends
AbstractOutputProcessor {
finalSAMLTokenOutputProcessor = new
FinalSAMLTokenOutputProcessor(securityToken, samlAssertionWrapper,
securityTokenReferenceId, senderVouches, includeSTR);
+ finalSAMLTokenOutputProcessor.setAction(getAction(),
getActionOrder());
securityToken.setProcessor(finalSAMLTokenOutputProcessor);
@@ -207,7 +209,7 @@ public class SAMLTokenOutputProcessor extends
AbstractOutputProcessor {
}
finalSAMLTokenOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
- finalSAMLTokenOutputProcessor.setAction(action);
+ finalSAMLTokenOutputProcessor.setAction(action, getActionOrder());
finalSAMLTokenOutputProcessor.init(outputProcessorChain);
if (includeSTR) {
@@ -434,6 +436,7 @@ public class SAMLTokenOutputProcessor extends
AbstractOutputProcessor {
super();
this.addAfterProcessor(UsernameTokenOutputProcessor.class);
this.addAfterProcessor(SAMLTokenOutputProcessor.class);
+ this.addBeforeProcessor(WSSSignatureOutputProcessor.class);
this.samlAssertionWrapper = samlAssertionWrapper;
this.securityTokenReferenceId = securityTokenReferenceId;
this.senderVouches = senderVouches;
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java
index 7df5123..ab0390d 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java
+++
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java
@@ -108,7 +108,7 @@ public class SecurityContextTokenOutputProcessor extends
AbstractOutputProcessor
new
FinalSecurityContextTokenOutputProcessor(securityContextSecurityToken,
identifier,
((WSSSecurityProperties)getSecurityProperties()).isUse200512Namespace());
finalSecurityContextTokenOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
- finalSecurityContextTokenOutputProcessor.setAction(getAction());
+ finalSecurityContextTokenOutputProcessor.setAction(getAction(),
getActionOrder());
XMLSecurityConstants.Action action = getAction();
if (WSSConstants.SIGNATURE_WITH_DERIVED_KEY.equals(action)) {
outputProcessorChain.getSecurityContext().put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_DERIVED_KEY,
wsuId);
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/TimestampOutputProcessor.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/TimestampOutputProcessor.java
index 062b8be..a740d08 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/TimestampOutputProcessor.java
+++
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/TimestampOutputProcessor.java
@@ -38,7 +38,6 @@ public class TimestampOutputProcessor extends
AbstractOutputProcessor {
public TimestampOutputProcessor() throws XMLSecurityException {
super();
- addBeforeProcessor(UsernameTokenOutputProcessor.class);
addBeforeProcessor(WSSSignatureOutputProcessor.class);
addBeforeProcessor(EncryptOutputProcessor.class);
}
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
index 8d1538c..f4136da 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
+++
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
@@ -48,7 +48,6 @@ public class UsernameTokenOutputProcessor extends
AbstractOutputProcessor {
public UsernameTokenOutputProcessor() throws XMLSecurityException {
super();
- addAfterProcessor(TimestampOutputProcessor.class);
addBeforeProcessor(WSSSignatureOutputProcessor.class);
addBeforeProcessor(EncryptOutputProcessor.class);
}
@@ -137,8 +136,9 @@ public class UsernameTokenOutputProcessor extends
AbstractOutputProcessor {
}
final FinalUsernameTokenOutputProcessor
finalUsernameTokenOutputProcessor =
new FinalUsernameTokenOutputProcessor(wsuId, nonceValue,
password, createdStr, salt, derivedIterations, getAction());
+
getBeforeProcessors().forEach(finalUsernameTokenOutputProcessor::addBeforeProcessor);
finalUsernameTokenOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
- finalUsernameTokenOutputProcessor.setAction(getAction());
+ finalUsernameTokenOutputProcessor.setAction(getAction(),
getActionOrder());
finalUsernameTokenOutputProcessor.init(outputProcessorChain);
} finally {
@@ -163,7 +163,6 @@ public class UsernameTokenOutputProcessor extends
AbstractOutputProcessor {
throws XMLSecurityException {
super();
this.addAfterProcessor(UsernameTokenOutputProcessor.class);
- this.addAfterProcessor(UsernameTokenOutputProcessor.class);
this.wsuId = wsuId;
this.nonceValue = nonceValue;
this.password = password;
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java
index 8da2188..23dad40 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java
+++
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java
@@ -66,7 +66,7 @@ public class WSSSignatureEndingOutputProcessor extends
AbstractSignatureEndingOu
this.signedInfoProcessor = new SignedInfoProcessor(signatureAlgorithm,
signatureId, xmlSecStartElement);
this.signedInfoProcessor.setXMLSecurityProperties(getSecurityProperties());
- this.signedInfoProcessor.setAction(getAction());
+ this.signedInfoProcessor.setAction(getAction(), getActionOrder());
this.signedInfoProcessor.addAfterProcessor(WSSSignatureEndingOutputProcessor.class);
this.signedInfoProcessor.init(outputProcessorChain);
return this.signedInfoProcessor;
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureOutputProcessor.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureOutputProcessor.java
index 1c27c80..ea98e32 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureOutputProcessor.java
+++
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureOutputProcessor.java
@@ -70,7 +70,7 @@ public class WSSSignatureOutputProcessor extends
AbstractSignatureOutputProcesso
super.init(outputProcessorChain);
WSSSignatureEndingOutputProcessor signatureEndingOutputProcessor = new
WSSSignatureEndingOutputProcessor(this);
signatureEndingOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
- signatureEndingOutputProcessor.setAction(getAction());
+ signatureEndingOutputProcessor.setAction(getAction(),
getActionOrder());
signatureEndingOutputProcessor.init(outputProcessorChain);
}
@@ -129,7 +129,7 @@ public class WSSSignatureOutputProcessor extends
AbstractSignatureOutputProcesso
InternalSignatureOutputProcessor
internalSignatureOutputProcessor =
new
InternalWSSSignatureOutputProcessor(signaturePartDef, xmlSecStartElement);
internalSignatureOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
- internalSignatureOutputProcessor.setAction(getAction());
+ internalSignatureOutputProcessor.setAction(getAction(),
getActionOrder());
internalSignatureOutputProcessor.addAfterProcessor(WSSSignatureOutputProcessor.class);
internalSignatureOutputProcessor.addBeforeProcessor(WSSSignatureEndingOutputProcessor.class);
internalSignatureOutputProcessor.init(outputProcessorChain);
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/OutboundWSSec.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/OutboundWSSec.java
index a19cbac..0efef73 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/OutboundWSSec.java
+++
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/OutboundWSSec.java
@@ -175,7 +175,7 @@ public class OutboundWSSec {
try {
final SecurityHeaderOutputProcessor securityHeaderOutputProcessor
= new SecurityHeaderOutputProcessor();
- initializeOutputProcessor(outputProcessorChain,
securityHeaderOutputProcessor, null);
+ initializeOutputProcessor(outputProcessorChain,
securityHeaderOutputProcessor, null, -1);
ConfiguredAction configuredAction =
configureActions(outputProcessorChain);
@@ -206,15 +206,15 @@ public class OutboundWSSec {
}
final SecurityHeaderReorderProcessor
securityHeaderReorderProcessor = new SecurityHeaderReorderProcessor();
- initializeOutputProcessor(outputProcessorChain,
securityHeaderReorderProcessor, null);
+ initializeOutputProcessor(outputProcessorChain,
securityHeaderReorderProcessor, null, -1);
if (output instanceof OutputStream) {
final FinalOutputProcessor finalOutputProcessor = new
FinalOutputProcessor((OutputStream) output, encoding);
- initializeOutputProcessor(outputProcessorChain,
finalOutputProcessor, null);
+ initializeOutputProcessor(outputProcessorChain,
finalOutputProcessor, null, -1);
} else if (output instanceof XMLStreamWriter) {
final FinalOutputProcessor finalOutputProcessor = new
FinalOutputProcessor((XMLStreamWriter) output);
- initializeOutputProcessor(outputProcessorChain,
finalOutputProcessor, null);
+ initializeOutputProcessor(outputProcessorChain,
finalOutputProcessor, null, -1);
} else {
throw new IllegalArgumentException(output + " is not supported
as output");
@@ -227,9 +227,17 @@ public class OutboundWSSec {
private void initializeOutputProcessor(
OutputProcessorChainImpl outputProcessorChain, OutputProcessor
outputProcessor,
- XMLSecurityConstants.Action action) throws XMLSecurityException {
+ XMLSecurityConstants.Action action, int actionOrder) throws
XMLSecurityException {
+ if (actionOrder > -1) {
+ outputProcessor.addAfterProcessor(TimestampOutputProcessor.class);
+
outputProcessor.addAfterProcessor(UsernameTokenOutputProcessor.class);
+
outputProcessor.addAfterProcessor(SignatureConfirmationOutputProcessor.class);
+
outputProcessor.addAfterProcessor(CustomTokenOutputProcessor.class);
+
outputProcessor.addAfterProcessor(BinarySecurityTokenOutputProcessor.class);
+ outputProcessor.addAfterProcessor(SAMLTokenOutputProcessor.class);
+ }
outputProcessor.setXMLSecurityProperties(securityProperties);
- outputProcessor.setAction(action);
+ outputProcessor.setAction(action, actionOrder);
outputProcessor.init(outputProcessorChain);
}
@@ -587,63 +595,63 @@ public class OutboundWSSec {
}
}
+ int actionOrder = -1;
for (XMLSecurityConstants.Action action :
securityProperties.getActions()) {
if (WSSConstants.TIMESTAMP.equals(action)) {
final TimestampOutputProcessor timestampOutputProcessor = new
TimestampOutputProcessor();
- initializeOutputProcessor(outputProcessorChain,
timestampOutputProcessor, action);
-
+ initializeOutputProcessor(outputProcessorChain,
timestampOutputProcessor, action, -1);
} else if (WSSConstants.SIGNATURE.equals(action)) {
configuredAction.signatureAction = true;
final BinarySecurityTokenOutputProcessor
binarySecurityTokenOutputProcessor =
new BinarySecurityTokenOutputProcessor();
- initializeOutputProcessor(outputProcessorChain,
binarySecurityTokenOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain,
binarySecurityTokenOutputProcessor, action, -1);
final WSSSignatureOutputProcessor signatureOutputProcessor =
new WSSSignatureOutputProcessor();
- initializeOutputProcessor(outputProcessorChain,
signatureOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain,
signatureOutputProcessor, action, ++actionOrder);
} else if (WSSConstants.ENCRYPTION.equals(action)) {
configuredAction.encryptionAction = true;
-
EncryptedKeyOutputProcessor encryptedKeyOutputProcessor = null;
+ ++actionOrder;
if (securityProperties.isEncryptSymmetricEncryptionKey()) {
final BinarySecurityTokenOutputProcessor
binarySecurityTokenOutputProcessor =
new BinarySecurityTokenOutputProcessor();
- initializeOutputProcessor(outputProcessorChain,
binarySecurityTokenOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain,
binarySecurityTokenOutputProcessor, action, -1);
encryptedKeyOutputProcessor = new
EncryptedKeyOutputProcessor();
- initializeOutputProcessor(outputProcessorChain,
encryptedKeyOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain,
encryptedKeyOutputProcessor, action, actionOrder);
}
final EncryptOutputProcessor encryptOutputProcessor = new
EncryptOutputProcessor();
- initializeOutputProcessor(outputProcessorChain,
encryptOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain,
encryptOutputProcessor, action, actionOrder);
if (encryptedKeyOutputProcessor == null) {
final ReferenceListOutputProcessor
referenceListOutputProcessor = new ReferenceListOutputProcessor();
referenceListOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class);
- initializeOutputProcessor(outputProcessorChain,
referenceListOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain,
referenceListOutputProcessor, action, actionOrder);
}
} else if (WSSConstants.USERNAMETOKEN.equals(action)) {
final UsernameTokenOutputProcessor
usernameTokenOutputProcessor = new UsernameTokenOutputProcessor();
- initializeOutputProcessor(outputProcessorChain,
usernameTokenOutputProcessor, action);
-
+ initializeOutputProcessor(outputProcessorChain,
usernameTokenOutputProcessor, action, -1);
} else if (WSSConstants.USERNAMETOKEN_SIGNED.equals(action)) {
final UsernameTokenOutputProcessor
usernameTokenOutputProcessor = new UsernameTokenOutputProcessor();
- initializeOutputProcessor(outputProcessorChain,
usernameTokenOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain,
usernameTokenOutputProcessor, action, -1);
final WSSSignatureOutputProcessor signatureOutputProcessor =
new WSSSignatureOutputProcessor();
- initializeOutputProcessor(outputProcessorChain,
signatureOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain,
signatureOutputProcessor, action, ++actionOrder);
} else if (WSSConstants.SIGNATURE_CONFIRMATION.equals(action)) {
final SignatureConfirmationOutputProcessor
signatureConfirmationOutputProcessor =
new SignatureConfirmationOutputProcessor();
- initializeOutputProcessor(outputProcessorChain,
signatureConfirmationOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain,
signatureConfirmationOutputProcessor, action, -1);
} else if (WSSConstants.SIGNATURE_WITH_DERIVED_KEY.equals(action))
{
+ ++actionOrder;
if (securityProperties.getDerivedKeyTokenReference() ==
WSSConstants.DerivedKeyTokenReference.EncryptedKey) {
if (derivedSignatureButNotDerivedEncryption) {
final EncryptedKeyOutputProcessor
encryptedKeyOutputProcessor = new EncryptedKeyOutputProcessor();
- initializeOutputProcessor(outputProcessorChain,
encryptedKeyOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain,
encryptedKeyOutputProcessor, action, actionOrder);
}
configuredAction.encryptionAction = true;
configuredAction.derivedEncryption = true;
@@ -651,7 +659,7 @@ public class OutboundWSSec {
==
WSSConstants.DerivedKeyTokenReference.SecurityContextToken) {
final SecurityContextTokenOutputProcessor
securityContextTokenOutputProcessor =
new SecurityContextTokenOutputProcessor();
- initializeOutputProcessor(outputProcessorChain,
securityContextTokenOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain,
securityContextTokenOutputProcessor, action, -1);
configuredAction.signatureAction = true;
configuredAction.derivedSignature = true;
} else {
@@ -660,10 +668,10 @@ public class OutboundWSSec {
}
final DerivedKeyTokenOutputProcessor
derivedKeyTokenOutputProcessor = new DerivedKeyTokenOutputProcessor();
- initializeOutputProcessor(outputProcessorChain,
derivedKeyTokenOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain,
derivedKeyTokenOutputProcessor, action, -1);
final WSSSignatureOutputProcessor signatureOutputProcessor =
new WSSSignatureOutputProcessor();
- initializeOutputProcessor(outputProcessorChain,
signatureOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain,
signatureOutputProcessor, action, actionOrder);
} else if
(WSSConstants.ENCRYPTION_WITH_DERIVED_KEY.equals(action)) {
configuredAction.encryptionAction = true;
@@ -671,39 +679,40 @@ public class OutboundWSSec {
EncryptedKeyOutputProcessor encryptedKeyOutputProcessor = null;
+ ++actionOrder;
if (securityProperties.getDerivedKeyTokenReference() ==
WSSConstants.DerivedKeyTokenReference.EncryptedKey) {
encryptedKeyOutputProcessor = new
EncryptedKeyOutputProcessor();
- initializeOutputProcessor(outputProcessorChain,
encryptedKeyOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain,
encryptedKeyOutputProcessor, action, actionOrder);
} else if (securityProperties.getDerivedKeyTokenReference()
==
WSSConstants.DerivedKeyTokenReference.SecurityContextToken) {
final SecurityContextTokenOutputProcessor
securityContextTokenOutputProcessor =
new SecurityContextTokenOutputProcessor();
- initializeOutputProcessor(outputProcessorChain,
securityContextTokenOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain,
securityContextTokenOutputProcessor, action, actionOrder);
}
final DerivedKeyTokenOutputProcessor
derivedKeyTokenOutputProcessor = new DerivedKeyTokenOutputProcessor();
- initializeOutputProcessor(outputProcessorChain,
derivedKeyTokenOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain,
derivedKeyTokenOutputProcessor, action, actionOrder);
final EncryptOutputProcessor encryptOutputProcessor = new
EncryptOutputProcessor();
- initializeOutputProcessor(outputProcessorChain,
encryptOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain,
encryptOutputProcessor, action, actionOrder);
if (encryptedKeyOutputProcessor == null) {
final ReferenceListOutputProcessor
referenceListOutputProcessor = new ReferenceListOutputProcessor();
referenceListOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class);
- initializeOutputProcessor(outputProcessorChain,
referenceListOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain,
referenceListOutputProcessor, action, actionOrder);
}
} else if (WSSConstants.SAML_TOKEN_SIGNED.equals(action)) {
configuredAction.signatureAction = true;
configuredAction.signedSAML = true;
final BinarySecurityTokenOutputProcessor
binarySecurityTokenOutputProcessor =
new BinarySecurityTokenOutputProcessor();
- initializeOutputProcessor(outputProcessorChain,
binarySecurityTokenOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain,
binarySecurityTokenOutputProcessor, action, -1);
final SAMLTokenOutputProcessor samlTokenOutputProcessor = new
SAMLTokenOutputProcessor();
- initializeOutputProcessor(outputProcessorChain,
samlTokenOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain,
samlTokenOutputProcessor, action, -1);
final WSSSignatureOutputProcessor signatureOutputProcessor =
new WSSSignatureOutputProcessor();
- initializeOutputProcessor(outputProcessorChain,
signatureOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain,
signatureOutputProcessor, action, ++actionOrder);
if (securityProperties.getDocumentCreator() == null) {
try {
@@ -715,7 +724,7 @@ public class OutboundWSSec {
} else if (WSSConstants.SAML_TOKEN_UNSIGNED.equals(action)) {
final SAMLTokenOutputProcessor samlTokenOutputProcessor = new
SAMLTokenOutputProcessor();
- initializeOutputProcessor(outputProcessorChain,
samlTokenOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain,
samlTokenOutputProcessor, action, -1);
if (securityProperties.getDocumentCreator() == null) {
try {
@@ -729,28 +738,28 @@ public class OutboundWSSec {
configuredAction.signatureKerberos = true;
final BinarySecurityTokenOutputProcessor
kerberosTokenOutputProcessor =
new BinarySecurityTokenOutputProcessor();
- initializeOutputProcessor(outputProcessorChain,
kerberosTokenOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain,
kerberosTokenOutputProcessor, action, -1);
final WSSSignatureOutputProcessor signatureOutputProcessor =
new WSSSignatureOutputProcessor();
- initializeOutputProcessor(outputProcessorChain,
signatureOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain,
signatureOutputProcessor, action, ++actionOrder);
} else if
(WSSConstants.ENCRYPTION_WITH_KERBEROS_TOKEN.equals(action)) {
configuredAction.kerberos = true;
configuredAction.encryptionKerberos = true;
final BinarySecurityTokenOutputProcessor
kerberosTokenOutputProcessor =
new BinarySecurityTokenOutputProcessor();
- initializeOutputProcessor(outputProcessorChain,
kerberosTokenOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain,
kerberosTokenOutputProcessor, action, -1);
final EncryptOutputProcessor encryptOutputProcessor = new
EncryptOutputProcessor();
- initializeOutputProcessor(outputProcessorChain,
encryptOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain,
encryptOutputProcessor, action, ++actionOrder);
} else if (WSSConstants.KERBEROS_TOKEN.equals(action)) {
configuredAction.kerberos = true;
final BinarySecurityTokenOutputProcessor
kerberosTokenOutputProcessor =
new BinarySecurityTokenOutputProcessor();
- initializeOutputProcessor(outputProcessorChain,
kerberosTokenOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain,
kerberosTokenOutputProcessor, action, -1);
} else if (WSSConstants.CUSTOM_TOKEN.equals(action)) {
final CustomTokenOutputProcessor unknownTokenOutputProcessor =
new CustomTokenOutputProcessor();
- initializeOutputProcessor(outputProcessorChain,
unknownTokenOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain,
unknownTokenOutputProcessor, action, -1);
}
}
