cxf git commit: Fix for itest problem
Repository: cxf Updated Branches: refs/heads/master d8a6bdbd2 - 0ba19453f Fix for itest problem Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0ba19453 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0ba19453 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0ba19453 Branch: refs/heads/master Commit: 0ba19453f17be19aa2e46848b1908f776a6abb64 Parents: d8a6bdb Author: Christian Schneider ch...@die-schneider.net Authored: Wed Dec 10 12:35:51 2014 +0100 Committer: Christian Schneider ch...@die-schneider.net Committed: Wed Dec 10 12:35:51 2014 +0100 -- services/xkms/xkms-features/src/main/resources/features.xml | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/0ba19453/services/xkms/xkms-features/src/main/resources/features.xml -- diff --git a/services/xkms/xkms-features/src/main/resources/features.xml b/services/xkms/xkms-features/src/main/resources/features.xml index 6134ee6..29dd5a9 100644 --- a/services/xkms/xkms-features/src/main/resources/features.xml +++ b/services/xkms/xkms-features/src/main/resources/features.xml @@ -23,6 +23,7 @@ featurecxf-jaxws/feature featurecxf-http/feature featurecxf-ws-security/feature +featuretransaction/feature bundle start-level=40 dependency=truemvn:net.sf.ehcache/ehcache/${cxf.ehcache.version}/bundle bundlemvn:${project.groupId}/cxf-services-xkms-common/${project.version}/bundle bundlemvn:${project.groupId}/cxf-services-xkms-client/${project.version}/bundle
cxf git commit: Fixing checkstyle error
Repository: cxf Updated Branches: refs/heads/master 0ba19453f - 970feeed0 Fixing checkstyle error Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/970feeed Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/970feeed Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/970feeed Branch: refs/heads/master Commit: 970feeed0db20bfe9df5095b6b335146344c222c Parents: 0ba1945 Author: Jan Bernhardt jbernha...@talend.com Authored: Wed Dec 10 14:23:24 2014 +0100 Committer: Jan Bernhardt jbernha...@talend.com Committed: Wed Dec 10 14:24:59 2014 +0100 -- .../apache/cxf/sts/event/map/EventMapper.java | 66 ++-- 1 file changed, 33 insertions(+), 33 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/970feeed/services/sts/sts-core/src/main/java/org/apache/cxf/sts/event/map/EventMapper.java -- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/event/map/EventMapper.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/event/map/EventMapper.java index ffe23a3..0169941 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/event/map/EventMapper.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/event/map/EventMapper.java @@ -50,22 +50,22 @@ public class EventMapper implements STSEventListener { public EventMapper(MapEventListener mapEventListener) { this.mapEventListener = mapEventListener; } - + @Override public void handleSTSEvent(AbstractSTSEvent event) { MapString, Object map = new HashMapString, Object(); map.put(KEYS.TIME.name(), new Date(event.getTimestamp())); map.put(KEYS.OPERATION.name(), event.getOperation()); map.put(KEYS.DURATION.name(), String.valueOf(event.getDuration()) + ms); - + if (event instanceof AbstractSTSFailureEvent) { map.put(KEYS.STATUS.name(), FAILURE); -Exception ex = ((AbstractSTSFailureEvent) event).getException(); +Exception ex = ((AbstractSTSFailureEvent)event).getException(); map.put(KEYS.EXCEPTION.name(), ex); } else { map.put(KEYS.STATUS.name(), SUCCESS); } - + if (event instanceof TokenProviderParametersSupport) { handleEvent((TokenProviderParametersSupport)event, map); } else if (event instanceof TokenValidatorParametersSupport) { @@ -73,23 +73,23 @@ public class EventMapper implements STSEventListener { } else if (event instanceof TokenCancellerParametersSupport) { handleEvent((TokenCancellerParametersSupport)event, map); } else if (event instanceof TokenRenewerParametersSupport) { -handleEvent((TokenRenewerParametersSupport)event, map); +handleEvent((TokenRenewerParametersSupport)event, map); } else { LOG.warning(Unknown STS event: + event.getClass()); } MapEvent mapEvent = new MapEvent(org/apache/cxf/sts, map); mapEventListener.onEvent(mapEvent); } - + protected void handleEvent(TokenProviderParametersSupport event, MapString, Object map) { TokenProviderParameters params = event.getTokenParameters(); try { -HttpServletRequest req = (HttpServletRequest) params.getWebServiceContext().getMessageContext() -.get(AbstractHTTPDestination.HTTP_REQUEST); +HttpServletRequest req = (HttpServletRequest)params.getWebServiceContext().getMessageContext() +.get(AbstractHTTPDestination.HTTP_REQUEST); map.put(KEYS.REMOTE_HOST.name(), req.getRemoteHost()); map.put(KEYS.REMOTE_PORT.name(), String.valueOf(req.getRemotePort())); -map.put(KEYS.URL.name(), -(String) params.getWebServiceContext().getMessageContext().get(org.apache.cxf.request.url)); +map.put(KEYS.URL.name(), (String)params.getWebServiceContext().getMessageContext() +.get(org.apache.cxf.request.url)); } catch (Exception ex) { map.put(KEYS.REMOTE_HOST.name(), N.A.); map.put(KEYS.REMOTE_PORT.name(), N.A.); @@ -100,13 +100,13 @@ public class EventMapper implements STSEventListener { map.put(KEYS.TOKENTYPE.name(), params.getTokenRequirements().getTokenType()); if (params.getTokenRequirements().getOnBehalfOf() != null) { map.put(KEYS.ONBEHALFOF_PRINCIPAL.name(), params.getTokenRequirements().getOnBehalfOf().getPrincipal() -.getName()); +.getName()); } if (params.getTokenRequirements().getActAs() != null) {
cxf git commit: Adding http feature to enable servlet transport
Repository: cxf Updated Branches: refs/heads/master 970feeed0 - 94cfe7e48 Adding http feature to enable servlet transport Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/94cfe7e4 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/94cfe7e4 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/94cfe7e4 Branch: refs/heads/master Commit: 94cfe7e48a50104b22457aa47b39d06329d16d32 Parents: 970feee Author: Christian Schneider ch...@die-schneider.net Authored: Wed Dec 10 14:37:32 2014 +0100 Committer: Christian Schneider ch...@die-schneider.net Committed: Wed Dec 10 14:37:47 2014 +0100 -- services/xkms/xkms-features/src/main/resources/features.xml | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/94cfe7e4/services/xkms/xkms-features/src/main/resources/features.xml -- diff --git a/services/xkms/xkms-features/src/main/resources/features.xml b/services/xkms/xkms-features/src/main/resources/features.xml index 29dd5a9..5917736 100644 --- a/services/xkms/xkms-features/src/main/resources/features.xml +++ b/services/xkms/xkms-features/src/main/resources/features.xml @@ -34,6 +34,7 @@ feature name=cxf-xkms-service version=${project.version} featurecxf-jaxws/feature featurecxf-http/feature +featurehttp/feature featurewss4j/feature bundlemvn:${project.groupId}/cxf-services-xkms-common/${project.version}/bundle bundlemvn:${project.groupId}/cxf-services-xkms-x509-handlers/${project.version}/bundle
[1/3] cxf git commit: Removing CipherSuiteFilter from test files
Repository: cxf Updated Branches: refs/heads/master 94cfe7e48 - 19e912e8d http://git-wip-us.apache.org/repos/asf/cxf/blob/19e912e8/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-service.xml -- diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-service.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-service.xml index 01cda2a..bcbdffe 100644 --- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-service.xml +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-service.xml @@ -40,11 +40,6 @@ sec:keyManagers keyPassword=stskpass sec:keyStore type=jks password=stsspass resource=stsstore.jks/ /sec:keyManagers -sec:cipherSuitesFilter -sec:include.*_EXPORT_.*/sec:include -sec:include.*_EXPORT1024_.*/sec:include -sec:include.*_WITH_AES_.*/sec:include -/sec:cipherSuitesFilter sec:clientAuthentication want=true required=true/ /httpj:tlsServerParameters /httpj:engine http://git-wip-us.apache.org/repos/asf/cxf/blob/19e912e8/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/stsclient/cxf-service.xml -- diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/stsclient/cxf-service.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/stsclient/cxf-service.xml index e554111..e6997cd 100644 --- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/stsclient/cxf-service.xml +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/stsclient/cxf-service.xml @@ -34,11 +34,6 @@ sec:trustManagers sec:keyStore type=jks password=stsspass resource=stsstore.jks/ /sec:trustManagers -sec:cipherSuitesFilter -sec:include.*_EXPORT_.*/sec:include -sec:include.*_EXPORT1024_.*/sec:include -sec:include.*_WITH_AES_.*/sec:include -/sec:cipherSuitesFilter sec:clientAuthentication want=true required=true/ /httpj:tlsServerParameters /httpj:engine http://git-wip-us.apache.org/repos/asf/cxf/blob/19e912e8/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-service.xml -- diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-service.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-service.xml index 259bb19..e536204 100644 --- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-service.xml +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-service.xml @@ -54,11 +54,6 @@ sec:trustManagers sec:keyStore type=jks password=stsspass resource=stsstore.jks/ /sec:trustManagers -sec:cipherSuitesFilter -sec:include.*_EXPORT_.*/sec:include -sec:include.*_EXPORT1024_.*/sec:include -sec:include.*_WITH_AES_.*/sec:include -/sec:cipherSuitesFilter sec:clientAuthentication want=true required=true/ /httpj:tlsServerParameters /httpj:engine http://git-wip-us.apache.org/repos/asf/cxf/blob/19e912e8/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-stax-service.xml -- diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-stax-service.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-stax-service.xml index 9abc6c9..b48b8dc 100644 --- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-stax-service.xml +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-stax-service.xml @@ -57,11 +57,6 @@ sec:trustManagers sec:keyStore type=jks password=stsspass resource=stsstore.jks/ /sec:trustManagers -sec:cipherSuitesFilter -sec:include.*_EXPORT_.*/sec:include -sec:include.*_EXPORT1024_.*/sec:include -
[2/3] cxf git commit: Removing CipherSuiteFilter from test files
Removing CipherSuiteFilter from test files Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/19e912e8 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/19e912e8 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/19e912e8 Branch: refs/heads/master Commit: 19e912e8d4b6d3f3a4c2b88b1d53e691496d7dc0 Parents: e5a8058 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Wed Dec 10 13:37:53 2014 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Wed Dec 10 13:38:29 2014 + -- .../basic_https/src/main/resources/ServerConfig.xml| 9 - .../ut_policy/src/main/resources/ClientConfig.xml | 9 - .../ut_policy/src/main/resources/ClientConfigStax.xml | 9 - .../ut_policy/src/main/resources/ServiceConfig.xml | 9 - .../ut_policy/src/main/resources/ServiceConfigStax.xml | 9 - .../src/main/resources/SecureClient.xml| 9 - .../src/main/resources/ServerConfig.xml| 9 - .../http/netty/client/integration/ServerConfig.xml | 12 .../netty/server/integration/ApplicationContext.xml| 12 .../http/netty/server/integration/ServerConfig.xml | 12 .../apache/cxf/systest/sts/basic_auth/cxf-service.xml | 5 - .../cxf/systest/sts/basic_auth/stax-cxf-service.xml| 5 - .../org/apache/cxf/systest/sts/batch/cxf-sts.xml | 5 - .../org/apache/cxf/systest/sts/batch/stax-cxf-sts.xml | 5 - .../cxf/systest/sts/caching/cxf-caching-service.xml| 5 - .../org/apache/cxf/systest/sts/caching/cxf-service.xml | 5 - .../org/apache/cxf/systest/sts/claims/cxf-service.xml | 5 - .../apache/cxf/systest/sts/claims/stax-cxf-service.xml | 5 - .../cxf/systest/sts/cross_domain/cxf-service.xml | 5 - .../cxf/systest/sts/cross_domain/cxf-sts-saml1.xml | 5 - .../cxf/systest/sts/cross_domain/cxf-sts-saml2.xml | 5 - .../cxf/systest/sts/custom_onbehalfof/cxf-service.xml | 5 - .../cxf/systest/sts/custom_onbehalfof/cxf-sts.xml | 5 - .../org/apache/cxf/systest/sts/deployment/cxf-sts.xml | 5 - .../apache/cxf/systest/sts/deployment/stax-cxf-sts.xml | 5 - .../systest/sts/distributed_caching/cxf-service.xml| 5 - .../cxf/systest/sts/distributed_caching/cxf-sts-1.xml | 5 - .../cxf/systest/sts/distributed_caching/cxf-sts-2.xml | 5 - .../cxf/systest/sts/kerberos/cxf-intermediary.xml | 5 - .../apache/cxf/systest/sts/kerberos/cxf-service.xml| 5 - .../org/apache/cxf/systest/sts/realms/cxf-service.xml | 5 - .../apache/cxf/systest/sts/realms/cxf-sts-saml1.xml| 5 - .../apache/cxf/systest/sts/realms/cxf-sts-saml2.xml| 5 - .../org/apache/cxf/systest/sts/renew/cxf-service.xml | 5 - .../org/apache/cxf/systest/sts/renew/cxf-sts-pop.xml | 5 - .../org/apache/cxf/systest/sts/renew/cxf-sts.xml | 5 - .../org/apache/cxf/systest/sts/renew/stax-cxf-sts.xml | 5 - .../apache/cxf/systest/sts/secure_conv/cxf-service.xml | 5 - .../org/apache/cxf/systest/sts/secure_conv/cxf-sts.xml | 5 - .../cxf/systest/sts/secure_conv/stax-cxf-sts.xml | 5 - .../org/apache/cxf/systest/sts/soap12/cxf-service.xml | 5 - .../apache/cxf/systest/sts/soap12/stax-cxf-service.xml | 5 - .../cxf/systest/sts/transformation/cxf-service.xml | 5 - .../cxf/systest/sts/usernametoken/cxf-service.xml | 5 - .../cxf/systest/sts/usernametoken/stax-cxf-service.xml | 5 - .../org/apache/cxf/systest/sts/bearer/cxf-service.xml | 5 - .../apache/cxf/systest/sts/bearer/cxf-stax-service.xml | 5 - .../cxf/systest/sts/delegation/cxf-sts-transport.xml | 5 - .../cxf/systest/sts/deployment/cxf-transport.xml | 5 - .../cxf/systest/sts/deployment/stax-cxf-transport.xml | 5 - .../cxf-intermediary-caching.xml | 5 - .../intermediary_transformation/cxf-intermediary.xml | 5 - .../sts/intermediary_transformation/cxf-service.xml| 5 - .../org/apache/cxf/systest/sts/issuer/cxf-service.xml | 5 - .../cxf/systest/sts/issuer/cxf-sts-transport.xml | 5 - .../org/apache/cxf/systest/sts/jaas/cxf-service.xml| 5 - .../cxf/systest/sts/sendervouches/cxf-intermediary.xml | 5 - .../cxf/systest/sts/sendervouches/cxf-service.xml | 5 - .../sts/sendervouches/cxf-stax-intermediary.xml| 5 - .../cxf/systest/sts/sendervouches/cxf-stax-service.xml | 5 - .../apache/cxf/systest/sts/stsclient/cxf-service.xml | 5 - .../apache/cxf/systest/sts/transport/cxf-service.xml | 5 - .../cxf/systest/sts/transport/cxf-stax-service.xml | 5 - .../cxf/systest/jaxrs/security/jaxrs-https-server.xml | 5 -
[3/3] cxf git commit: Also exclude export ciphers by default
Also exclude export ciphers by default Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e5a80585 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e5a80585 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e5a80585 Branch: refs/heads/master Commit: e5a805853864e291626bdb913448fc4e2409cca0 Parents: 94cfe7e Author: Colm O hEigeartaigh cohei...@apache.org Authored: Wed Dec 10 11:37:02 2014 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Wed Dec 10 13:38:29 2014 + -- .../main/java/org/apache/cxf/configuration/jsse/SSLUtils.java | 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/e5a80585/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java -- diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java index dff171d..534c256 100644 --- a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java +++ b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java @@ -68,14 +68,15 @@ public final class SSLUtils { private static final boolean DEFAULT_REQUIRE_CLIENT_AUTHENTICATION = false; private static final boolean DEFAULT_WANT_CLIENT_AUTHENTICATION = true; -/** - * By default, only include export-compatible ciphersuites. - */ private static final ListString DEFAULT_CIPHERSUITE_FILTERS_INCLUDE = Arrays.asList(new String[] {.*}); +/** + * By default, exclude NULL, anon, EXPORT, DES ciphersuites + */ private static final ListString DEFAULT_CIPHERSUITE_FILTERS_EXCLUDE = Arrays.asList(new String[] {.*_NULL_.*, .*_anon_.*, +.*_EXPORT_.*, .*_DES_.*}); private static volatile KeyManager[] defaultManagers;
[1/2] cxf git commit: Fix tests by adding http feature
Repository: cxf Updated Branches: refs/heads/master 19e912e8d - 4fb4de764 Fix tests by adding http feature Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/13b9b012 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/13b9b012 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/13b9b012 Branch: refs/heads/master Commit: 13b9b012a31fdf1a7e35757a336fecc3c688848e Parents: 94cfe7e Author: Christian Schneider ch...@die-schneider.net Authored: Wed Dec 10 15:46:52 2014 +0100 Committer: Christian Schneider ch...@die-schneider.net Committed: Wed Dec 10 15:46:52 2014 +0100 -- .../java/org/apache/cxf/osgi/itests/jaxrs/JaxRsServiceTest.java | 2 +- .../java/org/apache/cxf/osgi/itests/soap/HttpServiceTest.java | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/13b9b012/osgi/itests/src/test/java/org/apache/cxf/osgi/itests/jaxrs/JaxRsServiceTest.java -- diff --git a/osgi/itests/src/test/java/org/apache/cxf/osgi/itests/jaxrs/JaxRsServiceTest.java b/osgi/itests/src/test/java/org/apache/cxf/osgi/itests/jaxrs/JaxRsServiceTest.java index 2b08262..67ae39c 100644 --- a/osgi/itests/src/test/java/org/apache/cxf/osgi/itests/jaxrs/JaxRsServiceTest.java +++ b/osgi/itests/src/test/java/org/apache/cxf/osgi/itests/jaxrs/JaxRsServiceTest.java @@ -95,7 +95,7 @@ public class JaxRsServiceTest extends CXFOSGiTestSupport { return new Option[] { cxfBaseConfig(), testUtils(), -features(cxfUrl, cxf-core, cxf-jaxrs), +features(cxfUrl, cxf-core, cxf-jaxrs, http), logLevel(LogLevel.INFO), provision(serviceBundle()) }; http://git-wip-us.apache.org/repos/asf/cxf/blob/13b9b012/osgi/itests/src/test/java/org/apache/cxf/osgi/itests/soap/HttpServiceTest.java -- diff --git a/osgi/itests/src/test/java/org/apache/cxf/osgi/itests/soap/HttpServiceTest.java b/osgi/itests/src/test/java/org/apache/cxf/osgi/itests/soap/HttpServiceTest.java index 34279e3..3aa9c1a 100644 --- a/osgi/itests/src/test/java/org/apache/cxf/osgi/itests/soap/HttpServiceTest.java +++ b/osgi/itests/src/test/java/org/apache/cxf/osgi/itests/soap/HttpServiceTest.java @@ -68,10 +68,9 @@ public class HttpServiceTest extends CXFOSGiTestSupport { public Option[] config() { return new Option[] { cxfBaseConfig(), -features(cxfUrl, cxf-core, cxf-jaxws), +features(cxfUrl, cxf-jaxws, cxf-http-jetty, http), testUtils(), logLevel(LogLevel.INFO), -features(cxfUrl, cxf-http, cxf-http-jetty), provision(serviceBundle()) }; }
[1/5] cxf git commit: Backmerging cipher suite change
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 877c386dc - dc8a99dd8 Backmerging cipher suite change Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0fafa8c7 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0fafa8c7 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0fafa8c7 Branch: refs/heads/3.0.x-fixes Commit: 0fafa8c78969bb4b0f34a39e002fcb8975879db3 Parents: 877c386 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Wed Dec 10 15:00:12 2014 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Wed Dec 10 15:00:12 2014 + -- .../java/org/apache/cxf/configuration/jsse/SSLUtils.java | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/0fafa8c7/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java -- diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java index 396d53c..534c256 100644 --- a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java +++ b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java @@ -68,14 +68,16 @@ public final class SSLUtils { private static final boolean DEFAULT_REQUIRE_CLIENT_AUTHENTICATION = false; private static final boolean DEFAULT_WANT_CLIENT_AUTHENTICATION = true; -/** - * By default, only include export-compatible ciphersuites. - */ private static final ListString DEFAULT_CIPHERSUITE_FILTERS_INCLUDE = Arrays.asList(new String[] {.*}); +/** + * By default, exclude NULL, anon, EXPORT, DES ciphersuites + */ private static final ListString DEFAULT_CIPHERSUITE_FILTERS_EXCLUDE = Arrays.asList(new String[] {.*_NULL_.*, -.*_anon_.*}); +.*_anon_.*, +.*_EXPORT_.*, +.*_DES_.*}); private static volatile KeyManager[] defaultManagers;
[4/5] cxf git commit: Removing CipherSuiteFilters from test files
Removing CipherSuiteFilters from test files Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/cdd16477 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/cdd16477 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/cdd16477 Branch: refs/heads/3.0.x-fixes Commit: cdd16477de83c763681c1adc6f4d4ed552f9ad70 Parents: 838631c Author: Colm O hEigeartaigh cohei...@apache.org Authored: Wed Dec 10 16:07:21 2014 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Wed Dec 10 16:07:21 2014 + -- .../basic_https/src/main/resources/ServerConfig.xml | 10 -- .../ut_policy/src/main/resources/ClientConfig.xml | 10 -- .../ut_policy/src/main/resources/ClientConfigStax.xml | 10 -- .../ut_policy/src/main/resources/ServiceConfig.xml| 10 -- .../src/main/resources/ServiceConfigStax.xml | 10 -- .../src/main/resources/SecureClient.xml | 10 -- .../src/main/resources/ServerConfig.xml | 10 -- .../http/netty/client/integration/ServerConfig.xml| 12 .../netty/server/integration/ApplicationContext.xml | 12 .../http/netty/server/integration/ServerConfig.xml| 12 .../apache/cxf/systest/sts/basic_auth/cxf-service.xml | 6 -- .../cxf/systest/sts/basic_auth/stax-cxf-service.xml | 6 -- .../org/apache/cxf/systest/sts/batch/cxf-sts.xml | 6 -- .../org/apache/cxf/systest/sts/batch/stax-cxf-sts.xml | 6 -- .../cxf/systest/sts/caching/cxf-caching-service.xml | 6 -- .../apache/cxf/systest/sts/caching/cxf-service.xml| 6 -- .../org/apache/cxf/systest/sts/claims/cxf-service.xml | 6 -- .../cxf/systest/sts/claims/stax-cxf-service.xml | 6 -- .../cxf/systest/sts/cross_domain/cxf-service.xml | 6 -- .../cxf/systest/sts/cross_domain/cxf-sts-saml1.xml| 6 -- .../cxf/systest/sts/cross_domain/cxf-sts-saml2.xml| 6 -- .../cxf/systest/sts/custom_onbehalfof/cxf-service.xml | 6 -- .../cxf/systest/sts/custom_onbehalfof/cxf-sts.xml | 6 -- .../org/apache/cxf/systest/sts/deployment/cxf-sts.xml | 6 -- .../cxf/systest/sts/deployment/stax-cxf-sts.xml | 6 -- .../systest/sts/distributed_caching/cxf-service.xml | 6 -- .../cxf/systest/sts/distributed_caching/cxf-sts-1.xml | 6 -- .../cxf/systest/sts/distributed_caching/cxf-sts-2.xml | 6 -- .../cxf/systest/sts/kerberos/cxf-intermediary.xml | 6 -- .../apache/cxf/systest/sts/kerberos/cxf-service.xml | 6 -- .../org/apache/cxf/systest/sts/realms/cxf-service.xml | 6 -- .../apache/cxf/systest/sts/realms/cxf-sts-saml1.xml | 6 -- .../apache/cxf/systest/sts/realms/cxf-sts-saml2.xml | 6 -- .../org/apache/cxf/systest/sts/renew/cxf-service.xml | 6 -- .../org/apache/cxf/systest/sts/renew/cxf-sts-pop.xml | 6 -- .../org/apache/cxf/systest/sts/renew/cxf-sts.xml | 6 -- .../org/apache/cxf/systest/sts/renew/stax-cxf-sts.xml | 6 -- .../cxf/systest/sts/secure_conv/cxf-service.xml | 6 -- .../apache/cxf/systest/sts/secure_conv/cxf-sts.xml| 6 -- .../cxf/systest/sts/secure_conv/stax-cxf-sts.xml | 6 -- .../org/apache/cxf/systest/sts/soap12/cxf-service.xml | 6 -- .../cxf/systest/sts/soap12/stax-cxf-service.xml | 6 -- .../cxf/systest/sts/transformation/cxf-service.xml| 6 -- .../cxf/systest/sts/usernametoken/cxf-service.xml | 6 -- .../systest/sts/usernametoken/stax-cxf-service.xml| 6 -- .../org/apache/cxf/systest/sts/bearer/cxf-service.xml | 6 -- .../cxf/systest/sts/bearer/cxf-stax-service.xml | 6 -- .../cxf/systest/sts/delegation/cxf-sts-transport.xml | 6 -- .../cxf/systest/sts/deployment/cxf-transport.xml | 6 -- .../cxf/systest/sts/deployment/stax-cxf-transport.xml | 6 -- .../cxf-intermediary-caching.xml | 6 -- .../intermediary_transformation/cxf-intermediary.xml | 6 -- .../sts/intermediary_transformation/cxf-service.xml | 6 -- .../org/apache/cxf/systest/sts/issuer/cxf-service.xml | 6 -- .../cxf/systest/sts/issuer/cxf-sts-transport.xml | 6 -- .../org/apache/cxf/systest/sts/jaas/cxf-service.xml | 6 -- .../systest/sts/sendervouches/cxf-intermediary.xml| 6 -- .../cxf/systest/sts/sendervouches/cxf-service.xml | 6 -- .../sts/sendervouches/cxf-stax-intermediary.xml | 6 -- .../systest/sts/sendervouches/cxf-stax-service.xml| 6 -- .../apache/cxf/systest/sts/stsclient/cxf-service.xml | 6 -- .../apache/cxf/systest/sts/transport/cxf-service.xml | 6 -- .../cxf/systest/sts/transport/cxf-stax-service.xml| 6 -- .../cxf/systest/jaxrs/security/jaxrs-https-server.xml | 6 --
[5/5] cxf git commit: Recording .gitmergeinfo Changes
Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/dc8a99dd Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/dc8a99dd Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/dc8a99dd Branch: refs/heads/3.0.x-fixes Commit: dc8a99dd891b8411f817f38ed9fba997b5cb7cae Parents: cdd1647 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Wed Dec 10 16:21:41 2014 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Wed Dec 10 16:21:41 2014 + -- .gitmergeinfo | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/dc8a99dd/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index 6fd2524..d426591 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -133,6 +133,7 @@ M 0d63846798b590255c45463359e2cb1a28e4d3cb M 10b043faa0652a6a06f5f020173162edef7fb0ca M 1701e6c8d4e794f25d69781e3f69357723ad7fcf M 18a3d43cb0044fcb84d3cc89f138fd9e7110dd04 +M 19e912e8d4b6d3f3a4c2b88b1d53e691496d7dc0 M 1baae69592a128462ef252916bccfb67cd81095b M 2b4fe9966c46457177f6412525c57c64d07dbe69 M 2d3ac551c8614516cbbf288195d2a99cadb79659
[2/5] cxf git commit: Recording .gitmergeinfo Changes
Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/838631c9 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/838631c9 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/838631c9 Branch: refs/heads/3.0.x-fixes Commit: 838631c9d0eeda1fd55e1acee9b201783f91cf43 Parents: 0fafa8c Author: Colm O hEigeartaigh cohei...@apache.org Authored: Wed Dec 10 15:00:43 2014 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Wed Dec 10 15:00:43 2014 + -- .gitmergeinfo | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/838631c9/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index f08dac1..6fd2524 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -169,6 +169,7 @@ M c34bf7ad6bc55b6584dfd009f49a3f4eb8ececc9 M c55664128b1223667dedacc2011ccd5945d9c8b9 M d2dec5b87788b8cb5059d3719cf3dfd7135a1280 M e2ad037fbc74f42655ac968415fcb4bded87bb38 +M e5a805853864e291626bdb913448fc4e2409cca0 M eb3dd938052b3e853b0cf85dacf31ef7f802af38 M efaf05170b4f76ad61ff423e30ece58bdd226ae5 M f02b02934bf78504ffc462c364dc43e386e727b2
[3/5] cxf git commit: Removing CipherSuiteFilters from test files
http://git-wip-us.apache.org/repos/asf/cxf/blob/cdd16477/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml -- diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml index 91d76bb..4eb5e4d 100644 --- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml @@ -38,12 +38,6 @@ sec:keyManagers keyPassword=skpass sec:keyStore type=jks password=sspass resource=servicestore.jks/ /sec:keyManagers -sec:cipherSuitesFilter -sec:include.*_EXPORT_.*/sec:include -sec:include.*_EXPORT1024_.*/sec:include -sec:include.*_WITH_DES_.*/sec:include -sec:include.*_WITH_AES_.*/sec:include -/sec:cipherSuitesFilter sec:clientAuthentication want=false required=false/ /httpj:tlsServerParameters /httpj:engine http://git-wip-us.apache.org/repos/asf/cxf/blob/cdd16477/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-service.xml -- diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-service.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-service.xml index 803967e..5fd50df 100644 --- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-service.xml +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-service.xml @@ -39,12 +39,6 @@ sec:keyManagers keyPassword=stskpass sec:keyStore type=jks password=stsspass resource=stsstore.jks/ /sec:keyManagers -sec:cipherSuitesFilter -sec:include.*_EXPORT_.*/sec:include -sec:include.*_EXPORT1024_.*/sec:include -sec:include.*_WITH_DES_.*/sec:include -sec:include.*_WITH_AES_.*/sec:include -/sec:cipherSuitesFilter sec:clientAuthentication want=true required=true/ /httpj:tlsServerParameters /httpj:engine http://git-wip-us.apache.org/repos/asf/cxf/blob/cdd16477/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-intermediary.xml -- diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-intermediary.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-intermediary.xml index b368c67..34539c5 100644 --- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-intermediary.xml +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-intermediary.xml @@ -39,12 +39,6 @@ sec:keyManagers keyPassword=skpass sec:keyStore type=jks password=sspass resource=servicestore.jks/ /sec:keyManagers -sec:cipherSuitesFilter -sec:include.*_EXPORT_.*/sec:include -sec:include.*_EXPORT1024_.*/sec:include -sec:include.*_WITH_DES_.*/sec:include -sec:include.*_WITH_AES_.*/sec:include -/sec:cipherSuitesFilter sec:clientAuthentication want=false required=false/ /httpj:tlsServerParameters /httpj:engine http://git-wip-us.apache.org/repos/asf/cxf/blob/cdd16477/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-service.xml -- diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-service.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-service.xml index 90c8b4a..bcbdffe 100644 --- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-service.xml +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-service.xml @@ -40,12 +40,6 @@ sec:keyManagers keyPassword=stskpass sec:keyStore type=jks password=stsspass
cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/2.7.x-fixes 68e974b9b - 17cf86ac6 Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/17cf86ac Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/17cf86ac Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/17cf86ac Branch: refs/heads/2.7.x-fixes Commit: 17cf86ac6a422773defbd968aaea24ffb85f1f9d Parents: 68e974b Author: Colm O hEigeartaigh cohei...@apache.org Authored: Wed Dec 10 16:27:45 2014 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Wed Dec 10 16:27:45 2014 + -- .gitmergeinfo | 4 1 file changed, 4 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/17cf86ac/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index f877a73..faec64a 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -103,6 +103,7 @@ B 0f3d4a6f0b6469e89fa1a3338c40ce54c47fbc2e B 0f65c53f8e82600b64ebd83afaf00637a70fc8eb B 0f941edd39a0f5e31298ba4757019fabd3044809 B 0fa7477274ea6c430f764d5c6a013bb09cae9409 +B 0fafa8c78969bb4b0f34a39e002fcb8975879db3 B 0fcacad057b33107b82ac05db59b1a1ebc69a963 B 0fcb49380d93b974e918e32051b5438cdc5e179c B 0fd41e29ea4a79d7dd44569db6c804c5b257085b @@ -863,6 +864,7 @@ B 8313a8531569559a3edc53344197d0136a35c9c2 B 8364fbf7208e7df11db6be71ffed9de70c09d0de B 836b08e6ca23b7f627b2a6c8e5b9340a9687bdd7 B 83841421a6e896da60acba0cd52235a87decd7f5 +B 838631c9d0eeda1fd55e1acee9b201783f91cf43 B 8394d3a8a3056156074165005c8479b5cccf1c84 B 83cfa2f1f181084a6aa3885a7b390cbe78ceeb1f B 83dde303106ea0f292723450588d4266b56e372e @@ -1315,6 +1317,7 @@ B cd3c7cd9e1deac5dfe8c7e01cfaded27b36734e4 B cd409578835e14f99fbea4d137f84262acce693f B cda59ba670339fe9a404b9e9f29ed891529ba187 B cdb21645e189c3b31f7a407e0d37db6464df4a91 +B cdd16477de83c763681c1adc6f4d4ed552f9ad70 B cde7fd3075e66a693fdcc0f75efd0e81ec0c23ea B ce7692af60cf4e270c62d9bdda935adf547add73 B ce8b13fa4ed9784bb9fff443e182edf166b466d1 @@ -1406,6 +1409,7 @@ B dc1a1c0b7cca193c0278b70c567d73d3e4056807 B dc4f09b76afa9c5ac2d06d113fb0811f9e4c3594 B dc5bde7d96f8db6008a09d6d49f749da338b88e9 B dc7873b1c7fda96eead98bcef04864935f39f550 +B dc8a99dd891b8411f817f38ed9fba997b5cb7cae B dc9ae1559e892067c06daf00772e458b6428b1f5 B dd2f603ae47ac06bcc6ff413bcb1880ab3144fe4 B dd31efec968b7e0fc084065c058fdb1f6e66af72
svn commit: r932211 - in /websites/production/cxf/content: cache/docs.pageCache docs/tls-configuration.html
Author: buildbot Date: Wed Dec 10 16:46:51 2014 New Revision: 932211 Log: Production update by buildbot for cxf Modified: websites/production/cxf/content/cache/docs.pageCache websites/production/cxf/content/docs/tls-configuration.html Modified: websites/production/cxf/content/cache/docs.pageCache == Binary files - no diff available. Modified: websites/production/cxf/content/docs/tls-configuration.html == --- websites/production/cxf/content/docs/tls-configuration.html (original) +++ websites/production/cxf/content/docs/tls-configuration.html Wed Dec 10 16:46:51 2014 @@ -117,11 +117,11 @@ Apache CXF -- TLS Configuration !-- Content -- div class=wiki-content div id=ConfluenceContentpstyle type=text/css/*![CDATA[*/ -div.rbtoc1418147187626 {padding: 0px;} -div.rbtoc1418147187626 ul {list-style: disc;margin-left: 0px;} -div.rbtoc1418147187626 li {margin-left: 0px;padding-left: 0px;} +div.rbtoc1418229989438 {padding: 0px;} +div.rbtoc1418229989438 ul {list-style: disc;margin-left: 0px;} +div.rbtoc1418229989438 li {margin-left: 0px;padding-left: 0px;} -/*]]*//style/pdiv class=toc-macro rbtoc1418147187626 +/*]]*//style/pdiv class=toc-macro rbtoc1418229989438 ul class=toc-indentationlia shape=rect href=#TLSConfiguration-TLSParameterscommontobothClientsandServersTLS Parameters common to both Clients and Servers/a ul class=toc-indentationlia shape=rect href=#TLSConfiguration-KeyManagersKey Managers/a/lilia shape=rect href=#TLSConfiguration-TrustManagersTrust Managers/a/lilia shape=rect href=#TLSConfiguration-CipherSuitesFilterCipherSuites Filter/a/lilia shape=rect href=#TLSConfiguration-CertConstraintsCert Constraints/a/li/ul /lilia shape=rect href=#TLSConfiguration-ClientTLSParametersClient TLS Parameters/a @@ -147,7 +147,7 @@ div.rbtoc1418147187626 li {margin-left: ... lt;/httpj:tlsServerParametersgt; ]]/script -/div/divh2 id=TLSConfiguration-CipherSuitesFilterCipherSuites Filter/h2pThe CipherSuites Filter is used to either include or exclude particular CipherSuites. If no exclusion filter is specified, the default is to exclude all NULL and anon filters. CXF 3.1 will also exclude all DES filters./pdiv class=code panel pdl style=border-width: 1px;div class=codeHeader panelHeader pdl style=border-bottom-width: 1px;bCipherSuites Filter sample/b/divdiv class=codeContent panelContent pdl +/div/divh2 id=TLSConfiguration-CipherSuitesFilterCipherSuites Filter/h2pThe CipherSuites Filter is used to either include or exclude particular CipherSuites. If no exclusion filter is specified, the default is to exclude all NULL and anon filters. CXF 3.0.3 onwards excludes all DES filters as well, and 3.0.4 onwards additionally excludes all EXPORT filters./pdiv class=code panel pdl style=border-width: 1px;div class=codeHeader panelHeader pdl style=border-bottom-width: 1px;bCipherSuites Filter sample/b/divdiv class=codeContent panelContent pdl script class=theme: Default; brush: xml; gutter: false type=syntaxhighlighter![CDATA[lt;httpj:tlsServerParametersgt; ... lt;sec:cipherSuitesFiltergt;
cxf git commit: Adding JWT token related utility code
Repository: cxf Updated Branches: refs/heads/master 4fb4de764 - 2ef6f5840 Adding JWT token related utility code Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2ef6f584 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2ef6f584 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2ef6f584 Branch: refs/heads/master Commit: 2ef6f584022b7672df00a883525dc58807ffe7d7 Parents: 4fb4de7 Author: Sergey Beryozkin sberyoz...@talend.com Authored: Wed Dec 10 17:04:30 2014 + Committer: Sergey Beryozkin sberyoz...@talend.com Committed: Wed Dec 10 17:04:30 2014 + -- .../cxf/rs/security/jose/JoseConstants.java | 2 + .../apache/cxf/rs/security/jose/JoseUtils.java | 31 .../jose/jaxrs/AbstractJwsWriterProvider.java | 11 ++- .../jose/jaxrs/JwsContainerRequestFilter.java | 18 + .../jaxrs/JwtAuthenticationClientFilter.java| 75 .../jose/jaxrs/JwtAuthenticationFilter.java | 70 ++ .../cxf/rs/security/jose/jaxrs/Priorities.java | 15 ++-- .../jose/jws/NoneJwsSignatureProvider.java | 55 ++ .../jose/jwt/AbstractJoseJwtConsumer.java | 73 +++ .../jose/jwt/AbstractJoseJwtProducer.java | 58 +++ .../jwt/AbstactJwtAccessTokenValidator.java | 63 .../oauth2/tokens/jwt/JwtAccessTokenUtils.java | 38 +- .../oidc/rp/AbstractTokenValidator.java | 64 + 13 files changed, 478 insertions(+), 95 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/2ef6f584/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseConstants.java -- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseConstants.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseConstants.java index 6d95234..b268129 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseConstants.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseConstants.java @@ -76,6 +76,8 @@ public final class JoseConstants { public static final String A192GCM_ALGO = A192GCM; public static final String A256GCM_ALGO = A256GCM; +public static final String JOSE_CONTEXT_PROPERTY = org.apache.cxf.jose.context; + private JoseConstants() { } http://git-wip-us.apache.org/repos/asf/cxf/blob/2ef6f584/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java -- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java index 23f9936..122c3eb 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java @@ -24,12 +24,43 @@ import java.util.List; import java.util.Set; import org.apache.cxf.common.util.crypto.CryptoUtils; +import org.apache.cxf.jaxrs.utils.JAXRSUtils; public final class JoseUtils { + private JoseUtils() { } +public static void setJoseContextProperty(JoseHeaders headers) { +String context = (String)JAXRSUtils.getCurrentMessage().get(JoseConstants.JOSE_CONTEXT_PROPERTY); +if (context != null) { +headers.setHeader(JoseConstants.JOSE_CONTEXT_PROPERTY, context); +} +} +public static void setJoseMessageContextProperty(JoseHeaders headers, String value) { +headers.setHeader(JoseConstants.JOSE_CONTEXT_PROPERTY, value); + JAXRSUtils.getCurrentMessage().put(JoseConstants.JOSE_CONTEXT_PROPERTY, value); +} +public static void setMessageContextProperty(JoseHeaders headers) { +String context = (String)headers.getHeader(JoseConstants.JOSE_CONTEXT_PROPERTY); +if (context != null) { + JAXRSUtils.getCurrentMessage().put(JoseConstants.JOSE_CONTEXT_PROPERTY, context); +} +} +public static void validateRequestContextProperty(JoseHeaders headers) { +Object requestContext = JAXRSUtils.getCurrentMessage().get(JoseConstants.JOSE_CONTEXT_PROPERTY); +Object headerContext = headers.getHeader(JoseConstants.JOSE_CONTEXT_PROPERTY); +if (requestContext == null headerContext == null) { +return; +} +if (requestContext == null headerContext != null +|| requestContext != null headerContext == null +|| !requestContext.equals(headerContext)) { +throw new SecurityException(); +} +} +
cxf git commit: Adding JWT token related utility code
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes dc8a99dd8 - b14d56de7 Adding JWT token related utility code Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b14d56de Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b14d56de Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b14d56de Branch: refs/heads/3.0.x-fixes Commit: b14d56de7b5f70421531173f8f41ec89a9730c92 Parents: dc8a99d Author: Sergey Beryozkin sberyoz...@talend.com Authored: Wed Dec 10 17:04:30 2014 + Committer: Sergey Beryozkin sberyoz...@talend.com Committed: Wed Dec 10 17:06:17 2014 + -- .../cxf/rs/security/jose/JoseConstants.java | 2 + .../apache/cxf/rs/security/jose/JoseUtils.java | 31 .../jose/jaxrs/AbstractJwsWriterProvider.java | 11 ++- .../jose/jaxrs/JwsContainerRequestFilter.java | 18 + .../jaxrs/JwtAuthenticationClientFilter.java| 75 .../jose/jaxrs/JwtAuthenticationFilter.java | 70 ++ .../cxf/rs/security/jose/jaxrs/Priorities.java | 15 ++-- .../jose/jws/NoneJwsSignatureProvider.java | 55 ++ .../jose/jwt/AbstractJoseJwtConsumer.java | 73 +++ .../jose/jwt/AbstractJoseJwtProducer.java | 58 +++ .../jwt/AbstactJwtAccessTokenValidator.java | 63 .../oauth2/tokens/jwt/JwtAccessTokenUtils.java | 38 +- .../oidc/rp/AbstractTokenValidator.java | 64 + 13 files changed, 478 insertions(+), 95 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/b14d56de/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseConstants.java -- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseConstants.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseConstants.java index 6d95234..b268129 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseConstants.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseConstants.java @@ -76,6 +76,8 @@ public final class JoseConstants { public static final String A192GCM_ALGO = A192GCM; public static final String A256GCM_ALGO = A256GCM; +public static final String JOSE_CONTEXT_PROPERTY = org.apache.cxf.jose.context; + private JoseConstants() { } http://git-wip-us.apache.org/repos/asf/cxf/blob/b14d56de/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java -- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java index 23f9936..122c3eb 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java @@ -24,12 +24,43 @@ import java.util.List; import java.util.Set; import org.apache.cxf.common.util.crypto.CryptoUtils; +import org.apache.cxf.jaxrs.utils.JAXRSUtils; public final class JoseUtils { + private JoseUtils() { } +public static void setJoseContextProperty(JoseHeaders headers) { +String context = (String)JAXRSUtils.getCurrentMessage().get(JoseConstants.JOSE_CONTEXT_PROPERTY); +if (context != null) { +headers.setHeader(JoseConstants.JOSE_CONTEXT_PROPERTY, context); +} +} +public static void setJoseMessageContextProperty(JoseHeaders headers, String value) { +headers.setHeader(JoseConstants.JOSE_CONTEXT_PROPERTY, value); + JAXRSUtils.getCurrentMessage().put(JoseConstants.JOSE_CONTEXT_PROPERTY, value); +} +public static void setMessageContextProperty(JoseHeaders headers) { +String context = (String)headers.getHeader(JoseConstants.JOSE_CONTEXT_PROPERTY); +if (context != null) { + JAXRSUtils.getCurrentMessage().put(JoseConstants.JOSE_CONTEXT_PROPERTY, context); +} +} +public static void validateRequestContextProperty(JoseHeaders headers) { +Object requestContext = JAXRSUtils.getCurrentMessage().get(JoseConstants.JOSE_CONTEXT_PROPERTY); +Object headerContext = headers.getHeader(JoseConstants.JOSE_CONTEXT_PROPERTY); +if (requestContext == null headerContext == null) { +return; +} +if (requestContext == null headerContext != null +|| requestContext != null headerContext == null +|| !requestContext.equals(headerContext)) { +throw new SecurityException(); +} +} +
cxf git commit: [CXF-6142] Updating AcceptTokenValidator interface
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes b14d56de7 - ea30a2c24 [CXF-6142] Updating AcceptTokenValidator interface Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ea30a2c2 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ea30a2c2 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ea30a2c2 Branch: refs/heads/3.0.x-fixes Commit: ea30a2c24b15d8e3a4d2c11187037b5619f638d3 Parents: b14d56d Author: Sergey Beryozkin sberyoz...@talend.com Authored: Tue Dec 9 11:21:21 2014 + Committer: Sergey Beryozkin sberyoz...@talend.com Committed: Wed Dec 10 17:12:11 2014 + -- .../oauth2/filters/AccessTokenValidatorClient.java | 16 +++- .../security/oauth2/filters/OAuthRequestFilter.java | 2 +- .../oauth2/provider/AccessTokenValidator.java | 5 - .../services/AbstractAccessTokenValidator.java | 7 +-- .../services/AccessTokenValidatorService.java | 2 +- .../hawk/AbstractHawkAccessTokenValidator.java | 15 ++- .../tokens/hawk/HawkAccessTokenValidator.java | 8 ++-- .../tokens/hawk/HawkAccessTokenValidatorClient.java | 11 +++ .../tokens/hawk/HawkAccessTokenValidatorTest.java | 3 ++- 9 files changed, 47 insertions(+), 22 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/ea30a2c2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java index 7f76407..984995b 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java @@ -21,10 +21,11 @@ package org.apache.cxf.rs.security.oauth2.filters; import java.util.Collections; import java.util.List; -import javax.ws.rs.core.Form; +import javax.ws.rs.core.MultivaluedMap; import org.apache.cxf.jaxrs.client.WebClient; import org.apache.cxf.jaxrs.ext.MessageContext; +import org.apache.cxf.jaxrs.impl.MetadataMap; import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation; import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator; import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; @@ -40,12 +41,17 @@ public class AccessTokenValidatorClient implements AccessTokenValidator { public AccessTokenValidation validateAccessToken(MessageContext mc, String authScheme, - String authSchemeData) + String authSchemeData, + MultivaluedMapString, String extraProps) throws OAuthServiceException { WebClient client = WebClient.fromClient(tokenValidatorClient, true); -Form form = new Form().param(OAuthConstants.AUTHORIZATION_SCHEME_TYPE, authScheme) - .param(OAuthConstants.AUTHORIZATION_SCHEME_DATA, authSchemeData); -return client.post(form, AccessTokenValidation.class); +MultivaluedMapString, String props = new MetadataMapString, String(); +props.putSingle(OAuthConstants.AUTHORIZATION_SCHEME_TYPE, authScheme); +props.putSingle(OAuthConstants.AUTHORIZATION_SCHEME_DATA, authSchemeData); +if (extraProps != null) { +props.putAll(extraProps); +} +return client.post(props, AccessTokenValidation.class); } public void setTokenValidatorClient(WebClient tokenValidatorClient) { http://git-wip-us.apache.org/repos/asf/cxf/blob/ea30a2c2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java index e8c052c..a41292a 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java @@ -85,7 +85,7 @@ public class OAuthRequestFilter
cxf git commit: Few more updates to the Hawk validators
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes ea30a2c24 - 75d408048 Few more updates to the Hawk validators Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/75d40804 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/75d40804 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/75d40804 Branch: refs/heads/3.0.x-fixes Commit: 75d40804807fe10c79b78d71be0c885aec490429 Parents: ea30a2c Author: Sergey Beryozkin sberyoz...@talend.com Authored: Tue Dec 9 13:05:28 2014 + Committer: Sergey Beryozkin sberyoz...@talend.com Committed: Wed Dec 10 17:13:05 2014 + -- .../hawk/AbstractHawkAccessTokenValidator.java | 30 +--- .../tokens/hawk/HawkAccessTokenValidator.java | 8 ++ .../hawk/HawkAccessTokenValidatorClient.java| 20 + 3 files changed, 48 insertions(+), 10 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/75d40804/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java index 82f655e..9a2e25d 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java @@ -18,6 +18,7 @@ */ package org.apache.cxf.rs.security.oauth2.tokens.hawk; +import java.net.URI; import java.util.Arrays; import java.util.Collections; import java.util.HashMap; @@ -38,7 +39,10 @@ import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils; import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; public abstract class AbstractHawkAccessTokenValidator implements AccessTokenValidator { +protected static final String HTTP_VERB = http.verb; +protected static final String HTTP_URI = http.uri; private NonceVerifier nonceVerifier; +private boolean remoteSignatureValidation; public ListString getSupportedAuthorizationSchemes() { return Collections.singletonList(OAuthConstants.HAWK_AUTHORIZATION_SCHEME); } @@ -50,12 +54,22 @@ public abstract class AbstractHawkAccessTokenValidator implements AccessTokenVal MapString, String schemeParams = getSchemeParameters(authSchemeData); AccessTokenValidation atv = getAccessTokenValidation(mc, authScheme, authSchemeData, extraProps, schemeParams); +if (isRemoteSignatureValidation()) { +return atv; +} String macKey = atv.getExtraProps().get(OAuthConstants.HAWK_TOKEN_KEY); String macAlgo = atv.getExtraProps().get(OAuthConstants.HAWK_TOKEN_ALGORITHM); - -HttpRequestProperties httpProps = new HttpRequestProperties(mc.getUriInfo().getRequestUri(), - mc.getHttpServletRequest().getMethod()); + + +HttpRequestProperties httpProps = null; +if (extraProps != null extraProps.containsKey(HTTP_VERB) extraProps.containsKey(HTTP_URI)) { +httpProps = new HttpRequestProperties(URI.create(extraProps.getFirst(HTTP_URI)), + extraProps.getFirst(HTTP_VERB)); +} else { +httpProps = new HttpRequestProperties(mc.getUriInfo().getRequestUri(), + mc.getHttpServletRequest().getMethod()); +} HawkAuthorizationScheme macAuthInfo = new HawkAuthorizationScheme(httpProps, schemeParams); String normalizedString = macAuthInfo.getNormalizedRequestString(); try { @@ -82,7 +96,7 @@ public abstract class AbstractHawkAccessTokenValidator implements AccessTokenVal MultivaluedMapString, String extraProps, MapString, String schemeParams); -private static MapString, String getSchemeParameters(String authData) { +protected static MapString, String getSchemeParameters(String authData) { String[] attributePairs = authData.split(,); MapString, String attributeMap = new HashMapString, String(); for (String pair : attributePairs) { @@ -101,4 +115,12 @@ public abstract class AbstractHawkAccessTokenValidator implements
buildbot success in ASF Buildbot on cxf-site-production
The Buildbot has detected a restored build on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/5507 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: Build succeeded! Sincerely, -The Buildbot