cxf git commit: Fixing the distro checkstyle issues
Repository: cxf Updated Branches: refs/heads/master 7d3944d6e - 6359c930b Fixing the distro checkstyle issues Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6359c930 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6359c930 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6359c930 Branch: refs/heads/master Commit: 6359c930bb27b0ea589c7c2d7ed552babe4897ed Parents: 7d3944d Author: Sergey Beryozkin sberyoz...@talend.com Authored: Fri Jan 16 13:02:59 2015 + Committer: Sergey Beryozkin sberyoz...@talend.com Committed: Fri Jan 16 13:02:59 2015 + -- .../src/main/java/demo/jaxrs/server/BigQueryService.java| 9 - 1 file changed, 4 insertions(+), 5 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/6359c930/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryService.java -- diff --git a/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryService.java b/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryService.java index 5940fa5..79d73b8 100644 --- a/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryService.java +++ b/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryService.java @@ -100,7 +100,7 @@ public class BigQueryService { boolean postMessage) { // Get the access token -ClientAccessToken at = getClientAccessToken(consumer, code, postMessage); +ClientAccessToken at = getClientAccessToken(code, postMessage); // Expect and validate id_token IdToken idToken = tokenClient.getIdToken(at, consumer.getKey()); @@ -126,8 +126,7 @@ public class BigQueryService { .build().toString(); } -private ClientAccessToken getClientAccessToken(Consumer consumer, -String code, boolean postMessage) { +private ClientAccessToken getClientAccessToken(String code, boolean postMessage) { AccessTokenGrant grant = new AuthorizationCodeGrant(code); String redirectUri = postMessage ? postmessage : getRedirectUri(); return OAuthClientUtils.getAccessToken(accessTokenServiceClient, @@ -135,8 +134,8 @@ public class BigQueryService { OAuthConstants.REDIRECT_URI, redirectUri), false); } -public void setUserInfoClient(UserInfoClient tokenClient) { -this.tokenClient = tokenClient; +public void setUserInfoClient(UserInfoClient client) { +this.tokenClient = client; } public void setAuthorizationServiceUri(String authorizationServiceUri) {
[2/2] cxf git commit: [CXF-5674] - CXF Support in Audience Restriction of SAML 2 (SOAP)
[CXF-5674] - CXF Support in Audience Restriction of SAML 2 (SOAP) Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/abafca6d Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/abafca6d Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/abafca6d Branch: refs/heads/master Commit: abafca6d4a4f48e4affdc67f368a1ab33cdd79e0 Parents: 6359c93 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Jan 16 14:58:30 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Jan 16 15:43:48 2015 + -- .../cxf/ws/security/SecurityConstants.java | 10 +- .../ws/security/wss4j/WSS4JInInterceptor.java | 20 .../security/wss4j/WSS4JStaxInInterceptor.java | 22 + .../saml/Saml2AudienceRestrictionValidator.java | 92 --- .../cxf/systest/ws/saml/SamlTokenTest.java | 96 +++- .../StaxSaml2AudienceRestrictionValidator.java | 82 - .../cxf/systest/ws/saml/DoubleItSaml.wsdl | 3 + .../org/apache/cxf/systest/ws/saml/server.xml | 19 ++-- .../apache/cxf/systest/ws/saml/stax-server.xml | 20 ++-- 9 files changed, 168 insertions(+), 196 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/abafca6d/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java index b5b32b3..daedbb0 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java @@ -229,6 +229,13 @@ public final class SecurityConstants { */ public static final String SC_FROM_JAAS_SUBJECT = ws-security.sc.jaas-subject; +/** + * Enable SAML AudienceRestriction validation. If this is set to true, then IF the + * SAML Token contains Audience Restriction URIs, one of them must match either the + * request URL or the Service QName. The default is true. + */ +public static final String AUDIENCE_RESTRICTION_VALIDATION = ws-security.validate.audience-restriction; + // // Non-boolean WS-Security Configuration parameters // @@ -633,7 +640,8 @@ public final class SecurityConstants { CACHE_IDENTIFIER, CACHE_ISSUED_TOKEN_IN_ENDPOINT, PREFER_WSMEX_OVER_STS_CLIENT_CONFIG, DELEGATED_CREDENTIAL, KERBEROS_USE_CREDENTIAL_DELEGATION, KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM, STS_TOKEN_IMMINENT_EXPIRY_VALUE, -KERBEROS_REQUEST_CREDENTIAL_DELEGATION, ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL +KERBEROS_REQUEST_CREDENTIAL_DELEGATION, ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL, +AUDIENCE_RESTRICTION_VALIDATION })); ALL_PROPERTIES = Collections.unmodifiableSet(s); } http://git-wip-us.apache.org/repos/asf/cxf/blob/abafca6d/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java index 4fec350..2ab48ea 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java @@ -216,6 +216,8 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { } reqData.setWssConfig(config); +// Add Audience Restrictions for SAML +configureAudienceRestriction(msg, reqData); SOAPMessage doc = getSOAPMessage(msg); @@ -339,6 +341,24 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { reqData = null; } } + +private void configureAudienceRestriction(SoapMessage msg, RequestData reqData) { +// Add Audience Restrictions for SAML +boolean enableAudienceRestriction = +MessageUtils.getContextualBoolean(msg, + SecurityConstants.AUDIENCE_RESTRICTION_VALIDATION, + true); +if (enableAudienceRestriction) { +ListString audiences = new ArrayListString(); +if (msg.getContextualProperty(org.apache.cxf.message.Message.REQUEST_URL) != null) { + audiences.add((String)msg.getContextualProperty(org.apache.cxf.message.Message.REQUEST_URL)); +} +
svn commit: r936438 - in /websites/production/cxf/content: cache/docs.pageCache docs/ws-securitypolicy.html
Author: buildbot Date: Fri Jan 16 15:47:32 2015 New Revision: 936438 Log: Production update by buildbot for cxf Modified: websites/production/cxf/content/cache/docs.pageCache websites/production/cxf/content/docs/ws-securitypolicy.html Modified: websites/production/cxf/content/cache/docs.pageCache == Binary files - no diff available. Modified: websites/production/cxf/content/docs/ws-securitypolicy.html == --- websites/production/cxf/content/docs/ws-securitypolicy.html (original) +++ websites/production/cxf/content/docs/ws-securitypolicy.html Fri Jan 16 15:47:32 2015 @@ -117,7 +117,7 @@ Apache CXF -- WS-SecurityPolicy td height=100% !-- Content -- div class=wiki-content -div id=ConfluenceContenth1 id=WS-SecurityPolicy-WS-SecurityPolicyWS-SecurityPolicy/h1pCXF 2.2 introduced support for using a shape=rect class=external-link href=http://docs.oasis-open.org/ws-sx/ws-securitypolicy/v1.3/ws-securitypolicy.html; rel=nofollowWS-SecurityPolicy/a to configure WSS4J instead of the custom configuration documented on the a shape=rect href=ws-security.htmlWS-Security/a page. However, all of the background material on the a shape=rect href=ws-security.htmlWS-Security/a page still applies and is important to know. WS-SecurityPolicy just provides an easier and more standards based way to configure and control the security requirements. With the security requirements documented in the WSDL as a shape=rect href=ws-policy.htmlWS-Policy/a fragments, other tools such as .NET can easily know how to configure themselves to inter-operate with CXF services./ppCXF supports WS-SecurityPolicy versions 1.1 and later. It does not support WS-SecurityPolicy 1.0./ph3 id=WS-SecurityPolicy-EnablingWS-SecurityPolicyEnabling WS-SecurityPolicy/h3pIn CXF 2.2, if the cxf-rt-ws-policy and cxf-rt-ws-security modules are available on the classpath, the WS-SecurityPolicy stuff is automatically enabled. Since the entire security runtime is policy driven, the only requirement is that the policy engine and security policies be available./ppIf you are using the full bundle jar, all the security and policy stuff is already included./ph3 id=WS-SecurityPolicy-PolicydescriptionPolicy description/h3pWith WS-SecurityPolicy, the binding and/or operation in the wsdl references a a shape=rect href=ws-policy.htmlWS-Policy/a fragment that describes the basic security requirements for interacting with that service. The a shape=rect class=external-link href=http://docs.oasis-open.org/ws-sx/ws-securitypolicy/v1.3/ws-securitypolicy.html; rel=nofollowWS-SecurityPolicy specification/a allows f or specifying things like asymmetric/symmetric keys, using transports (https) for encryption, which parts/headers to encrypt or sign, whether to sign then encrypt or encrypt then sign, whether to include timestamps, whether to use derived keys, etc... Basically, it describes what actions are necessary to securely interact with the service described in the WSDL./ppHowever, the WS-SecurityPolicy fragment does not include everything that is required for a runtime to be able to able to create the messages. It does not describe things such as locations of key stores, user names and passwords, etc... Those need to be configured in at runtime to augment the WS-SecurityPolicy fragment./ph3 id=WS-SecurityPolicy-ConfiguringtheextrapropertiesConfiguring the extra properties/h3pThere are several extra properties that may need to be set to provide the additional bits of information to the runtime. Note that you should check that a particular property is supported in the version o f CXF you are using./ph4 id=WS-SecurityPolicy-UserpropertiesUser properties/h4div class=table-wraptable class=confluenceTabletbodytrtd colspan=1 rowspan=1 class=confluenceTdpws-security.username/p/tdtd colspan=1 rowspan=1 class=confluenceTdpThe user's name. It is used differently by each of the WS-Security functions, see a shape=rect href=http://cxf.apache.org/javadoc/latest/org/apache/cxf/ws/security/SecurityConstants.html#USERNAME;here/a for more information./p/td/trtrtd colspan=1 rowspan=1 class=confluenceTdpws-security.password/p/tdtd colspan=1 rowspan=1 class=confluenceTdpThe user's password when ws-security.callback-handler is not defined. It is currently only used for the case of adding a password to a UsernameToken./p/td/trtrtd colspan=1 rowspan=1 class=confluenceTdpws-security.signature.username/p/tdtd colspan=1 rowspan=1 class=confluenceTdpThe user's name fo r signature. It is used as the alias name in the keystore to get the user's cert and private key for signature. See a shape=rect href=http://cxf.apache.org/javadoc/latest/org/apache/cxf/ws/security/SecurityConstants.html#SIGNATURE_USERNAME;here/a for more information./p/td/trtrtd colspan=1 rowspan=1
cxf git commit: CXF-6199 Adding concurrentConsumers
Repository: cxf Updated Branches: refs/heads/master 88a658195 - 41f3f6beb CXF-6199 Adding concurrentConsumers Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/41f3f6be Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/41f3f6be Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/41f3f6be Branch: refs/heads/master Commit: 41f3f6beb5b090ff72a9cf19b0b1d1d23986f5cd Parents: 88a6581 Author: Christian Schneider ch...@die-schneider.net Authored: Fri Jan 16 16:47:36 2015 +0100 Committer: Christian Schneider ch...@die-schneider.net Committed: Fri Jan 16 16:47:53 2015 +0100 -- .../cxf/transport/jms/JMSConfiguration.java | 9 +++ .../cxf/transport/jms/JMSDestination.java | 17 +++-- .../cxf/transport/jms/uri/JMSEndpoint.java | 14 .../util/AbstractMessageListenerContainer.java | 22 --- .../jms/util/MessageListenerContainer.java | 68 +--- .../util/PollingMessageListenerContainer.java | 42 .../cxf/transport/jms/uri/JMSEndpointTest.java | 3 +- 7 files changed, 67 insertions(+), 108 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/41f3f6be/rt/transports/jms/src/main/java/org/apache/cxf/transport/jms/JMSConfiguration.java -- diff --git a/rt/transports/jms/src/main/java/org/apache/cxf/transport/jms/JMSConfiguration.java b/rt/transports/jms/src/main/java/org/apache/cxf/transport/jms/JMSConfiguration.java index b4ec3f0..5dc0e31 100644 --- a/rt/transports/jms/src/main/java/org/apache/cxf/transport/jms/JMSConfiguration.java +++ b/rt/transports/jms/src/main/java/org/apache/cxf/transport/jms/JMSConfiguration.java @@ -54,6 +54,7 @@ public class JMSConfiguration { private boolean sessionTransacted; private boolean createSecurityContext = true; +private int concurrentConsumers = 1; private int maxSuspendedContinuations = DEFAULT_VALUE; private int reconnectPercentOfMax = 70; @@ -320,6 +321,14 @@ public class JMSConfiguration { public void setTransactionManager(Object transactionManager) { } +public int getConcurrentConsumers() { +return concurrentConsumers; +} + +public void setConcurrentConsumers(int concurrentConsumers) { +this.concurrentConsumers = concurrentConsumers; +} + public int getMaxSuspendedContinuations() { return maxSuspendedContinuations; } http://git-wip-us.apache.org/repos/asf/cxf/blob/41f3f6be/rt/transports/jms/src/main/java/org/apache/cxf/transport/jms/JMSDestination.java -- diff --git a/rt/transports/jms/src/main/java/org/apache/cxf/transport/jms/JMSDestination.java b/rt/transports/jms/src/main/java/org/apache/cxf/transport/jms/JMSDestination.java index e4127d3..9f0fcbc 100644 --- a/rt/transports/jms/src/main/java/org/apache/cxf/transport/jms/JMSDestination.java +++ b/rt/transports/jms/src/main/java/org/apache/cxf/transport/jms/JMSDestination.java @@ -48,10 +48,8 @@ import org.apache.cxf.service.model.EndpointInfo; import org.apache.cxf.transport.AbstractMultiplexDestination; import org.apache.cxf.transport.Conduit; import org.apache.cxf.transport.jms.continuations.JMSContinuationProvider; -import org.apache.cxf.transport.jms.util.AbstractMessageListenerContainer; import org.apache.cxf.transport.jms.util.JMSListenerContainer; import org.apache.cxf.transport.jms.util.JMSUtil; -import org.apache.cxf.transport.jms.util.MessageListenerContainer; import org.apache.cxf.transport.jms.util.PollingMessageListenerContainer; import org.apache.cxf.transport.jms.util.ResourceCloser; @@ -125,15 +123,18 @@ public class JMSDestination extends AbstractMultiplexDestination implements Mess connection = JMSFactory.createConnection(jmsConfig); connection.setExceptionListener(new ExceptionListener() { public void onException(JMSException exception) { -LOG.log(Level.WARNING, Exception on JMS connection. Trying to reconnect, exception); -restartConnection(); +if (!shutdown) { +LOG.log(Level.WARNING, Exception on JMS connection. Trying to reconnect, exception); +restartConnection(); +} } }); session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE); Destination destination = jmsConfig.getTargetDestination(session); -AbstractMessageListenerContainer container = jmsConfig.getTransactionManager() != null -? new PollingMessageListenerContainer(connection, destination, this) -: new MessageListenerContainer(connection,
cxf git commit: [CXF-5674] - CXF Support in Audience Restriction of SAML 2 (SOAP)
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes c015b609b - ff2987db4 [CXF-5674] - CXF Support in Audience Restriction of SAML 2 (SOAP) Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ff2987db Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ff2987db Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ff2987db Branch: refs/heads/3.0.x-fixes Commit: ff2987db4950611b0e770b1fd6bd4e501c997a41 Parents: c015b60 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Jan 16 14:58:30 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Jan 16 15:44:13 2015 + -- .../cxf/ws/security/SecurityConstants.java | 10 +- .../ws/security/wss4j/WSS4JInInterceptor.java | 20 .../security/wss4j/WSS4JStaxInInterceptor.java | 22 + .../saml/Saml2AudienceRestrictionValidator.java | 92 --- .../cxf/systest/ws/saml/SamlTokenTest.java | 96 +++- .../StaxSaml2AudienceRestrictionValidator.java | 82 - .../cxf/systest/ws/saml/DoubleItSaml.wsdl | 3 + .../org/apache/cxf/systest/ws/saml/server.xml | 19 ++-- .../apache/cxf/systest/ws/saml/stax-server.xml | 20 ++-- 9 files changed, 168 insertions(+), 196 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/ff2987db/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java index b5b32b3..daedbb0 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java @@ -229,6 +229,13 @@ public final class SecurityConstants { */ public static final String SC_FROM_JAAS_SUBJECT = ws-security.sc.jaas-subject; +/** + * Enable SAML AudienceRestriction validation. If this is set to true, then IF the + * SAML Token contains Audience Restriction URIs, one of them must match either the + * request URL or the Service QName. The default is true. + */ +public static final String AUDIENCE_RESTRICTION_VALIDATION = ws-security.validate.audience-restriction; + // // Non-boolean WS-Security Configuration parameters // @@ -633,7 +640,8 @@ public final class SecurityConstants { CACHE_IDENTIFIER, CACHE_ISSUED_TOKEN_IN_ENDPOINT, PREFER_WSMEX_OVER_STS_CLIENT_CONFIG, DELEGATED_CREDENTIAL, KERBEROS_USE_CREDENTIAL_DELEGATION, KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM, STS_TOKEN_IMMINENT_EXPIRY_VALUE, -KERBEROS_REQUEST_CREDENTIAL_DELEGATION, ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL +KERBEROS_REQUEST_CREDENTIAL_DELEGATION, ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL, +AUDIENCE_RESTRICTION_VALIDATION })); ALL_PROPERTIES = Collections.unmodifiableSet(s); } http://git-wip-us.apache.org/repos/asf/cxf/blob/ff2987db/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java index 4fec350..2ab48ea 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java @@ -216,6 +216,8 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { } reqData.setWssConfig(config); +// Add Audience Restrictions for SAML +configureAudienceRestriction(msg, reqData); SOAPMessage doc = getSOAPMessage(msg); @@ -339,6 +341,24 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { reqData = null; } } + +private void configureAudienceRestriction(SoapMessage msg, RequestData reqData) { +// Add Audience Restrictions for SAML +boolean enableAudienceRestriction = +MessageUtils.getContextualBoolean(msg, + SecurityConstants.AUDIENCE_RESTRICTION_VALIDATION, + true); +if (enableAudienceRestriction) { +ListString audiences = new ArrayListString(); +if (msg.getContextualProperty(org.apache.cxf.message.Message.REQUEST_URL) != null) { +
[1/3] cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/2.7.x-fixes d9ecc37f6 - b416a7830 Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4115b59e Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4115b59e Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4115b59e Branch: refs/heads/2.7.x-fixes Commit: 4115b59e2a6c0039ea517d3f7992859be49c0e39 Parents: 737a1b1 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Jan 16 16:23:18 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Jan 16 16:23:18 2015 + -- .gitmergeinfo | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/4115b59e/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index b397d19..a15d8c7 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -2427,6 +2427,7 @@ M fdfc50e48fb6fe7a75833e14ea43c53d266b1f40 M fe03e8e76db39520876a5b2e45b8d1096649f019 M fe69b42605a9fd3c8b2835dd98d9f9d91b232add M ff1da204f47347bd4d5447b757db7fee4cf10fb5 +M ff2987db4950611b0e770b1fd6bd4e501c997a41 M ffb4278e2c550f7ab7030f2120942e1bbc6ed16b M ffbd7bde505d7f7ef6313801faf96b16a8d5551d M ffc3fb9a865eccd2e3e3e8904c040631058224ce
[2/3] cxf git commit: [CXF-5674] - CXF Support in Audience Restriction of SAML 2 (SOAP)
[CXF-5674] - CXF Support in Audience Restriction of SAML 2 (SOAP) Conflicts: rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/Saml2AudienceRestrictionValidator.java systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server.xml Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/737a1b13 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/737a1b13 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/737a1b13 Branch: refs/heads/2.7.x-fixes Commit: 737a1b13a3182855ce07a6e1257f81608c24cbb7 Parents: d9ecc37 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Jan 16 14:58:30 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Jan 16 16:23:18 2015 + -- .../cxf/ws/security/SecurityConstants.java | 10 +- .../ws/security/wss4j/WSS4JInInterceptor.java | 20 + .../security/wss4j/WSS4JStaxInInterceptor.java | 480 +++ .../cxf/systest/ws/saml/SamlTokenTest.java | 103 .../cxf/systest/ws/saml/DoubleItSaml.wsdl | 3 + .../org/apache/cxf/systest/ws/saml/server.xml | 270 +++ .../apache/cxf/systest/ws/saml/stax-server.xml | 298 7 files changed, 1183 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/737a1b13/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java index f2f2201..61691a1 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java @@ -230,6 +230,13 @@ public final class SecurityConstants { public static final String KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM = ws-security.kerberos.is.username.in.servicename.form; +/** + * Enable SAML AudienceRestriction validation. If this is set to true, then IF the + * SAML Token contains Audience Restriction URIs, one of them must match either the + * request URL or the Service QName. The default is true. + */ +public static final String AUDIENCE_RESTRICTION_VALIDATION = ws-security.validate.audience-restriction; + // // Non-boolean WS-Security Configuration parameters // @@ -608,7 +615,8 @@ public final class SecurityConstants { CACHE_IDENTIFIER, CACHE_ISSUED_TOKEN_IN_ENDPOINT, PREFER_WSMEX_OVER_STS_CLIENT_CONFIG, DELEGATED_CREDENTIAL, KERBEROS_USE_CREDENTIAL_DELEGATION, KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM, STS_TOKEN_IMMINENT_EXPIRY_VALUE, -KERBEROS_REQUEST_CREDENTIAL_DELEGATION, ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL +KERBEROS_REQUEST_CREDENTIAL_DELEGATION, ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL, +AUDIENCE_RESTRICTION_VALIDATION })); ALL_PROPERTIES = Collections.unmodifiableSet(s); } http://git-wip-us.apache.org/repos/asf/cxf/blob/737a1b13/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java index c8318f1..860a09f 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java @@ -215,6 +215,8 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { } reqData.setWssConfig(config); +// Add Audience Restrictions for SAML +configureAudienceRestriction(msg, reqData); SOAPMessage doc = getSOAPMessage(msg); @@ -337,6 +339,24 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { reqData = null; } } + +private void configureAudienceRestriction(SoapMessage msg, RequestData reqData) { +// Add Audience Restrictions for SAML +boolean enableAudienceRestriction = +MessageUtils.getContextualBoolean(msg, +
[3/3] cxf git commit: Fixing last commit
Fixing last commit Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b416a783 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b416a783 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b416a783 Branch: refs/heads/2.7.x-fixes Commit: b416a7830913a34c487e5526cd769a7d89532bd6 Parents: 4115b59 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Jan 16 17:00:59 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Jan 16 17:00:59 2015 + -- .../ws/security/wss4j/WSS4JInInterceptor.java | 2 +- .../security/wss4j/WSS4JStaxInInterceptor.java | 480 --- .../cxf/systest/ws/saml/SamlTokenTest.java | 81 +--- .../org/apache/cxf/systest/ws/saml/server.xml | 270 --- .../cxf/systest/ws/saml/server/server.xml | 20 +- .../apache/cxf/systest/ws/saml/stax-server.xml | 298 6 files changed, 22 insertions(+), 1129 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/b416a783/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java index 860a09f..c790c7a 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java @@ -345,7 +345,7 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { boolean enableAudienceRestriction = MessageUtils.getContextualBoolean(msg, SecurityConstants.AUDIENCE_RESTRICTION_VALIDATION, - true); + false); if (enableAudienceRestriction) { ListString audiences = new ArrayListString(); if (msg.getContextualProperty(org.apache.cxf.message.Message.REQUEST_URL) != null) { http://git-wip-us.apache.org/repos/asf/cxf/blob/b416a783/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java deleted file mode 100644 index eb034a1..000 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java +++ /dev/null @@ -1,480 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * License); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.ws.security.wss4j; - -import java.io.IOException; -import java.security.Provider; -import java.util.ArrayList; -import java.util.Collections; -import java.util.LinkedList; -import java.util.List; -import java.util.Map; -import java.util.logging.Logger; - -import javax.security.auth.callback.Callback; -import javax.security.auth.callback.CallbackHandler; -import javax.security.auth.callback.UnsupportedCallbackException; -import javax.xml.stream.XMLStreamException; -import javax.xml.stream.XMLStreamReader; -import javax.xml.stream.util.StreamReaderDelegate; - -import org.apache.cxf.binding.soap.SoapFault; -import org.apache.cxf.binding.soap.SoapMessage; -import org.apache.cxf.binding.soap.SoapVersion; -import org.apache.cxf.common.classloader.ClassLoaderUtils; -import org.apache.cxf.common.i18n.Message; -import org.apache.cxf.common.logging.LogUtils; -import org.apache.cxf.interceptor.Fault; -import org.apache.cxf.interceptor.StaxInInterceptor; -import org.apache.cxf.message.MessageUtils; -import org.apache.cxf.phase.Phase; -import org.apache.cxf.ws.security.SecurityConstants; -import org.apache.cxf.ws.security.tokenstore.SecurityToken; -import org.apache.cxf.ws.security.tokenstore.TokenStore;
cxf git commit: Fixing tests
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes ff2987db4 - 1c046386a Fixing tests Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1c046386 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1c046386 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1c046386 Branch: refs/heads/3.0.x-fixes Commit: 1c046386a9e50257371df81e18a3a04a782463e0 Parents: ff2987d Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Jan 16 15:43:39 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Jan 16 17:01:26 2015 + -- .../java/org/apache/cxf/systest/sts/issueunit/IssueUnitTest.java | 3 ++- .../org/apache/cxf/systest/sts/username_actas/cxf-service.xml | 1 + .../apache/cxf/systest/sts/username_onbehalfof/cxf-service.xml| 1 + 3 files changed, 4 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/1c046386/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/issueunit/IssueUnitTest.java -- diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/issueunit/IssueUnitTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/issueunit/IssueUnitTest.java index 4374acd..34578c3 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/issueunit/IssueUnitTest.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/issueunit/IssueUnitTest.java @@ -561,7 +561,8 @@ public class IssueUnitTest extends AbstractBusClientServerTestBase { WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx); parameters.setWebServiceContext(webServiceContext); -parameters.setAppliesToAddress(http://dummy-service.com/dummy;); +parameters.setAppliesToAddress( +https://localhost:; + STSPORT + /SecurityTokenService/b-issuer/Transport); // Add STSProperties object StaticSTSProperties stsProperties = new StaticSTSProperties(); http://git-wip-us.apache.org/repos/asf/cxf/blob/1c046386/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_actas/cxf-service.xml -- diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_actas/cxf-service.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_actas/cxf-service.xml index 6d9a1fb..cb76c26 100644 --- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_actas/cxf-service.xml +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_actas/cxf-service.xml @@ -65,6 +65,7 @@ bean class=org.apache.cxf.systest.sts.username_actas.ActAsValidator/ /entry entry key=ws-security.is-bsp-compliant value=false/ +entry key=ws-security.validate.audience-restriction value=false/ /jaxws:properties /jaxws:endpoint jaxws:endpoint xmlns:s=http://www.example.org/contract/DoubleIt; id=doubleitasymmetricsaml2bearer5 implementor=org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl endpointName=s:DoubleItAsymmetricSAML2BearerPort5 serviceName=s:DoubleItService address=http://localhost:${testutil.ports.Server}/doubleit/services/doubleitasymmetricsaml2bearer5; wsdlLocation=org/apache/cxf/systest/sts/username_actas/DoubleIt.wsdl http://git-wip-us.apache.org/repos/asf/cxf/blob/1c046386/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_onbehalfof/cxf-service.xml -- diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_onbehalfof/cxf-service.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_onbehalfof/cxf-service.xml index 8a66267..d3965d0 100644 --- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_onbehalfof/cxf-service.xml +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_onbehalfof/cxf-service.xml @@ -65,6 +65,7 @@ bean class=org.apache.cxf.systest.sts.intermediary_transformation.OnBehalfOfValidator/ /entry entry key=ws-security.is-bsp-compliant value=false/ +entry key=ws-security.validate.audience-restriction value=false/ /jaxws:properties /jaxws:endpoint jaxws:endpoint xmlns:s=http://www.example.org/contract/DoubleIt; id=doubleitasymmetricsaml2bearer5 implementor=org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl
cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/2.7.x-fixes b416a7830 - 1ef8fc69f Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1ef8fc69 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1ef8fc69 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1ef8fc69 Branch: refs/heads/2.7.x-fixes Commit: 1ef8fc69f6c322024a596fd16cb752643f9fa859 Parents: b416a78 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Jan 16 17:06:37 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Jan 16 17:06:37 2015 + -- .gitmergeinfo | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/1ef8fc69/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index a15d8c7..4511cce 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -200,6 +200,7 @@ B 1bcb4ec0d19267365535340365c7d64a4f9629f4 B 1bcd10e825ec445b21ade102d1474f80e226ca65 B 1bd380a4c9269ce42b635a260976855ac2a993cf B 1bdcc6c08ebd79dff682e69d3141737a5d953597 +B 1c046386a9e50257371df81e18a3a04a782463e0 B 1c1441f3b3cfc8726862b3486c62ccf9171d9443 B 1c3c87d3102822ca3c3f94e63a4ec7e8dc960acc B 1c3eaf3cd860709f6b927db423b6a5d21e4848d4
cxf git commit: Trying to fix JAXBDataBindingTest, patch from Maarten Winkels applied
Repository: cxf Updated Branches: refs/heads/master 41f3f6beb - 4fa469166 Trying to fix JAXBDataBindingTest, patch from Maarten Winkels applied Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4fa46916 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4fa46916 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4fa46916 Branch: refs/heads/master Commit: 4fa469166e5c5ca1ce7dc4f23ae24ab6e8d72fb5 Parents: 41f3f6b Author: Sergey Beryozkin sberyoz...@talend.com Authored: Fri Jan 16 22:22:14 2015 + Committer: Sergey Beryozkin sberyoz...@talend.com Committed: Fri Jan 16 22:22:14 2015 + -- .../src/test/java/org/apache/cxf/jaxb/JAXBDataBindingTest.java | 5 + 1 file changed, 5 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/4fa46916/rt/databinding/jaxb/src/test/java/org/apache/cxf/jaxb/JAXBDataBindingTest.java -- diff --git a/rt/databinding/jaxb/src/test/java/org/apache/cxf/jaxb/JAXBDataBindingTest.java b/rt/databinding/jaxb/src/test/java/org/apache/cxf/jaxb/JAXBDataBindingTest.java index 5aeb192..4621481 100644 --- a/rt/databinding/jaxb/src/test/java/org/apache/cxf/jaxb/JAXBDataBindingTest.java +++ b/rt/databinding/jaxb/src/test/java/org/apache/cxf/jaxb/JAXBDataBindingTest.java @@ -50,6 +50,7 @@ import javax.xml.stream.XMLStreamReader; import javax.xml.stream.XMLStreamWriter; import org.w3c.dom.Node; + import org.apache.cxf.Bus; import org.apache.cxf.binding.BindingFactoryManager; import org.apache.cxf.common.logging.LogUtils; @@ -66,6 +67,7 @@ import org.apache.hello_world_soap_http.types.GreetMe; import org.apache.hello_world_soap_http.types.GreetMeOneWay; import org.easymock.EasyMock; import org.easymock.IMocksControl; + import org.junit.After; import org.junit.Assert; import org.junit.Before; @@ -290,6 +292,9 @@ public class JAXBDataBindingTest extends Assert { public static class Language { private final String code; private final String name; +public Language() { +this(null, null); +} public Language(String code, String name) { this.code = code; this.name = name;
cxf git commit: Trying to fix JAXBDataBindingTest, patch from Maarten Winkels applied
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 1c046386a - 2f747962c Trying to fix JAXBDataBindingTest, patch from Maarten Winkels applied Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2f747962 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2f747962 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2f747962 Branch: refs/heads/3.0.x-fixes Commit: 2f747962cc385de426f29544c7625c1565c4a013 Parents: 1c04638 Author: Sergey Beryozkin sberyoz...@talend.com Authored: Fri Jan 16 22:22:14 2015 + Committer: Sergey Beryozkin sberyoz...@talend.com Committed: Fri Jan 16 22:24:29 2015 + -- .../src/test/java/org/apache/cxf/jaxb/JAXBDataBindingTest.java | 5 + 1 file changed, 5 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/2f747962/rt/databinding/jaxb/src/test/java/org/apache/cxf/jaxb/JAXBDataBindingTest.java -- diff --git a/rt/databinding/jaxb/src/test/java/org/apache/cxf/jaxb/JAXBDataBindingTest.java b/rt/databinding/jaxb/src/test/java/org/apache/cxf/jaxb/JAXBDataBindingTest.java index 5aeb192..4621481 100644 --- a/rt/databinding/jaxb/src/test/java/org/apache/cxf/jaxb/JAXBDataBindingTest.java +++ b/rt/databinding/jaxb/src/test/java/org/apache/cxf/jaxb/JAXBDataBindingTest.java @@ -50,6 +50,7 @@ import javax.xml.stream.XMLStreamReader; import javax.xml.stream.XMLStreamWriter; import org.w3c.dom.Node; + import org.apache.cxf.Bus; import org.apache.cxf.binding.BindingFactoryManager; import org.apache.cxf.common.logging.LogUtils; @@ -66,6 +67,7 @@ import org.apache.hello_world_soap_http.types.GreetMe; import org.apache.hello_world_soap_http.types.GreetMeOneWay; import org.easymock.EasyMock; import org.easymock.IMocksControl; + import org.junit.After; import org.junit.Assert; import org.junit.Before; @@ -290,6 +292,9 @@ public class JAXBDataBindingTest extends Assert { public static class Language { private final String code; private final String name; +public Language() { +this(null, null); +} public Language(String code, String name) { this.code = code; this.name = name;