[CONF] Apache CXF Documentation Standardized Authentication / Authorization
Christian Schneider edited the page: Standardized Authentication / Authorization Info Ideas / Proposal CXF already supports a wide range of authentication and authorization approaches. Unfortunately they are all configured differently and do not integrate well with each other. ... An XACML policy enforcement point can retrieve the JAAS login data and do authorization against an XACML Policy Decision Point (PDP). Separating Authorization from CXF As authorization is not only relevant for webservices it makes sense to keep the authorization code separate from cxf too. So one way to implement authorization would be to put it into a blueprint extension. Of course this would cover only OSGi and blueprint but it would be a start. It could work similar to the XA transaction support. Unlike in tx support we could scan all beans for security annotations like @RolesAllowed. Then for each bean that has this annotation we could proxy it with a class that does the security check. This would allow to have minimal xml configuration. Another approach is to mark beans for security checks using xml like in tx support. This variant then would also work nicely for XACML authorization as in that case there would be no annotation to scan for. Karaf role based OSGi service Authorization Karaf 3 already supports authorization on the OSGi service level and uses JAAS for authentication. So if we do a JAAS login in CXF and the service impl code calls an OSGi service then the Karaf role based securtiy should already work out of the box.We could add annotation based Authorization to karaf code to make it even better and require less config. Exception handling and answer generation ... Failure at Authentication: javax.security.auth.login.LoginException could also be more specific like AccountLockedException Failure at Authorization: org.apache.cxf.interceptor.security.AccessDeniedException or java.security.AccessControlException. The later one is better for code separate from cxf as it does not depend on CXF. Then in the transport like the http transport we map the exception to the defined status code and http response:
svn commit: r915661 - in /websites/production/cxf/content: cache/docs.pageCache docs/standardized-authentication-authorization.html
Author: buildbot Date: Thu Jul 10 08:47:01 2014 New Revision: 915661 Log: Production update by buildbot for cxf Modified: websites/production/cxf/content/cache/docs.pageCache websites/production/cxf/content/docs/standardized-authentication-authorization.html Modified: websites/production/cxf/content/cache/docs.pageCache == Binary files - no diff available. Modified: websites/production/cxf/content/docs/standardized-authentication-authorization.html == --- websites/production/cxf/content/docs/standardized-authentication-authorization.html (original) +++ websites/production/cxf/content/docs/standardized-authentication-authorization.html Thu Jul 10 08:47:01 2014 @@ -116,7 +116,7 @@ Apache CXF -- Standardized Authenticatio td height=100% !-- Content -- div class=wiki-content -div id=ConfluenceContentdiv class=aui-message hint shadowed information-macro +div id=ConfluenceContentp#160;/pp#160;/pp#160;/pdiv class=aui-message hint shadowed information-macro span class=aui-icon icon-hintIcon/span div class=message-content Ideas / Proposal @@ -125,7 +125,7 @@ Apache CXF -- Standardized Authenticatio p#160;/ppCXF already supports a wide range of authentication and authorization approaches. Unfortunately they are all configured differently and do not integrate well with each other./ppSo the idea is to create one standardized authentication / authorization flow in CXF where the modules can then fit in. There are a lot of security frameworks out there that could be used as a basis for this. The problem is though that each framework#160; (like Shiro or Spring Security) uses its own mechanisms which are not standardized. So by choosing one framework we would force our users to depend on this./ppThe best standardized security framework in java is JAAS. It is already included in Java and most security frameworks can be hooked into it. So let#180;s investigate what we could do with JAAS./ph2 id=StandardizedAuthentication/Authorization-AuthenticationusingJAASAuthentication using JAAS/h2pJAAS authentication is done by creating a LoginContext and doing a login on it. Things to configure is the name of the login config and the Callback Handlers. So CXF needs mechanisms for the user to set the config name and needs to provide CallBackHandlers to supply credentials./ph2 id=StandardizedAuthentication/Authorization-CallbackHandlersCallbackHandlers/h2pCXF needs to supply different data to identify the users depending on the chosen authentication variant./ppBasic Auth: username and password from HTTP header/ppWS-Security UserNameToken: Username and password from SOAP header/ppSpnego: Kerberos token from HTTP header/ppHTTPS client cert: Certificate information/ppWe could simply detect what information is provided and configure the Callbackhandlers for each information we can supply. Depending on when the login should happen we could collect CallbackHandlers in the Message using Interceptors./ph2 id=StandardizedAuthentication/Authorization-JAASconfigurationJAAS configuration/h2pThe JAAS configuration is suppli ed differently depending on the runtime CXF runs in./ppStandalone: For standalone usage the JAAS config can simply come from a file./ppServlet Container: Not sure. Is there a standard approach for this?/ppApache Karaf: Karaf already provides a JAAS integration so we just have to configure the JAAS config name and supply a suitable config in karaf/ph2 id=StandardizedAuthentication/Authorization-SupplyingRoleandUserinformationSupplying Role and User information/h2pJAAS stores identity information in the JAAS subject. The method getPrincipals returns Principal objects which can be users, roles or even other identity information. To differentiate between roles and users there are two common approaches./pollidifferent Classes like a UserPrincipal or RolePrincipal. There seems to be a Group interface which allows to differentiate between Users and Groups and also allows to see group members./liliprefixes. So for example roles start with role- . There is no standard for this approach/li/olh2 id=StandardizedAuthentication/Authorization-AuthorizationAuthorization/h2pAuthorization has very diverse requirements. So we need to make sure we integrate well with different approaches./ppGenerally the idea is to base the Authorization on the JAAS login data. After a JAAS login the JAAS subject can be retrieved in a standard way:/pdiv class=code panel pdl style=border-width: 1px;div class=codeContent panelContent pdl script class=theme: Default; brush: java; gutter: false type=syntaxhighlighter![CDATA[AccessControlContext acc = AccesController.getContext(); Subject subject = Subject.getSubject(acc);]]/script
git commit: making sure search parsers actually see a decode property
Repository: cxf Updated Branches: refs/heads/master e0b7f3556 - 7683d0551 making sure search parsers actually see a decode property Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7683d055 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7683d055 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7683d055 Branch: refs/heads/master Commit: 7683d055150e7e58f0f16fc93ba252d62edad7c8 Parents: e0b7f35 Author: Sergey Beryozkin sberyoz...@talend.com Authored: Thu Jul 10 11:09:24 2014 +0100 Committer: Sergey Beryozkin sberyoz...@talend.com Committed: Thu Jul 10 11:09:24 2014 +0100 -- .../java/org/apache/cxf/jaxrs/ext/search/SearchContextImpl.java| 2 ++ 1 file changed, 2 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/7683d055/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/SearchContextImpl.java -- diff --git a/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/SearchContextImpl.java b/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/SearchContextImpl.java index be1e4d9..0aaed79 100644 --- a/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/SearchContextImpl.java +++ b/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/SearchContextImpl.java @@ -193,6 +193,8 @@ public class SearchContextImpl implements SearchContext { (String)message.getContextualProperty(SearchUtils.TIMEZONE_SUPPORT_PROPERTY)); props.put(SearchUtils.LAX_PROPERTY_MATCH, (String)message.getContextualProperty(SearchUtils.LAX_PROPERTY_MATCH)); +props.put(SearchUtils.DECODE_QUERY_VALUES, + (String)message.getContextualProperty(SearchUtils.DECODE_QUERY_VALUES)); // FIQL specific props.put(FiqlParser.SUPPORT_SINGLE_EQUALS, (String)message.getContextualProperty(FiqlParser.SUPPORT_SINGLE_EQUALS));
git commit: making sure search parsers actually see a decode property
Repository: cxf Updated Branches: refs/heads/2.7.x-fixes c61bff324 - d5621a999 making sure search parsers actually see a decode property Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d5621a99 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d5621a99 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d5621a99 Branch: refs/heads/2.7.x-fixes Commit: d5621a999d519226b04616b0459703426515d6c5 Parents: c61bff3 Author: Sergey Beryozkin sberyoz...@talend.com Authored: Thu Jul 10 11:09:24 2014 +0100 Committer: Sergey Beryozkin sberyoz...@talend.com Committed: Thu Jul 10 11:12:19 2014 +0100 -- .../java/org/apache/cxf/jaxrs/ext/search/SearchContextImpl.java| 2 ++ 1 file changed, 2 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/d5621a99/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/SearchContextImpl.java -- diff --git a/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/SearchContextImpl.java b/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/SearchContextImpl.java index 9130577..5ab92bd 100644 --- a/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/SearchContextImpl.java +++ b/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/SearchContextImpl.java @@ -190,6 +190,8 @@ public class SearchContextImpl implements SearchContext { (String)message.getContextualProperty(SearchUtils.TIMEZONE_SUPPORT_PROPERTY)); props.put(SearchUtils.LAX_PROPERTY_MATCH, (String)message.getContextualProperty(SearchUtils.LAX_PROPERTY_MATCH)); +props.put(SearchUtils.DECODE_QUERY_VALUES, + (String)message.getContextualProperty(SearchUtils.DECODE_QUERY_VALUES)); // FIQL specific props.put(FiqlParser.SUPPORT_SINGLE_EQUALS, (String)message.getContextualProperty(FiqlParser.SUPPORT_SINGLE_EQUALS));
git commit: [CXF-5311] Quick prototyping of JwsOutputStream, refactorings will follow
Repository: cxf Updated Branches: refs/heads/master 7683d0551 - 22dbf10ed [CXF-5311] Quick prototyping of JwsOutputStream, refactorings will follow Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/22dbf10e Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/22dbf10e Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/22dbf10e Branch: refs/heads/master Commit: 22dbf10ed281f3ec94b159829e21333f4afc0bf9 Parents: 7683d05 Author: Sergey Beryozkin sberyoz...@talend.com Authored: Thu Jul 10 13:41:56 2014 +0100 Committer: Sergey Beryozkin sberyoz...@talend.com Committed: Thu Jul 10 13:41:56 2014 +0100 -- .../security/oauth2/jwe/JweCompactProducer.java | 7 +- .../rs/security/oauth2/jwe/JweOutputStream.java | 2 +- .../jws/AbstractJwsSignatureProvider.java | 33 ++- .../oauth2/jws/HmacJwsSignatureProvider.java| 21 - .../rs/security/oauth2/jws/JwsOutputStream.java | 98 .../oauth2/jws/JwsSignatureProvider.java| 5 +- .../oauth2/jws/JwsSignatureProviderWorker.java | 25 + .../jws/PrivateKeyJwsSignatureProvider.java | 33 ++- .../oauth2/jwt/jaxrs/JwsWriterInterceptor.java | 33 +-- .../oauth2/utils/crypto/CryptoUtils.java| 14 ++- 10 files changed, 250 insertions(+), 21 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/22dbf10e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactProducer.java -- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactProducer.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactProducer.java index 72d3d84..365a986 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactProducer.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactProducer.java @@ -112,12 +112,13 @@ public class JweCompactProducer { writer = writer == null ? new JwtTokenReaderWriter() : writer; byte[] jsonBytes = writer.headersToJson(headers).getBytes(UTF-8); Base64UrlUtility.encodeAndStream(jsonBytes, 0, jsonBytes.length, os); -os.write('.'); +byte[] dotBytes = new byte[]{'.'}; +os.write(dotBytes); Base64UrlUtility.encodeAndStream(encryptedContentEncryptionKey, 0, encryptedContentEncryptionKey.length, os); -os.write('.'); +os.write(dotBytes); Base64UrlUtility.encodeAndStream(cipherInitVector, 0, cipherInitVector.length, os); -os.write('.'); +os.write(dotBytes); } public String getJweContent() { http://git-wip-us.apache.org/repos/asf/cxf/blob/22dbf10e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweOutputStream.java -- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweOutputStream.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweOutputStream.java index ebf80df..91b68b0 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweOutputStream.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweOutputStream.java @@ -106,7 +106,7 @@ public class JweOutputStream extends FilterOutputStream { ? encryptingCipher.doFinal() : encryptingCipher.doFinal(lastRawDataChunk, 0, lastRawDataChunk.length); encodeAndWrite(finalBytes, 0, finalBytes.length - authTagLengthBits / 8, true); -out.write('.'); +out.write(new byte[]{'.'}); encodeAndWrite(finalBytes, finalBytes.length - authTagLengthBits / 8, authTagLengthBits / 8, true); } catch (Exception ex) { throw new SecurityException(); http://git-wip-us.apache.org/repos/asf/cxf/blob/22dbf10e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/AbstractJwsSignatureProvider.java -- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/AbstractJwsSignatureProvider.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/AbstractJwsSignatureProvider.java index 83563be..dc63a1e 100644 ---
git commit: CXF-5868 Add subject.doAs and HTTP status mapping
Repository: cxf Updated Branches: refs/heads/master 22dbf10ed - 5182ed51f CXF-5868 Add subject.doAs and HTTP status mapping Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5182ed51 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5182ed51 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5182ed51 Branch: refs/heads/master Commit: 5182ed51fcc455b52707e3179049fd724418abaf Parents: 22dbf10 Author: Christian Schneider ch...@die-schneider.net Authored: Thu Jul 10 15:10:05 2014 +0200 Committer: Christian Schneider ch...@die-schneider.net Committed: Thu Jul 10 15:10:05 2014 +0200 -- .../java/org/apache/cxf/interceptor/Fault.java | 23 +++- .../security/JAASAuthenticationFeature.java | 58 .../security/JAASLoginInterceptor.java | 40 +++--- 3 files changed, 98 insertions(+), 23 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/5182ed51/core/src/main/java/org/apache/cxf/interceptor/Fault.java -- diff --git a/core/src/main/java/org/apache/cxf/interceptor/Fault.java b/core/src/main/java/org/apache/cxf/interceptor/Fault.java index 55c7fb9..3e44adf 100644 --- a/core/src/main/java/org/apache/cxf/interceptor/Fault.java +++ b/core/src/main/java/org/apache/cxf/interceptor/Fault.java @@ -19,9 +19,11 @@ package org.apache.cxf.interceptor; +import java.net.HttpURLConnection; import java.util.ResourceBundle; import java.util.logging.Logger; +import javax.security.auth.login.LoginException; import javax.xml.namespace.QName; import org.w3c.dom.Element; @@ -29,6 +31,8 @@ import org.w3c.dom.Element; import org.apache.cxf.common.i18n.Message; import org.apache.cxf.common.i18n.UncheckedException; import org.apache.cxf.helpers.DOMUtils; +import org.apache.cxf.interceptor.security.AccessDeniedException; +import org.apache.cxf.interceptor.security.AuthenticationException; /** * A Fault that occurs during invocation processing. @@ -38,9 +42,9 @@ public class Fault extends UncheckedException { public static final QName FAULT_CODE_SERVER = new QName(http://cxf.apache.org/faultcode;, server); public static final String STACKTRACE_NAMESPACE = http://cxf.apache.org/fault;; public static final String STACKTRACE = stackTrace; -private static final int DEFAULT_HTTP_RESPONSE_CODE = 500; +private static final int DEFAULT_HTTP_RESPONSE_CODE = HttpURLConnection.HTTP_INTERNAL_ERROR; private static final long serialVersionUID = -1583932965031558864L; - + private Element detail; private String messageString; private QName code; @@ -54,6 +58,7 @@ public class Fault extends UncheckedException { super(message, throwable); this.messageString = message.toString(); code = FAULT_CODE_SERVER; +determineStatusCode(throwable); } public Fault(Message message) { @@ -89,12 +94,14 @@ public class Fault extends UncheckedException { messageString = t == null ? null : t.getMessage(); } code = FAULT_CODE_SERVER; +determineStatusCode(t); } public Fault(Message message, Throwable throwable, QName fc) { super(message, throwable); this.messageString = message.toString(); code = fc; +determineStatusCode(throwable); } public Fault(Message message, QName fc) { @@ -111,7 +118,17 @@ public class Fault extends UncheckedException { messageString = t == null ? null : t.getMessage(); } code = fc; -} +determineStatusCode(t); +} + +private void determineStatusCode(Throwable throwable) { +if (throwable instanceof AuthenticationException || throwable instanceof LoginException) { +statusCode = HttpURLConnection.HTTP_UNAUTHORIZED; +} +if (throwable instanceof AccessDeniedException) { +statusCode = HttpURLConnection.HTTP_FORBIDDEN; +} +} public String getMessage() { return messageString; http://git-wip-us.apache.org/repos/asf/cxf/blob/5182ed51/core/src/main/java/org/apache/cxf/interceptor/security/JAASAuthenticationFeature.java -- diff --git a/core/src/main/java/org/apache/cxf/interceptor/security/JAASAuthenticationFeature.java b/core/src/main/java/org/apache/cxf/interceptor/security/JAASAuthenticationFeature.java new file mode 100644 index 000..2a2d985 --- /dev/null +++ b/core/src/main/java/org/apache/cxf/interceptor/security/JAASAuthenticationFeature.java @@ -0,0 +1,58 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + *
git commit: More work on SAML SSO
Repository: cxf-fediz Updated Branches: refs/heads/master e344688ff - e24966d39 More work on SAML SSO Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/e24966d3 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/e24966d3 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/e24966d3 Branch: refs/heads/master Commit: e24966d395349c99044a3bd2fa3c878416eae8cf Parents: e344688 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Thu Jul 10 14:28:14 2014 +0100 Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Thu Jul 10 14:28:14 2014 +0100 -- .../cxf/fediz/core/config/SAMLProtocol.java | 37 ++ .../core/processor/FederationProcessorImpl.java | 16 -- .../fediz/core/processor/FedizProcessor.java| 8 ++- .../core/processor/RedirectionResponse.java | 51 .../src/main/resources/schemas/FedizConfig.xsd | 9 +++- .../fediz/jetty/FederationAuthenticator.java| 24 +++-- .../web/FederationAuthenticationEntryPoint.java | 15 +- .../web/FederationLogoutSuccessHandler.java | 14 +- .../web/FederationAuthenticationEntryPoint.java | 29 ++- .../fediz/tomcat/FederationAuthenticator.java | 24 +++-- 10 files changed, 205 insertions(+), 22 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e24966d3/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/SAMLProtocol.java -- diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/SAMLProtocol.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/SAMLProtocol.java index b334537..adf6862 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/SAMLProtocol.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/SAMLProtocol.java @@ -20,6 +20,7 @@ package org.apache.cxf.fediz.core.config; import org.apache.cxf.fediz.core.config.jaxb.ProtocolType; +import org.apache.cxf.fediz.core.config.jaxb.SamlProtocolType; public class SAMLProtocol extends Protocol { @@ -56,6 +57,42 @@ public class SAMLProtocol extends Protocol { //SAMLTokenValidator validator = new SAMLTokenValidator(); //validators.add(validators.size(), validator); } + +protected SamlProtocolType getSAMLProtocol() { +return (SamlProtocolType)super.getProtocolType(); +} + +protected void setSAMLProtocol(SamlProtocolType samlProtocol) { +super.setProtocolType(samlProtocol); +} + +public boolean isSignRequest() { +return getSAMLProtocol().isSignRequest(); +} + +public void setSignRequest(boolean signRequest) { +getSAMLProtocol().setSignRequest(signRequest); +} + +public String getWebAppDomain() { +return getSAMLProtocol().getWebAppDomain(); +} + +public void setWebAppDomain(String webAppDomain) { +getSAMLProtocol().setWebAppDomain(webAppDomain); +} + +public long getStateTimeToLive() { +long ttl = getSAMLProtocol().getStateTimeToLive(); +if (ttl 0) { +return ttl; +} +return 2L * 60L * 1000L; +} + +public void setStateTimeToLive(long stateTimeToLive) { +getSAMLProtocol().setStateTimeToLive(stateTimeToLive); +} } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e24966d3/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java -- diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java index 12f4669..58a186a 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java @@ -347,7 +347,7 @@ public class FederationProcessorImpl implements FedizProcessor { } @Override -public String createSignInRequest(HttpServletRequest request, FedizContext config) +public RedirectionResponse createSignInRequest(HttpServletRequest request, FedizContext config) throws ProcessingException { String redirectURL = null; @@ -448,12 +448,15 @@ public class FederationProcessorImpl implements FedizProcessor { } catch (Exception ex) { LOG.error(Failed to create SignInRequest, ex); throw new ProcessingException(Failed to create SignInRequest); -} -return redirectURL; +} + +RedirectionResponse response = new RedirectionResponse(); +
git commit: CXF-5868 Revering status code mapping as a fault always must have status code 500
Repository: cxf Updated Branches: refs/heads/master 5182ed51f - c36a2388f CXF-5868 Revering status code mapping as a fault always must have status code 500 Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c36a2388 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c36a2388 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c36a2388 Branch: refs/heads/master Commit: c36a2388f6d170e66f0dc98b21d184b2151f4b75 Parents: 5182ed5 Author: Christian Schneider ch...@die-schneider.net Authored: Thu Jul 10 15:36:36 2014 +0200 Committer: Christian Schneider ch...@die-schneider.net Committed: Thu Jul 10 15:36:36 2014 +0200 -- .../java/org/apache/cxf/interceptor/Fault.java | 20 ++-- 1 file changed, 2 insertions(+), 18 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/c36a2388/core/src/main/java/org/apache/cxf/interceptor/Fault.java -- diff --git a/core/src/main/java/org/apache/cxf/interceptor/Fault.java b/core/src/main/java/org/apache/cxf/interceptor/Fault.java index 3e44adf..b5bc123 100644 --- a/core/src/main/java/org/apache/cxf/interceptor/Fault.java +++ b/core/src/main/java/org/apache/cxf/interceptor/Fault.java @@ -23,16 +23,13 @@ import java.net.HttpURLConnection; import java.util.ResourceBundle; import java.util.logging.Logger; -import javax.security.auth.login.LoginException; import javax.xml.namespace.QName; -import org.w3c.dom.Element; - import org.apache.cxf.common.i18n.Message; import org.apache.cxf.common.i18n.UncheckedException; import org.apache.cxf.helpers.DOMUtils; -import org.apache.cxf.interceptor.security.AccessDeniedException; -import org.apache.cxf.interceptor.security.AuthenticationException; + +import org.w3c.dom.Element; /** * A Fault that occurs during invocation processing. @@ -58,7 +55,6 @@ public class Fault extends UncheckedException { super(message, throwable); this.messageString = message.toString(); code = FAULT_CODE_SERVER; -determineStatusCode(throwable); } public Fault(Message message) { @@ -94,14 +90,12 @@ public class Fault extends UncheckedException { messageString = t == null ? null : t.getMessage(); } code = FAULT_CODE_SERVER; -determineStatusCode(t); } public Fault(Message message, Throwable throwable, QName fc) { super(message, throwable); this.messageString = message.toString(); code = fc; -determineStatusCode(throwable); } public Fault(Message message, QName fc) { @@ -118,16 +112,6 @@ public class Fault extends UncheckedException { messageString = t == null ? null : t.getMessage(); } code = fc; -determineStatusCode(t); -} - -private void determineStatusCode(Throwable throwable) { -if (throwable instanceof AuthenticationException || throwable instanceof LoginException) { -statusCode = HttpURLConnection.HTTP_UNAUTHORIZED; -} -if (throwable instanceof AccessDeniedException) { -statusCode = HttpURLConnection.HTTP_FORBIDDEN; -} } public String getMessage() {
git commit: Updating non-Tomcat plugins to remove hard-coded references to the FederationProcessorImpl
Repository: cxf-fediz Updated Branches: refs/heads/master e24966d39 - 940c54a65 Updating non-Tomcat plugins to remove hard-coded references to the FederationProcessorImpl Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/940c54a6 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/940c54a6 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/940c54a6 Branch: refs/heads/master Commit: 940c54a65b7ca87ce9b6d5f6dec6de755fca40f9 Parents: e24966d Author: Colm O hEigeartaigh cohei...@apache.org Authored: Thu Jul 10 15:26:14 2014 +0100 Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Thu Jul 10 15:26:14 2014 +0100 -- .../cxf/fediz/jetty/FederationAuthenticator.java | 17 - .../cxf/fediz/jetty/FederationLoginService.java| 5 +++-- .../FederationAuthenticationProvider.java | 10 +++--- .../web/FederationAuthenticationEntryPoint.java| 5 +++-- .../spring/web/FederationLogoutSuccessHandler.java | 7 --- .../FederationAuthenticationProvider.java | 9 ++--- .../web/FederationAuthenticationEntryPoint.java| 8 +--- 7 files changed, 40 insertions(+), 21 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/940c54a6/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java -- diff --git a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java b/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java index 8cb9923..223c954 100644 --- a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java +++ b/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java @@ -38,8 +38,8 @@ import org.apache.cxf.fediz.core.FederationConstants; import org.apache.cxf.fediz.core.config.FedizConfigurator; import org.apache.cxf.fediz.core.config.FedizContext; import org.apache.cxf.fediz.core.exception.ProcessingException; -import org.apache.cxf.fediz.core.processor.FederationProcessorImpl; import org.apache.cxf.fediz.core.processor.FedizProcessor; +import org.apache.cxf.fediz.core.processor.FedizProcessorFactory; import org.apache.cxf.fediz.core.processor.FedizRequest; import org.apache.cxf.fediz.core.processor.FedizResponse; import org.apache.cxf.fediz.core.processor.RedirectionResponse; @@ -56,7 +56,6 @@ import org.eclipse.jetty.server.Authentication.User; import org.eclipse.jetty.server.Request; import org.eclipse.jetty.server.UserIdentity; import org.eclipse.jetty.util.MultiMap; -import org.eclipse.jetty.util.StringUtil; import org.eclipse.jetty.util.URIUtil; import org.eclipse.jetty.util.log.Log; import org.eclipse.jetty.util.log.Logger; @@ -235,7 +234,7 @@ public class FederationAuthenticator extends LoginAuthenticator { // not authenticated if (LOG.isDebugEnabled()) { -LOG.debug(WSFED authentication FAILED for + StringUtil.printable(user.getUserPrincipal().getName())); +LOG.debug(WSFED authentication FAILED); } if (response != null) { response.sendError(HttpServletResponse.SC_FORBIDDEN); @@ -295,7 +294,8 @@ public class FederationAuthenticator extends LoginAuthenticator { if (logoutUrl != null !logoutUrl.isEmpty() uri.equals(contextName + logoutUrl)) { session.invalidate(); -FedizProcessor wfProc = new FederationProcessorImpl(); +FedizProcessor wfProc = + FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol()); signOutRedirectToIssuer(request, response, wfProc); return Authentication.SEND_CONTINUE; @@ -361,7 +361,14 @@ public class FederationAuthenticator extends LoginAuthenticator { } } -FedizProcessor wfProc = new FederationProcessorImpl(); +String contextName = request.getSession().getServletContext().getContextPath(); +if (contextName == null || contextName.isEmpty()) { +contextName = /; +} +FedizContext fedConfig = getContextConfiguration(contextName); + +FedizProcessor wfProc = + FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol()); signInRedirectToIssuer(request, response, wfProc); return Authentication.SEND_CONTINUE;
[2/2] git commit: Merge branch 'master' of https://git-wip-us.apache.org/repos/asf/cxf
Merge branch 'master' of https://git-wip-us.apache.org/repos/asf/cxf Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/82d49c14 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/82d49c14 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/82d49c14 Branch: refs/heads/master Commit: 82d49c140a06d2ba4f0872358b1e64f2d6d53d71 Parents: 5934b2e c36a238 Author: Sergey Beryozkin sberyoz...@talend.com Authored: Thu Jul 10 16:13:17 2014 +0100 Committer: Sergey Beryozkin sberyoz...@talend.com Committed: Thu Jul 10 16:13:17 2014 +0100 -- .../java/org/apache/cxf/interceptor/Fault.java | 11 ++-- .../security/JAASAuthenticationFeature.java | 58 .../security/JAASLoginInterceptor.java | 40 +++--- 3 files changed, 84 insertions(+), 25 deletions(-) --
[1/2] git commit: Trying to prototype some BP code for mapping between jaxrs and jaxrs-client
Repository: cxf Updated Branches: refs/heads/master c36a2388f - 82d49c140 Trying to prototype some BP code for mapping between jaxrs and jaxrs-client Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5934b2e8 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5934b2e8 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5934b2e8 Branch: refs/heads/master Commit: 5934b2e83315c1ccfe1f26d21e3f62d190bab380 Parents: 22dbf10 Author: Sergey Beryozkin sberyoz...@talend.com Authored: Thu Jul 10 16:13:08 2014 +0100 Committer: Sergey Beryozkin sberyoz...@talend.com Committed: Thu Jul 10 16:13:08 2014 +0100 -- .../blueprint/JAXRSBPNamespaceHandler.java | 30 ++-- 1 file changed, 27 insertions(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/5934b2e8/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/blueprint/JAXRSBPNamespaceHandler.java -- diff --git a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/blueprint/JAXRSBPNamespaceHandler.java b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/blueprint/JAXRSBPNamespaceHandler.java index d42a415..7834228 100644 --- a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/blueprint/JAXRSBPNamespaceHandler.java +++ b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/blueprint/JAXRSBPNamespaceHandler.java @@ -20,13 +20,20 @@ package org.apache.cxf.jaxrs.blueprint; import java.net.URL; +import java.util.Collections; +import java.util.Map; import java.util.Set; +import javax.xml.stream.XMLStreamException; + import org.w3c.dom.Element; import org.w3c.dom.Node; import org.apache.aries.blueprint.NamespaceHandler; import org.apache.aries.blueprint.ParserContext; +import org.apache.cxf.staxutils.StaxUtils; +import org.apache.cxf.staxutils.W3CDOMStreamWriter; +import org.apache.cxf.staxutils.transform.OutTransformWriter; import org.osgi.service.blueprint.container.BlueprintContainer; import org.osgi.service.blueprint.reflect.ComponentMetadata; import org.osgi.service.blueprint.reflect.Metadata; @@ -49,8 +56,11 @@ public class JAXRSBPNamespaceHandler implements NamespaceHandler { String s = element.getLocalName(); if (server.equals(s)) { return new JAXRSServerFactoryBeanDefinitionParser().parse(element, context); -} -return null; +} else if (client.equals(s)) { +return context.parseElement(Metadata.class, null, transformElement(element)); +} else { +return null; +} } @SuppressWarnings(rawtypes) @@ -61,7 +71,21 @@ public class JAXRSBPNamespaceHandler implements NamespaceHandler { return null; } - +private Element transformElement(Element element) { +final MapString, String transformMap = +Collections.singletonMap({ + element.getNamespaceURI() + }*, + {http://cxf.apache.org/blueprint/jaxrs-client}*;); + + +W3CDOMStreamWriter domWriter = new W3CDOMStreamWriter(); +OutTransformWriter transformWriter = new OutTransformWriter(domWriter, transformMap); +try { +StaxUtils.copy(element, transformWriter); +} catch (XMLStreamException e) { +throw new RuntimeException(e); +} +return domWriter.getDocument().getDocumentElement(); +} public BlueprintContainer getBlueprintContainer() { return blueprintContainer; }
git commit: [CXF-5869] Temporary file caching using encryption may get corrupted data
Repository: cxf Updated Branches: refs/heads/master 82d49c140 - f584187d0 [CXF-5869] Temporary file caching using encryption may get corrupted data Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f584187d Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f584187d Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f584187d Branch: refs/heads/master Commit: f584187d09471f28578854e288a7c7d612ea82bc Parents: 82d49c1 Author: Akitoshi Yoshida a...@apache.org Authored: Thu Jul 10 17:45:43 2014 +0200 Committer: Akitoshi Yoshida a...@apache.org Committed: Thu Jul 10 17:45:57 2014 +0200 -- core/src/main/java/org/apache/cxf/io/CipherPair.java | 9 + 1 file changed, 1 insertion(+), 8 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/f584187d/core/src/main/java/org/apache/cxf/io/CipherPair.java -- diff --git a/core/src/main/java/org/apache/cxf/io/CipherPair.java b/core/src/main/java/org/apache/cxf/io/CipherPair.java index 0a4b856..8237221 100644 --- a/core/src/main/java/org/apache/cxf/io/CipherPair.java +++ b/core/src/main/java/org/apache/cxf/io/CipherPair.java @@ -32,6 +32,7 @@ import javax.crypto.spec.IvParameterSpec; */ public class CipherPair { private String transformation; +private Cipher enccipher; private Key key; private byte[] ivp; @@ -45,7 +46,6 @@ public class CipherPair { } else { a = transformation; } -Cipher enccipher = null; try { KeyGenerator keygen = KeyGenerator.getInstance(a); keygen.init(new SecureRandom()); @@ -64,13 +64,6 @@ public class CipherPair { } public Cipher getEncryptor() { -Cipher enccipher = null; -try { -enccipher = Cipher.getInstance(transformation); -enccipher.init(Cipher.ENCRYPT_MODE, key); -} catch (GeneralSecurityException e) { -// ignore -} return enccipher; }
git commit: [CXF-5869] test using AES/CTR
Repository: cxf Updated Branches: refs/heads/master f584187d0 - e8a038340 [CXF-5869] test using AES/CTR Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e8a03834 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e8a03834 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e8a03834 Branch: refs/heads/master Commit: e8a038340ec349de5c6c8732e1bf82dcdab05f27 Parents: f584187 Author: Akitoshi Yoshida a...@apache.org Authored: Thu Jul 10 18:04:20 2014 +0200 Committer: Akitoshi Yoshida a...@apache.org Committed: Thu Jul 10 18:04:20 2014 +0200 -- .../org/apache/cxf/io/CachedStreamTestBase.java | 27 +--- 1 file changed, 24 insertions(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/e8a03834/core/src/test/java/org/apache/cxf/io/CachedStreamTestBase.java -- diff --git a/core/src/test/java/org/apache/cxf/io/CachedStreamTestBase.java b/core/src/test/java/org/apache/cxf/io/CachedStreamTestBase.java index 47e837f..56e35c1 100755 --- a/core/src/test/java/org/apache/cxf/io/CachedStreamTestBase.java +++ b/core/src/test/java/org/apache/cxf/io/CachedStreamTestBase.java @@ -34,6 +34,9 @@ import org.junit.Assert; import org.junit.Test; public abstract class CachedStreamTestBase extends Assert { +// use two typical ciphers for testing +private static final String[] CIPHER_LIST = {RC4, AES/CTR/NoPadding}; + protected abstract void reloadDefaultProperties(); protected abstract Object createCache(); protected abstract Object createCache(long threshold); @@ -88,7 +91,13 @@ public abstract class CachedStreamTestBase extends Assert { @Test public void testEncryptAndDecryptWithDeleteOnClose() throws IOException { // need a 8-bit cipher so that all bytes are flushed when the stream is flushed. -Object cache = createCache(4, RC4); +for (String cipher: CIPHER_LIST) { +verifyEncryptAndDecryptWithDeleteOnClose(cipher); +} +} + +private void verifyEncryptAndDecryptWithDeleteOnClose(String cipher) throws IOException { +Object cache = createCache(4, cipher); final String text = Hello Secret World!; File tmpfile = getTmpFile(text, cache); assertNotNull(tmpfile); @@ -111,8 +120,14 @@ public abstract class CachedStreamTestBase extends Assert { @Test public void testEncryptAndDecryptWithDeleteOnInClose() throws IOException { +for (String cipher: CIPHER_LIST) { +verifyEncryptAndDecryptWithDeleteOnInClose(cipher); +} +} + +private void verifyEncryptAndDecryptWithDeleteOnInClose(String cipher) throws IOException { // need a 8-bit cipher so that all bytes are flushed when the stream is flushed. -Object cache = createCache(4, RC4); +Object cache = createCache(4, cipher); final String text = Hello Secret World!; File tmpfile = getTmpFile(text, cache); assertNotNull(tmpfile); @@ -133,8 +148,14 @@ public abstract class CachedStreamTestBase extends Assert { @Test public void testEncryptAndDecryptPartially() throws IOException { +for (String cipher: CIPHER_LIST) { +verifyEncryptAndDecryptPartially(cipher); +} +} + +private void verifyEncryptAndDecryptPartially(String cipher) throws IOException { // need a 8-bit cipher so that all bytes are flushed when the stream is flushed. -Object cache = createCache(4, RC4); +Object cache = createCache(4, cipher); final String text = Hello Secret World!; File tmpfile = getTmpFile(text, cache); assertNotNull(tmpfile);
git commit: Upgrading system tests to use newer HttpClient API
Repository: cxf-fediz Updated Branches: refs/heads/master 940c54a65 - 79c744df1 Upgrading system tests to use newer HttpClient API Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/79c744df Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/79c744df Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/79c744df Branch: refs/heads/master Commit: 79c744df1824893331f73f03358c047d7f4f0433 Parents: 940c54a Author: Colm O hEigeartaigh cohei...@apache.org Authored: Thu Jul 10 17:44:35 2014 +0100 Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Thu Jul 10 17:44:35 2014 +0100 -- .../fediz/integrationtests/AbstractTests.java | 141 ++- .../fediz/integrationtests/HTTPTestUtils.java | 176 +++ .../cxf/fediz/integrationtests/BadWReqTest.java | 125 + .../cxf/fediz/integrationtests/TomcatTest.java | 121 + .../cxf/fediz/integrationtests/WReqTest.java| 125 + 5 files changed, 190 insertions(+), 498 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/79c744df/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java -- diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java index b2e80f3..f2b715a 100644 --- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java +++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java @@ -19,33 +19,7 @@ package org.apache.cxf.fediz.integrationtests; -import java.io.File; -import java.io.FileInputStream; -import java.security.KeyStore; -import java.util.ArrayList; -import java.util.List; - -import net.htmlparser.jericho.Element; -import net.htmlparser.jericho.FormField; -import net.htmlparser.jericho.FormFields; -import net.htmlparser.jericho.HTMLElementName; -import net.htmlparser.jericho.Source; import org.apache.cxf.fediz.core.ClaimTypes; -import org.apache.http.Consts; -import org.apache.http.HttpEntity; -import org.apache.http.HttpResponse; -import org.apache.http.NameValuePair; -import org.apache.http.auth.AuthScope; -import org.apache.http.auth.UsernamePasswordCredentials; -import org.apache.http.client.entity.UrlEncodedFormEntity; -import org.apache.http.client.methods.HttpGet; -import org.apache.http.client.methods.HttpPost; -import org.apache.http.conn.scheme.Scheme; -import org.apache.http.conn.ssl.SSLSocketFactory; -import org.apache.http.impl.client.DefaultHttpClient; -import org.apache.http.impl.client.LaxRedirectStrategy; -import org.apache.http.message.BasicNameValuePair; -import org.apache.http.util.EntityUtils; import org.junit.Assert; public abstract class AbstractTests { @@ -65,7 +39,8 @@ public abstract class AbstractTests { String url = https://localhost:; + getRpHttpsPort() + /fedizhelloworld/secure/fedservlet; String user = alice; String password = ecila; -String response = sendHttpGet(url, user, password); +String response = +HTTPTestUtils.sendHttpGet(url, user, password, Integer.parseInt(getIdpHttpsPort())); Assert.assertTrue(Principal not + user, response.indexOf(userPrincipal= + user) 0); Assert.assertTrue(User + user + does not have role Admin, response.indexOf(role:Admin=false) 0); @@ -89,7 +64,8 @@ public abstract class AbstractTests { String url = https://localhost:; + getRpHttpsPort() + /fedizhelloworld/secure/fedservlet; String user = bob; String password = bob; -String response = sendHttpGet(url, user, password); +String response = +HTTPTestUtils.sendHttpGet(url, user, password, Integer.parseInt(getIdpHttpsPort())); Assert.assertTrue(Principal not + user, response.indexOf(userPrincipal= + user) 0); Assert.assertTrue(User + user + does not have role Admin, response.indexOf(role:Admin=true) 0); @@ -112,7 +88,8 @@ public abstract class AbstractTests { String url = https://localhost:; + getRpHttpsPort() + /fedizhelloworld/secure/fedservlet; String user = ted; String password = det; -String response = sendHttpGet(url, user, password); +String response = +HTTPTestUtils.sendHttpGet(url, user, password, Integer.parseInt(getIdpHttpsPort())); Assert.assertTrue(Principal not + user, response.indexOf(userPrincipal= + user) 0); Assert.assertTrue(User + user + does not have role Admin, response.indexOf(role:Admin=false) 0); @@ -135,18 +112,17 @@ public abstract class
git commit: Upgrading system tests to use newer HttpClient API
Repository: cxf-fediz Updated Branches: refs/heads/1.1.x-fixes f9f27c7be - 6637a55d1 Upgrading system tests to use newer HttpClient API Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/6637a55d Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/6637a55d Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/6637a55d Branch: refs/heads/1.1.x-fixes Commit: 6637a55d1a152357bf1520daa9039d7373691767 Parents: f9f27c7 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Thu Jul 10 17:44:35 2014 +0100 Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Thu Jul 10 17:45:11 2014 +0100 -- .../fediz/integrationtests/AbstractTests.java | 141 ++- .../fediz/integrationtests/HTTPTestUtils.java | 176 +++ .../cxf/fediz/integrationtests/BadWReqTest.java | 125 + .../cxf/fediz/integrationtests/TomcatTest.java | 121 + .../cxf/fediz/integrationtests/WReqTest.java| 125 + 5 files changed, 190 insertions(+), 498 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6637a55d/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java -- diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java index b2e80f3..f2b715a 100644 --- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java +++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java @@ -19,33 +19,7 @@ package org.apache.cxf.fediz.integrationtests; -import java.io.File; -import java.io.FileInputStream; -import java.security.KeyStore; -import java.util.ArrayList; -import java.util.List; - -import net.htmlparser.jericho.Element; -import net.htmlparser.jericho.FormField; -import net.htmlparser.jericho.FormFields; -import net.htmlparser.jericho.HTMLElementName; -import net.htmlparser.jericho.Source; import org.apache.cxf.fediz.core.ClaimTypes; -import org.apache.http.Consts; -import org.apache.http.HttpEntity; -import org.apache.http.HttpResponse; -import org.apache.http.NameValuePair; -import org.apache.http.auth.AuthScope; -import org.apache.http.auth.UsernamePasswordCredentials; -import org.apache.http.client.entity.UrlEncodedFormEntity; -import org.apache.http.client.methods.HttpGet; -import org.apache.http.client.methods.HttpPost; -import org.apache.http.conn.scheme.Scheme; -import org.apache.http.conn.ssl.SSLSocketFactory; -import org.apache.http.impl.client.DefaultHttpClient; -import org.apache.http.impl.client.LaxRedirectStrategy; -import org.apache.http.message.BasicNameValuePair; -import org.apache.http.util.EntityUtils; import org.junit.Assert; public abstract class AbstractTests { @@ -65,7 +39,8 @@ public abstract class AbstractTests { String url = https://localhost:; + getRpHttpsPort() + /fedizhelloworld/secure/fedservlet; String user = alice; String password = ecila; -String response = sendHttpGet(url, user, password); +String response = +HTTPTestUtils.sendHttpGet(url, user, password, Integer.parseInt(getIdpHttpsPort())); Assert.assertTrue(Principal not + user, response.indexOf(userPrincipal= + user) 0); Assert.assertTrue(User + user + does not have role Admin, response.indexOf(role:Admin=false) 0); @@ -89,7 +64,8 @@ public abstract class AbstractTests { String url = https://localhost:; + getRpHttpsPort() + /fedizhelloworld/secure/fedservlet; String user = bob; String password = bob; -String response = sendHttpGet(url, user, password); +String response = +HTTPTestUtils.sendHttpGet(url, user, password, Integer.parseInt(getIdpHttpsPort())); Assert.assertTrue(Principal not + user, response.indexOf(userPrincipal= + user) 0); Assert.assertTrue(User + user + does not have role Admin, response.indexOf(role:Admin=true) 0); @@ -112,7 +88,8 @@ public abstract class AbstractTests { String url = https://localhost:; + getRpHttpsPort() + /fedizhelloworld/secure/fedservlet; String user = ted; String password = det; -String response = sendHttpGet(url, user, password); +String response = +HTTPTestUtils.sendHttpGet(url, user, password, Integer.parseInt(getIdpHttpsPort())); Assert.assertTrue(Principal not + user, response.indexOf(userPrincipal= + user) 0); Assert.assertTrue(User + user + does not have role Admin, response.indexOf(role:Admin=false) 0); @@ -135,18 +112,17 @@ public abstract class
[1/2] git commit: [CXF-5869] Temporary file caching using encryption may get corrupted data
Repository: cxf Updated Branches: refs/heads/2.7.x-fixes d5621a999 - c651e2671 [CXF-5869] Temporary file caching using encryption may get corrupted data Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/141e88e6 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/141e88e6 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/141e88e6 Branch: refs/heads/2.7.x-fixes Commit: 141e88e6072fe8a85c4d6204719eca1b9d7eb04a Parents: d5621a9 Author: Akitoshi Yoshida a...@apache.org Authored: Thu Jul 10 17:45:43 2014 +0200 Committer: Akitoshi Yoshida a...@apache.org Committed: Thu Jul 10 18:56:50 2014 +0200 -- api/src/main/java/org/apache/cxf/io/CipherPair.java | 9 + 1 file changed, 1 insertion(+), 8 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/141e88e6/api/src/main/java/org/apache/cxf/io/CipherPair.java -- diff --git a/api/src/main/java/org/apache/cxf/io/CipherPair.java b/api/src/main/java/org/apache/cxf/io/CipherPair.java index 0a4b856..8237221 100644 --- a/api/src/main/java/org/apache/cxf/io/CipherPair.java +++ b/api/src/main/java/org/apache/cxf/io/CipherPair.java @@ -32,6 +32,7 @@ import javax.crypto.spec.IvParameterSpec; */ public class CipherPair { private String transformation; +private Cipher enccipher; private Key key; private byte[] ivp; @@ -45,7 +46,6 @@ public class CipherPair { } else { a = transformation; } -Cipher enccipher = null; try { KeyGenerator keygen = KeyGenerator.getInstance(a); keygen.init(new SecureRandom()); @@ -64,13 +64,6 @@ public class CipherPair { } public Cipher getEncryptor() { -Cipher enccipher = null; -try { -enccipher = Cipher.getInstance(transformation); -enccipher.init(Cipher.ENCRYPT_MODE, key); -} catch (GeneralSecurityException e) { -// ignore -} return enccipher; }
[2/2] git commit: [CXF-5869] test using AES/CTR
[CXF-5869] test using AES/CTR Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c651e267 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c651e267 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c651e267 Branch: refs/heads/2.7.x-fixes Commit: c651e2671edeace288e555316d136a7113f0127e Parents: 141e88e Author: Akitoshi Yoshida a...@apache.org Authored: Thu Jul 10 18:04:20 2014 +0200 Committer: Akitoshi Yoshida a...@apache.org Committed: Thu Jul 10 18:57:21 2014 +0200 -- .../org/apache/cxf/io/CachedStreamTestBase.java | 27 +--- 1 file changed, 24 insertions(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/c651e267/api/src/test/java/org/apache/cxf/io/CachedStreamTestBase.java -- diff --git a/api/src/test/java/org/apache/cxf/io/CachedStreamTestBase.java b/api/src/test/java/org/apache/cxf/io/CachedStreamTestBase.java index ddd5fed..b88ba14 100755 --- a/api/src/test/java/org/apache/cxf/io/CachedStreamTestBase.java +++ b/api/src/test/java/org/apache/cxf/io/CachedStreamTestBase.java @@ -34,6 +34,9 @@ import org.junit.Assert; import org.junit.Test; public abstract class CachedStreamTestBase extends Assert { +// use two typical ciphers for testing +private static final String[] CIPHER_LIST = {RC4, AES/CTR/NoPadding}; + protected abstract void reloadDefaultProperties(); protected abstract Object createCache(); protected abstract Object createCache(long threshold); @@ -88,7 +91,13 @@ public abstract class CachedStreamTestBase extends Assert { @Test public void testEncryptAndDecryptWithDeleteOnClose() throws IOException { // need a 8-bit cipher so that all bytes are flushed when the stream is flushed. -Object cache = createCache(4, RC4); +for (String cipher: CIPHER_LIST) { +verifyEncryptAndDecryptWithDeleteOnClose(cipher); +} +} + +private void verifyEncryptAndDecryptWithDeleteOnClose(String cipher) throws IOException { +Object cache = createCache(4, cipher); final String text = Hello Secret World!; File tmpfile = getTmpFile(text, cache); assertNotNull(tmpfile); @@ -111,8 +120,14 @@ public abstract class CachedStreamTestBase extends Assert { @Test public void testEncryptAndDecryptWithDeleteOnInClose() throws IOException { +for (String cipher: CIPHER_LIST) { +verifyEncryptAndDecryptWithDeleteOnInClose(cipher); +} +} + +private void verifyEncryptAndDecryptWithDeleteOnInClose(String cipher) throws IOException { // need a 8-bit cipher so that all bytes are flushed when the stream is flushed. -Object cache = createCache(4, RC4); +Object cache = createCache(4, cipher); final String text = Hello Secret World!; File tmpfile = getTmpFile(text, cache); assertNotNull(tmpfile); @@ -133,8 +148,14 @@ public abstract class CachedStreamTestBase extends Assert { @Test public void testEncryptAndDecryptPartially() throws IOException { +for (String cipher: CIPHER_LIST) { +verifyEncryptAndDecryptPartially(cipher); +} +} + +private void verifyEncryptAndDecryptPartially(String cipher) throws IOException { // need a 8-bit cipher so that all bytes are flushed when the stream is flushed. -Object cache = createCache(4, RC4); +Object cache = createCache(4, cipher); final String text = Hello Secret World!; File tmpfile = getTmpFile(text, cache); assertNotNull(tmpfile);
git commit: [CXF-5311] Actually making JWS out streaming work, more refactoring will follow
Repository: cxf Updated Branches: refs/heads/master e8a038340 - f5d2a0332 [CXF-5311] Actually making JWS out streaming work, more refactoring will follow Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f5d2a033 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f5d2a033 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f5d2a033 Branch: refs/heads/master Commit: f5d2a0332c7a40d7b528fb1d32d10fe9ebb74fc2 Parents: e8a0383 Author: Sergey Beryozkin sberyoz...@talend.com Authored: Thu Jul 10 22:00:01 2014 +0100 Committer: Sergey Beryozkin sberyoz...@talend.com Committed: Thu Jul 10 22:00:01 2014 +0100 -- .../cxf/common/util/Base64OutputStream.java | 90 .../jws/AbstractJwsSignatureProvider.java | 12 +-- .../rs/security/oauth2/jws/JwsOutputStream.java | 40 + .../oauth2/jwt/jaxrs/JwsWriterInterceptor.java | 9 +- .../oauth2/utils/Base64UrlOutputStream.java | 31 +++ .../jaxrs/security/jwt/JAXRSJweJwsTest.java | 4 +- 6 files changed, 140 insertions(+), 46 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/f5d2a033/core/src/main/java/org/apache/cxf/common/util/Base64OutputStream.java -- diff --git a/core/src/main/java/org/apache/cxf/common/util/Base64OutputStream.java b/core/src/main/java/org/apache/cxf/common/util/Base64OutputStream.java new file mode 100644 index 000..6ba8e95 --- /dev/null +++ b/core/src/main/java/org/apache/cxf/common/util/Base64OutputStream.java @@ -0,0 +1,90 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * License); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.common.util; + +import java.io.FilterOutputStream; +import java.io.IOException; +import java.io.OutputStream; +import java.nio.ByteBuffer; + +public class Base64OutputStream extends FilterOutputStream { +private byte[] lastChunk; +private boolean flushed; +private boolean urlSafe; +public Base64OutputStream(OutputStream out, boolean urlSafe) { +super(out); +this.urlSafe = urlSafe; +} + +@Override +public void write(int value) throws IOException { +byte[] bytes = ByteBuffer.allocate(Integer.SIZE / 8).putInt(value).array(); +write(bytes, 0, bytes.length); +} + +@Override +public void write(byte b[], int off, int len) throws IOException { +encodeAndWrite(b, off, len, false); +} + +private void encodeAndWrite(byte[] b, int off, int len, boolean finalWrite) throws IOException { +byte[] theChunk = lastChunk; +int lenToEncode = len; +if (theChunk != null) { +theChunk = newArray(theChunk, 0, theChunk.length, b, off, len); +lenToEncode = theChunk.length; +off = 0; +} else { +theChunk = b; +} +int rem = finalWrite ? 0 : lenToEncode % 3; +Base64Utility.encodeAndStream(theChunk, off, lenToEncode - rem, urlSafe, out); + +if (rem 0) { +lastChunk = newArray(theChunk, lenToEncode - rem, rem); +} else { +lastChunk = null; +} +} + +@Override +public void flush() throws IOException { +if (flushed) { +return; +} +try { +Base64Utility.encodeAndStream(lastChunk, 0, lastChunk.length, urlSafe, out); +lastChunk = null; +} catch (Exception ex) { +throw new SecurityException(); +} +flushed = true; +} +private byte[] newArray(byte[] src, int srcPos, int srcLen) { +byte[] buf = new byte[srcLen]; +System.arraycopy(src, srcPos, buf, 0, srcLen); +return buf; +} +private byte[] newArray(byte[] src, int srcPos, int srcLen, byte[] src2, int srcPos2, int srcLen2) { +byte[] buf = new byte[srcLen + srcLen2]; +System.arraycopy(src, srcPos, buf, 0, srcLen); +System.arraycopy(src2, srcPos2, buf, srcLen, srcLen2); +return buf; +} +}
git commit: CXF-5549: Introduce Tika Search Visitor. Added integration tests (systest) for JAX-RS/Tika/Lucene/Search
Repository: cxf Updated Branches: refs/heads/master f5d2a0332 - 2209258ce CXF-5549: Introduce Tika Search Visitor. Added integration tests (systest) for JAX-RS/Tika/Lucene/Search Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2209258c Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2209258c Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2209258c Branch: refs/heads/master Commit: 2209258ce1246f3f48d23d51c4d981dd47b3d600 Parents: f5d2a03 Author: reta drr...@gmail.com Authored: Thu Jul 10 22:20:37 2014 -0400 Committer: reta drr...@gmail.com Committed: Thu Jul 10 22:20:37 2014 -0400 -- .../ext/search/tika/LuceneDocumentMetadata.java | 10 ++ .../search/tika/TikaLuceneContentExtractor.java | 5 + .../tika/TikaLuceneContentExtractorTest.java| 17 +++ systests/jaxrs/pom.xml | 23 .../systest/jaxrs/extraction/BookCatalog.java | 118 ++ .../extraction/JAXRSClientServerTikaTest.java | 121 +++ .../jaxrs/src/test/resources/files/testPDF.pdf | Bin 0 - 34824 bytes 7 files changed, 294 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/2209258c/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/tika/LuceneDocumentMetadata.java -- diff --git a/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/tika/LuceneDocumentMetadata.java b/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/tika/LuceneDocumentMetadata.java index dcb8f5a..f3e0b7e 100644 --- a/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/tika/LuceneDocumentMetadata.java +++ b/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/tika/LuceneDocumentMetadata.java @@ -28,6 +28,7 @@ import org.apache.cxf.jaxrs.ext.search.DefaultParamConverterProvider; public class LuceneDocumentMetadata { private final Map String, Class ? fieldTypes; private final String contentFieldName; +private String source; private ParamConverterProvider converterProvider = new DefaultParamConverterProvider(); public LuceneDocumentMetadata() { @@ -54,10 +55,19 @@ public class LuceneDocumentMetadata { return this; } +public LuceneDocumentMetadata withSource(final String src) { +this.source = src; +return this; +} + public String getContentFieldName() { return contentFieldName; } +public String getSource() { +return source; +} + public Class? getFieldType(String name) { return fieldTypes.get(name); } http://git-wip-us.apache.org/repos/asf/cxf/blob/2209258c/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/tika/TikaLuceneContentExtractor.java -- diff --git a/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/tika/TikaLuceneContentExtractor.java b/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/tika/TikaLuceneContentExtractor.java index 8ca0b29..dc086ac 100644 --- a/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/tika/TikaLuceneContentExtractor.java +++ b/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/tika/TikaLuceneContentExtractor.java @@ -24,6 +24,7 @@ import java.util.List; import javax.ws.rs.ext.ParamConverterProvider; +import org.apache.commons.lang.StringUtils; import org.apache.cxf.jaxrs.ext.search.tika.TikaContentExtractor.TikaContent; import org.apache.lucene.document.Document; import org.apache.lucene.document.DoubleField; @@ -191,6 +192,10 @@ public class TikaLuceneContentExtractor { } } +if (!StringUtils.isBlank(documentMetadata.getSource())) { +document.add(new StringField(source, documentMetadata.getSource(), Store.YES)); +} + return document; } http://git-wip-us.apache.org/repos/asf/cxf/blob/2209258c/rt/rs/extensions/search/src/test/java/org/apache/cxf/jaxrs/ext/search/tika/TikaLuceneContentExtractorTest.java -- diff --git a/rt/rs/extensions/search/src/test/java/org/apache/cxf/jaxrs/ext/search/tika/TikaLuceneContentExtractorTest.java b/rt/rs/extensions/search/src/test/java/org/apache/cxf/jaxrs/ext/search/tika/TikaLuceneContentExtractorTest.java index 1012db6..cbdef04 100644 --- a/rt/rs/extensions/search/src/test/java/org/apache/cxf/jaxrs/ext/search/tika/TikaLuceneContentExtractorTest.java +++ b/rt/rs/extensions/search/src/test/java/org/apache/cxf/jaxrs/ext/search/tika/TikaLuceneContentExtractorTest.java @@ -198,6
git commit: Fixed checkstyle issues
Repository: cxf Updated Branches: refs/heads/master 2209258ce - 6ba3e0b61 Fixed checkstyle issues Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6ba3e0b6 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6ba3e0b6 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6ba3e0b6 Branch: refs/heads/master Commit: 6ba3e0b6107cacbefc029d71858377a9277afc07 Parents: 2209258 Author: reta drr...@gmail.com Authored: Thu Jul 10 22:22:02 2014 -0400 Committer: reta drr...@gmail.com Committed: Thu Jul 10 22:22:02 2014 -0400 -- .../java/org/apache/cxf/interceptor/Fault.java | 4 +-- .../staxutils/SysPropExpandingStreamReader.java | 33 +++- .../cxf/staxutils/XMLStreamReaderWrapper.java | 2 +- .../SysPropExpandingStreamReaderTest.java | 14 ++--- .../org/apache/cxf/wsdl11/WSDLManagerImpl.java | 3 +- 5 files changed, 31 insertions(+), 25 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/6ba3e0b6/core/src/main/java/org/apache/cxf/interceptor/Fault.java -- diff --git a/core/src/main/java/org/apache/cxf/interceptor/Fault.java b/core/src/main/java/org/apache/cxf/interceptor/Fault.java index b5bc123..3c40a48 100644 --- a/core/src/main/java/org/apache/cxf/interceptor/Fault.java +++ b/core/src/main/java/org/apache/cxf/interceptor/Fault.java @@ -25,12 +25,12 @@ import java.util.logging.Logger; import javax.xml.namespace.QName; +import org.w3c.dom.Element; + import org.apache.cxf.common.i18n.Message; import org.apache.cxf.common.i18n.UncheckedException; import org.apache.cxf.helpers.DOMUtils; -import org.w3c.dom.Element; - /** * A Fault that occurs during invocation processing. */ http://git-wip-us.apache.org/repos/asf/cxf/blob/6ba3e0b6/core/src/main/java/org/apache/cxf/staxutils/SysPropExpandingStreamReader.java -- diff --git a/core/src/main/java/org/apache/cxf/staxutils/SysPropExpandingStreamReader.java b/core/src/main/java/org/apache/cxf/staxutils/SysPropExpandingStreamReader.java index 4987338..04a2882 100644 --- a/core/src/main/java/org/apache/cxf/staxutils/SysPropExpandingStreamReader.java +++ b/core/src/main/java/org/apache/cxf/staxutils/SysPropExpandingStreamReader.java @@ -34,25 +34,28 @@ public class SysPropExpandingStreamReader extends DelegatingXMLStreamReader { } protected String expandSystemProperty(String value) { -if (!isEmpty(value)) { -final int startIndx = value.indexOf(DELIMITER); -if (startIndx -1) { -final int endIndx = value.lastIndexOf(DELIMITER); -if (endIndx -1 startIndx + 1 endIndx) { -final String propName = value.substring(startIndx + 1, endIndx); -if (!isEmpty(propName)) { -final String envValue = System.getProperty(propName); -if (!isEmpty(envValue)) { -StringBuilder sb = new StringBuilder(); -sb.append(value.substring(0, startIndx)); -sb.append(envValue); -sb.append(value.substring(endIndx + 1)); -value = sb.toString(); -} +if (isEmpty(value)) { +return value; +} + +final int startIndx = value.indexOf(DELIMITER); +if (startIndx -1) { +final int endIndx = value.lastIndexOf(DELIMITER); +if (endIndx -1 startIndx + 1 endIndx) { +final String propName = value.substring(startIndx + 1, endIndx); +if (!isEmpty(propName)) { +final String envValue = System.getProperty(propName); +if (!isEmpty(envValue)) { +StringBuilder sb = new StringBuilder(); +sb.append(value.substring(0, startIndx)); +sb.append(envValue); +sb.append(value.substring(endIndx + 1)); +value = sb.toString(); } } } } + return value; } http://git-wip-us.apache.org/repos/asf/cxf/blob/6ba3e0b6/core/src/main/java/org/apache/cxf/staxutils/XMLStreamReaderWrapper.java -- diff --git a/core/src/main/java/org/apache/cxf/staxutils/XMLStreamReaderWrapper.java b/core/src/main/java/org/apache/cxf/staxutils/XMLStreamReaderWrapper.java index 36c582f..ea0f307 100644 --- a/core/src/main/java/org/apache/cxf/staxutils/XMLStreamReaderWrapper.java +++