[CONF] Apache CXF Documentation Standardized Authentication / Authorization
Christian Schneider edited the page: Standardized Authentication / Authorization Info Ideas / Proposal CXF already supports a wide range of authentication and authorization approaches. Unfortunately they are all configured differently and do not integrate well with each other. ... An XACML policy enforcement point can retrieve the JAAS login data and do authorization against an XACML Policy Decision Point (PDP). Separating Authorization from CXF As authorization is not only relevant for webservices it makes sense to keep the authorization code separate from cxf too. So one way to implement authorization would be to put it into a blueprint extension. Of course this would cover only OSGi and blueprint but it would be a start. It could work similar to the XA transaction support. Unlike in tx support we could scan all beans for security annotations like @RolesAllowed. Then for each bean that has this annotation we could proxy it with a class that does the security check. This would allow to have minimal xml configuration. Another approach is to mark beans for security checks using xml like in tx support. This variant then would also work nicely for XACML authorization as in that case there would be no annotation to scan for. Karaf role based OSGi service Authorization Karaf 3 already supports authorization on the OSGi service level and uses JAAS for authentication. So if we do a JAAS login in CXF and the service impl code calls an OSGi service then the Karaf role based securtiy should already work out of the box.We could add annotation based Authorization to karaf code to make it even better and require less config. Exception handling and answer generation ... Failure at Authentication: javax.security.auth.login.LoginException could also be more specific like AccountLockedException Failure at Authorization: org.apache.cxf.interceptor.security.AccessDeniedException or java.security.AccessControlException. The later one is better for code separate from cxf as it does not depend on CXF. Then in the transport like the http transport we map the exception to the defined status code and http response:
svn commit: r915661 - in /websites/production/cxf/content: cache/docs.pageCache docs/standardized-authentication-authorization.html
Author: buildbot Date: Thu Jul 10 08:47:01 2014 New Revision: 915661 Log: Production update by buildbot for cxf Modified: websites/production/cxf/content/cache/docs.pageCache websites/production/cxf/content/docs/standardized-authentication-authorization.html Modified: websites/production/cxf/content/cache/docs.pageCache == Binary files - no diff available. Modified: websites/production/cxf/content/docs/standardized-authentication-authorization.html == --- websites/production/cxf/content/docs/standardized-authentication-authorization.html (original) +++ websites/production/cxf/content/docs/standardized-authentication-authorization.html Thu Jul 10 08:47:01 2014 @@ -116,7 +116,7 @@ Apache CXF -- Standardized Authenticatio td height=100% !-- Content -- div class=wiki-content -div id=ConfluenceContentdiv class=aui-message hint shadowed information-macro +div id=ConfluenceContentp#160;/pp#160;/pp#160;/pdiv class=aui-message hint shadowed information-macro span class=aui-icon icon-hintIcon/span div class=message-content Ideas / Proposal @@ -125,7 +125,7 @@ Apache CXF -- Standardized Authenticatio p#160;/ppCXF already supports a wide range of authentication and authorization approaches. Unfortunately they are all configured differently and do not integrate well with each other./ppSo the idea is to create one standardized authentication / authorization flow in CXF where the modules can then fit in. There are a lot of security frameworks out there that could be used as a basis for this. The problem is though that each framework#160; (like Shiro or Spring Security) uses its own mechanisms which are not standardized. So by choosing one framework we would force our users to depend on this./ppThe best standardized security framework in java is JAAS. It is already included in Java and most security frameworks can be hooked into it. So let#180;s investigate what we could do with JAAS./ph2 id=StandardizedAuthentication/Authorization-AuthenticationusingJAASAuthentication using JAAS/h2pJAAS authentication is done by creating a LoginContext and doing a login on it. Things to configure is the name of the login config and the Callback Handlers. So CXF needs mechanisms for the user to set the config name and needs to provide CallBackHandlers to supply credentials./ph2 id=StandardizedAuthentication/Authorization-CallbackHandlersCallbackHandlers/h2pCXF needs to supply different data to identify the users depending on the chosen authentication variant./ppBasic Auth: username and password from HTTP header/ppWS-Security UserNameToken: Username and password from SOAP header/ppSpnego: Kerberos token from HTTP header/ppHTTPS client cert: Certificate information/ppWe could simply detect what information is provided and configure the Callbackhandlers for each information we can supply. Depending on when the login should happen we could collect CallbackHandlers in the Message using Interceptors./ph2 id=StandardizedAuthentication/Authorization-JAASconfigurationJAAS configuration/h2pThe JAAS configuration is suppli ed differently depending on the runtime CXF runs in./ppStandalone: For standalone usage the JAAS config can simply come from a file./ppServlet Container: Not sure. Is there a standard approach for this?/ppApache Karaf: Karaf already provides a JAAS integration so we just have to configure the JAAS config name and supply a suitable config in karaf/ph2 id=StandardizedAuthentication/Authorization-SupplyingRoleandUserinformationSupplying Role and User information/h2pJAAS stores identity information in the JAAS subject. The method getPrincipals returns Principal objects which can be users, roles or even other identity information. To differentiate between roles and users there are two common approaches./pollidifferent Classes like a UserPrincipal or RolePrincipal. There seems to be a Group interface which allows to differentiate between Users and Groups and also allows to see group members./liliprefixes. So for example roles start with role- . There is no standard for this approach/li/olh2 id=StandardizedAuthentication/Authorization-AuthorizationAuthorization/h2pAuthorization has very diverse requirements. So we need to make sure we integrate well with different approaches./ppGenerally the idea is to base the Authorization on the JAAS login data. After a JAAS login the JAAS subject can be retrieved in a standard way:/pdiv class=code panel pdl style=border-width: 1px;div class=codeContent panelContent pdl script class=theme: Default; brush: java; gutter: false type=syntaxhighlighter![CDATA[AccessControlContext acc = AccesController.getContext(); Subject subject = Subject.getSubject(acc);]]/script
git commit: making sure search parsers actually see a decode property
Repository: cxf
Updated Branches:
refs/heads/master e0b7f3556 - 7683d0551
making sure search parsers actually see a decode property
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7683d055
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7683d055
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7683d055
Branch: refs/heads/master
Commit: 7683d055150e7e58f0f16fc93ba252d62edad7c8
Parents: e0b7f35
Author: Sergey Beryozkin sberyoz...@talend.com
Authored: Thu Jul 10 11:09:24 2014 +0100
Committer: Sergey Beryozkin sberyoz...@talend.com
Committed: Thu Jul 10 11:09:24 2014 +0100
--
.../java/org/apache/cxf/jaxrs/ext/search/SearchContextImpl.java| 2 ++
1 file changed, 2 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/7683d055/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/SearchContextImpl.java
--
diff --git
a/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/SearchContextImpl.java
b/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/SearchContextImpl.java
index be1e4d9..0aaed79 100644
---
a/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/SearchContextImpl.java
+++
b/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/SearchContextImpl.java
@@ -193,6 +193,8 @@ public class SearchContextImpl implements SearchContext {
(String)message.getContextualProperty(SearchUtils.TIMEZONE_SUPPORT_PROPERTY));
props.put(SearchUtils.LAX_PROPERTY_MATCH,
(String)message.getContextualProperty(SearchUtils.LAX_PROPERTY_MATCH));
+props.put(SearchUtils.DECODE_QUERY_VALUES,
+
(String)message.getContextualProperty(SearchUtils.DECODE_QUERY_VALUES));
// FIQL specific
props.put(FiqlParser.SUPPORT_SINGLE_EQUALS,
(String)message.getContextualProperty(FiqlParser.SUPPORT_SINGLE_EQUALS));
git commit: making sure search parsers actually see a decode property
Repository: cxf
Updated Branches:
refs/heads/2.7.x-fixes c61bff324 - d5621a999
making sure search parsers actually see a decode property
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d5621a99
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d5621a99
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d5621a99
Branch: refs/heads/2.7.x-fixes
Commit: d5621a999d519226b04616b0459703426515d6c5
Parents: c61bff3
Author: Sergey Beryozkin sberyoz...@talend.com
Authored: Thu Jul 10 11:09:24 2014 +0100
Committer: Sergey Beryozkin sberyoz...@talend.com
Committed: Thu Jul 10 11:12:19 2014 +0100
--
.../java/org/apache/cxf/jaxrs/ext/search/SearchContextImpl.java| 2 ++
1 file changed, 2 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/d5621a99/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/SearchContextImpl.java
--
diff --git
a/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/SearchContextImpl.java
b/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/SearchContextImpl.java
index 9130577..5ab92bd 100644
---
a/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/SearchContextImpl.java
+++
b/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/SearchContextImpl.java
@@ -190,6 +190,8 @@ public class SearchContextImpl implements SearchContext {
(String)message.getContextualProperty(SearchUtils.TIMEZONE_SUPPORT_PROPERTY));
props.put(SearchUtils.LAX_PROPERTY_MATCH,
(String)message.getContextualProperty(SearchUtils.LAX_PROPERTY_MATCH));
+props.put(SearchUtils.DECODE_QUERY_VALUES,
+
(String)message.getContextualProperty(SearchUtils.DECODE_QUERY_VALUES));
// FIQL specific
props.put(FiqlParser.SUPPORT_SINGLE_EQUALS,
(String)message.getContextualProperty(FiqlParser.SUPPORT_SINGLE_EQUALS));
git commit: [CXF-5311] Quick prototyping of JwsOutputStream, refactorings will follow
Repository: cxf
Updated Branches:
refs/heads/master 7683d0551 - 22dbf10ed
[CXF-5311] Quick prototyping of JwsOutputStream, refactorings will follow
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/22dbf10e
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/22dbf10e
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/22dbf10e
Branch: refs/heads/master
Commit: 22dbf10ed281f3ec94b159829e21333f4afc0bf9
Parents: 7683d05
Author: Sergey Beryozkin sberyoz...@talend.com
Authored: Thu Jul 10 13:41:56 2014 +0100
Committer: Sergey Beryozkin sberyoz...@talend.com
Committed: Thu Jul 10 13:41:56 2014 +0100
--
.../security/oauth2/jwe/JweCompactProducer.java | 7 +-
.../rs/security/oauth2/jwe/JweOutputStream.java | 2 +-
.../jws/AbstractJwsSignatureProvider.java | 33 ++-
.../oauth2/jws/HmacJwsSignatureProvider.java| 21 -
.../rs/security/oauth2/jws/JwsOutputStream.java | 98
.../oauth2/jws/JwsSignatureProvider.java| 5 +-
.../oauth2/jws/JwsSignatureProviderWorker.java | 25 +
.../jws/PrivateKeyJwsSignatureProvider.java | 33 ++-
.../oauth2/jwt/jaxrs/JwsWriterInterceptor.java | 33 +--
.../oauth2/utils/crypto/CryptoUtils.java| 14 ++-
10 files changed, 250 insertions(+), 21 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/22dbf10e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactProducer.java
--
diff --git
a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactProducer.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactProducer.java
index 72d3d84..365a986 100644
---
a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactProducer.java
+++
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactProducer.java
@@ -112,12 +112,13 @@ public class JweCompactProducer {
writer = writer == null ? new JwtTokenReaderWriter() : writer;
byte[] jsonBytes = writer.headersToJson(headers).getBytes(UTF-8);
Base64UrlUtility.encodeAndStream(jsonBytes, 0, jsonBytes.length, os);
-os.write('.');
+byte[] dotBytes = new byte[]{'.'};
+os.write(dotBytes);
Base64UrlUtility.encodeAndStream(encryptedContentEncryptionKey, 0,
encryptedContentEncryptionKey.length,
os);
-os.write('.');
+os.write(dotBytes);
Base64UrlUtility.encodeAndStream(cipherInitVector, 0,
cipherInitVector.length, os);
-os.write('.');
+os.write(dotBytes);
}
public String getJweContent() {
http://git-wip-us.apache.org/repos/asf/cxf/blob/22dbf10e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweOutputStream.java
--
diff --git
a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweOutputStream.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweOutputStream.java
index ebf80df..91b68b0 100644
---
a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweOutputStream.java
+++
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweOutputStream.java
@@ -106,7 +106,7 @@ public class JweOutputStream extends FilterOutputStream {
? encryptingCipher.doFinal()
: encryptingCipher.doFinal(lastRawDataChunk, 0,
lastRawDataChunk.length);
encodeAndWrite(finalBytes, 0, finalBytes.length -
authTagLengthBits / 8, true);
-out.write('.');
+out.write(new byte[]{'.'});
encodeAndWrite(finalBytes, finalBytes.length - authTagLengthBits /
8, authTagLengthBits / 8, true);
} catch (Exception ex) {
throw new SecurityException();
http://git-wip-us.apache.org/repos/asf/cxf/blob/22dbf10e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/AbstractJwsSignatureProvider.java
--
diff --git
a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/AbstractJwsSignatureProvider.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/AbstractJwsSignatureProvider.java
index 83563be..dc63a1e 100644
---
git commit: CXF-5868 Add subject.doAs and HTTP status mapping
Repository: cxf
Updated Branches:
refs/heads/master 22dbf10ed - 5182ed51f
CXF-5868 Add subject.doAs and HTTP status mapping
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5182ed51
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5182ed51
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5182ed51
Branch: refs/heads/master
Commit: 5182ed51fcc455b52707e3179049fd724418abaf
Parents: 22dbf10
Author: Christian Schneider ch...@die-schneider.net
Authored: Thu Jul 10 15:10:05 2014 +0200
Committer: Christian Schneider ch...@die-schneider.net
Committed: Thu Jul 10 15:10:05 2014 +0200
--
.../java/org/apache/cxf/interceptor/Fault.java | 23 +++-
.../security/JAASAuthenticationFeature.java | 58
.../security/JAASLoginInterceptor.java | 40 +++---
3 files changed, 98 insertions(+), 23 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/5182ed51/core/src/main/java/org/apache/cxf/interceptor/Fault.java
--
diff --git a/core/src/main/java/org/apache/cxf/interceptor/Fault.java
b/core/src/main/java/org/apache/cxf/interceptor/Fault.java
index 55c7fb9..3e44adf 100644
--- a/core/src/main/java/org/apache/cxf/interceptor/Fault.java
+++ b/core/src/main/java/org/apache/cxf/interceptor/Fault.java
@@ -19,9 +19,11 @@
package org.apache.cxf.interceptor;
+import java.net.HttpURLConnection;
import java.util.ResourceBundle;
import java.util.logging.Logger;
+import javax.security.auth.login.LoginException;
import javax.xml.namespace.QName;
import org.w3c.dom.Element;
@@ -29,6 +31,8 @@ import org.w3c.dom.Element;
import org.apache.cxf.common.i18n.Message;
import org.apache.cxf.common.i18n.UncheckedException;
import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.interceptor.security.AccessDeniedException;
+import org.apache.cxf.interceptor.security.AuthenticationException;
/**
* A Fault that occurs during invocation processing.
@@ -38,9 +42,9 @@ public class Fault extends UncheckedException {
public static final QName FAULT_CODE_SERVER = new
QName(http://cxf.apache.org/faultcode;, server);
public static final String STACKTRACE_NAMESPACE =
http://cxf.apache.org/fault;;
public static final String STACKTRACE = stackTrace;
-private static final int DEFAULT_HTTP_RESPONSE_CODE = 500;
+private static final int DEFAULT_HTTP_RESPONSE_CODE =
HttpURLConnection.HTTP_INTERNAL_ERROR;
private static final long serialVersionUID = -1583932965031558864L;
-
+
private Element detail;
private String messageString;
private QName code;
@@ -54,6 +58,7 @@ public class Fault extends UncheckedException {
super(message, throwable);
this.messageString = message.toString();
code = FAULT_CODE_SERVER;
+determineStatusCode(throwable);
}
public Fault(Message message) {
@@ -89,12 +94,14 @@ public class Fault extends UncheckedException {
messageString = t == null ? null : t.getMessage();
}
code = FAULT_CODE_SERVER;
+determineStatusCode(t);
}
public Fault(Message message, Throwable throwable, QName fc) {
super(message, throwable);
this.messageString = message.toString();
code = fc;
+determineStatusCode(throwable);
}
public Fault(Message message, QName fc) {
@@ -111,7 +118,17 @@ public class Fault extends UncheckedException {
messageString = t == null ? null : t.getMessage();
}
code = fc;
-}
+determineStatusCode(t);
+}
+
+private void determineStatusCode(Throwable throwable) {
+if (throwable instanceof AuthenticationException || throwable
instanceof LoginException) {
+statusCode = HttpURLConnection.HTTP_UNAUTHORIZED;
+}
+if (throwable instanceof AccessDeniedException) {
+statusCode = HttpURLConnection.HTTP_FORBIDDEN;
+}
+}
public String getMessage() {
return messageString;
http://git-wip-us.apache.org/repos/asf/cxf/blob/5182ed51/core/src/main/java/org/apache/cxf/interceptor/security/JAASAuthenticationFeature.java
--
diff --git
a/core/src/main/java/org/apache/cxf/interceptor/security/JAASAuthenticationFeature.java
b/core/src/main/java/org/apache/cxf/interceptor/security/JAASAuthenticationFeature.java
new file mode 100644
index 000..2a2d985
--- /dev/null
+++
b/core/src/main/java/org/apache/cxf/interceptor/security/JAASAuthenticationFeature.java
@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ *
git commit: More work on SAML SSO
Repository: cxf-fediz
Updated Branches:
refs/heads/master e344688ff - e24966d39
More work on SAML SSO
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/e24966d3
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/e24966d3
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/e24966d3
Branch: refs/heads/master
Commit: e24966d395349c99044a3bd2fa3c878416eae8cf
Parents: e344688
Author: Colm O hEigeartaigh cohei...@apache.org
Authored: Thu Jul 10 14:28:14 2014 +0100
Committer: Colm O hEigeartaigh cohei...@apache.org
Committed: Thu Jul 10 14:28:14 2014 +0100
--
.../cxf/fediz/core/config/SAMLProtocol.java | 37 ++
.../core/processor/FederationProcessorImpl.java | 16 --
.../fediz/core/processor/FedizProcessor.java| 8 ++-
.../core/processor/RedirectionResponse.java | 51
.../src/main/resources/schemas/FedizConfig.xsd | 9 +++-
.../fediz/jetty/FederationAuthenticator.java| 24 +++--
.../web/FederationAuthenticationEntryPoint.java | 15 +-
.../web/FederationLogoutSuccessHandler.java | 14 +-
.../web/FederationAuthenticationEntryPoint.java | 29 ++-
.../fediz/tomcat/FederationAuthenticator.java | 24 +++--
10 files changed, 205 insertions(+), 22 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e24966d3/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/SAMLProtocol.java
--
diff --git
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/SAMLProtocol.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/SAMLProtocol.java
index b334537..adf6862 100644
---
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/SAMLProtocol.java
+++
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/SAMLProtocol.java
@@ -20,6 +20,7 @@
package org.apache.cxf.fediz.core.config;
import org.apache.cxf.fediz.core.config.jaxb.ProtocolType;
+import org.apache.cxf.fediz.core.config.jaxb.SamlProtocolType;
public class SAMLProtocol extends Protocol {
@@ -56,6 +57,42 @@ public class SAMLProtocol extends Protocol {
//SAMLTokenValidator validator = new SAMLTokenValidator();
//validators.add(validators.size(), validator);
}
+
+protected SamlProtocolType getSAMLProtocol() {
+return (SamlProtocolType)super.getProtocolType();
+}
+
+protected void setSAMLProtocol(SamlProtocolType samlProtocol) {
+super.setProtocolType(samlProtocol);
+}
+
+public boolean isSignRequest() {
+return getSAMLProtocol().isSignRequest();
+}
+
+public void setSignRequest(boolean signRequest) {
+getSAMLProtocol().setSignRequest(signRequest);
+}
+
+public String getWebAppDomain() {
+return getSAMLProtocol().getWebAppDomain();
+}
+
+public void setWebAppDomain(String webAppDomain) {
+getSAMLProtocol().setWebAppDomain(webAppDomain);
+}
+
+public long getStateTimeToLive() {
+long ttl = getSAMLProtocol().getStateTimeToLive();
+if (ttl 0) {
+return ttl;
+}
+return 2L * 60L * 1000L;
+}
+
+public void setStateTimeToLive(long stateTimeToLive) {
+getSAMLProtocol().setStateTimeToLive(stateTimeToLive);
+}
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e24966d3/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
--
diff --git
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
index 12f4669..58a186a 100644
---
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
+++
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
@@ -347,7 +347,7 @@ public class FederationProcessorImpl implements
FedizProcessor {
}
@Override
-public String createSignInRequest(HttpServletRequest request, FedizContext
config)
+public RedirectionResponse createSignInRequest(HttpServletRequest request,
FedizContext config)
throws ProcessingException {
String redirectURL = null;
@@ -448,12 +448,15 @@ public class FederationProcessorImpl implements
FedizProcessor {
} catch (Exception ex) {
LOG.error(Failed to create SignInRequest, ex);
throw new ProcessingException(Failed to create SignInRequest);
-}
-return redirectURL;
+}
+
+RedirectionResponse response = new RedirectionResponse();
+
git commit: CXF-5868 Revering status code mapping as a fault always must have status code 500
Repository: cxf
Updated Branches:
refs/heads/master 5182ed51f - c36a2388f
CXF-5868 Revering status code mapping as a fault always must have status code
500
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c36a2388
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c36a2388
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c36a2388
Branch: refs/heads/master
Commit: c36a2388f6d170e66f0dc98b21d184b2151f4b75
Parents: 5182ed5
Author: Christian Schneider ch...@die-schneider.net
Authored: Thu Jul 10 15:36:36 2014 +0200
Committer: Christian Schneider ch...@die-schneider.net
Committed: Thu Jul 10 15:36:36 2014 +0200
--
.../java/org/apache/cxf/interceptor/Fault.java | 20 ++--
1 file changed, 2 insertions(+), 18 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/c36a2388/core/src/main/java/org/apache/cxf/interceptor/Fault.java
--
diff --git a/core/src/main/java/org/apache/cxf/interceptor/Fault.java
b/core/src/main/java/org/apache/cxf/interceptor/Fault.java
index 3e44adf..b5bc123 100644
--- a/core/src/main/java/org/apache/cxf/interceptor/Fault.java
+++ b/core/src/main/java/org/apache/cxf/interceptor/Fault.java
@@ -23,16 +23,13 @@ import java.net.HttpURLConnection;
import java.util.ResourceBundle;
import java.util.logging.Logger;
-import javax.security.auth.login.LoginException;
import javax.xml.namespace.QName;
-import org.w3c.dom.Element;
-
import org.apache.cxf.common.i18n.Message;
import org.apache.cxf.common.i18n.UncheckedException;
import org.apache.cxf.helpers.DOMUtils;
-import org.apache.cxf.interceptor.security.AccessDeniedException;
-import org.apache.cxf.interceptor.security.AuthenticationException;
+
+import org.w3c.dom.Element;
/**
* A Fault that occurs during invocation processing.
@@ -58,7 +55,6 @@ public class Fault extends UncheckedException {
super(message, throwable);
this.messageString = message.toString();
code = FAULT_CODE_SERVER;
-determineStatusCode(throwable);
}
public Fault(Message message) {
@@ -94,14 +90,12 @@ public class Fault extends UncheckedException {
messageString = t == null ? null : t.getMessage();
}
code = FAULT_CODE_SERVER;
-determineStatusCode(t);
}
public Fault(Message message, Throwable throwable, QName fc) {
super(message, throwable);
this.messageString = message.toString();
code = fc;
-determineStatusCode(throwable);
}
public Fault(Message message, QName fc) {
@@ -118,16 +112,6 @@ public class Fault extends UncheckedException {
messageString = t == null ? null : t.getMessage();
}
code = fc;
-determineStatusCode(t);
-}
-
-private void determineStatusCode(Throwable throwable) {
-if (throwable instanceof AuthenticationException || throwable
instanceof LoginException) {
-statusCode = HttpURLConnection.HTTP_UNAUTHORIZED;
-}
-if (throwable instanceof AccessDeniedException) {
-statusCode = HttpURLConnection.HTTP_FORBIDDEN;
-}
}
public String getMessage() {
git commit: Updating non-Tomcat plugins to remove hard-coded references to the FederationProcessorImpl
Repository: cxf-fediz
Updated Branches:
refs/heads/master e24966d39 - 940c54a65
Updating non-Tomcat plugins to remove hard-coded references to the
FederationProcessorImpl
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/940c54a6
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/940c54a6
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/940c54a6
Branch: refs/heads/master
Commit: 940c54a65b7ca87ce9b6d5f6dec6de755fca40f9
Parents: e24966d
Author: Colm O hEigeartaigh cohei...@apache.org
Authored: Thu Jul 10 15:26:14 2014 +0100
Committer: Colm O hEigeartaigh cohei...@apache.org
Committed: Thu Jul 10 15:26:14 2014 +0100
--
.../cxf/fediz/jetty/FederationAuthenticator.java | 17 -
.../cxf/fediz/jetty/FederationLoginService.java| 5 +++--
.../FederationAuthenticationProvider.java | 10 +++---
.../web/FederationAuthenticationEntryPoint.java| 5 +++--
.../spring/web/FederationLogoutSuccessHandler.java | 7 ---
.../FederationAuthenticationProvider.java | 9 ++---
.../web/FederationAuthenticationEntryPoint.java| 8 +---
7 files changed, 40 insertions(+), 21 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/940c54a6/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
--
diff --git
a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
b/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
index 8cb9923..223c954 100644
---
a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
+++
b/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
@@ -38,8 +38,8 @@ import org.apache.cxf.fediz.core.FederationConstants;
import org.apache.cxf.fediz.core.config.FedizConfigurator;
import org.apache.cxf.fediz.core.config.FedizContext;
import org.apache.cxf.fediz.core.exception.ProcessingException;
-import org.apache.cxf.fediz.core.processor.FederationProcessorImpl;
import org.apache.cxf.fediz.core.processor.FedizProcessor;
+import org.apache.cxf.fediz.core.processor.FedizProcessorFactory;
import org.apache.cxf.fediz.core.processor.FedizRequest;
import org.apache.cxf.fediz.core.processor.FedizResponse;
import org.apache.cxf.fediz.core.processor.RedirectionResponse;
@@ -56,7 +56,6 @@ import org.eclipse.jetty.server.Authentication.User;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.util.MultiMap;
-import org.eclipse.jetty.util.StringUtil;
import org.eclipse.jetty.util.URIUtil;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
@@ -235,7 +234,7 @@ public class FederationAuthenticator extends
LoginAuthenticator {
// not authenticated
if (LOG.isDebugEnabled()) {
-LOG.debug(WSFED authentication FAILED for +
StringUtil.printable(user.getUserPrincipal().getName()));
+LOG.debug(WSFED authentication FAILED);
}
if (response != null) {
response.sendError(HttpServletResponse.SC_FORBIDDEN);
@@ -295,7 +294,8 @@ public class FederationAuthenticator extends
LoginAuthenticator {
if (logoutUrl != null !logoutUrl.isEmpty()
uri.equals(contextName + logoutUrl)) {
session.invalidate();
-FedizProcessor wfProc = new FederationProcessorImpl();
+FedizProcessor wfProc =
+
FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
signOutRedirectToIssuer(request, response, wfProc);
return Authentication.SEND_CONTINUE;
@@ -361,7 +361,14 @@ public class FederationAuthenticator extends
LoginAuthenticator {
}
}
-FedizProcessor wfProc = new FederationProcessorImpl();
+String contextName =
request.getSession().getServletContext().getContextPath();
+if (contextName == null || contextName.isEmpty()) {
+contextName = /;
+}
+FedizContext fedConfig = getContextConfiguration(contextName);
+
+FedizProcessor wfProc =
+
FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
signInRedirectToIssuer(request, response, wfProc);
return Authentication.SEND_CONTINUE;
[2/2] git commit: Merge branch 'master' of https://git-wip-us.apache.org/repos/asf/cxf
Merge branch 'master' of https://git-wip-us.apache.org/repos/asf/cxf Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/82d49c14 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/82d49c14 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/82d49c14 Branch: refs/heads/master Commit: 82d49c140a06d2ba4f0872358b1e64f2d6d53d71 Parents: 5934b2e c36a238 Author: Sergey Beryozkin sberyoz...@talend.com Authored: Thu Jul 10 16:13:17 2014 +0100 Committer: Sergey Beryozkin sberyoz...@talend.com Committed: Thu Jul 10 16:13:17 2014 +0100 -- .../java/org/apache/cxf/interceptor/Fault.java | 11 ++-- .../security/JAASAuthenticationFeature.java | 58 .../security/JAASLoginInterceptor.java | 40 +++--- 3 files changed, 84 insertions(+), 25 deletions(-) --
[1/2] git commit: Trying to prototype some BP code for mapping between jaxrs and jaxrs-client
Repository: cxf
Updated Branches:
refs/heads/master c36a2388f - 82d49c140
Trying to prototype some BP code for mapping between jaxrs and jaxrs-client
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5934b2e8
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5934b2e8
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5934b2e8
Branch: refs/heads/master
Commit: 5934b2e83315c1ccfe1f26d21e3f62d190bab380
Parents: 22dbf10
Author: Sergey Beryozkin sberyoz...@talend.com
Authored: Thu Jul 10 16:13:08 2014 +0100
Committer: Sergey Beryozkin sberyoz...@talend.com
Committed: Thu Jul 10 16:13:08 2014 +0100
--
.../blueprint/JAXRSBPNamespaceHandler.java | 30 ++--
1 file changed, 27 insertions(+), 3 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/5934b2e8/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/blueprint/JAXRSBPNamespaceHandler.java
--
diff --git
a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/blueprint/JAXRSBPNamespaceHandler.java
b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/blueprint/JAXRSBPNamespaceHandler.java
index d42a415..7834228 100644
---
a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/blueprint/JAXRSBPNamespaceHandler.java
+++
b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/blueprint/JAXRSBPNamespaceHandler.java
@@ -20,13 +20,20 @@
package org.apache.cxf.jaxrs.blueprint;
import java.net.URL;
+import java.util.Collections;
+import java.util.Map;
import java.util.Set;
+import javax.xml.stream.XMLStreamException;
+
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.apache.aries.blueprint.NamespaceHandler;
import org.apache.aries.blueprint.ParserContext;
+import org.apache.cxf.staxutils.StaxUtils;
+import org.apache.cxf.staxutils.W3CDOMStreamWriter;
+import org.apache.cxf.staxutils.transform.OutTransformWriter;
import org.osgi.service.blueprint.container.BlueprintContainer;
import org.osgi.service.blueprint.reflect.ComponentMetadata;
import org.osgi.service.blueprint.reflect.Metadata;
@@ -49,8 +56,11 @@ public class JAXRSBPNamespaceHandler implements
NamespaceHandler {
String s = element.getLocalName();
if (server.equals(s)) {
return new JAXRSServerFactoryBeanDefinitionParser().parse(element,
context);
-}
-return null;
+} else if (client.equals(s)) {
+return context.parseElement(Metadata.class, null,
transformElement(element));
+} else {
+return null;
+}
}
@SuppressWarnings(rawtypes)
@@ -61,7 +71,21 @@ public class JAXRSBPNamespaceHandler implements
NamespaceHandler {
return null;
}
-
+private Element transformElement(Element element) {
+final MapString, String transformMap =
+Collections.singletonMap({ + element.getNamespaceURI() + }*,
+
{http://cxf.apache.org/blueprint/jaxrs-client}*;);
+
+
+W3CDOMStreamWriter domWriter = new W3CDOMStreamWriter();
+OutTransformWriter transformWriter = new OutTransformWriter(domWriter,
transformMap);
+try {
+StaxUtils.copy(element, transformWriter);
+} catch (XMLStreamException e) {
+throw new RuntimeException(e);
+}
+return domWriter.getDocument().getDocumentElement();
+}
public BlueprintContainer getBlueprintContainer() {
return blueprintContainer;
}
git commit: [CXF-5869] Temporary file caching using encryption may get corrupted data
Repository: cxf
Updated Branches:
refs/heads/master 82d49c140 - f584187d0
[CXF-5869] Temporary file caching using encryption may get corrupted data
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f584187d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f584187d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f584187d
Branch: refs/heads/master
Commit: f584187d09471f28578854e288a7c7d612ea82bc
Parents: 82d49c1
Author: Akitoshi Yoshida a...@apache.org
Authored: Thu Jul 10 17:45:43 2014 +0200
Committer: Akitoshi Yoshida a...@apache.org
Committed: Thu Jul 10 17:45:57 2014 +0200
--
core/src/main/java/org/apache/cxf/io/CipherPair.java | 9 +
1 file changed, 1 insertion(+), 8 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/f584187d/core/src/main/java/org/apache/cxf/io/CipherPair.java
--
diff --git a/core/src/main/java/org/apache/cxf/io/CipherPair.java
b/core/src/main/java/org/apache/cxf/io/CipherPair.java
index 0a4b856..8237221 100644
--- a/core/src/main/java/org/apache/cxf/io/CipherPair.java
+++ b/core/src/main/java/org/apache/cxf/io/CipherPair.java
@@ -32,6 +32,7 @@ import javax.crypto.spec.IvParameterSpec;
*/
public class CipherPair {
private String transformation;
+private Cipher enccipher;
private Key key;
private byte[] ivp;
@@ -45,7 +46,6 @@ public class CipherPair {
} else {
a = transformation;
}
-Cipher enccipher = null;
try {
KeyGenerator keygen = KeyGenerator.getInstance(a);
keygen.init(new SecureRandom());
@@ -64,13 +64,6 @@ public class CipherPair {
}
public Cipher getEncryptor() {
-Cipher enccipher = null;
-try {
-enccipher = Cipher.getInstance(transformation);
-enccipher.init(Cipher.ENCRYPT_MODE, key);
-} catch (GeneralSecurityException e) {
-// ignore
-}
return enccipher;
}
git commit: [CXF-5869] test using AES/CTR
Repository: cxf
Updated Branches:
refs/heads/master f584187d0 - e8a038340
[CXF-5869] test using AES/CTR
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e8a03834
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e8a03834
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e8a03834
Branch: refs/heads/master
Commit: e8a038340ec349de5c6c8732e1bf82dcdab05f27
Parents: f584187
Author: Akitoshi Yoshida a...@apache.org
Authored: Thu Jul 10 18:04:20 2014 +0200
Committer: Akitoshi Yoshida a...@apache.org
Committed: Thu Jul 10 18:04:20 2014 +0200
--
.../org/apache/cxf/io/CachedStreamTestBase.java | 27 +---
1 file changed, 24 insertions(+), 3 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/e8a03834/core/src/test/java/org/apache/cxf/io/CachedStreamTestBase.java
--
diff --git a/core/src/test/java/org/apache/cxf/io/CachedStreamTestBase.java
b/core/src/test/java/org/apache/cxf/io/CachedStreamTestBase.java
index 47e837f..56e35c1 100755
--- a/core/src/test/java/org/apache/cxf/io/CachedStreamTestBase.java
+++ b/core/src/test/java/org/apache/cxf/io/CachedStreamTestBase.java
@@ -34,6 +34,9 @@ import org.junit.Assert;
import org.junit.Test;
public abstract class CachedStreamTestBase extends Assert {
+// use two typical ciphers for testing
+private static final String[] CIPHER_LIST = {RC4, AES/CTR/NoPadding};
+
protected abstract void reloadDefaultProperties();
protected abstract Object createCache();
protected abstract Object createCache(long threshold);
@@ -88,7 +91,13 @@ public abstract class CachedStreamTestBase extends Assert {
@Test
public void testEncryptAndDecryptWithDeleteOnClose() throws IOException {
// need a 8-bit cipher so that all bytes are flushed when the stream
is flushed.
-Object cache = createCache(4, RC4);
+for (String cipher: CIPHER_LIST) {
+verifyEncryptAndDecryptWithDeleteOnClose(cipher);
+}
+}
+
+private void verifyEncryptAndDecryptWithDeleteOnClose(String cipher)
throws IOException {
+Object cache = createCache(4, cipher);
final String text = Hello Secret World!;
File tmpfile = getTmpFile(text, cache);
assertNotNull(tmpfile);
@@ -111,8 +120,14 @@ public abstract class CachedStreamTestBase extends Assert {
@Test
public void testEncryptAndDecryptWithDeleteOnInClose() throws IOException {
+for (String cipher: CIPHER_LIST) {
+verifyEncryptAndDecryptWithDeleteOnInClose(cipher);
+}
+}
+
+private void verifyEncryptAndDecryptWithDeleteOnInClose(String cipher)
throws IOException {
// need a 8-bit cipher so that all bytes are flushed when the stream
is flushed.
-Object cache = createCache(4, RC4);
+Object cache = createCache(4, cipher);
final String text = Hello Secret World!;
File tmpfile = getTmpFile(text, cache);
assertNotNull(tmpfile);
@@ -133,8 +148,14 @@ public abstract class CachedStreamTestBase extends Assert {
@Test
public void testEncryptAndDecryptPartially() throws IOException {
+for (String cipher: CIPHER_LIST) {
+verifyEncryptAndDecryptPartially(cipher);
+}
+}
+
+private void verifyEncryptAndDecryptPartially(String cipher) throws
IOException {
// need a 8-bit cipher so that all bytes are flushed when the stream
is flushed.
-Object cache = createCache(4, RC4);
+Object cache = createCache(4, cipher);
final String text = Hello Secret World!;
File tmpfile = getTmpFile(text, cache);
assertNotNull(tmpfile);
git commit: Upgrading system tests to use newer HttpClient API
Repository: cxf-fediz
Updated Branches:
refs/heads/master 940c54a65 - 79c744df1
Upgrading system tests to use newer HttpClient API
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/79c744df
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/79c744df
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/79c744df
Branch: refs/heads/master
Commit: 79c744df1824893331f73f03358c047d7f4f0433
Parents: 940c54a
Author: Colm O hEigeartaigh cohei...@apache.org
Authored: Thu Jul 10 17:44:35 2014 +0100
Committer: Colm O hEigeartaigh cohei...@apache.org
Committed: Thu Jul 10 17:44:35 2014 +0100
--
.../fediz/integrationtests/AbstractTests.java | 141 ++-
.../fediz/integrationtests/HTTPTestUtils.java | 176 +++
.../cxf/fediz/integrationtests/BadWReqTest.java | 125 +
.../cxf/fediz/integrationtests/TomcatTest.java | 121 +
.../cxf/fediz/integrationtests/WReqTest.java| 125 +
5 files changed, 190 insertions(+), 498 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/79c744df/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
--
diff --git
a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
index b2e80f3..f2b715a 100644
---
a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
+++
b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
@@ -19,33 +19,7 @@
package org.apache.cxf.fediz.integrationtests;
-import java.io.File;
-import java.io.FileInputStream;
-import java.security.KeyStore;
-import java.util.ArrayList;
-import java.util.List;
-
-import net.htmlparser.jericho.Element;
-import net.htmlparser.jericho.FormField;
-import net.htmlparser.jericho.FormFields;
-import net.htmlparser.jericho.HTMLElementName;
-import net.htmlparser.jericho.Source;
import org.apache.cxf.fediz.core.ClaimTypes;
-import org.apache.http.Consts;
-import org.apache.http.HttpEntity;
-import org.apache.http.HttpResponse;
-import org.apache.http.NameValuePair;
-import org.apache.http.auth.AuthScope;
-import org.apache.http.auth.UsernamePasswordCredentials;
-import org.apache.http.client.entity.UrlEncodedFormEntity;
-import org.apache.http.client.methods.HttpGet;
-import org.apache.http.client.methods.HttpPost;
-import org.apache.http.conn.scheme.Scheme;
-import org.apache.http.conn.ssl.SSLSocketFactory;
-import org.apache.http.impl.client.DefaultHttpClient;
-import org.apache.http.impl.client.LaxRedirectStrategy;
-import org.apache.http.message.BasicNameValuePair;
-import org.apache.http.util.EntityUtils;
import org.junit.Assert;
public abstract class AbstractTests {
@@ -65,7 +39,8 @@ public abstract class AbstractTests {
String url = https://localhost:; + getRpHttpsPort() +
/fedizhelloworld/secure/fedservlet;
String user = alice;
String password = ecila;
-String response = sendHttpGet(url, user, password);
+String response =
+HTTPTestUtils.sendHttpGet(url, user, password,
Integer.parseInt(getIdpHttpsPort()));
Assert.assertTrue(Principal not + user,
response.indexOf(userPrincipal= + user) 0);
Assert.assertTrue(User + user + does not have role Admin,
response.indexOf(role:Admin=false) 0);
@@ -89,7 +64,8 @@ public abstract class AbstractTests {
String url = https://localhost:; + getRpHttpsPort() +
/fedizhelloworld/secure/fedservlet;
String user = bob;
String password = bob;
-String response = sendHttpGet(url, user, password);
+String response =
+HTTPTestUtils.sendHttpGet(url, user, password,
Integer.parseInt(getIdpHttpsPort()));
Assert.assertTrue(Principal not + user,
response.indexOf(userPrincipal= + user) 0);
Assert.assertTrue(User + user + does not have role Admin,
response.indexOf(role:Admin=true) 0);
@@ -112,7 +88,8 @@ public abstract class AbstractTests {
String url = https://localhost:; + getRpHttpsPort() +
/fedizhelloworld/secure/fedservlet;
String user = ted;
String password = det;
-String response = sendHttpGet(url, user, password);
+String response =
+HTTPTestUtils.sendHttpGet(url, user, password,
Integer.parseInt(getIdpHttpsPort()));
Assert.assertTrue(Principal not + user,
response.indexOf(userPrincipal= + user) 0);
Assert.assertTrue(User + user + does not have role Admin,
response.indexOf(role:Admin=false) 0);
@@ -135,18 +112,17 @@ public abstract class
git commit: Upgrading system tests to use newer HttpClient API
Repository: cxf-fediz
Updated Branches:
refs/heads/1.1.x-fixes f9f27c7be - 6637a55d1
Upgrading system tests to use newer HttpClient API
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/6637a55d
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/6637a55d
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/6637a55d
Branch: refs/heads/1.1.x-fixes
Commit: 6637a55d1a152357bf1520daa9039d7373691767
Parents: f9f27c7
Author: Colm O hEigeartaigh cohei...@apache.org
Authored: Thu Jul 10 17:44:35 2014 +0100
Committer: Colm O hEigeartaigh cohei...@apache.org
Committed: Thu Jul 10 17:45:11 2014 +0100
--
.../fediz/integrationtests/AbstractTests.java | 141 ++-
.../fediz/integrationtests/HTTPTestUtils.java | 176 +++
.../cxf/fediz/integrationtests/BadWReqTest.java | 125 +
.../cxf/fediz/integrationtests/TomcatTest.java | 121 +
.../cxf/fediz/integrationtests/WReqTest.java| 125 +
5 files changed, 190 insertions(+), 498 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6637a55d/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
--
diff --git
a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
index b2e80f3..f2b715a 100644
---
a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
+++
b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
@@ -19,33 +19,7 @@
package org.apache.cxf.fediz.integrationtests;
-import java.io.File;
-import java.io.FileInputStream;
-import java.security.KeyStore;
-import java.util.ArrayList;
-import java.util.List;
-
-import net.htmlparser.jericho.Element;
-import net.htmlparser.jericho.FormField;
-import net.htmlparser.jericho.FormFields;
-import net.htmlparser.jericho.HTMLElementName;
-import net.htmlparser.jericho.Source;
import org.apache.cxf.fediz.core.ClaimTypes;
-import org.apache.http.Consts;
-import org.apache.http.HttpEntity;
-import org.apache.http.HttpResponse;
-import org.apache.http.NameValuePair;
-import org.apache.http.auth.AuthScope;
-import org.apache.http.auth.UsernamePasswordCredentials;
-import org.apache.http.client.entity.UrlEncodedFormEntity;
-import org.apache.http.client.methods.HttpGet;
-import org.apache.http.client.methods.HttpPost;
-import org.apache.http.conn.scheme.Scheme;
-import org.apache.http.conn.ssl.SSLSocketFactory;
-import org.apache.http.impl.client.DefaultHttpClient;
-import org.apache.http.impl.client.LaxRedirectStrategy;
-import org.apache.http.message.BasicNameValuePair;
-import org.apache.http.util.EntityUtils;
import org.junit.Assert;
public abstract class AbstractTests {
@@ -65,7 +39,8 @@ public abstract class AbstractTests {
String url = https://localhost:; + getRpHttpsPort() +
/fedizhelloworld/secure/fedservlet;
String user = alice;
String password = ecila;
-String response = sendHttpGet(url, user, password);
+String response =
+HTTPTestUtils.sendHttpGet(url, user, password,
Integer.parseInt(getIdpHttpsPort()));
Assert.assertTrue(Principal not + user,
response.indexOf(userPrincipal= + user) 0);
Assert.assertTrue(User + user + does not have role Admin,
response.indexOf(role:Admin=false) 0);
@@ -89,7 +64,8 @@ public abstract class AbstractTests {
String url = https://localhost:; + getRpHttpsPort() +
/fedizhelloworld/secure/fedservlet;
String user = bob;
String password = bob;
-String response = sendHttpGet(url, user, password);
+String response =
+HTTPTestUtils.sendHttpGet(url, user, password,
Integer.parseInt(getIdpHttpsPort()));
Assert.assertTrue(Principal not + user,
response.indexOf(userPrincipal= + user) 0);
Assert.assertTrue(User + user + does not have role Admin,
response.indexOf(role:Admin=true) 0);
@@ -112,7 +88,8 @@ public abstract class AbstractTests {
String url = https://localhost:; + getRpHttpsPort() +
/fedizhelloworld/secure/fedservlet;
String user = ted;
String password = det;
-String response = sendHttpGet(url, user, password);
+String response =
+HTTPTestUtils.sendHttpGet(url, user, password,
Integer.parseInt(getIdpHttpsPort()));
Assert.assertTrue(Principal not + user,
response.indexOf(userPrincipal= + user) 0);
Assert.assertTrue(User + user + does not have role Admin,
response.indexOf(role:Admin=false) 0);
@@ -135,18 +112,17 @@ public abstract class
[1/2] git commit: [CXF-5869] Temporary file caching using encryption may get corrupted data
Repository: cxf
Updated Branches:
refs/heads/2.7.x-fixes d5621a999 - c651e2671
[CXF-5869] Temporary file caching using encryption may get corrupted data
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/141e88e6
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/141e88e6
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/141e88e6
Branch: refs/heads/2.7.x-fixes
Commit: 141e88e6072fe8a85c4d6204719eca1b9d7eb04a
Parents: d5621a9
Author: Akitoshi Yoshida a...@apache.org
Authored: Thu Jul 10 17:45:43 2014 +0200
Committer: Akitoshi Yoshida a...@apache.org
Committed: Thu Jul 10 18:56:50 2014 +0200
--
api/src/main/java/org/apache/cxf/io/CipherPair.java | 9 +
1 file changed, 1 insertion(+), 8 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/141e88e6/api/src/main/java/org/apache/cxf/io/CipherPair.java
--
diff --git a/api/src/main/java/org/apache/cxf/io/CipherPair.java
b/api/src/main/java/org/apache/cxf/io/CipherPair.java
index 0a4b856..8237221 100644
--- a/api/src/main/java/org/apache/cxf/io/CipherPair.java
+++ b/api/src/main/java/org/apache/cxf/io/CipherPair.java
@@ -32,6 +32,7 @@ import javax.crypto.spec.IvParameterSpec;
*/
public class CipherPair {
private String transformation;
+private Cipher enccipher;
private Key key;
private byte[] ivp;
@@ -45,7 +46,6 @@ public class CipherPair {
} else {
a = transformation;
}
-Cipher enccipher = null;
try {
KeyGenerator keygen = KeyGenerator.getInstance(a);
keygen.init(new SecureRandom());
@@ -64,13 +64,6 @@ public class CipherPair {
}
public Cipher getEncryptor() {
-Cipher enccipher = null;
-try {
-enccipher = Cipher.getInstance(transformation);
-enccipher.init(Cipher.ENCRYPT_MODE, key);
-} catch (GeneralSecurityException e) {
-// ignore
-}
return enccipher;
}
[2/2] git commit: [CXF-5869] test using AES/CTR
[CXF-5869] test using AES/CTR
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c651e267
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c651e267
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c651e267
Branch: refs/heads/2.7.x-fixes
Commit: c651e2671edeace288e555316d136a7113f0127e
Parents: 141e88e
Author: Akitoshi Yoshida a...@apache.org
Authored: Thu Jul 10 18:04:20 2014 +0200
Committer: Akitoshi Yoshida a...@apache.org
Committed: Thu Jul 10 18:57:21 2014 +0200
--
.../org/apache/cxf/io/CachedStreamTestBase.java | 27 +---
1 file changed, 24 insertions(+), 3 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/c651e267/api/src/test/java/org/apache/cxf/io/CachedStreamTestBase.java
--
diff --git a/api/src/test/java/org/apache/cxf/io/CachedStreamTestBase.java
b/api/src/test/java/org/apache/cxf/io/CachedStreamTestBase.java
index ddd5fed..b88ba14 100755
--- a/api/src/test/java/org/apache/cxf/io/CachedStreamTestBase.java
+++ b/api/src/test/java/org/apache/cxf/io/CachedStreamTestBase.java
@@ -34,6 +34,9 @@ import org.junit.Assert;
import org.junit.Test;
public abstract class CachedStreamTestBase extends Assert {
+// use two typical ciphers for testing
+private static final String[] CIPHER_LIST = {RC4, AES/CTR/NoPadding};
+
protected abstract void reloadDefaultProperties();
protected abstract Object createCache();
protected abstract Object createCache(long threshold);
@@ -88,7 +91,13 @@ public abstract class CachedStreamTestBase extends Assert {
@Test
public void testEncryptAndDecryptWithDeleteOnClose() throws IOException {
// need a 8-bit cipher so that all bytes are flushed when the stream
is flushed.
-Object cache = createCache(4, RC4);
+for (String cipher: CIPHER_LIST) {
+verifyEncryptAndDecryptWithDeleteOnClose(cipher);
+}
+}
+
+private void verifyEncryptAndDecryptWithDeleteOnClose(String cipher)
throws IOException {
+Object cache = createCache(4, cipher);
final String text = Hello Secret World!;
File tmpfile = getTmpFile(text, cache);
assertNotNull(tmpfile);
@@ -111,8 +120,14 @@ public abstract class CachedStreamTestBase extends Assert {
@Test
public void testEncryptAndDecryptWithDeleteOnInClose() throws IOException {
+for (String cipher: CIPHER_LIST) {
+verifyEncryptAndDecryptWithDeleteOnInClose(cipher);
+}
+}
+
+private void verifyEncryptAndDecryptWithDeleteOnInClose(String cipher)
throws IOException {
// need a 8-bit cipher so that all bytes are flushed when the stream
is flushed.
-Object cache = createCache(4, RC4);
+Object cache = createCache(4, cipher);
final String text = Hello Secret World!;
File tmpfile = getTmpFile(text, cache);
assertNotNull(tmpfile);
@@ -133,8 +148,14 @@ public abstract class CachedStreamTestBase extends Assert {
@Test
public void testEncryptAndDecryptPartially() throws IOException {
+for (String cipher: CIPHER_LIST) {
+verifyEncryptAndDecryptPartially(cipher);
+}
+}
+
+private void verifyEncryptAndDecryptPartially(String cipher) throws
IOException {
// need a 8-bit cipher so that all bytes are flushed when the stream
is flushed.
-Object cache = createCache(4, RC4);
+Object cache = createCache(4, cipher);
final String text = Hello Secret World!;
File tmpfile = getTmpFile(text, cache);
assertNotNull(tmpfile);
git commit: [CXF-5311] Actually making JWS out streaming work, more refactoring will follow
Repository: cxf
Updated Branches:
refs/heads/master e8a038340 - f5d2a0332
[CXF-5311] Actually making JWS out streaming work, more refactoring will follow
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f5d2a033
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f5d2a033
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f5d2a033
Branch: refs/heads/master
Commit: f5d2a0332c7a40d7b528fb1d32d10fe9ebb74fc2
Parents: e8a0383
Author: Sergey Beryozkin sberyoz...@talend.com
Authored: Thu Jul 10 22:00:01 2014 +0100
Committer: Sergey Beryozkin sberyoz...@talend.com
Committed: Thu Jul 10 22:00:01 2014 +0100
--
.../cxf/common/util/Base64OutputStream.java | 90
.../jws/AbstractJwsSignatureProvider.java | 12 +--
.../rs/security/oauth2/jws/JwsOutputStream.java | 40 +
.../oauth2/jwt/jaxrs/JwsWriterInterceptor.java | 9 +-
.../oauth2/utils/Base64UrlOutputStream.java | 31 +++
.../jaxrs/security/jwt/JAXRSJweJwsTest.java | 4 +-
6 files changed, 140 insertions(+), 46 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/f5d2a033/core/src/main/java/org/apache/cxf/common/util/Base64OutputStream.java
--
diff --git
a/core/src/main/java/org/apache/cxf/common/util/Base64OutputStream.java
b/core/src/main/java/org/apache/cxf/common/util/Base64OutputStream.java
new file mode 100644
index 000..6ba8e95
--- /dev/null
+++ b/core/src/main/java/org/apache/cxf/common/util/Base64OutputStream.java
@@ -0,0 +1,90 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * License); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.common.util;
+
+import java.io.FilterOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.nio.ByteBuffer;
+
+public class Base64OutputStream extends FilterOutputStream {
+private byte[] lastChunk;
+private boolean flushed;
+private boolean urlSafe;
+public Base64OutputStream(OutputStream out, boolean urlSafe) {
+super(out);
+this.urlSafe = urlSafe;
+}
+
+@Override
+public void write(int value) throws IOException {
+byte[] bytes = ByteBuffer.allocate(Integer.SIZE /
8).putInt(value).array();
+write(bytes, 0, bytes.length);
+}
+
+@Override
+public void write(byte b[], int off, int len) throws IOException {
+encodeAndWrite(b, off, len, false);
+}
+
+private void encodeAndWrite(byte[] b, int off, int len, boolean
finalWrite) throws IOException {
+byte[] theChunk = lastChunk;
+int lenToEncode = len;
+if (theChunk != null) {
+theChunk = newArray(theChunk, 0, theChunk.length, b, off, len);
+lenToEncode = theChunk.length;
+off = 0;
+} else {
+theChunk = b;
+}
+int rem = finalWrite ? 0 : lenToEncode % 3;
+Base64Utility.encodeAndStream(theChunk, off, lenToEncode - rem,
urlSafe, out);
+
+if (rem 0) {
+lastChunk = newArray(theChunk, lenToEncode - rem, rem);
+} else {
+lastChunk = null;
+}
+}
+
+@Override
+public void flush() throws IOException {
+if (flushed) {
+return;
+}
+try {
+Base64Utility.encodeAndStream(lastChunk, 0, lastChunk.length,
urlSafe, out);
+lastChunk = null;
+} catch (Exception ex) {
+throw new SecurityException();
+}
+flushed = true;
+}
+private byte[] newArray(byte[] src, int srcPos, int srcLen) {
+byte[] buf = new byte[srcLen];
+System.arraycopy(src, srcPos, buf, 0, srcLen);
+return buf;
+}
+private byte[] newArray(byte[] src, int srcPos, int srcLen, byte[] src2,
int srcPos2, int srcLen2) {
+byte[] buf = new byte[srcLen + srcLen2];
+System.arraycopy(src, srcPos, buf, 0, srcLen);
+System.arraycopy(src2, srcPos2, buf, srcLen, srcLen2);
+return buf;
+}
+}
git commit: CXF-5549: Introduce Tika Search Visitor. Added integration tests (systest) for JAX-RS/Tika/Lucene/Search
Repository: cxf
Updated Branches:
refs/heads/master f5d2a0332 - 2209258ce
CXF-5549: Introduce Tika Search Visitor. Added integration tests (systest) for
JAX-RS/Tika/Lucene/Search
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2209258c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2209258c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2209258c
Branch: refs/heads/master
Commit: 2209258ce1246f3f48d23d51c4d981dd47b3d600
Parents: f5d2a03
Author: reta drr...@gmail.com
Authored: Thu Jul 10 22:20:37 2014 -0400
Committer: reta drr...@gmail.com
Committed: Thu Jul 10 22:20:37 2014 -0400
--
.../ext/search/tika/LuceneDocumentMetadata.java | 10 ++
.../search/tika/TikaLuceneContentExtractor.java | 5 +
.../tika/TikaLuceneContentExtractorTest.java| 17 +++
systests/jaxrs/pom.xml | 23
.../systest/jaxrs/extraction/BookCatalog.java | 118 ++
.../extraction/JAXRSClientServerTikaTest.java | 121 +++
.../jaxrs/src/test/resources/files/testPDF.pdf | Bin 0 - 34824 bytes
7 files changed, 294 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/2209258c/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/tika/LuceneDocumentMetadata.java
--
diff --git
a/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/tika/LuceneDocumentMetadata.java
b/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/tika/LuceneDocumentMetadata.java
index dcb8f5a..f3e0b7e 100644
---
a/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/tika/LuceneDocumentMetadata.java
+++
b/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/tika/LuceneDocumentMetadata.java
@@ -28,6 +28,7 @@ import
org.apache.cxf.jaxrs.ext.search.DefaultParamConverterProvider;
public class LuceneDocumentMetadata {
private final Map String, Class ? fieldTypes;
private final String contentFieldName;
+private String source;
private ParamConverterProvider converterProvider = new
DefaultParamConverterProvider();
public LuceneDocumentMetadata() {
@@ -54,10 +55,19 @@ public class LuceneDocumentMetadata {
return this;
}
+public LuceneDocumentMetadata withSource(final String src) {
+this.source = src;
+return this;
+}
+
public String getContentFieldName() {
return contentFieldName;
}
+public String getSource() {
+return source;
+}
+
public Class? getFieldType(String name) {
return fieldTypes.get(name);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/2209258c/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/tika/TikaLuceneContentExtractor.java
--
diff --git
a/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/tika/TikaLuceneContentExtractor.java
b/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/tika/TikaLuceneContentExtractor.java
index 8ca0b29..dc086ac 100644
---
a/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/tika/TikaLuceneContentExtractor.java
+++
b/rt/rs/extensions/search/src/main/java/org/apache/cxf/jaxrs/ext/search/tika/TikaLuceneContentExtractor.java
@@ -24,6 +24,7 @@ import java.util.List;
import javax.ws.rs.ext.ParamConverterProvider;
+import org.apache.commons.lang.StringUtils;
import org.apache.cxf.jaxrs.ext.search.tika.TikaContentExtractor.TikaContent;
import org.apache.lucene.document.Document;
import org.apache.lucene.document.DoubleField;
@@ -191,6 +192,10 @@ public class TikaLuceneContentExtractor {
}
}
+if (!StringUtils.isBlank(documentMetadata.getSource())) {
+document.add(new StringField(source,
documentMetadata.getSource(), Store.YES));
+}
+
return document;
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/2209258c/rt/rs/extensions/search/src/test/java/org/apache/cxf/jaxrs/ext/search/tika/TikaLuceneContentExtractorTest.java
--
diff --git
a/rt/rs/extensions/search/src/test/java/org/apache/cxf/jaxrs/ext/search/tika/TikaLuceneContentExtractorTest.java
b/rt/rs/extensions/search/src/test/java/org/apache/cxf/jaxrs/ext/search/tika/TikaLuceneContentExtractorTest.java
index 1012db6..cbdef04 100644
---
a/rt/rs/extensions/search/src/test/java/org/apache/cxf/jaxrs/ext/search/tika/TikaLuceneContentExtractorTest.java
+++
b/rt/rs/extensions/search/src/test/java/org/apache/cxf/jaxrs/ext/search/tika/TikaLuceneContentExtractorTest.java
@@ -198,6
git commit: Fixed checkstyle issues
Repository: cxf
Updated Branches:
refs/heads/master 2209258ce - 6ba3e0b61
Fixed checkstyle issues
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6ba3e0b6
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6ba3e0b6
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6ba3e0b6
Branch: refs/heads/master
Commit: 6ba3e0b6107cacbefc029d71858377a9277afc07
Parents: 2209258
Author: reta drr...@gmail.com
Authored: Thu Jul 10 22:22:02 2014 -0400
Committer: reta drr...@gmail.com
Committed: Thu Jul 10 22:22:02 2014 -0400
--
.../java/org/apache/cxf/interceptor/Fault.java | 4 +--
.../staxutils/SysPropExpandingStreamReader.java | 33 +++-
.../cxf/staxutils/XMLStreamReaderWrapper.java | 2 +-
.../SysPropExpandingStreamReaderTest.java | 14 ++---
.../org/apache/cxf/wsdl11/WSDLManagerImpl.java | 3 +-
5 files changed, 31 insertions(+), 25 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/6ba3e0b6/core/src/main/java/org/apache/cxf/interceptor/Fault.java
--
diff --git a/core/src/main/java/org/apache/cxf/interceptor/Fault.java
b/core/src/main/java/org/apache/cxf/interceptor/Fault.java
index b5bc123..3c40a48 100644
--- a/core/src/main/java/org/apache/cxf/interceptor/Fault.java
+++ b/core/src/main/java/org/apache/cxf/interceptor/Fault.java
@@ -25,12 +25,12 @@ import java.util.logging.Logger;
import javax.xml.namespace.QName;
+import org.w3c.dom.Element;
+
import org.apache.cxf.common.i18n.Message;
import org.apache.cxf.common.i18n.UncheckedException;
import org.apache.cxf.helpers.DOMUtils;
-import org.w3c.dom.Element;
-
/**
* A Fault that occurs during invocation processing.
*/
http://git-wip-us.apache.org/repos/asf/cxf/blob/6ba3e0b6/core/src/main/java/org/apache/cxf/staxutils/SysPropExpandingStreamReader.java
--
diff --git
a/core/src/main/java/org/apache/cxf/staxutils/SysPropExpandingStreamReader.java
b/core/src/main/java/org/apache/cxf/staxutils/SysPropExpandingStreamReader.java
index 4987338..04a2882 100644
---
a/core/src/main/java/org/apache/cxf/staxutils/SysPropExpandingStreamReader.java
+++
b/core/src/main/java/org/apache/cxf/staxutils/SysPropExpandingStreamReader.java
@@ -34,25 +34,28 @@ public class SysPropExpandingStreamReader extends
DelegatingXMLStreamReader {
}
protected String expandSystemProperty(String value) {
-if (!isEmpty(value)) {
-final int startIndx = value.indexOf(DELIMITER);
-if (startIndx -1) {
-final int endIndx = value.lastIndexOf(DELIMITER);
-if (endIndx -1 startIndx + 1 endIndx) {
-final String propName = value.substring(startIndx + 1,
endIndx);
-if (!isEmpty(propName)) {
-final String envValue = System.getProperty(propName);
-if (!isEmpty(envValue)) {
-StringBuilder sb = new StringBuilder();
-sb.append(value.substring(0, startIndx));
-sb.append(envValue);
-sb.append(value.substring(endIndx + 1));
-value = sb.toString();
-}
+if (isEmpty(value)) {
+return value;
+}
+
+final int startIndx = value.indexOf(DELIMITER);
+if (startIndx -1) {
+final int endIndx = value.lastIndexOf(DELIMITER);
+if (endIndx -1 startIndx + 1 endIndx) {
+final String propName = value.substring(startIndx + 1,
endIndx);
+if (!isEmpty(propName)) {
+final String envValue = System.getProperty(propName);
+if (!isEmpty(envValue)) {
+StringBuilder sb = new StringBuilder();
+sb.append(value.substring(0, startIndx));
+sb.append(envValue);
+sb.append(value.substring(endIndx + 1));
+value = sb.toString();
}
}
}
}
+
return value;
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/6ba3e0b6/core/src/main/java/org/apache/cxf/staxutils/XMLStreamReaderWrapper.java
--
diff --git
a/core/src/main/java/org/apache/cxf/staxutils/XMLStreamReaderWrapper.java
b/core/src/main/java/org/apache/cxf/staxutils/XMLStreamReaderWrapper.java
index 36c582f..ea0f307 100644
--- a/core/src/main/java/org/apache/cxf/staxutils/XMLStreamReaderWrapper.java
+++
