Re: New Maven coordinates for Jakarta EE specs
Hi, the JAXB, JAX-WS, SAAJ and some more API dependencies are now available on central. Servlet-API is still missing, but I noticed that we are currently using 3.1.0 anyway. Do we plan to update to 4.0.2? Regards Dennis
[GitHub] reta commented on a change in pull request #462: Httpsig
reta commented on a change in pull request #462: Httpsig URL: https://github.com/apache/cxf/pull/462#discussion_r246483627 ## File path: rt/rs/security/http-signature/src/main/java/org/apache/cxf/rs/security/httpsignature/TomitribeSignatureValidator.java ## @@ -0,0 +1,96 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.httpsignature; + +import java.security.Key; +import java.util.List; +import java.util.Map; +import java.util.Objects; +import java.util.logging.Logger; + +import org.apache.cxf.common.logging.LogUtils; +import org.apache.cxf.rs.security.httpsignature.exception.DifferentAlgorithmsException; +import org.apache.cxf.rs.security.httpsignature.exception.InvalidDataToVerifySignatureException; +import org.apache.cxf.rs.security.httpsignature.exception.InvalidSignatureException; +import org.apache.cxf.rs.security.httpsignature.exception.InvalidSignatureHeaderException; +import org.apache.cxf.rs.security.httpsignature.provider.AlgorithmProvider; +import org.apache.cxf.rs.security.httpsignature.provider.PublicKeyProvider; +import org.apache.cxf.rs.security.httpsignature.provider.SecurityProvider; +import org.apache.cxf.rs.security.httpsignature.utils.SignatureHeaderUtils; +import org.tomitribe.auth.signatures.Signature; +import org.tomitribe.auth.signatures.Verifier; + +public final class TomitribeSignatureValidator implements SignatureValidator { +private static final Logger LOG = LogUtils.getL7dLogger(TomitribeSignatureValidator.class); + +@Override +public void validate(Map> messageHeaders, + AlgorithmProvider algorithmProvider, + PublicKeyProvider publicKeyProvider, + SecurityProvider securityProvider, + String method, + String uri) { +Signature signature = extractSignatureFromHeader(messageHeaders.get("Signature").get(0)); + +String providedAlgorithm = algorithmProvider.getAlgorithmName(signature.getKeyId()); +Objects.requireNonNull(providedAlgorithm, "provided algorithm is null"); Review comment: Not needed anymore, `getAlgorithmName` will never return `null` This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] reta commented on a change in pull request #462: Httpsig
reta commented on a change in pull request #462: Httpsig URL: https://github.com/apache/cxf/pull/462#discussion_r246483242 ## File path: rt/rs/security/http-signature/src/main/java/org/apache/cxf/rs/security/httpsignature/SignatureException.java ## @@ -0,0 +1,7 @@ +package org.apache.cxf.rs.security.httpsignature; + +public class SignatureException extends RuntimeException { +public SignatureException(String message) { Review comment: `IllegalArgumentException` is the good candidate I think. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] reta commented on a change in pull request #462: Httpsig
reta commented on a change in pull request #462: Httpsig URL: https://github.com/apache/cxf/pull/462#discussion_r246483025 ## File path: rt/rs/security/http-signature/src/main/java/org/apache/cxf/rs/security/httpsignature/provider/SecurityProvider.java ## @@ -0,0 +1,33 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.httpsignature.provider; + +import java.security.Provider; + +@FunctionalInterface +public interface SecurityProvider { +/** + * @param keyId is used as lookup to find the correct configured security provider for this keyId + * The keyId is sent in the message together with the signature + * @throws NullPointerException if it can't provide a public key based on keyId Review comment: And here as well, please `IllegalArgumentException` This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] reta commented on a change in pull request #462: Httpsig
reta commented on a change in pull request #462: Httpsig URL: https://github.com/apache/cxf/pull/462#discussion_r246482852 ## File path: rt/rs/security/http-signature/src/main/java/org/apache/cxf/rs/security/httpsignature/provider/PublicKeyProvider.java ## @@ -0,0 +1,33 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.httpsignature.provider; + +import java.security.PublicKey; + +@FunctionalInterface +public interface PublicKeyProvider { +/** + * @param keyId is used as lookup to find the correct configured public key for this keyId + * The keyId is sent in the message together with the signature + * @throws NullPointerException if it can't provide a public key based on keyId Review comment: Same, please `NullPointerException` -> `IllegalArgumentException` This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] reta commented on a change in pull request #462: Httpsig
reta commented on a change in pull request #462: Httpsig URL: https://github.com/apache/cxf/pull/462#discussion_r246482629 ## File path: rt/rs/security/http-signature/src/main/java/org/apache/cxf/rs/security/httpsignature/provider/AlgorithmProvider.java ## @@ -0,0 +1,31 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.httpsignature.provider; + +@FunctionalInterface +public interface AlgorithmProvider { +/** + * @param keyId is used as lookup to find the correct configured algorithm name for this keyId + * The keyId is sent in the message together with the signature + * @throws NullPointerException if it can't provide an algorithm based on keyId Review comment: Might be better to use `IllegalAgumentException` if the provider can't provide an algorithm based on keyId This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] amarkevich opened a new pull request #497: org.apache.cxf.osgi.itests: improve test stability
amarkevich opened a new pull request #497: org.apache.cxf.osgi.itests: improve test stability URL: https://github.com/apache/cxf/pull/497 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rmannibucau commented on a change in pull request #487: Ensure JAXB and javax.activation are not required for JAX-RS
rmannibucau commented on a change in pull request #487: Ensure JAXB and javax.activation are not required for JAX-RS URL: https://github.com/apache/cxf/pull/487#discussion_r246412596 ## File path: core/src/main/java/org/apache/cxf/service/model/EndpointInfo.java ## @@ -94,7 +95,12 @@ public String getAddress() { public void setAddress(String addr) { if (null == address) { -address = EndpointReferenceUtils.getEndpointReference(addr); +// address = EndpointReferenceUtils.getEndpointReference(addr); loads jaxb and we want to avoid it +final EndpointReferenceType reference = new EndpointReferenceType(); +final AttributedURIType a = new AttributedURIType(); +a.setValue("/"); Review comment: Hmm, sure? address is null here so it defaults to "/" but good catch i forgot the else ;) edit: pushed This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rmannibucau commented on a change in pull request #487: Ensure JAXB and javax.activation are not required for JAX-RS
rmannibucau commented on a change in pull request #487: Ensure JAXB and javax.activation are not required for JAX-RS URL: https://github.com/apache/cxf/pull/487#discussion_r246412596 ## File path: core/src/main/java/org/apache/cxf/service/model/EndpointInfo.java ## @@ -94,7 +95,12 @@ public String getAddress() { public void setAddress(String addr) { if (null == address) { -address = EndpointReferenceUtils.getEndpointReference(addr); +// address = EndpointReferenceUtils.getEndpointReference(addr); loads jaxb and we want to avoid it +final EndpointReferenceType reference = new EndpointReferenceType(); +final AttributedURIType a = new AttributedURIType(); +a.setValue("/"); Review comment: s/address/addr/ edit: pushed This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] coheigea commented on a change in pull request #487: Ensure JAXB and javax.activation are not required for JAX-RS
coheigea commented on a change in pull request #487: Ensure JAXB and javax.activation are not required for JAX-RS URL: https://github.com/apache/cxf/pull/487#discussion_r246393454 ## File path: core/src/main/java/org/apache/cxf/service/model/EndpointInfo.java ## @@ -94,7 +95,12 @@ public String getAddress() { public void setAddress(String addr) { if (null == address) { -address = EndpointReferenceUtils.getEndpointReference(addr); +// address = EndpointReferenceUtils.getEndpointReference(addr); loads jaxb and we want to avoid it +final EndpointReferenceType reference = new EndpointReferenceType(); +final AttributedURIType a = new AttributedURIType(); +a.setValue("/"); Review comment: This should be: a.setValue(address); This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services