cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r699436 - in /cxf/trunk/rt: frontend/jaxws/src/main/java/org/apache/cxf/jaxws/ frontend/simple/src/main/java/org/apache/cxf/service/factory/ ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/ ws/security/src/main/java...
Date Fri, 26 Sep 2008 17:52:59 GMT
Author: dkulp
Date: Fri Sep 26 10:52:59 2008
New Revision: 699436

URL: http://svn.apache.org/viewvc?rev=699436&view=rev
Log:
Updates to try and get the security headers in the right order.


Modified:
    cxf/trunk/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/EndpointImpl.java
    cxf/trunk/rt/frontend/simple/src/main/java/org/apache/cxf/service/factory/ReflectionServiceFactoryBean.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java

Modified: cxf/trunk/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/EndpointImpl.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/EndpointImpl.java?rev=699436&r1=699435&r2=699436&view=diff
==============================================================================
--- cxf/trunk/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/EndpointImpl.java (original)
+++ cxf/trunk/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/EndpointImpl.java Fri Sep
26 10:52:59 2008
@@ -182,6 +182,9 @@
 
     @Override
     public Map<String, Object> getProperties() {
+        if (server != null) {
+            return server.getEndpoint();
+        }
         return properties;
     }
 

Modified: cxf/trunk/rt/frontend/simple/src/main/java/org/apache/cxf/service/factory/ReflectionServiceFactoryBean.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/frontend/simple/src/main/java/org/apache/cxf/service/factory/ReflectionServiceFactoryBean.java?rev=699436&r1=699435&r2=699436&view=diff
==============================================================================
--- cxf/trunk/rt/frontend/simple/src/main/java/org/apache/cxf/service/factory/ReflectionServiceFactoryBean.java
(original)
+++ cxf/trunk/rt/frontend/simple/src/main/java/org/apache/cxf/service/factory/ReflectionServiceFactoryBean.java
Fri Sep 26 10:52:59 2008
@@ -304,8 +304,8 @@
     }
     
     protected void buildServiceFromWSDL(String url) {
-        if (LOG.isLoggable(Level.FINE)) {
-            LOG.fine("Creating Service " + getServiceQName() + " from WSDL: " + url);
+        if (LOG.isLoggable(Level.INFO)) {
+            LOG.info("Creating Service " + getServiceQName() + " from WSDL: " + url);
         }
         populateFromClass = false;
         WSDLServiceFactory factory = new WSDLServiceFactory(getBus(), url, getServiceQName());
@@ -325,8 +325,8 @@
     }
 
     protected void buildServiceFromClass() {
-        if (LOG.isLoggable(Level.FINE)) {
-            LOG.fine("Creating Service " + getServiceQName() + " from class " + getServiceClass().getName());
+        if (LOG.isLoggable(Level.INFO)) {
+            LOG.info("Creating Service " + getServiceQName() + " from class " + getServiceClass().getName());
         }
         populateFromClass = true;
 

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java?rev=699436&r1=699435&r2=699436&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
Fri Sep 26 10:52:59 2008
@@ -41,22 +41,32 @@
         ASSERTION_TYPES.add(SP11Constants.WSS10);
         ASSERTION_TYPES.add(SP11Constants.WSS11);
         ASSERTION_TYPES.add(SP11Constants.TRUST_10);
-        ASSERTION_TYPES.add(SP11Constants.SIGNED_SUPPORTING_TOKENS);
         ASSERTION_TYPES.add(SP11Constants.USERNAME_TOKEN);
         ASSERTION_TYPES.add(SP11Constants.TRANSPORT_TOKEN);
         ASSERTION_TYPES.add(SP11Constants.SIGNED_PARTS);
         ASSERTION_TYPES.add(SP11Constants.ENCRYPTED_PARTS);
+        ASSERTION_TYPES.add(SP11Constants.INSTANCE.getSupportingTokens());
+        ASSERTION_TYPES.add(SP11Constants.INSTANCE.getSignedSupportingTokens());
+        ASSERTION_TYPES.add(SP11Constants.INSTANCE.getEndorsingSupportingTokens());
+        ASSERTION_TYPES.add(SP11Constants.INSTANCE.getSignedEndorsingSupportingTokens());
 
         ASSERTION_TYPES.add(SP12Constants.LAYOUT);
         ASSERTION_TYPES.add(SP12Constants.INCLUDE_TIMESTAMP);
         ASSERTION_TYPES.add(SP12Constants.ALGORITHM_SUITE);
         ASSERTION_TYPES.add(SP12Constants.WSS10);
         ASSERTION_TYPES.add(SP12Constants.WSS11);
-        ASSERTION_TYPES.add(SP12Constants.SIGNED_SUPPORTING_TOKENS);
         ASSERTION_TYPES.add(SP12Constants.USERNAME_TOKEN);
         ASSERTION_TYPES.add(SP12Constants.TRANSPORT_TOKEN);            
         ASSERTION_TYPES.add(SP12Constants.SIGNED_PARTS);
         ASSERTION_TYPES.add(SP12Constants.ENCRYPTED_PARTS);
+        ASSERTION_TYPES.add(SP12Constants.INSTANCE.getSupportingTokens());
+        ASSERTION_TYPES.add(SP12Constants.INSTANCE.getSignedSupportingTokens());
+        ASSERTION_TYPES.add(SP12Constants.INSTANCE.getEndorsingSupportingTokens());
+        ASSERTION_TYPES.add(SP12Constants.INSTANCE.getSignedEndorsingSupportingTokens());
+        ASSERTION_TYPES.add(SP12Constants.ENCRYPTED_SUPPORTING_TOKENS);
+        ASSERTION_TYPES.add(SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
+        ASSERTION_TYPES.add(SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
+        ASSERTION_TYPES.add(SP12Constants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
     }
 
     public WSSecurityPolicyInterceptorProvider() {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java?rev=699436&r1=699435&r2=699436&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
Fri Sep 26 10:52:59 2008
@@ -51,6 +51,7 @@
 import org.apache.cxf.ws.security.policy.model.SymmetricBinding;
 import org.apache.cxf.ws.security.policy.model.Token;
 import org.apache.cxf.ws.security.policy.model.UsernameToken;
+import org.apache.cxf.ws.security.policy.model.Wss11;
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.handler.RequestData;
 import org.apache.ws.security.handler.WSHandler;
@@ -287,6 +288,9 @@
                 }
                 Object s = message.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
                 Object e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
+                if (abinding.getProtectionToken() != null) {
+                    s = e;
+                }
                 if (isRequestor(message)) {
                     message.put("SignaturePropRefId", "SigRefId");
                     message.put("SigRefId", getProps(e, message));
@@ -308,7 +312,39 @@
         }
         return action;
     }
-
+    void assertWSS11(AssertionInfoMap aim, SoapMessage message) {
+        Collection<AssertionInfo> ais = aim.get(SP12Constants.WSS11);
+        if (ais != null) {
+            for (AssertionInfo ai : ais) {
+                ai.setAsserted(true);
+                Wss11 wss11 = (Wss11)ai.getAssertion();
+                if (isRequestor(message)) {
+                    message.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, 
+                                wss11.isRequireSignatureConfirmation() ? "true" : "false");
+                }
+            }
+        }
+    }
+    
+    protected PolicyAssertion findAndAssertPolicy(AssertionInfoMap aim, QName n) {
+        Collection<AssertionInfo> ais = aim.getAssertionInfo(n);
+        if (ais != null && !ais.isEmpty()) {
+            AssertionInfo ai = ais.iterator().next();
+            ai.setAsserted(true);
+            return ai.getAssertion();
+        }
+        return null;
+    }
+    protected String assertSupportingTokens(AssertionInfoMap aim,
+                                          SoapMessage message, 
+                                          String action,
+                                          QName n) {
+        SupportingToken sp = (SupportingToken)findAndAssertPolicy(aim, n);
+        if (sp != null) {
+            action = doTokens(sp.getTokens(), action, aim, message);
+        }
+        return action;
+    }
     protected void checkPolicies(SoapMessage message, RequestData data) {
         AssertionInfoMap aim = message.get(AssertionInfoMap.class);
         // extract Assertion information
@@ -324,16 +360,26 @@
             assertPolicy(aim, SP12Constants.TRANSPORT_BINDING);
             action = assertAsymetricBinding(aim, action, message);
             action = assertSymetricBinding(aim, action, message);
-            Collection<AssertionInfo> ais = aim.get(SP12Constants.SIGNED_SUPPORTING_TOKENS);
-            if (ais != null) {
-                for (AssertionInfo ai : ais) {
-                    SupportingToken sp = (SupportingToken)ai.getAssertion();
-                    action = doTokens(sp.getTokens(), action, aim, message);
-                    ai.setAsserted(true);
-                }                    
-            }
+            
+            action = assertSupportingTokens(aim, message, 
+                                            action, SP12Constants.SIGNED_SUPPORTING_TOKENS);
+            action = assertSupportingTokens(aim, message, 
+                                            action, SP12Constants.ENDORSING_SUPPORTING_TOKENS);
+            action = assertSupportingTokens(aim, message, 
+                                            action, SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
+            action = assertSupportingTokens(aim, message, 
+                                            action, SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
+            action = assertSupportingTokens(aim, message, 
+                                            action, SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
+            action = assertSupportingTokens(aim, message, 
+                                            action, 
+                                            SP12Constants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
+            action = assertSupportingTokens(aim, message, 
+                                            action, SP12Constants.SUPPORTING_TOKENS);
+            action = assertSupportingTokens(aim, message, 
+                                            action, SP12Constants.ENCRYPTED_SUPPORTING_TOKENS);
+            assertWSS11(aim, message);
             assertPolicy(aim, SP12Constants.WSS10);
-            assertPolicy(aim, SP12Constants.WSS11);
             assertPolicy(aim, SP12Constants.TRUST_13);
             assertPolicy(aim, SP11Constants.TRUST_10);
             message.put(WSHandlerConstants.ACTION, action.trim());
@@ -358,6 +404,15 @@
                         }
                     }                    
                 }
+            } else {
+                Collection<AssertionInfo> ais2 = aim.get(token.getName());
+                if (ais2 != null && !ais2.isEmpty()) {
+                    for (AssertionInfo ai2 : ais2) {
+                        if (ai2.getAssertion() == token) {
+                            ai2.setAsserted(true);
+                        }
+                    }                    
+                }
             }
         }        
         return action;

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java?rev=699436&r1=699435&r2=699436&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
Fri Sep 26 10:52:59 2008
@@ -22,8 +22,11 @@
 import java.util.Collections;
 import java.util.Set;
 
+import javax.xml.soap.SOAPException;
 import javax.xml.soap.SOAPMessage;
 
+import org.w3c.dom.Element;
+
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor;
 import org.apache.cxf.interceptor.Fault;
@@ -81,8 +84,14 @@
             String actor = null;
             
             WSSecHeader secHeader = new WSSecHeader(actor, mustUnderstand);
-            secHeader.insertSecurityHeader(saaj.getSOAPPart());
-
+            Element el = secHeader.insertSecurityHeader(saaj.getSOAPPart());
+            try {
+                //move to end
+                saaj.getSOAPHeader().removeChild(el);
+                saaj.getSOAPHeader().appendChild(el);
+            } catch (SOAPException e) {
+                //ignore
+            }
             
             AssertionInfoMap aim = message.get(AssertionInfoMap.class);
             // extract Assertion information

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java?rev=699436&r1=699435&r2=699436&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
Fri Sep 26 10:52:59 2008
@@ -74,13 +74,13 @@
     
     public void handleBinding() {
         WSSecTimestamp timestamp = createTimestamp();
+        handleLayout(timestamp);
         
         if (abinding.getProtectionOrder() == SPConstants.ProtectionOrder.EncryptBeforeSigning)
{
             doEncryptBeforeSign();
         } else {
             doSignBeforeEncrypt();
         }
-        handleLayout(timestamp);
     }
 
 
@@ -96,10 +96,13 @@
                 }
 
                 addSupportingTokens(sigs);
-                doSignature(sigs, null);
+                doSignature(sigs);
                 doEndorse();
             } else {
                 //confirm sig
+                assertSupportingTokens(sigs);
+                
+                
                 //Add timestamp
                 if (timestampEl != null) {
                     Element el = timestampEl.getElement();
@@ -107,7 +110,7 @@
                 }
 
                 addSignatureConfirmation(sigs);
-                doSignature(sigs, null);
+                doSignature(sigs);
             }
 
             Vector<WSEncryptionPart> enc = getEncryptedParts();
@@ -181,13 +184,7 @@
                     && abinding.getInitiatorToken() != null) 
                 || (!isRequestor() && abinding.getRecipientToken() != null)) {
                 try {
-                    Element appendEl = null;
-                    if (encryptionToken.isDerivedKeys()) {
-                        appendEl = ((WSSecDKEncrypt)encrBase).getdktElement();
-                    } else {
-                        appendEl = ((WSSecEncrypt)encrBase).getEncryptedKeyElement();
-                    }
-                    doSignature(sigParts, appendEl);
+                    doSignature(sigParts);
                 } catch (WSSecurityException e) {
                     //REVISIT - exception
                     e.printStackTrace();
@@ -224,10 +221,11 @@
                 } else {
                     try {
                         // Encrypt, get hold of the ref list and add it
-                        Element secondRefList 
-                            = ((WSSecEncrypt)encrBase).encryptForExternalRef(null, secondEncrParts);
-                        insertAfter(secondRefList, secHeader.getSecurityHeader(), 
-                                    ((WSSecEncrypt)encrBase).getEncryptedKeyElement());
+                        Element secondRefList = saaj.getSOAPPart()
+                            .createElementNS(WSConstants.ENC_NS,
+                                             WSConstants.ENC_PREFIX + ":ReferenceList");
+                        this.insertBeforeBottomUp(secondRefList);
+                        ((WSSecEncrypt)encrBase).encryptForExternalRef(secondRefList, secondEncrParts);
                         
                     } catch (WSSecurityException e) {
                         //REVISIT - exception
@@ -300,9 +298,9 @@
                     dkEncr.setDerivedKeyLength(algorithmSuite.getEncryptionDerivedKeyLength()
/ 8);
                     dkEncr.prepare(saaj.getSOAPPart());
                     
-                    dkEncr.prependDKElementToHeader(secHeader);
+                    addDerivedKeyElement(dkEncr.getdktElement());
                     Element refList = dkEncr.encryptForExternalRef(null, encrParts);
-                    dkEncr.addExternalRefElement(refList, secHeader);
+                    insertBeforeBottomUp(refList);
                     return dkEncr;
                 } catch (Exception e) {
                     policyNotAsserted(recToken, e);
@@ -322,7 +320,7 @@
                                  getEncryptionCrypto(recToken));
                     
                     if (encr.getBSTTokenId() != null) {
-                        encr.appendBSTElementToHeader(secHeader);
+                        encr.prependBSTElementToHeader(secHeader);
                     }
                     
                     
@@ -331,14 +329,14 @@
                     //Encrypt, get hold of the ref list and add it
                     if (externalRef) {
                         Element refList = encr.encryptForExternalRef(null, encrParts);
-                        secHeader.getSecurityHeader().appendChild(refList);
+                        insertBeforeBottomUp(refList);
                     } else {
                         Element refList = encr.encryptForInternalRef(null, encrParts);
                     
                         // Add internal refs
                         encryptedKeyElement.appendChild(refList);
                     }
-                    encr.prependToHeader(secHeader);
+                    this.addEncyptedKeyElement(encryptedKeyElement);
                     return encr;
                 } catch (WSSecurityException e) {
                     policyNotAsserted(recToken, e.getMessage());
@@ -362,8 +360,7 @@
             }
         }
     }
-    private void doSignature(Vector<WSEncryptionPart> sigParts,
-                             Element appendAfter) throws WSSecurityException {
+    private void doSignature(Vector<WSEncryptionPart> sigParts) throws WSSecurityException
{
         Token sigToken = null;
         TokenWrapper wrapper = null;
         if (isRequestor()) {
@@ -404,9 +401,8 @@
                 dkSign.computeSignature();
 
                 // Add elements to header
-                dkSign.appendDKElementToHeader(secHeader);
-                dkSign.appendSigToHeader(secHeader);
-                
+                addDerivedKeyElement(dkSign.getdktElement());
+                insertBeforeBottomUp(dkSign.getSignatureElement());                
                 mainSigId = addWsuIdToElement(dkSign.getSignatureElement());
             } catch (Exception e) {
                 //REVISIT
@@ -424,14 +420,7 @@
             sig.addReferencesToSign(sigParts, secHeader);
             sig.computeSignature();
 
-            if (appendAfter != null) {
-                insertAfter(sig.getSignatureElement(),
-                            secHeader.getSecurityHeader(),
-                            appendAfter);
-            } else {
-                sig.prependToHeader(secHeader);
-            }
-
+            insertBeforeBottomUp(sig.getSignatureElement());            
             mainSigId = addWsuIdToElement(sig.getSignatureElement());
         }
     }
@@ -529,7 +518,7 @@
         }
         
         // Add the EncryptedKey
-        encrKey.prependToHeader(secHeader);
+        this.addEncyptedKeyElement(encrKey.getEncryptedKeyElement());
         encryptedKeyValue = encrKey.getEphemeralKey();
         encryptedKeyId = encrKey.getId();
         

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java?rev=699436&r1=699435&r2=699436&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java
Fri Sep 26 10:52:59 2008
@@ -122,6 +122,11 @@
     
     protected Vector<byte[]> signatures = new Vector<byte[]>();
 
+    Element lastSupportingTokenElement;
+    Element lastEncryptedKeyElement;
+    Element lastDerivedKeyElement;
+    Element bottomUpElement;
+    Element topDownElement;
     
     public BindingBuilder(Binding binding,
                            SOAPMessage saaj,
@@ -135,14 +140,87 @@
         this.message = message;
         message.getExchange().put(WSHandlerConstants.SEND_SIGV, signatures);
     }
-
+    
+    private void insertAfter(Element child, Element sib) {
+        if (sib.getNextSibling() == null) {
+            secHeader.getSecurityHeader().appendChild(child);
+        } else {
+            secHeader.getSecurityHeader().insertBefore(child, sib.getNextSibling());
+        }
+    }
+    protected void addDerivedKeyElement(Element el) {
+        if (lastDerivedKeyElement != null) {
+            insertAfter(el, lastDerivedKeyElement);
+        } else if (lastEncryptedKeyElement != null) {
+            insertAfter(el, lastEncryptedKeyElement);
+        } else if (topDownElement != null) {
+            insertAfter(el, topDownElement);
+        } else if (secHeader.getSecurityHeader().getFirstChild() != null) {
+            secHeader.getSecurityHeader().insertBefore(el, secHeader.getSecurityHeader().getFirstChild());
+        } else {
+            secHeader.getSecurityHeader().appendChild(el);
+        }
+        lastEncryptedKeyElement = el;
+    }        
+    protected void addEncyptedKeyElement(Element el) {
+        if (lastEncryptedKeyElement != null) {
+            insertAfter(el, lastEncryptedKeyElement);
+        } else if (lastDerivedKeyElement != null) {
+            secHeader.getSecurityHeader().insertBefore(el, lastDerivedKeyElement);
+        } else if (topDownElement != null) {
+            insertAfter(el, topDownElement);
+        } else if (secHeader.getSecurityHeader().getFirstChild() != null) {
+            secHeader.getSecurityHeader().insertBefore(el, secHeader.getSecurityHeader().getFirstChild());
+        } else {
+            secHeader.getSecurityHeader().appendChild(el);
+        }
+        lastEncryptedKeyElement = el;
+    }
+    protected void addSupportingElement(Element el) {
+        if (lastSupportingTokenElement != null) {
+            insertAfter(el, lastSupportingTokenElement);
+        } else if (lastDerivedKeyElement != null) {
+            insertAfter(el, lastDerivedKeyElement);
+        } else if (lastEncryptedKeyElement != null) {
+            insertAfter(el, lastEncryptedKeyElement);
+        } else if (topDownElement != null) {
+            insertAfter(el, topDownElement);
+        } else if (bottomUpElement != null) {
+            secHeader.getSecurityHeader().insertBefore(el, bottomUpElement);
+        } else {
+            secHeader.getSecurityHeader().appendChild(el);
+        }
+        lastSupportingTokenElement = el;
+    }
+    protected void insertBeforeBottomUp(Element el) {
+        if (bottomUpElement == null) {
+            secHeader.getSecurityHeader().appendChild(el);
+        } else {
+            secHeader.getSecurityHeader().insertBefore(el, bottomUpElement);
+        }
+        bottomUpElement = el;
+    }
+    protected void addTopDownElement(Element el) {
+        if (topDownElement == null) {
+            if (secHeader.getSecurityHeader().getFirstChild() == null) {
+                secHeader.getSecurityHeader().appendChild(el);
+            } else {
+                secHeader.getSecurityHeader().insertBefore(el, secHeader
+                                                               .getSecurityHeader()
+                                                               .getFirstChild());
+            }
+        } else {
+            insertAfter(el, topDownElement);
+        }
+        topDownElement = el;
+    }
     
     protected boolean isRequestor() {
         return Boolean.TRUE.equals(message.containsKey(
             org.apache.cxf.message.Message.REQUESTOR_ROLE));
     }  
     protected void policyNotAsserted(PolicyAssertion assertion, Exception reason) {
-        LOG.log(Level.INFO, "Not asserting " + assertion.getName(), reason);
+        LOG.log(Level.INFO, "Not asserting " + assertion.getName() + ": " + reason);
         Collection<AssertionInfo> ais;
         ais = aim.get(assertion.getName());
         if (ais != null) {
@@ -154,7 +232,7 @@
         }
     }
     protected void policyNotAsserted(PolicyAssertion assertion, String reason) {
-        LOG.log(Level.INFO, "Not asserting " + assertion.getName(), reason);
+        LOG.log(Level.INFO, "Not asserting " + assertion.getName() + ": " + reason);
         Collection<AssertionInfo> ais;
         ais = aim.get(assertion.getName());
         if (ais != null) {
@@ -193,15 +271,16 @@
         }
         return null;
     } 
-    
-    protected void insertAfter(Element child, Element parent, Element sib) {
-        if (sib.getNextSibling() == null) {
-            parent.appendChild(child);
-        } else {
-            parent.insertBefore(child, sib.getNextSibling());
+    protected PolicyAssertion findAndAssertPolicy(QName n) {
+        Collection<AssertionInfo> ais = aim.getAssertionInfo(n);
+        if (ais != null && !ais.isEmpty()) {
+            AssertionInfo ai = ais.iterator().next();
+            ai.setAsserted(true);
+            return ai.getAssertion();
         }
-    }
-        
+        return null;
+    } 
+    
     protected WSSecTimestamp createTimestamp() {
         Collection<AssertionInfo> ais;
         ais = aim.get(SP12Constants.INCLUDE_TIMESTAMP);
@@ -212,7 +291,6 @@
                 ai.setAsserted(true);
             }                    
         }
-        timestampEl.prependToHeader(secHeader);
         return timestampEl;
     }
     
@@ -229,24 +307,33 @@
                     } else {
                         ai.setAsserted(true);
                         Element el = timestamp.getElement();
-                        secHeader.getSecurityHeader().removeChild(el);
                         secHeader.getSecurityHeader().appendChild(el);
+                        if (bottomUpElement == null) {
+                            bottomUpElement = el;
+                        }
                     }
                 } else if (SPConstants.Layout.LaxTimestampFirst == layout.getValue()) {
                     if (timestamp == null) {
                         ai.setNotAsserted(SPConstants.Layout.LaxTimestampLast + " requires
a timestamp");
                     } else {
-                        Element el = timestamp.getElement();
-                        secHeader.getSecurityHeader().removeChild(el);
-                        secHeader.getSecurityHeader().insertBefore(el,
-                                                                   secHeader.getSecurityHeader()
-                                                                       .getFirstChild());
+                        addTopDownElement(timestampEl.getElement());
                     }
+                } else if (timestampEl != null) {
+                    addTopDownElement(timestampEl.getElement());
                 }
             }                    
+        } else if (timestampEl != null) {
+            addTopDownElement(timestampEl.getElement());
         }
         return timestamp;
     }
+    protected void assertSupportingTokens(PolicyAssertion suppTokens) {
+        if (suppTokens instanceof SupportingToken) {
+            for (Token token : ((SupportingToken)suppTokens).getTokens()) {
+                this.policyAsserted(token);
+            }        
+        }
+    }
     
     protected Map<Token, WSSecBase> handleSupportingTokens(SupportingToken suppTokens)
{
         Map<Token, WSSecBase> ret = new HashMap<Token, WSSecBase>();
@@ -258,22 +345,23 @@
                 WSSecUsernameToken utBuilder = addUsernameToken((UsernameToken)token);
                 if (utBuilder != null) {
                     utBuilder.prepare(saaj.getSOAPPart());
-                    utBuilder.appendToHeader(secHeader);
+                    addSupportingElement(utBuilder.getUsernameTokenElement());
                     ret.put(token, utBuilder);
-                    encryptedTokensIdList.add(utBuilder.getId());
+                    if (suppTokens.isEncryptedToken()) {
+                        encryptedTokensIdList.add(utBuilder.getId());
+                    }
                 }
             } else if (token instanceof IssuedToken && isRequestor()) {
                 //ws-trust stuff.......
                 //REVISIT
                 policyNotAsserted(token, "Issued token not yet supported");
             } else if (token instanceof X509Token) {
-
                 //We have to use a cert
                 //Prepare X509 signature
                 WSSecSignature sig = getSignatureBuider(suppTokens, token);
                 Element bstElem = sig.getBinarySecurityTokenElement();
                 if (bstElem != null) {
-                    sig.appendBSTElementToHeader(secHeader);
+                    sig.prependBSTElementToHeader(secHeader);
                 }
                 if (suppTokens.isEncryptedToken()) {
                     encryptedTokensIdList.add(sig.getBSTTokenId());
@@ -286,7 +374,7 @@
     }
     
     protected void addSignatureParts(Map<Token, WSSecBase> tokenMap,
-                                                         List<WSEncryptionPart> sigParts)
{
+                                       List<WSEncryptionPart> sigParts) {
         
         for (Map.Entry<Token, WSSecBase> entry : tokenMap.entrySet()) {
             
@@ -298,8 +386,11 @@
                 if (tempSig.getBSTTokenId() != null) {
                     part = new WSEncryptionPart(tempSig.getBSTTokenId());
                 }
+            } else if (tempTok instanceof WSSecUsernameToken) {
+                WSSecUsernameToken unt = (WSSecUsernameToken)tempTok;
+                part = new WSEncryptionPart(unt.getId());
             } else {
-                policyNotAsserted(entry.getKey(), "UnsupportedTokenInSupportingToken"); 

+                policyNotAsserted(entry.getKey(), "UnsupportedTokenInSupportingToken: " +
tempTok);  
             }
             if (part != null) {
                 sigParts.add(part);
@@ -836,13 +927,21 @@
     }
     protected WSSecSignature getSignatureBuider(TokenWrapper wrapper, Token token) {
         WSSecSignature sig = new WSSecSignature();
-        checkForX509PkiPath(sig, token);
-        
+        checkForX509PkiPath(sig, token);        
         setKeyIdentifierType(sig, wrapper, token);
         
-        String user = (String)message.getContextualProperty(SecurityConstants.USERNAME);
+        boolean encryptCrypto = false;
+        String userNameKey = SecurityConstants.USERNAME;
+        String type = "signature";
+        if (binding instanceof SymmetricBinding) {
+            encryptCrypto = ((SymmetricBinding)binding).getProtectionToken() != null;
+            userNameKey = SecurityConstants.ENCRYPT_USERNAME;
+        }
+
+        
+        String user = (String)message.getContextualProperty(userNameKey);
         if (StringUtils.isEmpty(user)) {
-            policyNotAsserted(token, "No signature username found.");
+            policyNotAsserted(token, "No " + type + " username found.");
         }
 
         String password = getPassword(user, token, WSPasswordCallback.SIGNATURE);
@@ -856,7 +955,7 @@
         
         try {
             sig.prepare(saaj.getSOAPPart(),
-                        getSignatureCrypto(wrapper), 
+                        encryptCrypto ? getEncryptionCrypto(wrapper) : getSignatureCrypto(wrapper),

                         secHeader);
         } catch (WSSecurityException e) {
             policyNotAsserted(token, e);
@@ -892,44 +991,55 @@
             }
         } 
     }
-    
+    protected void assertSupportingTokens(Vector<WSEncryptionPart> sigs) {
+        assertSupportingTokens(findAndAssertPolicy(SP12Constants.SIGNED_SUPPORTING_TOKENS));
+        assertSupportingTokens(findAndAssertPolicy(SP12Constants.ENDORSING_SUPPORTING_TOKENS));
+        assertSupportingTokens(findAndAssertPolicy(SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS));
+        assertSupportingTokens(findAndAssertPolicy(SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS));
+        assertSupportingTokens(findAndAssertPolicy(SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS));
+        assertSupportingTokens(findAndAssertPolicy(SP12Constants
+                                                       .SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS));
+        assertSupportingTokens(findAndAssertPolicy(SP12Constants.SUPPORTING_TOKENS));
+        assertSupportingTokens(findAndAssertPolicy(SP12Constants.ENCRYPTED_SUPPORTING_TOKENS));
+    }    
     protected void addSupportingTokens(Vector<WSEncryptionPart> sigs) {
         
         SupportingToken sgndSuppTokens = 
-            (SupportingToken)findPolicy(SP12Constants.SIGNED_SUPPORTING_TOKENS);
+            (SupportingToken)findAndAssertPolicy(SP12Constants.SIGNED_SUPPORTING_TOKENS);
         
         Map<Token, WSSecBase> sigSuppTokMap = this.handleSupportingTokens(sgndSuppTokens);
          
         
         SupportingToken endSuppTokens = 
-            (SupportingToken)findPolicy(SP12Constants.ENDORSING_SUPPORTING_TOKENS);
+            (SupportingToken)findAndAssertPolicy(SP12Constants.ENDORSING_SUPPORTING_TOKENS);
         
         endSuppTokMap = this.handleSupportingTokens(endSuppTokens);
         
         SupportingToken sgndEndSuppTokens 
-            = (SupportingToken)findPolicy(SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
+            = (SupportingToken)findAndAssertPolicy(SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
         sgndEndSuppTokMap = this.handleSupportingTokens(sgndEndSuppTokens);
         
         SupportingToken sgndEncryptedSuppTokens 
-            = (SupportingToken)findPolicy(SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
+            = (SupportingToken)findAndAssertPolicy(SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
         Map<Token, WSSecBase> sgndEncSuppTokMap 
             = this.handleSupportingTokens(sgndEncryptedSuppTokens);
         
         SupportingToken endorsingEncryptedSuppTokens 
-            = (SupportingToken)findPolicy(SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
+            = (SupportingToken)findAndAssertPolicy(SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
         endEncSuppTokMap 
             = this.handleSupportingTokens(endorsingEncryptedSuppTokens);
         
         SupportingToken sgndEndEncSuppTokens 
-            = (SupportingToken)findPolicy(SP12Constants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
+            = (SupportingToken)findAndAssertPolicy(SP12Constants
+                                                       .SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
         sgndEndEncSuppTokMap 
             = this.handleSupportingTokens(sgndEndEncSuppTokens);
         
         SupportingToken supportingToks 
-            = (SupportingToken)findPolicy(SP12Constants.SUPPORTING_TOKENS);
+            = (SupportingToken)findAndAssertPolicy(SP12Constants.SUPPORTING_TOKENS);
         this.handleSupportingTokens(supportingToks);
         
         SupportingToken encryptedSupportingToks 
-            = (SupportingToken)findPolicy(SP12Constants.ENCRYPTED_SUPPORTING_TOKENS);
+            = (SupportingToken)findAndAssertPolicy(SP12Constants.ENCRYPTED_SUPPORTING_TOKENS);
         this.handleSupportingTokens(encryptedSupportingToks);
     
         //Setup signature parts
@@ -995,7 +1105,7 @@
                 byte[] sigVal = (byte[]) wsr.get(WSSecurityEngineResult.TAG_SIGNATURE_VALUE);
                 wsc.setSignatureValue(sigVal);
                 wsc.prepare(saaj.getSOAPPart());
-                wsc.prependToHeader(secHeader);
+                addSupportingElement(wsc.getSignatureConfirmationElement());
                 if (sigParts != null) {
                     sigParts.add(new WSEncryptionPart(wsc.getId()));
                 }
@@ -1003,7 +1113,7 @@
         } else {
             //No Sig value
             wsc.prepare(saaj.getSOAPPart());
-            wsc.prependToHeader(secHeader);
+            addSupportingElement(wsc.getSignatureConfirmationElement());
             if (sigParts != null) {
                 sigParts.add(new WSEncryptionPart(wsc.getId()));
             }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=699436&r1=699435&r2=699436&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
Fri Sep 26 10:52:59 2008
@@ -29,7 +29,6 @@
 
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
-import org.w3c.dom.Node;
 
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.common.util.StringUtils;
@@ -103,6 +102,7 @@
     
     public void handleBinding() {
         WSSecTimestamp timestamp = createTimestamp();
+        handleLayout(timestamp);
         
         if (isRequestor()) {
             //Setup required tokens
@@ -116,7 +116,6 @@
             doSignBeforeEncrypt();
         }
 
-        handleLayout(timestamp);
     }
     
     
@@ -178,9 +177,16 @@
                 || (isRequestor() 
                     && SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT

                         == sigToken.getInclusion())) {
-                sigTokElem = appendChildToSecHeader(sigTok.getToken());
+                
+                Element el = sigTok.getToken();
+                sigTokElem = (Element)secHeader.getSecurityHeader().getOwnerDocument()
+                        .importNode(el, true);
+                this.addEncyptedKeyElement((Element)sigTokElem);
             } else if (isRequestor() && sigToken instanceof X509Token) {
-                sigTokElem = appendChildToSecHeader(sigTok.getToken());
+                Element el = sigTok.getToken();
+                sigTokElem = (Element)secHeader.getSecurityHeader().getOwnerDocument()
+                        .importNode(el, true);
+                this.addEncyptedKeyElement((Element)sigTokElem);
             }
         
         
@@ -193,12 +199,13 @@
 
             if (isRequestor()) {
                 addSupportingTokens(sigs);
-                signatures.add(doSignature(sigs, sigTokenWrapper, sigToken, sigTok, sigTokElem));
+                signatures.add(doSignature(sigs, sigTokenWrapper, sigToken, sigTok));
                 doEndorse();
             } else {
                 //confirm sig
+                assertSupportingTokens(sigs);
                 addSignatureConfirmation(sigs);
-                doSignature(sigs, sigTokenWrapper, sigToken, sigTok, null);
+                doSignature(sigs, sigTokenWrapper, sigToken, sigTok);
             }
 
             //REVIST - what to do with these policies?
@@ -276,7 +283,7 @@
                         dkEncr.setExternalKey(encrTok.getSecret(), (Element)saaj.getSOAPPart()
                                 .importNode((Element) encrTok.getUnattachedReference(),
                                         true));
-                    } else if (!isRequestor() && encrToken.isDerivedKeys()) { 
+                    } else if (!isRequestor()) { 
                         // If the Encrypted key used to create the derived key is not
                         // attached use key identifier as defined in WSS1.1 section
                         // 7.7 Encrypted Key reference
@@ -300,16 +307,9 @@
                     dkEncr.prepare(saaj.getSOAPPart());
                     Element encrDKTokenElem = null;
                     encrDKTokenElem = dkEncr.getdktElement();
-                    if (encrElem != null) {
-                        insertAfter(encrDKTokenElem, secHeader.getSecurityHeader(), encrElem);
-                    } else if (timestampEl != null) {
-                        insertAfter(encrDKTokenElem, secHeader.getSecurityHeader(), timestampEl.getElement());
-                    } else {
-                        dkEncr.prependDKElementToHeader(secHeader);
-                    }
-                    
+                    addDerivedKeyElement(encrDKTokenElem);
                     Element refList = dkEncr.encryptForExternalRef(null, encrParts);
-                    insertAfter(refList, secHeader.getSecurityHeader(), encrDKTokenElem);
+                    this.addDerivedKeyElement(refList);
                     return dkEncr;
                 } catch (Exception e) {
                     policyNotAsserted(recToken, e);
@@ -340,12 +340,12 @@
                                  getEncryptionCrypto(recToken));
                    
                     if (encr.getBSTTokenId() != null) {
-                        encr.appendBSTElementToHeader(secHeader);
+                        encr.prependBSTElementToHeader(secHeader);
                     }
                    
                    
                     Element refList = encr.encryptForExternalRef(null, encrParts);
-                    insertAfter(refList, secHeader.getSecurityHeader(), encrElem);
+                    this.addDerivedKeyElement(refList);
 
                     return encr;
                 } catch (WSSecurityException e) {
@@ -359,8 +359,7 @@
     private byte[] doSignatureDK(Vector<WSEncryptionPart> sigs,
                                TokenWrapper policyTokenWrapper, 
                                Token policyToken, 
-                               SecurityToken tok,
-                               Element appendAfter) throws WSSecurityException {
+                               SecurityToken tok) throws WSSecurityException {
         Document doc = saaj.getSOAPPart();
         WSSecDKSign dkSign = new WSSecDKSign();
         
@@ -429,16 +428,8 @@
 
         //Add elements to header
         Element el = dkSign.getdktElement();
-        if (appendAfter != null) {
-            insertAfter(el,
-                        secHeader.getSecurityHeader(),
-                        appendAfter);                    
-        } else {
-            dkSign.prependSigToHeader(secHeader);
-        }
-        insertAfter(dkSign.getSignatureElement(),
-                    secHeader.getSecurityHeader(),
-                    el);                    
+        addDerivedKeyElement(el);  
+        insertBeforeBottomUp(dkSign.getSignatureElement());
         this.mainSigId = addWsuIdToElement(dkSign.getSignatureElement());
 
         return dkSign.getSignatureValue();        
@@ -446,10 +437,9 @@
     private byte[] doSignature(Vector<WSEncryptionPart> sigs,
                              TokenWrapper policyTokenWrapper, 
                              Token policyToken, 
-                             SecurityToken tok,
-                             Element appendAfter) throws WSSecurityException {
+                             SecurityToken tok) throws WSSecurityException {
         if (policyToken.isDerivedKeys()) {
-            return doSignatureDK(sigs, policyTokenWrapper, policyToken, tok, appendAfter);
+            return doSignatureDK(sigs, policyTokenWrapper, policyToken, tok);
         } else {
             WSSecSignature sig = new WSSecSignature();
             // If a EncryptedKeyToken is used, set the correct value type to
@@ -495,8 +485,13 @@
             sig.setSecretKey(tok.getSecret());
             sig.setSignatureAlgorithm(sbinding.getAlgorithmSuite().getAsymmetricSignature());
             sig.setSignatureAlgorithm(sbinding.getAlgorithmSuite().getSymmetricSignature());
-            sig.prepare(saaj.getSOAPPart(), getSignatureCrypto(policyTokenWrapper),
+            if (sbinding.getProtectionToken() != null) {
+                sig.prepare(saaj.getSOAPPart(), getEncryptionCrypto(sbinding.getProtectionToken()),
                         secHeader);
+            } else {
+                sig.prepare(saaj.getSOAPPart(), getSignatureCrypto(policyTokenWrapper),
+                            secHeader);
+            }
 
             sig.setParts(sigs);
             sig.addReferencesToSign(sigs, secHeader);
@@ -504,15 +499,9 @@
             //Do signature
             sig.computeSignature();
 
-            if (appendAfter != null) {
-                insertAfter(sig.getSignatureElement(),
-                            secHeader.getSecurityHeader(),
-                            appendAfter);                    
-            } else {
-                sig.appendToHeader(secHeader);
-            }
-
-            this.mainSigId = addWsuIdToElement(sig.getSignatureElement());
+            Element mainSigElement = sig.getSignatureElement();
+            insertBeforeBottomUp(mainSigElement);
+            mainSigId = addWsuIdToElement(mainSigElement);
             return sig.getSignatureValue();
         }
     }
@@ -544,7 +533,7 @@
         //If direct ref is used to refer to the cert
         //then add the cert to the sec header now
         if (bstTokenId != null && bstTokenId.length() > 0) {
-            encrKey.appendBSTElementToHeader(secHeader);
+            encrKey.prependBSTElementToHeader(secHeader);
         }
         return id;
     }
@@ -599,11 +588,5 @@
         }
         return null;
     }
-    public Element appendChildToSecHeader(Element elem) {
-        Element secHeaderElem = secHeader.getSecurityHeader();
-        Node node = secHeaderElem.getOwnerDocument()
-            .importNode(elem, true);
-        return (Element)secHeaderElem.appendChild(node);
-    }
 
 }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=699436&r1=699435&r2=699436&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
Fri Sep 26 10:52:59 2008
@@ -50,6 +50,7 @@
     public void handleBinding() {
         Collection<AssertionInfo> ais;
         WSSecTimestamp timestamp = createTimestamp();
+        handleLayout(timestamp);
         
         ais = aim.get(SP12Constants.SIGNED_SUPPORTING_TOKENS);
         if (ais != null) {
@@ -63,8 +64,6 @@
                 handleSupportingTokens(sgndSuppTokens);
             }
         }
-
-        handleLayout(timestamp);
     }
 
 }



Mime
View raw message