cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r931767 - in /cxf/branches/2.2.x-fixes: ./ rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
Date Thu, 08 Apr 2010 03:25:13 GMT
Author: dkulp
Date: Thu Apr  8 03:25:12 2010
New Revision: 931767

URL: http://svn.apache.org/viewvc?rev=931767&view=rev
Log:
Merged revisions 931758 via svnmerge from 
https://svn.apache.org/repos/asf/cxf/trunk

........
  r931758 | dkulp | 2010-04-07 22:49:47 -0400 (Wed, 07 Apr 2010) | 1 line
  
  [CXF-2714] Add ability to not always encrypt UT's
........

Modified:
    cxf/branches/2.2.x-fixes/   (props changed)
    cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
    cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java

Propchange: cxf/branches/2.2.x-fixes/
------------------------------------------------------------------------------
    svn:mergeinfo = /cxf/trunk:931758

Propchange: cxf/branches/2.2.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.

Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=931767&r1=931766&r2=931767&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
(original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
Thu Apr  8 03:25:12 2010
@@ -48,6 +48,12 @@ public final class SecurityConstants {
     
     public static final String TIMESTAMP_TTL = "ws-security.timestamp.timeToLive";
     
+    //WebLogic and WCF always encrypt UsernameTokens whenever possible
+    //See:  http://e-docs.bea.com/wls/docs103/webserv_intro/interop.html
+    //Be default, we will encrypt as well for interop reasons.  However, this
+    //setting can be set to false to turn that off. 
+    public static final String ALWAYS_ENCRYPT_UT = "ws-security.username-token.always.encrypted";
+    
     /**
      * WCF's trust server sometimes will encrypt the token in the response IN ADDITION TO
      * the full security on the message. These properties control the way the STS client
@@ -70,7 +76,7 @@ public final class SecurityConstants {
             SIGNATURE_USERNAME, SIGNATURE_PROPERTIES, SIGNATURE_CRYPTO,
             ENCRYPT_USERNAME, ENCRYPT_PROPERTIES, ENCRYPT_CRYPTO,
             TOKEN, TOKEN_ID, STS_CLIENT, STS_TOKEN_PROPERTIES, STS_TOKEN_CRYPTO,
-            STS_TOKEN_DO_CANCEL
+            STS_TOKEN_DO_CANCEL, TIMESTAMP_TTL, ALWAYS_ENCRYPT_UT
         }));
         ALL_PROPERTIES = Collections.unmodifiableSet(s);
     }

Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=931767&r1=931766&r2=931767&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
(original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
Thu Apr  8 03:25:12 2010
@@ -440,7 +440,13 @@ public abstract class AbstractBindingBui
                     ret.put(token, utBuilder);
                     //WebLogic and WCF always encrypt these
                     //See:  http://e-docs.bea.com/wls/docs103/webserv_intro/interop.html
-                    encryptedTokensIdList.add(utBuilder.getId());
+                    //encryptedTokensIdList.add(utBuilder.getId());
+                    if (suppTokens.isEncryptedToken()
+                        || MessageUtils.getContextualBoolean(message, 
+                                                             SecurityConstants.ALWAYS_ENCRYPT_UT,
+                                                             true)) {
+                        encryptedTokensIdList.add(utBuilder.getId());
+                    }
                 }
             } else if (isRequestor() 
                 && (token instanceof IssuedToken



Mime
View raw message