cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r956682 - in /cxf/branches/2.2.x-fixes: ./ rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/
Date Mon, 21 Jun 2010 20:26:58 GMT
Author: sergeyb
Date: Mon Jun 21 20:26:58 2010
New Revision: 956682

URL: http://svn.apache.org/viewvc?rev=956682&view=rev
Log:
CXF-2754: updates for dealing with digests

Modified:
    cxf/branches/2.2.x-fixes/   (props changed)
    cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/UsernameTokenBuilder.java
    cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java
    cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/UserNameTokenAuthorizationTest.java

Propchange: cxf/branches/2.2.x-fixes/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Jun 21 20:26:58 2010
@@ -1 +1 @@
-/cxf/trunk:956088
+/cxf/trunk:956088,956658

Propchange: cxf/branches/2.2.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.

Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/UsernameTokenBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/UsernameTokenBuilder.java?rev=956682&r1=956681&r2=956682&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/UsernameTokenBuilder.java
(original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/UsernameTokenBuilder.java
Mon Jun 21 20:26:58 2010
@@ -24,8 +24,9 @@ import java.util.List;
 import javax.xml.namespace.QName;
 
 import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
 
-import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.ws.policy.AssertionBuilder;
 import org.apache.cxf.ws.policy.PolicyAssertion;
 import org.apache.cxf.ws.policy.PolicyBuilder;
@@ -60,23 +61,29 @@ public class UsernameTokenBuilder implem
 
         Element polEl = PolicyConstants.findPolicyElement(element);
         if (polEl != null) {
-            Element child = DOMUtils.getFirstElement(polEl);
-            if (child != null) {
-                QName qname = new QName(child.getNamespaceURI(), child.getLocalName());
-                if (SPConstants.USERNAME_TOKEN10.equals(qname.getLocalPart())) {
-                    usernameToken.setUseUTProfile10(true);
-                } else if (SPConstants.USERNAME_TOKEN11.equals(qname.getLocalPart())) {
-                    usernameToken.setUseUTProfile11(true);
-                } else if (SP12Constants.NO_PASSWORD.equals(qname)) {
-                    usernameToken.setNoPassword(true);
-                } else if (SP12Constants.HASH_PASSWORD.equals(qname)) {
-                    usernameToken.setHashPassword(true);
-                } else if (SP12Constants.REQUIRE_DERIVED_KEYS.equals(qname)) {
-                    usernameToken.setDerivedKeys(true);
-                } else if (SP12Constants.REQUIRE_EXPLICIT_DERIVED_KEYS.equals(qname)) {
-                    usernameToken.setExplicitDerivedKeys(true);
-                } else if (SP12Constants.REQUIRE_IMPLIED_DERIVED_KEYS.equals(qname)) {
-                    usernameToken.setImpliedDerivedKeys(true);
+            NodeList children = polEl.getChildNodes();
+            if (children != null) {
+                for (int i = 0; i < children.getLength(); i++) {
+                    Node child = children.item(i);
+                    if (child instanceof Element) {
+                        child = (Element)child;
+                        QName qname = new QName(child.getNamespaceURI(), child.getLocalName());
+                        if (SPConstants.USERNAME_TOKEN10.equals(qname.getLocalPart())) {
+                            usernameToken.setUseUTProfile10(true);
+                        } else if (SPConstants.USERNAME_TOKEN11.equals(qname.getLocalPart()))
{
+                            usernameToken.setUseUTProfile11(true);
+                        } else if (SP12Constants.NO_PASSWORD.equals(qname)) {
+                            usernameToken.setNoPassword(true);
+                        } else if (SP12Constants.HASH_PASSWORD.equals(qname)) {
+                            usernameToken.setHashPassword(true);
+                        } else if (SP12Constants.REQUIRE_DERIVED_KEYS.equals(qname)) {
+                            usernameToken.setDerivedKeys(true);
+                        } else if (SP12Constants.REQUIRE_EXPLICIT_DERIVED_KEYS.equals(qname))
{
+                            usernameToken.setExplicitDerivedKeys(true);
+                        } else if (SP12Constants.REQUIRE_IMPLIED_DERIVED_KEYS.equals(qname))
{
+                            usernameToken.setImpliedDerivedKeys(true);
+                        }
+                    }
                 }
             }
         }

Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java?rev=956682&r1=956681&r2=956682&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java
(original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java
Mon Jun 21 20:26:58 2010
@@ -89,7 +89,9 @@ public abstract class AbstractUsernameTo
         supportDigestPasswords = support;
     }
     
-    
+    public boolean getSupportDigestPasswords() {
+        return supportDigestPasswords;
+    }
     
     @Override
     protected SecurityContext createSecurityContext(final Principal p) {
@@ -165,7 +167,11 @@ public abstract class AbstractUsernameTo
     protected CallbackHandler getCallback(RequestData reqData, int doAction) 
         throws WSSecurityException {
         
-        if ((doAction & WSConstants.UT) != 0 && !supportDigestPasswords) {  
 
+        // Given that a custom UT processor is used for dealing with digests 
+        // no callback handler is required when the request UT contains a digest;
+        // however a custom callback may still be needed for decrypting the encrypted UT
+        
+        if ((doAction & WSConstants.UT) != 0) {
             CallbackHandler pwdCallback = null;
             try {
                 pwdCallback = super.getCallback(reqData, doAction);
@@ -184,7 +190,6 @@ public abstract class AbstractUsernameTo
             return super.getSecurityEngine();
         }
         Map<QName, Object> profiles = new HashMap<QName, Object>(3);
-        profiles.put(new QName(WSConstants.USERNAMETOKEN_NS, WSConstants.USERNAME_TOKEN_LN),
this);
         profiles.put(new QName(WSConstants.WSSE_NS, WSConstants.USERNAME_TOKEN_LN), this);
         profiles.put(new QName(WSConstants.WSSE11_NS, WSConstants.USERNAME_TOKEN_LN), this);
         return createSecurityEngine(profiles);
@@ -202,7 +207,7 @@ public abstract class AbstractUsernameTo
     }
     
     
-    private class DelegatingCallbackHandler implements CallbackHandler {
+    protected class DelegatingCallbackHandler implements CallbackHandler {
 
         private CallbackHandler pwdHandler;
         

Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/UserNameTokenAuthorizationTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/UserNameTokenAuthorizationTest.java?rev=956682&r1=956681&r2=956682&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/UserNameTokenAuthorizationTest.java
(original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/UserNameTokenAuthorizationTest.java
Mon Jun 21 20:26:58 2010
@@ -66,7 +66,7 @@ public class UserNameTokenAuthorizationT
         wsIn.setProperty(WSHandlerConstants.SIG_PROP_FILE, "META-INF/cxf/insecurity.properties");
         wsIn.setProperty(WSHandlerConstants.DEC_PROP_FILE, "META-INF/cxf/insecurity.properties");
         wsIn.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, TestPwdCallback.class.getName());
-
+        
         service.getInInterceptors().add(wsIn);
          
         SimpleAuthorizingInterceptor sai = new SimpleAuthorizingInterceptor();



Mime
View raw message