cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1040628 - in /cxf/sandbox/wss4j-1.6-port: distribution/src/main/release/samples/ws_security/interopfest/wssc/src/main/java/interop/client/ distribution/src/main/release/samples/ws_security/interopfest/wssec11/src/main/java/interop/server/ ...
Date Tue, 30 Nov 2010 16:40:52 GMT
Author: coheigea
Date: Tue Nov 30 16:40:51 2010
New Revision: 1040628

URL: http://svn.apache.org/viewvc?rev=1040628&view=rev
Log:
Some minor changes.

Modified:
    cxf/sandbox/wss4j-1.6-port/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/main/java/interop/client/KeystorePasswordCallback.java
    cxf/sandbox/wss4j-1.6-port/distribution/src/main/release/samples/ws_security/interopfest/wssec11/src/main/java/interop/server/KeystorePasswordCallback.java
    cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
    cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
    cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
    cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
    cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenProcessorWithoutCallbacks.java
    cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
    cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
    cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
    cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
    cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
    cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomProcessor.java
    cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java
    cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureConfirmationTest.java
    cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java

Modified: cxf/sandbox/wss4j-1.6-port/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/main/java/interop/client/KeystorePasswordCallback.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/main/java/interop/client/KeystorePasswordCallback.java?rev=1040628&r1=1040627&r2=1040628&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/main/java/interop/client/KeystorePasswordCallback.java (original)
+++ cxf/sandbox/wss4j-1.6-port/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/main/java/interop/client/KeystorePasswordCallback.java Tue Nov 30 16:40:51 2010
@@ -61,17 +61,11 @@ public class KeystorePasswordCallback im
                 //The above is an issue when doing encrypt or signing only.
                 //Perhaps using a more suitable keystore format like .jks would be better
                 pc.setPassword("password");
-                return;
             } catch (NumberFormatException nfe) {
-                //not a pfx alias, carry on to next
-            }
-
-            String pass = passwords.get(pc.getIdentifier());
-            if (pass != null) {
-                pc.setPassword(pass);
-                return;
-            } else {
-                pc.setPassword("password");
+                String pass = passwords.get(pc.getIdentifier());
+                if (pass != null) {
+                    pc.setPassword(pass);
+                }
             }
         }
     } 

Modified: cxf/sandbox/wss4j-1.6-port/distribution/src/main/release/samples/ws_security/interopfest/wssec11/src/main/java/interop/server/KeystorePasswordCallback.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/distribution/src/main/release/samples/ws_security/interopfest/wssec11/src/main/java/interop/server/KeystorePasswordCallback.java?rev=1040628&r1=1040627&r2=1040628&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/distribution/src/main/release/samples/ws_security/interopfest/wssec11/src/main/java/interop/server/KeystorePasswordCallback.java (original)
+++ cxf/sandbox/wss4j-1.6-port/distribution/src/main/release/samples/ws_security/interopfest/wssec11/src/main/java/interop/server/KeystorePasswordCallback.java Tue Nov 30 16:40:51 2010
@@ -42,6 +42,8 @@ public class KeystorePasswordCallback im
         passwords.put("alice", "abcd!1234");
         passwords.put("Bob", "abcd!1234");
         passwords.put("bob", "abcd!1234");
+        passwords.put("350334201beea6502d11342f93eea09fc0b5df01", "password");
+        passwords.put("abcd", "dcba");
     }
 
     /**
@@ -55,9 +57,6 @@ public class KeystorePasswordCallback im
             String pass = passwords.get(pc.getIdentifier());
             if (pass != null) {
                 pc.setPassword(pass);
-                return;
-            } else {
-                pc.setPassword("password");
             }
         }
     }

Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java?rev=1040628&r1=1040627&r2=1040628&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java (original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java Tue Nov 30 16:40:51 2010
@@ -25,6 +25,7 @@ import java.util.List;
 
 import org.apache.cxf.Bus;
 import org.apache.cxf.endpoint.Endpoint;
+import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.phase.AbstractPhaseInterceptor;
@@ -199,7 +200,6 @@ public class IssuedTokenInterceptorProvi
             addAfter(PolicyBasedWSS4JInInterceptor.class.getName());
         }
 
-        @SuppressWarnings("unchecked")
         public void handleMessage(Message message) throws Fault {
             AssertionInfoMap aim = message.get(AssertionInfoMap.class);
             // extract Assertion information
@@ -211,7 +211,7 @@ public class IssuedTokenInterceptorProvi
                 if (!isRequestor(message)) {
                     boolean found = false;
                     List<WSHandlerResult> results = 
-                        (List<WSHandlerResult>)message.get(WSHandlerConstants.RECV_RESULTS);
+                        CastUtils.cast((List<?>)message.get(WSHandlerConstants.RECV_RESULTS));
                     if (results != null) {
                         for (WSHandlerResult rResult : results) {
                             List<WSSecurityEngineResult> wsSecEngineResults = 

Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java?rev=1040628&r1=1040627&r2=1040628&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java (original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java Tue Nov 30 16:40:51 2010
@@ -35,6 +35,7 @@ import org.apache.cxf.binding.soap.SoapB
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.endpoint.Endpoint;
+import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.interceptor.Interceptor;
@@ -445,12 +446,11 @@ class SecureConversationInInterceptor ex
             addAfter(WSS4JInInterceptor.class.getName());
         }
 
-        @SuppressWarnings("unchecked")
         public void handleMessage(SoapMessage message) throws Fault {
             //Find the SC token
             boolean found = false;
             List<WSHandlerResult> results = 
-                (List<WSHandlerResult>)message.get(WSHandlerConstants.RECV_RESULTS);
+                CastUtils.cast((List<?>)message.get(WSHandlerConstants.RECV_RESULTS));
             if (results != null) {
                 for (WSHandlerResult rResult : results) {
                     List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults();

Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=1040628&r1=1040627&r2=1040628&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java (original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java Tue Nov 30 16:40:51 2010
@@ -454,7 +454,8 @@ public class PolicyBasedWSS4JInIntercept
     }
     
     protected void doResults(SoapMessage msg, String actor, 
-                             SOAPMessage doc, List results, boolean utWithCallbacks) 
+                             SOAPMessage doc, List<WSSecurityEngineResult> results, 
+                             boolean utWithCallbacks) 
         throws SOAPException, XMLStreamException, WSSecurityException {
         
         AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
@@ -464,9 +465,7 @@ public class PolicyBasedWSS4JInIntercept
         boolean hasEndorsement = false;
         Protections prots = Protections.NONE;
         
-        for (int j = 0; j < results.size(); j++) {
-            WSSecurityEngineResult wser =
-                    (WSSecurityEngineResult) results.get(j);
+        for (WSSecurityEngineResult wser : results) {
             Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
             switch (actInt.intValue()) {                    
             case WSConstants.SIGN:

Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java?rev=1040628&r1=1040627&r2=1040628&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java (original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java Tue Nov 30 16:40:51 2010
@@ -128,12 +128,12 @@ public class UsernameTokenInterceptor ex
                 try  {
                     final WSUsernameTokenPrincipal princ = getPrincipal(child, message);
                     if (princ != null) {
-                        Vector<WSSecurityEngineResult>v = new Vector<WSSecurityEngineResult>();
+                        List<WSSecurityEngineResult>v = new Vector<WSSecurityEngineResult>();
                         v.add(0, new WSSecurityEngineResult(WSConstants.UT, princ, null, null, null));
-                        List<Object> results = CastUtils.cast((List)message
+                        List<WSHandlerResult> results = CastUtils.cast((List<?>)message
                                                                   .get(WSHandlerConstants.RECV_RESULTS));
                         if (results == null) {
-                            results = new Vector<Object>();
+                            results = new Vector<WSHandlerResult>();
                             message.put(WSHandlerConstants.RECV_RESULTS, results);
                         }
                         WSHandlerResult rResult = new WSHandlerResult(null, v);

Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenProcessorWithoutCallbacks.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenProcessorWithoutCallbacks.java?rev=1040628&r1=1040627&r2=1040628&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenProcessorWithoutCallbacks.java (original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenProcessorWithoutCallbacks.java Tue Nov 30 16:40:51 2010
@@ -52,14 +52,14 @@ public class UsernameTokenProcessorWitho
     private String utId;
     private UsernameToken ut;
     
-    @SuppressWarnings("unchecked")
     public void handleToken(Element elem, Crypto crypto, Crypto decCrypto, CallbackHandler cb, 
-        WSDocInfo wsDocInfo, List returnResults, WSSConfig wsc) throws WSSecurityException {
+        WSDocInfo wsDocInfo, List<WSSecurityEngineResult> returnResults, WSSConfig wsc
+    ) throws WSSecurityException {
         if (LOG.isLoggable(Level.FINE)) {
             LOG.fine("Found UsernameToken list element");
         }
         
-        Principal principal = handleUsernameToken((Element) elem, cb);
+        Principal principal = handleUsernameToken(elem, cb);
         returnResults.add(
             0, 
             new WSSecurityEngineResult(WSConstants.UT, principal, null, null, null)

Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1040628&r1=1040627&r2=1040628&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java (original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java Tue Nov 30 16:40:51 2010
@@ -110,12 +110,11 @@ public class WSS4JInInterceptor extends 
         ignoreActions = ignore;
     }
 
-    @SuppressWarnings("unchecked")
     public WSS4JInInterceptor(Map<String, Object> properties) {
         this();
         setProperties(properties);
         final Map<QName, Object> map = CastUtils.cast(
-            (Map)properties.get(PROCESSOR_MAP));
+            (Map<?, ?>)properties.get(PROCESSOR_MAP));
         if (map != null) {
             secEngineOverride = createSecurityEngine(map);
         }
@@ -185,6 +184,7 @@ public class WSS4JInInterceptor extends 
         }
 
         RequestData reqData = new RequestData();
+        reqData.setWssConfig(engine.getWssConfig());
         /*
          * The overall try, just to have a finally at the end to perform some
          * housekeeping.
@@ -200,6 +200,11 @@ public class WSS4JInInterceptor extends 
             String actor = (String)getOption(WSHandlerConstants.ACTOR);
 
             CallbackHandler cbHandler = getCallback(reqData, doAction, utWithCallbacks);
+            
+            String passwordTypeStrict = (String)getOption(WSHandlerConstants.PASSWORD_TYPE_STRICT);
+            if (passwordTypeStrict == null) {
+                setProperty(WSHandlerConstants.PASSWORD_TYPE_STRICT, "true");
+            }
 
             /*
              * Get and check the Signature specific parameters first because
@@ -207,12 +212,11 @@ public class WSS4JInInterceptor extends 
              */
             doReceiverAction(doAction, reqData);
             
-            List<WSSecurityEngineResult> wsResult = null;
             if (doTimeLog) {
                 t1 = System.currentTimeMillis();
             }
 
-            wsResult = engine.processSecurityHeader(
+            List<WSSecurityEngineResult> wsResult = engine.processSecurityHeader(
                 doc.getSOAPPart(), 
                 actor, 
                 cbHandler, 
@@ -299,34 +303,23 @@ public class WSS4JInInterceptor extends 
         }
     }
     
-    private void checkSignatures(SoapMessage msg, RequestData reqData, List wsResult) 
-        throws WSSecurityException {
-        /*
-         * Now we can check the certificate used to sign the message. In the
-         * following implementation the certificate is only trusted if
-         * either it itself or the certificate of the issuer is installed in
-         * the keystore. Note: the method verifyTrust(X509Certificate)
-         * allows custom implementations with other validation algorithms
-         * for subclasses.
-         */
-
+    private void checkSignatures(
+        SoapMessage msg, RequestData reqData, List<WSSecurityEngineResult> wsResult
+    ) throws WSSecurityException {
         // Extract the signature action result from the action vector
-        List signatureResults = new Vector();
+        List<WSSecurityEngineResult> signatureResults = new Vector<WSSecurityEngineResult>();
         signatureResults = 
             WSSecurityUtil.fetchAllActionResults(wsResult, WSConstants.SIGN, signatureResults);
 
+        // Store the last signature result
         if (!signatureResults.isEmpty()) {
-            for (int i = 0; i < signatureResults.size(); i++) {
-                WSSecurityEngineResult result = 
-                    (WSSecurityEngineResult) signatureResults.get(i);
-                
-                msg.put(SIGNATURE_RESULT, result);
-            }
+            msg.put(SIGNATURE_RESULT, signatureResults.get(signatureResults.size() - 1));
         }
     }
     
-    protected void checkTimestamps(SoapMessage msg, RequestData reqData, List wsResult) 
-        throws WSSecurityException {
+    protected void checkTimestamps(
+        SoapMessage msg, RequestData reqData, List<WSSecurityEngineResult> wsResult
+    ) throws WSSecurityException {
         /*
          * Perform further checks on the timestamp that was transmitted in
          * the header. In the following implementation the timestamp is
@@ -336,14 +329,12 @@ public class WSS4JInInterceptor extends 
          * other validation algorithms for subclasses.
          */
         // Extract the timestamp action result from the action vector
-        List timestampResults = new Vector();
+        List<WSSecurityEngineResult> timestampResults = new Vector<WSSecurityEngineResult>();
         timestampResults = 
             WSSecurityUtil.fetchAllActionResults(wsResult, WSConstants.TS, timestampResults);
 
         if (!timestampResults.isEmpty()) {
-            for (int i = 0; i < timestampResults.size(); i++) {
-                WSSecurityEngineResult result = 
-                    (WSSecurityEngineResult) timestampResults.get(i);
+            for (WSSecurityEngineResult result : timestampResults) {
                 Timestamp timestamp = (Timestamp)result.get(WSSecurityEngineResult.TAG_TIMESTAMP);
 
                 if (timestamp != null && !verifyTimestamp(timestamp, decodeTimeToLive(reqData))) {
@@ -366,20 +357,23 @@ public class WSS4JInInterceptor extends 
         
     }
 
-    protected void doResults(SoapMessage msg, String actor, SOAPMessage doc, List wsResult)
-        throws SOAPException, XMLStreamException, WSSecurityException {
+    protected void doResults(
+        SoapMessage msg, String actor, SOAPMessage doc, List<WSSecurityEngineResult> wsResult
+    ) throws SOAPException, XMLStreamException, WSSecurityException {
         doResults(msg, actor, doc, wsResult, false);
     }
 
-    protected void doResults(SoapMessage msg, String actor, SOAPMessage doc, List wsResult, 
-        boolean utWithCallbacks) throws SOAPException, XMLStreamException, WSSecurityException {
+    protected void doResults(
+        SoapMessage msg, String actor, SOAPMessage doc, List<WSSecurityEngineResult> wsResult, 
+        boolean utWithCallbacks
+    ) throws SOAPException, XMLStreamException, WSSecurityException {
         /*
          * All ok up to this point. Now construct and setup the security result
          * structure. The service may fetch this and check it.
          */
-        List<Object> results = CastUtils.cast((List)msg.get(WSHandlerConstants.RECV_RESULTS));
+        List<WSHandlerResult> results = CastUtils.cast((List<?>)msg.get(WSHandlerConstants.RECV_RESULTS));
         if (results == null) {
-            results = new Vector<Object>();
+            results = new Vector<WSHandlerResult>();
             msg.put(WSHandlerConstants.RECV_RESULTS, results);
         }
         WSHandlerResult rResult = new WSHandlerResult(actor, wsResult);
@@ -397,23 +391,7 @@ public class WSS4JInInterceptor extends 
             i++;
         }
         msg.setContent(XMLStreamReader.class, reader);
-        String pwType = (String)getProperty(msg, "passwordType");
-        if ("PasswordDigest".equals(pwType)) {
-            //CXF-2150 - we need to check the UsernameTokens
-            for (WSSecurityEngineResult o : CastUtils.cast(wsResult, WSSecurityEngineResult.class)) {
-                Integer actInt = (Integer)o.get(WSSecurityEngineResult.TAG_ACTION);
-                if (actInt == WSConstants.UT) {
-                    WSUsernameTokenPrincipal princ 
-                        = (WSUsernameTokenPrincipal)o.get(WSSecurityEngineResult.TAG_PRINCIPAL);
-                    if (!princ.isPasswordDigest()) {
-                        LOG.warning("Non-digest UsernameToken found, but digest required");
-                        throw new WSSecurityException(WSSecurityException.INVALID_SECURITY);
-                    }
-                }
-            }            
-        }
-        
-        for (WSSecurityEngineResult o : CastUtils.cast(wsResult, WSSecurityEngineResult.class)) {
+        for (WSSecurityEngineResult o : wsResult) {
             final Principal p = (Principal)o.get(WSSecurityEngineResult.TAG_PRINCIPAL);
             if (p != null) {
                 msg.put(PRINCIPAL_RESULT, p);
@@ -568,9 +546,6 @@ public class WSS4JInInterceptor extends 
      *              construction); otherwise, it is taken to be the default
      *              WSSecEngine instance (currently defined in the WSHandler
      *              base class).
-     *
-     * TODO the WSHandler base class defines secEngine to be static, which
-     * is really bad, because the engine has mutable state on it.
      */
     protected WSSecurityEngine getSecurityEngine(boolean utWithCallbacks) {
         if (secEngineOverride != null) {
@@ -592,11 +567,8 @@ public class WSS4JInInterceptor extends 
      * @return      a freshly minted WSSecurityEngine instance, using the
      *              (non-null) processor map, to be used to initialize the
      *              WSSecurityEngine instance.
-     *
-     * TODO The WSS4J APIs leave something to be desired here, but hopefully
-     * we'll clean all this up in WSS4J-2.0
      */
-    protected static WSSecurityEngine
+    protected WSSecurityEngine
     createSecurityEngine(
         final Map<QName, Object> map
     ) {

Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1040628&r1=1040627&r2=1040628&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java (original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Tue Nov 30 16:40:51 2010
@@ -362,20 +362,20 @@ public abstract class AbstractBindingBui
         Collection<AssertionInfo> ais;
         ais = aim.get(SP12Constants.INCLUDE_TIMESTAMP);
         if (ais != null) {
+            Object o = message.getContextualProperty(SecurityConstants.TIMESTAMP_TTL);
+            int ttl = 300;  //default is 300 seconds
+            if (o instanceof Number) {
+                ttl = ((Number)o).intValue();
+            } else if (o instanceof String) {
+                ttl = Integer.parseInt((String)o);
+            }
+            if (ttl <= 0) {
+                ttl = 300;
+            }
+            timestampEl = new WSSecTimestamp();
+            timestampEl.setTimeToLive(ttl);
+            timestampEl.prepare(saaj.getSOAPPart());
             for (AssertionInfo ai : ais) {
-                timestampEl = new WSSecTimestamp();
-                Object o = message.getContextualProperty(SecurityConstants.TIMESTAMP_TTL);
-                int ttl = 300;  //default is 300 seconds
-                if (o instanceof Number) {
-                    ttl = ((Number)o).intValue();
-                } else if (o instanceof String) {
-                    ttl = Integer.parseInt((String)o);
-                }
-                if (ttl <= 0) {
-                    ttl = 300;
-                }
-                timestampEl.setTimeToLive(ttl);
-                timestampEl.prepare(saaj.getSOAPPart());
                 ai.setAsserted(true);
             }                    
         }
@@ -1162,31 +1162,13 @@ public abstract class AbstractBindingBui
         }
     }
     
-    @SuppressWarnings("unchecked")
     public void setEncryptionUser(WSSecEncryptedKey encrKeyBuilder, TokenWrapper token,
                                   boolean sign, Crypto crypto) {
         String encrUser = (String)message.getContextualProperty(sign 
                                                                 ? SecurityConstants.SIGNATURE_USERNAME
                                                                 : SecurityConstants.ENCRYPT_USERNAME);
-        if (crypto != null) {
-            if (encrUser == null) {
-                encrUser = crypto.getDefaultX509Alias();
-            }
-            if (encrUser == null) {
-                try {
-                    Enumeration<String> en = crypto.getKeyStore().aliases();
-                    if (en.hasMoreElements()) {
-                        encrUser = en.nextElement();
-                    }
-                    if (en.hasMoreElements()) {
-                        //more than one alias in the keystore, user WILL need
-                        //to specify
-                        encrUser = null;
-                    }            
-                } catch (KeyStoreException e) {
-                    //ignore
-                }
-            }
+        if (crypto != null && encrUser == null) {
+            encrUser = getDefaultCryptoAlias(crypto);
         } else if (encrUser == null || "".equals(encrUser)) {
             policyNotAsserted(token, "No " + (sign ? "signature" : "encryption") + " crypto object found.");
         }
@@ -1194,13 +1176,15 @@ public abstract class AbstractBindingBui
             policyNotAsserted(token, "No " + (sign ? "signature" : "encryption") + " username found.");
         }
         if (WSHandlerConstants.USE_REQ_SIG_CERT.equals(encrUser)) {
-            Object resultsObj = message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS);
-            if (resultsObj != null) {
-                encrKeyBuilder.setUseThisCert(getReqSigCert((List<WSHandlerResult>)resultsObj));
+            List<WSHandlerResult> results = 
+                CastUtils.cast((List<?>)
+                    message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS));
+            if (results != null) {
+                encrKeyBuilder.setUseThisCert(getReqSigCert(results));
                  
                 //TODO This is a hack, this should not come under USE_REQ_SIG_CERT
                 if (encrKeyBuilder.isCertSet()) {
-                    encrKeyBuilder.setUserInfo(getUsername((List<WSHandlerResult>)resultsObj));
+                    encrKeyBuilder.setUserInfo(getUsername(results));
                 }
             } else {
                 policyNotAsserted(token, "No security results in incoming message");
@@ -1210,6 +1194,26 @@ public abstract class AbstractBindingBui
         }
     }
     
+    protected String getDefaultCryptoAlias(Crypto crypto) {
+        String user = crypto.getDefaultX509Alias();
+        if (user == null) {
+            try {
+                Enumeration<String> en = crypto.getKeyStore().aliases();
+                if (en.hasMoreElements()) {
+                    user = en.nextElement();
+                }
+                if (en.hasMoreElements()) {
+                    //more than one alias in the keystore, user WILL need
+                    //to specify
+                    user = null;
+                }            
+            } catch (KeyStoreException e) {
+                //ignore
+            }
+        }
+        return user;
+    }
+    
     private static X509Certificate getReqSigCert(List<WSHandlerResult> results) {
         /*
         * Scan the results for a matching actor. Use results only if the
@@ -1314,25 +1318,8 @@ public abstract class AbstractBindingBui
             message.getExchange().put(SecurityConstants.SIGNATURE_CRYPTO, crypto);
         }
         String user = (String)message.getContextualProperty(userNameKey);
-        if (crypto != null) {
-            if (StringUtils.isEmpty(user)) {
-                user = crypto.getDefaultX509Alias();
-            }
-            if (user == null) {
-                try {
-                    Enumeration<String> en = crypto.getKeyStore().aliases();
-                    if (en.hasMoreElements()) {
-                        user = en.nextElement();
-                    }
-                    if (en.hasMoreElements()) {
-                        //more than one alias in the keystore, user WILL need
-                        //to specify
-                        user = null;
-                    }            
-                } catch (KeyStoreException e) {
-                    //ignore
-                }
-            }
+        if (crypto != null && StringUtils.isEmpty(user)) {
+            user = getDefaultCryptoAlias(crypto);
         }
         if (StringUtils.isEmpty(user)) {
             policyNotAsserted(token, "No " + type + " username found.");
@@ -1619,7 +1606,6 @@ public abstract class AbstractBindingBui
         doEndorsedSignatures(sgndEndSuppTokMap, tokenProtect, sigProtect);
     } 
 
-    @SuppressWarnings("unchecked")
     protected void addSignatureConfirmation(List<WSEncryptionPart> sigParts) {
         Wss10 wss10 = getWss10();
         
@@ -1630,7 +1616,8 @@ public abstract class AbstractBindingBui
         }
         
         List<WSHandlerResult> results = 
-            (List<WSHandlerResult>)message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS);
+            CastUtils.cast((List<?>)
+                message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS));
         /*
          * loop over all results gathered by all handlers in the chain. For each
          * handler result get the various actions. After that loop we have all

Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java?rev=1040628&r1=1040627&r2=1040628&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java (original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java Tue Nov 30 16:40:51 2010
@@ -34,6 +34,7 @@ import org.w3c.dom.Element;
 
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
@@ -412,7 +413,6 @@ public class AsymmetricBindingHandler ex
         }
     }
 
-    @SuppressWarnings("unchecked")
     private void setupEncryptedKey(TokenWrapper wrapper, Token token) throws WSSecurityException {
         if (!isRequestor() && token.isDerivedKeys()) {
             //If we already have them, simply return
@@ -421,10 +421,12 @@ public class AsymmetricBindingHandler ex
             }
             
             //Use the secret from the incoming EncryptedKey element
-            Object resultsObj = message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS);
-            if (resultsObj != null) {
-                encryptedKeyId = getRequestEncryptedKeyId((List<WSHandlerResult>)resultsObj);
-                encryptedKeyValue = getRequestEncryptedKeyValue((List<WSHandlerResult>)resultsObj);
+            List<WSHandlerResult> results = 
+                CastUtils.cast(
+                    (List<?>)message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS));
+            if (results != null) {
+                encryptedKeyId = getRequestEncryptedKeyId(results);
+                encryptedKeyValue = getRequestEncryptedKeyValue(results);
                 
                 //In the case where we don't have the EncryptedKey in the 
                 //request, for the control to have reached this state,

Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=1040628&r1=1040627&r2=1040628&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java (original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java Tue Nov 30 16:40:51 2010
@@ -33,6 +33,7 @@ import org.w3c.dom.Element;
 
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
@@ -745,11 +746,10 @@ public class SymmetricBindingHandler ext
         return id;
     }
     
-    @SuppressWarnings("unchecked")
     private String getEncryptedKey() {
         
-        List<WSHandlerResult> results = (List<WSHandlerResult>)message.getExchange().getInMessage()
-            .get(WSHandlerConstants.RECV_RESULTS);
+        List<WSHandlerResult> results = CastUtils.cast((List<?>)message.getExchange().getInMessage()
+            .get(WSHandlerConstants.RECV_RESULTS));
         
         for (WSHandlerResult rResult : results) {
             List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults();

Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=1040628&r1=1040627&r2=1040628&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java (original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java Tue Nov 30 16:40:51 2010
@@ -338,9 +338,9 @@ public class TransportBindingHandler ext
             if (secTok.getX509Certificate() != null
                 || securityTok != null) {
                 //the "getX509Certificate" this is to workaround an issue in WCF
-                //In WCF, for TransportBinding, in most cases, it doesn't wan't any of
-                //the headers signed even if the policy sais so.   HOWEVER, for KeyValue
-                //IssuedTokends, it DOES want them signed
+                //In WCF, for TransportBinding, in most cases, it doesn't want any of
+                //the headers signed even if the policy says so.   HOWEVER, for KeyValue
+                //IssuedTokens, it DOES want them signed
                 for (Header header : signdParts.getHeaders()) {
                     WSEncryptionPart wep = new WSEncryptionPart(header.getName(), 
                             header.getNamespace(),

Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomProcessor.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomProcessor.java?rev=1040628&r1=1040627&r2=1040628&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomProcessor.java (original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomProcessor.java Tue Nov 30 16:40:51 2010
@@ -32,7 +32,6 @@ import org.apache.ws.security.processor.
  */
 public class CustomProcessor implements Processor {
     
-    @SuppressWarnings("unchecked")
     public final void 
     handleToken(
         final org.w3c.dom.Element elem, 
@@ -40,10 +39,10 @@ public class CustomProcessor implements 
         final Crypto decCrypto,
         final javax.security.auth.callback.CallbackHandler cb, 
         final WSDocInfo wsDocInfo, 
-        final java.util.List returnResults,
+        final java.util.List<WSSecurityEngineResult> returnResults,
         final WSSConfig config
     ) throws WSSecurityException {
-        final java.util.Map result = 
+        final WSSecurityEngineResult result = 
             new WSSecurityEngineResult(
                 WSConstants.SIGN, 
                 (SecurityContextToken) null

Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java?rev=1040628&r1=1040627&r2=1040628&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java (original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java Tue Nov 30 16:40:51 2010
@@ -47,6 +47,7 @@ import org.apache.cxf.binding.Binding;
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.feature.AbstractFeature;
+import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.interceptor.AbstractAttributedInterceptorProvider;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.service.Service;
@@ -942,14 +943,12 @@ public class PolicyBasedWss4JInOutTest e
         assertNotNull(result);
     }
     
-    @SuppressWarnings("unchecked")
     private void verifyWss4jEncResults(SoapMessage inmsg) {
         //
         // There should be exactly 1 (WSS4J) HandlerResult
         //
         final List<WSHandlerResult> handlerResults = 
-            (List<WSHandlerResult>) inmsg
-                .get(WSHandlerConstants.RECV_RESULTS);
+            CastUtils.cast((List<?>)inmsg.get(WSHandlerConstants.RECV_RESULTS));
         assertNotNull(handlerResults);
         assertSame(handlerResults.size(), 1);
 
@@ -963,8 +962,8 @@ public class PolicyBasedWss4JInOutTest e
         //
         final Map<String, Object> result = (Map<String, Object>) protectionResults
                 .get(0);
-        final List<WSDataRef> protectedElements = (List<WSDataRef>) result
-                .get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+        final List<WSDataRef> protectedElements = 
+            CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
         assertNotNull(protectedElements);
     }
     

Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureConfirmationTest.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureConfirmationTest.java?rev=1040628&r1=1040627&r2=1040628&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureConfirmationTest.java (original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureConfirmationTest.java Tue Nov 30 16:40:51 2010
@@ -34,6 +34,7 @@ import javax.xml.transform.dom.DOMSource
 import org.w3c.dom.Document;
 
 import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.helpers.DOMUtils.NullResolver;
 import org.apache.cxf.message.Exchange;
 import org.apache.cxf.message.ExchangeImpl;
@@ -42,6 +43,7 @@ import org.apache.cxf.phase.PhaseInterce
 import org.apache.cxf.staxutils.StaxUtils;
 import org.apache.ws.security.WSSecurityEngineResult;
 import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
 
 
 /**
@@ -58,7 +60,6 @@ public class SignatureConfirmationTest e
     }
     
     @org.junit.Test
-    @SuppressWarnings("unchecked")
     public void testSignatureConfirmationRequest() throws Exception {
         Document doc = readDocument("wsse-request-clean.xml");
 
@@ -97,11 +98,9 @@ public class SignatureConfirmationTest e
         //
         // Save the signature for future confirmation
         //
-        Object sigv = msg.get(WSHandlerConstants.SEND_SIGV);
+        List<WSHandlerResult> sigv = CastUtils.cast((List<?>)msg.get(WSHandlerConstants.SEND_SIGV));
         assertNotNull(sigv);
-        assertTrue(sigv instanceof List);
-        assertTrue(((List<Object>)sigv).size() != 0);
-        List<Object> sigSaved = (List<Object>)sigv;
+        assertTrue(sigv.size() != 0);
         
         XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes));
 
@@ -135,17 +134,18 @@ public class SignatureConfirmationTest e
             (WSSecurityEngineResult) inmsg.get(WSS4JInInterceptor.SIGNATURE_RESULT);
         assertNotNull(result);
         
-        List<Object> sigReceived = (List<Object>)inmsg.get(WSHandlerConstants.RECV_RESULTS);
+        List<WSHandlerResult> sigReceived = 
+            CastUtils.cast((List<?>)inmsg.get(WSHandlerConstants.RECV_RESULTS));
         assertNotNull(sigReceived);
         assertTrue(sigReceived.size() != 0);
         
-        testSignatureConfirmationResponse(sigSaved, sigReceived);
+        testSignatureConfirmationResponse(sigv, sigReceived);
     }
     
    
     private void testSignatureConfirmationResponse(
-        List<Object> sigSaved,
-        List<Object> sigReceived
+        List<WSHandlerResult> sigSaved,
+        List<WSHandlerResult> sigReceived
     ) throws Exception {
         Document doc = readDocument("wsse-request-clean.xml");
 

Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java?rev=1040628&r1=1040627&r2=1040628&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java (original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java Tue Nov 30 16:40:51 2010
@@ -42,6 +42,7 @@ import org.w3c.dom.Document;
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor;
 import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor;
+import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.helpers.DOMUtils.NullResolver;
 import org.apache.cxf.helpers.XMLUtils;
 import org.apache.cxf.interceptor.Interceptor;
@@ -215,7 +216,6 @@ public class WSS4JInOutTest extends Abst
     }
     
     @Test
-    @SuppressWarnings("unchecked")
     public void testEncryption() throws Exception {
         Document doc = readDocument("wsse-request-clean.xml");
 
@@ -281,7 +281,7 @@ public class WSS4JInOutTest extends Abst
         // There should be exactly 1 (WSS4J) HandlerResult
         //
         final java.util.List<WSHandlerResult> handlerResults = 
-            (java.util.List<WSHandlerResult>) inmsg.get(WSHandlerConstants.RECV_RESULTS);
+            CastUtils.cast((List<?>)inmsg.get(WSHandlerConstants.RECV_RESULTS));
         assertNotNull(handlerResults);
         assertSame(handlerResults.size(), 1);
         //
@@ -298,8 +298,7 @@ public class WSS4JInOutTest extends Abst
         final java.util.Map<String, Object> result =
             (java.util.Map<String, Object>) protectionResults.get(0);
         final java.util.List<WSDataRef> protectedElements =
-            (java.util.List<WSDataRef>) 
-                result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+            CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
         assertNotNull(protectedElements);
         assertSame(protectedElements.size(), 1);
         assertEquals(
@@ -312,7 +311,6 @@ public class WSS4JInOutTest extends Abst
     }
     
     @Test
-    @SuppressWarnings("unchecked")
     public void testEncryptedUsernameToken() throws Exception {
         Document doc = readDocument("wsse-request-clean.xml");
 
@@ -387,7 +385,7 @@ public class WSS4JInOutTest extends Abst
         // There should be exactly 1 (WSS4J) HandlerResult
         //
         final java.util.List<WSHandlerResult> handlerResults = 
-            (java.util.List<WSHandlerResult>) inmsg.get(WSHandlerConstants.RECV_RESULTS);
+            CastUtils.cast((List<?>)inmsg.get(WSHandlerConstants.RECV_RESULTS));
         assertNotNull(handlerResults);
         assertSame(handlerResults.size(), 1);
         
@@ -401,6 +399,94 @@ public class WSS4JInOutTest extends Abst
     }
     
     @Test
+    public void testUsernameToken() throws Exception {
+        Document doc = readDocument("wsse-request-clean.xml");
+
+        WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
+        PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor();
+
+        SoapMessage msg = new SoapMessage(new MessageImpl());
+        Exchange ex = new ExchangeImpl();
+        ex.setInMessage(msg);
+        
+        SOAPMessage saajMsg = MessageFactory.newInstance().createMessage();
+        SOAPPart part = saajMsg.getSOAPPart();
+        part.setContent(new DOMSource(doc));
+        saajMsg.saveChanges();
+
+        msg.setContent(SOAPMessage.class, saajMsg);
+        
+        msg.put(
+            WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN
+        );
+        msg.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
+        msg.put(WSHandlerConstants.USER, "alice");
+        msg.put("password", "alicePassword");
+
+        handler.handleMessage(msg);
+        doc = part;
+
+        assertValid("//wsse:Security", doc);
+
+        byte[] docbytes = getMessageBytes(doc);
+        XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes));
+
+        DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+
+        dbf.setValidating(false);
+        dbf.setIgnoringComments(false);
+        dbf.setIgnoringElementContentWhitespace(true);
+        dbf.setNamespaceAware(true);
+
+        DocumentBuilder db = dbf.newDocumentBuilder();
+        db.setEntityResolver(new NullResolver());
+        doc = StaxUtils.read(db, reader, false);
+
+        SoapMessage inmsg = new SoapMessage(new MessageImpl());
+        ex.setInMessage(inmsg);
+        inmsg.setContent(SOAPMessage.class, saajMsg);
+
+        //
+        // This should pass, as even though passwordType is set to digest, we are 
+        // overriding the default handler behaviour of requiring a strict password
+        // type
+        WSS4JInInterceptor inHandler = new WSS4JInInterceptor();
+        inHandler.setProperty(
+            WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN
+        );
+        inHandler.setProperty(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST);
+        inHandler.setProperty(WSHandlerConstants.PASSWORD_TYPE_STRICT, "false");
+        inHandler.setProperty(
+            WSHandlerConstants.PW_CALLBACK_CLASS, 
+            "org.apache.cxf.ws.security.wss4j.TestPwdCallback"
+        );
+        inHandler.handleMessage(inmsg);
+        
+        inmsg = new SoapMessage(new MessageImpl());
+        ex.setInMessage(inmsg);
+        inmsg.setContent(SOAPMessage.class, saajMsg);
+        
+        //
+        // This should fail, as we are requiring a digest password type
+        //
+        inHandler = new WSS4JInInterceptor();
+        inHandler.setProperty(
+            WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN
+        );
+        inHandler.setProperty(
+            WSHandlerConstants.PW_CALLBACK_CLASS, 
+            "org.apache.cxf.ws.security.wss4j.TestPwdCallback"
+        );
+        inHandler.setProperty(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST);
+        try {
+            inHandler.handleMessage(inmsg);
+            fail("Expected failure on password digest");
+        } catch (org.apache.cxf.interceptor.Fault fault) {
+            // expected
+        }
+    }
+    
+    @Test
     public void testCustomProcessor() throws Exception {
         Document doc = readDocument("wsse-request-clean.xml");
 
@@ -464,7 +550,6 @@ public class WSS4JInOutTest extends Abst
         assertNull(result);
     }
     
-    
     @Test
     public void testCustomProcessorObject() throws Exception {
         Document doc = readDocument("wsse-request-clean.xml");



Mime
View raw message