cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1068320 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/
Date Tue, 08 Feb 2011 10:59:43 GMT
Author: sergeyb
Date: Tue Feb  8 10:59:43 2011
New Revision: 1068320

URL: http://svn.apache.org/viewvc?rev=1068320&view=rev
Log:
Removing undocumented ws-security property and updating UsernameTokenInterceptor to duplicate
a WSS4J token as a CXF one

Added:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JTokenConverter.java
  (with props)
Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
    cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/CustomUsernameTokenInterceptor.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=1068320&r1=1068319&r2=1068320&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
Tue Feb  8 10:59:43 2011
@@ -30,7 +30,6 @@ import java.util.Set;
 public final class SecurityConstants {
     public static final String USERNAME = "ws-security.username";
     public static final String PASSWORD = "ws-security.password";
-    public static final String VALIDATE_PASSWORD = "ws-security.validate.password";
     public static final String USERNAME_TOKEN_NO_CALLBACKS = "ws-security.ut.no-callbacks";
     
     public static final String CALLBACK_HANDLER = "ws-security.callback-handler";

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java?rev=1068320&r1=1068319&r2=1068320&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
Tue Feb  8 10:59:43 2011
@@ -141,6 +141,12 @@ public class UsernameTokenInterceptor ex
 
                         assertUsernameTokens(message, princ);
                         message.put(WSS4JInInterceptor.PRINCIPAL_RESULT, princ);        
          
+                        
+                        boolean utWithCallbacks = !MessageUtils.getContextualBoolean(message,

+                                 SecurityConstants.USERNAME_TOKEN_NO_CALLBACKS, false);
+                        if (!utWithCallbacks) {
+                            WSS4JTokenConverter.convertToken(message, princ);
+                        }
                         SecurityContext sc = message.get(SecurityContext.class);
                         if (sc == null || sc.getUserPrincipal() == null) {
                             Subject subject = createSubject(princ.getName(), princ.getPassword(),
@@ -161,12 +167,15 @@ public class UsernameTokenInterceptor ex
     protected WSUsernameTokenPrincipal getPrincipal(Element tokenElement, SoapMessage message)
         throws WSSecurityException {
         
-        Object validateProperty = message.getContextualProperty(SecurityConstants.VALIDATE_PASSWORD);
-        if (validateProperty == null || MessageUtils.isTrue(validateProperty)) {
+        boolean utWithCallbacks = 
+            !MessageUtils.getContextualBoolean(message, SecurityConstants.USERNAME_TOKEN_NO_CALLBACKS,
false);
+        if (utWithCallbacks) {
             UsernameTokenProcessor p = new UsernameTokenProcessor();
             return p.handleUsernameToken(tokenElement, getCallback(message));
         } else {
-            return parseTokenAndCreatePrincipal(tokenElement);
+            WSUsernameTokenPrincipal principal = parseTokenAndCreatePrincipal(tokenElement);
+            WSS4JTokenConverter.convertToken(message, principal);
+            return principal;
         }
     }
     

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1068320&r1=1068319&r2=1068320&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
Tue Feb  8 10:59:43 2011
@@ -47,7 +47,6 @@ import org.apache.cxf.binding.soap.saaj.
 import org.apache.cxf.common.classloader.ClassLoaderUtils;
 import org.apache.cxf.common.i18n.Message;
 import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.security.UsernameToken;
 import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.interceptor.Fault;
@@ -433,16 +432,8 @@ public class WSS4JInInterceptor extends 
             final Principal p = (Principal)o.get(WSSecurityEngineResult.TAG_PRINCIPAL);
             if (p != null) {
                 msg.put(PRINCIPAL_RESULT, p);
-                if (!utWithCallbacks && p instanceof WSUsernameTokenPrincipal) {
-                    WSUsernameTokenPrincipal utp = (WSUsernameTokenPrincipal)p;
-                    msg.put(org.apache.cxf.common.security.SecurityToken.class, 
-                            new UsernameToken(utp.getName(),
-                                              utp.getPassword(),
-                                              utp.getPasswordType(),
-                                              utp.isPasswordDigest(),
-                                              utp.getNonce(),
-                                              utp.getCreatedTime()));
-                    
+                if (!utWithCallbacks) {
+                    WSS4JTokenConverter.convertToken(msg, p);
                 }
                 SecurityContext sc = msg.get(SecurityContext.class);
                 if (sc == null || sc.getUserPrincipal() == null) {

Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JTokenConverter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JTokenConverter.java?rev=1068320&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JTokenConverter.java
(added)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JTokenConverter.java
Tue Feb  8 10:59:43 2011
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.ws.security.wss4j;
+
+import java.security.Principal;
+
+import org.apache.cxf.common.security.UsernameToken;
+import org.apache.cxf.message.Message;
+import org.apache.ws.security.WSUsernameTokenPrincipal;
+
+public final class WSS4JTokenConverter {
+
+    private WSS4JTokenConverter() {
+        
+    }
+    
+    public static void convertToken(Message msg, Principal p) {
+        if (p instanceof WSUsernameTokenPrincipal) {
+            WSUsernameTokenPrincipal utp = (WSUsernameTokenPrincipal)p;
+            msg.put(org.apache.cxf.common.security.SecurityToken.class, 
+                    new UsernameToken(utp.getName(),
+                                      utp.getPassword(),
+                                      utp.getPasswordType(),
+                                      utp.isPasswordDigest(),
+                                      utp.getNonce(),
+                                      utp.getCreatedTime()));
+            
+        }
+    }
+}

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JTokenConverter.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JTokenConverter.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/CustomUsernameTokenInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/CustomUsernameTokenInterceptor.java?rev=1068320&r1=1068319&r2=1068320&view=diff
==============================================================================
--- cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/CustomUsernameTokenInterceptor.java
(original)
+++ cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/CustomUsernameTokenInterceptor.java
Tue Feb  8 10:59:43 2011
@@ -55,7 +55,7 @@ public class CustomUsernameTokenIntercep
     }
     
     public void handleMessage(SoapMessage message) throws Fault {
-        message.put(SecurityConstants.VALIDATE_PASSWORD, Boolean.FALSE);
+        message.put(SecurityConstants.USERNAME_TOKEN_NO_CALLBACKS, Boolean.TRUE);
         super.handleMessage(message);
     }
     



Mime
View raw message