cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1082979 - in /cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security: SecurityConstants.java wss4j/AbstractWSS4JInterceptor.java wss4j/WSS4JInInterceptor.java wss4j/WSS4JOutInterceptor.java
Date Fri, 18 Mar 2011 17:19:41 GMT
Author: coheigea
Date: Fri Mar 18 17:19:40 2011
New Revision: 1082979

URL: http://svn.apache.org/viewvc?rev=1082979&view=rev
Log:
Added some new configuration tags for BSP compliance and Future TTL for Timestamp processing.

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=1082979&r1=1082978&r2=1082979&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
Fri Mar 18 17:19:40 2011
@@ -64,6 +64,22 @@ public final class SecurityConstants {
     public static final String ALWAYS_ENCRYPT_UT = "ws-security.username-token.always.encrypted";
     
     /**
+     * Whether to ensure compliance with the Basic Security Profile (BSP) 1.1 or not. The
+     * default value is "true".
+     */
+    public static final String IS_BSP_COMPLIANT = "ws-security.is-bsp-compliant";
+    
+    /**
+     * This configuration tag specifies the time in seconds in the future within which
+     * the Created time of an incoming Timestamp is valid. WSS4J rejects by default any
+     * timestamp which is "Created" in the future, and so there could potentially be
+     * problems in a scenario where a client's clock is slightly askew. The default
+     * value for this parameter is "0", meaning that no future-created Timestamps are
+     * allowed.
+     */
+    public static final String TIMESTAMP_FUTURE_TTL = "ws-security.timestamp.futureTimeToLive";
+    
+    /**
      * WCF's trust server sometimes will encrypt the token in the response IN ADDITION TO
      * the full security on the message. These properties control the way the STS client
      * will decrypt the EncryptedData elements in the response
@@ -92,7 +108,7 @@ public final class SecurityConstants {
             STS_TOKEN_DO_CANCEL, TIMESTAMP_TTL, ALWAYS_ENCRYPT_UT,
             STS_TOKEN_ACT_AS, STS_TOKEN_USERNAME, STS_TOKEN_USE_CERT_FOR_KEYINFO,
             SAML1_TOKEN_VALIDATOR, SAML2_TOKEN_VALIDATOR, TIMESTAMP_TOKEN_VALIDATOR,
-            SIGNATURE_TOKEN_VALIDATOR
+            SIGNATURE_TOKEN_VALIDATOR, IS_BSP_COMPLIANT, TIMESTAMP_FUTURE_TTL
         }));
         ALL_PROPERTIES = Collections.unmodifiableSet(s);
     }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java?rev=1082979&r1=1082978&r2=1082979&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
Fri Mar 18 17:19:40 2011
@@ -38,12 +38,14 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.phase.PhaseInterceptor;
 import org.apache.cxf.resource.ResourceManager;
+import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.components.crypto.Crypto;
 import org.apache.ws.security.components.crypto.CryptoFactory;
 import org.apache.ws.security.handler.RequestData;
 import org.apache.ws.security.handler.WSHandler;
+import org.apache.ws.security.handler.WSHandlerConstants;
 
 public abstract class AbstractWSS4JInterceptor extends WSHandler implements SoapInterceptor,

     PhaseInterceptor<SoapMessage> {
@@ -154,6 +156,18 @@ public abstract class AbstractWSS4JInter
     protected boolean isRequestor(SoapMessage message) {
         return MessageUtils.isRequestor(message);
     }  
+    
+    protected void translateProperties(SoapMessage msg) {
+        String bspCompliant = (String)msg.getContextualProperty(SecurityConstants.IS_BSP_COMPLIANT);
+        if (bspCompliant != null) {
+            setProperty(WSHandlerConstants.IS_BSP_COMPLIANT, bspCompliant);
+        }
+        String futureTTL = 
+            (String)msg.getContextualProperty(SecurityConstants.TIMESTAMP_FUTURE_TTL);
+        if (futureTTL != null) {
+            setProperty(WSHandlerConstants.TTL_FUTURE_TIMESTAMP, futureTTL);
+        }
+    }
 
     @Override
     protected Crypto loadCryptoFromPropertiesFile(

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1082979&r1=1082978&r2=1082979&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
Fri Mar 18 17:19:40 2011
@@ -175,6 +175,7 @@ public class WSS4JInInterceptor extends 
         
         boolean utWithCallbacks = 
             MessageUtils.getContextualBoolean(msg, SecurityConstants.VALIDATE_TOKEN, true);
+        translateProperties(msg);
         
         RequestData reqData = new CXFRequestData();
 

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java?rev=1082979&r1=1082978&r2=1082979&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
Fri Mar 18 17:19:40 2011
@@ -164,6 +164,7 @@ public class WSS4JOutInterceptor extends
             }
             SoapVersion version = mc.getVersion();
             RequestData reqData = new RequestData();
+            translateProperties(mc);
     
             reqData.setMsgContext(mc);
             



Mime
View raw message