cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1163951 - in /cxf/trunk: rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/ systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/ systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/secur...
Date Thu, 01 Sep 2011 08:57:25 GMT
Author: sergeyb
Date: Thu Sep  1 08:57:25 2011
New Revision: 1163951

URL: http://svn.apache.org/viewvc?rev=1163951&view=rev
Log:
[CXF-3587] Some more fixes to the way enveloped saml tokens are signed

Modified:
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlEnvelopedOutInterceptor.java
    cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java
    cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlEnvelopedOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlEnvelopedOutInterceptor.java?rev=1163951&r1=1163950&r2=1163951&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlEnvelopedOutInterceptor.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlEnvelopedOutInterceptor.java
Thu Sep  1 08:57:25 2011
@@ -25,6 +25,7 @@ import org.w3c.dom.Element;
 
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.helpers.XMLUtils;
+import org.apache.cxf.io.CachedOutputStream;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.rs.security.xml.AbstractXmlSecOutInterceptor;
 import org.apache.cxf.rs.security.xml.XmlEncOutInterceptor;
@@ -38,6 +39,7 @@ public class SamlEnvelopedOutInterceptor
     private static final QName DEFAULT_ENV_QNAME = 
         new QName("http://org.apache.cxf/rs/env", "Envelope", DEFAULT_ENV_PREFIX);
     private QName envelopeQName = DEFAULT_ENV_QNAME;
+    private boolean signLater;
     
     public SamlEnvelopedOutInterceptor() {
         // SAML assertions may contain enveloped XML signatures so
@@ -49,10 +51,11 @@ public class SamlEnvelopedOutInterceptor
     
     public SamlEnvelopedOutInterceptor(boolean signLater) {
         if (signLater) {
-            super.addAfter(XmlSigOutInterceptor.class.getName());
+            super.addBefore(XmlSigOutInterceptor.class.getName());
         } else {
             super.addAfter(XmlSigOutInterceptor.class.getName());
         }
+        this.signLater = signLater;
         
         super.addBefore(XmlEncOutInterceptor.class.getName());
     }
@@ -89,7 +92,20 @@ public class SamlEnvelopedOutInterceptor
         payloadDoc.removeChild(docEl);
         newDoc.adoptNode(docEl);
         root.appendChild(docEl);
-        return newDoc;
+
+        if (signLater) {
+            // it appears all the above manipulation with 
+            // adopting and removing nodes
+            // leaves some stale refs/state and thus the digest ends uo being wrong 
+            // on the server side if XML sig is applied later in the enveloped mode
+            // TODO: this is not critical now - but figure iut if we can avoid copying
+            // DOMs
+            CachedOutputStream bos = new CachedOutputStream();
+            DOMUtils.writeXml(newDoc, bos);
+            return DOMUtils.readXml(bos.getInputStream());
+        } else {
+            return newDoc;
+        }
     }
 
 

Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java?rev=1163951&r1=1163950&r2=1163951&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java
(original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java
Thu Sep  1 08:57:25 2011
@@ -114,7 +114,9 @@ public class JAXRSSamlTest extends Abstr
         WebClient wc = createWebClient(address, new SamlEnvelopedOutInterceptor(!signed),
                                        null, signed);
         XmlSigOutInterceptor xmlSig = new XmlSigOutInterceptor();
-        xmlSig.setStyle(XmlSigOutInterceptor.DETACHED_SIG);
+        if (signed) {
+            xmlSig.setStyle(XmlSigOutInterceptor.DETACHED_SIG);
+        }
                 
         WebClient.getConfig(wc).getOutInterceptors().add(xmlSig);
         wc.type(MediaType.APPLICATION_XML).accept(MediaType.APPLICATION_XML);

Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java?rev=1163951&r1=1163950&r2=1163951&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
(original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
Thu Sep  1 08:57:25 2011
@@ -72,7 +72,9 @@ public class JAXRSXmlSecTest extends Abs
                        "org/apache/cxf/systest/jaxrs/security/alice.properties");
         bean.setProperties(properties);
         XmlSigOutInterceptor sigInterceptor = new XmlSigOutInterceptor();
-        sigInterceptor.setStyle(XmlSigOutInterceptor.ENVELOPING_SIG);
+        if (enveloping) {
+            sigInterceptor.setStyle(XmlSigOutInterceptor.ENVELOPING_SIG);
+        }
         bean.getOutInterceptors().add(sigInterceptor);
         bean.setServiceClass(BookStore.class);
         
@@ -120,7 +122,9 @@ public class JAXRSXmlSecTest extends Abs
                        "org/apache/cxf/systest/jaxrs/security/alice.properties");
         bean.setProperties(properties);
         XmlSigOutInterceptor sigInterceptor = new XmlSigOutInterceptor();
-        sigInterceptor.setStyle(XmlSigOutInterceptor.ENVELOPING_SIG);
+        if (enveloping) {
+            sigInterceptor.setStyle(XmlSigOutInterceptor.ENVELOPING_SIG);
+        }
         bean.getOutInterceptors().add(sigInterceptor);
         
         



Mime
View raw message