cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1221366 [2/2] - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/ rt/ws/secu...
Date Tue, 20 Dec 2011 17:41:59 GMT
Copied: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
(from r1221333, cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java?p2=cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java&p1=cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java&r1=1221333&r2=1221366&rev=1221366&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
Tue Dec 20 17:41:59 2011
@@ -20,12 +20,12 @@
 package org.apache.cxf.ws.security.policy.interceptors;
 
 import java.util.Collection;
-import java.util.Map;
+
+import javax.security.auth.callback.CallbackHandler;
 
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.interceptor.Fault;
-import org.apache.cxf.message.Message;
 import org.apache.cxf.phase.AbstractPhaseInterceptor;
 import org.apache.cxf.phase.Phase;
 import org.apache.cxf.ws.addressing.AddressingProperties;
@@ -33,131 +33,97 @@ import org.apache.cxf.ws.policy.Assertio
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.policy.SP12Constants;
-import org.apache.cxf.ws.security.policy.model.SecureConversationToken;
 import org.apache.cxf.ws.security.policy.model.Trust10;
 import org.apache.cxf.ws.security.policy.model.Trust13;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.trust.STSClient;
 import org.apache.cxf.ws.security.trust.STSUtils;
-import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.spnego.SpnegoTokenContext;
+import org.apache.ws.security.util.Base64;
 
-class SecureConversationOutInterceptor extends AbstractPhaseInterceptor<SoapMessage>
{
-    public SecureConversationOutInterceptor() {
+class SpnegoContextTokenOutInterceptor extends AbstractPhaseInterceptor<SoapMessage>
{
+    public SpnegoContextTokenOutInterceptor() {
         super(Phase.PREPARE_SEND);
     }
     public void handleMessage(SoapMessage message) throws Fault {
         AssertionInfoMap aim = message.get(AssertionInfoMap.class);
         // extract Assertion information
         if (aim != null) {
-            Collection<AssertionInfo> ais = aim.get(SP12Constants.SECURE_CONVERSATION_TOKEN);
+            Collection<AssertionInfo> ais = aim.get(SP12Constants.SPNEGO_CONTEXT_TOKEN);
             if (ais == null || ais.isEmpty()) {
                 return;
             }
             if (isRequestor(message)) {
-                SecureConversationToken itok = (SecureConversationToken)ais.iterator()
-                    .next().getAssertion();
-                
                 SecurityToken tok = (SecurityToken)message.getContextualProperty(SecurityConstants.TOKEN);
                 if (tok == null) {
                     String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
                     if (tokId != null) {
-                        tok = SecureConversationTokenInterceptorProvider
-                            .getTokenStore(message).getToken(tokId);
+                        tok = NegotiationUtils.getTokenStore(message).getToken(tokId);
                     }
                 }
                 if (tok == null) {
-                    tok = issueToken(message, aim, itok);
-                } else {
-                    renewToken(message, aim, tok, itok);
+                    tok = issueToken(message, aim);
                 }
                 if (tok != null) {
                     for (AssertionInfo ai : ais) {
                         ai.setAsserted(true);
                     }
-                    message.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID,

-                                                                  tok.getId());
-                    message.getExchange().put(SecurityConstants.TOKEN_ID, 
-                                              tok.getId());
-                    SecureConversationTokenInterceptorProvider.getTokenStore(message).add(tok);
-                    
+                    message.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID,
tok.getId());
+                    message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getId());
+                    NegotiationUtils.getTokenStore(message).add(tok);
                 }
             } else {
-                //server side should be checked on the way in
+                // server side should be checked on the way in
                 for (AssertionInfo ai : ais) {
                     ai.setAsserted(true);
-                }                    
+                }                   
             }
         }
     }
     
     
-    private void renewToken(SoapMessage message,
-                            AssertionInfoMap aim, 
-                            SecurityToken tok,
-                            SecureConversationToken itok) {
-        if (tok.getState() != SecurityToken.State.EXPIRED) {
-            return;
-        }
+    private SecurityToken issueToken(SoapMessage message, AssertionInfoMap aim) {
+        //
+        // Get a SPNEGO token
+        //
+        String jaasContext = 
+            (String)message.getContextualProperty(SecurityConstants.KERBEROS_JAAS_CONTEXT_NAME);
+        String kerberosSpn = 
+            (String)message.getContextualProperty(SecurityConstants.KERBEROS_SPN);
+        CallbackHandler callbackHandler = 
+            NegotiationUtils.getCallbackHandler(
+                message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER), this.getClass()
+            );
         
-        STSClient client = STSUtils.getClient(message, "sct");
-        AddressingProperties maps =
-            (AddressingProperties)message
-                .get("javax.xml.ws.addressing.context.outbound");
-        if (maps == null) {
-            maps = (AddressingProperties)message
-                .get("javax.xml.ws.addressing.context");
-        } else if (maps.getAction().getValue().endsWith("Renew")) {
-            return;
+        SpnegoTokenContext spnegoToken = new SpnegoTokenContext();
+        try {
+            spnegoToken.retrieveServiceTicket(jaasContext, callbackHandler, kerberosSpn);
+        } catch (WSSecurityException e) {
+            throw new Fault(e);
         }
-        synchronized (client) {
-            try {
-                SecureConversationTokenInterceptorProvider.setupClient(client, message, aim,
itok, true);
-
-                String s = message
-                    .getContextualProperty(Message.ENDPOINT_ADDRESS).toString();
-                client.setLocation(s);
-                
-                Map<String, Object> ctx = client.getRequestContext();
-                ctx.put(SecurityConstants.TOKEN, tok);
-                if (maps != null) {
-                    client.setAddressingNamespace(maps.getNamespaceURI());
-                }
-                client.renewSecurityToken(tok);
-            } catch (RuntimeException e) {
-                throw e;
-            } catch (Exception e) {
-                throw new Fault(e);
-            } finally {
-                client.setTrust((Trust10)null);
-                client.setTrust((Trust13)null);
-                client.setTemplate(null);
-                client.setLocation(null);
-                client.setAddressingNamespace(null);
-            }
-        }            
-    }
-    private SecurityToken issueToken(SoapMessage message,
-                                     AssertionInfoMap aim,
-                                     SecureConversationToken itok) {
-        STSClient client = STSUtils.getClient(message, "sct");
+        
+        //
+        // Now initiate WS-Trust exchange
+        //
+        STSClient client = STSUtils.getClient(message, "spnego");
         AddressingProperties maps =
-            (AddressingProperties)message
-                .get("javax.xml.ws.addressing.context.outbound");
+            (AddressingProperties)message.get("javax.xml.ws.addressing.context.outbound");
         if (maps == null) {
-            maps = (AddressingProperties)message
-                .get("javax.xml.ws.addressing.context");
+            maps = (AddressingProperties)message.get("javax.xml.ws.addressing.context");
         }
         synchronized (client) {
             try {
-                String s = SecureConversationTokenInterceptorProvider
-                    .setupClient(client, message, aim, itok, false);
-
-                SecurityToken tok = null;
+                String s = SpnegoTokenInterceptorProvider.setupClient(client, message, aim);
                 if (maps != null) {
                     client.setAddressingNamespace(maps.getNamespaceURI());
                 }
-                tok = client.requestSecurityToken(s);
-                tok.setTokenType(WSConstants.WSC_SCT);
+                SecurityToken tok = client.requestSecurityToken(s, Base64.encode(spnegoToken.getToken()));
+                
+                byte[] wrappedTok = spnegoToken.unwrapKey(tok.getSecret());
+                tok.setSecret(wrappedTok);
+                spnegoToken.clear();
+                
                 return tok;
             } catch (RuntimeException e) {
                 throw e;
@@ -172,5 +138,5 @@ class SecureConversationOutInterceptor e
             }
         }
     }
-
+    
 }
\ No newline at end of file

Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoTokenInterceptorProvider.java?rev=1221366&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoTokenInterceptorProvider.java
(added)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoTokenInterceptorProvider.java
Tue Dec 20 17:41:59 2011
@@ -0,0 +1,102 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.policy.interceptors;
+
+import java.util.Arrays;
+import java.util.Map;
+import java.util.logging.Logger;
+
+import org.apache.cxf.binding.soap.Soap11;
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.ws.policy.AbstractPolicyInterceptorProvider;
+import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.policy.SP11Constants;
+import org.apache.cxf.ws.security.policy.SP12Constants;
+import org.apache.cxf.ws.security.policy.model.AlgorithmSuite;
+import org.apache.cxf.ws.security.trust.STSClient;
+import org.apache.neethi.All;
+import org.apache.neethi.ExactlyOne;
+import org.apache.neethi.Policy;
+import org.apache.ws.security.WSSConfig;
+
+/**
+ * 
+ */
+public class SpnegoTokenInterceptorProvider extends AbstractPolicyInterceptorProvider {
+    static final Logger LOG = LogUtils.getL7dLogger(SpnegoTokenInterceptorProvider.class);
+
+    public SpnegoTokenInterceptorProvider() {
+        super(Arrays.asList(SP11Constants.SPNEGO_CONTEXT_TOKEN, SP12Constants.SPNEGO_CONTEXT_TOKEN));
+        this.getOutInterceptors().add(new SpnegoContextTokenOutInterceptor());
+        this.getOutFaultInterceptors().add(new SpnegoContextTokenOutInterceptor());
+        this.getInInterceptors().add(new SpnegoContextTokenInInterceptor());
+        this.getInFaultInterceptors().add(new SpnegoContextTokenInInterceptor());
+    }
+    
+    static String setupClient(STSClient client, SoapMessage message, AssertionInfoMap aim)
{
+        client.setTrust(NegotiationUtils.getTrust10(aim));
+        client.setTrust(NegotiationUtils.getTrust13(aim));
+        
+        Policy p = new Policy();
+        ExactlyOne ea = new ExactlyOne();
+        p.addPolicyComponent(ea);
+        All all = new All();
+        all.addPolicyComponent(NegotiationUtils.getAddressingPolicy(aim, false));
+        ea.addPolicyComponent(all);
+        
+        client.setPolicy(p);
+        client.setSoap11(message.getVersion() == Soap11.getInstance());
+        client.setSpnego(true);
+        
+        WSSConfig config = WSSConfig.getNewInstance();
+        String context = config.getIdAllocator().createSecureId("_", null);
+        client.setContext(context);
+        
+        String s = message.getContextualProperty(Message.ENDPOINT_ADDRESS).toString();
+        client.setLocation(s);
+        AlgorithmSuite suite = NegotiationUtils.getAlgorithmSuite(aim);
+        if (suite != null) {
+            client.setAlgorithmSuite(suite);
+            int x = suite.getMaximumSymmetricKeyLength();
+            if (x < 256) {
+                client.setKeySize(x);
+            }
+        }
+        
+        Map<String, Object> ctx = client.getRequestContext();
+        mapSecurityProps(message, ctx);
+        
+        return s;
+    }
+    
+    private static void mapSecurityProps(Message message, Map<String, Object> ctx)
{
+        for (String s : SecurityConstants.ALL_PROPERTIES) {
+            Object v = message.getContextualProperty(s);
+            if (v != null) {
+                ctx.put(s, v);
+            }
+        }
+    }
+    
+
+}

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SpnegoContextToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SpnegoContextToken.java?rev=1221366&r1=1221365&r2=1221366&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SpnegoContextToken.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SpnegoContextToken.java
Tue Dec 20 17:41:59 2011
@@ -40,7 +40,7 @@ public class SpnegoContextToken extends 
     }
     
     public QName getName() {
-        return SP12Constants.INSTANCE.getKerberosToken();
+        return SP12Constants.INSTANCE.getSpnegoContextToken();
     }
     
     /**

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=1221366&r1=1221365&r2=1221366&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
Tue Dec 20 17:41:59 2011
@@ -122,8 +122,10 @@ import org.apache.ws.security.components
 import org.apache.ws.security.conversation.ConversationException;
 import org.apache.ws.security.conversation.dkalgo.P_SHA1;
 import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.message.token.BinarySecurity;
 import org.apache.ws.security.message.token.Reference;
 import org.apache.ws.security.processor.EncryptedKeyProcessor;
+import org.apache.ws.security.processor.X509Util;
 import org.apache.ws.security.util.Base64;
 import org.apache.ws.security.util.WSSecurityUtil;
 import org.apache.ws.security.util.XmlSchemaDateFormat;
@@ -160,6 +162,7 @@ public class STSClient implements Config
 
     protected boolean useCertificateForConfirmationKeyInfo;
     protected boolean isSecureConv;
+    protected boolean isSpnego;
     protected boolean enableLifetime;
     protected int ttl = 300;
     
@@ -281,6 +284,14 @@ public class STSClient implements Config
         this.isSecureConv = secureConv;
     }
     
+    public boolean isSpnego() {
+        return isSpnego;
+    }
+
+    public void setSpnego(boolean spnego) {
+        this.isSpnego = spnego;
+    }
+    
     public boolean isEnableAppliesTo() {
         return enableAppliesTo;
     }
@@ -358,6 +369,10 @@ public class STSClient implements Config
         this.tokenType = tokenType;
     }
     
+    public String getTokenType() {
+        return tokenType;
+    }
+    
     public void setSendKeyType(boolean sendKeyType) {
         this.sendKeyType = sendKeyType;
     }
@@ -558,15 +573,24 @@ public class STSClient implements Config
     }
 
     public SecurityToken requestSecurityToken(String appliesTo) throws Exception {
+        return requestSecurityToken(appliesTo, null);
+    }
+    
+    public SecurityToken requestSecurityToken(String appliesTo, String binaryExchange) throws
Exception {
         String action = null;
         if (isSecureConv) {
             action = namespace + "/RST/SCT";
         }
-        return requestSecurityToken(appliesTo, action, "/Issue", null);
+        return requestSecurityToken(appliesTo, action, "/Issue", null, binaryExchange);
+    }
+    
+    public SecurityToken requestSecurityToken(String appliesTo, String action, String requestType,
+            SecurityToken target) throws Exception {
+        return requestSecurityToken(appliesTo, action, requestType, target, null);
     }
 
     public SecurityToken requestSecurityToken(String appliesTo, String action, String requestType,
-                                              SecurityToken target) throws Exception {
+                                              SecurityToken target, String binaryExchange)
throws Exception {
         createClient();
         BindingOperationInfo boi = findOperation("/RST/Issue");
 
@@ -612,6 +636,11 @@ public class STSClient implements Config
                 writer.writeEndElement();
             }
         }
+        
+        if (isSpnego) {
+            tokenType = STSUtils.getTokenTypeSCT(namespace);
+            sendKeyType = false;
+        }
 
         addRequestType(requestType, writer);
         if (enableAppliesTo) {
@@ -649,6 +678,8 @@ public class STSClient implements Config
             crypto = createCrypto(false);
             cert = getCert(crypto);
             writeElementsForRSTPublicKey(writer, cert);
+        } else if (isSpnego) {
+            addKeySize(keySize, writer);
         }
         
         if (target != null) {
@@ -660,6 +691,10 @@ public class STSClient implements Config
             StaxUtils.copy(el, writer);
             writer.writeEndElement();
         }
+        
+        if (binaryExchange != null) {
+            addBinaryExchange(binaryExchange, writer);
+        }
 
         Element actAsSecurityToken = getActAsToken();
         if (actAsSecurityToken != null) {
@@ -727,9 +762,7 @@ public class STSClient implements Config
         byte[] requestorEntropy = null;
 
         if (!wroteKeySize && (!isSecureConv || keySize != 256)) {
-            writer.writeStartElement("wst", "KeySize", namespace);
-            writer.writeCharacters(Integer.toString(keySize));
-            writer.writeEndElement();
+            addKeySize(keySize, writer);
         }
 
         if (requiresEntropy) {
@@ -786,6 +819,23 @@ public class STSClient implements Config
         writer.writeEndElement();
         writer.writeEndElement();
     }
+    
+    protected void addBinaryExchange(
+        String binaryExchange, 
+        W3CDOMStreamWriter writer
+    ) throws XMLStreamException {
+        writer.writeStartElement("wst", "BinaryExchange", namespace);
+        writer.writeAttribute("EncodingType", BinarySecurity.BASE64_ENCODING);
+        writer.writeAttribute("ValueType", namespace + "/spnego");
+        writer.writeCharacters(binaryExchange);
+        writer.writeEndElement();
+    }
+    
+    protected void addKeySize(int keysize, W3CDOMStreamWriter writer) throws XMLStreamException
{
+        writer.writeStartElement("wst", "KeySize", namespace);
+        writer.writeCharacters(Integer.toString(keysize));
+        writer.writeEndElement();
+    }
 
     protected void addRequestType(String requestType, W3CDOMStreamWriter writer) throws XMLStreamException
{
         writer.writeStartElement("wst", "RequestType", namespace);
@@ -1212,21 +1262,42 @@ public class STSClient implements Config
     }
     
     protected byte[] decryptKey(Element child) throws TrustException, WSSecurityException
{
-        try {
-            EncryptedKeyProcessor proc = new EncryptedKeyProcessor();
-            WSDocInfo docInfo = new WSDocInfo(child.getOwnerDocument());
-            RequestData data = new RequestData();
-            data.setWssConfig(WSSConfig.getNewInstance());
-            data.setDecCrypto(createCrypto(true));
-            data.setCallbackHandler(createHandler());
-            List<WSSecurityEngineResult> result =
-                proc.handleToken(child, data, docInfo);
-            return 
-                (byte[])result.get(0).get(
-                    WSSecurityEngineResult.TAG_SECRET
-                );
-        } catch (IOException e) {
-            throw new TrustException("ENCRYPTED_KEY_ERROR", LOG, e);
+        String encryptionAlgorithm = X509Util.getEncAlgo(child);
+        // For the SPNEGO case just return the decoded cipher value and decrypt it later
+        if (encryptionAlgorithm != null && encryptionAlgorithm.endsWith("spnego#GSS_Wrap"))
{
+            // Get the CipherValue
+            Element tmpE = 
+                WSSecurityUtil.getDirectChildElement(child, "CipherData", WSConstants.ENC_NS);
+            byte[] cipherValue = null;
+            if (tmpE != null) {
+                tmpE = 
+                    WSSecurityUtil.getDirectChildElement(tmpE, "CipherValue", WSConstants.ENC_NS);
+                if (tmpE != null) {
+                    String content = DOMUtils.getContent(tmpE);
+                    cipherValue = Base64.decode(content);
+                }
+            }
+            if (cipherValue == null) {
+                throw new WSSecurityException(WSSecurityException.INVALID_SECURITY, "noCipher");
+            }
+            return cipherValue;
+        } else {
+            try {
+                EncryptedKeyProcessor proc = new EncryptedKeyProcessor();
+                WSDocInfo docInfo = new WSDocInfo(child.getOwnerDocument());
+                RequestData data = new RequestData();
+                data.setWssConfig(WSSConfig.getNewInstance());
+                data.setDecCrypto(createCrypto(true));
+                data.setCallbackHandler(createHandler());
+                List<WSSecurityEngineResult> result =
+                    proc.handleToken(child, data, docInfo);
+                return 
+                    (byte[])result.get(0).get(
+                        WSSecurityEngineResult.TAG_SECRET
+                    );
+            } catch (IOException e) {
+                throw new TrustException("ENCRYPTED_KEY_ERROR", LOG, e);
+            }
         }
     }
 
@@ -1318,7 +1389,7 @@ public class STSClient implements Config
         if (id == null && rur != null) {
             id = this.getIDFromSTR(rur);
         }
-        if (id == null) {
+        if (id == null && rst != null) {
             id = rst.getAttributeNS(WSConstants.WSU_NS, "Id");
         }
         return id;

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=1221366&r1=1221365&r2=1221366&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
Tue Dec 20 17:41:59 2011
@@ -441,15 +441,6 @@ public class PolicyBasedWSS4JInIntercept
             }
         }
         
-        /*
-        WSSecurityEngineResult tsResult = WSSecurityUtil.fetchActionResult(results, WSConstants.TS);
-        Element timestamp = null;
-        if (tsResult != null) {
-            Timestamp ts = (Timestamp)tsResult.get(WSSecurityEngineResult.TAG_TIMESTAMP);
-            timestamp = ts.getElement();
-        }
-        */
-        
         //
         // Check policies
         //

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=1221366&r1=1221365&r2=1221366&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
Tue Dec 20 17:41:59 2011
@@ -43,6 +43,7 @@ import org.apache.cxf.ws.security.policy
 import org.apache.cxf.ws.security.policy.model.KerberosToken;
 import org.apache.cxf.ws.security.policy.model.SecureConversationToken;
 import org.apache.cxf.ws.security.policy.model.SecurityContextToken;
+import org.apache.cxf.ws.security.policy.model.SpnegoContextToken;
 import org.apache.cxf.ws.security.policy.model.SymmetricBinding;
 import org.apache.cxf.ws.security.policy.model.Token;
 import org.apache.cxf.ws.security.policy.model.TokenWrapper;
@@ -155,10 +156,11 @@ public class SymmetricBindingHandler ext
                 //SecureConversationToken
                 String tokenId = null;
                 SecurityToken tok = null;
-                if (encryptionToken instanceof IssuedToken || encryptionToken instanceof
KerberosToken) {
-                    tok = getSecurityToken();
-                } else if (encryptionToken instanceof SecureConversationToken
-                    || encryptionToken instanceof SecurityContextToken) {
+                if (encryptionToken instanceof IssuedToken 
+                    || encryptionToken instanceof KerberosToken
+                    || encryptionToken instanceof SecureConversationToken
+                    || encryptionToken instanceof SecurityContextToken
+                    || encryptionToken instanceof SpnegoContextToken) {
                     tok = getSecurityToken();
                 } else if (encryptionToken instanceof X509Token) {
                     if (isRequestor()) {
@@ -274,9 +276,10 @@ public class SymmetricBindingHandler ext
             SecurityToken sigTok = null;
             if (sigToken != null) {
                 if (sigToken instanceof SecureConversationToken
-                    || sigToken instanceof SecurityContextToken) {
-                    sigTok = getSecurityToken();
-                } else if (sigToken instanceof IssuedToken || sigToken instanceof KerberosToken)
{
+                    || sigToken instanceof SecurityContextToken
+                    || sigToken instanceof IssuedToken 
+                    || sigToken instanceof KerberosToken
+                    || sigToken instanceof SpnegoContextToken) {
                     sigTok = getSecurityToken();
                 } else if (sigToken instanceof X509Token) {
                     if (isRequestor()) {
@@ -528,7 +531,7 @@ public class SymmetricBindingHandler ext
                     encr.setEncryptSymmKey(false);
                     encr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
                     
-                    if (encrToken instanceof IssuedToken) {
+                    if (encrToken instanceof IssuedToken || encrToken instanceof SpnegoContextToken)
{
                         //Setting the AttachedReference or the UnattachedReference according
to the flag
                         Element ref;
                         if (attached) {

Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/client/client.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/client/client.xml?rev=1221366&r1=1221365&r2=1221366&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/client/client.xml
(original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/client/client.xml
Tue Dec 20 17:41:59 2011
@@ -47,13 +47,8 @@
            <entry key="ws-security.encryption.properties" 
                   value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
            <entry key="ws-security.encryption.username" value="bob"/>
-           <entry key="ws-security.kerberos.client">
-               <bean class="org.apache.cxf.ws.security.kerberos.KerberosClient">
-                   <constructor-arg ref="cxf"/>
-                   <property name="contextName" value="alice"/>
-                   <property name="serviceName" value="bob@service.ws.apache.org"/>
-               </bean>            
-           </entry>
+           <entry key="ws-security.kerberos.jaas.context" value="alice" />
+           <entry key="ws-security.kerberos.spn" value="bob@service.ws.apache.org" />
        </jaxws:properties>
     </jaxws:client>
     
@@ -63,13 +58,8 @@
            <entry key="ws-security.encryption.properties" 
                   value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
            <entry key="ws-security.encryption.username" value="bob"/>
-           <entry key="ws-security.kerberos.client">
-               <bean class="org.apache.cxf.ws.security.kerberos.KerberosClient">
-                   <constructor-arg ref="cxf"/>
-                   <property name="contextName" value="alice"/>
-                   <property name="serviceName" value="bob@service.ws.apache.org"/>
-               </bean>            
-           </entry>
+           <entry key="ws-security.kerberos.jaas.context" value="alice" />
+           <entry key="ws-security.kerberos.spn" value="bob@service.ws.apache.org" />
        </jaxws:properties>
     </jaxws:client>
     

Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/server/server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/server/server.xml?rev=1221366&r1=1221365&r2=1221366&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/server/server.xml
(original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/spnego/server/server.xml
Tue Dec 20 17:41:59 2011
@@ -46,12 +46,6 @@
         </cxf:features>
     </cxf:bus>
 
-    <bean id="kerberosValidator"
-        class="org.apache.ws.security.validate.KerberosTokenValidator">
-        <property name="contextName" value="bob"/>
-        <property name="serviceName" value="bob@service.ws.apache.org"/>
-    </bean> 
-    
     <jaxws:endpoint 
        id="SpnegoOverSymmetric"
        address="http://localhost:${testutil.ports.Server}/DoubleItSpnegoSymmetric" 
@@ -62,7 +56,7 @@
        wsdlLocation="org/apache/cxf/systest/ws/spnego/DoubleItSpnego.wsdl">
         
        <jaxws:properties>
-           <entry key="ws-security.bst.validator" value-ref="kerberosValidator"/>
+           <entry key="ws-security.kerberos.jaas.context" value="bob" />
        </jaxws:properties> 
      
     </jaxws:endpoint>  
@@ -77,7 +71,7 @@
        wsdlLocation="org/apache/cxf/systest/ws/spnego/DoubleItSpnego.wsdl">
         
        <jaxws:properties>
-           <entry key="ws-security.bst.validator" value-ref="kerberosValidator"/>
+           <entry key="ws-security.kerberos.jaas.context" value="bob" />
        </jaxws:properties> 
      
     </jaxws:endpoint>  



Mime
View raw message