cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1244464 - in /cxf/branches/2.4.x-fixes: rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/ rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/ rt/ws/security/src/test/resources/org/apache/cxf/ws/security/ws...
Date Wed, 15 Feb 2012 12:37:35 GMT
Author: coheigea
Date: Wed Feb 15 12:37:34 2012
New Revision: 1244464

URL: http://svn.apache.org/viewvc?rev=1244464&view=rev
Log:
Adding stricter SecurityPolicy parsing

Conflicts:

	rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/X509TokenBuilder.java


Conflicts:

	rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/AsymmetricBindingBuilder.java
	rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SymmetricBindingBuilder.java
	rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/X509TokenBuilder.java
	systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/client/client.xml
	systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/server/server.xml

Modified:
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/AlgorithmSuiteBuilder.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/AsymmetricBindingBuilder.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/EncryptedPartsBuilder.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/HttpsTokenBuilder.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/IssuedTokenBuilder.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/KerberosTokenBuilder.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/KeyValueTokenBuilder.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/LayoutBuilder.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/RequiredPartsBuilder.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SamlTokenBuilder.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SecureConversationTokenBuilder.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SecurityContextTokenBuilder.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SignedPartsBuilder.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SpnegoContextTokenBuilder.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SymmetricBindingBuilder.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/TransportBindingBuilder.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/UsernameTokenBuilder.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/X509TokenBuilder.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/test/resources/org/apache/cxf/ws/security/wss4j/signed_elements_with_sst_issued_token_policy.xml
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/DoubleItUt.wsdl
    cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/DoubleItKerberos.wsdl
    cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl
    cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml
    cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml
    cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/DoubleItUt.wsdl
    cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/client/client.xml
    cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server/server.xml
    cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/AlgorithmSuiteBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/AlgorithmSuiteBuilder.java?rev=1244464&r1=1244463&r2=1244464&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/AlgorithmSuiteBuilder.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/AlgorithmSuiteBuilder.java Wed Feb 15 12:37:34 2012
@@ -57,6 +57,11 @@ public class AlgorithmSuiteBuilder imple
             loader = new DefaultAlgorithmSuiteLoader();
         } 
         Element policyElement = DOMUtils.getFirstElement(element);
+        if (policyElement == null) {
+            throw new IllegalArgumentException(
+                "sp:AlgorithmSuite/wsp:Policy must have a value"
+            );
+        }
         AlgorithmSuite algorithmSuite = null;
         try {
             algorithmSuite = loader.getAlgorithmSuite(policyElement, consts);
@@ -64,7 +69,7 @@ public class AlgorithmSuiteBuilder imple
             throw new IllegalArgumentException(e);
         }
         
-        if (algorithmSuite == null) {
+        if (algorithmSuite == null && consts != SP11Constants.INSTANCE) {
             String algorithmSuiteName = DOMUtils.getFirstElement(policyElement).getLocalName();
             throw new IllegalArgumentException(
                 "Algorithm suite \"" + algorithmSuiteName + "\" is not registered"

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/AsymmetricBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/AsymmetricBindingBuilder.java?rev=1244464&r1=1244463&r2=1244464&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/AsymmetricBindingBuilder.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/AsymmetricBindingBuilder.java Wed Feb 15 12:37:34 2012
@@ -66,27 +66,25 @@ public class AsymmetricBindingBuilder im
         Policy policy = builder.getPolicy(DOMUtils.getFirstElement(element));
         policy = (Policy)policy.normalize(builder.getPolicyRegistry(), false);
 
-        for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
-            processAlternative((List)iterator.next(), asymmetricBinding, consts);
-
-            /*
-             * since there should be only one alternative
-             */
-            break;
+        Iterator<List<Assertion>> iterator = policy.getAlternatives();
+        if (!iterator.hasNext()) {
+            throw new IllegalArgumentException(
+                "sp:AsymmetricBinding must specify at least one alternative"
+            );
         }
+        processAlternative(iterator.next(), asymmetricBinding, consts);
 
         return asymmetricBinding;
     }
 
-    private void processAlternative(List assertions, 
+    private void processAlternative(List<Assertion> assertions, 
                                     AsymmetricBinding asymmetricBinding,
                                     SPConstants consts) {
 
-        Assertion assertion;
         QName name;
 
-        for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
-            assertion = (Assertion)iterator.next();
+        boolean foundAlgorithmSuite = false;
+        for (Assertion assertion : assertions) {
             name = assertion.getName();
 
             if (!consts.getNamespace().equals(name.getNamespaceURI())
@@ -94,7 +92,6 @@ public class AsymmetricBindingBuilder im
                 continue;
             }
 
-            
             if (SPConstants.INITIATOR_TOKEN.equals(name.getLocalPart())) {
                 asymmetricBinding.setInitiatorToken((InitiatorToken)assertion);
                 
@@ -115,6 +112,7 @@ public class AsymmetricBindingBuilder im
                 asymmetricBinding.setRecipientEncryptionToken((RecipientEncryptionToken)assertion);
 
             } else if (SPConstants.ALGO_SUITE.equals(name.getLocalPart())) {
+                foundAlgorithmSuite = true;
                 asymmetricBinding.setAlgorithmSuite((AlgorithmSuite)assertion);
 
             } else if (SPConstants.LAYOUT.equals(name.getLocalPart())) {
@@ -139,6 +137,12 @@ public class AsymmetricBindingBuilder im
                 asymmetricBinding.setEntireHeadersAndBodySignatures(true);
             }
         }
+        
+        if (!foundAlgorithmSuite && consts != SP11Constants.INSTANCE) {
+            throw new IllegalArgumentException(
+                "sp:AsymmetricBinding/wsp:Policy/sp:AlgorithmSuite must have a value"
+            );
+        }
     }
 
 }

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/EncryptedPartsBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/EncryptedPartsBuilder.java?rev=1244464&r1=1244463&r2=1244464&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/EncryptedPartsBuilder.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/EncryptedPartsBuilder.java Wed Feb 15 12:37:34 2012
@@ -75,6 +75,11 @@ public class EncryptedPartsBuilder imple
                 nameAttribute = "";
             }
             String namespaceAttribute = element.getAttribute(SPConstants.NAMESPACE);
+            if ("".equals(namespaceAttribute)) {
+                throw new IllegalArgumentException(
+                    "sp:EncryptedParts/sp:Header@Namespace must have a value"
+                );
+            }
             parent.addHeader(new Header(nameAttribute, namespaceAttribute));
 
         } else if ("Body".equals(element.getLocalName())) {

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/HttpsTokenBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/HttpsTokenBuilder.java?rev=1244464&r1=1244463&r2=1244464&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/HttpsTokenBuilder.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/HttpsTokenBuilder.java Wed Feb 15 12:37:34 2012
@@ -67,26 +67,28 @@ public class HttpsTokenBuilder implement
         httpsToken.setIgnorable(PolicyConstants.isIgnorable(element));
 
         if (consts.getVersion() == SPConstants.Version.SP_V11) {
-            String attr = DOMUtils.getAttribute(element,
-                                                SPConstants.REQUIRE_CLIENT_CERTIFICATE);
+            String attr = DOMUtils.getAttribute(element, SPConstants.REQUIRE_CLIENT_CERTIFICATE);
             if (attr != null) {
                 httpsToken.setRequireClientCertificate("true".equals(attr));
             }
         } else {
             Element polEl = PolicyConstants.findPolicyElement(element);
-             
-            if (polEl != null) {
-                Element child = DOMUtils.getFirstElement(polEl);
-                if (child != null) {
-                    if (SP12Constants.HTTP_BASIC_AUTHENTICATION.equals(DOMUtils.getElementQName(child))) {
-                        httpsToken.setHttpBasicAuthentication(true);
-                    } else if (SP12Constants.HTTP_DIGEST_AUTHENTICATION
-                            .equals(DOMUtils.getElementQName(child))) {
-                        httpsToken.setHttpDigestAuthentication(true);
-                    } else if (SP12Constants.REQUIRE_CLIENT_CERTIFICATE
-                            .equals(DOMUtils.getElementQName(child))) {
-                        httpsToken.setRequireClientCertificate(true);
-                    }
+            if (polEl == null) {
+                throw new IllegalArgumentException(
+                    "sp:HttpsToken/wsp:Policy must have a value"
+                );
+            }
+            
+            Element child = DOMUtils.getFirstElement(polEl);
+            if (child != null) {
+                if (SP12Constants.HTTP_BASIC_AUTHENTICATION.equals(DOMUtils.getElementQName(child))) {
+                    httpsToken.setHttpBasicAuthentication(true);
+                } else if (SP12Constants.HTTP_DIGEST_AUTHENTICATION
+                        .equals(DOMUtils.getElementQName(child))) {
+                    httpsToken.setHttpDigestAuthentication(true);
+                } else if (SP12Constants.REQUIRE_CLIENT_CERTIFICATE
+                        .equals(DOMUtils.getElementQName(child))) {
+                    httpsToken.setRequireClientCertificate(true);
                 }
             }
         }

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/IssuedTokenBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/IssuedTokenBuilder.java?rev=1244464&r1=1244463&r2=1244464&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/IssuedTokenBuilder.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/IssuedTokenBuilder.java Wed Feb 15 12:37:34 2012
@@ -67,6 +67,8 @@ public class IssuedTokenBuilder implemen
         }
         
         Element child = DOMUtils.getFirstElement(element);
+        boolean foundPolicy = false;
+        boolean foundRST = false;
         while (child != null) {
             String ln = child.getLocalName();
             if (SP11Constants.ISSUER.getLocalPart().equals(ln)) {
@@ -97,8 +99,10 @@ public class IssuedTokenBuilder implemen
     
                 issuedToken.setIssuerMex(issuerMex);
             } else if (SPConstants.REQUEST_SECURITY_TOKEN_TEMPLATE.equals(ln)) {
+                foundRST = true;
                 issuedToken.setRstTemplate(child);
             } else if (org.apache.neethi.Constants.ELEM_POLICY.equals(ln)) {
+                foundPolicy = true;
                 Policy policy = builder.getPolicy(child);
                 policy = (Policy)policy.normalize(builder.getPolicyRegistry(), false);
 
@@ -110,6 +114,18 @@ public class IssuedTokenBuilder implemen
             
             child = DOMUtils.getNextElement(child);
         }
+        
+        if (!foundPolicy && consts != SP11Constants.INSTANCE) {
+            throw new IllegalArgumentException(
+                "sp:IssuedToken/wsp:Policy must have a value"
+            );
+        }
+        if (!foundRST) {
+            throw new IllegalArgumentException(
+                "sp:IssuedToken/sp:RequestSecurityTokenTemplate must have a value"
+            );
+        }
+        
         return issuedToken;
     }
 

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/KerberosTokenBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/KerberosTokenBuilder.java?rev=1244464&r1=1244463&r2=1244464&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/KerberosTokenBuilder.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/KerberosTokenBuilder.java Wed Feb 15 12:37:34 2012
@@ -55,13 +55,15 @@ public class KerberosTokenBuilder implem
 
         String attribute = element.getAttributeNS(element.getNamespaceURI(), SPConstants.ATTR_INCLUDE_TOKEN);
         if (attribute != null) {
-            kerberosToken.setInclusion(consts.getInclusionFromAttributeValue(attribute));
+            kerberosToken.setInclusion(consts.getInclusionFromAttributeValue(attribute.trim()));
         }
         
         Element child = DOMUtils.getFirstElement(element);
+        boolean foundPolicy = false;
         while (child != null) {
             String ln = child.getLocalName();
             if (org.apache.neethi.Constants.ELEM_POLICY.equals(ln)) {
+                foundPolicy = true;
                 NodeList policyChildren = child.getChildNodes();
                 if (policyChildren != null) {
                     for (int i = 0; i < policyChildren.getLength(); i++) {
@@ -83,6 +85,12 @@ public class KerberosTokenBuilder implem
             }
             child = DOMUtils.getNextElement(child);
         }
+        
+        if (!foundPolicy && consts != SP11Constants.INSTANCE) {
+            throw new IllegalArgumentException(
+                "sp:KerberosToken/wsp:Policy must have a value"
+            );
+        }
         return kerberosToken;
     }
 

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/KeyValueTokenBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/KeyValueTokenBuilder.java?rev=1244464&r1=1244463&r2=1244464&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/KeyValueTokenBuilder.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/KeyValueTokenBuilder.java Wed Feb 15 12:37:34 2012
@@ -61,13 +61,16 @@ public class KeyValueTokenBuilder implem
         }
 
         Element polEl = PolicyConstants.findPolicyElement(element);
-        if (polEl != null) {
-            Element child = DOMUtils.getFirstElement(polEl);
-            if (child != null) {
-                QName qname = new QName(child.getNamespaceURI(), child.getLocalName());
-                if ("RsaKeyValue".equals(qname.getLocalPart())) {
-                    token.setForceRsaKeyValue(true);
-                }
+        if (polEl == null) {
+            throw new IllegalArgumentException(
+                "sp:KeyValueToken/wsp:Policy must have a value"
+            );
+        }
+        Element child = DOMUtils.getFirstElement(polEl);
+        if (child != null) {
+            QName qname = new QName(child.getNamespaceURI(), child.getLocalName());
+            if ("RsaKeyValue".equals(qname.getLocalPart())) {
+                token.setForceRsaKeyValue(true);
             }
         }
         return token;

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/LayoutBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/LayoutBuilder.java?rev=1244464&r1=1244463&r2=1244464&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/LayoutBuilder.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/LayoutBuilder.java Wed Feb 15 12:37:34 2012
@@ -55,6 +55,11 @@ public class LayoutBuilder implements As
 
     public void processAlternative(Element element, Layout parent, SPConstants consts) {
         Element polEl = PolicyConstants.findPolicyElement(element);
+        if (polEl == null && consts != SP11Constants.INSTANCE) {
+            throw new IllegalArgumentException(
+                "sp:Layout/wsp:Policy must have a value"
+            );
+        }
         if (polEl != null) {
             Element child = DOMUtils.getFirstElement(polEl);
             if (child != null) {

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/RequiredPartsBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/RequiredPartsBuilder.java?rev=1244464&r1=1244463&r2=1244464&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/RequiredPartsBuilder.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/RequiredPartsBuilder.java Wed Feb 15 12:37:34 2012
@@ -61,6 +61,11 @@ public class RequiredPartsBuilder implem
             }
 
             String namespaceAttribute = element.getAttribute(SPConstants.NAMESPACE);
+            if ("".equals(namespaceAttribute)) {
+                throw new IllegalArgumentException(
+                    "sp:RequiredParts/sp:Header@Namespace must have a value"
+                );
+            }
             parent.addHeader(new Header(nameAttribute, namespaceAttribute));
         }
     }

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SamlTokenBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SamlTokenBuilder.java?rev=1244464&r1=1244463&r2=1244464&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SamlTokenBuilder.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SamlTokenBuilder.java Wed Feb 15 12:37:34 2012
@@ -59,9 +59,11 @@ public class SamlTokenBuilder implements
         }
         
         Element child = DOMUtils.getFirstElement(element);
+        boolean foundPolicy = false;
         while (child != null) {
             String ln = child.getLocalName();
             if (org.apache.neethi.Constants.ELEM_POLICY.equals(ln)) {
+                foundPolicy = true;
                 NodeList policyChildren = child.getChildNodes();
                 if (policyChildren != null) {
                     for (int i = 0; i < policyChildren.getLength(); i++) {
@@ -91,6 +93,13 @@ public class SamlTokenBuilder implements
             }
             child = DOMUtils.getNextElement(child);
         }
+        
+        if (!foundPolicy && consts != SP11Constants.INSTANCE) {
+            throw new IllegalArgumentException(
+                "sp:SpnegoContextToken/wsp:Policy must have a value"
+            );
+        }
+        
         return samlToken;
     }
 

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SecureConversationTokenBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SecureConversationTokenBuilder.java?rev=1244464&r1=1244463&r2=1244464&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SecureConversationTokenBuilder.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SecureConversationTokenBuilder.java Wed Feb 15 12:37:34 2012
@@ -58,20 +58,16 @@ public class SecureConversationTokenBuil
         conversationToken.setIgnorable(PolicyConstants.isIgnorable(element));
 
         String attribute = DOMUtils.getAttribute(element, consts.getIncludeToken());
-        if (attribute == null) {
-            throw new IllegalArgumentException("SecureConversationToken doesn't contain "
-                                               + "any sp:IncludeToken attribute");
+        if (attribute != null) {
+            conversationToken.setInclusion(consts.getInclusionFromAttributeValue(attribute.trim()));
         }
-
-        String inclusionValue = attribute.trim();
-
-        conversationToken.setInclusion(consts.getInclusionFromAttributeValue(inclusionValue));
-
         
         Element elem = DOMUtils.getFirstElement(element);
+        boolean foundPolicy = false;
         while (elem != null) {
             QName qn = DOMUtils.getElementQName(elem);
             if (Constants.isPolicyElement(qn)) {
+                foundPolicy = true;
                 if (DOMUtils.getFirstChildWithName(elem, 
                                                    consts.getNamespace(),
                                                    SPConstants.REQUIRE_DERIVED_KEYS) != null) {
@@ -122,6 +118,12 @@ public class SecureConversationTokenBuil
             elem = DOMUtils.getNextElement(elem);
         }
         
+        if (!foundPolicy && consts != SP11Constants.INSTANCE) {
+            throw new IllegalArgumentException(
+                "sp:SecureConversationToken/wsp:Policy must have a value"
+            );
+        }
+        
         return conversationToken;
     }
 

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SecurityContextTokenBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SecurityContextTokenBuilder.java?rev=1244464&r1=1244463&r2=1244464&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SecurityContextTokenBuilder.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SecurityContextTokenBuilder.java Wed Feb 15 12:37:34 2012
@@ -54,27 +54,31 @@ public class SecurityContextTokenBuilder
         }
 
         element = PolicyConstants.findPolicyElement(element);
+        if (element == null && consts != SP11Constants.INSTANCE) {
+            throw new IllegalArgumentException(
+                "sp:SecurityContextToken/wsp:Policy must have a value"
+            );
+        }
 
         if (element != null) {
-
             if (DOMUtils.getFirstChildWithName(element, 
-                                               consts.getNamespace(),
-                                               SPConstants.REQUIRE_DERIVED_KEYS) != null) {
+                    consts.getNamespace(),
+                    SPConstants.REQUIRE_DERIVED_KEYS) != null) {
                 contextToken.setDerivedKeys(true);
             }
-
+    
             if (DOMUtils.getFirstChildWithName(element, 
-                                               consts.getNamespace(),
-                                               SPConstants.REQUIRE_EXTERNAL_URI_REFERENCE) != null) {
+                    consts.getNamespace(),
+                    SPConstants.REQUIRE_EXTERNAL_URI_REFERENCE) != null) {
                 contextToken.setRequireExternalUriRef(true);
             }
-
+    
             if (DOMUtils.getFirstChildWithName(element,
-                                               consts.getNamespace(),
-                                               SPConstants.SC10_SECURITY_CONTEXT_TOKEN) != null) {
+                    consts.getNamespace(),
+                    SPConstants.SC10_SECURITY_CONTEXT_TOKEN) != null) {
                 contextToken.setSc10SecurityContextToken(true);
             }
-            
+    
             if (DOMUtils.getFirstChildWithName(element,
                     consts.getNamespace(),
                     SPConstants.SC13_SECURITY_CONTEXT_TOKEN) != null) {

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SignedPartsBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SignedPartsBuilder.java?rev=1244464&r1=1244463&r2=1244464&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SignedPartsBuilder.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SignedPartsBuilder.java Wed Feb 15 12:37:34 2012
@@ -77,6 +77,11 @@ public class SignedPartsBuilder implemen
                 nameAttribute = "";
             }
             String namespaceAttribute = element.getAttribute(SPConstants.NAMESPACE);
+            if ("".equals(namespaceAttribute)) {
+                throw new IllegalArgumentException(
+                    "sp:SignedParts/sp:Header@Namespace must have a value"
+                );
+            }
 
             parent.addHeader(new Header(nameAttribute, namespaceAttribute));
 

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SpnegoContextTokenBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SpnegoContextTokenBuilder.java?rev=1244464&r1=1244463&r2=1244464&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SpnegoContextTokenBuilder.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SpnegoContextTokenBuilder.java Wed Feb 15 12:37:34 2012
@@ -58,19 +58,16 @@ public class SpnegoContextTokenBuilder i
         spnegoContextToken.setIgnorable(PolicyConstants.isIgnorable(element));
         
         String attribute = DOMUtils.getAttribute(element, consts.getIncludeToken());
-        if (attribute == null) {
-            throw new IllegalArgumentException("SpnegoContextToken doesn't contain "
-                                               + "any sp:IncludeToken attribute");
+        if (attribute != null) {
+            spnegoContextToken.setInclusion(consts.getInclusionFromAttributeValue(attribute.trim()));
         }
 
-        String inclusionValue = attribute.trim();
-
-        spnegoContextToken.setInclusion(consts.getInclusionFromAttributeValue(inclusionValue));
-
         Element elem = DOMUtils.getFirstElement(element);
+        boolean foundPolicy = false;
         while (elem != null) {
             QName qn = DOMUtils.getElementQName(elem);
             if (Constants.isPolicyElement(qn)) {
+                foundPolicy = true;
                 if (DOMUtils.getFirstChildWithName(elem, consts.getNamespace(),
                         SPConstants.REQUIRE_DERIVED_KEYS) != null) {
                     spnegoContextToken.setDerivedKeys(true);
@@ -87,6 +84,12 @@ public class SpnegoContextTokenBuilder i
             }
             elem = DOMUtils.getNextElement(elem);
         }
+        
+        if (!foundPolicy && consts != SP11Constants.INSTANCE) {
+            throw new IllegalArgumentException(
+                "sp:SpnegoContextToken/wsp:Policy must have a value"
+            );
+        }
         return spnegoContextToken;
     }
 

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SymmetricBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SymmetricBindingBuilder.java?rev=1244464&r1=1244463&r2=1244464&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SymmetricBindingBuilder.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SymmetricBindingBuilder.java Wed Feb 15 12:37:34 2012
@@ -61,24 +61,26 @@ public class SymmetricBindingBuilder imp
         Policy policy = builder.getPolicy(DOMUtils.getFirstElement(element));
         policy = (Policy)policy.normalize(builder.getPolicyRegistry(), false);
 
-        for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
-            processAlternatives((List)iterator.next(), symmetricBinding, consts);
-
-            /*
-             * since there should be only one alternative ..
-             */
-            break;
+        Iterator<List<Assertion>> iterator = policy.getAlternatives();
+        if (!iterator.hasNext()) {
+            throw new IllegalArgumentException(
+                "sp:SymmetricBinding must specify at least one alternative"
+            );
         }
+        processAlternatives(iterator.next(), symmetricBinding, consts);
+
         return symmetricBinding;
     }
 
 
-    private void processAlternatives(List assertions, SymmetricBinding symmetricBinding, SPConstants consts) {
-        Assertion assertion;
+    private void processAlternatives(
+        List<Assertion> assertions,
+        SymmetricBinding symmetricBinding,
+        SPConstants consts
+    ) {
         QName name;
-
-        for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
-            assertion = (Assertion)iterator.next();
+        boolean foundAlgorithmSuite = false;
+        for (Assertion assertion : assertions) {
             name = assertion.getName();
 
             if (!consts.getNamespace().equals(name.getNamespaceURI())
@@ -87,6 +89,7 @@ public class SymmetricBindingBuilder imp
             }
 
             if (SPConstants.ALGO_SUITE.equals(name.getLocalPart())) {
+                foundAlgorithmSuite = true;
                 symmetricBinding.setAlgorithmSuite((AlgorithmSuite)assertion);
 
             } else if (SPConstants.LAYOUT.equals(name.getLocalPart())) {
@@ -112,5 +115,11 @@ public class SymmetricBindingBuilder imp
                 symmetricBinding.setTokenProtection(true);
             } 
         }
+        
+        if (!foundAlgorithmSuite && consts != SP11Constants.INSTANCE) {
+            throw new IllegalArgumentException(
+                "sp:SymmetricBinding/wsp:Policy/sp:AlgorithmSuite must have a value"
+            );
+        }
     }
 }

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/TransportBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/TransportBindingBuilder.java?rev=1244464&r1=1244463&r2=1244464&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/TransportBindingBuilder.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/TransportBindingBuilder.java Wed Feb 15 12:37:34 2012
@@ -68,6 +68,8 @@ public class TransportBindingBuilder imp
                                     SPConstants consts,
                                     AssertionBuilderFactory factory) {
         Element polEl = DOMUtils.getFirstElement(element);
+        boolean foundTransportToken = false;
+        boolean foundAlgorithmSuite = false;
         while (polEl != null) {
             if (Constants.isPolicyElement(new QName(polEl.getNamespaceURI(),
                                                        polEl.getLocalName()))) {
@@ -75,9 +77,11 @@ public class TransportBindingBuilder imp
                 while (child != null) {
                     String name = child.getLocalName();
                     if (name.equals(SPConstants.ALGO_SUITE)) {
+                        foundAlgorithmSuite = true;
                         parent.setAlgorithmSuite((AlgorithmSuite)new AlgorithmSuiteBuilder(bus)
                             .build(child, factory));
                     } else if (name.equals(SPConstants.TRANSPORT_TOKEN)) {
+                        foundTransportToken = true;
                         parent.setTransportToken((TransportToken)new TransportTokenBuilder(builder)
                                                         .build(child, factory));
                     } else if (name.equals(SPConstants.INCLUDE_TIMESTAMP)) {
@@ -103,6 +107,17 @@ public class TransportBindingBuilder imp
             polEl = DOMUtils.getNextElement(polEl);
         }
         
+        if (!foundTransportToken && consts != SP11Constants.INSTANCE) {
+            throw new IllegalArgumentException(
+                "sp:TransportBinding/wsp:Policy/sp:TransportToken must have a value"
+            );
+        }
+        if (!foundAlgorithmSuite) {
+            throw new IllegalArgumentException(
+                "sp:TransportBinding/wsp:Policy/sp:AlgorithmSuite must have a value"
+            );
+        }
+        
     }
 
 }

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/UsernameTokenBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/UsernameTokenBuilder.java?rev=1244464&r1=1244463&r2=1244464&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/UsernameTokenBuilder.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/UsernameTokenBuilder.java Wed Feb 15 12:37:34 2012
@@ -59,6 +59,11 @@ public class UsernameTokenBuilder implem
         }
 
         Element polEl = PolicyConstants.findPolicyElement(element);
+        if (polEl == null && consts != SP11Constants.INSTANCE) {
+            throw new IllegalArgumentException(
+                "sp:UsernameToken/wsp:Policy must have a value"
+            );
+        }
         if (polEl != null) {
             NodeList children = polEl.getChildNodes();
             if (children != null) {

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/X509TokenBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/X509TokenBuilder.java?rev=1244464&r1=1244463&r2=1244464&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/X509TokenBuilder.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/X509TokenBuilder.java Wed Feb 15 12:37:34 2012
@@ -54,6 +54,11 @@ public class X509TokenBuilder implements
         x509Token.setIgnorable(PolicyConstants.isIgnorable(element));
 
         Element policyElement = DOMUtils.getFirstElement(element);
+        if (policyElement == null && consts != SP11Constants.INSTANCE) {
+            throw new IllegalArgumentException(
+                "sp:X509Token/wsp:Policy must have a value"
+            );
+        }
 
         // Process token inclusion
         String includeAttr = DOMUtils.getAttribute(element, consts.getIncludeToken());
@@ -65,29 +70,27 @@ public class X509TokenBuilder implements
         }
 
         if (policyElement != null) {
-
             if (DOMUtils.getFirstChildWithName(policyElement, consts.getRequiredDerivedKeys()) != null) {
                 x509Token.setDerivedKeys(true);
             } else if (DOMUtils.getFirstChildWithName(policyElement, 
-                                                      SP12Constants.REQUIRE_IMPLIED_DERIVED_KEYS) != null) {
+                    SP12Constants.REQUIRE_IMPLIED_DERIVED_KEYS) != null) {
                 x509Token.setImpliedDerivedKeys(true);
             } else if (DOMUtils.getFirstChildWithName(policyElement, 
-                                                      SP12Constants.REQUIRE_EXPLICIT_DERIVED_KEYS) != null) {
+                    SP12Constants.REQUIRE_EXPLICIT_DERIVED_KEYS) != null) {
                 x509Token.setExplicitDerivedKeys(true);
             }
+        }
 
+        Policy policy = builder.getPolicy(DOMUtils.getFirstElement(element));
+        policy = policy.normalize(builder.getPolicyRegistry(), false);
 
-            Policy policy = builder.getPolicy(DOMUtils.getFirstElement(element));
-            policy = (Policy)policy.normalize(builder.getPolicyRegistry(), false);
-
-            for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
-                processAlternative((List)iterator.next(), x509Token, consts);
+        for (Iterator<List<Assertion>> iterator = policy.getAlternatives(); iterator.hasNext();) {
+            processAlternative(iterator.next(), x509Token, consts);
 
-                /*
-                 * since there should be only one alternative
-                 */
-                break;
-            }
+            /*
+             * since there should be only one alternative
+             */
+            break;
         }
         return x509Token;
     }

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java?rev=1244464&r1=1244463&r2=1244464&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java Wed Feb 15 12:37:34 2012
@@ -77,9 +77,6 @@ public class PolicyBasedWss4JInOutTest e
                 Arrays.asList(CoverageType.SIGNED));
     }
     
-    // TODO this test does not follow the traditional pattern as no server-side enforcement
-    // of algorithm suites yet exists.  This support is blocked on WSS4J patches.  In the interim
-    // the outbound side is tested ONLY.
     @Test
     public void testSignedElementsWithIssuedSAMLToken() throws Exception {
         this.runOutInterceptorAndValidateSamlTokenAttached(

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/test/resources/org/apache/cxf/ws/security/wss4j/signed_elements_with_sst_issued_token_policy.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/test/resources/org/apache/cxf/ws/security/wss4j/signed_elements_with_sst_issued_token_policy.xml?rev=1244464&r1=1244463&r2=1244464&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/test/resources/org/apache/cxf/ws/security/wss4j/signed_elements_with_sst_issued_token_policy.xml (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/test/resources/org/apache/cxf/ws/security/wss4j/signed_elements_with_sst_issued_token_policy.xml Wed Feb 15 12:37:34 2012
@@ -25,6 +25,7 @@
                 </wst:Participants>
                 <wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</wst:KeyType>
               </sp:RequestSecurityTokenTemplate>
+              <wsp:Policy/>
            </sp:IssuedToken>
         </wsp:Policy>
       </sp:SignedSupportingTokens>

Modified: cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/DoubleItUt.wsdl
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/DoubleItUt.wsdl?rev=1244464&r1=1244463&r2=1244464&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/DoubleItUt.wsdl (original)
+++ cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/DoubleItUt.wsdl Wed Feb 15 12:37:34 2012
@@ -191,6 +191,7 @@
             <wsp:Policy>
                 <sp:UsernameToken
                     sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                    <wsp:Policy/>
                 </sp:UsernameToken>
             </wsp:Policy>
         </sp:SupportingTokens>
@@ -230,7 +231,9 @@
             <wsp:Policy>
                 <sp:TransportToken>
                     <wsp:Policy>
-                        <sp:HttpsToken/>
+                        <sp:HttpsToken>
+                            <wsp:Policy/>
+                        </sp:HttpsToken>
                     </wsp:Policy>
                 </sp:TransportToken>
                 <sp:AlgorithmSuite>
@@ -248,7 +251,9 @@
         </sp:TransportBinding>
         <sp:SupportingTokens>
             <wsp:Policy>
-                <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"/>
+                <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                    <wsp:Policy/>
+                </sp:UsernameToken>
             </wsp:Policy>
         </sp:SupportingTokens>
     </wsp:Policy>

Modified: cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/DoubleItKerberos.wsdl
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/DoubleItKerberos.wsdl?rev=1244464&r1=1244463&r2=1244464&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/DoubleItKerberos.wsdl (original)
+++ cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/DoubleItKerberos.wsdl Wed Feb 15 12:37:34 2012
@@ -327,7 +327,9 @@
                     <wsp:Policy>
                         <sp:TransportToken>
                             <wsp:Policy>
-                                <sp:HttpsToken RequireClientCertificate="false" />
+                                <sp:HttpsToken>
+                                    <wsp:Policy/>
+                                </sp:HttpsToken>
                             </wsp:Policy>
                         </sp:TransportToken>
                         <sp:Layout>
@@ -528,7 +530,9 @@
                     <wsp:Policy>
                         <sp:TransportToken>
                             <wsp:Policy>
-                                <sp:HttpsToken RequireClientCertificate="false" />
+                                <sp:HttpsToken>
+                                    <wsp:Policy/>
+                                </sp:HttpsToken>
                             </wsp:Policy>
                         </sp:TransportToken>
                         <sp:Layout>

Modified: cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl?rev=1244464&r1=1244463&r2=1244464&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl (original)
+++ cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl Wed Feb 15 12:37:34 2012
@@ -310,7 +310,9 @@
                     <wsp:Policy>
                         <sp:TransportToken>
                             <wsp:Policy>
-                                <sp:HttpsToken RequireClientCertificate="false" />
+                                <sp:HttpsToken>
+                                    <wsp:Policy/>
+                                </sp:HttpsToken>
                             </wsp:Policy>
                         </sp:TransportToken>
                         <sp:Layout>
@@ -346,7 +348,9 @@
                     <wsp:Policy>
                         <sp:TransportToken>
                             <wsp:Policy>
-                                <sp:HttpsToken RequireClientCertificate="false" />
+                                <sp:HttpsToken>
+                                    <wsp:Policy/>
+                                </sp:HttpsToken>
                             </wsp:Policy>
                         </sp:TransportToken>
                         <sp:Layout>
@@ -382,7 +386,9 @@
                     <wsp:Policy>
                         <sp:TransportToken>
                             <wsp:Policy>
-                                <sp:HttpsToken RequireClientCertificate="false" />
+                                <sp:HttpsToken>
+                                    <wsp:Policy/>
+                                </sp:HttpsToken>
                             </wsp:Policy>
                         </sp:TransportToken>
                         <sp:Layout>
@@ -804,7 +810,9 @@
                     <wsp:Policy>
                         <sp:TransportToken>
                             <wsp:Policy>
-                                <sp:HttpsToken RequireClientCertificate="false" />
+                                <sp:HttpsToken>
+                                    <wsp:Policy/>
+                                </sp:HttpsToken>
                             </wsp:Policy>
                         </sp:TransportToken>
                         <sp:Layout>

Modified: cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml?rev=1244464&r1=1244463&r2=1244464&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml (original)
+++ cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml Wed Feb 15 12:37:34 2012
@@ -196,7 +196,9 @@
                                        <wsp:Policy>
                                           <sp:TransportToken>
                                              <wsp:Policy>
-                                                <sp:HttpsToken RequireClientCertificate="false" />
+                                                <sp:HttpsToken>
+                                                    <wsp:Policy/>
+                                                </sp:HttpsToken>
                                              </wsp:Policy>
                                           </sp:TransportToken>
                                           <sp:Layout>

Modified: cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml?rev=1244464&r1=1244463&r2=1244464&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml (original)
+++ cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml Wed Feb 15 12:37:34 2012
@@ -300,7 +300,9 @@
                                        <wsp:Policy>
                                           <sp:TransportToken>
                                              <wsp:Policy>
-                                                <sp:HttpsToken RequireClientCertificate="false" />
+                                                <sp:HttpsToken>
+                                                    <wsp:Policy/>
+                                                </sp:HttpsToken>
                                              </wsp:Policy>
                                           </sp:TransportToken>
                                           <sp:Layout>

Modified: cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/DoubleItUt.wsdl
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/DoubleItUt.wsdl?rev=1244464&r1=1244463&r2=1244464&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/DoubleItUt.wsdl (original)
+++ cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/DoubleItUt.wsdl Wed Feb 15 12:37:34 2012
@@ -214,7 +214,9 @@
                     <wsp:Policy>
                         <sp:TransportToken>
                             <wsp:Policy>
-                                <sp:HttpsToken RequireClientCertificate="false" />
+                                <sp:HttpsToken>
+                                    <wsp:Policy/>
+                                </sp:HttpsToken>
                             </wsp:Policy>
                         </sp:TransportToken>
                         <sp:Layout>
@@ -251,7 +253,9 @@
                     <wsp:Policy>
                         <sp:TransportToken>
                             <wsp:Policy>
-                                <sp:HttpsToken RequireClientCertificate="false" />
+                                <sp:HttpsToken>
+                                    <wsp:Policy/>
+                                </sp:HttpsToken>
                             </wsp:Policy>
                         </sp:TransportToken>
                         <sp:Layout>
@@ -290,7 +294,9 @@
                     <wsp:Policy>
                         <sp:TransportToken>
                             <wsp:Policy>
-                                <sp:HttpsToken RequireClientCertificate="false" />
+                                <sp:HttpsToken>
+                                    <wsp:Policy/>
+                                </sp:HttpsToken>
                             </wsp:Policy>
                         </sp:TransportToken>
                         <sp:Layout>
@@ -328,7 +334,9 @@
                     <wsp:Policy>
                         <sp:TransportToken>
                             <wsp:Policy>
-                                <sp:HttpsToken RequireClientCertificate="false" />
+                                <sp:HttpsToken>
+                                    <wsp:Policy/>
+                                </sp:HttpsToken>
                             </wsp:Policy>
                         </sp:TransportToken>
                         <sp:Layout>
@@ -366,7 +374,9 @@
                     <wsp:Policy>
                         <sp:TransportToken>
                             <wsp:Policy>
-                                <sp:HttpsToken RequireClientCertificate="false" />
+                                <sp:HttpsToken>
+                                    <wsp:Policy/>
+                                </sp:HttpsToken>
                             </wsp:Policy>
                         </sp:TransportToken>
                         <sp:Layout>
@@ -413,7 +423,9 @@
                     <wsp:Policy>
                         <sp:TransportToken>
                             <wsp:Policy>
-                                <sp:HttpsToken RequireClientCertificate="false" />
+                                <sp:HttpsToken>
+                                    <wsp:Policy/>
+                                </sp:HttpsToken>
                             </wsp:Policy>
                         </sp:TransportToken>
                         <sp:Layout>
@@ -450,7 +462,9 @@
                     <wsp:Policy>
                         <sp:TransportToken>
                             <wsp:Policy>
-                                <sp:HttpsToken RequireClientCertificate="false" />
+                                <sp:HttpsToken>
+                                    <wsp:Policy/>
+                                </sp:HttpsToken>
                             </wsp:Policy>
                         </sp:TransportToken>
                         <sp:Layout>

Modified: cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/client/client.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/client/client.xml?rev=1244464&r1=1244463&r2=1244464&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/client/client.xml (original)
+++ cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/client/client.xml Wed Feb 15 12:37:34 2012
@@ -142,7 +142,9 @@
                                        <wsp:Policy>
                                           <sp:TransportToken>
                                              <wsp:Policy>
-                                                <sp:HttpsToken RequireClientCertificate="false" />
+                                                <sp:HttpsToken>
+                                                    <wsp:Policy/>
+                                                </sp:HttpsToken>
                                              </wsp:Policy>
                                           </sp:TransportToken>
                                           <sp:Layout>

Modified: cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server/server.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server/server.xml?rev=1244464&r1=1244463&r2=1244464&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server/server.xml (original)
+++ cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server/server.xml Wed Feb 15 12:37:34 2012
@@ -221,7 +221,9 @@
                                        <wsp:Policy>
                                           <sp:TransportToken>
                                              <wsp:Policy>
-                                                <sp:HttpsToken RequireClientCertificate="false" />
+                                                <sp:HttpsToken>
+                                                    <wsp:Policy/>
+                                                </sp:HttpsToken>
                                              </wsp:Policy>
                                           </sp:TransportToken>
                                           <sp:Layout>
@@ -240,7 +242,9 @@
                                     <sp:SupportingTokens>
                                         <wsp:Policy>
                                             <sp:UsernameToken
-                                                sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient" />
+                                                sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                                                <wsp:Policy/>
+                                            </sp:UsernameToken>
                                         </wsp:Policy>
                                     </sp:SupportingTokens>
                                 </wsp:All>

Modified: cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl?rev=1244464&r1=1244463&r2=1244464&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl (original)
+++ cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl Wed Feb 15 12:37:34 2012
@@ -496,7 +496,9 @@
                     <wsp:Policy>
                         <sp:TransportToken>
                             <wsp:Policy>
-                                <sp:HttpsToken RequireClientCertificate="false" />
+                                <sp:HttpsToken>
+                                    <wsp:Policy/>
+                                </sp:HttpsToken>
                             </wsp:Policy>
                         </sp:TransportToken>
                         <sp:Layout>
@@ -533,7 +535,9 @@
                     <wsp:Policy>
                         <sp:TransportToken>
                             <wsp:Policy>
-                                <sp:HttpsToken RequireClientCertificate="false" />
+                                <sp:HttpsToken>
+                                    <wsp:Policy/>
+                                </sp:HttpsToken>
                             </wsp:Policy>
                         </sp:TransportToken>
                         <sp:Layout>
@@ -570,7 +574,9 @@
                     <wsp:Policy>
                         <sp:TransportToken>
                             <wsp:Policy>
-                                <sp:HttpsToken RequireClientCertificate="false" />
+                                <sp:HttpsToken>
+                                    <wsp:Policy/>
+                                </sp:HttpsToken>
                             </wsp:Policy>
                         </sp:TransportToken>
                         <sp:Layout>
@@ -607,7 +613,9 @@
                     <wsp:Policy>
                         <sp:TransportToken>
                             <wsp:Policy>
-                                <sp:HttpsToken RequireClientCertificate="false" />
+                                <sp:HttpsToken>
+                                    <wsp:Policy/>
+                                </sp:HttpsToken>
                             </wsp:Policy>
                         </sp:TransportToken>
                         <sp:Layout>



Mime
View raw message