cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1333402 - in /cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security: cache/ kerberos/ policy/interceptors/ policy/model/ tokenstore/ trust/ trust/delegation/ wss4j/ wss4j/policyhandlers/
Date Thu, 03 May 2012 10:53:54 GMT
Author: coheigea
Date: Thu May  3 10:53:53 2012
New Revision: 1333402

URL: http://svn.apache.org/viewvc?rev=1333402&view=rev
Log:
Some cleanup of the ws-security runtime code

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/cache/EHCacheManagerHolder.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TokenWrapper.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/delegation/ReceivedTokenCallbackHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/cache/EHCacheManagerHolder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/cache/EHCacheManagerHolder.java?rev=1333402&r1=1333401&r2=1333402&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/cache/EHCacheManagerHolder.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/cache/EHCacheManagerHolder.java
Thu May  3 10:53:53 2012
@@ -48,13 +48,15 @@ public final class EHCacheManagerHolder 
             COUNTS.putIfAbsent(cacheManager.getName(), new AtomicInteger());
             a = COUNTS.get(cacheManager.getName());
         }
-        a.incrementAndGet();
+        if (a != null) {
+            a.incrementAndGet();
+        }
         return cacheManager;
     }
     
     public static void releaseCacheManger(CacheManager cacheManager) {
         AtomicInteger a = COUNTS.get(cacheManager.getName());
-        if (a.decrementAndGet() == 0) {
+        if (a != null && a.decrementAndGet() == 0) {
             cacheManager.shutdown();
         }
     }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java?rev=1333402&r1=1333401&r2=1333402&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java
Thu May  3 10:53:53 2012
@@ -33,11 +33,6 @@ public final class KerberosUtils {
     }
     
     public static KerberosClient getClient(Message message, String type) {
-        if (type == null) {
-            type = "";
-        } else {
-            type = "." + type + "-client";
-        }
         KerberosClient client = (KerberosClient)message
             .getContextualProperty(SecurityConstants.KERBEROS_CLIENT);
         if (client == null) {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java?rev=1333402&r1=1333401&r2=1333402&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
Thu May  3 10:53:53 2012
@@ -217,7 +217,8 @@ public class IssuedTokenInterceptorProvi
                             message.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN,
tok);
                             message.getExchange().put(SecurityConstants.TOKEN, tok);
                             message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getId());
-                            message.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID,
tok.getId());
+                            message.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID,

+                                                                          tok.getId());
                         } else {
                             message.put(SecurityConstants.TOKEN, tok);
                             message.put(SecurityConstants.TOKEN_ID, tok.getId());

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TokenWrapper.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TokenWrapper.java?rev=1333402&r1=1333401&r2=1333402&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TokenWrapper.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TokenWrapper.java
Thu May  3 10:53:53 2012
@@ -22,14 +22,12 @@ package org.apache.cxf.ws.security.polic
 import org.apache.cxf.ws.policy.PolicyBuilder;
 import org.apache.cxf.ws.security.policy.SPConstants;
 import org.apache.neethi.All;
-import org.apache.neethi.Assertion;
 import org.apache.neethi.ExactlyOne;
 import org.apache.neethi.Policy;
 import org.apache.neethi.PolicyComponent;
 import org.apache.neethi.PolicyContainingAssertion;
 
-public abstract class TokenWrapper extends AbstractSecurityAssertion 
-    implements Assertion, PolicyContainingAssertion {
+public abstract class TokenWrapper extends AbstractSecurityAssertion implements PolicyContainingAssertion
{
     protected PolicyBuilder builder;
     protected Token token;
 

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java?rev=1333402&r1=1333401&r2=1333402&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
Thu May  3 10:53:53 2012
@@ -58,7 +58,7 @@ public class SecurityToken implements Se
     /**
      * The actual token in its current state
      */
-    private Element token;
+    private transient Element token;
     
     /**
      * The RequestedAttachedReference element
@@ -68,7 +68,7 @@ public class SecurityToken implements Se
      * wsse:SecurityTokenReference\wsse:Reference case and only hold the URI and 
      * the ValueType values.
      */
-    private Element attachedReference;
+    private transient Element attachedReference;
     
     /**
      * The RequestedUnattachedReference element
@@ -78,7 +78,7 @@ public class SecurityToken implements Se
      * wsse:SecurityTokenReference\wsse:Reference case and only hold the URI and 
      * the ValueType values.
      */
-    private Element unattachedReference;
+    private transient Element unattachedReference;
     
     /**
      * A bag to hold any other properties
@@ -133,7 +133,7 @@ public class SecurityToken implements Se
     /**
      * The principal of this SecurityToken
      */
-    private Principal principal;
+    private transient Principal principal;
     
     public SecurityToken() {
         
@@ -145,8 +145,12 @@ public class SecurityToken implements Se
 
     public SecurityToken(String id, Date created, Date expires) {
         this.id = id;
-        this.created = created;
-        this.expires = expires;
+        if (created != null) {
+            this.created = new Date(created.getTime());
+        }
+        if (expires != null) {
+            this.expires = new Date(expires.getTime());
+        }
     }
     
     public SecurityToken(String id,
@@ -155,8 +159,12 @@ public class SecurityToken implements Se
                  Date expires) {
         this.id = id;
         this.token = cloneElement(tokenElem);
-        this.created = created;
-        this.expires = expires;
+        if (created != null) {
+            this.created = new Date(created.getTime());
+        }
+        if (expires != null) {
+            this.expires = new Date(expires.getTime());
+        }
     }
 
     public SecurityToken(String id,
@@ -310,14 +318,20 @@ public class SecurityToken implements Se
      * @return Returns the created.
      */
     public Date getCreated() {
-        return created;
+        if (created == null) {
+            return null;
+        }
+        return (Date)created.clone();
     }
 
     /**
      * @return Returns the expires.
      */
     public Date getExpires() {
-        return expires;
+        if (expires == null) {
+            return null;
+        }
+        return (Date)expires.clone();
     }
     
     /**
@@ -337,7 +351,11 @@ public class SecurityToken implements Se
      * @param expires The expires to set.
      */
     public void setExpires(Date expires) {
-        this.expires = expires;
+        if (expires == null) {
+            this.expires = null;
+        } else {
+            this.expires = new Date(expires.getTime());
+        }
     }
 
     public String getIssuerAddress() {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=1333402&r1=1333401&r2=1333402&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
Thu May  3 10:53:53 2012
@@ -1195,7 +1195,7 @@ public class STSClient implements Config
     protected void addLifetime(XMLStreamWriter writer) throws XMLStreamException {
         Date creationTime = new Date();
         Date expirationTime = new Date();
-        expirationTime.setTime(creationTime.getTime() + (ttl * 1000L));
+        expirationTime.setTime(creationTime.getTime() + ((long)ttl * 1000L));
 
         XmlSchemaDateFormat fmt = new XmlSchemaDateFormat();
         writer.writeStartElement("wst", "Lifetime", namespace);

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/delegation/ReceivedTokenCallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/delegation/ReceivedTokenCallbackHandler.java?rev=1333402&r1=1333401&r2=1333402&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/delegation/ReceivedTokenCallbackHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/delegation/ReceivedTokenCallbackHandler.java
Thu May  3 10:53:53 2012
@@ -75,13 +75,15 @@ public class ReceivedTokenCallbackHandle
     }
     
     private Element getTokenFromMessage(SoapMessage soapMessage) {
-        List<WSHandlerResult> results = 
-            CastUtils.cast((List<?>)soapMessage.get(WSHandlerConstants.RECV_RESULTS));
-        if (results != null) {
-            for (WSHandlerResult rResult : results) {
-                Element token = findToken(rResult.getResults());
-                if (token != null) {
-                    return token;
+        if (soapMessage != null) {
+            List<WSHandlerResult> results = 
+                CastUtils.cast((List<?>)soapMessage.get(WSHandlerConstants.RECV_RESULTS));
+            if (results != null) {
+                for (WSHandlerResult rResult : results) {
+                    Element token = findToken(rResult.getResults());
+                    if (token != null) {
+                        return token;
+                    }
                 }
             }
         }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java?rev=1333402&r1=1333401&r2=1333402&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java
Thu May  3 10:53:53 2012
@@ -32,13 +32,11 @@ import javax.xml.xpath.XPathConstants;
 import javax.xml.xpath.XPathExpressionException;
 import javax.xml.xpath.XPathFactory;
 
-import org.w3c.dom.Attr;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
 
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.helpers.MapNamespaceContext;
-import org.apache.cxf.ws.policy.PolicyConstants;
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSDataRef;
 import org.apache.ws.security.WSSecurityException;
@@ -352,20 +350,6 @@ public final class CryptoCoverageUtil {
             content = false;
         }
         
-        // Get the Element Id
-        Attr idAttr = el.getAttributeNodeNS(PolicyConstants.WSU_NAMESPACE_URI, "Id");
-        
-        // We didn't get it with a qualified name, so
-        // look for the attribute using only the local name.
-        if (idAttr == null) {
-            idAttr = el.getAttributeNode("Id");
-        }
-        
-        String id = idAttr == null ? null : idAttr.getValue();
-        if (id != null && id.charAt(0) == '#') {
-            id = id.substring(1);
-        }
-        
         for (WSDataRef r : refs) {
             // If the element is the same object instance
             // as that in the ref, we found it and can

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1333402&r1=1333401&r2=1333402&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
Thu May  3 10:53:53 2012
@@ -1443,7 +1443,7 @@ public abstract class AbstractBindingBui
         if (enableRevocation && crypto != null) {
             CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
             String encrUser = (String)message.getContextualProperty(SecurityConstants.ENCRYPT_USERNAME);
-            if (crypto != null && encrUser == null) {
+            if (encrUser == null) {
                 try {
                     encrUser = crypto.getDefaultX509Identifier();
                 } catch (WSSecurityException e1) {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java?rev=1333402&r1=1333401&r2=1333402&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
Thu May  3 10:53:53 2012
@@ -332,7 +332,8 @@ public class AsymmetricBindingHandler ex
                 secondEncrParts.addAll(encryptedTokensList);
             }
 
-            if (encryptionToken.isDerivedKeys() && !secondEncrParts.isEmpty()) {
+            if (encryptionToken.isDerivedKeys() && !secondEncrParts.isEmpty()
+                && encrBase instanceof WSSecDKEncrypt) {
                 try {
                     Element secondRefList 
                         = ((WSSecDKEncrypt)encrBase).encryptForExternalRef(null, secondEncrParts);
@@ -341,7 +342,7 @@ public class AsymmetricBindingHandler ex
                 } catch (WSSecurityException ex) {
                     throw new Fault(ex);
                 }
-            } else if (!secondEncrParts.isEmpty()) {
+            } else if (!secondEncrParts.isEmpty() && encrBase instanceof WSSecEncrypt)
{
                 try {
                     // Encrypt, get hold of the ref list and add it
                     Element secondRefList = saaj.getSOAPPart()

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=1333402&r1=1333401&r2=1333402&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
Thu May  3 10:53:53 2012
@@ -365,16 +365,8 @@ public class SymmetricBindingHandler ext
                 //Use the same token
                 encrTok = sigTok;
             } else {
-                String encrTokId = null;
-                //REVISIT - issued token from trust? 
-                encrTok = tokenStore.getToken(encrTokId);
-                
-                if (includeToken(encrToken.getInclusion())) {
-                    Element encrTokElem = encrTok.getToken();
-                    
-                    //Add the encrToken element before the sigToken element
-                    secHeader.getSecurityHeader().insertBefore(encrTokElem, sigTokElem);
-                }
+                policyNotAsserted(sbinding, "Encryption token does not equal signature token");
+                return;
             }
             
             List<WSEncryptionPart> enc = getEncryptedParts();

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=1333402&r1=1333401&r2=1333402&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
Thu May  3 10:53:53 2012
@@ -390,7 +390,7 @@ public class TransportBindingHandler ext
             
                 return sig.getSignatureValue();
             } else {
-                return null;
+                return new byte[0];
             }
         }
     }



Mime
View raw message