Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 8CD089958 for ; Mon, 18 Jun 2012 17:24:25 +0000 (UTC) Received: (qmail 27371 invoked by uid 500); 18 Jun 2012 17:24:25 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 27320 invoked by uid 500); 18 Jun 2012 17:24:25 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 27311 invoked by uid 99); 18 Jun 2012 17:24:25 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 18 Jun 2012 17:24:25 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 18 Jun 2012 17:24:22 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id DE0742388CCD; Mon, 18 Jun 2012 17:23:58 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1351418 - /cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Date: Mon, 18 Jun 2012 17:23:58 -0000 To: commits@cxf.apache.org From: gmazza@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20120618172358.DE0742388CCD@eris.apache.org> Author: gmazza Date: Mon Jun 18 17:23:58 2012 New Revision: 1351418 URL: http://svn.apache.org/viewvc?rev=1351418&view=rev Log: Patch for CXF-4054 (unclear error messages when security configuration missing) applied Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1351418&r1=1351417&r2=1351418&view=diff ============================================================================== --- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java (original) +++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Mon Jun 18 17:23:58 2012 @@ -1776,6 +1776,7 @@ public abstract class AbstractBindingBui : getSignatureCrypto(wrapper); if (endorse && crypto == null && binding instanceof SymmetricBinding) { + type = "encryption"; userNameKey = SecurityConstants.ENCRYPT_USERNAME; crypto = getEncryptionCrypto(wrapper); } @@ -1784,17 +1785,25 @@ public abstract class AbstractBindingBui message.getExchange().put(SecurityConstants.SIGNATURE_CRYPTO, crypto); } String user = (String)message.getContextualProperty(userNameKey); - if (crypto != null && StringUtils.isEmpty(user)) { - try { - user = crypto.getDefaultX509Identifier(); - } catch (WSSecurityException e1) { - LOG.log(Level.FINE, e1.getMessage(), e1); - throw new Fault(e1); - } - } if (StringUtils.isEmpty(user)) { - policyNotAsserted(token, "No " + type + " username found."); - return null; + if (crypto != null) { + try { + user = crypto.getDefaultX509Identifier(); + if (StringUtils.isEmpty(user)) { + policyNotAsserted(token, "No configured " + type + " username detected"); + return null; + } + } catch (WSSecurityException e1) { + LOG.log(Level.FINE, e1.getMessage(), e1); + throw new Fault(e1); + } + } else { + policyNotAsserted(token, "Security configuration could not be detected. " + + "Potential cause: Make sure jaxws:client element with name " + + "attribute value matching endpoint port is defined as well as a " + + SecurityConstants.SIGNATURE_PROPERTIES + " element within it."); + return null; + } } String password = getPassword(user, token, WSPasswordCallback.SIGNATURE); @@ -1811,27 +1820,31 @@ public abstract class AbstractBindingBui } if (alsoIncludeToken) { - CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS); - cryptoType.setAlias(user); - X509Certificate[] certs = crypto.getX509Certificates(cryptoType); - BinarySecurity bstToken = null; - if (!sig.isUseSingleCertificate()) { - bstToken = new PKIPathSecurity(saaj.getSOAPPart()); - ((PKIPathSecurity) bstToken).setX509Certificates(certs, crypto); - } else { - bstToken = new X509Security(saaj.getSOAPPart()); - ((X509Security) bstToken).setX509Certificate(certs[0]); - } - bstToken.setID(wssConfig.getIdAllocator().createSecureId("X509-", certs[0])); - WSSecurityUtil.prependChildElement( - secHeader.getSecurityHeader(), bstToken.getElement() - ); - bstElement = bstToken.getElement(); + includeToken(user, crypto, sig); } return sig; } + private void includeToken(String user, Crypto crypto, WSSecSignature sig) throws WSSecurityException { + CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS); + cryptoType.setAlias(user); + X509Certificate[] certs = crypto.getX509Certificates(cryptoType); + BinarySecurity bstToken = null; + if (!sig.isUseSingleCertificate()) { + bstToken = new PKIPathSecurity(saaj.getSOAPPart()); + ((PKIPathSecurity) bstToken).setX509Certificates(certs, crypto); + } else { + bstToken = new X509Security(saaj.getSOAPPart()); + ((X509Security) bstToken).setX509Certificate(certs[0]); + } + bstToken.setID(wssConfig.getIdAllocator().createSecureId("X509-", certs[0])); + WSSecurityUtil.prependChildElement( + secHeader.getSecurityHeader(), bstToken.getElement() + ); + bstElement = bstToken.getElement(); + } + protected void doEndorsedSignatures(Map tokenMap, boolean isTokenProtection, boolean isSigProtect) {