Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9C7E4D2BE for ; Fri, 21 Dec 2012 12:05:09 +0000 (UTC) Received: (qmail 41167 invoked by uid 500); 21 Dec 2012 12:05:09 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 41059 invoked by uid 500); 21 Dec 2012 12:05:09 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 41050 invoked by uid 99); 21 Dec 2012 12:05:09 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 21 Dec 2012 12:05:09 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 21 Dec 2012 12:05:04 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 7F4B223888CD; Fri, 21 Dec 2012 12:04:42 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1424886 - in /cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j: ./ policyvalidators/ Date: Fri, 21 Dec 2012 12:04:41 -0000 To: commits@cxf.apache.org From: coheigea@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20121221120442.7F4B223888CD@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: coheigea Date: Fri Dec 21 12:04:40 2012 New Revision: 1424886 URL: http://svn.apache.org/viewvc?rev=1424886&view=rev Log: Merged revisions 1424879 via git cherry-pick from https://svn.apache.org/repos/asf/cxf/branches/2.6.x-fixes ........ r1424879 | coheigea | 2012-12-21 11:40:48 +0000 (Fri, 21 Dec 2012) | 10 lines Merged revisions 1424873 via git cherry-pick from https://svn.apache.org/repos/asf/cxf/trunk ........ r1424873 | coheigea | 2012-12-21 11:34:18 +0000 (Fri, 21 Dec 2012) | 2 lines [CXF-4716] - Make sure to validate all possible policies of a particular type ........ ........ Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ConcreteSupportingTokenPolicyValidator.java cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SecurityContextTokenPolicyValidator.java cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.java cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/WSS11PolicyValidator.java cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=1424886&r1=1424885&r2=1424886&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java (original) +++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java Fri Dec 21 12:04:40 2012 @@ -424,7 +424,6 @@ public class PolicyBasedWSS4JInIntercept ai.setNotAsserted("No " + type + " element found matching one of the XPaths " + Arrays.toString(xpaths.toArray())); - return false; } } } @@ -459,7 +458,7 @@ public class PolicyBasedWSS4JInIntercept } } catch (WSSecurityException e) { ai.setNotAsserted(msg.getVersion().getBody() + " not " + type); - return false; + continue; } } @@ -470,7 +469,6 @@ public class PolicyBasedWSS4JInIntercept CoverageScope.ELEMENT); } catch (WSSecurityException e) { ai.setNotAsserted(h.getQName() + " not + " + type); - return false; } } } @@ -864,7 +862,6 @@ public class PolicyBasedWSS4JInIntercept if (header == null || DOMUtils.getFirstChildWithName((Element)header, h.getQName()) == null) { ai.setNotAsserted("No header element of name " + h.getQName() + " found."); - return false; } } } @@ -888,11 +885,9 @@ public class PolicyBasedWSS4JInIntercept XPathConstants.NODESET); if (list.getLength() == 0) { ai.setNotAsserted("No header element matching XPath " + expression + " found."); - return false; } } catch (XPathExpressionException e) { ai.setNotAsserted("Invalid XPath expression " + expression + " " + e.getMessage()); - return false; } } } Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java?rev=1424886&r1=1424885&r2=1424886&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java (original) +++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java Fri Dec 21 12:04:40 2012 @@ -69,17 +69,17 @@ public class AsymmetricBindingPolicyVali // Check the protection order if (!checkProtectionOrder(binding, ai, results)) { - return false; + continue; } // Check various properties of the binding if (!checkProperties(binding, ai, aim, results, signedResults, message)) { - return false; + continue; } // Check various tokens of the binding if (!checkTokens(binding, ai, aim, hasDerivedKeys, signedResults, encryptedResults)) { - return false; + continue; } } Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ConcreteSupportingTokenPolicyValidator.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ConcreteSupportingTokenPolicyValidator.java?rev=1424886&r1=1424885&r2=1424886&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ConcreteSupportingTokenPolicyValidator.java (original) +++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ConcreteSupportingTokenPolicyValidator.java Fri Dec 21 12:04:40 2012 @@ -115,7 +115,7 @@ public class ConcreteSupportingTokenPoli ai.setNotAsserted( "The received token does not match the supporting token requirement" ); - return false; + continue; } } Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java?rev=1424886&r1=1424885&r2=1424886&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java (original) +++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java Fri Dec 21 12:04:40 2012 @@ -115,7 +115,7 @@ public class EncryptedTokenPolicyValidat ai.setNotAsserted( "The received token does not match the encrypted supporting token requirement" ); - return false; + continue; } } } Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java?rev=1424886&r1=1424885&r2=1424886&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java (original) +++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java Fri Dec 21 12:04:40 2012 @@ -120,7 +120,7 @@ public class EndorsingEncryptedTokenPoli "The received token does not match the endorsing encrypted " + "supporting token requirement" ); - return false; + continue; } } } Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java?rev=1424886&r1=1424885&r2=1424886&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java (original) +++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java Fri Dec 21 12:04:40 2012 @@ -118,7 +118,7 @@ public class EndorsingTokenPolicyValidat ai.setNotAsserted( "The received token does not match the endorsing supporting token requirement" ); - return false; + continue; } } } Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java?rev=1424886&r1=1424885&r2=1424886&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java (original) +++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java Fri Dec 21 12:04:40 2012 @@ -75,13 +75,13 @@ public class IssuedTokenPolicyValidator ai.setNotAsserted( "The received token does not match the token inclusion requirement" ); - return false; + continue; } Element template = issuedToken.getRstTemplate(); if (template != null && !checkIssuedTokenTemplate(template, assertionWrapper)) { ai.setNotAsserted("Error in validating the IssuedToken policy"); - return false; + continue; } TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class); @@ -91,7 +91,7 @@ public class IssuedTokenPolicyValidator } if (!checkHolderOfKey(assertionWrapper, signedResults, tlsCerts)) { ai.setNotAsserted("Assertion fails holder-of-key requirements"); - return false; + continue; } } return true; Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java?rev=1424886&r1=1424885&r2=1424886&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java (original) +++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java Fri Dec 21 12:04:40 2012 @@ -58,7 +58,7 @@ public class KerberosTokenPolicyValidato if (!checkToken(kerberosTokenPolicy, kerberosToken)) { ai.setNotAsserted("An incorrect Kerberos Token Type is detected"); - return false; + continue; } } } Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java?rev=1424886&r1=1424885&r2=1424886&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java (original) +++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java Fri Dec 21 12:04:40 2012 @@ -78,7 +78,7 @@ public class SamlTokenPolicyValidator ex ai.setNotAsserted( "The received token does not match the token inclusion requirement" ); - return false; + continue; } // All of the received SAML Assertions must conform to the policy @@ -88,7 +88,7 @@ public class SamlTokenPolicyValidator ex if (!checkVersion(samlToken, assertionWrapper)) { ai.setNotAsserted("Wrong SAML Version"); - return false; + continue; } TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class); Certificate[] tlsCerts = null; @@ -97,11 +97,11 @@ public class SamlTokenPolicyValidator ex } if (!checkHolderOfKey(assertionWrapper, signedResults, tlsCerts)) { ai.setNotAsserted("Assertion fails holder-of-key requirements"); - return false; + continue; } if (!SAMLUtils.checkSenderVouches(assertionWrapper, tlsCerts, body, signed)) { ai.setNotAsserted("Assertion fails sender-vouches requirements"); - return false; + continue; } /* if (!checkIssuerName(samlToken, assertionWrapper)) { Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SecurityContextTokenPolicyValidator.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SecurityContextTokenPolicyValidator.java?rev=1424886&r1=1424885&r2=1424886&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SecurityContextTokenPolicyValidator.java (original) +++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SecurityContextTokenPolicyValidator.java Fri Dec 21 12:04:40 2012 @@ -67,7 +67,7 @@ public class SecurityContextTokenPolicyV ai.setNotAsserted( "The received token does not match the token inclusion requirement" ); - return false; + continue; } } return true; Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java?rev=1424886&r1=1424885&r2=1424886&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java (original) +++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java Fri Dec 21 12:04:40 2012 @@ -116,7 +116,7 @@ public class SignedEncryptedTokenPolicyV ai.setNotAsserted( "The received token does not match the signed encrypted supporting token requirement" ); - return false; + continue; } } } Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java?rev=1424886&r1=1424885&r2=1424886&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java (original) +++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java Fri Dec 21 12:04:40 2012 @@ -121,7 +121,7 @@ public class SignedEndorsingEncryptedTok "The received token does not match the signed endorsing encrypted " + "supporting token requirement" ); - return false; + continue; } } } Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java?rev=1424886&r1=1424885&r2=1424886&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java (original) +++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java Fri Dec 21 12:04:40 2012 @@ -118,7 +118,7 @@ public class SignedEndorsingTokenPolicyV ai.setNotAsserted( "The received token does not match the signed endorsing supporting token requirement" ); - return false; + continue; } } } Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java?rev=1424886&r1=1424885&r2=1424886&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java (original) +++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java Fri Dec 21 12:04:40 2012 @@ -115,7 +115,7 @@ public class SignedTokenPolicyValidator ai.setNotAsserted( "The received token does not match the signed supporting token requirement" ); - return false; + continue; } } Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.java?rev=1424886&r1=1424885&r2=1424886&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.java (original) +++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.java Fri Dec 21 12:04:40 2012 @@ -65,17 +65,17 @@ public class SymmetricBindingPolicyValid // Check the protection order if (!checkProtectionOrder(binding, ai, results)) { - return false; + continue; } // Check various properties of the binding if (!checkProperties(binding, ai, aim, results, signedResults, message)) { - return false; + continue; } // Check various tokens of the binding if (!checkTokens(binding, ai, aim, hasDerivedKeys, signedResults, encryptedResults)) { - return false; + continue; } } Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java?rev=1424886&r1=1424885&r2=1424886&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java (original) +++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java Fri Dec 21 12:04:40 2012 @@ -62,7 +62,7 @@ public class TransportBindingPolicyValid TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class); if (!initiator && tlsInfo == null) { ai.setNotAsserted("TLS is not enabled"); - return false; + continue; } // HttpsToken is validated by the HttpsTokenInterceptorProvider @@ -75,7 +75,7 @@ public class TransportBindingPolicyValid String error = "Received Timestamp does not match the requirements"; notAssertPolicy(aim, SP12Constants.INCLUDE_TIMESTAMP, error); ai.setNotAsserted(error); - return false; + continue; } assertPolicy(aim, SP12Constants.INCLUDE_TIMESTAMP); @@ -87,7 +87,7 @@ public class TransportBindingPolicyValid String error = "Layout does not match the requirements"; notAssertPolicy(aim, SP12Constants.LAYOUT, error); ai.setNotAsserted(error); - return false; + continue; } assertPolicy(aim, SP12Constants.LAYOUT); } Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java?rev=1424886&r1=1424885&r2=1424886&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java (original) +++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java Fri Dec 21 12:04:40 2012 @@ -69,11 +69,11 @@ public class UsernameTokenPolicyValidato ai.setNotAsserted( "The received token does not match the token inclusion requirement" ); - return false; + continue; } if (!checkTokens(usernameTokenPolicy, ai, utResults)) { - return false; + continue; } } return true; Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/WSS11PolicyValidator.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/WSS11PolicyValidator.java?rev=1424886&r1=1424885&r2=1424886&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/WSS11PolicyValidator.java (original) +++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/WSS11PolicyValidator.java Fri Dec 21 12:04:40 2012 @@ -67,7 +67,7 @@ public class WSS11PolicyValidator implem ai.setNotAsserted( "Signature Confirmation policy validation failed" ); - return false; + continue; } } return true; Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java?rev=1424886&r1=1424885&r2=1424886&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java (original) +++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java Fri Dec 21 12:04:40 2012 @@ -71,12 +71,12 @@ public class X509TokenPolicyValidator ex ai.setNotAsserted( "The received token does not match the token inclusion requirement" ); - return false; + continue; } if (!checkTokenType(x509TokenPolicy.getTokenVersionAndType(), bstResults)) { ai.setNotAsserted("An incorrect X.509 Token Type is detected"); - return false; + continue; } } return true;