cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1438429 - in /cxf/branches/2.7.x-fixes: rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ systests/ws-security/src/test/java/org/apache/cxf/systes...
Date Fri, 25 Jan 2013 10:37:13 GMT
Author: coheigea
Date: Fri Jan 25 10:37:12 2013
New Revision: 1438429

URL: http://svn.apache.org/viewvc?rev=1438429&view=rev
Log:
Merged revisions 1438424 via  git cherry-pick from
https://svn.apache.org/repos/asf/cxf/trunk

........
  r1438424 | coheigea | 2013-01-25 10:26:30 +0000 (Fri, 25 Jan 2013) | 2 lines

  [CXF-4776] - Fix + re-enable tests

........

Modified:
    cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
    cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java
    cxf/branches/2.7.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/JavaFirstPolicyServiceTest.java

Modified: cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java?rev=1438429&r1=1438428&r2=1438429&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
Fri Jan 25 10:37:12 2013
@@ -55,6 +55,7 @@ import org.apache.cxf.ws.policy.PolicyEx
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.policy.SPConstants;
+import org.apache.cxf.ws.security.policy.model.SupportingToken;
 import org.apache.cxf.ws.security.policy.model.UsernameToken;
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSDocInfo;
@@ -263,8 +264,11 @@ public class UsernameTokenInterceptor ex
             tok = (UsernameToken)ai.getAssertion();
             if (princ != null && tok.isHashPassword() != princ.isPasswordDigest())
{
                 ai.setNotAsserted("Password hashing policy not enforced");
+            } else if (princ != null && !tok.isNoPassword() && (princ.getPassword()
== null)
+                && isNonEndorsingSupportingToken(tok)) {
+                ai.setNotAsserted("Username Token No Password supplied");
             } else {
-                ai.setAsserted(true);                
+                ai.setAsserted(true);         
             }
         }
         ais = aim.getAssertionInfo(SP12Constants.SUPPORTING_TOKENS);
@@ -277,6 +281,26 @@ public class UsernameTokenInterceptor ex
         }
         return tok;
     }
+    
+    /**
+     * Return true if this UsernameToken policy is a (non-endorsing)SupportingToken. If this
is
+     * true then the corresponding UsernameToken must have a password element.
+     */
+    private boolean isNonEndorsingSupportingToken(
+        org.apache.cxf.ws.security.policy.model.UsernameToken usernameTokenPolicy
+    ) {
+        SupportingToken supportingToken = usernameTokenPolicy.getSupportingToken();
+        if (supportingToken != null) {
+            SPConstants.SupportTokenType type = supportingToken.getTokenType();
+            if (type == SPConstants.SupportTokenType.SUPPORTING_TOKEN_SUPPORTING
+                || type == SPConstants.SupportTokenType.SUPPORTING_TOKEN_SIGNED
+                || type == SPConstants.SupportTokenType.SUPPORTING_TOKEN_SIGNED_ENCRYPTED
+                || type == SPConstants.SupportTokenType.SUPPORTING_TOKEN_ENCRYPTED) {
+                return true;
+            }
+        }
+        return false;
+    }
 
     private void addUsernameToken(SoapMessage message) {
         UsernameToken tok = assertUsernameTokens(message, null);

Modified: cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java?rev=1438429&r1=1438428&r2=1438429&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java
Fri Jan 25 10:37:12 2013
@@ -29,6 +29,8 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.policy.SP12Constants;
+import org.apache.cxf.ws.security.policy.SPConstants;
+import org.apache.cxf.ws.security.policy.model.SupportingToken;
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSSecurityEngineResult;
 import org.apache.ws.security.message.token.UsernameToken;
@@ -94,10 +96,15 @@ public class UsernameTokenPolicyValidato
                 ai.setNotAsserted("Password hashing policy not enforced");
                 return false;
             }
-            if (usernameTokenPolicy.isNoPassword() && usernameToken.getPassword()
!= null) {
+            if (usernameTokenPolicy.isNoPassword() && (usernameToken.getPassword()
!= null)) {
                 ai.setNotAsserted("Username Token NoPassword policy not enforced");
                 return false;
+            } else if (!usernameTokenPolicy.isNoPassword() && (usernameToken.getPassword()
== null)
+                && isNonEndorsingSupportingToken(usernameTokenPolicy)) {
+                ai.setNotAsserted("Username Token No Password supplied");
+                return false;
             }
+            
             if (usernameTokenPolicy.isRequireCreated() 
                 && (usernameToken.getCreated() == null || usernameToken.isHashed()))
{
                 ai.setNotAsserted("Username Token Created policy not enforced");
@@ -112,4 +119,24 @@ public class UsernameTokenPolicyValidato
         return true;
     }
     
+    /**
+     * Return true if this UsernameToken policy is a (non-endorsing)SupportingToken. If this
is
+     * true then the corresponding UsernameToken must have a password element.
+     */
+    private boolean isNonEndorsingSupportingToken(
+        org.apache.cxf.ws.security.policy.model.UsernameToken usernameTokenPolicy
+    ) {
+        SupportingToken supportingToken = usernameTokenPolicy.getSupportingToken();
+        if (supportingToken != null) {
+            SPConstants.SupportTokenType type = supportingToken.getTokenType();
+            if (type == SPConstants.SupportTokenType.SUPPORTING_TOKEN_SUPPORTING
+                || type == SPConstants.SupportTokenType.SUPPORTING_TOKEN_SIGNED
+                || type == SPConstants.SupportTokenType.SUPPORTING_TOKEN_SIGNED_ENCRYPTED
+                || type == SPConstants.SupportTokenType.SUPPORTING_TOKEN_ENCRYPTED) {
+                return true;
+            }
+        }
+        return false;
+    }
+    
 }

Modified: cxf/branches/2.7.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/JavaFirstPolicyServiceTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/JavaFirstPolicyServiceTest.java?rev=1438429&r1=1438428&r2=1438429&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/JavaFirstPolicyServiceTest.java
(original)
+++ cxf/branches/2.7.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/JavaFirstPolicyServiceTest.java
Fri Jan 25 10:37:12 2013
@@ -71,7 +71,6 @@ public class JavaFirstPolicyServiceTest 
     }
     
     @org.junit.Test
-    @org.junit.Ignore
     public void testUsernameTokenInterceptorNoPasswordValidation() {
         ClassPathXmlApplicationContext ctx = 
             new ClassPathXmlApplicationContext("org/apache/cxf/systest/ws/policy/client/javafirstclient.xml");
@@ -109,7 +108,6 @@ public class JavaFirstPolicyServiceTest 
     }
     
     @org.junit.Test
-    @org.junit.Ignore
     public void testUsernameTokenPolicyValidatorNoPasswordValidation() {
         ClassPathXmlApplicationContext ctx = 
             new ClassPathXmlApplicationContext("org/apache/cxf/systest/ws/policy/client/javafirstclient.xml");



Mime
View raw message