cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1443953 - in /cxf/branches/2.7.x-fixes: parent/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/
Date Fri, 08 Feb 2013 11:43:19 GMT
Author: coheigea
Date: Fri Feb  8 11:43:18 2013
New Revision: 1443953

URL: http://svn.apache.org/r1443953
Log:
Upgrading to WSS4J 1.6.10-SNAPSHOT


Conflicts:
	rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java

Modified:
    cxf/branches/2.7.x-fixes/parent/pom.xml
    cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
    cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
    cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/DoubleItUtDerived.wsdl

Modified: cxf/branches/2.7.x-fixes/parent/pom.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/parent/pom.xml?rev=1443953&r1=1443952&r2=1443953&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/parent/pom.xml (original)
+++ cxf/branches/2.7.x-fixes/parent/pom.xml Fri Feb  8 11:43:18 2013
@@ -156,7 +156,7 @@
         <cxf.woodstox.core.version>4.1.4</cxf.woodstox.core.version>
         <cxf.woodstox.stax2-api.version>3.1.1</cxf.woodstox.stax2-api.version>
         <cxf.wsdl4j.version>1.6.2</cxf.wsdl4j.version>
-        <cxf.wss4j.version>1.6.9</cxf.wss4j.version>
+        <cxf.wss4j.version>1.6.10-SNAPSHOT</cxf.wss4j.version>
         <cxf.xmlbeans.version>2.6.0</cxf.xmlbeans.version>
         <cxf.xmlschema.version>2.0.3</cxf.xmlschema.version>
         <cxf.xpp3.bundle.version>1.1.4c_6</cxf.xpp3.bundle.version>

Modified: cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=1443953&r1=1443952&r2=1443953&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
Fri Feb  8 11:43:18 2013
@@ -68,6 +68,7 @@ import org.apache.cxf.ws.security.policy
 import org.apache.cxf.ws.security.policy.model.SignedEncryptedElements;
 import org.apache.cxf.ws.security.policy.model.SignedEncryptedParts;
 import org.apache.cxf.ws.security.policy.model.SupportingToken;
+import org.apache.cxf.ws.security.policy.model.UsernameToken;
 import org.apache.cxf.ws.security.policy.model.Wss11;
 import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageScope;
 import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageType;
@@ -280,6 +281,21 @@ public class PolicyBasedWSS4JInIntercept
         return action;
     }
     
+    private void checkUsernameToken(
+        AssertionInfoMap aim, SoapMessage message
+    ) throws WSSecurityException {
+        Collection<AssertionInfo> ais = aim.get(SP12Constants.USERNAME_TOKEN);
+        
+        if (ais != null && !ais.isEmpty()) {
+            for (AssertionInfo ai : ais) {
+                UsernameToken policy = (UsernameToken)ai.getAssertion();
+                if (policy.isNoPassword()) {
+                    message.put(WSHandlerConstants.ALLOW_USERNAMETOKEN_NOPASSWORD, "true");
+                }
+            }
+        }
+    }
+    
     private String checkSymmetricBinding(
         AssertionInfoMap aim, String action, SoapMessage message
     ) throws WSSecurityException {
@@ -585,6 +601,7 @@ public class PolicyBasedWSS4JInIntercept
             action = checkAsymmetricBinding(aim, action, message);
             action = checkSymmetricBinding(aim, action, message);
             action = checkTransportBinding(aim, action, message);
+            checkUsernameToken(aim, message);
             
             // stuff we can default to asserted and un-assert if a condition isn't met
             assertPolicy(aim, SP12Constants.KEYVALUE_TOKEN);

Modified: cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java?rev=1443953&r1=1443952&r2=1443953&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
Fri Feb  8 11:43:18 2013
@@ -124,6 +124,7 @@ public class UsernameTokenInterceptor ex
         boolean bspCompliant = isWsiBSPCompliant(message);
         boolean utWithCallbacks = 
             MessageUtils.getContextualBoolean(message, SecurityConstants.VALIDATE_TOKEN,
true);
+        boolean allowNoPassword = isAllowNoPassword(message.get(AssertionInfoMap.class));
         if (utWithCallbacks) {
             UsernameTokenProcessor p = new UsernameTokenProcessor();
             WSDocInfo wsDocInfo = new WSDocInfo(tokenElement.getOwnerDocument());
@@ -150,6 +151,7 @@ public class UsernameTokenInterceptor ex
             
             WSSConfig config = WSSConfig.getNewInstance();
             config.setWsiBSPCompliant(bspCompliant);
+            config.setAllowUsernameTokenNoPassword(allowNoPassword);
             data.setWssConfig(config);
             List<WSSecurityEngineResult> results = 
                 p.handleToken(tokenElement, data, wsDocInfo);
@@ -181,6 +183,21 @@ public class UsernameTokenInterceptor ex
         return !("false".equals(bspc) || "0".equals(bspc));
     }
     
+    private boolean isAllowNoPassword(AssertionInfoMap aim) throws WSSecurityException {
+        Collection<AssertionInfo> ais = aim.get(SP12Constants.USERNAME_TOKEN);
+
+        if (ais != null && !ais.isEmpty()) {
+            for (AssertionInfo ai : ais) {
+                UsernameToken policy = (UsernameToken)ai.getAssertion();
+                if (policy.isNoPassword()) {
+                    return true;
+                }
+            }
+        }
+        
+        return false;
+    }
+    
     protected SecurityContext createSecurityContext(final Principal p, Subject subject) {
         return new DefaultSecurityContext(p, subject);
     }

Modified: cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/DoubleItUtDerived.wsdl
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/DoubleItUtDerived.wsdl?rev=1443953&r1=1443952&r2=1443953&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/DoubleItUtDerived.wsdl
(original)
+++ cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/DoubleItUtDerived.wsdl
Fri Feb  8 11:43:18 2013
@@ -212,6 +212,7 @@
                              sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
                              <wsp:Policy>
                                 <sp:WssUsernameToken10/>
+                                <sp:NoPassword/>
                              </wsp:Policy>
                           </sp:UsernameToken>
                        </wsp:Policy>
@@ -245,6 +246,7 @@
                              sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
                              <wsp:Policy>
                                 <sp:WssUsernameToken10/>
+                                <sp:NoPassword/>
                                 <sp:RequireDerivedKeys/>
                              </wsp:Policy>
                           </sp:UsernameToken>
@@ -279,6 +281,7 @@
                              sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
                              <wsp:Policy>
                                 <sp:WssUsernameToken10/>
+                                <sp:NoPassword/>
                                 <sp:RequireDerivedKeys/>
                              </wsp:Policy>
                           </sp:UsernameToken>
@@ -332,6 +335,7 @@
                              <wsp:Policy>
                                 <sp:WssUsernameToken10/>
                                 <!-- <sp:RequireDerivedKeys/> -->
+                                <sp:NoPassword/>
                              </wsp:Policy>
                         </sp:UsernameToken>
                     </wsp:Policy>
@@ -376,6 +380,7 @@
                             <wsp:Policy>
                                <sp:WssUsernameToken10/>
                                <!-- <sp:RequireDerivedKeys/> -->
+                               <sp:NoPassword/>
                             </wsp:Policy>
                        </sp:UsernameToken>
                    </wsp:Policy>
@@ -420,6 +425,7 @@
                             <wsp:Policy>
                                <sp:WssUsernameToken10/>
                                <!-- <sp:RequireDerivedKeys/> -->
+                               <sp:NoPassword/>
                             </wsp:Policy>
                        </sp:UsernameToken>
                    </wsp:Policy>
@@ -464,6 +470,7 @@
                             <wsp:Policy>
                                <sp:WssUsernameToken10/>
                                <!-- <sp:RequireDerivedKeys/> -->
+                               <sp:NoPassword/>
                             </wsp:Policy>
                        </sp:UsernameToken>
                    </wsp:Policy>



Mime
View raw message