cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1455588 - in /cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security: policy/builders/ wss4j/ wss4j/policyvalidators/
Date Tue, 12 Mar 2013 15:52:01 GMT
Author: coheigea
Date: Tue Mar 12 15:52:00 2013
New Revision: 1455588

URL: http://svn.apache.org/r1455588
Log:
Some minor security fixes

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SamlTokenBuilder.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SamlTokenBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SamlTokenBuilder.java?rev=1455588&r1=1455587&r2=1455588&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SamlTokenBuilder.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SamlTokenBuilder.java
Tue Mar 12 15:52:00 2013
@@ -97,7 +97,7 @@ public class SamlTokenBuilder implements
         
         if (!foundPolicy && consts != SP11Constants.INSTANCE) {
             throw new IllegalArgumentException(
-                "sp:SpnegoContextToken/wsp:Policy must have a value"
+                "sp:SamlToken/wsp:Policy must have a value"
             );
         }
         

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=1455588&r1=1455587&r2=1455588&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
Tue Mar 12 15:52:00 2013
@@ -582,7 +582,6 @@ public class PolicyBasedWSS4JInIntercept
         }
         
         // relatively irrelevant stuff from a verification standpoint
-        assertPolicy(aim, SP12Constants.LAYOUT);
         assertPolicy(aim, SP12Constants.WSS10);
         assertPolicy(aim, SP12Constants.TRUST_13);
         assertPolicy(aim, SP11Constants.TRUST_10);

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java?rev=1455588&r1=1455587&r2=1455588&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
Tue Mar 12 15:52:00 2013
@@ -191,11 +191,11 @@ public abstract class AbstractBindingPol
         boolean timestampLast = layout.getValue() == SPConstants.Layout.LaxTimestampLast;
         if (!validateLayout(timestampFirst, timestampLast, results)) {
             String error = "Layout does not match the requirements";
-            notAssertPolicy(aim, SP12Constants.LAYOUT, error);
+            notAssertPolicy(aim, layout, error);
             ai.setNotAsserted(error);
             return false;
         }
-        assertPolicy(aim, SP12Constants.LAYOUT);
+        assertPolicy(aim, layout);
         
         // Check the EntireHeaderAndBodySignatures property
         if (binding.isEntireHeadersAndBodySignatures()
@@ -374,6 +374,17 @@ public abstract class AbstractBindingPol
         }
     }
     
+    protected void notAssertPolicy(AssertionInfoMap aim, Assertion token, String msg) {
+        Collection<AssertionInfo> ais = aim.get(token.getName());
+        if (ais != null && !ais.isEmpty()) {
+            for (AssertionInfo ai : ais) {
+                if (ai.getAssertion() == token) {
+                    ai.setNotAsserted(msg);
+                }
+            }    
+        }
+    }
+    
     protected boolean assertPolicy(AssertionInfoMap aim, QName q) {
         Collection<AssertionInfo> ais = aim.get(q);
         if (ais != null && !ais.isEmpty()) {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java?rev=1455588&r1=1455587&r2=1455588&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java
Tue Mar 12 15:52:00 2013
@@ -91,11 +91,11 @@ public class TransportBindingPolicyValid
             boolean timestampLast = layout.getValue() == SPConstants.Layout.LaxTimestampLast;
             if (!validateLayout(timestampFirst, timestampLast, results)) {
                 String error = "Layout does not match the requirements";
-                notAssertPolicy(aim, SP12Constants.LAYOUT, error);
+                notAssertPolicy(aim, layout, error);
                 ai.setNotAsserted(error);
                 continue;
             }
-            assertPolicy(aim, SP12Constants.LAYOUT);
+            assertPolicy(aim, layout);
         }
         
         // We don't need to check these policies for the Transport binding



Mime
View raw message