cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1456498 - in /cxf/branches/wss4j2.0-port: rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/...
Date Thu, 14 Mar 2013 15:53:30 GMT
Author: coheigea
Date: Thu Mar 14 15:53:29 2013
New Revision: 1456498

URL: http://svn.apache.org/r1456498
Log:
Fixed a load more failing tests

Modified:
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/KerberosTokenInterceptor.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SecurityContextTokenPolicyValidator.java
    cxf/branches/wss4j2.0-port/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
    cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/server/server.xml

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java?rev=1456498&r1=1456497&r2=1456498&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
Thu Mar 14 15:53:29 2013
@@ -175,7 +175,9 @@ public final class WSSecurityPolicyLoade
             SP12Constants.REQUIRE_EMBEDDED_TOKEN_REFERENCE,
             SP11Constants.REQUIRE_EMBEDDED_TOKEN_REFERENCE,
             SP12Constants.ENCRYPT_BEFORE_SIGNING,
+            SP11Constants.ENCRYPT_BEFORE_SIGNING,
             SP12Constants.SIGN_BEFORE_ENCRYPTING,
+            SP11Constants.SIGN_BEFORE_ENCRYPTING,
             SP12Constants.REQUIRE_KEY_IDENTIFIER_REFERENCE,
             SP11Constants.REQUIRE_KEY_IDENTIFIER_REFERENCE,
             SP12Constants.PROTECT_TOKENS,
@@ -196,11 +198,23 @@ public final class WSSecurityPolicyLoade
             SP12Constants.REQUIRE_INTERNAL_REFERENCE, SP11Constants.REQUIRE_INTERNAL_REFERENCE,
             SP12Constants.REQUIRE_EXTERNAL_REFERNCE, SP11Constants.REQUIRE_EXTERNAL_REFERNCE,
             
+            // Kerberos
+            new QName(SP11Constants.SP_NS, "WssKerberosV5ApReqToken11"),
+            new QName(SP12Constants.SP_NS, "WssKerberosV5ApReqToken11"),
+            new QName(SP11Constants.SP_NS, "WssGssKerberosV5ApReqToken11"),
+            new QName(SP12Constants.SP_NS, "WssGssKerberosV5ApReqToken11"),
+            
             // Spnego
             SP12Constants.MUST_NOT_SEND_AMEND,
             SP12Constants.MUST_NOT_SEND_CANCEL,
             SP12Constants.MUST_NOT_SEND_RENEW,
             
+            // SecureConversation
+            SP12Constants.BOOTSTRAP_POLICY,
+            SP11Constants.BOOTSTRAP_POLICY,
+            // Backwards compatibility thing
+            new QName("http://schemas.microsoft.com/ws/2005/07/securitypolicy", "MustNotSendCancel"),
+            
             // SCT
             SP12Constants.REQUIRE_EXTERNAL_URI_REFERENCE,
             SP12Constants.SC13_SECURITY_CONTEXT_TOKEN,

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java?rev=1456498&r1=1456497&r2=1456498&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
Thu Mar 14 15:53:29 2013
@@ -138,7 +138,6 @@ public class IssuedTokenInterceptorProvi
             AssertionInfoMap aim = message.get(AssertionInfoMap.class);
             // extract Assertion information
             
-            System.out.println("IT!!!");
             if (aim != null) {
                 Collection<AssertionInfo> ais = 
                     NegotiationUtils.getAllAssertionsByLocalname(aim, SPConstants.ISSUED_TOKEN);
@@ -349,9 +348,8 @@ public class IssuedTokenInterceptorProvi
             client.setTrust(getTrust10(aim));
             client.setTrust(getTrust13(aim));
             client.setTemplate(itok.getRequestSecurityTokenTemplate());
-            String namespace = itok.getVersion().getNamespace();
-            if (namespace != null) {
-                client.setWspNamespace(namespace);
+            if (itok.getPolicy() != null && itok.getPolicy().getNamespace() != null)
{
+                client.setWspNamespace(itok.getPolicy().getNamespace());
             }
             if (maps != null && maps.getNamespaceURI() != null) {
                 client.setAddressingNamespace(maps.getNamespaceURI());

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java?rev=1456498&r1=1456497&r2=1456498&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
Thu Mar 14 15:53:29 2013
@@ -142,6 +142,9 @@ public class KerberosTokenInterceptorPro
                         ai.setAsserted(true);
                     }                    
                 }
+                
+                NegotiationUtils.assertPolicy(aim, "WssKerberosV5ApReqToken11");
+                NegotiationUtils.assertPolicy(aim, "WssGssKerberosV5ApReqToken11");
             }
         }
         
@@ -175,6 +178,9 @@ public class KerberosTokenInterceptorPro
                         ai.setAsserted(true);
                     }                    
                 }
+                
+                NegotiationUtils.assertPolicy(aim, "WssKerberosV5ApReqToken11");
+                NegotiationUtils.assertPolicy(aim, "WssGssKerberosV5ApReqToken11");
             }
         }
         

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java?rev=1456498&r1=1456497&r2=1456498&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
Thu Mar 14 15:53:29 2013
@@ -162,7 +162,7 @@ public abstract class AbstractSTSClient 
     protected AlgorithmSuite algorithmSuite;
     protected String namespace = STSUtils.WST_NS_05_12;
     protected String addressingNamespace = "http://www.w3.org/2005/08/addressing";
-    protected String wspNamespace = SPConstants.SPVersion.SP12.getNamespace();
+    protected String wspNamespace = "http://www.w3.org/ns/ws-policy";
     protected Object onBehalfOf;
     protected boolean enableAppliesTo = true;
 

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/KerberosTokenInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/KerberosTokenInterceptor.java?rev=1456498&r1=1456497&r2=1456498&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/KerberosTokenInterceptor.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/KerberosTokenInterceptor.java
Thu Mar 14 15:53:29 2013
@@ -36,6 +36,7 @@ import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.interceptor.security.DefaultSecurityContext;
 import org.apache.cxf.security.SecurityContext;
+import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
@@ -87,6 +88,9 @@ public class KerberosTokenInterceptor ex
                         results.add(0, rResult);
 
                         assertTokens(message, SPConstants.KERBEROS_TOKEN, false);
+                        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+                        assertPolicy(aim, "WssKerberosV5ApReqToken11");
+                        assertPolicy(aim, "WssGssKerberosV5ApReqToken11");
                         
                         Principal principal = 
                             (Principal)bstResults.get(0).get(WSSecurityEngineResult.TAG_PRINCIPAL);
@@ -143,6 +147,9 @@ public class KerberosTokenInterceptor ex
     }
     
     protected AbstractToken assertTokens(SoapMessage message) {
+        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+        assertPolicy(aim, "WssKerberosV5ApReqToken11");
+        assertPolicy(aim, "WssGssKerberosV5ApReqToken11");
         return assertTokens(message, SPConstants.KERBEROS_TOKEN, true);
     }
 

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=1456498&r1=1456497&r2=1456498&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
Thu Mar 14 15:53:29 2013
@@ -559,6 +559,7 @@ public class PolicyBasedWSS4JInIntercept
             assertPolicy(aim, SPConstants.REQUIRE_THUMBPRINT_REFERENCE);
             assertPolicy(aim, SPConstants.REQUIRE_KEY_IDENTIFIER_REFERENCE);
             assertPolicy(aim, SPConstants.REQUIRE_EMBEDDED_TOKEN_REFERENCE);
+            assertPolicy(aim, SPConstants.REQUIRE_INTERNAL_REFERENCE);
             
             // WSS10
             assertPolicy(aim, SPConstants.WSS10);

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java?rev=1456498&r1=1456497&r2=1456498&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
Thu Mar 14 15:53:29 2013
@@ -114,6 +114,11 @@ public class SamlTokenInterceptor extend
                             }
                         }
                         assertTokens(message, SPConstants.SAML_TOKEN, signed);
+                        // TODO revisit
+                        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+                        assertPolicy(aim, "WssSamlV11Token10");
+                        assertPolicy(aim, "WssSamlV11Token11");
+                        assertPolicy(aim, "WssSamlV20Token11");
                         
                         Principal principal = 
                             (Principal)samlResults.get(0).get(WSSecurityEngineResult.TAG_PRINCIPAL);
@@ -229,12 +234,18 @@ public class SamlTokenInterceptor extend
             return null;
         }
 
+        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+        
         SAMLCallback samlCallback = new SAMLCallback();
         SamlTokenType tokenType = token.getSamlTokenType();
         if (tokenType == SamlTokenType.WssSamlV11Token10 || tokenType == SamlTokenType.WssSamlV11Token11)
{
             samlCallback.setSamlVersion(SAMLVersion.VERSION_11);
+            assertPolicy(aim, "WssSamlV11Token10");
+            assertPolicy(aim, "WssSamlV11Token11");
+            
         } else if (tokenType == SamlTokenType.WssSamlV20Token11) {
             samlCallback.setSamlVersion(SAMLVersion.VERSION_20);
+            assertPolicy(aim, "WssSamlV20Token11");
         }
         SAMLUtil.doSAMLCallback(handler, samlCallback);
         SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1456498&r1=1456497&r2=1456498&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
Thu Mar 14 15:53:29 2013
@@ -974,8 +974,11 @@ public abstract class AbstractBindingBui
         SamlTokenType tokenType = token.getSamlTokenType();
         if (tokenType == SamlTokenType.WssSamlV11Token10 || tokenType == SamlTokenType.WssSamlV11Token11)
{
             samlCallback.setSamlVersion(SAMLVersion.VERSION_11);
+            policyAsserted("WssSamlV11Token10");
+            policyAsserted("WssSamlV11Token11");
         } else if (tokenType == SamlTokenType.WssSamlV20Token11) {
             samlCallback.setSamlVersion(SAMLVersion.VERSION_20);
+            policyAsserted("WssSamlV20Token11");
         }
         SAMLUtil.doSAMLCallback(handler, samlCallback);
         SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java?rev=1456498&r1=1456497&r2=1456498&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java
Thu Mar 14 15:53:29 2013
@@ -21,6 +21,8 @@ package org.apache.cxf.ws.security.wss4j
 
 import java.util.Collection;
 
+import javax.xml.namespace.QName;
+
 import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
@@ -49,38 +51,65 @@ public class KerberosTokenPolicyValidato
     ) {
         Collection<AssertionInfo> krbAis = getAllAssertionsByLocalname(aim, SPConstants.KERBEROS_TOKEN);
         if (!krbAis.isEmpty()) {
-            parsePolicies(krbAis, kerberosToken);
+            parsePolicies(aim, krbAis, kerberosToken);
         }
         
         return true;
     }
     
-    private void parsePolicies(Collection<AssertionInfo> ais, KerberosSecurity kerberosToken)
{
+    private void parsePolicies(
+        AssertionInfoMap aim, 
+        Collection<AssertionInfo> ais, 
+        KerberosSecurity kerberosToken
+    ) {
         for (AssertionInfo ai : ais) {
             KerberosToken kerberosTokenPolicy = (KerberosToken)ai.getAssertion();
             ai.setAsserted(true);
             
             if (!isTokenRequired(kerberosTokenPolicy, message)) {
+                assertPolicy(
+                    aim, 
+                    new QName(kerberosTokenPolicy.getVersion().getNamespace(), 
+                              "WssKerberosV5ApReqToken11")
+                );
+                assertPolicy(
+                    aim, 
+                    new QName(kerberosTokenPolicy.getVersion().getNamespace(), 
+                              "WssGssKerberosV5ApReqToken11")
+                );
                 continue;
             }
             
-            if (!checkToken(kerberosTokenPolicy, kerberosToken)) {
+            if (!checkToken(aim, kerberosTokenPolicy, kerberosToken)) {
                 ai.setNotAsserted("An incorrect Kerberos Token Type is detected");
                 continue;
             }
         }
     }
     
-    private boolean checkToken(KerberosToken kerberosTokenPolicy, KerberosSecurity kerberosToken)
{
+    private boolean checkToken(
+        AssertionInfoMap aim,
+        KerberosToken kerberosTokenPolicy, 
+        KerberosSecurity kerberosToken
+    ) {
         ApReqTokenType apReqTokenType = kerberosTokenPolicy.getApReqTokenType();
 
         if (apReqTokenType == ApReqTokenType.WssKerberosV5ApReqToken11 
             && kerberosToken.isV5ApReq()) {
+            assertPolicy(
+                aim, 
+                new QName(kerberosTokenPolicy.getVersion().getNamespace(), "WssKerberosV5ApReqToken11")
+            );
             return true;
         } else if (apReqTokenType == ApReqTokenType.WssGssKerberosV5ApReqToken11 
             && kerberosToken.isGssV5ApReq()) {
+            assertPolicy(
+                aim, 
+                new QName(kerberosTokenPolicy.getVersion().getNamespace(), "WssGssKerberosV5ApReqToken11")
+            );
             return true;
         }
+        
         return false;
     }
 }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java?rev=1456498&r1=1456497&r2=1456498&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java
Thu Mar 14 15:53:29 2013
@@ -84,6 +84,10 @@ public class SamlTokenPolicyValidator ex
             ai.setAsserted(true);
 
             if (!isTokenRequired(samlToken, message)) {
+                assertPolicy(
+                    aim, 
+                    new QName(samlToken.getVersion().getNamespace(), samlToken.getSamlTokenType().name())
+                );
                 continue;
             }
 

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SecurityContextTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SecurityContextTokenPolicyValidator.java?rev=1456498&r1=1456497&r2=1456498&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SecurityContextTokenPolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SecurityContextTokenPolicyValidator.java
Thu Mar 14 15:53:29 2013
@@ -31,6 +31,8 @@ import org.apache.cxf.ws.policy.Assertio
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.wss4j.policy.SP11Constants;
+import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.SecurityContextToken;
 
@@ -50,13 +52,14 @@ public class SecurityContextTokenPolicyV
         Collection<AssertionInfo> ais = 
             getAllAssertionsByLocalname(aim, SPConstants.SECURITY_CONTEXT_TOKEN);
         if (!ais.isEmpty()) {
-            parsePolicies(ais, message, results);
+            parsePolicies(aim, ais, message, results);
         }
         
         return true;
     }
     
     private void parsePolicies(
+        AssertionInfoMap aim,
         Collection<AssertionInfo> ais, 
         Message message,
         List<WSSecurityEngineResult> results
@@ -67,6 +70,10 @@ public class SecurityContextTokenPolicyV
         for (AssertionInfo ai : ais) {
             SecurityContextToken sctPolicy = (SecurityContextToken)ai.getAssertion();
             ai.setAsserted(true);
+            
+            assertPolicy(aim, SP12Constants.REQUIRE_EXTERNAL_URI_REFERENCE);
+            assertPolicy(aim, SP12Constants.SC13_SECURITY_CONTEXT_TOKEN);
+            assertPolicy(aim, SP11Constants.SC10_SECURITY_CONTEXT_TOKEN);
 
             if (!isTokenRequired(sctPolicy, message)) {
                 continue;

Modified: cxf/branches/wss4j2.0-port/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java?rev=1456498&r1=1456497&r2=1456498&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
(original)
+++ cxf/branches/wss4j2.0-port/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
Thu Mar 14 15:53:29 2013
@@ -146,6 +146,7 @@ public class RequestParser {
                     LOG.log(
                         Level.WARNING, 
                         "An unknown (DOM) element was received: " + element.getLocalName()
+                        + " " + element.getNamespaceURI()
                     );
                     throw new STSException(
                         "An unknown element was received", STSException.BAD_REQUEST

Modified: cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/server/server.xml
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/server/server.xml?rev=1456498&r1=1456497&r2=1456498&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/server/server.xml
(original)
+++ cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/server/server.xml
Thu Mar 14 15:53:29 2013
@@ -75,7 +75,7 @@
           class="org.apache.cxf.systest.ws.kerberos.server.KerberosTokenDecoderImpl"/>-->
     
     <bean id="kerberosValidator"
-        class="org.apache.ws.security.validate.KerberosTokenValidator">
+        class="org.apache.wss4j.dom.validate.KerberosTokenValidator">
         <property name="contextName" value="bob"/>
         <property name="serviceName" value="bob@service.ws.apache.org"/>
         <!--<property name="kerberosTokenDecoder" ref="kerberosTicketDecoderImpl"/>-->



Mime
View raw message