cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1485693 [6/14] - in /cxf/trunk: ./ distribution/src/main/release/samples/sts/src/main/java/demo/wssec/client/ distribution/src/main/release/samples/sts/src/main/java/demo/wssec/server/ distribution/src/main/release/samples/sts/src/main/jav...
Date Thu, 23 May 2013 13:17:32 GMT
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
Thu May 23 13:17:26 2013
@@ -42,24 +42,29 @@ import org.apache.cxf.security.SecurityC
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.policy.SP12Constants;
-import org.apache.cxf.ws.security.policy.SPConstants;
-import org.apache.cxf.ws.security.policy.model.SupportingToken;
-import org.apache.cxf.ws.security.policy.model.UsernameToken;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSDocInfo;
-import org.apache.ws.security.WSPasswordCallback;
-import org.apache.ws.security.WSSConfig;
-import org.apache.ws.security.WSSecurityEngineResult;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.WSUsernameTokenPrincipal;
-import org.apache.ws.security.cache.ReplayCache;
-import org.apache.ws.security.handler.RequestData;
-import org.apache.ws.security.handler.WSHandlerConstants;
-import org.apache.ws.security.handler.WSHandlerResult;
-import org.apache.ws.security.message.WSSecUsernameToken;
-import org.apache.ws.security.processor.UsernameTokenProcessor;
-import org.apache.ws.security.validate.Validator;
+import org.apache.wss4j.common.cache.ReplayCache;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.principal.UsernameTokenPrincipal;
+import org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.WSDocInfo;
+import org.apache.wss4j.dom.WSSConfig;
+import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.dom.bsp.BSPEnforcer;
+import org.apache.wss4j.dom.handler.RequestData;
+import org.apache.wss4j.dom.handler.WSHandlerConstants;
+import org.apache.wss4j.dom.handler.WSHandlerResult;
+import org.apache.wss4j.dom.message.WSSecUsernameToken;
+import org.apache.wss4j.dom.processor.UsernameTokenProcessor;
+import org.apache.wss4j.dom.validate.Validator;
+import org.apache.wss4j.policy.SP13Constants;
+import org.apache.wss4j.policy.SPConstants;
+import org.apache.wss4j.policy.model.AbstractSecurityAssertion;
+import org.apache.wss4j.policy.model.SupportingTokens;
+import org.apache.wss4j.policy.model.UsernameToken;
+import org.apache.xml.security.exceptions.Base64DecodingException;
+import org.apache.xml.security.utils.Base64;
 
 /**
  * 
@@ -81,7 +86,7 @@ public class UsernameTokenInterceptor ex
             if (SPConstants.USERNAME_TOKEN.equals(child.getLocalName())
                 && WSConstants.WSSE_NS.equals(child.getNamespaceURI())) {
                 try  {
-                    final WSUsernameTokenPrincipal princ = getPrincipal(child, message);
+                    final UsernameTokenPrincipal princ = getPrincipal(child, message);
                     if (princ != null) {
                         List<WSSecurityEngineResult>v = new ArrayList<WSSecurityEngineResult>();
                         int action = WSConstants.UT;
@@ -103,8 +108,12 @@ public class UsernameTokenInterceptor ex
                         
                         SecurityContext sc = message.get(SecurityContext.class);
                         if (sc == null || sc.getUserPrincipal() == null) {
+                            String nonce = null;
+                            if (princ.getNonce() != null) {
+                                nonce = Base64.encode(princ.getNonce());
+                            }
                             Subject subject = createSubject(princ.getName(), princ.getPassword(),
-                                princ.isPasswordDigest(), princ.getNonce(), princ.getCreatedTime());
+                                princ.isPasswordDigest(), nonce, princ.getCreatedTime());
                             message.put(SecurityContext.class, 
                                         createSecurityContext(princ, subject));
                         }
@@ -112,14 +121,16 @@ public class UsernameTokenInterceptor ex
                     }
                 } catch (WSSecurityException ex) {
                     throw new Fault(ex);
+                } catch (Base64DecodingException ex) {
+                    throw new Fault(ex);
                 }
             }
             child = DOMUtils.getNextElement(child);
         }
     }
 
-    protected WSUsernameTokenPrincipal getPrincipal(Element tokenElement, final SoapMessage
message)
-        throws WSSecurityException {
+    protected UsernameTokenPrincipal getPrincipal(Element tokenElement, final SoapMessage
message)
+        throws WSSecurityException, Base64DecodingException {
         
         boolean bspCompliant = isWsiBSPCompliant(message);
         boolean utWithCallbacks = 
@@ -150,26 +161,31 @@ public class UsernameTokenInterceptor ex
             data.setNonceReplayCache(nonceCache);
             
             WSSConfig config = WSSConfig.getNewInstance();
-            config.setWsiBSPCompliant(bspCompliant);
             config.setAllowUsernameTokenNoPassword(allowNoPassword);
             data.setWssConfig(config);
+            if (!bspCompliant) {
+                data.setDisableBSPEnforcement(true);
+            }
             List<WSSecurityEngineResult> results = 
                 p.handleToken(tokenElement, data, wsDocInfo);
-            return (WSUsernameTokenPrincipal)results.get(0).get(WSSecurityEngineResult.TAG_PRINCIPAL);
+            return (UsernameTokenPrincipal)results.get(0).get(WSSecurityEngineResult.TAG_PRINCIPAL);
         } else {
-            WSUsernameTokenPrincipal principal = parseTokenAndCreatePrincipal(tokenElement,
bspCompliant);
+            UsernameTokenPrincipal principal = parseTokenAndCreatePrincipal(tokenElement,
bspCompliant);
             WSS4JTokenConverter.convertToken(message, principal);
             return principal;
         }
     }
     
-    protected WSUsernameTokenPrincipal parseTokenAndCreatePrincipal(Element tokenElement,
boolean bspCompliant) 
-        throws WSSecurityException {
-        org.apache.ws.security.message.token.UsernameToken ut = 
-            new org.apache.ws.security.message.token.UsernameToken(tokenElement, false, bspCompliant);
+    protected UsernameTokenPrincipal parseTokenAndCreatePrincipal(Element tokenElement, boolean
bspCompliant) 
+        throws WSSecurityException, Base64DecodingException {
+        BSPEnforcer bspEnforcer = new BSPEnforcer(!bspCompliant);
+        org.apache.wss4j.dom.message.token.UsernameToken ut = 
+            new org.apache.wss4j.dom.message.token.UsernameToken(tokenElement, false, bspEnforcer);
         
-        WSUsernameTokenPrincipal principal = new WSUsernameTokenPrincipal(ut.getName(), ut.isHashed());
-        principal.setNonce(ut.getNonce());
+        WSUsernameTokenPrincipalImpl principal = new WSUsernameTokenPrincipalImpl(ut.getName(),
ut.isHashed());
+        if (ut.getNonce() != null) {
+            principal.setNonce(Base64.decode(ut.getNonce()));
+        }
         principal.setPassword(ut.getPassword());
         principal.setCreatedTime(ut.getCreated());
         principal.setPasswordType(ut.getPasswordType());
@@ -184,12 +200,12 @@ public class UsernameTokenInterceptor ex
     }
     
     private boolean isAllowNoPassword(AssertionInfoMap aim) throws WSSecurityException {
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.USERNAME_TOKEN);
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN);
 
-        if (ais != null && !ais.isEmpty()) {
+        if (!ais.isEmpty()) {
             for (AssertionInfo ai : ais) {
                 UsernameToken policy = (UsernameToken)ai.getAssertion();
-                if (policy.isNoPassword()) {
+                if (policy.getPasswordType() == UsernameToken.PasswordType.NoPassword) {
                     return true;
                 }
             }
@@ -223,37 +239,62 @@ public class UsernameTokenInterceptor ex
     }
     
     protected UsernameToken assertTokens(SoapMessage message) {
-        return (UsernameToken)assertTokens(message, SP12Constants.USERNAME_TOKEN, true);
+        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+        assertPolicy(aim, SPConstants.USERNAME_TOKEN10);
+        assertPolicy(aim, SPConstants.USERNAME_TOKEN11);
+        assertPolicy(aim, SPConstants.HASH_PASSWORD);
+        assertPolicy(aim, SPConstants.NO_PASSWORD);
+        assertPolicy(aim, SP13Constants.NONCE);
+        assertPolicy(aim, SP13Constants.CREATED);
+
+        return (UsernameToken)assertTokens(message, SPConstants.USERNAME_TOKEN, true);
     }
     
     private UsernameToken assertTokens(
         SoapMessage message, 
-        WSUsernameTokenPrincipal princ,
+        UsernameTokenPrincipal princ,
         boolean signed
     ) {
         AssertionInfoMap aim = message.get(AssertionInfoMap.class);
-        Collection<AssertionInfo> ais = aim.getAssertionInfo(SP12Constants.USERNAME_TOKEN);
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN);
         UsernameToken tok = null;
         for (AssertionInfo ai : ais) {
             tok = (UsernameToken)ai.getAssertion();
-            if (princ != null && tok.isHashPassword() != princ.isPasswordDigest())
{
+            ai.setAsserted(true);
+            if ((tok.getPasswordType() == UsernameToken.PasswordType.HashPassword)
+                && (princ == null || !princ.isPasswordDigest())) {
                 ai.setNotAsserted("Password hashing policy not enforced");
-            } else if (princ != null && !tok.isNoPassword() && (princ.getPassword()
== null)
-                && isNonEndorsingSupportingToken(tok)) {
+            } else {
+                assertPolicy(aim, SPConstants.HASH_PASSWORD);
+            }
+            
+            if ((tok.getPasswordType() != UsernameToken.PasswordType.NoPassword)
+                && isNonEndorsingSupportingToken(tok)
+                && (princ == null || princ.getPassword() == null)) {
                 ai.setNotAsserted("Username Token No Password supplied");
             } else {
-                ai.setAsserted(true);         
+                assertPolicy(aim, SPConstants.NO_PASSWORD);
+            }
+            
+            if (tok.isCreated() && princ.getCreatedTime() == null) {
+                ai.setNotAsserted("No Created Time");
+            } else {
+                assertPolicy(aim, SP13Constants.CREATED);
+            }
+            
+            if (tok.isNonce() && princ.getNonce() == null) {
+                ai.setNotAsserted("No Nonce");
+            } else {
+                assertPolicy(aim, SP13Constants.NONCE);
             }
         }
-        ais = aim.getAssertionInfo(SP12Constants.SUPPORTING_TOKENS);
-        for (AssertionInfo ai : ais) {
-            ai.setAsserted(true);
-        }
+        
+        assertPolicy(aim, SPConstants.USERNAME_TOKEN10);
+        assertPolicy(aim, SPConstants.USERNAME_TOKEN11);
+        assertPolicy(aim, SPConstants.SUPPORTING_TOKENS);
+
         if (signed || isTLSInUse(message)) {
-            ais = aim.getAssertionInfo(SP12Constants.SIGNED_SUPPORTING_TOKENS);
-            for (AssertionInfo ai : ais) {
-                ai.setAsserted(true);
-            }
+            assertPolicy(aim, SPConstants.SIGNED_SUPPORTING_TOKENS);
         }
         return tok;
     }
@@ -263,19 +304,14 @@ public class UsernameTokenInterceptor ex
      * true then the corresponding UsernameToken must have a password element.
      */
     private boolean isNonEndorsingSupportingToken(
-        org.apache.cxf.ws.security.policy.model.UsernameToken usernameTokenPolicy
+        org.apache.wss4j.policy.model.UsernameToken usernameTokenPolicy
     ) {
-        SupportingToken supportingToken = usernameTokenPolicy.getSupportingToken();
-        if (supportingToken != null) {
-            SPConstants.SupportTokenType type = supportingToken.getTokenType();
-            if (type == SPConstants.SupportTokenType.SUPPORTING_TOKEN_SUPPORTING
-                || type == SPConstants.SupportTokenType.SUPPORTING_TOKEN_SIGNED
-                || type == SPConstants.SupportTokenType.SUPPORTING_TOKEN_SIGNED_ENCRYPTED
-                || type == SPConstants.SupportTokenType.SUPPORTING_TOKEN_ENCRYPTED) {
-                return true;
-            }
+        AbstractSecurityAssertion supportingToken = usernameTokenPolicy.getParentAssertion();
+        if (supportingToken instanceof SupportingTokens
+            && ((SupportingTokens)supportingToken).isEndorsing()) {
+            return false;
         }
-        return false;
+        return true;
     }
 
     protected void addToken(SoapMessage message) {
@@ -286,7 +322,8 @@ public class UsernameTokenInterceptor ex
             addUsernameToken(message, tok);
         if (utBuilder == null) {
             AssertionInfoMap aim = message.get(AssertionInfoMap.class);
-            Collection<AssertionInfo> ais = aim.getAssertionInfo(SP12Constants.USERNAME_TOKEN);
+            Collection<AssertionInfo> ais = 
+                getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN);
             for (AssertionInfo ai : ais) {
                 if (ai.isAsserted()) {
                     ai.setAsserted(false);
@@ -309,7 +346,7 @@ public class UsernameTokenInterceptor ex
 
         if (!StringUtils.isEmpty(userName)) {
             // If NoPassword property is set we don't need to set the password
-            if (token.isNoPassword()) {
+            if (token.getPasswordType() == UsernameToken.PasswordType.NoPassword) {
                 WSSecUsernameToken utBuilder = new WSSecUsernameToken(wssConfig);
                 utBuilder.setUserInfo(userName, null);
                 utBuilder.setPasswordType(null);
@@ -318,13 +355,13 @@ public class UsernameTokenInterceptor ex
             
             String password = (String)message.getContextualProperty(SecurityConstants.PASSWORD);
             if (StringUtils.isEmpty(password)) {
-                password = getPassword(userName, token, WSPasswordCallback.USERNAME_TOKEN,
message);
+                password = getPassword(userName, token, WSPasswordCallback.Usage.USERNAME_TOKEN,
message);
             }
             
             if (!StringUtils.isEmpty(password)) {
                 //If the password is available then build the token
                 WSSecUsernameToken utBuilder = new WSSecUsernameToken(wssConfig);
-                if (token.isHashPassword()) {
+                if (token.getPasswordType() == UsernameToken.PasswordType.HashPassword) {
                     utBuilder.setPasswordType(WSConstants.PASSWORD_DIGEST);  
                 } else {
                     utBuilder.setPasswordType(WSConstants.PASSWORD_TEXT);

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
Thu May 23 13:17:26 2013
@@ -20,8 +20,8 @@ package org.apache.cxf.ws.security.wss4j
 
 import java.io.IOException;
 import java.security.Principal;
+import java.security.cert.Certificate;
 import java.util.ArrayList;
-import java.util.Collection;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
@@ -63,30 +63,30 @@ import org.apache.cxf.interceptor.securi
 import org.apache.cxf.interceptor.security.SAMLSecurityContext;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.phase.Phase;
-import org.apache.cxf.phase.PhaseInterceptor;
 import org.apache.cxf.security.SecurityContext;
+import org.apache.cxf.security.transport.TLSSessionInfo;
 import org.apache.cxf.staxutils.StaxUtils;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
-import org.apache.ws.security.CustomTokenPrincipal;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSDerivedKeyTokenPrincipal;
-import org.apache.ws.security.WSPasswordCallback;
-import org.apache.ws.security.WSSConfig;
-import org.apache.ws.security.WSSecurityEngine;
-import org.apache.ws.security.WSSecurityEngineResult;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.cache.ReplayCache;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.handler.RequestData;
-import org.apache.ws.security.handler.WSHandlerConstants;
-import org.apache.ws.security.handler.WSHandlerResult;
-import org.apache.ws.security.message.token.SecurityTokenReference;
-import org.apache.ws.security.processor.Processor;
-import org.apache.ws.security.util.WSSecurityUtil;
-import org.apache.ws.security.validate.NoOpValidator;
-import org.apache.ws.security.validate.Validator;
+import org.apache.wss4j.common.cache.ReplayCache;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.principal.CustomTokenPrincipal;
+import org.apache.wss4j.common.principal.WSDerivedKeyTokenPrincipal;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.WSSConfig;
+import org.apache.wss4j.dom.WSSecurityEngine;
+import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.dom.handler.RequestData;
+import org.apache.wss4j.dom.handler.WSHandlerConstants;
+import org.apache.wss4j.dom.handler.WSHandlerResult;
+import org.apache.wss4j.dom.message.token.SecurityTokenReference;
+import org.apache.wss4j.dom.processor.Processor;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.wss4j.dom.validate.NoOpValidator;
+import org.apache.wss4j.dom.validate.Validator;
 
 /**
  * Performs WS-Security inbound actions.
@@ -144,16 +144,6 @@ public class WSS4JInInterceptor extends 
             secEngineOverride = createSecurityEngine(validatorMap);
         }
     }
-
-    @Override
-    public Collection<PhaseInterceptor<? extends org.apache.cxf.message.Message>>
-    getAdditionalInterceptors() {
-        List<PhaseInterceptor<? extends org.apache.cxf.message.Message>> extras

-            = new ArrayList<PhaseInterceptor<? extends org.apache.cxf.message.Message>>(1);
-        extras.add(SAAJInInterceptor.SAAJPreInInterceptor.INSTANCE);
-        return extras;
-    }
-
     
     public void setIgnoreActions(boolean i) {
         ignoreActions = i;
@@ -239,11 +229,6 @@ public class WSS4JInInterceptor extends 
 
             reqData.setCallbackHandler(getCallback(reqData, doAction, utWithCallbacks));
             
-            String passwordTypeStrict = (String)getOption(WSHandlerConstants.PASSWORD_TYPE_STRICT);
-            if (passwordTypeStrict == null) {
-                setProperty(WSHandlerConstants.PASSWORD_TYPE_STRICT, "true");
-            }
-            
             // Configure replay caching
             ReplayCache nonceCache = 
                 getReplayCache(
@@ -255,6 +240,12 @@ public class WSS4JInInterceptor extends 
                     msg, SecurityConstants.ENABLE_TIMESTAMP_CACHE, SecurityConstants.TIMESTAMP_CACHE_INSTANCE
                 );
             reqData.setTimestampReplayCache(timestampCache);
+            
+            TLSSessionInfo tlsInfo = msg.get(TLSSessionInfo.class);
+            if (tlsInfo != null) {
+                Certificate[] tlsCerts = tlsInfo.getPeerCertificates();
+                reqData.setTlsCerts(tlsCerts);
+            }
 
             /*
              * Get and check the Signature specific parameters first because
@@ -328,9 +319,7 @@ public class WSS4JInInterceptor extends 
             msg.put(SECURITY_PROCESSED, Boolean.TRUE);
 
         } catch (WSSecurityException e) {
-            LOG.log(Level.WARNING, "", e);
-            SoapFault fault = createSoapFault(version, e);
-            throw fault;
+            throw createSoapFault(version, e);
         } catch (XMLStreamException e) {
             throw new SoapFault(new Message("STAX_EX", LOG), e, version.getSender());
         } catch (SOAPException e) {
@@ -356,7 +345,7 @@ public class WSS4JInInterceptor extends 
         // now check the security actions: do they match, in any order?
         if (!checkReceiverResultsAnyOrder(wsResult, actions)) {
             LOG.warning("Security processing failed (actions mismatch)");
-            throw new WSSecurityException(WSSecurityException.INVALID_SECURITY);
+            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
         }
         
         // Now check to see if SIGNATURE_PARTS are specified
@@ -369,15 +358,6 @@ public class WSS4JInInterceptor extends 
             LOG.warning(warning);
         }
         
-        // Now check SAML SenderVouches + Holder Of Key requirements
-        boolean validateSAMLSubjectConf = 
-            MessageUtils.getContextualBoolean(
-                msg, SecurityConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION, true
-            );
-        if (validateSAMLSubjectConf) {
-            SAMLUtils.validateSAMLResults(wsResult, msg, body);
-        }
-        
     }
     
     private void storeSignature(
@@ -385,7 +365,7 @@ public class WSS4JInInterceptor extends 
     ) throws WSSecurityException {
         // Extract the signature action result from the action list
         List<WSSecurityEngineResult> signatureResults = 
-            WSS4JUtils.fetchAllActionResults(wsResult, WSConstants.SIGN);
+            WSSecurityUtil.fetchAllActionResults(wsResult, WSConstants.SIGN);
 
         // Store the last signature result
         if (!signatureResults.isEmpty()) {
@@ -398,7 +378,7 @@ public class WSS4JInInterceptor extends 
     ) throws WSSecurityException {
         // Extract the timestamp action result from the action list
         List<WSSecurityEngineResult> timestampResults = 
-            WSS4JUtils.fetchAllActionResults(wsResult, WSConstants.TS);
+            WSSecurityUtil.fetchAllActionResults(wsResult, WSConstants.TS);
 
         if (!timestampResults.isEmpty()) {
             msg.put(TIMESTAMP_RESULT, timestampResults.get(timestampResults.size() - 1));
@@ -661,7 +641,7 @@ public class WSS4JInInterceptor extends 
                 try {
                     o = ClassLoaderUtils.loadClass((String)o, this.getClass()).newInstance();
                 } catch (Exception e) {
-                    throw new WSSecurityException(e.getMessage(), e);
+                    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
e);
                 }
             }            
             if (o instanceof CallbackHandler) {
@@ -826,8 +806,8 @@ public class WSS4JInInterceptor extends 
                     }
                 } catch (RuntimeException t) {
                     throw t;
-                } catch (Throwable t) {
-                    throw new WSSecurityException(t.getMessage(), t);
+                } catch (Exception ex) {
+                    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
ex);
                 }
             }
             return super.getValidator(qName);

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
Thu May 23 13:17:26 2013
@@ -41,13 +41,13 @@ import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.phase.Phase;
 import org.apache.cxf.phase.PhaseInterceptor;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSConfig;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.action.Action;
-import org.apache.ws.security.handler.RequestData;
-import org.apache.ws.security.handler.WSHandlerConstants;
-import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.WSSConfig;
+import org.apache.wss4j.dom.action.Action;
+import org.apache.wss4j.dom.handler.RequestData;
+import org.apache.wss4j.dom.handler.WSHandlerConstants;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
 
 public class WSS4JOutInterceptor extends AbstractWSS4JInterceptor {
     

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JTokenConverter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JTokenConverter.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JTokenConverter.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JTokenConverter.java
Thu May 23 13:17:26 2013
@@ -21,8 +21,9 @@ package org.apache.cxf.ws.security.wss4j
 import java.security.Principal;
 
 import org.apache.cxf.common.security.UsernameToken;
+import org.apache.cxf.common.util.Base64Utility;
 import org.apache.cxf.message.Message;
-import org.apache.ws.security.WSUsernameTokenPrincipal;
+import org.apache.wss4j.common.principal.UsernameTokenPrincipal;
 
 public final class WSS4JTokenConverter {
 
@@ -31,14 +32,18 @@ public final class WSS4JTokenConverter {
     }
     
     public static void convertToken(Message msg, Principal p) {
-        if (p instanceof WSUsernameTokenPrincipal) {
-            WSUsernameTokenPrincipal utp = (WSUsernameTokenPrincipal)p;
+        if (p instanceof UsernameTokenPrincipal) {
+            UsernameTokenPrincipal utp = (UsernameTokenPrincipal)p;
+            String nonce = null;
+            if (utp.getNonce() != null) {
+                nonce = Base64Utility.encode(utp.getNonce());
+            }
             msg.put(org.apache.cxf.common.security.SecurityToken.class, 
                     new UsernameToken(utp.getName(),
                                       utp.getPassword(),
                                       utp.getPasswordType(),
                                       utp.isPasswordDigest(),
-                                      utp.getNonce(),
+                                      nonce,
                                       utp.getCreatedTime()));
             
         }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
Thu May 23 13:17:26 2013
@@ -18,17 +18,20 @@
  */
 package org.apache.cxf.ws.security.wss4j;
 
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
+import java.io.IOException;
+import java.net.URL;
 
+import org.apache.cxf.Bus;
 import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.common.classloader.ClassLoaderUtils;
 import org.apache.cxf.endpoint.Endpoint;
+import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
+import org.apache.cxf.resource.ResourceManager;
 import org.apache.cxf.service.model.EndpointInfo;
-import org.apache.cxf.ws.security.cache.ReplayCacheFactory;
-import org.apache.ws.security.WSSecurityEngineResult;
-import org.apache.ws.security.cache.ReplayCache;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.wss4j.common.cache.ReplayCache;
+import org.apache.wss4j.common.cache.ReplayCacheFactory;
 
 /**
  * Some common functionality that can be shared between the WSS4JInInterceptor and the
@@ -81,7 +84,8 @@ public final class WSS4JUtils {
                     if (info.getName() != null) {
                         cacheKey += "-" + info.getName().toString().hashCode();
                     }
-                    replayCache = replayCacheFactory.newReplayCache(cacheKey, message);
+                    URL configFile = getConfigFileURL(message);
+                    replayCache = replayCacheFactory.newReplayCache(cacheKey, configFile);
                     info.setProperty(instanceKey, replayCache);
                 }
                 return replayCache;
@@ -89,52 +93,32 @@ public final class WSS4JUtils {
         }
         return null;
     }
-
-    /**
-     * Fetch the result of a given action from a given result list.
-     * 
-     * @param resultList The result list to fetch an action from
-     * @param action The action to fetch
-     * @return The result fetched from the result list, null if the result
-     *         could not be found
-     */
-    public static List<WSSecurityEngineResult> fetchAllActionResults(
-        List<WSSecurityEngineResult> resultList,
-        int action
-    ) {
-        return fetchAllActionResults(resultList, Collections.singletonList(action));
-    }
     
-    /**
-     * Fetch the results of a given number of actions action from a given result list.
-     * 
-     * @param resultList The result list to fetch an action from
-     * @param actions The list of actions to fetch
-     * @return The list of matching results fetched from the result list
-     */
-    public static List<WSSecurityEngineResult> fetchAllActionResults(
-        List<WSSecurityEngineResult> resultList,
-        List<Integer> actions
-    ) {
-        List<WSSecurityEngineResult> actionResultList = Collections.emptyList();
-        if (actions == null || actions.isEmpty()) {
-            return actionResultList;
+    private static URL getConfigFileURL(Message message) {
+        Object o = message.getContextualProperty(SecurityConstants.CACHE_CONFIG_FILE);
+        if (o == null) {
+            o = "cxf-ehcache.xml";
         }
         
-        for (WSSecurityEngineResult result : resultList) {
-            //
-            // Check the result of every action whether it matches the given action
-            //
-            int resultAction = 
-                ((java.lang.Integer)result.get(WSSecurityEngineResult.TAG_ACTION)).intValue();
-            if (actions.contains(resultAction)) {
-                if (actionResultList.isEmpty()) {
-                    actionResultList = new ArrayList<WSSecurityEngineResult>();
+        if (o instanceof String) {
+            URL url = null;
+            ResourceManager rm = message.getExchange().get(Bus.class).getExtension(ResourceManager.class);
+            url = rm.resolveResource((String)o, URL.class);
+            try {
+                if (url == null) {
+                    url = ClassLoaderUtils.getResource((String)o, ReplayCacheFactory.class);
+                }
+                if (url == null) {
+                    url = new URL((String)o);
                 }
-                actionResultList.add(result);
+                return url;
+            } catch (IOException e) {
+                // Do nothing
             }
+        } else if (o instanceof URL) {
+            return (URL)o;        
         }
-        return actionResultList;
+        return null;
     }
 
 }



Mime
View raw message