Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 5A409DBDA for ; Wed, 15 May 2013 11:19:25 +0000 (UTC) Received: (qmail 99505 invoked by uid 500); 15 May 2013 11:19:25 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 98661 invoked by uid 500); 15 May 2013 11:19:20 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 98630 invoked by uid 99); 15 May 2013 11:19:19 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 15 May 2013 11:19:19 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 15 May 2013 11:19:18 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 5BD692388906; Wed, 15 May 2013 11:18:58 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1482767 - in /cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security: policy/interceptors/HttpsTokenInterceptorProvider.java wss4j/AbstractTokenInterceptor.java Date: Wed, 15 May 2013 11:18:58 -0000 To: commits@cxf.apache.org From: coheigea@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20130515111858.5BD692388906@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: coheigea Date: Wed May 15 11:18:57 2013 New Revision: 1482767 URL: http://svn.apache.org/r1482767 Log: Fixed a bug with the HttpsTokenInterceptorProvider + don't run DOM specific token interceptors when using StaX. Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java?rev=1482767&r1=1482766&r2=1482767&view=diff ============================================================================== --- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java (original) +++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java Wed May 15 11:18:57 2013 @@ -272,11 +272,16 @@ public class HttpsTokenInterceptorProvid TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class); if (tlsInfo != null) { if (token.getAuthenticationType() - == HttpsToken.AuthenticationType.RequireClientCertificate - && (tlsInfo.getPeerCertificates() == null - || tlsInfo.getPeerCertificates().length == 0)) { - asserted = false; - } else { + == HttpsToken.AuthenticationType.RequireClientCertificate) { + if (tlsInfo.getPeerCertificates() == null + || tlsInfo.getPeerCertificates().length == 0) { + asserted = false; + } else { + NegotiationUtils.assertPolicy(aim, SPConstants.REQUIRE_CLIENT_CERTIFICATE); + } + } + + if (tlsInfo.getPeerCertificates() != null && tlsInfo.getPeerCertificates().length > 0) { httpsTokenSecurityEvent.setAuthenticationType( HttpsTokenSecurityEvent.AuthenticationType.HttpsClientCertificateAuthentication ); @@ -284,7 +289,13 @@ public class HttpsTokenInterceptorProvid new HttpsSecurityTokenImpl((X509Certificate)tlsInfo.getPeerCertificates()[0]); httpsSecurityToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_MainSignature); httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken); - NegotiationUtils.assertPolicy(aim, SPConstants.REQUIRE_CLIENT_CERTIFICATE); + } else { + httpsTokenSecurityEvent.setAuthenticationType( + HttpsTokenSecurityEvent.AuthenticationType.HttpsNoAuthentication + ); + HttpsSecurityTokenImpl httpsSecurityToken = new HttpsSecurityTokenImpl(); + httpsSecurityToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_MainSignature); + httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken); } } else { asserted = false; Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java?rev=1482767&r1=1482766&r2=1482767&view=diff ============================================================================== --- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java (original) +++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java Wed May 15 11:18:57 2013 @@ -73,6 +73,7 @@ public abstract class AbstractTokenInter super(Phase.PRE_PROTOCOL); addAfter(PolicyBasedWSS4JOutInterceptor.class.getName()); addAfter(PolicyBasedWSS4JInInterceptor.class.getName()); + addAfter(PolicyBasedWSS4JStaxInInterceptor.class.getName()); } public Set getUnderstoodHeaders() { @@ -81,6 +82,12 @@ public abstract class AbstractTokenInter public void handleMessage(SoapMessage message) throws Fault { + boolean enableStax = + MessageUtils.isTrue(message.getContextualProperty(SecurityConstants.ENABLE_STREAMING_SECURITY)); + if (enableStax) { + return; + } + boolean isReq = MessageUtils.isRequestor(message); boolean isOut = MessageUtils.isOutbound(message);