cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1527598 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/ systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/ systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509...
Date Mon, 30 Sep 2013 14:38:44 GMT
Author: coheigea
Date: Mon Sep 30 14:38:44 2013
New Revision: 1527598

URL: http://svn.apache.org/r1527598
Log:
Added support for outbound streaming XPath

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/BindingPropertiesTest.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/StaxBindingPropertiesTest.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
    cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl
    cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
    cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/xkms/DoubleItXKMS.wsdl

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java?rev=1527598&r1=1527597&r2=1527598&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
Mon Sep 30 14:38:44 2013
@@ -68,6 +68,8 @@ import org.apache.wss4j.policy.model.Abs
 import org.apache.wss4j.policy.model.AbstractToken;
 import org.apache.wss4j.policy.model.AbstractTokenWrapper;
 import org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType;
+import org.apache.wss4j.policy.model.ContentEncryptedElements;
+import org.apache.wss4j.policy.model.EncryptedElements;
 import org.apache.wss4j.policy.model.EncryptedParts;
 import org.apache.wss4j.policy.model.Header;
 import org.apache.wss4j.policy.model.IssuedToken;
@@ -77,6 +79,7 @@ import org.apache.wss4j.policy.model.Lay
 import org.apache.wss4j.policy.model.Layout.LayoutType;
 import org.apache.wss4j.policy.model.SamlToken;
 import org.apache.wss4j.policy.model.SamlToken.SamlTokenType;
+import org.apache.wss4j.policy.model.SignedElements;
 import org.apache.wss4j.policy.model.SignedParts;
 import org.apache.wss4j.policy.model.SupportingTokens;
 import org.apache.wss4j.policy.model.SymmetricBinding;
@@ -86,6 +89,8 @@ import org.apache.wss4j.policy.model.Wss
 import org.apache.wss4j.policy.model.Wss11;
 import org.apache.wss4j.policy.model.X509Token;
 import org.apache.wss4j.policy.model.X509Token.TokenType;
+import org.apache.wss4j.policy.model.XPath;
+import org.apache.wss4j.policy.stax.PolicyUtils;
 import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.wss4j.stax.impl.securityToken.KerberosClientSecurityToken;
 import org.apache.xml.security.stax.ext.SecurePart;
@@ -902,7 +907,7 @@ public abstract class AbstractStaxBindin
      */
     protected List<SecurePart> getSignedParts() throws SOAPException {
         SignedParts parts = null;
-        // SignedElements elements = null;
+        SignedElements elements = null;
         
         AssertionInfoMap aim = message.get(AssertionInfoMap.class);
         Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.SIGNED_PARTS);
@@ -912,7 +917,7 @@ public abstract class AbstractStaxBindin
                 ai.setAsserted(true);
             }            
         }
-        /*
+        
         ais = getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ELEMENTS);
         if (!ais.isEmpty()) {
             for (AssertionInfo ai : ais) {
@@ -920,7 +925,6 @@ public abstract class AbstractStaxBindin
                 ai.setAsserted(true);
             }            
         }
-        */
         
         List<SecurePart> signedParts = new ArrayList<SecurePart>();
         if (parts != null) {
@@ -941,7 +945,16 @@ public abstract class AbstractStaxBindin
             }
         }
         
-        // TODO Elements
+        if (elements != null && elements.getXPaths() != null) {
+            for (XPath xPath : elements.getXPaths()) {
+                List<QName> qnames = PolicyUtils.getElementPath(xPath);
+                if (!qnames.isEmpty()) {
+                    SecurePart securePart = 
+                        new SecurePart(qnames.get(qnames.size() - 1), Modifier.Element);
+                    signedParts.add(securePart);
+                }
+            }
+        }
         
         return signedParts;
     }
@@ -951,7 +964,8 @@ public abstract class AbstractStaxBindin
      */
     protected List<SecurePart> getEncryptedParts() throws SOAPException {
         EncryptedParts parts = null;
-        // EncryptedElements elements = null;
+        EncryptedElements elements = null;
+        ContentEncryptedElements celements = null;
         
         AssertionInfoMap aim = message.get(AssertionInfoMap.class);
         Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.ENCRYPTED_PARTS);
@@ -961,7 +975,7 @@ public abstract class AbstractStaxBindin
                 ai.setAsserted(true);
             }            
         }
-        /*
+        
         ais = getAllAssertionsByLocalname(aim, SPConstants.ENCRYPTED_ELEMENTS);
         if (!ais.isEmpty()) {
             for (AssertionInfo ai : ais) {
@@ -969,15 +983,14 @@ public abstract class AbstractStaxBindin
                 ai.setAsserted(true);
             }            
         }
-        */
         
-        /*ais = getAllAssertionsByLocalname(aim, SPConstants.CONTENT_ENCRYPTED_ELEMENTS);
+        ais = getAllAssertionsByLocalname(aim, SPConstants.CONTENT_ENCRYPTED_ELEMENTS);
         if (!ais.isEmpty()) {
             for (AssertionInfo ai : ais) {
                 celements = (ContentEncryptedElements)ai.getAssertion();
                 ai.setAsserted(true);
             }            
-        }*/
+        }
         
         List<SecurePart> encryptedParts = new ArrayList<SecurePart>();
         if (parts != null) {
@@ -998,7 +1011,27 @@ public abstract class AbstractStaxBindin
             }
         }
         
-        // TODO Elements
+        if (elements != null && elements.getXPaths() != null) {
+            for (XPath xPath : elements.getXPaths()) {
+                List<QName> qnames = PolicyUtils.getElementPath(xPath);
+                if (!qnames.isEmpty()) {
+                    SecurePart securePart = 
+                        new SecurePart(qnames.get(qnames.size() - 1), Modifier.Element);
+                    encryptedParts.add(securePart);
+                }
+            }
+        }
+        
+        if (celements != null && celements.getXPaths() != null) {
+            for (XPath xPath : celements.getXPaths()) {
+                List<QName> qnames = PolicyUtils.getElementPath(xPath);
+                if (!qnames.isEmpty()) {
+                    SecurePart securePart = 
+                        new SecurePart(qnames.get(qnames.size() - 1), Modifier.Content);
+                    encryptedParts.add(securePart);
+                }
+            }
+        }
         
         return encryptedParts;
     }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java?rev=1527598&r1=1527597&r2=1527598&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
Mon Sep 30 14:38:44 2013
@@ -20,10 +20,12 @@
 package org.apache.cxf.ws.security.wss4j.policyhandlers;
 
 import java.util.Collection;
+import java.util.List;
 import java.util.Map;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
+import javax.xml.namespace.QName;
 import javax.xml.soap.SOAPException;
 
 import org.apache.cxf.binding.soap.SoapMessage;
@@ -50,6 +52,8 @@ import org.apache.wss4j.policy.model.Tra
 import org.apache.wss4j.policy.model.TransportToken;
 import org.apache.wss4j.policy.model.UsernameToken;
 import org.apache.wss4j.policy.model.X509Token;
+import org.apache.wss4j.policy.model.XPath;
+import org.apache.wss4j.policy.stax.PolicyUtils;
 import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
 import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
@@ -345,22 +349,16 @@ public class StaxTransportBindingHandler
                 optionalParts += "{Element}{" +  head.getNamespace() + "}" + head.getName()
+ ";";
             }
         }
-        /*
-         * TODO
-        if (signedElements != null) {
-            // Handle SignedElements
-            try {
-                result.addAll(
-                    this.getElements(
-                        "Element", signedElements.getXPaths(), found, true
-                    )
-                );
-            } catch (XPathExpressionException e) {
-                LOG.log(Level.FINE, e.getMessage(), e);
-                // REVISIT
+        
+        // Handle SignedElements
+        if (signedElements != null && signedElements.getXPaths() != null) {
+            for (XPath xPath : signedElements.getXPaths()) {
+                List<QName> qnames = PolicyUtils.getElementPath(xPath);
+                if (!qnames.isEmpty()) {
+                    parts += "{Element}" + qnames.get(qnames.size() - 1) + ";";
+                }
             }
         }
-        */
         
         properties.put(ConfigurationConstants.SIGNATURE_PARTS, parts);
         properties.put(ConfigurationConstants.OPTIONAL_SIGNATURE_PARTS, optionalParts);

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/BindingPropertiesTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/BindingPropertiesTest.java?rev=1527598&r1=1527597&r2=1527598&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/BindingPropertiesTest.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/BindingPropertiesTest.java
Mon Sep 30 14:38:44 2013
@@ -81,9 +81,9 @@ public class BindingPropertiesTest exten
         // DOM
         port.doubleIt(25);
         
-        // TODO - XPath support Streaming
-        // SecurityTestUtil.enableStreaming(port);
-        // port.doubleIt(25);
+        // Streaming
+        SecurityTestUtil.enableStreaming(port);
+        port.doubleIt(25);
         
         // This should fail, as OnlySignEntireHeadersAndBody is specified
         portQName = new QName(NAMESPACE, "DoubleItOnlySignPort");

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/StaxBindingPropertiesTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/StaxBindingPropertiesTest.java?rev=1527598&r1=1527597&r2=1527598&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/StaxBindingPropertiesTest.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/StaxBindingPropertiesTest.java
Mon Sep 30 14:38:44 2013
@@ -60,9 +60,7 @@ public class StaxBindingPropertiesTest e
     }
     
     // Child of Body is signed which conflicts with the OnlySignEntireHeadersAndBody property
-    // TODO Support for streaming XPath
     @org.junit.Test
-    @org.junit.Ignore
     public void testOnlySignEntireHeadersAndBody() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
@@ -83,9 +81,9 @@ public class StaxBindingPropertiesTest e
         // DOM
         port.doubleIt(25);
         
-        // TODO - XPath support Streaming
-        // SecurityTestUtil.enableStreaming(port);
-        // port.doubleIt(25);
+        // Streaming
+        SecurityTestUtil.enableStreaming(port);
+        port.doubleIt(25);
         
         // This should fail, as OnlySignEntireHeadersAndBody is specified
         portQName = new QName(NAMESPACE, "DoubleItOnlySignPort");
@@ -97,7 +95,7 @@ public class StaxBindingPropertiesTest e
             port.doubleIt(25);
             fail("Failure expected on OnlySignEntireHeadersAndBody property");
         } catch (javax.xml.ws.soap.SOAPFaultException ex) {
-            String error = "OnlySignEntireHeadersAndBody does not match the requirements";
+            String error = "OnlySignEntireHeadersAndBody not fulfilled";
             assertTrue(ex.getMessage().contains(error));
         }
         
@@ -107,7 +105,7 @@ public class StaxBindingPropertiesTest e
             port.doubleIt(25);
             fail("Failure expected on OnlySignEntireHeadersAndBody property");
         } catch (javax.xml.ws.soap.SOAPFaultException ex) {
-            // String error = "OnlySignEntireHeadersAndBody does not match the requirements";
+            // String error = "OnlySignEntireHeadersAndBody not fulfilled";
             // assertTrue(ex.getMessage().contains(error));
         }
         

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java?rev=1527598&r1=1527597&r2=1527598&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
Mon Sep 30 14:38:44 2013
@@ -894,9 +894,9 @@ public class X509TokenTest extends Abstr
         // DOM
         x509Port.doubleIt(25);
         
-        // Streaming - TODO SignedElements not supported
-        // SecurityTestUtil.enableStreaming(x509Port);
-        // x509Port.doubleIt(25);
+        // Streaming
+        SecurityTestUtil.enableStreaming(x509Port);
+        x509Port.doubleIt(25);
         
         ((java.io.Closeable)x509Port).close();
         bus.shutdown(true);

Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl?rev=1527598&r1=1527597&r2=1527598&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl
(original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl
Mon Sep 30 14:38:44 2013
@@ -134,7 +134,9 @@
       <wsp:ExactlyOne>
          <wsp:All>
             <sp:SignedElements>
-               <sp:XPath>//*[local-name()='DoubleIt']</sp:XPath>
+               <sp:XPath xmlns:dns="http://www.example.org/schema/DoubleIt"
+                   xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
+                   >/soap:Envelope/soap:Body/dns:DoubleIt</sp:XPath>
             </sp:SignedElements>
          </wsp:All>
       </wsp:ExactlyOne>

Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl?rev=1527598&r1=1527597&r2=1527598&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
(original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
Mon Sep 30 14:38:44 2013
@@ -1422,7 +1422,8 @@
                             <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
                         </sp:SignedParts>
                         <sp:SignedElements>
-                            <sp:XPath>//*[local-name()='ReplyTo']</sp:XPath>
+                             <sp:XPath xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
+                                 >/soap:Envelope/soap:Header/wsaws:ReplyTo</sp:XPath>
                         </sp:SignedElements>
                     </wsp:Policy>
                 </sp:EndorsingSupportingTokens>
@@ -1486,7 +1487,8 @@
       <wsp:ExactlyOne>
          <wsp:All>
             <sp:ContentEncryptedElements>
-               <sp:XPath>//*[local-name()='Body']</sp:XPath>
+                <sp:XPath xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
+                   >/soap:Envelope/soap:Body</sp:XPath>
             </sp:ContentEncryptedElements>
             <sp:SignedParts>
                <sp:Body/>
@@ -1519,7 +1521,8 @@
       <wsp:ExactlyOne>
          <wsp:All>
             <sp:ContentEncryptedElements>
-               <sp:XPath>//*[local-name()='Body']</sp:XPath>
+               <sp:XPath xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
+                   >/soap:Envelope/soap:Body</sp:XPath>
             </sp:ContentEncryptedElements>
             <sp:SignedParts>
                <sp:Body/>

Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/xkms/DoubleItXKMS.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/xkms/DoubleItXKMS.wsdl?rev=1527598&r1=1527597&r2=1527598&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/xkms/DoubleItXKMS.wsdl
(original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/xkms/DoubleItXKMS.wsdl
Mon Sep 30 14:38:44 2013
@@ -171,7 +171,8 @@
       <wsp:ExactlyOne>
          <wsp:All>
             <sp:ContentEncryptedElements>
-               <sp:XPath>//*[local-name()='Body']</sp:XPath>
+               <sp:XPath xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
+                   >/soap:Envelope/soap:Body</sp:XPath>
             </sp:ContentEncryptedElements>
             <sp:SignedParts>
                <sp:Body/>
@@ -195,7 +196,8 @@
       <wsp:ExactlyOne>
          <wsp:All>
             <sp:ContentEncryptedElements>
-               <sp:XPath>//*[local-name()='Body']</sp:XPath>
+                <sp:XPath xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
+                   >/soap:Envelope/soap:Body</sp:XPath>
             </sp:ContentEncryptedElements>
             <sp:SignedParts>
                <sp:Body/>



Mime
View raw message