cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1533459 - in /cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security: policy/interceptors/ wss4j/ wss4j/policyhandlers/
Date Fri, 18 Oct 2013 14:08:36 GMT
Author: coheigea
Date: Fri Oct 18 14:08:35 2013
New Revision: 1533459

URL: http://svn.apache.org/r1533459
Log:
Partially fixing SecureConversation cancelling functionality

Modified:
    cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
    cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
    cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
    cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
    cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java

Modified: cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java?rev=1533459&r1=1533458&r2=1533459&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
Fri Oct 18 14:08:35 2013
@@ -71,13 +71,13 @@ import org.apache.ws.security.message.to
  * This is a collection of utility methods for use in negotiation exchanges such as WS-SecureConversation

  * and WS-Trust for SPNEGO.
  */
-final class NegotiationUtils {
+public final class NegotiationUtils {
     
     private NegotiationUtils() {
         // complete
     }
 
-    static Trust10 getTrust10(AssertionInfoMap aim) {
+    public static Trust10 getTrust10(AssertionInfoMap aim) {
         Collection<AssertionInfo> ais = aim.get(SP12Constants.TRUST_10);
         if (ais == null || ais.isEmpty()) {
             ais = aim.get(SP11Constants.TRUST_10);
@@ -88,7 +88,7 @@ final class NegotiationUtils {
         return (Trust10)ais.iterator().next().getAssertion();
     }
     
-    static Trust13 getTrust13(AssertionInfoMap aim) {
+    public static Trust13 getTrust13(AssertionInfoMap aim) {
         Collection<AssertionInfo> ais = aim.get(SP12Constants.TRUST_13);
         if (ais == null || ais.isEmpty()) {
             return null;
@@ -96,7 +96,11 @@ final class NegotiationUtils {
         return (Trust13)ais.iterator().next().getAssertion();
     }
     
-    static TokenStore getTokenStore(Message message) {
+    public static TokenStore getTokenStore(Message message) {
+        return getTokenStore(message, true);
+    }
+    
+    public static TokenStore getTokenStore(Message message, boolean create) {
         EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
         synchronized (info) {
             TokenStore tokenStore = 
@@ -104,7 +108,7 @@ final class NegotiationUtils {
             if (tokenStore == null) {
                 tokenStore = (TokenStore)info.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
             }
-            if (tokenStore == null) {
+            if (create && tokenStore == null) {
                 TokenStoreFactory tokenStoreFactory = TokenStoreFactory.newInstance();
                 String cacheKey = SecurityConstants.TOKEN_STORE_CACHE_INSTANCE;
                 if (info.getName() != null) {
@@ -117,7 +121,7 @@ final class NegotiationUtils {
         }
     }
     
-    static Assertion getAddressingPolicy(AssertionInfoMap aim, boolean optional) {
+    public static Assertion getAddressingPolicy(AssertionInfoMap aim, boolean optional) {
         Collection<AssertionInfo> lst = aim.get(MetadataConstants.USING_ADDRESSING_2004_QNAME);
         Assertion assertion = null;
         if (null != lst && !lst.isEmpty()) {
@@ -145,7 +149,7 @@ final class NegotiationUtils {
         return assertion;
     }
 
-    static AlgorithmSuite getAlgorithmSuite(AssertionInfoMap aim) {
+    public static AlgorithmSuite getAlgorithmSuite(AssertionInfoMap aim) {
         Binding transport = null;
         Collection<AssertionInfo> ais = aim.get(SP12Constants.TRANSPORT_BINDING);
         if (ais != null) {
@@ -173,7 +177,7 @@ final class NegotiationUtils {
         return null;
     }
     
-    static int getWSCVersion(String tokenTypeValue) throws ConversationException {
+    public static int getWSCVersion(String tokenTypeValue) throws ConversationException {
         if (tokenTypeValue == null) {
             return ConversationConstants.DEFAULT_VERSION;
         }
@@ -187,7 +191,7 @@ final class NegotiationUtils {
         }
     }
     
-    static void recalcEffectivePolicy(
+    public static void recalcEffectivePolicy(
         SoapMessage message, 
         String namespace, 
         Policy policy,
@@ -248,7 +252,7 @@ final class NegotiationUtils {
     /**
      * Return true on successfully parsing a SecurityContextToken result
      */
-    static boolean parseSCTResult(SoapMessage message) {
+    public static boolean parseSCTResult(SoapMessage message) {
         List<WSHandlerResult> results = 
             CastUtils.cast((List<?>)message.get(WSHandlerConstants.RECV_RESULTS));
         if (results == null) {
@@ -287,7 +291,7 @@ final class NegotiationUtils {
         return false;
     }
     
-    static CallbackHandler getCallbackHandler(Object o, Class<?> clazz) {
+    public static CallbackHandler getCallbackHandler(Object o, Class<?> clazz) {
         CallbackHandler handler = null;
         if (o instanceof CallbackHandler) {
             handler = (CallbackHandler)o;

Modified: cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java?rev=1533459&r1=1533458&r2=1533459&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
Fri Oct 18 14:08:35 2013
@@ -40,6 +40,7 @@ import org.apache.cxf.staxutils.W3CDOMSt
 import org.apache.cxf.ws.addressing.AddressingProperties;
 import org.apache.cxf.ws.addressing.AttributedURIType;
 import org.apache.cxf.ws.addressing.JAXWSAConstants;
+import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.cxf.ws.security.trust.STSUtils;
@@ -160,6 +161,8 @@ abstract class STSInvoker implements Inv
         TokenStore store = (TokenStore)exchange.get(Endpoint.class).getEndpointInfo()
                 .getProperty(TokenStore.class.getName());
         store.remove(cancelToken.getId());
+        // Put the token on the out message so that we can sign the response
+        exchange.getEndpoint().put(SecurityConstants.TOKEN, cancelToken);
         writer.writeEmptyElement(prefix, "RequestedTokenCancelled", namespace);
         
         writer.writeEndElement();
@@ -230,6 +233,7 @@ abstract class STSInvoker implements Inv
             ref.setValueType(refValueType);
         }
         SecurityTokenReference str = new SecurityTokenReference(writer.getDocument());
+        str.addWSSENamespace();
         str.setReference(ref);
 
         writer.getCurrentNode().appendChild(str.getElement());

Modified: cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java?rev=1533459&r1=1533458&r2=1533459&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
Fri Oct 18 14:08:35 2013
@@ -141,7 +141,11 @@ class SecureConversationInInterceptor ex
                     SymmetricBinding binding = new SymmetricBinding(SP12Constants.INSTANCE,
pbuilder);
                     binding.setIncludeTimestamp(true);
                     ProtectionToken token = new ProtectionToken(SP12Constants.INSTANCE, pbuilder);
-                    token.setToken(new SecureConversationToken(SP12Constants.INSTANCE));
+                    
+                    SecureConversationToken scToken = 
+                        new SecureConversationToken(SP12Constants.INSTANCE);
+                    scToken.setInclusion(SP12Constants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT);
+                    token.setToken(scToken);
                     binding.setProtectionToken(token);
                     binding.setEntireHeadersAndBodySignatures(true);
                     

Modified: cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1533459&r1=1533458&r2=1533459&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
Fri Oct 18 14:08:35 2013
@@ -45,7 +45,6 @@ import javax.xml.transform.dom.DOMSource
 
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
-
 import org.apache.cxf.binding.soap.SoapFault;
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.binding.soap.SoapVersion;
@@ -68,6 +67,7 @@ import org.apache.cxf.phase.PhaseInterce
 import org.apache.cxf.security.SecurityContext;
 import org.apache.cxf.staxutils.StaxUtils;
 import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.policy.interceptors.NegotiationUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.ws.security.CustomTokenPrincipal;
@@ -730,8 +730,8 @@ public class WSS4JInInterceptor extends 
                 } catch (WSSecurityException sec) {
                     Endpoint ep = ((SoapMessage)reqData.getMsgContext()).getExchange().get(Endpoint.class);
                     if (ep != null && ep.getEndpointInfo() != null) {
-                        TokenStore store = (TokenStore)ep.getEndpointInfo()
-                            .getProperty(TokenStore.class.getName());
+                        TokenStore store = 
+                            NegotiationUtils.getTokenStore((SoapMessage)reqData.getMsgContext(),
false);
                         if (store != null) {
                             return new TokenStoreCallbackHandler(null, store);
                         }
@@ -742,7 +742,8 @@ public class WSS4JInInterceptor extends 
         }
         Endpoint ep = ((SoapMessage)reqData.getMsgContext()).getExchange().get(Endpoint.class);
         if (ep != null && ep.getEndpointInfo() != null) {
-            TokenStore store = (TokenStore)ep.getEndpointInfo().getProperty(TokenStore.class.getName());
+            TokenStore store = 
+                NegotiationUtils.getTokenStore((SoapMessage)reqData.getMsgContext(), false);
             if (store != null) {
                 return new TokenStoreCallbackHandler(cbHandler, store);
             }

Modified: cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1533459&r1=1533458&r2=1533459&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
Fri Oct 18 14:08:35 2013
@@ -52,7 +52,6 @@ import org.w3c.dom.Attr;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
-
 import org.apache.cxf.Bus;
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.binding.soap.saaj.SAAJUtils;
@@ -76,6 +75,7 @@ import org.apache.cxf.ws.policy.PolicyEx
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.policy.SPConstants;
+import org.apache.cxf.ws.security.policy.interceptors.NegotiationUtils;
 import org.apache.cxf.ws.security.policy.model.AsymmetricBinding;
 import org.apache.cxf.ws.security.policy.model.Binding;
 import org.apache.cxf.ws.security.policy.model.ContentEncryptedElements;
@@ -99,7 +99,6 @@ import org.apache.cxf.ws.security.policy
 import org.apache.cxf.ws.security.policy.model.X509Token;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
-import org.apache.cxf.ws.security.tokenstore.TokenStoreFactory;
 import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
 import org.apache.neethi.Assertion;
 import org.apache.ws.security.WSConstants;
@@ -131,7 +130,6 @@ import org.apache.ws.security.message.to
 import org.apache.ws.security.saml.ext.AssertionWrapper;
 import org.apache.ws.security.saml.ext.SAMLParms;
 import org.apache.ws.security.util.WSSecurityUtil;
-
 import org.opensaml.common.SAMLVersion;
 
 /**
@@ -370,24 +368,7 @@ public abstract class AbstractBindingBui
     }
     
     protected final TokenStore getTokenStore() {
-        EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
-        synchronized (info) {
-            TokenStore tokenStore = 
-                (TokenStore)message.getContextualProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
-            if (tokenStore == null) {
-                tokenStore = (TokenStore)info.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
-            }
-            if (tokenStore == null) {
-                TokenStoreFactory tokenStoreFactory = TokenStoreFactory.newInstance();
-                String cacheKey = SecurityConstants.TOKEN_STORE_CACHE_INSTANCE;
-                if (info.getName() != null) {
-                    cacheKey += "-" + info.getName().toString().hashCode();
-                }
-                tokenStore = tokenStoreFactory.newTokenStore(cacheKey, message);
-                info.setProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, tokenStore);
-            }
-            return tokenStore;
-        }
+        return NegotiationUtils.getTokenStore(message);
     }
     
     protected WSSecTimestamp createTimestamp() {



Mime
View raw message