Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 3CB941010E for ; Thu, 17 Oct 2013 14:54:07 +0000 (UTC) Received: (qmail 87234 invoked by uid 500); 17 Oct 2013 14:54:06 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 87139 invoked by uid 500); 17 Oct 2013 14:54:05 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 87132 invoked by uid 99); 17 Oct 2013 14:54:04 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 17 Oct 2013 14:54:04 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 17 Oct 2013 14:54:02 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 9E962238899C; Thu, 17 Oct 2013 14:53:42 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1533096 - in /cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security: policy/interceptors/ wss4j/ wss4j/policyhandlers/ Date: Thu, 17 Oct 2013 14:53:42 -0000 To: commits@cxf.apache.org From: coheigea@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20131017145342.9E962238899C@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: coheigea Date: Thu Oct 17 14:53:41 2013 New Revision: 1533096 URL: http://svn.apache.org/r1533096 Log: Some fixes to allow streaming SecureConversation for the inbound server case Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java?rev=1533096&r1=1533095&r2=1533096&view=diff ============================================================================== --- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java (original) +++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java Thu Oct 17 14:53:41 2013 @@ -225,6 +225,7 @@ abstract class STSInvoker implements Inv ref.setValueType(refValueType); } SecurityTokenReference str = new SecurityTokenReference(writer.getDocument()); + str.addWSSENamespace(); str.setReference(ref); writer.getCurrentNode().appendChild(str.getElement()); Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java?rev=1533096&r1=1533095&r2=1533096&view=diff ============================================================================== --- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java (original) +++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java Thu Oct 17 14:53:41 2013 @@ -28,9 +28,9 @@ import java.util.logging.Logger; import javax.xml.namespace.QName; import org.w3c.dom.Element; - import org.apache.cxf.binding.soap.SoapBindingConstants; import org.apache.cxf.binding.soap.SoapMessage; +import org.apache.cxf.binding.soap.interceptor.SoapActionInInterceptor; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.endpoint.Endpoint; import org.apache.cxf.helpers.DOMUtils; @@ -52,6 +52,7 @@ import org.apache.cxf.ws.security.trust. import org.apache.cxf.ws.security.trust.STSClient; import org.apache.cxf.ws.security.trust.STSUtils; import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor; +import org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor; import org.apache.neethi.All; import org.apache.neethi.Assertion; import org.apache.neethi.ExactlyOne; @@ -73,8 +74,8 @@ class SecureConversationInInterceptor ex public SecureConversationInInterceptor() { - super(Phase.PRE_PROTOCOL); - getBefore().add(WSS4JInInterceptor.class.getName()); + super(Phase.PRE_STREAM); + getBefore().add(WSS4JStaxInInterceptor.class.getName()); } private AbstractBinding getBinding(AssertionInfoMap aim) { Collection ais = @@ -116,6 +117,9 @@ class SecureConversationInInterceptor ex return; } String s = (String)message.get(SoapBindingConstants.SOAP_ACTION); + if (s == null) { + s = SoapActionInInterceptor.getSoapAction(message); + } String addNs = null; AddressingProperties inProps = (AddressingProperties)message .getContextualProperty(JAXWSAConstants.SERVER_ADDRESSING_PROPERTIES_INBOUND); Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java?rev=1533096&r1=1533095&r2=1533096&view=diff ============================================================================== --- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java (original) +++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java Thu Oct 17 14:53:41 2013 @@ -164,8 +164,11 @@ public final class WSS4JUtils { org.apache.xml.security.stax.securityToken.SecurityToken securityToken, Message message ) throws XMLSecurityException { - if (securityToken != null - && getTokenStore(message).getToken(securityToken.getId()) == null) { + if (securityToken == null) { + return null; + } + SecurityToken existingToken = getTokenStore(message).getToken(securityToken.getId()); + if (existingToken == null) { Date created = new Date(); Date expires = new Date(); expires.setTime(created.getTime() + 300000); @@ -182,6 +185,9 @@ public final class WSS4JUtils { cachedTok.setTokenType(WSSConstants.NS_SAML11_TOKEN_PROFILE_TYPE); } else if (securityToken.getTokenType() == WSSecurityTokenConstants.Saml20Token) { cachedTok.setTokenType(WSSConstants.NS_SAML20_TOKEN_PROFILE_TYPE); + } else if (securityToken.getTokenType() == WSSecurityTokenConstants.SecureConversationToken + || securityToken.getTokenType() == WSSecurityTokenConstants.SecurityContextToken) { + cachedTok.setTokenType(WSSConstants.NS_WSC_05_02); } } @@ -199,7 +205,7 @@ public final class WSS4JUtils { return cachedTok.getId(); } - return null; + return existingToken.getId(); } Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java?rev=1533096&r1=1533095&r2=1533096&view=diff ============================================================================== --- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java (original) +++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java Thu Oct 17 14:53:41 2013 @@ -102,6 +102,9 @@ import org.apache.xml.security.exception import org.apache.xml.security.stax.ext.SecurePart; import org.apache.xml.security.stax.ext.SecurePart.Modifier; import org.apache.xml.security.stax.impl.securityToken.GenericOutboundSecurityToken; +import org.apache.xml.security.stax.securityEvent.SecurityEvent; +import org.apache.xml.security.stax.securityEvent.SecurityEventConstants; +import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent; import org.apache.xml.security.stax.securityToken.OutboundSecurityToken; import org.apache.xml.security.stax.securityToken.SecurityTokenConstants; import org.apache.xml.security.stax.securityToken.SecurityTokenProvider; @@ -1190,4 +1193,21 @@ public abstract class AbstractStaxBindin } return null; } + + protected org.apache.xml.security.stax.securityToken.SecurityToken + findInboundSecurityToken(SecurityEventConstants.Event event) throws XMLSecurityException { + @SuppressWarnings("unchecked") + final List incomingEventList = + (List) message.getExchange().get(SecurityEvent.class.getName() + ".in"); + if (incomingEventList != null) { + for (SecurityEvent incomingEvent : incomingEventList) { + if (event == incomingEvent.getSecurityEventType()) { + org.apache.xml.security.stax.securityToken.SecurityToken token = + ((TokenSecurityEvent)incomingEvent).getSecurityToken(); + return token; + } + } + } + return null; + } } Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java?rev=1533096&r1=1533095&r2=1533096&view=diff ============================================================================== --- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java (original) +++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java Thu Oct 17 14:53:41 2013 @@ -59,7 +59,6 @@ import org.apache.wss4j.policy.model.Sym import org.apache.wss4j.policy.model.UsernameToken; import org.apache.wss4j.policy.model.X509Token; import org.apache.wss4j.stax.ext.WSSConstants; -import org.apache.wss4j.stax.securityEvent.SamlTokenSecurityEvent; import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants; import org.apache.xml.security.algorithms.JCEMapper; import org.apache.xml.security.exceptions.XMLSecurityException; @@ -155,7 +154,7 @@ public class StaxSymmetricBindingHandler addIssuedToken((IssuedToken)encryptionToken, tok, false, true); if (tok == null && !isRequestor()) { org.apache.xml.security.stax.securityToken.SecurityToken securityToken = - findIssuedToken(); + findInboundSecurityToken(WSSecurityEventConstants.SamlToken); tokenId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken, message); } } else if (encryptionToken instanceof SecureConversationToken @@ -171,6 +170,10 @@ public class StaxSymmetricBindingHandler } else { config.put(ConfigurationConstants.ACTION, actionToPerform); } + } else if (tok == null && !isRequestor()) { + org.apache.xml.security.stax.securityToken.SecurityToken securityToken = + findInboundSecurityToken(WSSecurityEventConstants.SecurityContextToken); + tokenId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken, message); } } else if (encryptionToken instanceof X509Token) { if (isRequestor()) { @@ -272,7 +275,7 @@ public class StaxSymmetricBindingHandler addIssuedToken((IssuedToken)sigToken, sigTok, false, true); if (sigTok == null && !isRequestor()) { org.apache.xml.security.stax.securityToken.SecurityToken securityToken = - findIssuedToken(); + findInboundSecurityToken(WSSecurityEventConstants.SamlToken); sigTokId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken, message); } } else if (sigToken instanceof SecureConversationToken @@ -288,6 +291,10 @@ public class StaxSymmetricBindingHandler } else { config.put(ConfigurationConstants.ACTION, actionToPerform); } + } else if (sigTok == null && !isRequestor()) { + org.apache.xml.security.stax.securityToken.SecurityToken securityToken = + findInboundSecurityToken(WSSecurityEventConstants.SecurityContextToken); + sigTokId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken, message); } } else if (sigToken instanceof X509Token) { if (isRequestor()) { @@ -396,11 +403,12 @@ public class StaxSymmetricBindingHandler AlgorithmSuiteType algSuiteType = sbinding.getAlgorithmSuite().getAlgorithmSuiteType(); config.put(ConfigurationConstants.DERIVED_ENCRYPTION_KEY_LENGTH, "" + algSuiteType.getEncryptionDerivedKeyLength() / 8); - if (recToken.getVersion() == SPConstants.SPVersion.SP12) { - config.put(ConfigurationConstants.USE_2005_12_NAMESPACE, "true"); - } } + if (recToken.getVersion() == SPConstants.SPVersion.SP12) { + config.put(ConfigurationConstants.USE_2005_12_NAMESPACE, "true"); + } + if (config.containsKey(ConfigurationConstants.ACTION)) { String action = (String)config.get(ConfigurationConstants.ACTION); config.put(ConfigurationConstants.ACTION, action + " " + actionToPerform); @@ -477,9 +485,10 @@ public class StaxSymmetricBindingHandler AlgorithmSuiteType algSuiteType = sbinding.getAlgorithmSuite().getAlgorithmSuiteType(); config.put(ConfigurationConstants.DERIVED_SIGNATURE_KEY_LENGTH, "" + algSuiteType.getSignatureDerivedKeyLength() / 8); - if (policyToken.getVersion() == SPConstants.SPVersion.SP12) { - config.put(ConfigurationConstants.USE_2005_12_NAMESPACE, "true"); - } + } + + if (policyToken.getVersion() == SPConstants.SPVersion.SP12) { + config.put(ConfigurationConstants.USE_2005_12_NAMESPACE, "true"); } if (config.containsKey(ConfigurationConstants.ACTION)) { @@ -602,23 +611,6 @@ public class StaxSymmetricBindingHandler return null; } - private org.apache.xml.security.stax.securityToken.SecurityToken - findIssuedToken() throws XMLSecurityException { - @SuppressWarnings("unchecked") - final List incomingEventList = - (List) message.getExchange().get(SecurityEvent.class.getName() + ".in"); - if (incomingEventList != null) { - for (SecurityEvent incomingEvent : incomingEventList) { - if (WSSecurityEventConstants.SamlToken == incomingEvent.getSecurityEventType()) { - org.apache.xml.security.stax.securityToken.SecurityToken token = - ((SamlTokenSecurityEvent)incomingEvent).getSecurityToken(); - return token; - } - } - } - return null; - } - private KeyGenerator getKeyGenerator(String symEncAlgo) throws WSSecurityException { try { // Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=1533096&r1=1533095&r2=1533096&view=diff ============================================================================== --- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java (original) +++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java Thu Oct 17 14:53:41 2013 @@ -558,7 +558,8 @@ public class SymmetricBindingHandler ext encr.setEncryptSymmKey(false); encr.setSymmetricEncAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryption()); - if (encrToken instanceof IssuedToken || encrToken instanceof SpnegoContextToken) { + if (encrToken instanceof IssuedToken || encrToken instanceof SpnegoContextToken + || encrToken instanceof SecureConversationToken) { //Setting the AttachedReference or the UnattachedReference according to the flag Element ref; if (attached) {