Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id AA50810D45 for ; Fri, 18 Oct 2013 14:09:06 +0000 (UTC) Received: (qmail 42964 invoked by uid 500); 18 Oct 2013 14:09:00 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 42420 invoked by uid 500); 18 Oct 2013 14:08:58 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 42163 invoked by uid 99); 18 Oct 2013 14:08:58 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 18 Oct 2013 14:08:58 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 18 Oct 2013 14:08:56 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id A02982388A9B; Fri, 18 Oct 2013 14:08:36 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1533459 - in /cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security: policy/interceptors/ wss4j/ wss4j/policyhandlers/ Date: Fri, 18 Oct 2013 14:08:36 -0000 To: commits@cxf.apache.org From: coheigea@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20131018140836.A02982388A9B@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: coheigea Date: Fri Oct 18 14:08:35 2013 New Revision: 1533459 URL: http://svn.apache.org/r1533459 Log: Partially fixing SecureConversation cancelling functionality Modified: cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Modified: cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java?rev=1533459&r1=1533458&r2=1533459&view=diff ============================================================================== --- cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java (original) +++ cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java Fri Oct 18 14:08:35 2013 @@ -71,13 +71,13 @@ import org.apache.ws.security.message.to * This is a collection of utility methods for use in negotiation exchanges such as WS-SecureConversation * and WS-Trust for SPNEGO. */ -final class NegotiationUtils { +public final class NegotiationUtils { private NegotiationUtils() { // complete } - static Trust10 getTrust10(AssertionInfoMap aim) { + public static Trust10 getTrust10(AssertionInfoMap aim) { Collection ais = aim.get(SP12Constants.TRUST_10); if (ais == null || ais.isEmpty()) { ais = aim.get(SP11Constants.TRUST_10); @@ -88,7 +88,7 @@ final class NegotiationUtils { return (Trust10)ais.iterator().next().getAssertion(); } - static Trust13 getTrust13(AssertionInfoMap aim) { + public static Trust13 getTrust13(AssertionInfoMap aim) { Collection ais = aim.get(SP12Constants.TRUST_13); if (ais == null || ais.isEmpty()) { return null; @@ -96,7 +96,11 @@ final class NegotiationUtils { return (Trust13)ais.iterator().next().getAssertion(); } - static TokenStore getTokenStore(Message message) { + public static TokenStore getTokenStore(Message message) { + return getTokenStore(message, true); + } + + public static TokenStore getTokenStore(Message message, boolean create) { EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo(); synchronized (info) { TokenStore tokenStore = @@ -104,7 +108,7 @@ final class NegotiationUtils { if (tokenStore == null) { tokenStore = (TokenStore)info.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE); } - if (tokenStore == null) { + if (create && tokenStore == null) { TokenStoreFactory tokenStoreFactory = TokenStoreFactory.newInstance(); String cacheKey = SecurityConstants.TOKEN_STORE_CACHE_INSTANCE; if (info.getName() != null) { @@ -117,7 +121,7 @@ final class NegotiationUtils { } } - static Assertion getAddressingPolicy(AssertionInfoMap aim, boolean optional) { + public static Assertion getAddressingPolicy(AssertionInfoMap aim, boolean optional) { Collection lst = aim.get(MetadataConstants.USING_ADDRESSING_2004_QNAME); Assertion assertion = null; if (null != lst && !lst.isEmpty()) { @@ -145,7 +149,7 @@ final class NegotiationUtils { return assertion; } - static AlgorithmSuite getAlgorithmSuite(AssertionInfoMap aim) { + public static AlgorithmSuite getAlgorithmSuite(AssertionInfoMap aim) { Binding transport = null; Collection ais = aim.get(SP12Constants.TRANSPORT_BINDING); if (ais != null) { @@ -173,7 +177,7 @@ final class NegotiationUtils { return null; } - static int getWSCVersion(String tokenTypeValue) throws ConversationException { + public static int getWSCVersion(String tokenTypeValue) throws ConversationException { if (tokenTypeValue == null) { return ConversationConstants.DEFAULT_VERSION; } @@ -187,7 +191,7 @@ final class NegotiationUtils { } } - static void recalcEffectivePolicy( + public static void recalcEffectivePolicy( SoapMessage message, String namespace, Policy policy, @@ -248,7 +252,7 @@ final class NegotiationUtils { /** * Return true on successfully parsing a SecurityContextToken result */ - static boolean parseSCTResult(SoapMessage message) { + public static boolean parseSCTResult(SoapMessage message) { List results = CastUtils.cast((List)message.get(WSHandlerConstants.RECV_RESULTS)); if (results == null) { @@ -287,7 +291,7 @@ final class NegotiationUtils { return false; } - static CallbackHandler getCallbackHandler(Object o, Class clazz) { + public static CallbackHandler getCallbackHandler(Object o, Class clazz) { CallbackHandler handler = null; if (o instanceof CallbackHandler) { handler = (CallbackHandler)o; Modified: cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java?rev=1533459&r1=1533458&r2=1533459&view=diff ============================================================================== --- cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java (original) +++ cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java Fri Oct 18 14:08:35 2013 @@ -40,6 +40,7 @@ import org.apache.cxf.staxutils.W3CDOMSt import org.apache.cxf.ws.addressing.AddressingProperties; import org.apache.cxf.ws.addressing.AttributedURIType; import org.apache.cxf.ws.addressing.JAXWSAConstants; +import org.apache.cxf.ws.security.SecurityConstants; import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.cxf.ws.security.tokenstore.TokenStore; import org.apache.cxf.ws.security.trust.STSUtils; @@ -160,6 +161,8 @@ abstract class STSInvoker implements Inv TokenStore store = (TokenStore)exchange.get(Endpoint.class).getEndpointInfo() .getProperty(TokenStore.class.getName()); store.remove(cancelToken.getId()); + // Put the token on the out message so that we can sign the response + exchange.getEndpoint().put(SecurityConstants.TOKEN, cancelToken); writer.writeEmptyElement(prefix, "RequestedTokenCancelled", namespace); writer.writeEndElement(); @@ -230,6 +233,7 @@ abstract class STSInvoker implements Inv ref.setValueType(refValueType); } SecurityTokenReference str = new SecurityTokenReference(writer.getDocument()); + str.addWSSENamespace(); str.setReference(ref); writer.getCurrentNode().appendChild(str.getElement()); Modified: cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java?rev=1533459&r1=1533458&r2=1533459&view=diff ============================================================================== --- cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java (original) +++ cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java Fri Oct 18 14:08:35 2013 @@ -141,7 +141,11 @@ class SecureConversationInInterceptor ex SymmetricBinding binding = new SymmetricBinding(SP12Constants.INSTANCE, pbuilder); binding.setIncludeTimestamp(true); ProtectionToken token = new ProtectionToken(SP12Constants.INSTANCE, pbuilder); - token.setToken(new SecureConversationToken(SP12Constants.INSTANCE)); + + SecureConversationToken scToken = + new SecureConversationToken(SP12Constants.INSTANCE); + scToken.setInclusion(SP12Constants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT); + token.setToken(scToken); binding.setProtectionToken(token); binding.setEntireHeadersAndBodySignatures(true); Modified: cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1533459&r1=1533458&r2=1533459&view=diff ============================================================================== --- cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java (original) +++ cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java Fri Oct 18 14:08:35 2013 @@ -45,7 +45,6 @@ import javax.xml.transform.dom.DOMSource import org.w3c.dom.Element; import org.w3c.dom.Node; - import org.apache.cxf.binding.soap.SoapFault; import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.binding.soap.SoapVersion; @@ -68,6 +67,7 @@ import org.apache.cxf.phase.PhaseInterce import org.apache.cxf.security.SecurityContext; import org.apache.cxf.staxutils.StaxUtils; import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.policy.interceptors.NegotiationUtils; import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.cxf.ws.security.tokenstore.TokenStore; import org.apache.ws.security.CustomTokenPrincipal; @@ -730,8 +730,8 @@ public class WSS4JInInterceptor extends } catch (WSSecurityException sec) { Endpoint ep = ((SoapMessage)reqData.getMsgContext()).getExchange().get(Endpoint.class); if (ep != null && ep.getEndpointInfo() != null) { - TokenStore store = (TokenStore)ep.getEndpointInfo() - .getProperty(TokenStore.class.getName()); + TokenStore store = + NegotiationUtils.getTokenStore((SoapMessage)reqData.getMsgContext(), false); if (store != null) { return new TokenStoreCallbackHandler(null, store); } @@ -742,7 +742,8 @@ public class WSS4JInInterceptor extends } Endpoint ep = ((SoapMessage)reqData.getMsgContext()).getExchange().get(Endpoint.class); if (ep != null && ep.getEndpointInfo() != null) { - TokenStore store = (TokenStore)ep.getEndpointInfo().getProperty(TokenStore.class.getName()); + TokenStore store = + NegotiationUtils.getTokenStore((SoapMessage)reqData.getMsgContext(), false); if (store != null) { return new TokenStoreCallbackHandler(cbHandler, store); } Modified: cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1533459&r1=1533458&r2=1533459&view=diff ============================================================================== --- cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java (original) +++ cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Fri Oct 18 14:08:35 2013 @@ -52,7 +52,6 @@ import org.w3c.dom.Attr; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.NodeList; - import org.apache.cxf.Bus; import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.binding.soap.saaj.SAAJUtils; @@ -76,6 +75,7 @@ import org.apache.cxf.ws.policy.PolicyEx import org.apache.cxf.ws.security.SecurityConstants; import org.apache.cxf.ws.security.policy.SP12Constants; import org.apache.cxf.ws.security.policy.SPConstants; +import org.apache.cxf.ws.security.policy.interceptors.NegotiationUtils; import org.apache.cxf.ws.security.policy.model.AsymmetricBinding; import org.apache.cxf.ws.security.policy.model.Binding; import org.apache.cxf.ws.security.policy.model.ContentEncryptedElements; @@ -99,7 +99,6 @@ import org.apache.cxf.ws.security.policy import org.apache.cxf.ws.security.policy.model.X509Token; import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.cxf.ws.security.tokenstore.TokenStore; -import org.apache.cxf.ws.security.tokenstore.TokenStoreFactory; import org.apache.cxf.ws.security.wss4j.WSS4JUtils; import org.apache.neethi.Assertion; import org.apache.ws.security.WSConstants; @@ -131,7 +130,6 @@ import org.apache.ws.security.message.to import org.apache.ws.security.saml.ext.AssertionWrapper; import org.apache.ws.security.saml.ext.SAMLParms; import org.apache.ws.security.util.WSSecurityUtil; - import org.opensaml.common.SAMLVersion; /** @@ -370,24 +368,7 @@ public abstract class AbstractBindingBui } protected final TokenStore getTokenStore() { - EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo(); - synchronized (info) { - TokenStore tokenStore = - (TokenStore)message.getContextualProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE); - if (tokenStore == null) { - tokenStore = (TokenStore)info.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE); - } - if (tokenStore == null) { - TokenStoreFactory tokenStoreFactory = TokenStoreFactory.newInstance(); - String cacheKey = SecurityConstants.TOKEN_STORE_CACHE_INSTANCE; - if (info.getName() != null) { - cacheKey += "-" + info.getName().toString().hashCode(); - } - tokenStore = tokenStoreFactory.newTokenStore(cacheKey, message); - info.setProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, tokenStore); - } - return tokenStore; - } + return NegotiationUtils.getTokenStore(message); } protected WSSecTimestamp createTimestamp() {