cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1550435 - in /cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j: PolicyStaxActionInInterceptor.java StaxActionInInterceptor.java
Date Thu, 12 Dec 2013 15:14:09 GMT
Author: coheigea
Date: Thu Dec 12 15:14:08 2013
New Revision: 1550435

URL: http://svn.apache.org/r1550435
Log:
Skip action checking/policy asserting for the streaming code when we have a SOAP Fault with
no security header for the initiator

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyStaxActionInInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxActionInInterceptor.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyStaxActionInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyStaxActionInInterceptor.java?rev=1550435&r1=1550434&r2=1550435&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyStaxActionInInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyStaxActionInInterceptor.java
Thu Dec 12 15:14:08 2013
@@ -20,11 +20,14 @@ package org.apache.cxf.ws.security.wss4j
 
 import java.util.Collection;
 import java.util.List;
+import java.util.logging.Logger;
 
 import javax.xml.namespace.QName;
 
 import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.phase.AbstractPhaseInterceptor;
 import org.apache.cxf.phase.Phase;
 import org.apache.cxf.ws.policy.AssertionInfo;
@@ -35,7 +38,10 @@ import org.apache.wss4j.policy.SP13Const
 import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AlgorithmSuite;
 import org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType;
+import org.apache.wss4j.stax.securityEvent.OperationSecurityEvent;
+import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
 import org.apache.xml.security.stax.securityEvent.SecurityEvent;
+import org.apache.xml.security.stax.securityEvent.SecurityEventConstants.Event;
 
 /**
  * This interceptor marks the CXF AssertionInfos as asserted. WSS4J 2.0 (StAX) takes care
of all
@@ -44,6 +50,9 @@ import org.apache.xml.security.stax.secu
  */
 public class PolicyStaxActionInInterceptor extends AbstractPhaseInterceptor<SoapMessage>
{
     
+    private static final Logger LOG = 
+        LogUtils.getL7dLogger(PolicyStaxActionInInterceptor.class);
+    
     public PolicyStaxActionInInterceptor() {
         super(Phase.PRE_PROTOCOL);
         this.getBefore().add(StaxSecurityContextInInterceptor.class.getName());
@@ -60,11 +69,44 @@ public class PolicyStaxActionInIntercept
             return;
         }
         
+        // First check for a SOAP Fault with no security header if we are the client
+        // In this case don't blanket assert security policies
+        if (MessageUtils.isRequestor(soapMessage)
+            && isEventInResults(WSSecurityEventConstants.NoSecurity, incomingSecurityEventList))
{
+            OperationSecurityEvent securityEvent = 
+                (OperationSecurityEvent)findEvent(
+                    WSSecurityEventConstants.Operation, incomingSecurityEventList
+                );
+            if (securityEvent != null 
+                && soapMessage.getVersion().getFault().equals(securityEvent.getOperation()))
{
+                LOG.warning("Request does not contain Security header, but it's a fault.");
+                return;
+            }
+        }
+        
         assertAllSecurityAssertions(aim);
         assertAllAlgorithmSuites(SP11Constants.SP_NS, aim);
         assertAllAlgorithmSuites(SP12Constants.SP_NS, aim);
     }
     
+    private boolean isEventInResults(Event event, List<SecurityEvent> incomingSecurityEventList)
{
+        for (SecurityEvent incomingEvent : incomingSecurityEventList) {
+            if (event == incomingEvent.getSecurityEventType()) {
+                return true;
+            }
+        }
+        return false;
+    }
+    
+    private SecurityEvent findEvent(Event event, List<SecurityEvent> incomingSecurityEventList)
{
+        for (SecurityEvent incomingEvent : incomingSecurityEventList) {
+            if (event == incomingEvent.getSecurityEventType()) {
+                return incomingEvent;
+            }
+        }
+        return null;
+    }
+    
     private void assertAllSecurityAssertions(AssertionInfoMap aim) {
         for (QName key : aim.keySet()) {
             if (SP11Constants.SP_NS.equals(key.getNamespaceURI())

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxActionInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxActionInInterceptor.java?rev=1550435&r1=1550434&r2=1550435&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxActionInInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxActionInInterceptor.java
Thu Dec 12 15:14:08 2013
@@ -26,10 +26,12 @@ import org.apache.cxf.binding.soap.SoapM
 import org.apache.cxf.binding.soap.SoapVersion;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.phase.AbstractPhaseInterceptor;
 import org.apache.cxf.phase.Phase;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.stax.ext.WSSConstants;
+import org.apache.wss4j.stax.securityEvent.OperationSecurityEvent;
 import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
 import org.apache.xml.security.stax.ext.XMLSecurityConstants;
 import org.apache.xml.security.stax.securityEvent.SecurityEvent;
@@ -71,6 +73,20 @@ public class StaxActionInInterceptor ext
             throw createSoapFault(soapMessage.getVersion(), ex);
         }
         
+        // First check for a SOAP Fault with no security header if we are the client
+        if (MessageUtils.isRequestor(soapMessage)
+            && isEventInResults(WSSecurityEventConstants.NoSecurity, incomingSecurityEventList))
{
+            OperationSecurityEvent securityEvent = 
+                (OperationSecurityEvent)findEvent(
+                    WSSecurityEventConstants.Operation, incomingSecurityEventList
+                );
+            if (securityEvent != null 
+                && soapMessage.getVersion().getFault().equals(securityEvent.getOperation()))
{
+                LOG.warning("Request does not contain Security header, but it's a fault.");
+                return;
+            }
+        }
+        
         for (XMLSecurityConstants.Action action : inActions) {
             Event requiredEvent = null;
             if (WSSConstants.TIMESTAMP.equals(action)) {
@@ -118,6 +134,15 @@ public class StaxActionInInterceptor ext
         return false;
     }
     
+    private SecurityEvent findEvent(Event event, List<SecurityEvent> incomingSecurityEventList)
{
+        for (SecurityEvent incomingEvent : incomingSecurityEventList) {
+            if (event == incomingEvent.getSecurityEventType()) {
+                return incomingEvent;
+            }
+        }
+        return null;
+    }
+    
     /**
      * Create a SoapFault from a WSSecurityException, following the SOAP Message Security
      * 1.1 specification, chapter 12 "Error Handling".



Mime
View raw message