cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/3] git commit: Only store security events that we actually need
Date Tue, 15 Apr 2014 13:07:26 GMT
Only store security events that we actually need


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/19ba5d08
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/19ba5d08
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/19ba5d08

Branch: refs/heads/master
Commit: 19ba5d083a1819af6695aeccdb44503d3dcb3c96
Parents: 3a4118d
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Apr 15 12:09:31 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Apr 15 14:05:27 2014 +0100

----------------------------------------------------------------------
 .../ws/security/wss4j/WSS4JStaxInInterceptor.java   | 16 +++++++++++++---
 .../ws/security/wss4j/WSS4JStaxOutInterceptor.java  | 11 ++++++-----
 2 files changed, 19 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/19ba5d08/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
index a560b72..73886bb 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
@@ -55,10 +55,13 @@ import org.apache.wss4j.stax.WSSec;
 import org.apache.wss4j.stax.ext.InboundWSSec;
 import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
+import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
 import org.apache.wss4j.stax.validate.Validator;
 import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.stax.securityEvent.AbstractSecuredElementSecurityEvent;
 import org.apache.xml.security.stax.securityEvent.SecurityEvent;
 import org.apache.xml.security.stax.securityEvent.SecurityEventListener;
+import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
 
 public class WSS4JStaxInInterceptor extends AbstractWSS4JStaxInterceptor {
     
@@ -160,14 +163,21 @@ public class WSS4JStaxInInterceptor extends AbstractWSS4JStaxInterceptor
{
         SoapMessage msg, WSSSecurityProperties securityProperties
     ) throws WSSPolicyException {
         final List<SecurityEvent> incomingSecurityEventList = new LinkedList<SecurityEvent>();
+        msg.getExchange().put(SecurityEvent.class.getName() + ".in", incomingSecurityEventList);
+        msg.put(SecurityEvent.class.getName() + ".in", incomingSecurityEventList);
+        
         final SecurityEventListener securityEventListener = new SecurityEventListener() {
             @Override
             public void registerSecurityEvent(SecurityEvent securityEvent) throws WSSecurityException
{
-                incomingSecurityEventList.add(securityEvent);
+                if (securityEvent.getSecurityEventType() == WSSecurityEventConstants.Timestamp
+                    || securityEvent.getSecurityEventType() == WSSecurityEventConstants.SignatureValue
+                    || securityEvent instanceof TokenSecurityEvent
+                    || securityEvent instanceof AbstractSecuredElementSecurityEvent) {
+                    // Store events required for the security context setup, or the crypto
coverage checker
+                    incomingSecurityEventList.add(securityEvent);
+                }
             }
         };
-        msg.getExchange().put(SecurityEvent.class.getName() + ".in", incomingSecurityEventList);
-        msg.put(SecurityEvent.class.getName() + ".in", incomingSecurityEventList);
         
         return Collections.singletonList(securityEventListener);
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/19ba5d08/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
index 459a85f..a092170 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
@@ -195,21 +195,22 @@ public class WSS4JStaxOutInterceptor extends AbstractWSS4JStaxInterceptor
{
         final SoapMessage msg, WSSSecurityProperties securityProperties
     ) throws WSSPolicyException {
         final List<SecurityEvent> outgoingSecurityEventList = new LinkedList<SecurityEvent>();
+        msg.getExchange().put(SecurityEvent.class.getName() + ".out", outgoingSecurityEventList);
+        msg.put(SecurityEvent.class.getName() + ".out", outgoingSecurityEventList);
+        
         final SecurityEventListener securityEventListener = new SecurityEventListener() {
             @Override
             public void registerSecurityEvent(SecurityEvent securityEvent) throws XMLSecurityException
{
-                if (securityEvent.getSecurityEventType() == WSSecurityEventConstants.SamlToken
-                    && securityEvent instanceof TokenSecurityEvent) {
+                if (securityEvent.getSecurityEventType() == WSSecurityEventConstants.SamlToken)
{
                     // Store SAML keys in case we need them on the inbound side
                     TokenSecurityEvent<?> tokenSecurityEvent = (TokenSecurityEvent<?>)securityEvent;
                     WSS4JUtils.parseAndStoreStreamingSecurityToken(tokenSecurityEvent.getSecurityToken(),
msg);
-                } else {
+                } else if (securityEvent.getSecurityEventType() == WSSecurityEventConstants.SignatureValue)
{
+                    // Required for Signature Confirmation
                     outgoingSecurityEventList.add(securityEvent);
                 }
             }
         };
-        msg.getExchange().put(SecurityEvent.class.getName() + ".out", outgoingSecurityEventList);
-        msg.put(SecurityEvent.class.getName() + ".out", outgoingSecurityEventList);
 
         return securityEventListener;
     }


Mime
View raw message