Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 87C641195B for ; Mon, 28 Jul 2014 14:49:39 +0000 (UTC) Received: (qmail 25471 invoked by uid 500); 28 Jul 2014 14:49:39 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 25364 invoked by uid 500); 28 Jul 2014 14:49:39 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 25257 invoked by uid 99); 28 Jul 2014 14:49:39 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 28 Jul 2014 14:49:38 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id B25C09B7E12; Mon, 28 Jul 2014 14:49:38 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: asoldano@apache.org To: commits@cxf.apache.org Message-Id: <7786bfb855294352b287215e9e28c6cc@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: git commit: [CXF-5909] Propagate security Provider from Exchange to WSS4J ThreadLocalSecurityProvider Date: Mon, 28 Jul 2014 14:49:38 +0000 (UTC) Repository: cxf Updated Branches: refs/heads/master f2dc0d49c -> 89bb59316 [CXF-5909] Propagate security Provider from Exchange to WSS4J ThreadLocalSecurityProvider Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/89bb5931 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/89bb5931 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/89bb5931 Branch: refs/heads/master Commit: 89bb593163872608a52d50a97213895bde29f191 Parents: f2dc0d4 Author: Alessio Soldano Authored: Mon Jul 28 16:21:11 2014 +0200 Committer: Alessio Soldano Committed: Mon Jul 28 16:45:40 2014 +0200 ---------------------------------------------------------------------- .../wss4j/PolicyBasedWSS4JOutInterceptor.java | 17 +++++++++++++++++ .../ws/security/wss4j/WSS4JInInterceptor.java | 17 +++++++++++++++++ .../ws/security/wss4j/WSS4JOutInterceptor.java | 19 ++++++++++++++++++- .../security/wss4j/WSS4JStaxInInterceptor.java | 17 +++++++++++++++++ .../security/wss4j/WSS4JStaxOutInterceptor.java | 19 ++++++++++++++++++- 5 files changed, 87 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/89bb5931/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java index 7056876..8d0a438 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java @@ -18,6 +18,7 @@ */ package org.apache.cxf.ws.security.wss4j; +import java.security.Provider; import java.util.Collection; import java.util.Collections; import java.util.HashSet; @@ -48,6 +49,7 @@ import org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler; import org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler; import org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler; import org.apache.neethi.Policy; +import org.apache.wss4j.common.crypto.ThreadLocalSecurityProvider; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.dom.WSSConfig; import org.apache.wss4j.dom.handler.WSHandlerConstants; @@ -103,6 +105,21 @@ public class PolicyBasedWSS4JOutInterceptor extends AbstractPhaseInterceptor ais; SOAPMessage saaj = message.getContent(SOAPMessage.class); http://git-wip-us.apache.org/repos/asf/cxf/blob/89bb5931/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java index 1d1b2ac..3410ba4 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java @@ -20,6 +20,7 @@ package org.apache.cxf.ws.security.wss4j; import java.io.IOException; import java.security.Principal; +import java.security.Provider; import java.security.cert.Certificate; import java.util.ArrayList; import java.util.HashMap; @@ -70,6 +71,7 @@ import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.cxf.ws.security.tokenstore.TokenStore; import org.apache.wss4j.common.cache.ReplayCache; import org.apache.wss4j.common.crypto.Crypto; +import org.apache.wss4j.common.crypto.ThreadLocalSecurityProvider; import org.apache.wss4j.common.ext.WSPasswordCallback; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.principal.CustomTokenPrincipal; @@ -177,6 +179,21 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { return; } + Object provider = msg.getExchange().get(Provider.class); + final boolean useCustomProvider = provider != null && ThreadLocalSecurityProvider.isInstalled(); + try { + if (useCustomProvider) { + ThreadLocalSecurityProvider.setProvider((Provider)provider); + } + handleMessageInternal(msg); + } finally { + if (useCustomProvider) { + ThreadLocalSecurityProvider.unsetProvider(); + } + } + } + + private void handleMessageInternal(SoapMessage msg) throws Fault { boolean utWithCallbacks = MessageUtils.getContextualBoolean(msg, SecurityConstants.VALIDATE_TOKEN, true); translateProperties(msg); http://git-wip-us.apache.org/repos/asf/cxf/blob/89bb5931/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java index 7ac08ab..ce1c877 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java @@ -18,6 +18,7 @@ */ package org.apache.cxf.ws.security.wss4j; +import java.security.Provider; import java.util.Collection; import java.util.Collections; import java.util.List; @@ -40,6 +41,7 @@ import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.interceptor.Fault; import org.apache.cxf.phase.Phase; import org.apache.cxf.phase.PhaseInterceptor; +import org.apache.wss4j.common.crypto.ThreadLocalSecurityProvider; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.WSSConfig; @@ -142,7 +144,22 @@ public class WSS4JOutInterceptor extends AbstractWSS4JInterceptor { super(); } - public void handleMessage(SoapMessage mc) throws Fault { + public void handleMessage(SoapMessage message) throws Fault { + Object provider = message.getExchange().get(Provider.class); + final boolean useCustomProvider = provider != null && ThreadLocalSecurityProvider.isInstalled(); + try { + if (useCustomProvider) { + ThreadLocalSecurityProvider.setProvider((Provider)provider); + } + handleMessageInternal(message); + } finally { + if (useCustomProvider) { + ThreadLocalSecurityProvider.unsetProvider(); + } + } + } + + private void handleMessageInternal(SoapMessage mc) throws Fault { boolean doDebug = LOG.isLoggable(Level.FINE); http://git-wip-us.apache.org/repos/asf/cxf/blob/89bb5931/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java index d0f0c12..19e4240 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java @@ -19,6 +19,7 @@ package org.apache.cxf.ws.security.wss4j; import java.io.IOException; +import java.security.Provider; import java.util.Collections; import java.util.LinkedList; import java.util.List; @@ -30,6 +31,7 @@ import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.UnsupportedCallbackException; import javax.xml.stream.XMLStreamException; import javax.xml.stream.XMLStreamReader; +import javax.xml.stream.util.StreamReaderDelegate; import org.apache.cxf.binding.soap.SoapFault; import org.apache.cxf.binding.soap.SoapMessage; @@ -48,6 +50,7 @@ import org.apache.wss4j.common.ConfigurationConstants; import org.apache.wss4j.common.WSSPolicyException; import org.apache.wss4j.common.cache.ReplayCache; import org.apache.wss4j.common.crypto.Crypto; +import org.apache.wss4j.common.crypto.ThreadLocalSecurityProvider; import org.apache.wss4j.common.ext.WSPasswordCallback; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.stax.ConfigurationConverter; @@ -139,6 +142,20 @@ public class WSS4JStaxInInterceptor extends AbstractWSS4JStaxInterceptor { newXmlStreamReader = inboundWSSec.processInMessage(originalXmlStreamReader, requestSecurityEvents, securityEventListeners); + final Object provider = soapMessage.getExchange().get(Provider.class); + if (provider != null && ThreadLocalSecurityProvider.isInstalled()) { + newXmlStreamReader = new StreamReaderDelegate(newXmlStreamReader) { + @Override + public int next() throws XMLStreamException { + try { + ThreadLocalSecurityProvider.setProvider((Provider)provider); + return super.next(); + } finally { + ThreadLocalSecurityProvider.unsetProvider(); + } + } + }; + } soapMessage.setContent(XMLStreamReader.class, newXmlStreamReader); // Warning: The exceptions which can occur here are not security relevant exceptions http://git-wip-us.apache.org/repos/asf/cxf/blob/89bb5931/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java index 4c98498..6193e2e 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java @@ -19,6 +19,7 @@ package org.apache.cxf.ws.security.wss4j; import java.io.OutputStream; +import java.security.Provider; import java.util.LinkedList; import java.util.List; import java.util.Map; @@ -41,6 +42,7 @@ import org.apache.cxf.ws.security.SecurityConstants; import org.apache.wss4j.common.ConfigurationConstants; import org.apache.wss4j.common.WSSPolicyException; import org.apache.wss4j.common.crypto.Crypto; +import org.apache.wss4j.common.crypto.ThreadLocalSecurityProvider; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.stax.ConfigurationConverter; import org.apache.wss4j.stax.WSSec; @@ -304,7 +306,22 @@ public class WSS4JStaxOutInterceptor extends AbstractWSS4JStaxInterceptor { getBefore().add(AttachmentOutInterceptor.AttachmentOutEndingInterceptor.class.getName()); } - public void handleMessage(Message mc) throws Fault { + public void handleMessage(Message message) throws Fault { + Object provider = message.getExchange().get(Provider.class); + final boolean useCustomProvider = provider != null && ThreadLocalSecurityProvider.isInstalled(); + try { + if (useCustomProvider) { + ThreadLocalSecurityProvider.setProvider((Provider)provider); + } + handleMessageInternal(message); + } finally { + if (useCustomProvider) { + ThreadLocalSecurityProvider.unsetProvider(); + } + } + } + + private void handleMessageInternal(Message mc) throws Fault { try { XMLStreamWriter xtw = mc.getContent(XMLStreamWriter.class); if (xtw != null) {