cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject git commit: Add a test plus some fixes to allow for SignedElements evaluation of SAML Tokens
Date Wed, 10 Sep 2014 16:07:54 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 4f308df6b -> 03eca7af8


Add a test plus some fixes to allow for SignedElements evaluation of SAML Tokens


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/03eca7af
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/03eca7af
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/03eca7af

Branch: refs/heads/3.0.x-fixes
Commit: 03eca7af8b03c10e3f2a6d9915bf5a06e6627879
Parents: 4f308df
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Sep 10 17:06:21 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Sep 10 17:07:46 2014 +0100

----------------------------------------------------------------------
 .../wss4j/PolicyBasedWSS4JInInterceptor.java    |  1 +
 .../AbstractBindingPolicyValidator.java         | 42 ++++++++++----------
 .../policyvalidators/LayoutPolicyValidator.java |  3 +-
 .../cxf/systest/ws/saml/DoubleItSaml.wsdl       |  4 ++
 4 files changed, 29 insertions(+), 21 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/03eca7af/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
index 39d84ba..f118eeb 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
@@ -761,6 +761,7 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor
{
         final List<Integer> actions = new ArrayList<Integer>(2);
         actions.add(WSConstants.SIGN);
         actions.add(WSConstants.UT_SIGN);
+        actions.add(WSConstants.ST_SIGNED);
         List<WSSecurityEngineResult> signedResults = 
             WSSecurityUtil.fetchAllActionResults(results, actions);
         for (WSSecurityEngineResult result : signedResults) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/03eca7af/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
index cbc0e69..8387317 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
@@ -124,27 +124,29 @@ public abstract class AbstractBindingPolicyValidator implements BindingPolicyVal
         for (WSSecurityEngineResult signedResult : signedResults) {
             List<WSDataRef> dataRefs = 
                     CastUtils.cast((List<?>)signedResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
-            for (WSDataRef dataRef : dataRefs) {
-                String xpath = dataRef.getXpath();
-                if (xpath != null) {
-                    String[] nodes = StringUtils.split(xpath, "/");
-                    // envelope/Body || envelope/Header/header || envelope/Header/wsse:Security/header
-                    if (nodes.length < 3 || nodes.length > 5) {
-                        return false;
-                    }
-                    
-                    if (!(nodes[2].contains("Header") || nodes[2].contains("Body"))) {
-                        return false;
-                    }
-                    
-                    if (nodes.length == 5 && !nodes[3].contains("Security")) {
-                        return false;
-                    }
-                    
-                    if (nodes.length == 4 && nodes[2].contains("Body")) {
-                        return false;
+            if (dataRefs != null) {
+                for (WSDataRef dataRef : dataRefs) {
+                    String xpath = dataRef.getXpath();
+                    if (xpath != null) {
+                        String[] nodes = StringUtils.split(xpath, "/");
+                        // envelope/Body || envelope/Header/header || envelope/Header/wsse:Security/header
+                        if (nodes.length < 3 || nodes.length > 5) {
+                            return false;
+                        }
+                        
+                        if (!(nodes[2].contains("Header") || nodes[2].contains("Body")))
{
+                            return false;
+                        }
+                        
+                        if (nodes.length == 5 && !nodes[3].contains("Security"))
{
+                            return false;
+                        }
+                        
+                        if (nodes.length == 4 && nodes[2].contains("Body")) {
+                            return false;
+                        }
+                        
                     }
-                    
                 }
             }
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/03eca7af/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/LayoutPolicyValidator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/LayoutPolicyValidator.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/LayoutPolicyValidator.java
index 9506dae..370906b 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/LayoutPolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/LayoutPolicyValidator.java
@@ -131,7 +131,8 @@ public class LayoutPolicyValidator extends AbstractTokenPolicyValidator
{
         for (WSSecurityEngineResult signedResult : signedResults) {
             List<WSDataRef> sl = 
                 CastUtils.cast((List<?>)signedResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
-            if (sl == null) {
+            Integer actInt = (Integer)signedResult.get(WSSecurityEngineResult.TAG_ACTION);
+            if (sl == null || WSConstants.ST_SIGNED == actInt) {
                 continue;
             }
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/03eca7af/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl
index 755e2e1..09ce8b8 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl
@@ -507,6 +507,10 @@
                         </sp:SamlToken>
                     </wsp:Policy>
                 </sp:SignedSupportingTokens>
+                <!-- Just check that SignedElements actually works here -->
+                <sp:SignedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+                    <sp:XPath xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion">/soap:Envelope/soap:Header/wsse:Security/saml1:Assertion</sp:XPath>
+                </sp:SignedElements>
             </wsp:All>
         </wsp:ExactlyOne>
     </wsp:Policy>


Mime
View raw message