Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 25556174CF for ; Fri, 20 Mar 2015 21:58:20 +0000 (UTC) Received: (qmail 4685 invoked by uid 500); 20 Mar 2015 21:58:20 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 4612 invoked by uid 500); 20 Mar 2015 21:58:20 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 4603 invoked by uid 99); 20 Mar 2015 21:58:19 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 20 Mar 2015 21:58:19 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id BC95BE112F; Fri, 20 Mar 2015 21:58:19 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: coheigea@apache.org To: commits@cxf.apache.org Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: cxf git commit: More policy work Date: Fri, 20 Mar 2015 21:58:19 +0000 (UTC) Repository: cxf Updated Branches: refs/heads/master 9064201a2 -> afeb2ab05 More policy work Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/afeb2ab0 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/afeb2ab0 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/afeb2ab0 Branch: refs/heads/master Commit: afeb2ab056a4a4377db11d597c675108eb780d16 Parents: 9064201 Author: Colm O hEigeartaigh Authored: Fri Mar 20 21:57:54 2015 +0000 Committer: Colm O hEigeartaigh Committed: Fri Mar 20 21:58:13 2015 +0000 ---------------------------------------------------------------------- .../cxf/ws/security/policy/PolicyUtils.java | 26 ++++++++ .../HttpsTokenInterceptorProvider.java | 70 +++++++------------- .../IssuedTokenInterceptorProvider.java | 17 ++--- .../policy/interceptors/NegotiationUtils.java | 31 ++------- .../policy/interceptors/STSTokenHelper.java | 26 +------- .../SecureConversationInInterceptor.java | 40 +++-------- .../SecureConversationOutInterceptor.java | 4 +- .../SecurityVerificationOutInterceptor.java | 50 ++++++-------- .../WSSecurityInterceptorProvider.java | 2 +- .../WSSecurityPolicyInterceptorProvider.java | 2 +- .../wss4j/PolicyBasedWSS4JOutInterceptor.java | 27 +------- 11 files changed, 96 insertions(+), 199 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/afeb2ab0/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/PolicyUtils.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/PolicyUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/PolicyUtils.java index b8cf971..6bed02e 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/PolicyUtils.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/PolicyUtils.java @@ -28,6 +28,8 @@ import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.wss4j.policy.SP11Constants; import org.apache.wss4j.policy.SP12Constants; +import org.apache.wss4j.policy.SPConstants; +import org.apache.wss4j.policy.model.AbstractBinding; /** * Some common functionality that can be shared for working with policies @@ -108,4 +110,28 @@ public final class PolicyUtils { return false; } + + public static AbstractBinding getSecurityBinding(AssertionInfoMap aim) { + + AssertionInfo transAis = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.TRANSPORT_BINDING); + if (transAis != null) { + transAis.setAsserted(true); + return (AbstractBinding)transAis.getAssertion(); + } + + AssertionInfo asymAis = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.ASYMMETRIC_BINDING); + if (asymAis != null) { + asymAis.setAsserted(true); + return (AbstractBinding)asymAis.getAssertion(); + } + + AssertionInfo symAis = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SYMMETRIC_BINDING); + if (symAis != null) { + symAis.setAsserted(true); + return (AbstractBinding)symAis.getAssertion(); + } + + return null; + } + } http://git-wip-us.apache.org/repos/asf/cxf/blob/afeb2ab0/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java index 5d6ebae..bf8171a 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java @@ -24,24 +24,22 @@ import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; +import java.util.Collections; import java.util.List; import java.util.Map; -import java.util.TreeMap; import java.util.logging.Logger; +import javax.xml.namespace.QName; + import org.apache.cxf.common.logging.LogUtils; -import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.configuration.security.AuthorizationPolicy; import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.interceptor.Fault; import org.apache.cxf.message.Message; -import org.apache.cxf.message.MessageUtils; import org.apache.cxf.phase.AbstractPhaseInterceptor; import org.apache.cxf.phase.Phase; import org.apache.cxf.security.SecurityContext; import org.apache.cxf.security.transport.TLSSessionInfo; -import org.apache.cxf.transport.Conduit; -import org.apache.cxf.transport.http.HTTPConduit; import org.apache.cxf.transport.http.MessageTrustDecider; import org.apache.cxf.transport.http.URLConnectionInfo; import org.apache.cxf.transport.http.UntrustedURLConnectionIOException; @@ -52,7 +50,6 @@ import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.policy.PolicyException; import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor; -import org.apache.neethi.Assertion; import org.apache.wss4j.policy.SP11Constants; import org.apache.wss4j.policy.SP12Constants; import org.apache.wss4j.policy.SPConstants; @@ -82,43 +79,15 @@ public class HttpsTokenInterceptorProvider extends AbstractPolicyInterceptorProv this.getInFaultInterceptors().add(new HttpsTokenInInterceptor()); } - private static Map> getSetProtocolHeaders(Message message) { + private static Map> getProtocolHeaders(Message message) { Map> headers = CastUtils.cast((Map)message.get(Message.PROTOCOL_HEADERS)); if (null == headers) { - headers = new TreeMap>(String.CASE_INSENSITIVE_ORDER); - message.put(Message.PROTOCOL_HEADERS, headers); + Collections.emptyMap(); } return headers; } - public boolean configurationPresent(Message msg, Assertion assertion) { - if (msg == null || !MessageUtils.isRequestor(msg) || !SP11Constants.HTTPS_TOKEN.equals(assertion.getName())) { - return true; - } - - HttpsToken token = (HttpsToken)assertion; - if (token.getAuthenticationType() == HttpsToken.AuthenticationType.HttpBasicAuthentication - || token.getAuthenticationType() == HttpsToken.AuthenticationType.HttpDigestAuthentication) { - try { - return tryAuth(msg); - } catch (Throwable t) { - //ignore, can catch it later - } - } - return true; - } - - private boolean tryAuth(Message msg) { - Conduit conduit = msg.getExchange().getConduit(msg); - AuthorizationPolicy p = ((HTTPConduit)conduit).getEffectiveAuthPolicy(msg); - - if (StringUtils.isEmpty(p.getUserName())) { - return false; - } - return true; - } - static class HttpsTokenOutInterceptor extends AbstractPhaseInterceptor { public HttpsTokenOutInterceptor() { super(Phase.PRE_STREAM); @@ -147,7 +116,7 @@ public class HttpsTokenInterceptorProvider extends AbstractPolicyInterceptorProv HttpsToken token = (HttpsToken)ai.getAssertion(); String scheme = (String)message.get("http.scheme"); ai.setAsserted(true); - Map> headers = getSetProtocolHeaders(message); + Map> headers = getProtocolHeaders(message); if ("https".equals(scheme)) { if (token.getAuthenticationType() @@ -172,7 +141,8 @@ public class HttpsTokenInterceptorProvider extends AbstractPolicyInterceptorProv } }; message.put(MessageTrustDecider.class, trust); - PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_CLIENT_CERTIFICATE); + PolicyUtils.assertPolicy(aim, new QName(token.getName().getNamespaceURI(), + SPConstants.REQUIRE_CLIENT_CERTIFICATE)); } if (token.getAuthenticationType() == HttpsToken.AuthenticationType.HttpBasicAuthentication) { List auth = headers.get("Authorization"); @@ -180,7 +150,9 @@ public class HttpsTokenInterceptorProvider extends AbstractPolicyInterceptorProv || !auth.get(0).startsWith("Basic")) { ai.setNotAsserted("HttpBasicAuthentication is set, but not being used"); } else { - PolicyUtils.assertPolicy(aim, SPConstants.HTTP_BASIC_AUTHENTICATION); + PolicyUtils.assertPolicy(aim, + new QName(token.getName().getNamespaceURI(), + SPConstants.HTTP_BASIC_AUTHENTICATION)); } } if (token.getAuthenticationType() == HttpsToken.AuthenticationType.HttpDigestAuthentication) { @@ -189,7 +161,9 @@ public class HttpsTokenInterceptorProvider extends AbstractPolicyInterceptorProv || !auth.get(0).startsWith("Digest")) { ai.setNotAsserted("HttpDigestAuthentication is set, but not being used"); } else { - PolicyUtils.assertPolicy(aim, SPConstants.HTTP_DIGEST_AUTHENTICATION); + PolicyUtils.assertPolicy(aim, + new QName(token.getName().getNamespaceURI(), + SPConstants.HTTP_DIGEST_AUTHENTICATION)); } } } else { @@ -274,7 +248,7 @@ public class HttpsTokenInterceptorProvider extends AbstractPolicyInterceptorProv HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent(); - Map> headers = getSetProtocolHeaders(message); + Map> headers = getProtocolHeaders(message); if (token.getAuthenticationType() == HttpsToken.AuthenticationType.HttpBasicAuthentication) { List auth = headers.get("Authorization"); if (auth == null || auth.size() == 0 @@ -288,7 +262,9 @@ public class HttpsTokenInterceptorProvider extends AbstractPolicyInterceptorProv new HttpsSecurityTokenImpl(true, policy.getUserName()); httpsSecurityToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_MainSignature); httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken); - PolicyUtils.assertPolicy(aim, SPConstants.HTTP_BASIC_AUTHENTICATION); + PolicyUtils.assertPolicy(aim, + new QName(token.getName().getNamespaceURI(), + SPConstants.HTTP_BASIC_AUTHENTICATION)); } } if (token.getAuthenticationType() == HttpsToken.AuthenticationType.HttpDigestAuthentication) { @@ -304,7 +280,9 @@ public class HttpsTokenInterceptorProvider extends AbstractPolicyInterceptorProv new HttpsSecurityTokenImpl(false, policy.getUserName()); httpsSecurityToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_MainSignature); httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken); - PolicyUtils.assertPolicy(aim, SPConstants.HTTP_DIGEST_AUTHENTICATION); + PolicyUtils.assertPolicy(aim, + new QName(token.getName().getNamespaceURI(), + SPConstants.HTTP_DIGEST_AUTHENTICATION)); } } @@ -316,7 +294,9 @@ public class HttpsTokenInterceptorProvider extends AbstractPolicyInterceptorProv || tlsInfo.getPeerCertificates().length == 0) { asserted = false; } else { - PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_CLIENT_CERTIFICATE); + PolicyUtils.assertPolicy(aim, + new QName(token.getName().getNamespaceURI(), + SPConstants.REQUIRE_CLIENT_CERTIFICATE)); } } @@ -379,7 +359,7 @@ public class HttpsTokenInterceptorProvider extends AbstractPolicyInterceptorProv List securityEvents = (List) message.getExchange().get(SecurityEvent.class.getName() + ".out"); if (securityEvents == null) { - securityEvents = new ArrayList(); + securityEvents = new ArrayList<>(); message.getExchange().put(SecurityEvent.class.getName() + ".out", securityEvents); } http://git-wip-us.apache.org/repos/asf/cxf/blob/afeb2ab0/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java index 867bcae..7014a77 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java @@ -89,21 +89,12 @@ public class IssuedTokenInterceptorProvider extends AbstractPolicyInterceptorPro } // Assert some policies if (issuedToken.isRequireExternalReference()) { - assertPolicy(new QName(issuedToken.getName().getNamespaceURI(), - SPConstants.REQUIRE_EXTERNAL_REFERENCE), aim); + PolicyUtils.assertPolicy(aim, new QName(issuedToken.getName().getNamespaceURI(), + SPConstants.REQUIRE_EXTERNAL_REFERENCE)); } if (issuedToken.isRequireInternalReference()) { - assertPolicy(new QName(issuedToken.getName().getNamespaceURI(), - SPConstants.REQUIRE_INTERNAL_REFERENCE), aim); - } - } - - protected static void assertPolicy(QName n, AssertionInfoMap aim) { - Collection ais = aim.getAssertionInfo(n); - if (ais != null && !ais.isEmpty()) { - for (AssertionInfo ai : ais) { - ai.setAsserted(true); - } + PolicyUtils.assertPolicy(aim, new QName(issuedToken.getName().getNamespaceURI(), + SPConstants.REQUIRE_INTERNAL_REFERENCE)); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/afeb2ab0/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java index aab8fc3..3ac9fb9 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java @@ -120,30 +120,9 @@ final class NegotiationUtils { } static AlgorithmSuite getAlgorithmSuite(AssertionInfoMap aim) { - AbstractBinding transport = null; - Collection ais = - PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING); - if (!ais.isEmpty()) { - for (AssertionInfo ai : ais) { - transport = (AbstractBinding)ai.getAssertion(); - } - } else { - ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING); - if (!ais.isEmpty()) { - for (AssertionInfo ai : ais) { - transport = (AbstractBinding)ai.getAssertion(); - } - } else { - ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING); - if (!ais.isEmpty()) { - for (AssertionInfo ai : ais) { - transport = (AbstractBinding)ai.getAssertion(); - } - } - } - } - if (transport != null) { - return transport.getAlgorithmSuite(); + AbstractBinding binding = PolicyUtils.getSecurityBinding(aim); + if (binding != null) { + return binding.getAlgorithmSuite(); } return null; } @@ -202,9 +181,7 @@ final class NegotiationUtils { EndpointPolicy ep = pe.getServerEndpointPolicy(endpoint.getEndpointInfo(), destination, message); List> interceptors = ep.getInterceptors(message); - for (Interceptor i : interceptors) { - message.getInterceptorChain().add(i); - } + message.getInterceptorChain().add(interceptors); Collection assertions = ep.getVocabulary(message); if (null != assertions) { http://git-wip-us.apache.org/repos/asf/cxf/blob/afeb2ab0/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java index 0177d08..2771883 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java @@ -19,7 +19,6 @@ package org.apache.cxf.ws.security.policy.interceptors; -import java.util.Collection; import java.util.Map; import java.util.Properties; import java.util.logging.Level; @@ -32,11 +31,9 @@ import org.apache.cxf.interceptor.Fault; import org.apache.cxf.message.Message; import org.apache.cxf.message.MessageUtils; import org.apache.cxf.ws.addressing.AddressingProperties; -import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.security.SecurityConstants; import org.apache.cxf.ws.security.SecurityUtils; -import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.cxf.ws.security.tokenstore.TokenStore; import org.apache.cxf.ws.security.trust.STSClient; @@ -44,7 +41,6 @@ import org.apache.cxf.ws.security.trust.STSUtils; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.saml.SamlAssertionWrapper; import org.apache.wss4j.dom.WSConstants; -import org.apache.wss4j.policy.SPConstants; import org.apache.wss4j.policy.model.IssuedToken; import org.apache.wss4j.policy.model.Trust10; import org.apache.wss4j.policy.model.Trust13; @@ -65,8 +61,8 @@ public final class STSTokenHelper { if (issuedToken.getPolicy() != null) { params.setWspNamespace(issuedToken.getPolicy().getNamespace()); } - params.setTrust10(getTrust10(aim)); - params.setTrust13(getTrust13(aim)); + params.setTrust10(NegotiationUtils.getTrust10(aim)); + params.setTrust13(NegotiationUtils.getTrust13(aim)); params.setTokenTemplate(issuedToken.getRequestSecurityTokenTemplate()); return getToken(message, params); @@ -441,24 +437,6 @@ public final class STSTokenHelper { return client.requestSecurityToken(appliesTo); } - private static Trust10 getTrust10(AssertionInfoMap aim) { - Collection ais = - PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.TRUST_10); - if (ais.isEmpty()) { - return null; - } - return (Trust10)ais.iterator().next().getAssertion(); - } - - private static Trust13 getTrust13(AssertionInfoMap aim) { - Collection ais = - PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.TRUST_13); - if (ais.isEmpty()) { - return null; - } - return (Trust13)ais.iterator().next().getAssertion(); - } - public static class TokenRequestParams { private Element issuer; private Trust10 trust10; http://git-wip-us.apache.org/repos/asf/cxf/blob/afeb2ab0/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java index 930b8a8..c869f57 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java @@ -83,22 +83,6 @@ class SecureConversationInInterceptor extends AbstractPhaseInterceptor ais = - PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING); - if (!ais.isEmpty()) { - return (AbstractBinding)ais.iterator().next().getAssertion(); - } - ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING); - if (!ais.isEmpty()) { - return (AbstractBinding)ais.iterator().next().getAssertion(); - } - ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING); - if (!ais.isEmpty()) { - return (AbstractBinding)ais.iterator().next().getAssertion(); - } - return null; - } public void handleMessage(SoapMessage message) throws Fault { final AssertionInfoMap aim = message.get(AssertionInfoMap.class); @@ -205,7 +189,7 @@ class SecureConversationInInterceptor extends AbstractPhaseInterceptor signedPartsAis = - PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SIGNED_PARTS); + AssertionInfo signedPartsAi = + PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SIGNED_PARTS); SignedParts signedParts = null; - if (!signedPartsAis.isEmpty()) { - signedParts = (SignedParts)signedPartsAis.iterator().next().getAssertion(); + if (signedPartsAi != null) { + signedParts = (SignedParts)signedPartsAi.getAssertion(); } if (signedParts == null) { - List
headers = new ArrayList
(); + List
headers = new ArrayList<>(); if (addNs != null) { headers.add(new Header("To", addNs)); headers.add(new Header("From", addNs)); @@ -500,23 +484,19 @@ class SecureConversationInInterceptor extends AbstractPhaseInterceptor ais = - PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SECURE_CONVERSATION_TOKEN); - if (ais.isEmpty()) { + AssertionInfo ai = + PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SECURE_CONVERSATION_TOKEN); + if (ai == null) { return; } - SecureConversationToken tok = (SecureConversationToken)ais.iterator() - .next().getAssertion(); + SecureConversationToken tok = (SecureConversationToken)ai.getAssertion(); doCancel(message, aim, tok); - } private void doCancel(SoapMessage message, AssertionInfoMap aim, SecureConversationToken itok) { http://git-wip-us.apache.org/repos/asf/cxf/blob/afeb2ab0/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java index bba1952..083b1f9 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java @@ -113,7 +113,6 @@ class SecureConversationOutInterceptor extends AbstractPhaseInterceptor ctx = client.getRequestContext(); http://git-wip-us.apache.org/repos/asf/cxf/blob/afeb2ab0/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecurityVerificationOutInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecurityVerificationOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecurityVerificationOutInterceptor.java index ff0bb03..cbc6d87 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecurityVerificationOutInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecurityVerificationOutInterceptor.java @@ -19,7 +19,6 @@ package org.apache.cxf.ws.security.policy.interceptors; -import java.util.Collection; import java.util.logging.Logger; import org.apache.cxf.binding.soap.SoapMessage; @@ -58,7 +57,7 @@ public class SecurityVerificationOutInterceptor extends AbstractPhaseInterceptor public void handleMessage(SoapMessage message) throws Fault { if (MessageUtils.isRequestor(message)) { AssertionInfoMap aim = message.get(AssertionInfoMap.class); - if (aim != null && !isThereASecurityBinding(aim)) { + if (aim != null && PolicyUtils.getSecurityBinding(aim) == null) { AssertionInfo assertion = getSecuredPart(aim); if (assertion != null) { String error = String @@ -76,42 +75,35 @@ public class SecurityVerificationOutInterceptor extends AbstractPhaseInterceptor } } - private boolean isThereASecurityBinding(AssertionInfoMap aim) { - return - PolicyUtils.isThereAnAssertionByLocalname(aim, SPConstants.TRANSPORT_BINDING) - || PolicyUtils.isThereAnAssertionByLocalname(aim, SPConstants.ASYMMETRIC_BINDING) - || PolicyUtils.isThereAnAssertionByLocalname(aim, SPConstants.SYMMETRIC_BINDING); - } - private AssertionInfo getSecuredPart(AssertionInfoMap aim) { - Collection assertions = - PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SIGNED_PARTS); - if (!assertions.isEmpty()) { - return assertions.iterator().next(); + AssertionInfo assertion = + PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SIGNED_PARTS); + if (assertion != null) { + return assertion; } - assertions = - PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ELEMENTS); - if (!assertions.isEmpty()) { - return assertions.iterator().next(); + assertion = + PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SIGNED_ELEMENTS); + if (assertion != null) { + return assertion; } - assertions = - PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ENCRYPTED_PARTS); - if (!assertions.isEmpty()) { - return assertions.iterator().next(); + assertion = + PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.ENCRYPTED_PARTS); + if (assertion != null) { + return assertion; } - assertions = - PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ENCRYPTED_ELEMENTS); - if (!assertions.isEmpty()) { - return assertions.iterator().next(); + assertion = + PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.ENCRYPTED_ELEMENTS); + if (assertion != null) { + return assertion; } - assertions = - PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.CONTENT_ENCRYPTED_ELEMENTS); - if (!assertions.isEmpty()) { - return assertions.iterator().next(); + assertion = + PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.CONTENT_ENCRYPTED_ELEMENTS); + if (assertion != null) { + return assertion; } return null; http://git-wip-us.apache.org/repos/asf/cxf/blob/afeb2ab0/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityInterceptorProvider.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityInterceptorProvider.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityInterceptorProvider.java index beb0a0d..065ca44 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityInterceptorProvider.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityInterceptorProvider.java @@ -39,7 +39,7 @@ public class WSSecurityInterceptorProvider extends AbstractPolicyInterceptorProv private static final long serialVersionUID = -6222118542914666817L; private static final Collection ASSERTION_TYPES; static { - ASSERTION_TYPES = new ArrayList(); + ASSERTION_TYPES = new ArrayList<>(); ASSERTION_TYPES.add(SP12Constants.TRANSPORT_BINDING); ASSERTION_TYPES.add(SP12Constants.ASYMMETRIC_BINDING); http://git-wip-us.apache.org/repos/asf/cxf/blob/afeb2ab0/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java index 1f869ea..b85008b 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java @@ -35,7 +35,7 @@ public class WSSecurityPolicyInterceptorProvider extends AbstractPolicyIntercept private static final long serialVersionUID = 2092269997296804632L; private static final Collection ASSERTION_TYPES; static { - ASSERTION_TYPES = new ArrayList(); + ASSERTION_TYPES = new ArrayList<>(); ASSERTION_TYPES.add(SP12Constants.LAYOUT); ASSERTION_TYPES.add(SP12Constants.INCLUDE_TIMESTAMP); ASSERTION_TYPES.add(SP12Constants.ALGORITHM_SUITE); http://git-wip-us.apache.org/repos/asf/cxf/blob/afeb2ab0/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java index 7dff5d8..8bc0849 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java @@ -39,7 +39,6 @@ import org.apache.cxf.message.MessageUtils; import org.apache.cxf.phase.AbstractPhaseInterceptor; import org.apache.cxf.phase.Phase; import org.apache.cxf.phase.PhaseInterceptor; -import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.security.SecurityConstants; import org.apache.cxf.ws.security.policy.PolicyUtils; @@ -52,7 +51,6 @@ import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.dom.WSSConfig; import org.apache.wss4j.dom.handler.WSHandlerConstants; import org.apache.wss4j.dom.message.WSSecHeader; -import org.apache.wss4j.policy.SPConstants; import org.apache.wss4j.policy.model.AbstractBinding; import org.apache.wss4j.policy.model.AsymmetricBinding; import org.apache.wss4j.policy.model.SymmetricBinding; @@ -130,7 +128,7 @@ public class PolicyBasedWSS4JOutInterceptor extends AbstractPhaseInterceptor getAfter() { return Collections.emptySet(); }