cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/2] cxf git commit: Introducing new security constants to be shared between SOAP + REST code
Date Tue, 14 Apr 2015 13:42:43 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 5f5db6440 -> 5faf18226


http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
index 345e237..34d7cb1 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
@@ -151,7 +151,7 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor
{
     private SecurityContext createSecurityContext(Message msg,
                                                   SamlAssertionWrapper samlAssertion) {
         String roleAttributeName = 
-            (String)msg.getContextualProperty(SecurityConstants.SAML_ROLE_ATTRIBUTENAME);
+            (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_ROLE_ATTRIBUTENAME,
msg);
         if (roleAttributeName == null || roleAttributeName.length() == 0) {
             roleAttributeName = WSS4JInInterceptor.SAML_ROLE_ATTRIBUTENAME_DEFAULT;
         }
@@ -198,7 +198,7 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor
{
         WSDocInfo wsDocInfo = new WSDocInfo(tokenElement.getOwnerDocument());
         
         RequestData data = new CXFRequestData();
-        Object o = message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
+        Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER,
message);
         try {
             data.setCallbackHandler(SecurityUtils.getCallbackHandler(o));
         } catch (Exception ex) {
@@ -389,7 +389,8 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor
{
 
 
     protected WSSecUsernameToken addUsernameToken(SoapMessage message, UsernameToken token)
{
-        String userName = (String)message.getContextualProperty(SecurityConstants.USERNAME);
+        String userName = 
+            (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message);
         WSSConfig wssConfig = (WSSConfig)message.getContextualProperty(WSSConfig.class.getName());
         if (wssConfig == null) {
             wssConfig = WSSConfig.getNewInstance();
@@ -406,7 +407,8 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor
{
                 return utBuilder;
             }
             
-            String password = (String)message.getContextualProperty(SecurityConstants.PASSWORD);
+            String password = 
+                (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.PASSWORD,
message);
             if (StringUtils.isEmpty(password)) {
                 password = getPassword(userName, token, WSPasswordCallback.USERNAME_TOKEN,
message);
             }

http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
index 111c93f..bed0c11 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
@@ -265,7 +265,8 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
              *isn't available
              */
             boolean enableRevocation = reqData.isRevocationEnabled() 
-                || MessageUtils.isTrue(msg.getContextualProperty(SecurityConstants.ENABLE_REVOCATION));
+                || MessageUtils.isTrue(SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENABLE_REVOCATION,
+                                       msg));
             reqData.setEnableRevocation(enableRevocation);
             
             Element soapBody = SAAJUtils.getBody(doc);
@@ -337,10 +338,12 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
     
     private void configureAudienceRestriction(SoapMessage msg, RequestData reqData) {
         // Add Audience Restrictions for SAML
-        boolean enableAudienceRestriction = 
-            MessageUtils.getContextualBoolean(msg, 
-                                              SecurityConstants.AUDIENCE_RESTRICTION_VALIDATION,

-                                              true);
+        boolean enableAudienceRestriction = true;
+        String audRestrValStr = 
+            (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.AUDIENCE_RESTRICTION_VALIDATION,
msg);
+        if (audRestrValStr != null) {
+            enableAudienceRestriction = Boolean.parseBoolean(audRestrValStr);
+        }
         if (enableAudienceRestriction) {
             List<String> audiences = new ArrayList<>();
             if (msg.getContextualProperty(org.apache.cxf.message.Message.REQUEST_URL) !=
null) {
@@ -395,11 +398,13 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
         // Try to get Crypto Provider from message context properties. 
         // It gives a possibility to use external Crypto Provider 
         //
-        Crypto encCrypto = (Crypto)msg.getContextualProperty(SecurityConstants.ENCRYPT_CRYPTO);
+        Crypto encCrypto = 
+            (Crypto)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_CRYPTO,
msg);
         if (encCrypto != null) {
             reqData.setDecCrypto(encCrypto);
         }
-        Crypto sigCrypto = (Crypto)msg.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
+        Crypto sigCrypto = 
+            (Crypto)SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_CRYPTO,
msg);
         if (sigCrypto != null) {
             reqData.setSigVerCrypto(sigCrypto);
         }
@@ -503,9 +508,17 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
         }
         results.add(0, wsResult);
         
-        Boolean allowUnsignedSamlPrincipals = 
-                MessageUtils.getContextualBoolean(msg, 
-                        SecurityConstants.ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL, false);
+        String allowUnsigned = 
+            (String)SecurityUtils.getSecurityPropertyValue(
+                SecurityConstants.ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL, msg
+            );
+        boolean allowUnsignedSamlPrincipals = Boolean.parseBoolean(allowUnsigned);
+        boolean useJAASSubject = true; 
+        String useJAASSubjectStr = 
+            (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.SC_FROM_JAAS_SUBJECT,
msg);
+        if (useJAASSubjectStr != null) {
+            useJAASSubject = Boolean.parseBoolean(useJAASSubjectStr);
+        }
         
         for (int i = wsResult.getResults().size() - 1; i >= 0; i--) {
             WSSecurityEngineResult o = wsResult.getResults().get(i);
@@ -513,8 +526,6 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
             Integer action = (Integer)o.get(WSSecurityEngineResult.TAG_ACTION);
             final Principal p = (Principal)o.get(WSSecurityEngineResult.TAG_PRINCIPAL);
             final Subject subject = (Subject)o.get(WSSecurityEngineResult.TAG_SUBJECT);
-            final boolean useJAASSubject = MessageUtils
-                .getContextualBoolean(msg, SecurityConstants.SC_FROM_JAAS_SUBJECT, true);
             final Object binarySecurity = o.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
             
             final boolean isValidSamlToken = action == WSConstants.ST_SIGNED 
@@ -577,8 +588,8 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
             }
             
             if (receivedAssertion instanceof SamlAssertionWrapper) {
-                String roleAttributeName = (String)msg.getContextualProperty(
-                        SecurityConstants.SAML_ROLE_ATTRIBUTENAME);
+                String roleAttributeName = (String)SecurityUtils.getSecurityPropertyValue(
+                        SecurityConstants.SAML_ROLE_ATTRIBUTENAME, msg);
                 if (roleAttributeName == null || roleAttributeName.length() == 0) {
                     roleAttributeName = SAML_ROLE_ATTRIBUTENAME_DEFAULT;
                 }
@@ -656,8 +667,9 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
     }
     
     protected CallbackHandler getCallback(RequestData reqData) throws WSSecurityException
{
-        Object o = ((SoapMessage)reqData.getMsgContext())
-            .getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
+        Object o = 
+            SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, 
+                                                   (SoapMessage)reqData.getMsgContext());
         CallbackHandler cbHandler = null;
         try {
             cbHandler = SecurityUtils.getCallbackHandler(o);

http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
index dc9289f..dbfd391 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
@@ -39,6 +39,7 @@ import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.interceptor.StaxInInterceptor;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.phase.Phase;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
 import org.apache.wss4j.common.ConfigurationConstants;
@@ -245,7 +246,7 @@ public class WSS4JStaxInInterceptor extends AbstractWSS4JStaxInterceptor
{
         }
         
         boolean enableRevocation = 
-            MessageUtils.isTrue(msg.getContextualProperty(SecurityConstants.ENABLE_REVOCATION));
+            MessageUtils.isTrue(SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENABLE_REVOCATION,
msg));
         securityProperties.setEnableRevocation(enableRevocation);
         
         // Crypto loading only applies for Map
@@ -293,10 +294,12 @@ public class WSS4JStaxInInterceptor extends AbstractWSS4JStaxInterceptor
{
     
     private void configureAudienceRestriction(SoapMessage msg, WSSSecurityProperties securityProperties)
{
         // Add Audience Restrictions for SAML
-        boolean enableAudienceRestriction = 
-            MessageUtils.getContextualBoolean(msg, 
-                                              SecurityConstants.AUDIENCE_RESTRICTION_VALIDATION,

-                                              true);
+        boolean enableAudienceRestriction = true;
+        String audRestrStr = 
+            (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.AUDIENCE_RESTRICTION_VALIDATION,
msg);
+        if (audRestrStr != null) {
+            enableAudienceRestriction = Boolean.parseBoolean(audRestrStr);
+        }
         if (enableAudienceRestriction) {
             List<String> audiences = new ArrayList<String>();
             if (msg.getContextualProperty(org.apache.cxf.message.Message.REQUEST_URL) !=
null) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
index 2de2d57..0de353f 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
@@ -39,6 +39,7 @@ import org.apache.cxf.message.Exchange;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.phase.AbstractPhaseInterceptor;
 import org.apache.cxf.phase.Phase;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.wss4j.common.ConfigurationConstants;
 import org.apache.wss4j.common.WSSPolicyException;
@@ -210,15 +211,17 @@ public class WSS4JStaxOutInterceptor extends AbstractWSS4JStaxInterceptor
{
         SoapMessage msg, OutboundSecurityContext outboundSecurityContext,
         WSSSecurityProperties securityProperties
     ) throws WSSecurityException {
-        String user = (String)msg.getContextualProperty(SecurityConstants.USERNAME);
+        String user = (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME,
msg);
         if (user != null) {
             securityProperties.setTokenUser(user);
         }
-        String sigUser = (String)msg.getContextualProperty(SecurityConstants.SIGNATURE_USERNAME);
+        String sigUser = 
+            (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_USERNAME,
msg);
         if (sigUser != null) {
             securityProperties.setSignatureUser(sigUser);
         }
-        String encUser = (String)msg.getContextualProperty(SecurityConstants.ENCRYPT_USERNAME);
+        String encUser = 
+            (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_USERNAME,
msg);
         if (encUser != null) {
             securityProperties.setEncryptionUser(encUser);
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index 3a2e995..bb4aa46 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -726,7 +726,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
             return null;
         }
         
-        String userName = (String)message.getContextualProperty(SecurityConstants.USERNAME);
+        String userName = (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME,
message);
         if (!StringUtils.isEmpty(userName)) {
             WSSecUsernameToken utBuilder = new WSSecUsernameToken();
             utBuilder.setIdAllocator(wssConfig.getIdAllocator());
@@ -737,7 +737,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
                 utBuilder.setUserInfo(userName, null);
                 utBuilder.setPasswordType(null);
             } else {
-                String password = (String)message.getContextualProperty(SecurityConstants.PASSWORD);
+                String password = 
+                    (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.PASSWORD,
message);
                 if (StringUtils.isEmpty(password)) {
                     password = getPassword(userName, token, WSPasswordCallback.USERNAME_TOKEN);
                 }
@@ -776,13 +777,14 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
             return null;
         }
         
-        String userName = (String)message.getContextualProperty(SecurityConstants.USERNAME);
+        String userName = (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME,
message);
         if (!StringUtils.isEmpty(userName)) {
             WSSecUsernameToken utBuilder = new WSSecUsernameToken();
             utBuilder.setIdAllocator(wssConfig.getIdAllocator());
             utBuilder.setWsTimeSource(wssConfig.getCurrentTime());
             
-            String password = (String)message.getContextualProperty(SecurityConstants.PASSWORD);
+            String password = 
+                (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.PASSWORD,
message);
             if (StringUtils.isEmpty(password)) {
                 password = getPassword(userName, token, WSPasswordCallback.USERNAME_TOKEN);
             }
@@ -813,7 +815,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         //
         // Get the SAML CallbackHandler
         //
-        Object o = message.getContextualProperty(SecurityConstants.SAML_CALLBACK_HANDLER);
+        Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_CALLBACK_HANDLER,
message);
     
         if (o == null) {
             SecurityToken securityToken = getSecurityToken();
@@ -855,7 +857,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
             String issuerName = samlCallback.getIssuerKeyName();
             if (issuerName == null) {
                 String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
-                issuerName = (String)message.getContextualProperty(userNameKey);
+                issuerName = (String)SecurityUtils.getSecurityPropertyValue(userNameKey,
message);
             }
             String password = samlCallback.getIssuerKeyPassword();
             if (password == null) {
@@ -918,7 +920,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
     
     public String getPassword(String userName, Assertion info, int usage) {
         //Then try to get the password from the given callback handler
-        Object o = message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
+        Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER,
message);
         CallbackHandler handler = null;
         try {
             handler = SecurityUtils.getCallbackHandler(o);
@@ -1397,7 +1399,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
 
     private X509Certificate getEncryptCert(Crypto crypto, String encrUser) throws WSSecurityException
{
         // Check for prepared encryption certificate
-        X509Certificate encrCert = (X509Certificate)message.getContextualProperty(SecurityConstants.ENCRYPT_CERT);
+        X509Certificate encrCert = 
+            (X509Certificate)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_CERT,
message);
         if (encrCert != null) {
             return encrCert;
         }
@@ -1420,11 +1423,16 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
     public Crypto getEncryptionCrypto(AbstractTokenWrapper wrapper) throws WSSecurityException
{
         Crypto crypto = getCrypto(wrapper, SecurityConstants.ENCRYPT_CRYPTO,
                                   SecurityConstants.ENCRYPT_PROPERTIES);
-        boolean enableRevocation = MessageUtils.isTrue(
-                                       message.getContextualProperty(SecurityConstants.ENABLE_REVOCATION));
+        boolean enableRevocation = false;
+        String enableRevStr = 
+            (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENABLE_REVOCATION,
message);
+        if (enableRevStr != null) {
+            enableRevocation = Boolean.parseBoolean(enableRevStr);
+        }
         if (enableRevocation && crypto != null) {
             CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
-            String encrUser = (String)message.getContextualProperty(SecurityConstants.ENCRYPT_USERNAME);
+            String encrUser = 
+                (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_USERNAME,
message);
             if (encrUser == null) {
                 try {
                     encrUser = crypto.getDefaultX509Identifier();
@@ -1447,12 +1455,12 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         String cryptoKey, 
         String propKey
     ) throws WSSecurityException {
-        Crypto crypto = (Crypto)message.getContextualProperty(cryptoKey);
+        Crypto crypto = (Crypto)SecurityUtils.getSecurityPropertyValue(cryptoKey, message);
         if (crypto != null) {
             return crypto;
         }
         
-        Object o = message.getContextualProperty(propKey);
+        Object o = SecurityUtils.getSecurityPropertyValue(propKey, message);
         if (o == null) {
             return null;
         }
@@ -1483,7 +1491,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
             return passwordEncryptor;
         }
         
-        Object o = message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
+        Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER,
message);
         try {
             CallbackHandler callbackHandler = SecurityUtils.getCallbackHandler(o);
             if (callbackHandler != null) {
@@ -1547,15 +1555,16 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
     public String setEncryptionUser(WSSecEncryptedKey encrKeyBuilder, AbstractTokenWrapper
token,
                                   boolean sign, Crypto crypto) {
         // Check for prepared certificate property
-        X509Certificate encrCert = (X509Certificate)message.getContextualProperty(SecurityConstants.ENCRYPT_CERT);
+        X509Certificate encrCert = 
+            (X509Certificate)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_CERT,
message);
         if (encrCert != null) {
             encrKeyBuilder.setUseThisCert(encrCert);
             return null;
         }
         
-        String encrUser = (String)message.getContextualProperty(sign 
-                                                                ? SecurityConstants.SIGNATURE_USERNAME
-                                                                : SecurityConstants.ENCRYPT_USERNAME);
+        String key = sign ? SecurityConstants.SIGNATURE_USERNAME : SecurityConstants.ENCRYPT_USERNAME;
+        String encrUser = (String)SecurityUtils.getSecurityPropertyValue(key, message);
+        
         if (crypto != null && (encrUser == null || "".equals(encrUser))) {
             try {
                 encrUser = crypto.getDefaultX509Identifier();
@@ -1767,7 +1776,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         if (!endorse) {
             message.getExchange().put(SecurityConstants.SIGNATURE_CRYPTO, crypto);
         }
-        String user = (String)message.getContextualProperty(userNameKey);
+        String user = (String)SecurityUtils.getSecurityPropertyValue(userNameKey, message);
         if (StringUtils.isEmpty(user)) {
             if (crypto != null) {
                 try {

http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
index 1c4d3c2..9483fff 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
@@ -162,10 +162,11 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa
         
         // Check if a CallbackHandler was specified
         if (properties.getCallbackHandler() == null) {
-            String password = (String)message.getContextualProperty(SecurityConstants.PASSWORD);
+            String password = 
+                (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.PASSWORD,
message);
             if (password != null) {
                 String username = 
-                    (String)message.getContextualProperty(SecurityConstants.USERNAME);
+                    (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME,
message);
                 UTCallbackHandler callbackHandler = new UTCallbackHandler(username, password);
                 properties.setCallbackHandler(callbackHandler);
             }
@@ -285,7 +286,7 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa
         //
         // Get the SAML CallbackHandler
         //
-        Object o = message.getContextualProperty(SecurityConstants.SAML_CALLBACK_HANDLER);
+        Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_CALLBACK_HANDLER,
message);
         try {
             CallbackHandler handler = SecurityUtils.getCallbackHandler(o);
             if (handler == null) {
@@ -536,9 +537,9 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa
         }
         properties.setSignatureCanonicalizationAlgorithm(
                        binding.getAlgorithmSuite().getC14n().getValue());
-        String sigUser = (String)message.getContextualProperty(userNameKey);
+        String sigUser = (String)SecurityUtils.getSecurityPropertyValue(userNameKey, message);
         if (sigUser == null) {
-            sigUser = (String)message.getContextualProperty(SecurityConstants.USERNAME);
+            sigUser = (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME,
message);
         }
         if (sigUser != null && properties.getSignatureUser() == null) {
             properties.setSignatureUser(sigUser);

http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
index f610239..43af2fb 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
@@ -30,6 +30,7 @@ import javax.xml.soap.SOAPException;
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
@@ -377,9 +378,10 @@ public class StaxAsymmetricBindingHandler extends AbstractStaxBindingHandler
{
             properties.setEncryptionSymAlgorithm(
                        algorithmSuite.getAlgorithmSuiteType().getEncryption());
 
-            String encUser = (String)message.getContextualProperty(SecurityConstants.ENCRYPT_USERNAME);
+            String encUser = 
+                (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_USERNAME,
message);
             if (encUser == null) {
-                encUser = (String)message.getContextualProperty(SecurityConstants.USERNAME);
+                encUser = (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME,
message);
             }
             if (encUser != null && properties.getEncryptionUser() == null) {
                 properties.setEncryptionUser(encUser);

http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
index b4dce04..39c60e3 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
@@ -32,6 +32,7 @@ import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.message.MessageUtils;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
@@ -470,9 +471,10 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler
{
             properties.setEncryptionSymAlgorithm(
                        algorithmSuite.getAlgorithmSuiteType().getEncryption());
 
-            String encUser = (String)message.getContextualProperty(SecurityConstants.ENCRYPT_USERNAME);
+            String encUser = 
+                (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_USERNAME,
message);
             if (encUser == null) {
-                encUser = (String)message.getContextualProperty(SecurityConstants.USERNAME);
+                encUser = (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME,
message);
             }
             if (encUser != null && properties.getEncryptionUser() == null) {
                 properties.setEncryptionUser(encUser);

http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
index 8423500..6d7f9ac 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
@@ -31,9 +31,9 @@ import javax.xml.soap.SOAPMessage;
 
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
-
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
@@ -566,7 +566,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
             String uname = crypto.getX509Identifier(secTok.getX509Certificate());
             if (uname == null) {
                 String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
-                uname = (String)message.getContextualProperty(userNameKey);
+                uname = (String)SecurityUtils.getSecurityPropertyValue(userNameKey, message);
             }
             String password = getPassword(uname, token, WSPasswordCallback.SIGNATURE);
             if (password == null) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/provider/CryptoProviderUtils.java
----------------------------------------------------------------------
diff --git a/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/provider/CryptoProviderUtils.java
b/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/provider/CryptoProviderUtils.java
index 6d46d08..d855d2e 100644
--- a/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/provider/CryptoProviderUtils.java
+++ b/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/provider/CryptoProviderUtils.java
@@ -35,7 +35,7 @@ final class CryptoProviderUtils {
     }
 
     public static Properties loadKeystoreProperties(Message message, String propKey) {
-        Object o = message.getContextualProperty(propKey);
+        Object o = SecurityUtils.getSecurityPropertyValue(propKey, message);
         if (o == null) {
             throw new CryptoProviderException("Keystore properties path is not defined");
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlCallbackHandler.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlCallbackHandler.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlCallbackHandler.java
index d178cb7..d9168c2 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlCallbackHandler.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlCallbackHandler.java
@@ -34,8 +34,8 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.phase.PhaseInterceptorChain;
 import org.apache.cxf.rs.security.common.CryptoLoader;
 import org.apache.cxf.rs.security.common.SecurityUtils;
+import org.apache.cxf.rt.security.SecurityConstants;
 import org.apache.cxf.rt.security.saml.claims.SAMLClaim;
-import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.saml.SAMLCallback;
 import org.apache.wss4j.common.saml.bean.ActionBean;


Mime
View raw message