cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: [CXF-6334] - Add the ability to plug in custom security policy validators for various assertions
Date Wed, 08 Apr 2015 12:30:54 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 581964426 -> 9fce658c4


[CXF-6334] - Add the ability to plug in custom security policy validators for various assertions


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9fce658c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9fce658c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9fce658c

Branch: refs/heads/master
Commit: 9fce658c4611f790983a3d5cef7312eec8771461
Parents: 5819644
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Apr 8 13:27:58 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Apr 8 13:30:47 2015 +0100

----------------------------------------------------------------------
 .../cxf/ws/security/SecurityConstants.java      |  10 +-
 .../cxf/ws/security/policy/PolicyUtils.java     | 106 +++++++++++++++
 .../IssuedTokenInterceptorProvider.java         |  10 +-
 .../KerberosTokenInterceptorProvider.java       |  10 +-
 .../wss4j/PolicyBasedWSS4JInInterceptor.java    | 128 ++-----------------
 .../wss4j/AbstractPolicySecurityTest.java       |   2 +-
 6 files changed, 139 insertions(+), 127 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/9fce658c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
index 0516853..805d69e 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
@@ -434,6 +434,14 @@ public final class SecurityConstants {
      */
     public static final String SCT_TOKEN_VALIDATOR = "ws-security.sct.validator";
     
+    /**
+     * This refers to a Map of QName, SecurityPolicyValidator, which retrieves a SecurityPolicyValidator
+     * implementation to validate a particular security policy, based on the QName of the
policy. Any
+     * SecurityPolicyValidator implementation defined in this map will override the default
value
+     * used internally for the corresponding QName.
+     */
+    public static final String POLICY_VALIDATOR_MAP = "ws-security.policy.validator.map";
+    
     //
     // STS Client Configuration tags
     //
@@ -651,7 +659,7 @@ public final class SecurityConstants {
             DELEGATED_CREDENTIAL, KERBEROS_USE_CREDENTIAL_DELEGATION, 
             KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM, STS_TOKEN_IMMINENT_EXPIRY_VALUE,
             KERBEROS_REQUEST_CREDENTIAL_DELEGATION, ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL,
-            AUDIENCE_RESTRICTION_VALIDATION
+            AUDIENCE_RESTRICTION_VALIDATION, POLICY_VALIDATOR_MAP
         }));
         ALL_PROPERTIES = Collections.unmodifiableSet(s);
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/9fce658c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/PolicyUtils.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/PolicyUtils.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/PolicyUtils.java
index 48a1e61..95a2f6b 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/PolicyUtils.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/PolicyUtils.java
@@ -20,12 +20,38 @@ package org.apache.cxf.ws.security.policy;
 
 import java.util.Collection;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.HashSet;
+import java.util.Map;
 
 import javax.xml.namespace.QName;
 
+import org.apache.cxf.helpers.CastUtils;
+import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.wss4j.policyvalidators.AlgorithmSuitePolicyValidator;
+import org.apache.cxf.ws.security.wss4j.policyvalidators.AsymmetricBindingPolicyValidator;
+import org.apache.cxf.ws.security.wss4j.policyvalidators.ConcreteSupportingTokenPolicyValidator;
+import org.apache.cxf.ws.security.wss4j.policyvalidators.EncryptedTokenPolicyValidator;
+import org.apache.cxf.ws.security.wss4j.policyvalidators.EndorsingEncryptedTokenPolicyValidator;
+import org.apache.cxf.ws.security.wss4j.policyvalidators.EndorsingTokenPolicyValidator;
+import org.apache.cxf.ws.security.wss4j.policyvalidators.IssuedTokenPolicyValidator;
+import org.apache.cxf.ws.security.wss4j.policyvalidators.KerberosTokenPolicyValidator;
+import org.apache.cxf.ws.security.wss4j.policyvalidators.LayoutPolicyValidator;
+import org.apache.cxf.ws.security.wss4j.policyvalidators.SamlTokenPolicyValidator;
+import org.apache.cxf.ws.security.wss4j.policyvalidators.SecurityContextTokenPolicyValidator;
+import org.apache.cxf.ws.security.wss4j.policyvalidators.SecurityPolicyValidator;
+import org.apache.cxf.ws.security.wss4j.policyvalidators.SignedEncryptedTokenPolicyValidator;
+import org.apache.cxf.ws.security.wss4j.policyvalidators.SignedEndorsingEncryptedTokenPolicyValidator;
+import org.apache.cxf.ws.security.wss4j.policyvalidators.SignedEndorsingTokenPolicyValidator;
+import org.apache.cxf.ws.security.wss4j.policyvalidators.SignedTokenPolicyValidator;
+import org.apache.cxf.ws.security.wss4j.policyvalidators.SymmetricBindingPolicyValidator;
+import org.apache.cxf.ws.security.wss4j.policyvalidators.TransportBindingPolicyValidator;
+import org.apache.cxf.ws.security.wss4j.policyvalidators.UsernameTokenPolicyValidator;
+import org.apache.cxf.ws.security.wss4j.policyvalidators.WSS11PolicyValidator;
+import org.apache.cxf.ws.security.wss4j.policyvalidators.X509TokenPolicyValidator;
 import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.SPConstants;
@@ -36,6 +62,74 @@ import org.apache.wss4j.policy.model.AbstractBinding;
  */
 public final class PolicyUtils {
     
+    // The default security policy validators
+    private static final Map<QName, SecurityPolicyValidator> DEFAULT_SECURITY_POLICY_VALIDATORS
=
+        new HashMap<>();
+    
+    static {
+        // Tokens
+        SecurityPolicyValidator validator = new X509TokenPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.X509_TOKEN, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.X509_TOKEN, validator);
+        validator = new UsernameTokenPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.USERNAME_TOKEN, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.USERNAME_TOKEN, validator);
+        validator = new SamlTokenPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.SAML_TOKEN, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.SAML_TOKEN, validator);
+        validator = new SecurityContextTokenPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.SECURITY_CONTEXT_TOKEN, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.SECURITY_CONTEXT_TOKEN, validator);
+        validator = new WSS11PolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.WSS11, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.WSS11, validator);
+        validator = new IssuedTokenPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.ISSUED_TOKEN, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.ISSUED_TOKEN, validator);
+        validator = new KerberosTokenPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.KERBEROS_TOKEN, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.KERBEROS_TOKEN, validator);
+        
+        // Bindings
+        validator = new TransportBindingPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.TRANSPORT_BINDING, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.TRANSPORT_BINDING, validator);
+        validator = new SymmetricBindingPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.SYMMETRIC_BINDING, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.SYMMETRIC_BINDING, validator);
+        validator = new AsymmetricBindingPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.ASYMMETRIC_BINDING, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.ASYMMETRIC_BINDING, validator);
+        validator = new AlgorithmSuitePolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.ALGORITHM_SUITE, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.ALGORITHM_SUITE, validator);
+        validator = new LayoutPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.LAYOUT, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.LAYOUT, validator);
+        
+        // Supporting Tokens
+        validator = new ConcreteSupportingTokenPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.SUPPORTING_TOKENS, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.SUPPORTING_TOKENS, validator);
+        validator = new SignedTokenPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.SIGNED_SUPPORTING_TOKENS, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.SIGNED_SUPPORTING_TOKENS, validator);
+        validator = new EndorsingTokenPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.ENDORSING_SUPPORTING_TOKENS,
validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.ENDORSING_SUPPORTING_TOKENS,
validator);
+        validator = new SignedEndorsingTokenPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS,
validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS,
validator);
+        validator = new EncryptedTokenPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.ENCRYPTED_SUPPORTING_TOKENS,
validator);
+        validator = new SignedEncryptedTokenPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS,
validator);
+        validator = new EndorsingEncryptedTokenPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS,
validator);
+        validator = new SignedEndorsingEncryptedTokenPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS,
validator);
+    }
+    
     private PolicyUtils() {
         // complete
     }
@@ -130,4 +224,16 @@ public final class PolicyUtils {
         return null;
     }
 
+    public static Map<QName, SecurityPolicyValidator> getSecurityPolicyValidators(Message
message) {
+        Map<QName, SecurityPolicyValidator> mapToReturn = new HashMap<>(DEFAULT_SECURITY_POLICY_VALIDATORS);

+        Map<QName, SecurityPolicyValidator> policyMap = 
+            CastUtils.cast((Map<?, ?>)message.getContextualProperty(SecurityConstants.POLICY_VALIDATOR_MAP));
+        
+        // Allow overriding the default policies
+        if (policyMap != null && !policyMap.isEmpty()) {
+            mapToReturn.putAll(policyMap);
+        }
+        
+        return mapToReturn;
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/9fce658c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
index dd14252..c129c2f 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
@@ -23,6 +23,7 @@ import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.List;
+import java.util.Map;
 
 import javax.xml.namespace.QName;
 
@@ -42,7 +43,6 @@ import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor;
 import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JStaxInInterceptor;
 import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JStaxOutInterceptor;
 import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.IssuedTokenPolicyValidator;
 import org.apache.cxf.ws.security.wss4j.policyvalidators.PolicyValidatorParameters;
 import org.apache.cxf.ws.security.wss4j.policyvalidators.SecurityPolicyValidator;
 import org.apache.wss4j.dom.WSConstants;
@@ -190,8 +190,12 @@ public class IssuedTokenInterceptorProvider extends AbstractPolicyInterceptorPro
             }
             parameters.setSamlResults(samlResults);
             
-            SecurityPolicyValidator issuedValidator = new IssuedTokenPolicyValidator();
-            issuedValidator.validatePolicies(parameters, issuedAis);
+            QName qName = issuedAis.iterator().next().getAssertion().getName();
+            Map<QName, SecurityPolicyValidator> validators = 
+                PolicyUtils.getSecurityPolicyValidators(message);
+            if (validators.containsKey(qName)) {
+                validators.get(qName).validatePolicies(parameters, issuedAis);
+            }
         }
         
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/9fce658c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
index 7d3bc51..79611a5 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
@@ -27,6 +27,7 @@ import java.util.Map;
 import java.util.logging.Logger;
 
 import javax.crypto.SecretKey;
+import javax.xml.namespace.QName;
 
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.endpoint.Endpoint;
@@ -51,7 +52,6 @@ import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JStaxInInterceptor;
 import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JStaxOutInterceptor;
 import org.apache.cxf.ws.security.wss4j.StaxSecurityContextInInterceptor;
 import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.KerberosTokenPolicyValidator;
 import org.apache.cxf.ws.security.wss4j.policyvalidators.PolicyValidatorParameters;
 import org.apache.cxf.ws.security.wss4j.policyvalidators.SecurityPolicyValidator;
 import org.apache.wss4j.common.ext.WSSecurityException;
@@ -198,8 +198,12 @@ public class KerberosTokenInterceptorProvider extends AbstractPolicyInterceptorP
             parameters.setMessage(message);
             parameters.setResults(rResult);
             
-            SecurityPolicyValidator kerberosValidator = new KerberosTokenPolicyValidator();
-            kerberosValidator.validatePolicies(parameters, ais);
+            QName qName = ais.iterator().next().getAssertion().getName();
+            Map<QName, SecurityPolicyValidator> validators = 
+                PolicyUtils.getSecurityPolicyValidators(message);
+            if (validators.containsKey(qName)) {
+                validators.get(qName).validatePolicies(parameters, ais);
+            }
         }
         
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/9fce658c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
index ad65a3c..833c8f9 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
@@ -38,6 +38,7 @@ import javax.xml.xpath.XPathFactory;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
+
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.helpers.CastUtils;
@@ -52,26 +53,8 @@ import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageScope;
 import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageType;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.AlgorithmSuitePolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.AsymmetricBindingPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.ConcreteSupportingTokenPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.EncryptedTokenPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.EndorsingEncryptedTokenPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.EndorsingTokenPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.LayoutPolicyValidator;
 import org.apache.cxf.ws.security.wss4j.policyvalidators.PolicyValidatorParameters;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.SamlTokenPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.SecurityContextTokenPolicyValidator;
 import org.apache.cxf.ws.security.wss4j.policyvalidators.SecurityPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.SignedEncryptedTokenPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.SignedEndorsingEncryptedTokenPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.SignedEndorsingTokenPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.SignedTokenPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.SymmetricBindingPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.TransportBindingPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.UsernameTokenPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.WSS11PolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.X509TokenPolicyValidator;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.PasswordEncryptor;
 import org.apache.wss4j.common.ext.WSSecurityException;
@@ -684,9 +667,14 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor
{
         }
         parameters.setTimestampElement(timestamp);
         
-        checkTokenCoverage(parameters);
-        checkBindingCoverage(parameters);
-        checkSupportingTokenCoverage(parameters);
+        // Validate security policies
+        Map<QName, SecurityPolicyValidator> validators = PolicyUtils.getSecurityPolicyValidators(msg);
+        for (QName qName : aim.keySet()) {
+            // Check to see if we have a security policy + if we can validate it
+            if (validators.containsKey(qName)) {
+                validators.get(qName).validatePolicies(parameters, aim.get(qName));
+            }
+        }
         
         super.doResults(msg, actor, soapHeader, soapBody, results, utWithCallbacks);
     }
@@ -735,104 +723,6 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor
{
         return check;
     }
     
-    /**
-     * Check the token coverage
-     */
-    private void checkTokenCoverage(PolicyValidatorParameters parameters) {
-        
-        AssertionInfoMap aim = parameters.getAssertionInfoMap();
-        
-        Collection<AssertionInfo> ais = 
-            PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.X509_TOKEN);
-        SecurityPolicyValidator x509Validator = new X509TokenPolicyValidator();
-        x509Validator.validatePolicies(parameters, ais);
-        
-        ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN);
-        SecurityPolicyValidator utValidator = new UsernameTokenPolicyValidator();
-        utValidator.validatePolicies(parameters, ais);
-        
-        ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SAML_TOKEN);
-        SecurityPolicyValidator samlValidator = new SamlTokenPolicyValidator();
-        samlValidator.validatePolicies(parameters, ais);
-        
-        ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SECURITY_CONTEXT_TOKEN);
-        SecurityPolicyValidator sctValidator = new SecurityContextTokenPolicyValidator();
-        sctValidator.validatePolicies(parameters, ais);
-        
-        ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.WSS11);
-        SecurityPolicyValidator wss11Validator = new WSS11PolicyValidator();
-        wss11Validator.validatePolicies(parameters, ais);
-    }
-    
-    /**
-     * Check the binding coverage
-     */
-    private void checkBindingCoverage(PolicyValidatorParameters parameters) {
-        AssertionInfoMap aim = parameters.getAssertionInfoMap();
-        
-        Collection<AssertionInfo> ais = 
-            PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
-        SecurityPolicyValidator transportValidator = new TransportBindingPolicyValidator();
-        transportValidator.validatePolicies(parameters, ais);
-            
-        ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
-        SecurityPolicyValidator symmetricValidator = new SymmetricBindingPolicyValidator();
-        symmetricValidator.validatePolicies(parameters, ais);
-
-        ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
-        SecurityPolicyValidator asymmetricValidator = new AsymmetricBindingPolicyValidator();
-        asymmetricValidator.validatePolicies(parameters, ais);
-        
-        // Check AlgorithmSuite + Layout that might not be tied to a binding
-        ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ALGORITHM_SUITE);
-        SecurityPolicyValidator algorithmSuiteValidator = new AlgorithmSuitePolicyValidator();
-        algorithmSuiteValidator.validatePolicies(parameters, ais);
-        
-        ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.LAYOUT);
-        LayoutPolicyValidator layoutValidator = new LayoutPolicyValidator();
-        layoutValidator.validatePolicies(parameters, ais);
-    }
-    
-    /**
-     * Check the supporting token coverage
-     */
-    private void checkSupportingTokenCoverage(PolicyValidatorParameters parameters) {
-        AssertionInfoMap aim = parameters.getAssertionInfoMap();
-        
-        Collection<AssertionInfo> ais = 
-            PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SUPPORTING_TOKENS);
-        SecurityPolicyValidator validator = new ConcreteSupportingTokenPolicyValidator();
-        validator.validatePolicies(parameters, ais);
-        
-        ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SIGNED_SUPPORTING_TOKENS);
-        validator = new SignedTokenPolicyValidator();
-        validator.validatePolicies(parameters, ais);
-        
-        ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ENDORSING_SUPPORTING_TOKENS);
-        validator = new EndorsingTokenPolicyValidator();
-        validator.validatePolicies(parameters, ais);
-        
-        ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
-        validator = new SignedEndorsingTokenPolicyValidator();
-        validator.validatePolicies(parameters, ais);
-        
-        ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
-        validator = new SignedEncryptedTokenPolicyValidator();
-        validator.validatePolicies(parameters, ais);
-        
-        ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ENCRYPTED_SUPPORTING_TOKENS);
-        validator = new EncryptedTokenPolicyValidator();
-        validator.validatePolicies(parameters, ais);
-        
-        ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
-        validator = new EndorsingEncryptedTokenPolicyValidator();
-        validator.validatePolicies(parameters, ais);
-
-        ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
-        validator = new SignedEndorsingEncryptedTokenPolicyValidator();
-        validator.validatePolicies(parameters, ais);
-    }
-    
     private boolean assertHeadersExists(AssertionInfoMap aim, SoapMessage msg, Node header)

         throws SOAPException {
         

http://git-wip-us.apache.org/repos/asf/cxf/blob/9fce658c/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractPolicySecurityTest.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractPolicySecurityTest.java
b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractPolicySecurityTest.java
index 45d7277..dba08ba 100644
--- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractPolicySecurityTest.java
+++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractPolicySecurityTest.java
@@ -226,7 +226,7 @@ public abstract class AbstractPolicySecurityTest extends AbstractSecurityTest
{
         }
     }
     
-    private void checkAssertion(AssertionInfoMap aim, 
+    protected void checkAssertion(AssertionInfoMap aim, 
                                 QName name,
                                 AssertionInfo inf,
                                 boolean asserted) {


Mime
View raw message