cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/6] cxf git commit: [CXF-6400] - Make ws-security.callback-handler optional for generating a WS-Security signature
Date Tue, 12 May 2015 15:40:14 GMT
[CXF-6400] - Make ws-security.callback-handler optional for generating a WS-Security signature

Conflicts:
	rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d665b002
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d665b002
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d665b002

Branch: refs/heads/3.0.x-fixes
Commit: d665b0029319d5ce6649cd196d715c064866de2b
Parents: 27596ba
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue May 12 11:33:05 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue May 12 16:32:08 2015 +0100

----------------------------------------------------------------------
 .../policyhandlers/AbstractBindingBuilder.java  | 27 +++++++++++++++++++-
 .../policyhandlers/TransportBindingHandler.java |  3 ---
 2 files changed, 26 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/d665b002/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index a1825b8..5dc29bb 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -916,11 +916,36 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         return id;
     }
     
-    public String getPassword(String userName, Assertion info, int usage) {
+    protected String getPassword(String userName, Assertion info, int usage) {
         //Then try to get the password from the given callback handler
+<<<<<<< HEAD
         CallbackHandler handler = getCallbackHandler();
         if (handler == null) {
             policyNotAsserted(info, "No callback handler and no password available");
+=======
+        Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER,
message);
+        CallbackHandler handler = null;
+        try {
+            handler = SecurityUtils.getCallbackHandler(o);
+            if (handler == null) {
+                // Don't unassert for signature as we might get the password from the crypto
properties
+                if (usage == WSPasswordCallback.SIGNATURE) {
+                    LOG.info("No CallbackHandler available to retrieve a password. We will
now try the crypto "
+                             + "properties file for a private password");
+                } else {
+                    unassertPolicy(info, "No callback handler and no password available");
+                }
+                return null;
+            }
+        } catch (Exception ex) {
+            // Don't unassert for signature as we might get the password from the crypto
properties
+            if (usage == WSPasswordCallback.SIGNATURE) {
+                LOG.info("No CallbackHandler available to retrieve a password. We will now
try the crypto "
+                         + "properties file for a private password");
+            } else {
+                unassertPolicy(info, "No callback handler and no password available");
+            }
+>>>>>>> a64265c... [CXF-6400] - Make ws-security.callback-handler optional
for generating a WS-Security signature
             return null;
         }
         

http://git-wip-us.apache.org/repos/asf/cxf/blob/d665b002/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
index 5594a6c..3dac911 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
@@ -570,9 +570,6 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
                 uname = (String)message.getContextualProperty(userNameKey);
             }
             String password = getPassword(uname, token, WSPasswordCallback.SIGNATURE);
-            if (password == null) {
-                password = "";
-            }
             sig.setUserInfo(uname, password);
             sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature());
         } else {


Mime
View raw message