cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/3] cxf git commit: [CXF-6468] - Secure Conversation Renew is missing Instance creation. Thanks to Freddy Exposito for the patch.
Date Mon, 22 Jun 2015 11:40:57 GMT
[CXF-6468] - Secure Conversation Renew is missing Instance creation. Thanks to Freddy Exposito
for the patch.

Conflicts:
	rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/cf433a2c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/cf433a2c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/cf433a2c

Branch: refs/heads/3.0.x-fixes
Commit: cf433a2c361977f90774cc559b984c5ba055fb48
Parents: fb39ed6
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Jun 22 11:46:04 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Jun 22 12:39:07 2015 +0100

----------------------------------------------------------------------
 .../policy/interceptors/STSInvoker.java         | 38 ++++++++++++++++++++
 .../SecureConversationInInterceptor.java        |  6 ++--
 2 files changed, 42 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/cf433a2c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
index a4ecd86..d607df9 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
@@ -44,6 +44,11 @@ import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.cxf.ws.security.trust.STSUtils;
+<<<<<<< HEAD
+=======
+import org.apache.wss4j.common.bsp.BSPEnforcer;
+import org.apache.wss4j.common.derivedKey.ConversationConstants;
+>>>>>>> 05383ff... [CXF-6468] - Secure Conversation Renew is missing
Instance creation. Thanks to Freddy Exposito for the patch.
 import org.apache.wss4j.common.derivedKey.P_SHA1;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.dom.WSConstants;
@@ -251,6 +256,39 @@ abstract class STSInvoker implements Invoker {
         return str.getElement();
     }
     
+    Element writeSecurityTokenReference(
+        W3CDOMStreamWriter writer,
+        String id,
+        String instance,
+        String refValueType
+    ) {
+        Reference ref = new Reference(writer.getDocument());
+        ref.setURI(id);
+        if (refValueType != null) {
+            ref.setValueType(refValueType);
+        }
+        SecurityTokenReference str = new SecurityTokenReference(writer.getDocument());
+        str.addWSSENamespace();
+        str.setReference(ref);
+        
+        if (instance != null) {
+            try {
+                Element firstChildElement = str.getFirstElement();
+                if (firstChildElement != null) {
+                    int version = NegotiationUtils.getWSCVersion(refValueType);
+                    String ns = ConversationConstants.getWSCNs(version);
+                    firstChildElement.setAttributeNS(ns, "wsc:" + ConversationConstants.INSTANCE_LN,
+                                                     instance);
+                }
+            } catch (WSSecurityException e) {
+                //just return without wsc:Instance
+            }
+        }
+
+        writer.getCurrentNode().appendChild(str.getElement());
+        return str.getElement();
+    }
+    
     void writeLifetime(
         W3CDOMStreamWriter writer,
         Date created,

http://git-wip-us.apache.org/repos/asf/cxf/blob/cf433a2c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
index 99a11b3..895d590 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
@@ -74,6 +74,7 @@ import org.apache.wss4j.policy.model.SecureConversationToken;
 import org.apache.wss4j.policy.model.SignedParts;
 import org.apache.wss4j.policy.model.Trust10;
 import org.apache.wss4j.policy.model.Trust13;
+import org.apache.xml.security.stax.impl.util.IDGenerator;
 import org.apache.xml.security.utils.Base64;
 
 class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessage>
{
@@ -376,9 +377,10 @@ class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessa
             if (tokenIdToRenew != null) {
                 ((TokenStore)exchange.get(Endpoint.class).getEndpointInfo()
                     .getProperty(TokenStore.class.getName())).remove(tokenIdToRenew);
+                String instance = IDGenerator.generateID(null);
                 sct = new SecurityContextToken(
                         NegotiationUtils.getWSCVersion(tokenType), writer.getDocument(),
-                        tokenIdToRenew);
+                        tokenIdToRenew, instance);
                 sct.setID(WSSConfig.getNewInstance().getIdAllocator()
                         .createSecureId("sctId-", sct.getElement()));
             } else {
@@ -405,7 +407,7 @@ class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessa
 
             writer.writeStartElement(prefix, "RequestedUnattachedReference", namespace);
             token.setUnattachedReference(
-                writeSecurityTokenReference(writer, sct.getIdentifier(), tokenType)
+                writeSecurityTokenReference(writer, sct.getIdentifier(), sct.getInstance(),
tokenType)
             );
             writer.writeEndElement();
 


Mime
View raw message