cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: [CXF-6468] - Secure Conversation Renew is missing Instance creation. Thanks to Freddy Exposito for the patch.
Date Mon, 22 Jun 2015 11:38:33 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 7c8124a56 -> 05383ffcf


[CXF-6468] - Secure Conversation Renew is missing Instance creation. Thanks to Freddy Exposito
for the patch.


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/05383ffc
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/05383ffc
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/05383ffc

Branch: refs/heads/master
Commit: 05383ffcfc3fe16c6acadf1a343375c00fa1116c
Parents: 7c8124a
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Jun 22 11:46:04 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Jun 22 11:46:04 2015 +0100

----------------------------------------------------------------------
 .../policy/interceptors/STSInvoker.java         | 34 ++++++++++++++++++++
 .../SecureConversationInInterceptor.java        |  6 ++--
 2 files changed, 38 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/05383ffc/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
index 54ff97a..89422ed 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
@@ -44,6 +44,7 @@ import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.cxf.ws.security.trust.STSUtils;
 import org.apache.wss4j.common.bsp.BSPEnforcer;
+import org.apache.wss4j.common.derivedKey.ConversationConstants;
 import org.apache.wss4j.common.derivedKey.P_SHA1;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.token.Reference;
@@ -250,6 +251,39 @@ abstract class STSInvoker implements Invoker {
         return str.getElement();
     }
     
+    Element writeSecurityTokenReference(
+        W3CDOMStreamWriter writer,
+        String id,
+        String instance,
+        String refValueType
+    ) {
+        Reference ref = new Reference(writer.getDocument());
+        ref.setURI(id);
+        if (refValueType != null) {
+            ref.setValueType(refValueType);
+        }
+        SecurityTokenReference str = new SecurityTokenReference(writer.getDocument());
+        str.addWSSENamespace();
+        str.setReference(ref);
+        
+        if (instance != null) {
+            try {
+                Element firstChildElement = str.getFirstElement();
+                if (firstChildElement != null) {
+                    int version = NegotiationUtils.getWSCVersion(refValueType);
+                    String ns = ConversationConstants.getWSCNs(version);
+                    firstChildElement.setAttributeNS(ns, "wsc:" + ConversationConstants.INSTANCE_LN,
+                                                     instance);
+                }
+            } catch (WSSecurityException e) {
+                //just return without wsc:Instance
+            }
+        }
+
+        writer.getCurrentNode().appendChild(str.getElement());
+        return str.getElement();
+    }
+    
     void writeLifetime(
         W3CDOMStreamWriter writer,
         Date created,

http://git-wip-us.apache.org/repos/asf/cxf/blob/05383ffc/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
index 40ba573..4bd100a 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
@@ -74,6 +74,7 @@ import org.apache.wss4j.policy.model.SecureConversationToken;
 import org.apache.wss4j.policy.model.SignedParts;
 import org.apache.wss4j.policy.model.Trust10;
 import org.apache.wss4j.policy.model.Trust13;
+import org.apache.xml.security.stax.impl.util.IDGenerator;
 import org.apache.xml.security.utils.Base64;
 
 class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessage>
{
@@ -360,9 +361,10 @@ class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessa
             if (tokenIdToRenew != null) {
                 ((TokenStore)exchange.getEndpoint().getEndpointInfo()
                     .getProperty(TokenStore.class.getName())).remove(tokenIdToRenew);
+                String instance = IDGenerator.generateID(null);
                 sct = new SecurityContextToken(
                         NegotiationUtils.getWSCVersion(tokenType), writer.getDocument(),
-                        tokenIdToRenew);
+                        tokenIdToRenew, instance);
                 sct.setID(WSSConfig.getNewInstance().getIdAllocator()
                         .createSecureId("sctId-", sct.getElement()));
             } else {
@@ -391,7 +393,7 @@ class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessa
 
             writer.writeStartElement(prefix, "RequestedUnattachedReference", namespace);
             token.setUnattachedReference(
-                writeSecurityTokenReference(writer, sct.getIdentifier(), tokenType)
+                writeSecurityTokenReference(writer, sct.getIdentifier(), sct.getInstance(),
tokenType)
             );
             writer.writeEndElement();
 


Mime
View raw message