cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: [CXF-6525] - Support for http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Only when using WSS-Policy. Thanks to Christian Koch for the patch. Tests added.
Date Fri, 07 Aug 2015 14:39:46 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 966dd6726 -> eafa719cd


[CXF-6525] - Support for http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Only
when using WSS-Policy. Thanks to Christian Koch for the patch. Tests added.


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/eafa719c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/eafa719c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/eafa719c

Branch: refs/heads/master
Commit: eafa719cd9db973694307efad63adf218e6fcdeb
Parents: 966dd67
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Aug 7 15:39:15 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Aug 7 15:39:15 2015 +0100

----------------------------------------------------------------------
 .../cxf/ws/security/SecurityConstants.java      | 13 +++++++--
 .../policyhandlers/AbstractBindingBuilder.java  | 11 ++++++--
 .../AbstractStaxBindingHandler.java             |  4 +++
 .../cxf/systest/ws/swa/SWAPolicyTest.java       | 29 ++++++++++++++++++++
 .../apache/cxf/systest/ws/swa/DoubleItSwa.wsdl  |  3 ++
 .../apache/cxf/systest/ws/swa/policy-client.xml |  8 ++++++
 .../apache/cxf/systest/ws/swa/policy-server.xml | 11 ++++++++
 .../cxf/systest/ws/swa/stax-policy-server.xml   | 12 ++++++++
 8 files changed, 86 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/eafa719c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
index 96e1dc2..74eedeb 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
@@ -123,6 +123,15 @@ public final class SecurityConstants extends org.apache.cxf.rt.security.Security
      * encoding step can be skipped. This only applies to the DOM WS-Security stack.
      */
     public static final String STORE_BYTES_IN_ATTACHMENT = "ws-security.store.bytes.in.attachment";
+    
+    /**
+     * This configuration flag allows the user to decide whether the default Attachment-Complete

+     * transform or the Attachment-Content-Only transform should be used when an Attachment
is encrypted 
+     * via a WS-SecurityPolicy expression. The default is "false", meaning that the "complete"

+     * transformation is used.
+     */
+    public static final String USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM = 
+        "ws-security.swa.encryption.attachment.transform.content";
 
     //
     // Non-boolean WS-Security Configuration parameters
@@ -230,7 +239,7 @@ public final class SecurityConstants extends org.apache.cxf.rt.security.Security
      */
     public static final String ASYMMETRIC_SIGNATURE_ALGORITHM = 
         "ws-security.asymmetric.signature.algorithm";
-    
+
     /**
      * This holds a reference to a PasswordEncryptor instance, which is used to encrypt or

      * decrypt passwords in the Merlin Crypto implementation (or any custom Crypto implementations).
@@ -519,7 +528,7 @@ public final class SecurityConstants extends org.apache.cxf.rt.security.Security
             DELEGATED_CREDENTIAL, KERBEROS_USE_CREDENTIAL_DELEGATION, 
             KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM, STS_TOKEN_IMMINENT_EXPIRY_VALUE,
             KERBEROS_REQUEST_CREDENTIAL_DELEGATION, POLICY_VALIDATOR_MAP,
-            STORE_BYTES_IN_ATTACHMENT
+            STORE_BYTES_IN_ATTACHMENT, USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM
         }));
         for (String commonProperty : COMMON_PROPERTIES) {
             s.add(commonProperty);

http://git-wip-us.apache.org/repos/asf/cxf/blob/eafa719c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index 87fc263..9a93aff8 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -172,7 +172,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
     protected Element topDownElement;
     protected Element bstElement;
     protected Element lastEncryptedKeyElement;
-    
+
     protected final CallbackLookup callbackLookup;
     protected boolean storeBytesInAttachment;
     
@@ -1082,10 +1082,15 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
                                                             "Header");
                 securedParts.add(wep);
             }
-            
+
             Attachments attachments = parts.getAttachments();
             if (attachments != null) {
-                WSEncryptionPart wep = new WSEncryptionPart("cid:Attachments", "Element");
+                String encModifier = "Element";
+                if (MessageUtils.getContextualBoolean(
+                    message, SecurityConstants.USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM,
false)) {
+                    encModifier = "Content";
+                }
+                WSEncryptionPart wep = new WSEncryptionPart("cid:Attachments", encModifier);
                 securedParts.add(wep);
             }
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/eafa719c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
index f819b95..62cc01c 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
@@ -929,6 +929,10 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa
             Attachments attachments = parts.getAttachments();
             if (attachments != null) {
                 SecurePart securePart = new SecurePart("cid:Attachments", Modifier.Element);
+                if (MessageUtils.getContextualBoolean(
+                    message, SecurityConstants.USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM,
false)) {
+                    securePart.setModifier(Modifier.Content);
+                }
                 securePart.setRequired(false);
                 encryptedParts.add(securePart);
             }

http://git-wip-us.apache.org/repos/asf/cxf/blob/eafa719c/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/SWAPolicyTest.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/SWAPolicyTest.java
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/SWAPolicyTest.java
index 99ef60e..0cac3cc 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/SWAPolicyTest.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/SWAPolicyTest.java
@@ -176,6 +176,35 @@ public class SWAPolicyTest extends AbstractBusClientServerTestBase {
     }
     
     @org.junit.Test
+    public void testSWAEncryptionContentPolicy() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = SWAPolicyTest.class.getResource("policy-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+        
+        URL wsdl = SWAPolicyTest.class.getResource("DoubleItSwa.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSWAEncryptionContentPolicyPort");
+        DoubleItSwaPortType port = 
+                service.getPort(portQName, DoubleItSwaPortType.class);
+        updateAddressPort(port, test.getPort());
+        
+        if (test.isStreaming()) {
+            enableStreaming(port);
+        }
+        
+        DoubleIt3 doubleIt = new DoubleIt3();
+        doubleIt.setNumberToDouble(25);
+        port.doubleIt3(doubleIt, "12345".getBytes());
+        
+        ((java.io.Closeable)port).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
     public void testSWACombinedPolicy() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();

http://git-wip-us.apache.org/repos/asf/cxf/blob/eafa719c/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/DoubleItSwa.wsdl
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/DoubleItSwa.wsdl
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/DoubleItSwa.wsdl
index d48f2c7..204bcc2 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/DoubleItSwa.wsdl
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/DoubleItSwa.wsdl
@@ -214,6 +214,9 @@
         <wsdl:port name="DoubleItSWAEncryptionPolicyPort" binding="tns:DoubleItEncryptionBinding">
             <soap:address location="http://localhost:9001/DoubleItSWAEncryptionPolicy"/>
         </wsdl:port>
+        <wsdl:port name="DoubleItSWAEncryptionContentPolicyPort" binding="tns:DoubleItEncryptionBinding">
+            <soap:address location="http://localhost:9001/DoubleItSWAEncryptionContentPolicy"/>
+        </wsdl:port>
         <wsdl:port name="DoubleItSWACombinedPolicyPort" binding="tns:DoubleItCombinedBinding">
             <soap:address location="http://localhost:9001/DoubleItSWACombinedPolicy"/>
         </wsdl:port>

http://git-wip-us.apache.org/repos/asf/cxf/blob/eafa719c/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-client.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-client.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-client.xml
index 0c66531..91786ce 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-client.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-client.xml
@@ -46,6 +46,14 @@
         </jaxws:properties>
     </jaxws:client>
     
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSWAEncryptionContentPolicyPort"
createdFromAPI="true">
+         <jaxws:properties>
+            <entry key="security.encryption.properties" value="bob.properties"/>
+            <entry key="security.encryption.username" value="bob"/>
+            <entry key="ws-security.swa.encryption.attachment.transform.content" value="true"/>
+        </jaxws:properties>
+    </jaxws:client>
+    
     <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSWACombinedPolicyPort"
createdFromAPI="true">
          <jaxws:properties>
             <entry key="security.encryption.properties" value="bob.properties"/>

http://git-wip-us.apache.org/repos/asf/cxf/blob/eafa719c/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-server.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-server.xml
index 540f958..f5b7e30 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-server.xml
@@ -59,6 +59,17 @@
         </jaxws:properties>
     </jaxws:endpoint>
     
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="EncryptionContentPolicy"

+        address="http://localhost:${testutil.ports.swa.PolicyServer}/DoubleItSWAEncryptionContentPolicy"

+        serviceName="s:DoubleItService" endpointName="s:DoubleItSWAEncryptionContentPolicyPort"

+        implementor="org.apache.cxf.systest.ws.swa.DoubleIt3Impl" 
+        wsdlLocation="org/apache/cxf/systest/ws/swa/DoubleItSwa.wsdl">
+        <jaxws:properties>
+            <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+            <entry key="security.signature.properties" value="bob.properties"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+    
     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="CombinedPolicy"

         address="http://localhost:${testutil.ports.swa.PolicyServer}/DoubleItSWACombinedPolicy"

         serviceName="s:DoubleItService" endpointName="s:DoubleItSWACombinedPolicyPort" 

http://git-wip-us.apache.org/repos/asf/cxf/blob/eafa719c/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/stax-policy-server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/stax-policy-server.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/stax-policy-server.xml
index 034ae3a..cef4eed 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/stax-policy-server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/stax-policy-server.xml
@@ -62,6 +62,18 @@
         </jaxws:properties>
     </jaxws:endpoint>
     
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="EncryptionContentPolicy"

+        address="http://localhost:${testutil.ports.swa.StaxPolicyServer}/DoubleItSWAEncryptionContentPolicy"

+        serviceName="s:DoubleItService" endpointName="s:DoubleItSWAEncryptionContentPolicyPort"

+        implementor="org.apache.cxf.systest.ws.swa.DoubleIt3Impl" 
+        wsdlLocation="org/apache/cxf/systest/ws/swa/DoubleItSwa.wsdl">
+        <jaxws:properties>
+            <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+            <entry key="security.signature.properties" value="bob.properties"/>
+            <entry key="ws-security.enable.streaming" value="true"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+    
     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="CombinedPolicy"

         address="http://localhost:${testutil.ports.swa.StaxPolicyServer}/DoubleItSWACombinedPolicy"

         serviceName="s:DoubleItService" endpointName="s:DoubleItSWACombinedPolicyPort" 


Mime
View raw message