cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [3/3] cxf git commit: Fixing merge
Date Tue, 04 Apr 2017 09:15:39 GMT
Fixing merge


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e2fd9159
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e2fd9159
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e2fd9159

Branch: refs/heads/3.1.x-fixes
Commit: e2fd915910e19bcc71d722e688e14a94ccae7d90
Parents: 50e08ec
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Apr 4 09:30:43 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Apr 4 09:30:43 2017 +0100

----------------------------------------------------------------------
 .../org/apache/cxf/rt/security/SecurityConstants.java |  6 +-----
 .../apache/cxf/rt/security/utils/SecurityUtils.java   |  8 --------
 .../wss4j/DefaultWSS4JSecurityContextCreator.java     | 14 +-------------
 .../wss4j/StaxSecurityContextInInterceptor.java       | 12 +-----------
 4 files changed, 3 insertions(+), 37 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/e2fd9159/rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java b/rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java
index 80cf1bd..aa0106d 100644
--- a/rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java
@@ -159,7 +159,7 @@ public class SecurityConstants {
     
     /**
      * Whether to allow UsernameTokens with no password to be used as SecurityContext Principals.
-     * The default is false.
+     * The default is true.
      */
     public static final String ENABLE_UT_NOPASSWORD_PRINCIPAL =
             "security.enable.ut-no-password.principal";
@@ -352,12 +352,8 @@ public class SecurityConstants {
             CALLBACK_HANDLER, SAML_CALLBACK_HANDLER, SIGNATURE_PROPERTIES, 
             SIGNATURE_CRYPTO, ENCRYPT_PROPERTIES, ENCRYPT_CRYPTO, ENCRYPT_CERT,
             ENABLE_REVOCATION, SUBJECT_CERT_CONSTRAINTS, ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL,
-<<<<<<< HEAD
-            AUDIENCE_RESTRICTION_VALIDATION, SAML_ROLE_ATTRIBUTENAME, 
-=======
             ENABLE_UT_NOPASSWORD_PRINCIPAL,
             AUDIENCE_RESTRICTION_VALIDATION, SAML_ROLE_ATTRIBUTENAME,
->>>>>>> b77e43f... Disable taking a UsernameToken with no password as
the security context principal
             ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL, SC_FROM_JAAS_SUBJECT,
             STS_TOKEN_USE_CERT_FOR_KEYINFO, STS_TOKEN_DO_CANCEL, CACHE_ISSUED_TOKEN_IN_ENDPOINT,
             DISABLE_STS_CLIENT_WSMEX_CALL_USING_EPR_ADDRESS, STS_TOKEN_CRYPTO,

http://git-wip-us.apache.org/repos/asf/cxf/blob/e2fd9159/rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java
b/rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java
index a0419de..f14b14c 100644
--- a/rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java
@@ -183,16 +183,8 @@ public final class SecurityUtils {
      * values. If none is configured, then the defaultValue parameter is returned.
      */
     public static boolean getSecurityPropertyBoolean(String property, Message message, boolean
defaultValue) {
-<<<<<<< HEAD
-        Object value = message.getContextualProperty(property);
-        if (value == null) {
-            value = message.getContextualProperty("ws-" + property);
-        }
-        
-=======
         Object value = getSecurityPropertyValue(property, message);
 
->>>>>>> b77e43f... Disable taking a UsernameToken with no password as
the security context principal
         if (value != null) {
             return PropertyUtils.isTrue(value);
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e2fd9159/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java
index cd15d46..7855d0e 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java
@@ -66,29 +66,17 @@ public class DefaultWSS4JSecurityContextCreator implements WSS4JSecurityContextC
      * Create a SecurityContext and store it on the SoapMessage parameter
      */
     public void createSecurityContext(SoapMessage msg, WSHandlerResult handlerResult) {
-<<<<<<< HEAD
-        
-        String allowUnsigned = 
-            (String)SecurityUtils.getSecurityPropertyValue(
-                SecurityConstants.ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL, msg
-            );
-        boolean allowUnsignedSamlPrincipals = Boolean.parseBoolean(allowUnsigned);
-        boolean useJAASSubject = true; 
-        String useJAASSubjectStr = 
-=======
-
         boolean allowUnsignedSamlPrincipals =
             SecurityUtils.getSecurityPropertyBoolean(
                 SecurityConstants.ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL, msg, false
             );
         boolean allowUTNoPassword =
             SecurityUtils.getSecurityPropertyBoolean(
-                SecurityConstants.ENABLE_UT_NOPASSWORD_PRINCIPAL, msg, false
+                SecurityConstants.ENABLE_UT_NOPASSWORD_PRINCIPAL, msg, true
             );
 
         boolean useJAASSubject = true;
         String useJAASSubjectStr =
->>>>>>> b77e43f... Disable taking a UsernameToken with no password as
the security context principal
             (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.SC_FROM_JAAS_SUBJECT,
msg);
         if (useJAASSubjectStr != null) {
             useJAASSubject = Boolean.parseBoolean(useJAASSubjectStr);

http://git-wip-us.apache.org/repos/asf/cxf/blob/e2fd9159/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java
index 82cc6a1..b5a7e77 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java
@@ -212,15 +212,6 @@ public class StaxSecurityContextInInterceptor extends AbstractPhaseInterceptor<S
         return token.getPublicKey() != null 
             || (token.getX509Certificates() != null && token.getX509Certificates().length
> 0);
     }
-<<<<<<< HEAD
-    
-    private boolean isSamlEventSigned(SamlTokenSecurityEvent event) {
-        if (event == null) {
-            return false;
-        }
-        
-        return event.getSecurityToken() != null 
-=======
 
     private boolean isSamlEventAllowed(SamlTokenSecurityEvent event, Message msg) {
         if (event == null) {
@@ -234,7 +225,6 @@ public class StaxSecurityContextInInterceptor extends AbstractPhaseInterceptor<S
 
         // The SAML Assertion must be signed by default
         return event.getSecurityToken() != null
->>>>>>> b77e43f... Disable taking a UsernameToken with no password as
the security context principal
             && event.getSecurityToken().getSamlAssertionWrapper() != null
             && (allowUnsignedSamlPrincipals || event.getSecurityToken().getSamlAssertionWrapper().isSigned());
     }
@@ -246,7 +236,7 @@ public class StaxSecurityContextInInterceptor extends AbstractPhaseInterceptor<S
 
         boolean allowUTNoPassword =
             SecurityUtils.getSecurityPropertyBoolean(
-                SecurityConstants.ENABLE_UT_NOPASSWORD_PRINCIPAL, msg, false
+                SecurityConstants.ENABLE_UT_NOPASSWORD_PRINCIPAL, msg, true
             );
 
         // The "no password" case is not allowed by default


Mime
View raw message