Repository: cxf Updated Branches: refs/heads/master 5f5db6440 -> 5faf18226
http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java index 345e237..34d7cb1 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java @@ -151,7 +151,7 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor { private SecurityContext createSecurityContext(Message msg, SamlAssertionWrapper samlAssertion) { String roleAttributeName = - (String)msg.getContextualProperty(SecurityConstants.SAML_ROLE_ATTRIBUTENAME); + (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_ROLE_ATTRIBUTENAME, msg); if (roleAttributeName == null || roleAttributeName.length() == 0) { roleAttributeName = WSS4JInInterceptor.SAML_ROLE_ATTRIBUTENAME_DEFAULT; } @@ -198,7 +198,7 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor { WSDocInfo wsDocInfo = new WSDocInfo(tokenElement.getOwnerDocument()); RequestData data = new CXFRequestData(); - Object o = message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER); + Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, message); try { data.setCallbackHandler(SecurityUtils.getCallbackHandler(o)); } catch (Exception ex) { @@ -389,7 +389,8 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor { protected WSSecUsernameToken addUsernameToken(SoapMessage message, UsernameToken token) { - String userName = (String)message.getContextualProperty(SecurityConstants.USERNAME); + String userName = + (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message); WSSConfig wssConfig = (WSSConfig)message.getContextualProperty(WSSConfig.class.getName()); if (wssConfig == null) { wssConfig = WSSConfig.getNewInstance(); @@ -406,7 +407,8 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor { return utBuilder; } - String password = (String)message.getContextualProperty(SecurityConstants.PASSWORD); + String password = + (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.PASSWORD, message); if (StringUtils.isEmpty(password)) { password = getPassword(userName, token, WSPasswordCallback.USERNAME_TOKEN, message); } http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java index 111c93f..bed0c11 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java @@ -265,7 +265,8 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { *isn't available */ boolean enableRevocation = reqData.isRevocationEnabled() - || MessageUtils.isTrue(msg.getContextualProperty(SecurityConstants.ENABLE_REVOCATION)); + || MessageUtils.isTrue(SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENABLE_REVOCATION, + msg)); reqData.setEnableRevocation(enableRevocation); Element soapBody = SAAJUtils.getBody(doc); @@ -337,10 +338,12 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { private void configureAudienceRestriction(SoapMessage msg, RequestData reqData) { // Add Audience Restrictions for SAML - boolean enableAudienceRestriction = - MessageUtils.getContextualBoolean(msg, - SecurityConstants.AUDIENCE_RESTRICTION_VALIDATION, - true); + boolean enableAudienceRestriction = true; + String audRestrValStr = + (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.AUDIENCE_RESTRICTION_VALIDATION, msg); + if (audRestrValStr != null) { + enableAudienceRestriction = Boolean.parseBoolean(audRestrValStr); + } if (enableAudienceRestriction) { List<String> audiences = new ArrayList<>(); if (msg.getContextualProperty(org.apache.cxf.message.Message.REQUEST_URL) != null) { @@ -395,11 +398,13 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { // Try to get Crypto Provider from message context properties. // It gives a possibility to use external Crypto Provider // - Crypto encCrypto = (Crypto)msg.getContextualProperty(SecurityConstants.ENCRYPT_CRYPTO); + Crypto encCrypto = + (Crypto)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_CRYPTO, msg); if (encCrypto != null) { reqData.setDecCrypto(encCrypto); } - Crypto sigCrypto = (Crypto)msg.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO); + Crypto sigCrypto = + (Crypto)SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_CRYPTO, msg); if (sigCrypto != null) { reqData.setSigVerCrypto(sigCrypto); } @@ -503,9 +508,17 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { } results.add(0, wsResult); - Boolean allowUnsignedSamlPrincipals = - MessageUtils.getContextualBoolean(msg, - SecurityConstants.ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL, false); + String allowUnsigned = + (String)SecurityUtils.getSecurityPropertyValue( + SecurityConstants.ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL, msg + ); + boolean allowUnsignedSamlPrincipals = Boolean.parseBoolean(allowUnsigned); + boolean useJAASSubject = true; + String useJAASSubjectStr = + (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.SC_FROM_JAAS_SUBJECT, msg); + if (useJAASSubjectStr != null) { + useJAASSubject = Boolean.parseBoolean(useJAASSubjectStr); + } for (int i = wsResult.getResults().size() - 1; i >= 0; i--) { WSSecurityEngineResult o = wsResult.getResults().get(i); @@ -513,8 +526,6 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { Integer action = (Integer)o.get(WSSecurityEngineResult.TAG_ACTION); final Principal p = (Principal)o.get(WSSecurityEngineResult.TAG_PRINCIPAL); final Subject subject = (Subject)o.get(WSSecurityEngineResult.TAG_SUBJECT); - final boolean useJAASSubject = MessageUtils - .getContextualBoolean(msg, SecurityConstants.SC_FROM_JAAS_SUBJECT, true); final Object binarySecurity = o.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN); final boolean isValidSamlToken = action == WSConstants.ST_SIGNED @@ -577,8 +588,8 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { } if (receivedAssertion instanceof SamlAssertionWrapper) { - String roleAttributeName = (String)msg.getContextualProperty( - SecurityConstants.SAML_ROLE_ATTRIBUTENAME); + String roleAttributeName = (String)SecurityUtils.getSecurityPropertyValue( + SecurityConstants.SAML_ROLE_ATTRIBUTENAME, msg); if (roleAttributeName == null || roleAttributeName.length() == 0) { roleAttributeName = SAML_ROLE_ATTRIBUTENAME_DEFAULT; } @@ -656,8 +667,9 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { } protected CallbackHandler getCallback(RequestData reqData) throws WSSecurityException { - Object o = ((SoapMessage)reqData.getMsgContext()) - .getContextualProperty(SecurityConstants.CALLBACK_HANDLER); + Object o = + SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, + (SoapMessage)reqData.getMsgContext()); CallbackHandler cbHandler = null; try { cbHandler = SecurityUtils.getCallbackHandler(o); http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java index dc9289f..dbfd391 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java @@ -39,6 +39,7 @@ import org.apache.cxf.interceptor.Fault; import org.apache.cxf.interceptor.StaxInInterceptor; import org.apache.cxf.message.MessageUtils; import org.apache.cxf.phase.Phase; +import org.apache.cxf.rt.security.utils.SecurityUtils; import org.apache.cxf.ws.security.SecurityConstants; import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils; import org.apache.wss4j.common.ConfigurationConstants; @@ -245,7 +246,7 @@ public class WSS4JStaxInInterceptor extends AbstractWSS4JStaxInterceptor { } boolean enableRevocation = - MessageUtils.isTrue(msg.getContextualProperty(SecurityConstants.ENABLE_REVOCATION)); + MessageUtils.isTrue(SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENABLE_REVOCATION, msg)); securityProperties.setEnableRevocation(enableRevocation); // Crypto loading only applies for Map @@ -293,10 +294,12 @@ public class WSS4JStaxInInterceptor extends AbstractWSS4JStaxInterceptor { private void configureAudienceRestriction(SoapMessage msg, WSSSecurityProperties securityProperties) { // Add Audience Restrictions for SAML - boolean enableAudienceRestriction = - MessageUtils.getContextualBoolean(msg, - SecurityConstants.AUDIENCE_RESTRICTION_VALIDATION, - true); + boolean enableAudienceRestriction = true; + String audRestrStr = + (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.AUDIENCE_RESTRICTION_VALIDATION, msg); + if (audRestrStr != null) { + enableAudienceRestriction = Boolean.parseBoolean(audRestrStr); + } if (enableAudienceRestriction) { List<String> audiences = new ArrayList<String>(); if (msg.getContextualProperty(org.apache.cxf.message.Message.REQUEST_URL) != null) { http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java index 2de2d57..0de353f 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java @@ -39,6 +39,7 @@ import org.apache.cxf.message.Exchange; import org.apache.cxf.message.Message; import org.apache.cxf.phase.AbstractPhaseInterceptor; import org.apache.cxf.phase.Phase; +import org.apache.cxf.rt.security.utils.SecurityUtils; import org.apache.cxf.ws.security.SecurityConstants; import org.apache.wss4j.common.ConfigurationConstants; import org.apache.wss4j.common.WSSPolicyException; @@ -210,15 +211,17 @@ public class WSS4JStaxOutInterceptor extends AbstractWSS4JStaxInterceptor { SoapMessage msg, OutboundSecurityContext outboundSecurityContext, WSSSecurityProperties securityProperties ) throws WSSecurityException { - String user = (String)msg.getContextualProperty(SecurityConstants.USERNAME); + String user = (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, msg); if (user != null) { securityProperties.setTokenUser(user); } - String sigUser = (String)msg.getContextualProperty(SecurityConstants.SIGNATURE_USERNAME); + String sigUser = + (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_USERNAME, msg); if (sigUser != null) { securityProperties.setSignatureUser(sigUser); } - String encUser = (String)msg.getContextualProperty(SecurityConstants.ENCRYPT_USERNAME); + String encUser = + (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_USERNAME, msg); if (encUser != null) { securityProperties.setEncryptionUser(encUser); } http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java index 3a2e995..bb4aa46 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java @@ -726,7 +726,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle return null; } - String userName = (String)message.getContextualProperty(SecurityConstants.USERNAME); + String userName = (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message); if (!StringUtils.isEmpty(userName)) { WSSecUsernameToken utBuilder = new WSSecUsernameToken(); utBuilder.setIdAllocator(wssConfig.getIdAllocator()); @@ -737,7 +737,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle utBuilder.setUserInfo(userName, null); utBuilder.setPasswordType(null); } else { - String password = (String)message.getContextualProperty(SecurityConstants.PASSWORD); + String password = + (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.PASSWORD, message); if (StringUtils.isEmpty(password)) { password = getPassword(userName, token, WSPasswordCallback.USERNAME_TOKEN); } @@ -776,13 +777,14 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle return null; } - String userName = (String)message.getContextualProperty(SecurityConstants.USERNAME); + String userName = (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message); if (!StringUtils.isEmpty(userName)) { WSSecUsernameToken utBuilder = new WSSecUsernameToken(); utBuilder.setIdAllocator(wssConfig.getIdAllocator()); utBuilder.setWsTimeSource(wssConfig.getCurrentTime()); - String password = (String)message.getContextualProperty(SecurityConstants.PASSWORD); + String password = + (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.PASSWORD, message); if (StringUtils.isEmpty(password)) { password = getPassword(userName, token, WSPasswordCallback.USERNAME_TOKEN); } @@ -813,7 +815,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle // // Get the SAML CallbackHandler // - Object o = message.getContextualProperty(SecurityConstants.SAML_CALLBACK_HANDLER); + Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_CALLBACK_HANDLER, message); if (o == null) { SecurityToken securityToken = getSecurityToken(); @@ -855,7 +857,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle String issuerName = samlCallback.getIssuerKeyName(); if (issuerName == null) { String userNameKey = SecurityConstants.SIGNATURE_USERNAME; - issuerName = (String)message.getContextualProperty(userNameKey); + issuerName = (String)SecurityUtils.getSecurityPropertyValue(userNameKey, message); } String password = samlCallback.getIssuerKeyPassword(); if (password == null) { @@ -918,7 +920,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle public String getPassword(String userName, Assertion info, int usage) { //Then try to get the password from the given callback handler - Object o = message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER); + Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, message); CallbackHandler handler = null; try { handler = SecurityUtils.getCallbackHandler(o); @@ -1397,7 +1399,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle private X509Certificate getEncryptCert(Crypto crypto, String encrUser) throws WSSecurityException { // Check for prepared encryption certificate - X509Certificate encrCert = (X509Certificate)message.getContextualProperty(SecurityConstants.ENCRYPT_CERT); + X509Certificate encrCert = + (X509Certificate)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_CERT, message); if (encrCert != null) { return encrCert; } @@ -1420,11 +1423,16 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle public Crypto getEncryptionCrypto(AbstractTokenWrapper wrapper) throws WSSecurityException { Crypto crypto = getCrypto(wrapper, SecurityConstants.ENCRYPT_CRYPTO, SecurityConstants.ENCRYPT_PROPERTIES); - boolean enableRevocation = MessageUtils.isTrue( - message.getContextualProperty(SecurityConstants.ENABLE_REVOCATION)); + boolean enableRevocation = false; + String enableRevStr = + (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENABLE_REVOCATION, message); + if (enableRevStr != null) { + enableRevocation = Boolean.parseBoolean(enableRevStr); + } if (enableRevocation && crypto != null) { CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS); - String encrUser = (String)message.getContextualProperty(SecurityConstants.ENCRYPT_USERNAME); + String encrUser = + (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_USERNAME, message); if (encrUser == null) { try { encrUser = crypto.getDefaultX509Identifier(); @@ -1447,12 +1455,12 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle String cryptoKey, String propKey ) throws WSSecurityException { - Crypto crypto = (Crypto)message.getContextualProperty(cryptoKey); + Crypto crypto = (Crypto)SecurityUtils.getSecurityPropertyValue(cryptoKey, message); if (crypto != null) { return crypto; } - Object o = message.getContextualProperty(propKey); + Object o = SecurityUtils.getSecurityPropertyValue(propKey, message); if (o == null) { return null; } @@ -1483,7 +1491,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle return passwordEncryptor; } - Object o = message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER); + Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, message); try { CallbackHandler callbackHandler = SecurityUtils.getCallbackHandler(o); if (callbackHandler != null) { @@ -1547,15 +1555,16 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle public String setEncryptionUser(WSSecEncryptedKey encrKeyBuilder, AbstractTokenWrapper token, boolean sign, Crypto crypto) { // Check for prepared certificate property - X509Certificate encrCert = (X509Certificate)message.getContextualProperty(SecurityConstants.ENCRYPT_CERT); + X509Certificate encrCert = + (X509Certificate)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_CERT, message); if (encrCert != null) { encrKeyBuilder.setUseThisCert(encrCert); return null; } - String encrUser = (String)message.getContextualProperty(sign - ? SecurityConstants.SIGNATURE_USERNAME - : SecurityConstants.ENCRYPT_USERNAME); + String key = sign ? SecurityConstants.SIGNATURE_USERNAME : SecurityConstants.ENCRYPT_USERNAME; + String encrUser = (String)SecurityUtils.getSecurityPropertyValue(key, message); + if (crypto != null && (encrUser == null || "".equals(encrUser))) { try { encrUser = crypto.getDefaultX509Identifier(); @@ -1767,7 +1776,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle if (!endorse) { message.getExchange().put(SecurityConstants.SIGNATURE_CRYPTO, crypto); } - String user = (String)message.getContextualProperty(userNameKey); + String user = (String)SecurityUtils.getSecurityPropertyValue(userNameKey, message); if (StringUtils.isEmpty(user)) { if (crypto != null) { try { http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java index 1c4d3c2..9483fff 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java @@ -162,10 +162,11 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa // Check if a CallbackHandler was specified if (properties.getCallbackHandler() == null) { - String password = (String)message.getContextualProperty(SecurityConstants.PASSWORD); + String password = + (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.PASSWORD, message); if (password != null) { String username = - (String)message.getContextualProperty(SecurityConstants.USERNAME); + (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message); UTCallbackHandler callbackHandler = new UTCallbackHandler(username, password); properties.setCallbackHandler(callbackHandler); } @@ -285,7 +286,7 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa // // Get the SAML CallbackHandler // - Object o = message.getContextualProperty(SecurityConstants.SAML_CALLBACK_HANDLER); + Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_CALLBACK_HANDLER, message); try { CallbackHandler handler = SecurityUtils.getCallbackHandler(o); if (handler == null) { @@ -536,9 +537,9 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa } properties.setSignatureCanonicalizationAlgorithm( binding.getAlgorithmSuite().getC14n().getValue()); - String sigUser = (String)message.getContextualProperty(userNameKey); + String sigUser = (String)SecurityUtils.getSecurityPropertyValue(userNameKey, message); if (sigUser == null) { - sigUser = (String)message.getContextualProperty(SecurityConstants.USERNAME); + sigUser = (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message); } if (sigUser != null && properties.getSignatureUser() == null) { properties.setSignatureUser(sigUser); http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java index f610239..43af2fb 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java @@ -30,6 +30,7 @@ import javax.xml.soap.SOAPException; import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.interceptor.Fault; +import org.apache.cxf.rt.security.utils.SecurityUtils; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.security.SecurityConstants; import org.apache.cxf.ws.security.tokenstore.SecurityToken; @@ -377,9 +378,10 @@ public class StaxAsymmetricBindingHandler extends AbstractStaxBindingHandler { properties.setEncryptionSymAlgorithm( algorithmSuite.getAlgorithmSuiteType().getEncryption()); - String encUser = (String)message.getContextualProperty(SecurityConstants.ENCRYPT_USERNAME); + String encUser = + (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_USERNAME, message); if (encUser == null) { - encUser = (String)message.getContextualProperty(SecurityConstants.USERNAME); + encUser = (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message); } if (encUser != null && properties.getEncryptionUser() == null) { properties.setEncryptionUser(encUser); http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java index b4dce04..39c60e3 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java @@ -32,6 +32,7 @@ import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.interceptor.Fault; import org.apache.cxf.message.MessageUtils; +import org.apache.cxf.rt.security.utils.SecurityUtils; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.security.SecurityConstants; import org.apache.cxf.ws.security.tokenstore.SecurityToken; @@ -470,9 +471,10 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler { properties.setEncryptionSymAlgorithm( algorithmSuite.getAlgorithmSuiteType().getEncryption()); - String encUser = (String)message.getContextualProperty(SecurityConstants.ENCRYPT_USERNAME); + String encUser = + (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_USERNAME, message); if (encUser == null) { - encUser = (String)message.getContextualProperty(SecurityConstants.USERNAME); + encUser = (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message); } if (encUser != null && properties.getEncryptionUser() == null) { properties.setEncryptionUser(encUser); http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java index 8423500..6d7f9ac 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java @@ -31,9 +31,9 @@ import javax.xml.soap.SOAPMessage; import org.w3c.dom.Document; import org.w3c.dom.Element; - import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.interceptor.Fault; +import org.apache.cxf.rt.security.utils.SecurityUtils; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.security.SecurityConstants; @@ -566,7 +566,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder { String uname = crypto.getX509Identifier(secTok.getX509Certificate()); if (uname == null) { String userNameKey = SecurityConstants.SIGNATURE_USERNAME; - uname = (String)message.getContextualProperty(userNameKey); + uname = (String)SecurityUtils.getSecurityPropertyValue(userNameKey, message); } String password = getPassword(uname, token, WSPasswordCallback.SIGNATURE); if (password == null) { http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/provider/CryptoProviderUtils.java ---------------------------------------------------------------------- diff --git a/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/provider/CryptoProviderUtils.java b/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/provider/CryptoProviderUtils.java index 6d46d08..d855d2e 100644 --- a/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/provider/CryptoProviderUtils.java +++ b/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/provider/CryptoProviderUtils.java @@ -35,7 +35,7 @@ final class CryptoProviderUtils { } public static Properties loadKeystoreProperties(Message message, String propKey) { - Object o = message.getContextualProperty(propKey); + Object o = SecurityUtils.getSecurityPropertyValue(propKey, message); if (o == null) { throw new CryptoProviderException("Keystore properties path is not defined"); } http://git-wip-us.apache.org/repos/asf/cxf/blob/5faf1822/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlCallbackHandler.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlCallbackHandler.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlCallbackHandler.java index d178cb7..d9168c2 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlCallbackHandler.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlCallbackHandler.java @@ -34,8 +34,8 @@ import org.apache.cxf.message.Message; import org.apache.cxf.phase.PhaseInterceptorChain; import org.apache.cxf.rs.security.common.CryptoLoader; import org.apache.cxf.rs.security.common.SecurityUtils; +import org.apache.cxf.rt.security.SecurityConstants; import org.apache.cxf.rt.security.saml.claims.SAMLClaim; -import org.apache.cxf.ws.security.SecurityConstants; import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.saml.SAMLCallback; import org.apache.wss4j.common.saml.bean.ActionBean;