Revert "Some updates following WSS4J changes" This reverts commit f4da2415cb0a7cf07873da2b330e7c3a15281639.
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b1bac442 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b1bac442 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b1bac442 Branch: refs/heads/3.0.x-fixes Commit: b1bac442f3aed30d3405c9b4661d09bf809a4997 Parents: ac54794 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Mon Mar 14 17:23:42 2016 +0000 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Mon Mar 14 17:23:42 2016 +0000 ---------------------------------------------------------------------- .../KerberosTokenInterceptorProvider.java | 2 +- .../policy/interceptors/NegotiationUtils.java | 2 +- .../ws/security/wss4j/StaxActionInInterceptor.java | 12 ++++++------ .../ws/security/wss4j/StaxCryptoCoverageChecker.java | 8 ++++---- .../wss4j/StaxSecurityContextInInterceptor.java | 15 +++++++-------- .../ws/security/wss4j/WSS4JStaxInInterceptor.java | 2 +- .../ws/security/wss4j/WSS4JStaxOutInterceptor.java | 2 +- .../policyhandlers/StaxSymmetricBindingHandler.java | 12 ++++++------ .../cxf/sts/operation/TokenIssueOperation.java | 2 +- .../apache/cxf/sts/token/canceller/SCTCanceller.java | 2 +- 10 files changed, 29 insertions(+), 30 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/b1bac442/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java index 4c73618..bd9a240 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java @@ -309,7 +309,7 @@ public class KerberosTokenInterceptorProvider extends AbstractPolicyInterceptorP (List<SecurityEvent>)message.get(SecurityEvent.class.getName() + ".in"); if (incomingEventList != null) { for (SecurityEvent incomingEvent : incomingEventList) { - if (WSSecurityEventConstants.KERBEROS_TOKEN + if (WSSecurityEventConstants.KerberosToken == incomingEvent.getSecurityEventType()) { return incomingEvent; } http://git-wip-us.apache.org/repos/asf/cxf/blob/b1bac442/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java index 34d4e1f..68c05b8 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java @@ -245,7 +245,7 @@ final class NegotiationUtils { (List<SecurityEvent>) message.getExchange().get(SecurityEvent.class.getName() + ".in"); if (incomingEventList != null) { for (SecurityEvent incomingEvent : incomingEventList) { - if (WSSecurityEventConstants.SECURITY_CONTEXT_TOKEN + if (WSSecurityEventConstants.SecurityContextToken == incomingEvent.getSecurityEventType()) { return true; } http://git-wip-us.apache.org/repos/asf/cxf/blob/b1bac442/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxActionInInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxActionInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxActionInInterceptor.java index 7559638..e64a71c 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxActionInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxActionInInterceptor.java @@ -73,10 +73,10 @@ public class StaxActionInInterceptor extends AbstractPhaseInterceptor<SoapMessag // First check for a SOAP Fault with no security header if we are the client if (MessageUtils.isRequestor(soapMessage) - && isEventInResults(WSSecurityEventConstants.NO_SECURITY, incomingSecurityEventList)) { + && isEventInResults(WSSecurityEventConstants.NoSecurity, incomingSecurityEventList)) { OperationSecurityEvent securityEvent = (OperationSecurityEvent)findEvent( - WSSecurityEventConstants.OPERATION, incomingSecurityEventList + WSSecurityEventConstants.Operation, incomingSecurityEventList ); if (securityEvent != null && soapMessage.getVersion().getFault().equals(securityEvent.getOperation())) { @@ -88,14 +88,14 @@ public class StaxActionInInterceptor extends AbstractPhaseInterceptor<SoapMessag for (XMLSecurityConstants.Action action : inActions) { Event requiredEvent = null; if (WSSConstants.TIMESTAMP.equals(action)) { - requiredEvent = WSSecurityEventConstants.TIMESTAMP; + requiredEvent = WSSecurityEventConstants.Timestamp; } else if (WSSConstants.USERNAMETOKEN.equals(action)) { - requiredEvent = WSSecurityEventConstants.USERNAME_TOKEN; + requiredEvent = WSSecurityEventConstants.UsernameToken; } else if (WSSConstants.SIGNATURE.equals(action)) { requiredEvent = WSSecurityEventConstants.SignatureValue; } else if (WSSConstants.SAML_TOKEN_SIGNED.equals(action) || WSSConstants.SAML_TOKEN_UNSIGNED.equals(action)) { - requiredEvent = WSSecurityEventConstants.SAML_TOKEN; + requiredEvent = WSSecurityEventConstants.SamlToken; } if (requiredEvent != null @@ -108,7 +108,7 @@ public class StaxActionInInterceptor extends AbstractPhaseInterceptor<SoapMessag if (WSSConstants.ENCRYPT.equals(action)) { boolean foundEncryptionPart = - isEventInResults(WSSecurityEventConstants.ENCRYPTED_PART, incomingSecurityEventList); + isEventInResults(WSSecurityEventConstants.EncryptedPart, incomingSecurityEventList); if (!foundEncryptionPart) { foundEncryptionPart = isEventInResults(WSSecurityEventConstants.EncryptedElement, incomingSecurityEventList); http://git-wip-us.apache.org/repos/asf/cxf/blob/b1bac442/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageChecker.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageChecker.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageChecker.java index 8e9791a..cde80d3 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageChecker.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageChecker.java @@ -87,13 +87,13 @@ public class StaxCryptoCoverageChecker extends AbstractPhaseInterceptor<SoapMess if (incomingSecurityEventList != null) { // Get all Signed/Encrypted Results results.addAll( - getEventFromResults(WSSecurityEventConstants.SIGNED_PART, incomingSecurityEventList)); + getEventFromResults(WSSecurityEventConstants.SignedPart, incomingSecurityEventList)); results.addAll( getEventFromResults(WSSecurityEventConstants.SignedElement, incomingSecurityEventList)); if (encryptBody || encryptUsernameToken) { results.addAll( - getEventFromResults(WSSecurityEventConstants.ENCRYPTED_PART, incomingSecurityEventList)); + getEventFromResults(WSSecurityEventConstants.EncryptedPart, incomingSecurityEventList)); results.addAll( getEventFromResults(WSSecurityEventConstants.EncryptedElement, incomingSecurityEventList)); } @@ -106,7 +106,7 @@ public class StaxCryptoCoverageChecker extends AbstractPhaseInterceptor<SoapMess if (signTimestamp) { // We only insist on the Timestamp being signed if it is actually present in the message List<SecurityEvent> timestampResults = - getEventFromResults(WSSecurityEventConstants.TIMESTAMP, incomingSecurityEventList); + getEventFromResults(WSSecurityEventConstants.Timestamp, incomingSecurityEventList); if (!timestampResults.isEmpty()) { checkSignedTimestamp(results); } @@ -122,7 +122,7 @@ public class StaxCryptoCoverageChecker extends AbstractPhaseInterceptor<SoapMess // We only insist on the UsernameToken being signed/encrypted if it is actually // present in the message List<SecurityEvent> usernameTokenResults = - getEventFromResults(WSSecurityEventConstants.USERNAME_TOKEN, incomingSecurityEventList); + getEventFromResults(WSSecurityEventConstants.UsernameToken, incomingSecurityEventList); if (!usernameTokenResults.isEmpty()) { if (signUsernameToken) { checkSignedUsernameToken(results); http://git-wip-us.apache.org/repos/asf/cxf/blob/b1bac442/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java index 3a8b8a5..52d8cdb 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java @@ -91,10 +91,9 @@ public class StaxSecurityContextInInterceptor extends AbstractPhaseInterceptor<S // Now go through the results in a certain order to set up a security context. Highest priority is first. List<Event> desiredSecurityEvents = new ArrayList<Event>(); - List<Event> desiredSecurityEvents = new ArrayList<>(); - desiredSecurityEvents.add(WSSecurityEventConstants.SAML_TOKEN); - desiredSecurityEvents.add(WSSecurityEventConstants.USERNAME_TOKEN); - desiredSecurityEvents.add(WSSecurityEventConstants.KERBEROS_TOKEN); + desiredSecurityEvents.add(WSSecurityEventConstants.SamlToken); + desiredSecurityEvents.add(WSSecurityEventConstants.UsernameToken); + desiredSecurityEvents.add(WSSecurityEventConstants.KerberosToken); desiredSecurityEvents.add(WSSecurityEventConstants.X509Token); desiredSecurityEvents.add(WSSecurityEventConstants.KeyValueToken); @@ -130,7 +129,7 @@ public class StaxSecurityContextInInterceptor extends AbstractPhaseInterceptor<S Object receivedAssertion = null; - if (desiredEvent == WSSecurityEventConstants.SAML_TOKEN) { + if (desiredEvent == WSSecurityEventConstants.SamlToken) { String roleAttributeName = (String)msg.getContextualProperty(SecurityConstants.SAML_ROLE_ATTRIBUTENAME); if (roleAttributeName == null || roleAttributeName.length() == 0) { @@ -162,9 +161,9 @@ public class StaxSecurityContextInInterceptor extends AbstractPhaseInterceptor<S Event desiredEvent) throws XMLSecurityException { for (SecurityEvent event : incomingSecurityEventList) { if (desiredEvent == event.getSecurityEventType()) { - if (event.getSecurityEventType() == WSSecurityEventConstants.USERNAME_TOKEN) { + if (event.getSecurityEventType() == WSSecurityEventConstants.UsernameToken) { return ((UsernameTokenSecurityEvent)event).getSecurityToken(); - } else if (event.getSecurityEventType() == WSSecurityEventConstants.SAML_TOKEN + } else if (event.getSecurityEventType() == WSSecurityEventConstants.SamlToken && isSamlEventSigned((SamlTokenSecurityEvent)event)) { return ((SamlTokenSecurityEvent)event).getSecurityToken(); } else if (event.getSecurityEventType() == WSSecurityEventConstants.X509Token @@ -173,7 +172,7 @@ public class StaxSecurityContextInInterceptor extends AbstractPhaseInterceptor<S } else if (event.getSecurityEventType() == WSSecurityEventConstants.KeyValueToken && isUsedForPublicKeySignature(((KeyValueTokenSecurityEvent)event).getSecurityToken())) { return ((KeyValueTokenSecurityEvent)event).getSecurityToken(); - } else if (event.getSecurityEventType() == WSSecurityEventConstants.KERBEROS_TOKEN) { + } else if (event.getSecurityEventType() == WSSecurityEventConstants.KerberosToken) { return ((KerberosTokenSecurityEvent)event).getSecurityToken(); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/b1bac442/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java index f42b794..0c82445 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java @@ -189,7 +189,7 @@ public class WSS4JStaxInInterceptor extends AbstractWSS4JStaxInterceptor { final SecurityEventListener securityEventListener = new SecurityEventListener() { @Override public void registerSecurityEvent(SecurityEvent securityEvent) throws WSSecurityException { - if (securityEvent.getSecurityEventType() == WSSecurityEventConstants.TIMESTAMP + if (securityEvent.getSecurityEventType() == WSSecurityEventConstants.Timestamp || securityEvent.getSecurityEventType() == WSSecurityEventConstants.SignatureValue || securityEvent instanceof TokenSecurityEvent || securityEvent instanceof AbstractSecuredElementSecurityEvent) { http://git-wip-us.apache.org/repos/asf/cxf/blob/b1bac442/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java index 835bd39..84930bd 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java @@ -192,7 +192,7 @@ public class WSS4JStaxOutInterceptor extends AbstractWSS4JStaxInterceptor { final SecurityEventListener securityEventListener = new SecurityEventListener() { @Override public void registerSecurityEvent(SecurityEvent securityEvent) throws XMLSecurityException { - if (securityEvent.getSecurityEventType() == WSSecurityEventConstants.SAML_TOKEN) { + if (securityEvent.getSecurityEventType() == WSSecurityEventConstants.SamlToken) { // Store SAML keys in case we need them on the inbound side TokenSecurityEvent<?> tokenSecurityEvent = (TokenSecurityEvent<?>)securityEvent; WSS4JUtils.parseAndStoreStreamingSecurityToken(tokenSecurityEvent.getSecurityToken(), msg); http://git-wip-us.apache.org/repos/asf/cxf/blob/b1bac442/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java index a6a77fe..c6171e0 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java @@ -172,7 +172,7 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler { if (tok == null && !isRequestor()) { org.apache.xml.security.stax.securityToken.SecurityToken securityToken = - findInboundSecurityToken(WSSecurityEventConstants.SAML_TOKEN); + findInboundSecurityToken(WSSecurityEventConstants.SamlToken); tokenId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken, message); } } else if (encryptionToken instanceof SecureConversationToken @@ -185,7 +185,7 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler { properties.addAction(actionToPerform); } else if (tok == null && !isRequestor()) { org.apache.xml.security.stax.securityToken.SecurityToken securityToken = - findInboundSecurityToken(WSSecurityEventConstants.SECURITY_CONTEXT_TOKEN); + findInboundSecurityToken(WSSecurityEventConstants.SecurityContextToken); tokenId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken, message); } } else if (encryptionToken instanceof X509Token) { @@ -298,7 +298,7 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler { if (sigTok == null && !isRequestor()) { org.apache.xml.security.stax.securityToken.SecurityToken securityToken = - findInboundSecurityToken(WSSecurityEventConstants.SAML_TOKEN); + findInboundSecurityToken(WSSecurityEventConstants.SamlToken); sigTokId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken, message); } } else if (sigToken instanceof SecureConversationToken @@ -311,7 +311,7 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler { properties.addAction(actionToPerform); } else if (sigTok == null && !isRequestor()) { org.apache.xml.security.stax.securityToken.SecurityToken securityToken = - findInboundSecurityToken(WSSecurityEventConstants.SECURITY_CONTEXT_TOKEN); + findInboundSecurityToken(WSSecurityEventConstants.SecurityContextToken); sigTokId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken, message); } } else if (sigToken instanceof X509Token) { @@ -618,7 +618,7 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler { (List<SecurityEvent>) message.getExchange().get(SecurityEvent.class.getName() + ".in"); if (incomingEventList != null) { for (SecurityEvent incomingEvent : incomingEventList) { - if (WSSecurityEventConstants.ENCRYPTED_PART == incomingEvent.getSecurityEventType() + if (WSSecurityEventConstants.EncryptedPart == incomingEvent.getSecurityEventType() || WSSecurityEventConstants.EncryptedElement == incomingEvent.getSecurityEventType()) { org.apache.xml.security.stax.securityToken.SecurityToken token = @@ -635,7 +635,7 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler { // Fall back to a Signature in case there was no encrypted Element in the request for (SecurityEvent incomingEvent : incomingEventList) { - if (WSSecurityEventConstants.SIGNED_PART == incomingEvent.getSecurityEventType() + if (WSSecurityEventConstants.SignedPart == incomingEvent.getSecurityEventType() || WSSecurityEventConstants.SignedElement == incomingEvent.getSecurityEventType()) { org.apache.xml.security.stax.securityToken.SecurityToken token = http://git-wip-us.apache.org/repos/asf/cxf/blob/b1bac442/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java index 00588df..d15c9fd 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java @@ -407,7 +407,7 @@ public class TokenIssueOperation extends AbstractOperation implements IssueOpera // Now try steaming results try { org.apache.xml.security.stax.securityToken.SecurityToken securityToken = - findInboundSecurityToken(WSSecurityEventConstants.SAML_TOKEN, messageContext); + findInboundSecurityToken(WSSecurityEventConstants.SamlToken, messageContext); if (securityToken instanceof SamlSecurityToken && ((SamlSecurityToken)securityToken).getSamlAssertionWrapper() != null) { return ((SamlSecurityToken)securityToken).getSamlAssertionWrapper(); http://git-wip-us.apache.org/repos/asf/cxf/blob/b1bac442/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/canceller/SCTCanceller.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/canceller/SCTCanceller.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/canceller/SCTCanceller.java index 644236e..6836cec 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/canceller/SCTCanceller.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/canceller/SCTCanceller.java @@ -186,7 +186,7 @@ public class SCTCanceller implements TokenCanceller { (List<SecurityEvent>) messageContext.get(SecurityEvent.class.getName() + ".in"); if (incomingEventList != null) { for (SecurityEvent incomingEvent : incomingEventList) { - if (WSSecurityEventConstants.SIGNED_PART == incomingEvent.getSecurityEventType() + if (WSSecurityEventConstants.SignedPart == incomingEvent.getSecurityEventType() || WSSecurityEventConstants.SignedElement == incomingEvent.getSecurityEventType()) { org.apache.xml.security.stax.securityToken.SecurityToken token =
