buildbot failure in ASF Buildbot on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/504 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot
buildbot success in ASF Buildbot on cxf-site-production
The Buildbot has detected a restored build on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/496 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: Build succeeded! Sincerely, -The Buildbot
buildbot failure in ASF Buildbot on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/495 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot
[4/4] cxf git commit: Recording .gitmergeinfo Changes
Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a7000505 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a7000505 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a7000505 Branch: refs/heads/2.7.x-fixes Commit: a70005059c9cc1c2b45af319434f49ddde4b7cf3 Parents: 08611f8 Author: Colm O hEigeartaigh Authored: Mon Jul 20 22:21:14 2015 +0100 Committer: Colm O hEigeartaigh Committed: Mon Jul 20 22:21:14 2015 +0100 -- .gitmergeinfo | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/a7000505/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index 71955b3..33b95fd 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -715,6 +715,7 @@ B 4e8f85d8d98b578b799d8a9b568fb78d53b419e8 B 4ea14212ce5c077e1af9e20f2f90c672617d59d7 B 4ea7db88c0894904f8b904d4049753be4ebec068 B 4eb021814b076ac152c6ae4d8f6ac5ca56b6b0ee +B 4eb8d15a2a2658fe7255fdbedb1e2d7ffb53366e B 4f308df6b936bb0076c33062f0de3a8cc53eaa18 B 4ff319c6e46e9570003632fe96908ebd03ee9768 B 5000b9dd5e3396e491f08dac8cd947757fd77ca4
[2/4] cxf git commit: Recording .gitmergeinfo Changes
Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8e5a728c Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8e5a728c Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8e5a728c Branch: refs/heads/2.7.x-fixes Commit: 8e5a728ca185f9c7b272dcc6be3ec70f0b4082f8 Parents: b9bf76c Author: Colm O hEigeartaigh Authored: Mon Jul 20 21:45:10 2015 +0100 Committer: Colm O hEigeartaigh Committed: Mon Jul 20 21:45:10 2015 +0100 -- .gitmergeinfo | 2 ++ 1 file changed, 2 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/8e5a728c/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index 2cf7090..71955b3 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -1469,6 +1469,7 @@ B a683fc8f6e9466b2fdc32e2c39bda25a222d682a B a6939efe5a5858468f8348132cf84b6cae4a3a03 B a6bb6636d201878e35c49f728af5b67916a0b805 B a6d2a8a38043255156812b9546be1ac92d3106f3 +B a6e28de77a6770ffac02e698e1844aa3cdd876a4 B a7208b67404980b653dd00ee7a6ed30a8b62ee83 B a72f421b25cc491be2b586ef41a7d15980407a58 B a751c55ea21bb7ffb33b0b9e77d0bb01ac99d810 @@ -2315,6 +2316,7 @@ M 1a0c4aad7f0360c30539e49a98eb4f16fa554512 M 1a4b7cfd929bdfd1c53feef8099c1a67a24afeff M 1a96465f1f599d96e6ea74aa1477a39152b42879 M 1ab9f70d4112432482f7030ea43b3870d524bd0d +M 1b3101542c14b6c761a83d39547d79fa732e9603 M 1bec032480a2dbe6c2ba7b6c4c8d2b99d1fad257 M 1c218c8f21311db0c9e77ca401ddbe339f18dc06 M 1c8cbd98259ac6a6d45e2ba58945d100bffa8d83
[3/4] cxf git commit: Fixing backmerge
Fixing backmerge Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/08611f8a Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/08611f8a Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/08611f8a Branch: refs/heads/2.7.x-fixes Commit: 08611f8a12985d5a82ff6827f62212f32a840601 Parents: 8e5a728 Author: Colm O hEigeartaigh Authored: Mon Jul 20 21:53:23 2015 +0100 Committer: Colm O hEigeartaigh Committed: Mon Jul 20 21:53:23 2015 +0100 -- .../security/SAMLSecurityContext.java | 15 ++- .../rt/security/saml/SAMLSecurityContext.java | 113 --- 2 files changed, 12 insertions(+), 116 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/08611f8a/rt/core/src/main/java/org/apache/cxf/interceptor/security/SAMLSecurityContext.java -- diff --git a/rt/core/src/main/java/org/apache/cxf/interceptor/security/SAMLSecurityContext.java b/rt/core/src/main/java/org/apache/cxf/interceptor/security/SAMLSecurityContext.java index a8e0709..2560fed 100644 --- a/rt/core/src/main/java/org/apache/cxf/interceptor/security/SAMLSecurityContext.java +++ b/rt/core/src/main/java/org/apache/cxf/interceptor/security/SAMLSecurityContext.java @@ -19,6 +19,8 @@ package org.apache.cxf.interceptor.security; import java.security.Principal; +import java.util.Collections; +import java.util.HashSet; import java.util.Set; import org.w3c.dom.Element; @@ -33,7 +35,7 @@ public class SAMLSecurityContext implements LoginSecurityContext { private String issuer; public SAMLSecurityContext(Principal principal) { -this.principal = principal; +this(principal, null); } public SAMLSecurityContext( @@ -53,7 +55,7 @@ public class SAMLSecurityContext implements LoginSecurityContext { return false; } for (Principal principalRole : roles) { -if (principalRole.getName().equals(role)) { +if (principalRole != principal && principalRole.getName().equals(role)) { return true; } } @@ -69,7 +71,14 @@ public class SAMLSecurityContext implements LoginSecurityContext { } public Set getUserRoles() { -return roles; +if (roles == null) { +return Collections.emptySet(); +} +Set retRoles = new HashSet(roles); +if (principal != null && retRoles.contains(principal)) { +retRoles.remove(principal); +} +return retRoles; } public void setAssertionElement(Element assertionElement) { http://git-wip-us.apache.org/repos/asf/cxf/blob/08611f8a/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLSecurityContext.java -- diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLSecurityContext.java b/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLSecurityContext.java deleted file mode 100644 index 2784a18..000 --- a/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLSecurityContext.java +++ /dev/null @@ -1,113 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rt.security.saml; - -import java.security.Principal; -import java.util.Collections; -import java.util.HashSet; -import java.util.Set; - -import org.w3c.dom.Element; -import org.apache.cxf.rt.security.claims.ClaimCollection; -import org.apache.cxf.rt.security.claims.ClaimsSecurityContext; - -public class SAMLSecurityContext implements ClaimsSecurityContext { - -private final Principal principal; -private Set roles; -private Element assertionElement; -private String issuer; -private ClaimCollection claims; - -public SAMLSecurityContext(Principal principal) { -this(principal, null); -} - -public SAMLSecurityContext( -Principal principal, -Set roles -) { -this(principal, r
[1/4] cxf git commit: Enforce stronger constraints on role names for SAML
Repository: cxf Updated Branches: refs/heads/2.7.x-fixes 70bf6e3f8 -> a70005059 Enforce stronger constraints on role names for SAML Conflicts: rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLSecurityContext.java Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b9bf76cd Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b9bf76cd Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b9bf76cd Branch: refs/heads/2.7.x-fixes Commit: b9bf76cd6c1aae1446774c22f135b60f27c6029e Parents: 70bf6e3 Author: Colm O hEigeartaigh Authored: Mon Jul 20 19:56:04 2015 +0100 Committer: Colm O hEigeartaigh Committed: Mon Jul 20 21:45:08 2015 +0100 -- .../rt/security/saml/SAMLSecurityContext.java | 113 +++ .../AbstractXACMLAuthorizingInterceptor.java| 6 +- 2 files changed, 118 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/b9bf76cd/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLSecurityContext.java -- diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLSecurityContext.java b/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLSecurityContext.java new file mode 100644 index 000..2784a18 --- /dev/null +++ b/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLSecurityContext.java @@ -0,0 +1,113 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rt.security.saml; + +import java.security.Principal; +import java.util.Collections; +import java.util.HashSet; +import java.util.Set; + +import org.w3c.dom.Element; +import org.apache.cxf.rt.security.claims.ClaimCollection; +import org.apache.cxf.rt.security.claims.ClaimsSecurityContext; + +public class SAMLSecurityContext implements ClaimsSecurityContext { + +private final Principal principal; +private Set roles; +private Element assertionElement; +private String issuer; +private ClaimCollection claims; + +public SAMLSecurityContext(Principal principal) { +this(principal, null); +} + +public SAMLSecurityContext( +Principal principal, +Set roles +) { +this(principal, roles, null); +} + +public SAMLSecurityContext( +Principal principal, +Set roles, +ClaimCollection claims +) { +this.principal = principal; +this.roles = roles; +this.claims = claims; +} + +public ClaimCollection getClaims() { +return claims; +} + +public Principal getUserPrincipal() { +return principal; +} + +public boolean isUserInRole(String role) { +if (roles == null) { +return false; +} +for (Principal principalRole : roles) { +if (principalRole != principal && principalRole.getName().equals(role)) { +return true; +} +} +return false; +} + +public javax.security.auth.Subject getSubject() { +return null; +} + +public void setUserRoles(Set userRoles) { +this.roles = userRoles; +} + +public Set getUserRoles() { +if (roles == null) { +return Collections.emptySet(); +} +Set retRoles = new HashSet(roles); +if (principal != null && retRoles.contains(principal)) { +retRoles.remove(principal); +} +return retRoles; +} + +public void setAssertionElement(Element assertionElement) { +this.assertionElement = assertionElement; +} + +public Element getAssertionElement() { +return assertionElement; +} + +public void setIssuer(String issuer) { +this.issuer = issuer; +} + +public String getIssuer() { +return issuer; +} +} http://git-wip-us.apache.org/repos/asf/cxf/blob/b9bf76cd/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAutho
[3/3] cxf git commit: Build fix
Build fix Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4eb8d15a Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4eb8d15a Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4eb8d15a Branch: refs/heads/3.0.x-fixes Commit: 4eb8d15a2a2658fe7255fdbedb1e2d7ffb53366e Parents: a6e28de Author: Colm O hEigeartaigh Authored: Mon Jul 20 21:44:32 2015 +0100 Committer: Colm O hEigeartaigh Committed: Mon Jul 20 21:44:32 2015 +0100 -- .../java/org/apache/cxf/sts/token/validator/X509TokenValidator.java | 1 - 1 file changed, 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/4eb8d15a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java -- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java index 1cf2ee7..8f2224e 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java @@ -29,7 +29,6 @@ import javax.security.auth.callback.CallbackHandler; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; -import org.w3c.dom.Text; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.helpers.DOMUtils;
[1/3] cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes af03a164f -> 4eb8d15a2 Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a6e28de7 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a6e28de7 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a6e28de7 Branch: refs/heads/3.0.x-fixes Commit: a6e28de77a6770ffac02e698e1844aa3cdd876a4 Parents: 1b31015 Author: Colm O hEigeartaigh Authored: Mon Jul 20 20:49:45 2015 +0100 Committer: Colm O hEigeartaigh Committed: Mon Jul 20 20:49:45 2015 +0100 -- .gitmergeinfo | 2 ++ 1 file changed, 2 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/a6e28de7/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index b31d9d2..49ddda8 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -325,6 +325,7 @@ B d9f624e2eca8affa20243583ace087a8cbba3ac8 B da4ccb008fcad909025cab0a00c56c00728c195b B db18a965fb238b8515ab74eb63d13c863c279476 B db51e1a99ab886f179c677579ba798b450069287 +B dd8025a1695ac207e8b28e3cff38bb7df6369361 B de88ed19bd937440fa891a852582a2d9ea971e3b B df947cb1ca2b9e375f99e199ec65b1afece1c963 B dfecaa60ea6082fda8f2959c083ba2f2f7a03112 @@ -500,6 +501,7 @@ M a088c793efd923a52f68044b02221f8b47569ef9 M a2c4be5e99472fc23b1740fc594e5d4c64961ca4 M a3bf2a80bafa95ec2ccdd2b28ead26c13866acd7 M a5b1c33534d83b4d0696263439d0d1a906b1afe6 +M a614b75389c2758d6d27e598b679ba013bcb72f0 M a64265c29be124e9bffb46eb35a68b3504860c3a M a64ded455c40169665e438ae7a25f17bd4f8047a M a79158c70fb2c8cedf109e78eeec32691a32e306
[2/3] cxf git commit: Enforce stronger constraints on role names for SAML
Enforce stronger constraints on role names for SAML Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1b310154 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1b310154 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1b310154 Branch: refs/heads/3.0.x-fixes Commit: 1b3101542c14b6c761a83d39547d79fa732e9603 Parents: af03a16 Author: Colm O hEigeartaigh Authored: Mon Jul 20 19:56:04 2015 +0100 Committer: Colm O hEigeartaigh Committed: Mon Jul 20 20:49:45 2015 +0100 -- .../cxf/rt/security/saml/SAMLSecurityContext.java | 13 +++-- .../xacml/AbstractXACMLAuthorizingInterceptor.java | 6 +- 2 files changed, 16 insertions(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/1b310154/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLSecurityContext.java -- diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLSecurityContext.java b/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLSecurityContext.java index 4287eb2..2784a18 100644 --- a/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLSecurityContext.java +++ b/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLSecurityContext.java @@ -19,6 +19,8 @@ package org.apache.cxf.rt.security.saml; import java.security.Principal; +import java.util.Collections; +import java.util.HashSet; import java.util.Set; import org.w3c.dom.Element; @@ -67,7 +69,7 @@ public class SAMLSecurityContext implements ClaimsSecurityContext { return false; } for (Principal principalRole : roles) { -if (principalRole.getName().equals(role)) { +if (principalRole != principal && principalRole.getName().equals(role)) { return true; } } @@ -83,7 +85,14 @@ public class SAMLSecurityContext implements ClaimsSecurityContext { } public Set getUserRoles() { -return roles; +if (roles == null) { +return Collections.emptySet(); +} +Set retRoles = new HashSet(roles); +if (principal != null && retRoles.contains(principal)) { +retRoles.remove(principal); +} +return retRoles; } public void setAssertionElement(Element assertionElement) { http://git-wip-us.apache.org/repos/asf/cxf/blob/1b310154/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java -- diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java b/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java index 51e45cd..f7a8697 100644 --- a/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java +++ b/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java @@ -74,13 +74,17 @@ public abstract class AbstractXACMLAuthorizingInterceptor extends AbstractPhaseI if (sc instanceof LoginSecurityContext) { Principal principal = sc.getUserPrincipal(); +String principalName = null; +if (principal != null) { +principalName = principal.getName(); +} LoginSecurityContext loginSecurityContext = (LoginSecurityContext)sc; Set principalRoles = loginSecurityContext.getUserRoles(); List roles = new ArrayList(); if (principalRoles != null) { for (Principal p : principalRoles) { -if (p != principal) { +if (p != null && p.getName() != null && !p.getName().equals(principalName)) { roles.add(p.getName()); } }
cxf git commit: Enforce stronger constraints on role names for SAML
Repository: cxf Updated Branches: refs/heads/master dd8025a16 -> a614b7538 Enforce stronger constraints on role names for SAML Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a614b753 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a614b753 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a614b753 Branch: refs/heads/master Commit: a614b75389c2758d6d27e598b679ba013bcb72f0 Parents: dd8025a Author: Colm O hEigeartaigh Authored: Mon Jul 20 19:56:04 2015 +0100 Committer: Colm O hEigeartaigh Committed: Mon Jul 20 19:56:04 2015 +0100 -- .../rt/security/saml/claims/SAMLSecurityContext.java | 13 +++-- .../xacml2/AbstractXACMLAuthorizingInterceptor.java| 6 +- 2 files changed, 16 insertions(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/a614b753/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/claims/SAMLSecurityContext.java -- diff --git a/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/claims/SAMLSecurityContext.java b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/claims/SAMLSecurityContext.java index b9b012a..97fee53 100644 --- a/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/claims/SAMLSecurityContext.java +++ b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/claims/SAMLSecurityContext.java @@ -19,6 +19,8 @@ package org.apache.cxf.rt.security.saml.claims; import java.security.Principal; +import java.util.Collections; +import java.util.HashSet; import java.util.Set; import org.w3c.dom.Element; @@ -67,7 +69,7 @@ public class SAMLSecurityContext implements ClaimsSecurityContext { return false; } for (Principal principalRole : roles) { -if (principalRole.getName().equals(role)) { +if (principalRole != principal && principalRole.getName().equals(role)) { return true; } } @@ -83,7 +85,14 @@ public class SAMLSecurityContext implements ClaimsSecurityContext { } public Set getUserRoles() { -return roles; +if (roles == null) { +return Collections.emptySet(); +} +Set retRoles = new HashSet(roles); +if (principal != null && retRoles.contains(principal)) { +retRoles.remove(principal); +} +return retRoles; } public void setAssertionElement(Element assertionElement) { http://git-wip-us.apache.org/repos/asf/cxf/blob/a614b753/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/xacml2/AbstractXACMLAuthorizingInterceptor.java -- diff --git a/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/xacml2/AbstractXACMLAuthorizingInterceptor.java b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/xacml2/AbstractXACMLAuthorizingInterceptor.java index f81f07a..39e611d 100644 --- a/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/xacml2/AbstractXACMLAuthorizingInterceptor.java +++ b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/xacml2/AbstractXACMLAuthorizingInterceptor.java @@ -67,13 +67,17 @@ public abstract class AbstractXACMLAuthorizingInterceptor extends AbstractPhaseI if (sc instanceof LoginSecurityContext) { Principal principal = sc.getUserPrincipal(); +String principalName = null; +if (principal != null) { +principalName = principal.getName(); +} LoginSecurityContext loginSecurityContext = (LoginSecurityContext)sc; Set principalRoles = loginSecurityContext.getUserRoles(); List roles = new ArrayList<>(); if (principalRoles != null) { for (Principal p : principalRoles) { -if (p != principal) { +if (p != null && p.getName() != null && !p.getName().equals(principalName)) { roles.add(p.getName()); } }
cxf git commit: Fixing build
Repository: cxf Updated Branches: refs/heads/master 903c81fec -> dd8025a16 Fixing build Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/dd8025a1 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/dd8025a1 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/dd8025a1 Branch: refs/heads/master Commit: dd8025a1695ac207e8b28e3cff38bb7df6369361 Parents: 903c81f Author: Colm O hEigeartaigh Authored: Mon Jul 20 19:02:28 2015 +0100 Committer: Colm O hEigeartaigh Committed: Mon Jul 20 19:02:28 2015 +0100 -- .../rs/security/xml/XmlSecInInterceptor.java| 38 ++-- 1 file changed, 19 insertions(+), 19 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/dd8025a1/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java -- diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java index d533a36..80f9819 100644 --- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java +++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java @@ -241,19 +241,19 @@ public class XmlSecInInterceptor extends AbstractPhaseInterceptor { if (XMLSecurityConstants.Enc.equals(event.getAlgorithmUsage()) && encryptionProperties.getEncryptionSymmetricKeyAlgo() != null && !encryptionProperties.getEncryptionSymmetricKeyAlgo().equals(event.getAlgorithmURI())) { -throw new XMLSecurityException("empty", "The symmetric encryption algorithm " - + event.getAlgorithmURI() + " is not allowed"); +throw new XMLSecurityException("empty", new Object[] {"The symmetric encryption algorithm " + + event.getAlgorithmURI() + " is not allowed"}); } else if ((XMLSecurityConstants.Sym_Key_Wrap.equals(event.getAlgorithmUsage()) || XMLSecurityConstants.Asym_Key_Wrap.equals(event.getAlgorithmUsage())) && encryptionProperties.getEncryptionKeyTransportAlgo() != null && !encryptionProperties.getEncryptionKeyTransportAlgo().equals(event.getAlgorithmURI())) { -throw new XMLSecurityException("empty", "The key transport algorithm " -+ event.getAlgorithmURI() + " is not allowed"); +throw new XMLSecurityException("empty", new Object[] {"The key transport algorithm " ++ event.getAlgorithmURI() + " is not allowed"}); } else if (XMLSecurityConstants.EncDig.equals(event.getAlgorithmUsage()) && encryptionProperties.getEncryptionDigestAlgo() != null && !encryptionProperties.getEncryptionDigestAlgo().equals(event.getAlgorithmURI())) { -throw new XMLSecurityException("empty", "The encryption digest algorithm " -+ event.getAlgorithmURI() + " is not allowed"); +throw new XMLSecurityException("empty", new Object[] {"The encryption digest algorithm " ++ event.getAlgorithmURI() + " is not allowed"}); } } @@ -263,24 +263,24 @@ public class XmlSecInInterceptor extends AbstractPhaseInterceptor { || XMLSecurityConstants.Sym_Sig.equals(event.getAlgorithmUsage())) && sigProps.getSignatureAlgo() != null && !sigProps.getSignatureAlgo().equals(event.getAlgorithmURI())) { -throw new XMLSecurityException("empty", "The signature algorithm " - + event.getAlgorithmURI() + " is not allowed"); +throw new XMLSecurityException("empty", new Object[] {"The signature algorithm " + + event.getAlgorithmURI() + " is not allowed"}); } else if (XMLSecurityConstants.SigDig.equals(event.getAlgorithmUsage()) && sigProps.getSignatureDigestAlgo() != null && !sigProps.getSignatureDigestAlgo().equals(event.getAlgorithmURI())) { -throw new XMLSecurityException("empty", "The signature digest algorithm " -+ event.getAlgorithmURI() + " is not allowed"); +throw new XMLSecurityException("empty", new Object[] {"The signature digest algorithm " ++ event.getAlgorithmURI() + " is not allowed"}); } else if (XMLSecurityConstants.SigC14n.equals(event.getAlgorithmUsage()) && sigProps.getSignatureC14nMethod() != null && !sigProps.getSignatureC14nMethod().equals(event.getAlgorithmURI())) { -throw new XMLSecurityException("empty", "The s
buildbot success in ASF Buildbot on cxf-site-production
The Buildbot has detected a restored build on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/488 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: Build succeeded! Sincerely, -The Buildbot
buildbot failure in ASF Buildbot on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/486 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot