svn commit: r963355 - in /websites/production/cxf/content: cache/docs.pageCache docs/security-configuration.html docs/ws-securitypolicy.html
Author: buildbot Date: Fri Aug 28 10:47:35 2015 New Revision: 963355 Log: Production update by buildbot for cxf Modified: websites/production/cxf/content/cache/docs.pageCache websites/production/cxf/content/docs/security-configuration.html websites/production/cxf/content/docs/ws-securitypolicy.html Modified: websites/production/cxf/content/cache/docs.pageCache == Binary files - no diff available. Modified: websites/production/cxf/content/docs/security-configuration.html == --- websites/production/cxf/content/docs/security-configuration.html (original) +++ websites/production/cxf/content/docs/security-configuration.html Fri Aug 28 10:47:35 2015 @@ -107,7 +107,7 @@ Apache CXF -- Security Configuration td height=100% !-- Content -- div class=wiki-content -div id=ConfluenceContenth2 id=SecurityConfiguration-BackgroundtocommonsecurityconfigurationBackground to common security configuration/h2pFrom Apache CXF 3.1.0, the a shape=rect href=ws-securitypolicy.htmlWS-SecurityPolicy/a and the a shape=rect href=jax-rs-xml-security.htmlXML Security/a (JAX-RS) components in CXF share a common set of configuration tags. Previously, the configuration tags were all defined in the SecurityConstants class in the cxf-rt-ws-security module. The JAX-RS XML Security component then referenced these configuration tags directly, which meant that the XML Security component had to have a dependency on a SOAP module, which was not ideal./ph2 id=SecurityConfiguration-NewconfigurationtagsinApacheCXF3.1.0New configuration tags in Apache CXF 3.1.0/h2pFrom Apache CXF 3.1.0, the cxf-rt-security module is now shared between both the WS-Security and JAX-RS XML Security modules, and contains a SecurityConstants class that defines s ecurity constants used by both stacks. These configuration tags are exactly the same as a set of previous configuration tags found in the WS-Security SecurityConstants class in previous releases, except that the prefix is now security (was ws-security). Here are the new set of configuration tags:/ph4 id=SecurityConfiguration-UserpropertiesUser properties/h4div class=table-wraptable class=confluenceTabletbodytrtd colspan=1 rowspan=1 class=confluenceTdpsecurity.username/p/tdtd colspan=1 rowspan=1 class=confluenceTdpThe user's name. It is used differently by each of the Security functions, see a shape=rect href=http://cxf.apache.org/javadoc/latest/org/apache/cxf/ws/security/SecurityConstants.html#USERNAME;here/a for more information./p/td/trtrtd colspan=1 rowspan=1 class=confluenceTdpsecurity.password/p/tdtd colspan=1 rowspan=1 class=confluenceTdpThe user's password when security.callback-handler i s not defined. It is currently only used for the case of adding a password to a UsernameToken./p/td/trtrtd colspan=1 rowspan=1 class=confluenceTdpsecurity.signature.username/p/tdtd colspan=1 rowspan=1 class=confluenceTdpThe user's name for signature. It is used as the alias name in the keystore to get the user's cert and private key for signature. See a shape=rect href=http://cxf.apache.org/javadoc/latest/org/apache/cxf/ws/security/SecurityConstants.html#SIGNATURE_USERNAME;here/a for more information./p/td/trtrtd colspan=1 rowspan=1 class=confluenceTdpsecurity.encryption.username/p/tdtd colspan=1 rowspan=1 class=confluenceTdpThe user's name for encryption. It is used as the alias name in the keystore to get the user's public key for encryption. See a shape=rect href=http://cxf.apache.org/javadoc/latest/org/apache/cxf/ws/security/SecurityConstants.html#ENCRYPT_USERNAME;here/a for more information./p/td /tr/tbody/table/divh4 id=SecurityConfiguration-CallbackClassandCryptopropertiesCallback Class and Crypto properties/h4div class=table-wraptable class=confluenceTabletbodytrtd colspan=1 rowspan=1 class=confluenceTdpsecurity.callback-handler/p/tdtd colspan=1 rowspan=1 class=confluenceTdpThe CallbackHandler a shape=rect href=http://cxf.apache.org/javadoc/latest/org/apache/cxf/ws/security/SecurityConstants.html#CALLBACK_HANDLER;implementation/a class used to obtain passwords./p/td/trtrtd colspan=1 rowspan=1 class=confluenceTdpsecurity.saml-callback-handler/p/tdtd colspan=1 rowspan=1 class=confluenceTdpThe SAML CallbackHandler a shape=rect href=http://cxf.apache.org/javadoc/latest/org/apache/cxf/ws/security/SecurityConstants.html#SAML_CALLBACK_HANDLER;implementation/a class used to construct SAML Assertions./p/td/trtrtd colspan=1 rowspan=1 class=confluenceTdpsecurity.signature .properties/p/tdtd colspan=1 rowspan=1 class=confluenceTdpThe Crypto property a shape=rect href=http://cxf.apache.org/javadoc/latest/org/apache/cxf/ws/security/SecurityConstants.html#SIGNATURE_PROPERTIES;configuration/a to use for signature, if security.signature.crypto is not set instead./p/td/trtrtd
cxf git commit: [CXF-6561] Removing catch blocks from ResourceOwnerGramtHandler
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes fa6136f83 - 3ce7b636f [CXF-6561] Removing catch blocks from ResourceOwnerGramtHandler Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3ce7b636 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3ce7b636 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3ce7b636 Branch: refs/heads/3.0.x-fixes Commit: 3ce7b636f10a48cff703a24a3f13a65093b57259 Parents: fa6136f Author: Sergey Beryozkin sberyoz...@gmail.com Authored: Fri Aug 28 13:27:50 2015 +0100 Committer: Sergey Beryozkin sberyoz...@gmail.com Committed: Fri Aug 28 13:29:15 2015 +0100 -- .../grants/owner/ResourceOwnerGrantHandler.java| 17 - .../oauth2/services/AccessTokenService.java| 15 +++ 2 files changed, 15 insertions(+), 17 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/3ce7b636/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java index f15fc7f..19e0f6b 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java @@ -47,20 +47,11 @@ public class ResourceOwnerGrantHandler extends AbstractGrantHandler { throw new OAuthServiceException( new OAuthError(OAuthConstants.INVALID_REQUEST)); } -UserSubject subject = null; -try { -subject = loginHandler.createSubject(ownerName, ownerPassword); -if (subject == null) { -throw new OAuthServiceException(OAuthConstants.INVALID_GRANT); -} -} catch (OAuthServiceException ex) { -throw ex; -} catch (RuntimeException ex) { -throw new OAuthServiceException(OAuthConstants.INVALID_GRANT, ex); +UserSubject subject = loginHandler.createSubject(ownerName, ownerPassword); +if (subject == null) { +throw new OAuthServiceException(OAuthConstants.INVALID_GRANT); } -return doCreateAccessToken(client, - subject, - params); +return doCreateAccessToken(client, subject, params); } public ResourceOwnerLoginHandler getLoginHandler() { http://git-wip-us.apache.org/repos/asf/cxf/blob/3ce7b636/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java index af94464..8af601a 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java @@ -28,6 +28,7 @@ import javax.ws.rs.Consumes; import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.Produces; +import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.Response; @@ -99,8 +100,8 @@ public class AccessTokenService extends AbstractTokenService { checkAudience(params); } catch (OAuthServiceException ex) { return super.createErrorResponseFromBean(ex.getError()); -} - +} + // Find the grant handler AccessTokenGrantHandler handler = findGrantHandler(params); if (handler == null) { @@ -111,8 +112,14 @@ public class AccessTokenService extends AbstractTokenService { ServerAccessToken serverToken = null; try { serverToken = handler.createAccessToken(client, params); -} catch (OAuthServiceException ex) { -return handleException(ex, OAuthConstants.INVALID_GRANT); +} catch (WebApplicationException ex) { +throw ex; +} catch (RuntimeException ex) { +// This is done to bypass a Check-Style +// restriction on a
cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 3ce7b636f - f3d875215 Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f3d87521 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f3d87521 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f3d87521 Branch: refs/heads/3.0.x-fixes Commit: f3d8752156de16b0686b4dd34935ba20187f3c5f Parents: 3ce7b63 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Aug 28 13:52:03 2015 +0100 Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Aug 28 13:52:03 2015 +0100 -- .gitmergeinfo | 3 +++ 1 file changed, 3 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/f3d87521/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index 8180c00..f54cfd3 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -225,6 +225,7 @@ B 7e82d2f10a1ca14a939d2c63ca4e620f8870e256 B 7e8d0b4b1cd868272380ca5779e67a15e46cf799 B 7e95279dd1170f5878687d7eea27f7d7f03a434b B 7f7cc3c390b95f9d7589eb192538551416c313db +B 7fbbd1d13bbb7ccbbc1213ed86a456794583fd3e B 80014cf0e6fb1ba62ffdb3766acffd2130eef9d6 B 80d7128a3ba1944a603c73e5e908d86c9bf27648 B 8176b1b0faad2de44a4ff85083c74b5a4b74918a @@ -250,6 +251,7 @@ B 8ee1ce727f04099b2bbeea4164ad38005de769b3 B 8f967643447ceec89e58b079d8d8fc00cf232a02 B 8fd8c552f4c2a980a5138de19a2b74104776a4ba B 90312bc48f6e564bcafdaaebc3cd596c966ee674 +B 91c7b09005e8d32187283828ac348235b725e3e3 B 91d6630c53f222544e4bb512fb5c918d68518138 B 92502a5e2af6e5d3c544f89396de2d05d539fd41 B 92c4738f9e6b96fe0ce8586bb36b9c6444d6e225 @@ -403,6 +405,7 @@ B eba07e615684e475772a7a2d23d7e93a0b099485 B ec3a49b094019544e525aa1b14f494ca3217f17b B ec4435d70cb0097e34f38bc0f47c0faca03b4bb0 B ecbf4e78586870a507fe4cf91239d51c3f202aad +B ed0f25116f8620841ff96dd1b751d97c11eb09c3 B ed18c008f05af7063d5929d072b86048d12dab4c B ee64acf5f8370cd1e33719e4d9d4e9922e386602 B eee2a947d867c403c212677cf942b3d07fa06fd7
svn commit: r963360 - in /websites/production/cxf/content: cache/main.pageCache fediz.html
Author: buildbot Date: Fri Aug 28 11:47:33 2015 New Revision: 963360 Log: Production update by buildbot for cxf Modified: websites/production/cxf/content/cache/main.pageCache websites/production/cxf/content/fediz.html Modified: websites/production/cxf/content/cache/main.pageCache == Binary files - no diff available. Modified: websites/production/cxf/content/fediz.html == --- websites/production/cxf/content/fediz.html (original) +++ websites/production/cxf/content/fediz.html Fri Aug 28 11:47:33 2015 @@ -99,7 +99,7 @@ Apache CXF -- Fediz td height=100% !-- Content -- div class=wiki-content -div id=ConfluenceContenth1 id=Fediz-ApacheCXFFediz:AnOpen-SourceWebSecurityFrameworkApache CXF Fediz: An Open-Source Web Security Framework/h1h2 id=Fediz-OverviewOverview/h2pApache CXF Fediz is a subproject of CXF. Fediz helps you to secure your web applications and delegates security enforcement to the underlying application server. With Fediz, authentication is externalized from your web application to an identity provider installed as a dedicated server component. The supported standard is a shape=rect class=external-link href=http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html#_Toc223175002; rel=nofollowWS-Federation Passive Requestor Profile/a. Fediz supports a shape=rect class=external-link href=http://en.wikipedia.org/wiki/Claims-based_identity; rel=nofollowClaims Based Access Control/a beyond Role Based Access Control (RBAC)./ph2 id=Fediz-NewsNews/h2pstrongAugust 12, 2015 - Apache CXF Fediz 1. 2.1 and 1.1.3 released!/strong/ppApache CXF Fediz 1.2.1 has been released. It contains an update to use Apache CXF 3.0.6, an update to use 2048 bit certificates to fix some issues with running the examples, support for SAML SSO Metadata in the IdP, as well as some other issues./ppApache CXF Fediz 1.1.3 has also been released. It contains an update to use Apache CXF 2.7.17, a fix for a NPE when ChainTrust is configured + no Subject is provided, and a dynamic STS realm parser./ppFor more information and to download the new releases, please go a shape=rect href=fediz-downloads.htmlhere/a./ph2 id=Fediz-FeaturesFeatures/h2pThe following features are supported by Fediz 1.2/pulliWS-Federation 1.0/1.1/1.2/liliSAML 1.1/2.0 Tokens/liliSupport for encrypted SAML Tokens (Release 1.1)/liliSupport for Holder-Of-Key SubjectConfirmationMethod (1.1)/liliCustom token Support/liliPublish WS-Federation Metadata document/liliRole information encoded as AttributeStatement in SAML 1.1/2.0 tokens/liliClaims information provided by FederationPrincipal Interface/liliSupport for Tomcat, Jetty, Websphere, Spring Security and CXF (1.1)/liliFediz IDP supports Resource IDP role as well (1.1)/liliA new REST API for the IdP (1.2)/liliSupport for logout in both the RP and IdP (1.2)/liliSupport for logging on to the IdP via Kerberos and TLS client authentication (1.2)/liliA new container-independent CXF plugin for WS-Federation (1.2)/liliSupport to use the IdP as an identity broker with a remote SAML SSO IdP (1.2)/li/ulpThe following features are planned for the next release:/pullisupport for other protocols like OAuth/li/ulpYou can get the current status of the enhancements a shape=rect class=external-link href=https://issues.apache.org/jira/browse/FEDIZ;here /a./ph2 id=Fediz-ArchitectureArchitecture/h2pThe Fediz architecture is described in more detail a shape= rect href=fediz-architecture.htmlhere/a./ph2 id=Fediz-DownloadDownload/h2pSee a shape=rect href=fediz-downloads.htmlhere/a./ph2 id=Fediz-GettingstartedGetting started/h2pThe WS-Federation specification defines the following parties involved during a web login:/pulliBrowser/liliIdentity Provider (IDP)br clear=none The IDP is a centralized, application independent runtime component which implements the protocol defined by WS-Federation. You can use any open source or commercial product that supports WS-Federation 1.1/1.2 as your IDP. It's recommended to use the Fediz IDP for testing as it allows for testing your web application in a sandbox without having all infrastructure components available. The Fediz IDP consists of two WAR components. The Security Token Service (STS) does most of the work including user authentication, claims/role data retrieval and creating the SAML token. The IDP WAR translates the response to an HTML response a llowing a browser to process it./liliRelying Party (RP)br clear=none The RP is a web application that needs to be protected. The RP must be able to implement the protocol as defined by WS-Federation. This component is called Fediz Plugin in this project which consists of container agnostic module/jar and a container specific jar. When an authenticated request is detected by the
cxf git commit: [CXF-6561] Removing catch blocks from ResourceOwnerGramtHandler
Repository: cxf Updated Branches: refs/heads/master d322272a5 - 3c0681f2d [CXF-6561] Removing catch blocks from ResourceOwnerGramtHandler Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3c0681f2 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3c0681f2 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3c0681f2 Branch: refs/heads/master Commit: 3c0681f2d546d096c8ce63f11a4920a37e1ac428 Parents: d322272 Author: Sergey Beryozkin sberyoz...@gmail.com Authored: Fri Aug 28 13:27:50 2015 +0100 Committer: Sergey Beryozkin sberyoz...@gmail.com Committed: Fri Aug 28 13:27:50 2015 +0100 -- .../grants/owner/ResourceOwnerGrantHandler.java| 17 - .../oauth2/services/AccessTokenService.java| 15 +++ 2 files changed, 15 insertions(+), 17 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/3c0681f2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java index f15fc7f..19e0f6b 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java @@ -47,20 +47,11 @@ public class ResourceOwnerGrantHandler extends AbstractGrantHandler { throw new OAuthServiceException( new OAuthError(OAuthConstants.INVALID_REQUEST)); } -UserSubject subject = null; -try { -subject = loginHandler.createSubject(ownerName, ownerPassword); -if (subject == null) { -throw new OAuthServiceException(OAuthConstants.INVALID_GRANT); -} -} catch (OAuthServiceException ex) { -throw ex; -} catch (RuntimeException ex) { -throw new OAuthServiceException(OAuthConstants.INVALID_GRANT, ex); +UserSubject subject = loginHandler.createSubject(ownerName, ownerPassword); +if (subject == null) { +throw new OAuthServiceException(OAuthConstants.INVALID_GRANT); } -return doCreateAccessToken(client, - subject, - params); +return doCreateAccessToken(client, subject, params); } public ResourceOwnerLoginHandler getLoginHandler() { http://git-wip-us.apache.org/repos/asf/cxf/blob/3c0681f2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java index af94464..8af601a 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java @@ -28,6 +28,7 @@ import javax.ws.rs.Consumes; import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.Produces; +import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.Response; @@ -99,8 +100,8 @@ public class AccessTokenService extends AbstractTokenService { checkAudience(params); } catch (OAuthServiceException ex) { return super.createErrorResponseFromBean(ex.getError()); -} - +} + // Find the grant handler AccessTokenGrantHandler handler = findGrantHandler(params); if (handler == null) { @@ -111,8 +112,14 @@ public class AccessTokenService extends AbstractTokenService { ServerAccessToken serverToken = null; try { serverToken = handler.createAccessToken(client, params); -} catch (OAuthServiceException ex) { -return handleException(ex, OAuthConstants.INVALID_GRANT); +} catch (WebApplicationException ex) { +throw ex; +} catch (RuntimeException ex) { +// This is done to bypass a Check-Style +// restriction on a number of
[3/4] cxf git commit: Moving to use new config
Moving to use new config Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ed0f2511 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ed0f2511 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ed0f2511 Branch: refs/heads/master Commit: ed0f25116f8620841ff96dd1b751d97c11eb09c3 Parents: 91c7b09 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Aug 28 12:04:59 2015 +0100 Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Aug 28 13:46:47 2015 +0100 -- .../src/main/resources/wssec-client-stax.xml| 8 ++--- .../sts/src/main/resources/wssec-client.xml | 8 ++--- .../cxf/systest/sts/basic_auth/cxf-service.xml | 4 +-- .../systest/sts/basic_auth/stax-cxf-service.xml | 4 +-- .../sts/binarysecuritytoken/cxf-service.xml | 2 +- .../binarysecuritytoken/stax-cxf-service.xml| 2 +- .../systest/sts/caching/cxf-caching-service.xml | 6 ++-- .../cxf/systest/sts/caching/cxf-client.xml | 12 .../cxf/systest/sts/claims/cxf-bad-client.xml | 8 ++--- .../systest/sts/claims/cxf-client-cbhandler.xml | 8 ++--- .../cxf/systest/sts/claims/cxf-client.xml | 14 - .../cxf/systest/sts/cross_domain/cxf-client.xml | 18 +-- .../sts/custom_onbehalfof/cxf-client.xml| 8 ++--- .../sts/custom_onbehalfof/cxf-service.xml | 2 +- .../sts/distributed_caching/cxf-client.xml | 12 .../sts/distributed_caching/cxf-service.xml | 6 ++-- .../systest/sts/kerberos/cxf-intermediary.xml | 8 ++--- .../cxf/systest/sts/realms/cxf-client.xml | 32 ++-- .../cxf/systest/sts/realms/cxf-service.xml | 32 ++-- .../apache/cxf/systest/sts/renew/cxf-client.xml | 26 .../cxf/systest/sts/secure_conv/cxf-client.xml | 10 +++--- .../cxf/systest/sts/secure_conv/cxf-service.xml | 6 ++-- .../cxf/systest/sts/soap12/cxf-client.xml | 8 ++--- .../cxf/systest/sts/soap12/cxf-service.xml | 8 ++--- .../cxf/systest/sts/soap12/stax-cxf-service.xml | 8 ++--- .../sts/sts_sender_vouches/cxf-client.xml | 8 ++--- .../systest/sts/transformation/cxf-service.xml | 4 +-- .../systest/sts/usernametoken/cxf-service.xml | 4 +-- .../sts/usernametoken/stax-cxf-service.xml | 2 +- .../cxf/systest/sts/asymmetric/cxf-client.xml | 14 - .../cxf/systest/sts/bearer/cxf-client.xml | 10 +++--- .../cxf-bad-client.xml | 8 ++--- .../intermediary_transformation/cxf-client.xml | 8 ++--- .../cxf-intermediary-caching.xml| 8 ++--- .../cxf-intermediary.xml| 8 ++--- .../cxf/systest/sts/issuer/cxf-client.xml | 24 +++ .../apache/cxf/systest/sts/jaas/cxf-service.xml | 4 +-- .../systest/sts/stsclient/cxf-client-name.xml | 6 ++-- .../sts/stsclient/cxf-default-client.xml| 6 ++-- .../cxf/systest/sts/symmetric/cxf-client.xml| 8 ++--- .../systest/sts/transport/cxf-bad-client.xml| 16 +- .../cxf/systest/sts/transport/cxf-client.xml| 20 ++-- .../systest/sts/username_actas/cxf-client.xml | 30 +- .../sts/username_onbehalfof/cxf-client.xml | 30 +- .../systest/sts/x509_symmetric/cxf-client.xml | 6 ++-- .../systest/sts/x509_symmetric/cxf-service.xml | 2 +- .../sts/x509_symmetric/cxf-stax-service.xml | 2 +- .../kerberos/wssec/kerberos/sts-client.xml | 8 ++--- .../cxf/systest/wssec/examples/saml/client.xml | 2 +- 49 files changed, 249 insertions(+), 249 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/ed0f2511/distribution/src/main/release/samples/sts/src/main/resources/wssec-client-stax.xml -- diff --git a/distribution/src/main/release/samples/sts/src/main/resources/wssec-client-stax.xml b/distribution/src/main/release/samples/sts/src/main/resources/wssec-client-stax.xml index 78c28c5..12c9245 100644 --- a/distribution/src/main/release/samples/sts/src/main/resources/wssec-client-stax.xml +++ b/distribution/src/main/release/samples/sts/src/main/resources/wssec-client-stax.xml @@ -31,7 +31,7 @@ entry key=security.encryption.properties value=clientKeystore.properties/ entry key=security.encryption.username value=myservicekey/ entry key=ws-security.enable.streaming value=true/ -entry key=ws-security.sts.client +entry key=security.sts.client bean class=org.apache.cxf.ws.security.trust.STSClient constructor-arg ref=cxf/ property name=wsdlLocation value=http://localhost:8080/SecurityTokenService/UT?wsdl/ @@ -47,11 +47,11 @@ in the WSP WSDL,
[4/4] cxf git commit: Move STS SecurityConstants to common class
Move STS SecurityConstants to common class Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/91c7b090 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/91c7b090 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/91c7b090 Branch: refs/heads/master Commit: 91c7b09005e8d32187283828ac348235b725e3e3 Parents: 3c0681f Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Aug 28 12:03:01 2015 +0100 Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Aug 28 13:46:47 2015 +0100 -- .../cxf/rt/security/SecurityConstants.java | 149 - .../cxf/rt/security/utils/SecurityUtils.java| 17 ++ .../cxf/ws/security/SecurityConstants.java | 159 +-- .../ws/security/trust/AbstractSTSClient.java| 30 +++- .../ws/security/trust/STSTokenRetriever.java| 30 ++-- .../apache/cxf/ws/security/trust/STSUtils.java | 24 +-- .../sts/asymmetric/AsymmetricBindingTest.java | 3 + .../cxf/systest/sts/common/TokenTestUtils.java | 9 ++ .../IntermediaryCachingPortTypeImpl.java| 3 + .../IntermediaryPortTypeImpl.java | 3 + .../UsernameActAsCachingTest.java | 6 + .../UsernameOnBehalfOfCachingTest.java | 6 + 12 files changed, 249 insertions(+), 190 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/91c7b090/rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java -- diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java b/rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java index 345c7da..acc671d 100644 --- a/rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java +++ b/rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java @@ -192,6 +192,148 @@ public class SecurityConstants { */ public static final String SUBJECT_CERT_CONSTRAINTS = security.subject.cert.constraints; +// +// STS Client Configuration tags +// + +/** + * A reference to the STSClient class used to communicate with the STS. + */ +public static final String STS_CLIENT = security.sts.client; + +/** + * The AppliesTo address to send to the STS. The default is the endpoint address of the + * service provider. + */ +public static final String STS_APPLIES_TO = security.sts.applies-to; + +/** + * Whether to write out an X509Certificate structure in UseKey/KeyInfo, or whether to write + * out a KeyValue structure. The default value is false. + */ +public static final String STS_TOKEN_USE_CERT_FOR_KEYINFO = security.sts.token.usecert; + +/** + * Whether to cancel a token when using SecureConversation after successful invocation. The + * default is false. + */ +public static final String STS_TOKEN_DO_CANCEL = security.sts.token.do.cancel; + +/** + * Whether to fall back to calling issue after failing to renew an expired token. Some + * STSs do not support the renew binding, and so we should just issue a new token after expiry. + * The default is true. + */ +public static final String STS_ISSUE_AFTER_FAILED_RENEW = security.issue.after.failed.renew; + +/** + * Set this to false to not cache a SecurityToken per proxy object in the + * IssuedTokenInterceptorProvider. This should be done if a token is being retrieved + * from an STS in an intermediary. The default value is true. + */ +public static final String CACHE_ISSUED_TOKEN_IN_ENDPOINT = +security.cache.issued.token.in.endpoint; + +/** + * Whether to avoid STS client trying send WS-MetadataExchange call using + * STS EPR WSA address when the endpoint contract contains no WS-MetadataExchange info. + * The default value is false. + */ +public static final String DISABLE_STS_CLIENT_WSMEX_CALL_USING_EPR_ADDRESS = +security.sts.disable-wsmex-call-using-epr-address; + +/** + * Whether to prefer to use WS-MEX over a STSClient's location/wsdlLocation properties + * when making an STS RequestSecurityToken call. This can be set to true for the scenario + * of making a WS-MEX call to an initial STS, and using the returned token to make another + * call to an STS (which is configured using the STSClient configuration). Default is + * false. + */ +public static final String PREFER_WSMEX_OVER_STS_CLIENT_CONFIG = +security.sts.prefer-wsmex; + +/** + * Switch STS client to send Soap 1.2 messages + */ +public static final String STS_CLIENT_SOAP12_BINDING = +security.sts.client-soap12-binding; + +
[2/4] cxf git commit: Moving to use new config
http://git-wip-us.apache.org/repos/asf/cxf/blob/ed0f2511/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml -- diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml index 25d649b..9921276 100644 --- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml @@ -45,7 +45,7 @@ bean id=defaultTokenStore class=org.apache.cxf.ws.security.tokenstore.MemoryTokenStore/ jaxws:client name={http://www.example.org/contract/DoubleIt}DoubleItTransportSAML2Port; createdFromAPI=true jaxws:properties -entry key=ws-security.sts.client +entry key=security.sts.client bean class=org.apache.cxf.ws.security.trust.STSClient constructor-arg ref=cxf/ property name=wsdlLocation value=https://localhost:8443/SecurityTokenService/Transport?wsdl/ @@ -56,9 +56,9 @@ map entry key=security.username value=bob/ entry key=security.callback-handler value=org.apache.cxf.systest.sts.common.CommonCallbackHandler/ -entry key=ws-security.sts.token.username value=myclientkey/ -entry key=ws-security.sts.token.properties value=clientKeystore.properties/ -entry key=ws-security.sts.token.usecert value=true/ +entry key=security.sts.token.username value=myclientkey/ +entry key=security.sts.token.properties value=clientKeystore.properties/ +entry key=security.sts.token.usecert value=true/ /map /property /bean http://git-wip-us.apache.org/repos/asf/cxf/blob/ed0f2511/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary.xml -- diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary.xml index 305e3b8..03c3d6d 100644 --- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary.xml +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary.xml @@ -44,7 +44,7 @@ bean id=delegationCallbackHandler class=org.apache.cxf.ws.security.trust.delegation.ReceivedTokenCallbackHandler/ jaxws:client name={http://www.example.org/contract/DoubleIt}DoubleItTransportSAML2Port; createdFromAPI=true jaxws:properties -entry key=ws-security.sts.client +entry key=security.sts.client bean class=org.apache.cxf.ws.security.trust.STSClient constructor-arg ref=cxf/ property name=wsdlLocation value=https://localhost:8443/SecurityTokenService/Transport?wsdl/ @@ -55,9 +55,9 @@ map entry key=security.username value=bob/ entry key=security.callback-handler value=org.apache.cxf.systest.sts.common.CommonCallbackHandler/ -entry key=ws-security.sts.token.username value=myclientkey/ -entry key=ws-security.sts.token.properties value=clientKeystore.properties/ -entry key=ws-security.sts.token.usecert value=true/ +entry key=security.sts.token.username value=myclientkey/ +entry key=security.sts.token.properties value=clientKeystore.properties/ +entry key=security.sts.token.usecert value=true/ /map /property /bean http://git-wip-us.apache.org/repos/asf/cxf/blob/ed0f2511/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/issuer/cxf-client.xml -- diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/issuer/cxf-client.xml
[1/4] cxf git commit: Fixing tests
Repository: cxf Updated Branches: refs/heads/master 3c0681f2d - 7fbbd1d13 Fixing tests Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7fbbd1d1 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7fbbd1d1 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7fbbd1d1 Branch: refs/heads/master Commit: 7fbbd1d13bbb7ccbbc1213ed86a456794583fd3e Parents: ed0f251 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Aug 28 13:46:40 2015 +0100 Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Aug 28 13:46:47 2015 +0100 -- .../cxf/systest/sts/symmetric/SymmetricBindingTest.java | 4 ++-- .../cxf/systest/sts/transport/TransportBindingTest.java | 8 2 files changed, 6 insertions(+), 6 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/7fbbd1d1/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/symmetric/SymmetricBindingTest.java -- diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/symmetric/SymmetricBindingTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/symmetric/SymmetricBindingTest.java index f2e308f..a3fc528 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/symmetric/SymmetricBindingTest.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/symmetric/SymmetricBindingTest.java @@ -274,7 +274,7 @@ public class SymmetricBindingTest extends AbstractBusClientServerTestBase { // Make a successful request Client client = ((DispatchImplDOMSource) dispatch).getClient(); -client.getRequestContext().put(ws-security.sts.client, stsClient); +client.getRequestContext().put(SecurityConstants.STS_CLIENT, stsClient); if (test.isStreaming()) { client.getRequestContext().put(SecurityConstants.ENABLE_STREAMING_SECURITY, true); @@ -315,7 +315,7 @@ public class SymmetricBindingTest extends AbstractBusClientServerTestBase { // Make a successful request Client client = ((DispatchImplDOMSource) dispatch).getClient(); -client.getRequestContext().put(ws-security.sts.client, stsClient); +client.getRequestContext().put(SecurityConstants.STS_CLIENT, stsClient); //client.getRequestContext().put(find.dispatch.operation, Boolean.TRUE); http://git-wip-us.apache.org/repos/asf/cxf/blob/7fbbd1d1/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/transport/TransportBindingTest.java -- diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/transport/TransportBindingTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/transport/TransportBindingTest.java index 1e6cebd..748d607 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/transport/TransportBindingTest.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/transport/TransportBindingTest.java @@ -321,8 +321,8 @@ public class TransportBindingTest extends AbstractBusClientServerTestBase { // Make a successful request Client client = ((DispatchImplDOMSource) dispatch).getClient(); -client.getRequestContext().put(security.username, alice); -client.getRequestContext().put(ws-security.sts.client, stsClient); +client.getRequestContext().put(SecurityConstants.USERNAME, alice); +client.getRequestContext().put(SecurityConstants.STS_CLIENT, stsClient); if (test.isStreaming()) { client.getRequestContext().put(SecurityConstants.ENABLE_STREAMING_SECURITY, true); @@ -364,8 +364,8 @@ public class TransportBindingTest extends AbstractBusClientServerTestBase { // Make a successful request Client client = ((DispatchImplDOMSource) dispatch).getClient(); -client.getRequestContext().put(security.username, alice); -client.getRequestContext().put(ws-security.sts.client, stsClient); +client.getRequestContext().put(SecurityConstants.USERNAME, alice); +client.getRequestContext().put(SecurityConstants.STS_CLIENT, stsClient); if (test.isStreaming()) { client.getRequestContext().put(SecurityConstants.ENABLE_STREAMING_SECURITY, true);
cxf git commit: NPE fix when exception is null
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes f3d875215 - 7ae54f4cc NPE fix when exception is null Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7ae54f4c Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7ae54f4c Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7ae54f4c Branch: refs/heads/3.0.x-fixes Commit: 7ae54f4cc76c5a10adddcfd7b1d25628b39178a8 Parents: f3d8752 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Aug 28 15:55:51 2015 +0100 Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Aug 28 15:56:35 2015 +0100 -- .../org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/7ae54f4c/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java -- diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java index 01169b7..5457a8d 100644 --- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java +++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java @@ -238,7 +238,11 @@ public abstract class AbstractSamlInHandler implements ContainerRequestFilter { protected void throwFault(String error, Exception ex) { // TODO: get bundle resource message once this filter is moved // to rt/rs/security -LOG.warning(error + : + ExceptionUtils.getStackTrace(ex)); +String errorMsg = error; +if (ex != null) { +errorMsg += : + ExceptionUtils.getStackTrace(ex); +} +LOG.warning(errorMsg); Response response = JAXRSUtils.toResponseBuilder(401).entity(error).build(); throw ExceptionUtils.toNotAuthorizedException(null, response); }
cxf git commit: NPE fix when exception is null
Repository: cxf Updated Branches: refs/heads/master 7fbbd1d13 - b9ebd26d1 NPE fix when exception is null Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b9ebd26d Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b9ebd26d Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b9ebd26d Branch: refs/heads/master Commit: b9ebd26d181cd31b124f384f29d8946512935335 Parents: 7fbbd1d Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Aug 28 15:55:51 2015 +0100 Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Aug 28 15:55:51 2015 +0100 -- .../org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/b9ebd26d/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java -- diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java index 9af0957..182730a 100644 --- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java +++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java @@ -259,7 +259,11 @@ public abstract class AbstractSamlInHandler implements ContainerRequestFilter { protected void throwFault(String error, Exception ex) { // TODO: get bundle resource message once this filter is moved // to rt/rs/security -LOG.warning(error + : + ExceptionUtils.getStackTrace(ex)); +String errorMsg = error; +if (ex != null) { +errorMsg += : + ExceptionUtils.getStackTrace(ex); +} +LOG.warning(errorMsg); Response response = JAXRSUtils.toResponseBuilder(401).entity(error).build(); throw ExceptionUtils.toNotAuthorizedException(null, response); }
[1/2] cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/2.7.x-fixes 2b15d7638 - 0e83f16ec Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0e83f16e Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0e83f16e Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0e83f16e Branch: refs/heads/2.7.x-fixes Commit: 0e83f16eca9f631f065ec62b30de982b4789f5e5 Parents: 88d9984 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Aug 28 15:59:40 2015 +0100 Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Aug 28 15:59:40 2015 +0100 -- .gitmergeinfo | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/0e83f16e/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index 22ecb6a..15582f0 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -2169,6 +2169,7 @@ B f34ea2c8d96f88c41420ec9b851240cd7197def3 B f360f14089d616160553b1ea336c0d51a0206443 B f372fffe46870f44ba491afbff1807d4a8799b75 B f388bc160dbb9013dc8b1539f2d5bf85d273683e +B f3d8752156de16b0686b4dd34935ba20187f3c5f B f3eaa61a2ac9c9a22b31519bbe0dc92f9cf84219 B f4038eebd6c287d55eabe7c72c4bd23e1a7df0e9 B f42f6b6ba6037850bd200923b72fd3e716ccbbff
[2/2] cxf git commit: NPE fix when exception is null
NPE fix when exception is null Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/88d99844 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/88d99844 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/88d99844 Branch: refs/heads/2.7.x-fixes Commit: 88d998449b0485eef5de60d9f63a6e9235652378 Parents: 2b15d76 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Aug 28 15:55:51 2015 +0100 Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Aug 28 15:59:40 2015 +0100 -- .../org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/88d99844/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java -- diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java index a209026..74ea1ac 100644 --- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java +++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java @@ -197,7 +197,11 @@ public abstract class AbstractSamlInHandler implements RequestHandler { protected void throwFault(String error, Exception ex) { // TODO: get bundle resource message once this filter is moved // to rt/rs/security -LOG.warning(error + : + ExceptionUtils.getStackTrace(ex)); +String errorMsg = error; +if (ex != null) { +errorMsg += : + ExceptionUtils.getStackTrace(ex); +} +LOG.warning(errorMsg); Response response = JAXRSUtils.toResponseBuilder(401).entity(error).build(); throw ExceptionUtils.toNotAuthorizedException(null, response); }
cxf git commit: [CXF-6568] Optionally making default WAE least specific
Repository: cxf Updated Branches: refs/heads/master b9ebd26d1 - 3261d7ddf [CXF-6568] Optionally making default WAE least specific Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3261d7dd Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3261d7dd Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3261d7dd Branch: refs/heads/master Commit: 3261d7ddf666781716e84b10b959c28018d19223 Parents: b9ebd26 Author: Sergey Beryozkin sberyoz...@gmail.com Authored: Fri Aug 28 17:53:35 2015 +0100 Committer: Sergey Beryozkin sberyoz...@gmail.com Committed: Fri Aug 28 17:53:35 2015 +0100 -- .../jaxrs/provider/ServerProviderFactory.java | 26 +- .../cxf/jaxrs/provider/ProviderFactoryTest.java | 36 2 files changed, 61 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/3261d7dd/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/ServerProviderFactory.java -- diff --git a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/ServerProviderFactory.java b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/ServerProviderFactory.java index f904ecb..bbcfa06 100644 --- a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/ServerProviderFactory.java +++ b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/ServerProviderFactory.java @@ -63,6 +63,7 @@ import org.apache.cxf.jaxrs.utils.AnnotationUtils; import org.apache.cxf.jaxrs.utils.InjectionUtils; import org.apache.cxf.jaxrs.utils.JAXRSUtils; import org.apache.cxf.message.Message; +import org.apache.cxf.message.MessageUtils; public final class ServerProviderFactory extends ProviderFactory { private static final SetClass? SERVER_FILTER_INTERCEPTOR_CLASSES = @@ -72,6 +73,7 @@ public final class ServerProviderFactory extends ProviderFactory { WriterInterceptor.class)); private static final String WADL_PROVIDER_NAME = org.apache.cxf.jaxrs.model.wadl.WadlGenerator; +private static final String MAKE_DEFAULT_WAE_LEAST_SPECIFIC = make.default.wae.least.specific; private ListProviderInfoExceptionMapper? exceptionMappers = new ArrayListProviderInfoExceptionMapper?(1); @@ -176,7 +178,10 @@ public final class ServerProviderFactory extends ProviderFactory { if (candidates.size() == 0) { return null; } -Collections.sort(candidates, new ProviderInfoClassComparator(exceptionType)); +boolean makeDefaultWaeLeastSpecific = +MessageUtils.getContextualBoolean(m, MAKE_DEFAULT_WAE_LEAST_SPECIFIC, false); +Collections.sort(candidates, new ExceptionProviderInfoComparator(exceptionType, + makeDefaultWaeLeastSpecific)); return (ExceptionMapperT) candidates.get(0).getProvider(); } @@ -605,5 +610,24 @@ public final class ServerProviderFactory extends ProviderFactory { return Priorities.USER; } } +public static class ExceptionProviderInfoComparator extends ProviderInfoClassComparator { +private boolean makeDefaultWaeLeastSpecific; +public ExceptionProviderInfoComparator(Class? expectedCls, boolean makeDefaultWaeLeastSpecific) { +super(expectedCls); +this.makeDefaultWaeLeastSpecific = makeDefaultWaeLeastSpecific; +} +public int compare(ProviderInfo? p1, ProviderInfo? p2) { +if (makeDefaultWaeLeastSpecific) { +if (p1.getProvider() instanceof WebApplicationExceptionMapper + !p1.isCustom()) { +return 1; +} else if (p2.getProvider() instanceof WebApplicationExceptionMapper + !p2.isCustom()) { +return -1; +} +} +return super.compare(p1, p2); +} +} } http://git-wip-us.apache.org/repos/asf/cxf/blob/3261d7dd/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/provider/ProviderFactoryTest.java -- diff --git a/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/provider/ProviderFactoryTest.java b/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/provider/ProviderFactoryTest.java index 7f6b209..f6a5869 100644 --- a/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/provider/ProviderFactoryTest.java +++ b/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/provider/ProviderFactoryTest.java @@ -373,6 +373,42 @@ public class ProviderFactoryTest extends Assert { } @Test +public void