svn commit: r963355 - in /websites/production/cxf/content: cache/docs.pageCache docs/security-configuration.html docs/ws-securitypolicy.html
Author: buildbot Date: Fri Aug 28 10:47:35 2015 New Revision: 963355 Log: Production update by buildbot for cxf Modified: websites/production/cxf/content/cache/docs.pageCache websites/production/cxf/content/docs/security-configuration.html websites/production/cxf/content/docs/ws-securitypolicy.html Modified: websites/production/cxf/content/cache/docs.pageCache == Binary files - no diff available. Modified: websites/production/cxf/content/docs/security-configuration.html == --- websites/production/cxf/content/docs/security-configuration.html (original) +++ websites/production/cxf/content/docs/security-configuration.html Fri Aug 28 10:47:35 2015 @@ -107,7 +107,7 @@ Apache CXF -- Security Configuration td height=100% !-- Content -- div class=wiki-content -div id=ConfluenceContenth2 id=SecurityConfiguration-BackgroundtocommonsecurityconfigurationBackground to common security configuration/h2pFrom Apache CXF 3.1.0, the a shape=rect href=ws-securitypolicy.htmlWS-SecurityPolicy/a and the a shape=rect href=jax-rs-xml-security.htmlXML Security/a (JAX-RS) components in CXF share a common set of configuration tags. Previously, the configuration tags were all defined in the SecurityConstants class in the cxf-rt-ws-security module. The JAX-RS XML Security component then referenced these configuration tags directly, which meant that the XML Security component had to have a dependency on a SOAP module, which was not ideal./ph2 id=SecurityConfiguration-NewconfigurationtagsinApacheCXF3.1.0New configuration tags in Apache CXF 3.1.0/h2pFrom Apache CXF 3.1.0, the cxf-rt-security module is now shared between both the WS-Security and JAX-RS XML Security modules, and contains a SecurityConstants class that defines s ecurity constants used by both stacks. These configuration tags are exactly the same as a set of previous configuration tags found in the WS-Security SecurityConstants class in previous releases, except that the prefix is now security (was ws-security). Here are the new set of configuration tags:/ph4 id=SecurityConfiguration-UserpropertiesUser properties/h4div class=table-wraptable class=confluenceTabletbodytrtd colspan=1 rowspan=1 class=confluenceTdpsecurity.username/p/tdtd colspan=1 rowspan=1 class=confluenceTdpThe user's name. It is used differently by each of the Security functions, see a shape=rect href=http://cxf.apache.org/javadoc/latest/org/apache/cxf/ws/security/SecurityConstants.html#USERNAME;here/a for more information./p/td/trtrtd colspan=1 rowspan=1 class=confluenceTdpsecurity.password/p/tdtd colspan=1 rowspan=1 class=confluenceTdpThe user's password when security.callback-handler i s not defined. It is currently only used for the case of adding a password to a UsernameToken./p/td/trtrtd colspan=1 rowspan=1 class=confluenceTdpsecurity.signature.username/p/tdtd colspan=1 rowspan=1 class=confluenceTdpThe user's name for signature. It is used as the alias name in the keystore to get the user's cert and private key for signature. See a shape=rect href=http://cxf.apache.org/javadoc/latest/org/apache/cxf/ws/security/SecurityConstants.html#SIGNATURE_USERNAME;here/a for more information./p/td/trtrtd colspan=1 rowspan=1 class=confluenceTdpsecurity.encryption.username/p/tdtd colspan=1 rowspan=1 class=confluenceTdpThe user's name for encryption. It is used as the alias name in the keystore to get the user's public key for encryption. See a shape=rect href=http://cxf.apache.org/javadoc/latest/org/apache/cxf/ws/security/SecurityConstants.html#ENCRYPT_USERNAME;here/a for more information./p/td /tr/tbody/table/divh4 id=SecurityConfiguration-CallbackClassandCryptopropertiesCallback Class and Crypto properties/h4div class=table-wraptable class=confluenceTabletbodytrtd colspan=1 rowspan=1 class=confluenceTdpsecurity.callback-handler/p/tdtd colspan=1 rowspan=1 class=confluenceTdpThe CallbackHandler a shape=rect href=http://cxf.apache.org/javadoc/latest/org/apache/cxf/ws/security/SecurityConstants.html#CALLBACK_HANDLER;implementation/a class used to obtain passwords./p/td/trtrtd colspan=1 rowspan=1 class=confluenceTdpsecurity.saml-callback-handler/p/tdtd colspan=1 rowspan=1 class=confluenceTdpThe SAML CallbackHandler a shape=rect href=http://cxf.apache.org/javadoc/latest/org/apache/cxf/ws/security/SecurityConstants.html#SAML_CALLBACK_HANDLER;implementation/a class used to construct SAML Assertions./p/td/trtrtd colspan=1 rowspan=1 class=confluenceTdpsecurity.signature .properties/p/tdtd colspan=1 rowspan=1 class=confluenceTdpThe Crypto property a shape=rect href=http://cxf.apache.org/javadoc/latest/org/apache/cxf/ws/security/SecurityConstants.html#SIGNATURE_PROPERTIES;configuration/a to use for signature, if security.signature.crypto is not set instead./p/td/trtrtd
cxf git commit: [CXF-6561] Removing catch blocks from ResourceOwnerGramtHandler
Repository: cxf
Updated Branches:
refs/heads/3.0.x-fixes fa6136f83 - 3ce7b636f
[CXF-6561] Removing catch blocks from ResourceOwnerGramtHandler
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3ce7b636
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3ce7b636
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3ce7b636
Branch: refs/heads/3.0.x-fixes
Commit: 3ce7b636f10a48cff703a24a3f13a65093b57259
Parents: fa6136f
Author: Sergey Beryozkin sberyoz...@gmail.com
Authored: Fri Aug 28 13:27:50 2015 +0100
Committer: Sergey Beryozkin sberyoz...@gmail.com
Committed: Fri Aug 28 13:29:15 2015 +0100
--
.../grants/owner/ResourceOwnerGrantHandler.java| 17 -
.../oauth2/services/AccessTokenService.java| 15 +++
2 files changed, 15 insertions(+), 17 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/3ce7b636/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
--
diff --git
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
index f15fc7f..19e0f6b 100644
---
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
+++
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
@@ -47,20 +47,11 @@ public class ResourceOwnerGrantHandler extends
AbstractGrantHandler {
throw new OAuthServiceException(
new OAuthError(OAuthConstants.INVALID_REQUEST));
}
-UserSubject subject = null;
-try {
-subject = loginHandler.createSubject(ownerName, ownerPassword);
-if (subject == null) {
-throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
-}
-} catch (OAuthServiceException ex) {
-throw ex;
-} catch (RuntimeException ex) {
-throw new OAuthServiceException(OAuthConstants.INVALID_GRANT, ex);
+UserSubject subject = loginHandler.createSubject(ownerName,
ownerPassword);
+if (subject == null) {
+throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
}
-return doCreateAccessToken(client,
- subject,
- params);
+return doCreateAccessToken(client, subject, params);
}
public ResourceOwnerLoginHandler getLoginHandler() {
http://git-wip-us.apache.org/repos/asf/cxf/blob/3ce7b636/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
--
diff --git
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
index af94464..8af601a 100644
---
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
+++
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
@@ -28,6 +28,7 @@ import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
+import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
@@ -99,8 +100,8 @@ public class AccessTokenService extends AbstractTokenService
{
checkAudience(params);
} catch (OAuthServiceException ex) {
return super.createErrorResponseFromBean(ex.getError());
-}
-
+}
+
// Find the grant handler
AccessTokenGrantHandler handler = findGrantHandler(params);
if (handler == null) {
@@ -111,8 +112,14 @@ public class AccessTokenService extends
AbstractTokenService {
ServerAccessToken serverToken = null;
try {
serverToken = handler.createAccessToken(client, params);
-} catch (OAuthServiceException ex) {
-return handleException(ex, OAuthConstants.INVALID_GRANT);
+} catch (WebApplicationException ex) {
+throw ex;
+} catch (RuntimeException ex) {
+// This is done to bypass a Check-Style
+// restriction on a
cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 3ce7b636f - f3d875215 Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f3d87521 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f3d87521 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f3d87521 Branch: refs/heads/3.0.x-fixes Commit: f3d8752156de16b0686b4dd34935ba20187f3c5f Parents: 3ce7b63 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Aug 28 13:52:03 2015 +0100 Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Aug 28 13:52:03 2015 +0100 -- .gitmergeinfo | 3 +++ 1 file changed, 3 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/f3d87521/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index 8180c00..f54cfd3 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -225,6 +225,7 @@ B 7e82d2f10a1ca14a939d2c63ca4e620f8870e256 B 7e8d0b4b1cd868272380ca5779e67a15e46cf799 B 7e95279dd1170f5878687d7eea27f7d7f03a434b B 7f7cc3c390b95f9d7589eb192538551416c313db +B 7fbbd1d13bbb7ccbbc1213ed86a456794583fd3e B 80014cf0e6fb1ba62ffdb3766acffd2130eef9d6 B 80d7128a3ba1944a603c73e5e908d86c9bf27648 B 8176b1b0faad2de44a4ff85083c74b5a4b74918a @@ -250,6 +251,7 @@ B 8ee1ce727f04099b2bbeea4164ad38005de769b3 B 8f967643447ceec89e58b079d8d8fc00cf232a02 B 8fd8c552f4c2a980a5138de19a2b74104776a4ba B 90312bc48f6e564bcafdaaebc3cd596c966ee674 +B 91c7b09005e8d32187283828ac348235b725e3e3 B 91d6630c53f222544e4bb512fb5c918d68518138 B 92502a5e2af6e5d3c544f89396de2d05d539fd41 B 92c4738f9e6b96fe0ce8586bb36b9c6444d6e225 @@ -403,6 +405,7 @@ B eba07e615684e475772a7a2d23d7e93a0b099485 B ec3a49b094019544e525aa1b14f494ca3217f17b B ec4435d70cb0097e34f38bc0f47c0faca03b4bb0 B ecbf4e78586870a507fe4cf91239d51c3f202aad +B ed0f25116f8620841ff96dd1b751d97c11eb09c3 B ed18c008f05af7063d5929d072b86048d12dab4c B ee64acf5f8370cd1e33719e4d9d4e9922e386602 B eee2a947d867c403c212677cf942b3d07fa06fd7
svn commit: r963360 - in /websites/production/cxf/content: cache/main.pageCache fediz.html
Author: buildbot Date: Fri Aug 28 11:47:33 2015 New Revision: 963360 Log: Production update by buildbot for cxf Modified: websites/production/cxf/content/cache/main.pageCache websites/production/cxf/content/fediz.html Modified: websites/production/cxf/content/cache/main.pageCache == Binary files - no diff available. Modified: websites/production/cxf/content/fediz.html == --- websites/production/cxf/content/fediz.html (original) +++ websites/production/cxf/content/fediz.html Fri Aug 28 11:47:33 2015 @@ -99,7 +99,7 @@ Apache CXF -- Fediz td height=100% !-- Content -- div class=wiki-content -div id=ConfluenceContenth1 id=Fediz-ApacheCXFFediz:AnOpen-SourceWebSecurityFrameworkApache CXF Fediz: An Open-Source Web Security Framework/h1h2 id=Fediz-OverviewOverview/h2pApache CXF Fediz is a subproject of CXF. Fediz helps you to secure your web applications and delegates security enforcement to the underlying application server. With Fediz, authentication is externalized from your web application to an identity provider installed as a dedicated server component. The supported standard is a shape=rect class=external-link href=http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html#_Toc223175002; rel=nofollowWS-Federation Passive Requestor Profile/a. Fediz supports a shape=rect class=external-link href=http://en.wikipedia.org/wiki/Claims-based_identity; rel=nofollowClaims Based Access Control/a beyond Role Based Access Control (RBAC)./ph2 id=Fediz-NewsNews/h2pstrongAugust 12, 2015 - Apache CXF Fediz 1. 2.1 and 1.1.3 released!/strong/ppApache CXF Fediz 1.2.1 has been released. It contains an update to use Apache CXF 3.0.6, an update to use 2048 bit certificates to fix some issues with running the examples, support for SAML SSO Metadata in the IdP, as well as some other issues./ppApache CXF Fediz 1.1.3 has also been released. It contains an update to use Apache CXF 2.7.17, a fix for a NPE when ChainTrust is configured + no Subject is provided, and a dynamic STS realm parser./ppFor more information and to download the new releases, please go a shape=rect href=fediz-downloads.htmlhere/a./ph2 id=Fediz-FeaturesFeatures/h2pThe following features are supported by Fediz 1.2/pulliWS-Federation 1.0/1.1/1.2/liliSAML 1.1/2.0 Tokens/liliSupport for encrypted SAML Tokens (Release 1.1)/liliSupport for Holder-Of-Key SubjectConfirmationMethod (1.1)/liliCustom token Support/liliPublish WS-Federation Metadata document/liliRole information encoded as AttributeStatement in SAML 1.1/2.0 tokens/liliClaims information provided by FederationPrincipal Interface/liliSupport for Tomcat, Jetty, Websphere, Spring Security and CXF (1.1)/liliFediz IDP supports Resource IDP role as well (1.1)/liliA new REST API for the IdP (1.2)/liliSupport for logout in both the RP and IdP (1.2)/liliSupport for logging on to the IdP via Kerberos and TLS client authentication (1.2)/liliA new container-independent CXF plugin for WS-Federation (1.2)/liliSupport to use the IdP as an identity broker with a remote SAML SSO IdP (1.2)/li/ulpThe following features are planned for the next release:/pullisupport for other protocols like OAuth/li/ulpYou can get the current status of the enhancements a shape=rect class=external-link href=https://issues.apache.org/jira/browse/FEDIZ;here /a./ph2 id=Fediz-ArchitectureArchitecture/h2pThe Fediz architecture is described in more detail a shape= rect href=fediz-architecture.htmlhere/a./ph2 id=Fediz-DownloadDownload/h2pSee a shape=rect href=fediz-downloads.htmlhere/a./ph2 id=Fediz-GettingstartedGetting started/h2pThe WS-Federation specification defines the following parties involved during a web login:/pulliBrowser/liliIdentity Provider (IDP)br clear=none The IDP is a centralized, application independent runtime component which implements the protocol defined by WS-Federation. You can use any open source or commercial product that supports WS-Federation 1.1/1.2 as your IDP. It's recommended to use the Fediz IDP for testing as it allows for testing your web application in a sandbox without having all infrastructure components available. The Fediz IDP consists of two WAR components. The Security Token Service (STS) does most of the work including user authentication, claims/role data retrieval and creating the SAML token. The IDP WAR translates the response to an HTML response a llowing a browser to process it./liliRelying Party (RP)br clear=none The RP is a web application that needs to be protected. The RP must be able to implement the protocol as defined by WS-Federation. This component is called Fediz Plugin in this project which consists of container agnostic module/jar and a container specific jar. When an authenticated request is detected by the
cxf git commit: [CXF-6561] Removing catch blocks from ResourceOwnerGramtHandler
Repository: cxf
Updated Branches:
refs/heads/master d322272a5 - 3c0681f2d
[CXF-6561] Removing catch blocks from ResourceOwnerGramtHandler
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3c0681f2
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3c0681f2
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3c0681f2
Branch: refs/heads/master
Commit: 3c0681f2d546d096c8ce63f11a4920a37e1ac428
Parents: d322272
Author: Sergey Beryozkin sberyoz...@gmail.com
Authored: Fri Aug 28 13:27:50 2015 +0100
Committer: Sergey Beryozkin sberyoz...@gmail.com
Committed: Fri Aug 28 13:27:50 2015 +0100
--
.../grants/owner/ResourceOwnerGrantHandler.java| 17 -
.../oauth2/services/AccessTokenService.java| 15 +++
2 files changed, 15 insertions(+), 17 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/3c0681f2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
--
diff --git
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
index f15fc7f..19e0f6b 100644
---
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
+++
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
@@ -47,20 +47,11 @@ public class ResourceOwnerGrantHandler extends
AbstractGrantHandler {
throw new OAuthServiceException(
new OAuthError(OAuthConstants.INVALID_REQUEST));
}
-UserSubject subject = null;
-try {
-subject = loginHandler.createSubject(ownerName, ownerPassword);
-if (subject == null) {
-throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
-}
-} catch (OAuthServiceException ex) {
-throw ex;
-} catch (RuntimeException ex) {
-throw new OAuthServiceException(OAuthConstants.INVALID_GRANT, ex);
+UserSubject subject = loginHandler.createSubject(ownerName,
ownerPassword);
+if (subject == null) {
+throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
}
-return doCreateAccessToken(client,
- subject,
- params);
+return doCreateAccessToken(client, subject, params);
}
public ResourceOwnerLoginHandler getLoginHandler() {
http://git-wip-us.apache.org/repos/asf/cxf/blob/3c0681f2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
--
diff --git
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
index af94464..8af601a 100644
---
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
+++
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
@@ -28,6 +28,7 @@ import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
+import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
@@ -99,8 +100,8 @@ public class AccessTokenService extends AbstractTokenService
{
checkAudience(params);
} catch (OAuthServiceException ex) {
return super.createErrorResponseFromBean(ex.getError());
-}
-
+}
+
// Find the grant handler
AccessTokenGrantHandler handler = findGrantHandler(params);
if (handler == null) {
@@ -111,8 +112,14 @@ public class AccessTokenService extends
AbstractTokenService {
ServerAccessToken serverToken = null;
try {
serverToken = handler.createAccessToken(client, params);
-} catch (OAuthServiceException ex) {
-return handleException(ex, OAuthConstants.INVALID_GRANT);
+} catch (WebApplicationException ex) {
+throw ex;
+} catch (RuntimeException ex) {
+// This is done to bypass a Check-Style
+// restriction on a number of
[3/4] cxf git commit: Moving to use new config
Moving to use new config Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ed0f2511 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ed0f2511 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ed0f2511 Branch: refs/heads/master Commit: ed0f25116f8620841ff96dd1b751d97c11eb09c3 Parents: 91c7b09 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Aug 28 12:04:59 2015 +0100 Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Aug 28 13:46:47 2015 +0100 -- .../src/main/resources/wssec-client-stax.xml| 8 ++--- .../sts/src/main/resources/wssec-client.xml | 8 ++--- .../cxf/systest/sts/basic_auth/cxf-service.xml | 4 +-- .../systest/sts/basic_auth/stax-cxf-service.xml | 4 +-- .../sts/binarysecuritytoken/cxf-service.xml | 2 +- .../binarysecuritytoken/stax-cxf-service.xml| 2 +- .../systest/sts/caching/cxf-caching-service.xml | 6 ++-- .../cxf/systest/sts/caching/cxf-client.xml | 12 .../cxf/systest/sts/claims/cxf-bad-client.xml | 8 ++--- .../systest/sts/claims/cxf-client-cbhandler.xml | 8 ++--- .../cxf/systest/sts/claims/cxf-client.xml | 14 - .../cxf/systest/sts/cross_domain/cxf-client.xml | 18 +-- .../sts/custom_onbehalfof/cxf-client.xml| 8 ++--- .../sts/custom_onbehalfof/cxf-service.xml | 2 +- .../sts/distributed_caching/cxf-client.xml | 12 .../sts/distributed_caching/cxf-service.xml | 6 ++-- .../systest/sts/kerberos/cxf-intermediary.xml | 8 ++--- .../cxf/systest/sts/realms/cxf-client.xml | 32 ++-- .../cxf/systest/sts/realms/cxf-service.xml | 32 ++-- .../apache/cxf/systest/sts/renew/cxf-client.xml | 26 .../cxf/systest/sts/secure_conv/cxf-client.xml | 10 +++--- .../cxf/systest/sts/secure_conv/cxf-service.xml | 6 ++-- .../cxf/systest/sts/soap12/cxf-client.xml | 8 ++--- .../cxf/systest/sts/soap12/cxf-service.xml | 8 ++--- .../cxf/systest/sts/soap12/stax-cxf-service.xml | 8 ++--- .../sts/sts_sender_vouches/cxf-client.xml | 8 ++--- .../systest/sts/transformation/cxf-service.xml | 4 +-- .../systest/sts/usernametoken/cxf-service.xml | 4 +-- .../sts/usernametoken/stax-cxf-service.xml | 2 +- .../cxf/systest/sts/asymmetric/cxf-client.xml | 14 - .../cxf/systest/sts/bearer/cxf-client.xml | 10 +++--- .../cxf-bad-client.xml | 8 ++--- .../intermediary_transformation/cxf-client.xml | 8 ++--- .../cxf-intermediary-caching.xml| 8 ++--- .../cxf-intermediary.xml| 8 ++--- .../cxf/systest/sts/issuer/cxf-client.xml | 24 +++ .../apache/cxf/systest/sts/jaas/cxf-service.xml | 4 +-- .../systest/sts/stsclient/cxf-client-name.xml | 6 ++-- .../sts/stsclient/cxf-default-client.xml| 6 ++-- .../cxf/systest/sts/symmetric/cxf-client.xml| 8 ++--- .../systest/sts/transport/cxf-bad-client.xml| 16 +- .../cxf/systest/sts/transport/cxf-client.xml| 20 ++-- .../systest/sts/username_actas/cxf-client.xml | 30 +- .../sts/username_onbehalfof/cxf-client.xml | 30 +- .../systest/sts/x509_symmetric/cxf-client.xml | 6 ++-- .../systest/sts/x509_symmetric/cxf-service.xml | 2 +- .../sts/x509_symmetric/cxf-stax-service.xml | 2 +- .../kerberos/wssec/kerberos/sts-client.xml | 8 ++--- .../cxf/systest/wssec/examples/saml/client.xml | 2 +- 49 files changed, 249 insertions(+), 249 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/ed0f2511/distribution/src/main/release/samples/sts/src/main/resources/wssec-client-stax.xml -- diff --git a/distribution/src/main/release/samples/sts/src/main/resources/wssec-client-stax.xml b/distribution/src/main/release/samples/sts/src/main/resources/wssec-client-stax.xml index 78c28c5..12c9245 100644 --- a/distribution/src/main/release/samples/sts/src/main/resources/wssec-client-stax.xml +++ b/distribution/src/main/release/samples/sts/src/main/resources/wssec-client-stax.xml @@ -31,7 +31,7 @@ entry key=security.encryption.properties value=clientKeystore.properties/ entry key=security.encryption.username value=myservicekey/ entry key=ws-security.enable.streaming value=true/ -entry key=ws-security.sts.client +entry key=security.sts.client bean class=org.apache.cxf.ws.security.trust.STSClient constructor-arg ref=cxf/ property name=wsdlLocation value=http://localhost:8080/SecurityTokenService/UT?wsdl/ @@ -47,11 +47,11 @@ in the WSP WSDL,
[4/4] cxf git commit: Move STS SecurityConstants to common class
Move STS SecurityConstants to common class
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/91c7b090
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/91c7b090
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/91c7b090
Branch: refs/heads/master
Commit: 91c7b09005e8d32187283828ac348235b725e3e3
Parents: 3c0681f
Author: Colm O hEigeartaigh cohei...@apache.org
Authored: Fri Aug 28 12:03:01 2015 +0100
Committer: Colm O hEigeartaigh cohei...@apache.org
Committed: Fri Aug 28 13:46:47 2015 +0100
--
.../cxf/rt/security/SecurityConstants.java | 149 -
.../cxf/rt/security/utils/SecurityUtils.java| 17 ++
.../cxf/ws/security/SecurityConstants.java | 159 +--
.../ws/security/trust/AbstractSTSClient.java| 30 +++-
.../ws/security/trust/STSTokenRetriever.java| 30 ++--
.../apache/cxf/ws/security/trust/STSUtils.java | 24 +--
.../sts/asymmetric/AsymmetricBindingTest.java | 3 +
.../cxf/systest/sts/common/TokenTestUtils.java | 9 ++
.../IntermediaryCachingPortTypeImpl.java| 3 +
.../IntermediaryPortTypeImpl.java | 3 +
.../UsernameActAsCachingTest.java | 6 +
.../UsernameOnBehalfOfCachingTest.java | 6 +
12 files changed, 249 insertions(+), 190 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/91c7b090/rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java
--
diff --git
a/rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java
b/rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java
index 345c7da..acc671d 100644
---
a/rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java
+++
b/rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java
@@ -192,6 +192,148 @@ public class SecurityConstants {
*/
public static final String SUBJECT_CERT_CONSTRAINTS =
security.subject.cert.constraints;
+//
+// STS Client Configuration tags
+//
+
+/**
+ * A reference to the STSClient class used to communicate with the STS.
+ */
+public static final String STS_CLIENT = security.sts.client;
+
+/**
+ * The AppliesTo address to send to the STS. The default is the endpoint
address of the
+ * service provider.
+ */
+public static final String STS_APPLIES_TO = security.sts.applies-to;
+
+/**
+ * Whether to write out an X509Certificate structure in UseKey/KeyInfo, or
whether to write
+ * out a KeyValue structure. The default value is false.
+ */
+public static final String STS_TOKEN_USE_CERT_FOR_KEYINFO =
security.sts.token.usecert;
+
+/**
+ * Whether to cancel a token when using SecureConversation after
successful invocation. The
+ * default is false.
+ */
+public static final String STS_TOKEN_DO_CANCEL =
security.sts.token.do.cancel;
+
+/**
+ * Whether to fall back to calling issue after failing to renew an
expired token. Some
+ * STSs do not support the renew binding, and so we should just issue a
new token after expiry.
+ * The default is true.
+ */
+public static final String STS_ISSUE_AFTER_FAILED_RENEW =
security.issue.after.failed.renew;
+
+/**
+ * Set this to false to not cache a SecurityToken per proxy object in
the
+ * IssuedTokenInterceptorProvider. This should be done if a token is being
retrieved
+ * from an STS in an intermediary. The default value is true.
+ */
+public static final String CACHE_ISSUED_TOKEN_IN_ENDPOINT =
+security.cache.issued.token.in.endpoint;
+
+/**
+ * Whether to avoid STS client trying send WS-MetadataExchange call using
+ * STS EPR WSA address when the endpoint contract contains no
WS-MetadataExchange info.
+ * The default value is false.
+ */
+public static final String DISABLE_STS_CLIENT_WSMEX_CALL_USING_EPR_ADDRESS
=
+security.sts.disable-wsmex-call-using-epr-address;
+
+/**
+ * Whether to prefer to use WS-MEX over a STSClient's
location/wsdlLocation properties
+ * when making an STS RequestSecurityToken call. This can be set to true
for the scenario
+ * of making a WS-MEX call to an initial STS, and using the returned token
to make another
+ * call to an STS (which is configured using the STSClient configuration).
Default is
+ * false.
+ */
+public static final String PREFER_WSMEX_OVER_STS_CLIENT_CONFIG =
+security.sts.prefer-wsmex;
+
+/**
+ * Switch STS client to send Soap 1.2 messages
+ */
+public static final String STS_CLIENT_SOAP12_BINDING =
+security.sts.client-soap12-binding;
+
+
[2/4] cxf git commit: Moving to use new config
http://git-wip-us.apache.org/repos/asf/cxf/blob/ed0f2511/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml
--
diff --git
a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml
b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml
index 25d649b..9921276 100644
---
a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml
+++
b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml
@@ -45,7 +45,7 @@
bean id=defaultTokenStore
class=org.apache.cxf.ws.security.tokenstore.MemoryTokenStore/
jaxws:client
name={http://www.example.org/contract/DoubleIt}DoubleItTransportSAML2Port;
createdFromAPI=true
jaxws:properties
-entry key=ws-security.sts.client
+entry key=security.sts.client
bean class=org.apache.cxf.ws.security.trust.STSClient
constructor-arg ref=cxf/
property name=wsdlLocation
value=https://localhost:8443/SecurityTokenService/Transport?wsdl/
@@ -56,9 +56,9 @@
map
entry key=security.username value=bob/
entry key=security.callback-handler
value=org.apache.cxf.systest.sts.common.CommonCallbackHandler/
-entry key=ws-security.sts.token.username
value=myclientkey/
-entry key=ws-security.sts.token.properties
value=clientKeystore.properties/
-entry key=ws-security.sts.token.usecert
value=true/
+entry key=security.sts.token.username
value=myclientkey/
+entry key=security.sts.token.properties
value=clientKeystore.properties/
+entry key=security.sts.token.usecert
value=true/
/map
/property
/bean
http://git-wip-us.apache.org/repos/asf/cxf/blob/ed0f2511/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary.xml
--
diff --git
a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary.xml
b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary.xml
index 305e3b8..03c3d6d 100644
---
a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary.xml
+++
b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary.xml
@@ -44,7 +44,7 @@
bean id=delegationCallbackHandler
class=org.apache.cxf.ws.security.trust.delegation.ReceivedTokenCallbackHandler/
jaxws:client
name={http://www.example.org/contract/DoubleIt}DoubleItTransportSAML2Port;
createdFromAPI=true
jaxws:properties
-entry key=ws-security.sts.client
+entry key=security.sts.client
bean class=org.apache.cxf.ws.security.trust.STSClient
constructor-arg ref=cxf/
property name=wsdlLocation
value=https://localhost:8443/SecurityTokenService/Transport?wsdl/
@@ -55,9 +55,9 @@
map
entry key=security.username value=bob/
entry key=security.callback-handler
value=org.apache.cxf.systest.sts.common.CommonCallbackHandler/
-entry key=ws-security.sts.token.username
value=myclientkey/
-entry key=ws-security.sts.token.properties
value=clientKeystore.properties/
-entry key=ws-security.sts.token.usecert
value=true/
+entry key=security.sts.token.username
value=myclientkey/
+entry key=security.sts.token.properties
value=clientKeystore.properties/
+entry key=security.sts.token.usecert
value=true/
/map
/property
/bean
http://git-wip-us.apache.org/repos/asf/cxf/blob/ed0f2511/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/issuer/cxf-client.xml
--
diff --git
a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/issuer/cxf-client.xml
[1/4] cxf git commit: Fixing tests
Repository: cxf
Updated Branches:
refs/heads/master 3c0681f2d - 7fbbd1d13
Fixing tests
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7fbbd1d1
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7fbbd1d1
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7fbbd1d1
Branch: refs/heads/master
Commit: 7fbbd1d13bbb7ccbbc1213ed86a456794583fd3e
Parents: ed0f251
Author: Colm O hEigeartaigh cohei...@apache.org
Authored: Fri Aug 28 13:46:40 2015 +0100
Committer: Colm O hEigeartaigh cohei...@apache.org
Committed: Fri Aug 28 13:46:47 2015 +0100
--
.../cxf/systest/sts/symmetric/SymmetricBindingTest.java | 4 ++--
.../cxf/systest/sts/transport/TransportBindingTest.java | 8
2 files changed, 6 insertions(+), 6 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/7fbbd1d1/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/symmetric/SymmetricBindingTest.java
--
diff --git
a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/symmetric/SymmetricBindingTest.java
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/symmetric/SymmetricBindingTest.java
index f2e308f..a3fc528 100644
---
a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/symmetric/SymmetricBindingTest.java
+++
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/symmetric/SymmetricBindingTest.java
@@ -274,7 +274,7 @@ public class SymmetricBindingTest extends
AbstractBusClientServerTestBase {
// Make a successful request
Client client = ((DispatchImplDOMSource) dispatch).getClient();
-client.getRequestContext().put(ws-security.sts.client, stsClient);
+client.getRequestContext().put(SecurityConstants.STS_CLIENT,
stsClient);
if (test.isStreaming()) {
client.getRequestContext().put(SecurityConstants.ENABLE_STREAMING_SECURITY,
true);
@@ -315,7 +315,7 @@ public class SymmetricBindingTest extends
AbstractBusClientServerTestBase {
// Make a successful request
Client client = ((DispatchImplDOMSource) dispatch).getClient();
-client.getRequestContext().put(ws-security.sts.client, stsClient);
+client.getRequestContext().put(SecurityConstants.STS_CLIENT,
stsClient);
//client.getRequestContext().put(find.dispatch.operation,
Boolean.TRUE);
http://git-wip-us.apache.org/repos/asf/cxf/blob/7fbbd1d1/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/transport/TransportBindingTest.java
--
diff --git
a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/transport/TransportBindingTest.java
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/transport/TransportBindingTest.java
index 1e6cebd..748d607 100644
---
a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/transport/TransportBindingTest.java
+++
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/transport/TransportBindingTest.java
@@ -321,8 +321,8 @@ public class TransportBindingTest extends
AbstractBusClientServerTestBase {
// Make a successful request
Client client = ((DispatchImplDOMSource) dispatch).getClient();
-client.getRequestContext().put(security.username, alice);
-client.getRequestContext().put(ws-security.sts.client, stsClient);
+client.getRequestContext().put(SecurityConstants.USERNAME, alice);
+client.getRequestContext().put(SecurityConstants.STS_CLIENT,
stsClient);
if (test.isStreaming()) {
client.getRequestContext().put(SecurityConstants.ENABLE_STREAMING_SECURITY,
true);
@@ -364,8 +364,8 @@ public class TransportBindingTest extends
AbstractBusClientServerTestBase {
// Make a successful request
Client client = ((DispatchImplDOMSource) dispatch).getClient();
-client.getRequestContext().put(security.username, alice);
-client.getRequestContext().put(ws-security.sts.client, stsClient);
+client.getRequestContext().put(SecurityConstants.USERNAME, alice);
+client.getRequestContext().put(SecurityConstants.STS_CLIENT,
stsClient);
if (test.isStreaming()) {
client.getRequestContext().put(SecurityConstants.ENABLE_STREAMING_SECURITY,
true);
cxf git commit: NPE fix when exception is null
Repository: cxf
Updated Branches:
refs/heads/3.0.x-fixes f3d875215 - 7ae54f4cc
NPE fix when exception is null
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7ae54f4c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7ae54f4c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7ae54f4c
Branch: refs/heads/3.0.x-fixes
Commit: 7ae54f4cc76c5a10adddcfd7b1d25628b39178a8
Parents: f3d8752
Author: Colm O hEigeartaigh cohei...@apache.org
Authored: Fri Aug 28 15:55:51 2015 +0100
Committer: Colm O hEigeartaigh cohei...@apache.org
Committed: Fri Aug 28 15:56:35 2015 +0100
--
.../org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/7ae54f4c/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
--
diff --git
a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
index 01169b7..5457a8d 100644
---
a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
+++
b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
@@ -238,7 +238,11 @@ public abstract class AbstractSamlInHandler implements
ContainerRequestFilter {
protected void throwFault(String error, Exception ex) {
// TODO: get bundle resource message once this filter is moved
// to rt/rs/security
-LOG.warning(error + : + ExceptionUtils.getStackTrace(ex));
+String errorMsg = error;
+if (ex != null) {
+errorMsg += : + ExceptionUtils.getStackTrace(ex);
+}
+LOG.warning(errorMsg);
Response response =
JAXRSUtils.toResponseBuilder(401).entity(error).build();
throw ExceptionUtils.toNotAuthorizedException(null, response);
}
cxf git commit: NPE fix when exception is null
Repository: cxf
Updated Branches:
refs/heads/master 7fbbd1d13 - b9ebd26d1
NPE fix when exception is null
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b9ebd26d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b9ebd26d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b9ebd26d
Branch: refs/heads/master
Commit: b9ebd26d181cd31b124f384f29d8946512935335
Parents: 7fbbd1d
Author: Colm O hEigeartaigh cohei...@apache.org
Authored: Fri Aug 28 15:55:51 2015 +0100
Committer: Colm O hEigeartaigh cohei...@apache.org
Committed: Fri Aug 28 15:55:51 2015 +0100
--
.../org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/b9ebd26d/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
--
diff --git
a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
index 9af0957..182730a 100644
---
a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
+++
b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
@@ -259,7 +259,11 @@ public abstract class AbstractSamlInHandler implements
ContainerRequestFilter {
protected void throwFault(String error, Exception ex) {
// TODO: get bundle resource message once this filter is moved
// to rt/rs/security
-LOG.warning(error + : + ExceptionUtils.getStackTrace(ex));
+String errorMsg = error;
+if (ex != null) {
+errorMsg += : + ExceptionUtils.getStackTrace(ex);
+}
+LOG.warning(errorMsg);
Response response =
JAXRSUtils.toResponseBuilder(401).entity(error).build();
throw ExceptionUtils.toNotAuthorizedException(null, response);
}
[1/2] cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/2.7.x-fixes 2b15d7638 - 0e83f16ec Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0e83f16e Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0e83f16e Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0e83f16e Branch: refs/heads/2.7.x-fixes Commit: 0e83f16eca9f631f065ec62b30de982b4789f5e5 Parents: 88d9984 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Aug 28 15:59:40 2015 +0100 Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Aug 28 15:59:40 2015 +0100 -- .gitmergeinfo | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/0e83f16e/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index 22ecb6a..15582f0 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -2169,6 +2169,7 @@ B f34ea2c8d96f88c41420ec9b851240cd7197def3 B f360f14089d616160553b1ea336c0d51a0206443 B f372fffe46870f44ba491afbff1807d4a8799b75 B f388bc160dbb9013dc8b1539f2d5bf85d273683e +B f3d8752156de16b0686b4dd34935ba20187f3c5f B f3eaa61a2ac9c9a22b31519bbe0dc92f9cf84219 B f4038eebd6c287d55eabe7c72c4bd23e1a7df0e9 B f42f6b6ba6037850bd200923b72fd3e716ccbbff
[2/2] cxf git commit: NPE fix when exception is null
NPE fix when exception is null
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/88d99844
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/88d99844
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/88d99844
Branch: refs/heads/2.7.x-fixes
Commit: 88d998449b0485eef5de60d9f63a6e9235652378
Parents: 2b15d76
Author: Colm O hEigeartaigh cohei...@apache.org
Authored: Fri Aug 28 15:55:51 2015 +0100
Committer: Colm O hEigeartaigh cohei...@apache.org
Committed: Fri Aug 28 15:59:40 2015 +0100
--
.../org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/88d99844/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
--
diff --git
a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
index a209026..74ea1ac 100644
---
a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
+++
b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
@@ -197,7 +197,11 @@ public abstract class AbstractSamlInHandler implements
RequestHandler {
protected void throwFault(String error, Exception ex) {
// TODO: get bundle resource message once this filter is moved
// to rt/rs/security
-LOG.warning(error + : + ExceptionUtils.getStackTrace(ex));
+String errorMsg = error;
+if (ex != null) {
+errorMsg += : + ExceptionUtils.getStackTrace(ex);
+}
+LOG.warning(errorMsg);
Response response =
JAXRSUtils.toResponseBuilder(401).entity(error).build();
throw ExceptionUtils.toNotAuthorizedException(null, response);
}
cxf git commit: [CXF-6568] Optionally making default WAE least specific
Repository: cxf
Updated Branches:
refs/heads/master b9ebd26d1 - 3261d7ddf
[CXF-6568] Optionally making default WAE least specific
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3261d7dd
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3261d7dd
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3261d7dd
Branch: refs/heads/master
Commit: 3261d7ddf666781716e84b10b959c28018d19223
Parents: b9ebd26
Author: Sergey Beryozkin sberyoz...@gmail.com
Authored: Fri Aug 28 17:53:35 2015 +0100
Committer: Sergey Beryozkin sberyoz...@gmail.com
Committed: Fri Aug 28 17:53:35 2015 +0100
--
.../jaxrs/provider/ServerProviderFactory.java | 26 +-
.../cxf/jaxrs/provider/ProviderFactoryTest.java | 36
2 files changed, 61 insertions(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/3261d7dd/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/ServerProviderFactory.java
--
diff --git
a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/ServerProviderFactory.java
b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/ServerProviderFactory.java
index f904ecb..bbcfa06 100644
---
a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/ServerProviderFactory.java
+++
b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/ServerProviderFactory.java
@@ -63,6 +63,7 @@ import org.apache.cxf.jaxrs.utils.AnnotationUtils;
import org.apache.cxf.jaxrs.utils.InjectionUtils;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageUtils;
public final class ServerProviderFactory extends ProviderFactory {
private static final SetClass? SERVER_FILTER_INTERCEPTOR_CLASSES =
@@ -72,6 +73,7 @@ public final class ServerProviderFactory extends
ProviderFactory {
WriterInterceptor.class));
private static final String WADL_PROVIDER_NAME =
org.apache.cxf.jaxrs.model.wadl.WadlGenerator;
+private static final String MAKE_DEFAULT_WAE_LEAST_SPECIFIC =
make.default.wae.least.specific;
private ListProviderInfoExceptionMapper? exceptionMappers =
new ArrayListProviderInfoExceptionMapper?(1);
@@ -176,7 +178,10 @@ public final class ServerProviderFactory extends
ProviderFactory {
if (candidates.size() == 0) {
return null;
}
-Collections.sort(candidates, new
ProviderInfoClassComparator(exceptionType));
+boolean makeDefaultWaeLeastSpecific =
+MessageUtils.getContextualBoolean(m,
MAKE_DEFAULT_WAE_LEAST_SPECIFIC, false);
+Collections.sort(candidates, new
ExceptionProviderInfoComparator(exceptionType,
+
makeDefaultWaeLeastSpecific));
return (ExceptionMapperT) candidates.get(0).getProvider();
}
@@ -605,5 +610,24 @@ public final class ServerProviderFactory extends
ProviderFactory {
return Priorities.USER;
}
}
+public static class ExceptionProviderInfoComparator extends
ProviderInfoClassComparator {
+private boolean makeDefaultWaeLeastSpecific;
+public ExceptionProviderInfoComparator(Class? expectedCls, boolean
makeDefaultWaeLeastSpecific) {
+super(expectedCls);
+this.makeDefaultWaeLeastSpecific = makeDefaultWaeLeastSpecific;
+}
+public int compare(ProviderInfo? p1, ProviderInfo? p2) {
+if (makeDefaultWaeLeastSpecific) {
+if (p1.getProvider() instanceof WebApplicationExceptionMapper
+ !p1.isCustom()) {
+return 1;
+} else if (p2.getProvider() instanceof
WebApplicationExceptionMapper
+ !p2.isCustom()) {
+return -1;
+}
+}
+return super.compare(p1, p2);
+}
+}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/3261d7dd/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/provider/ProviderFactoryTest.java
--
diff --git
a/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/provider/ProviderFactoryTest.java
b/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/provider/ProviderFactoryTest.java
index 7f6b209..f6a5869 100644
---
a/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/provider/ProviderFactoryTest.java
+++
b/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/provider/ProviderFactoryTest.java
@@ -373,6 +373,42 @@ public class ProviderFactoryTest extends Assert {
}
@Test
+public void
